Earlier this week, TNM published an investigation into a massive exercise of voter data theft in Bengaluru. An NGO named Chilume, which had permission from the Bruhat Bengaluru Mahanagara Palike (BBMP) to carry out a voter awareness drive, instead conducted a survey of thousands of voters. Their agents, posing as government officials, collected extensive personal information from voters including caste, age, gender, employment and education details, phone number, address, and even Aadhaar numbers. This grave privacy breach has come to light less than a year since a law allowing the linking of Aadhaar with electoral roll data came into effect.
The Election Laws (Amendment) Act, 2021 was heavily criticised for posing a threat to Indian democracy. The Bengaluru scandal seems like a vindication of the panic over Aadhaar-voter ID linking and its dire effects on elections. It remains unclear whom the data was gathered for and whether BBMP is making attempts to restrict access to it. For anyone who is unsure how such data can be misused, and how linking Aadhaar to electoral rolls could be used to manipulate them, here’s a quick explainer.
A major purpose of linking Aadhaar to voter ID, according to the Union government and the Election Commission of India, is to “purify” electoral rolls by removing bogus voters and duplicate entries. But the Aadhaar database itself is not so “pure”. As the Rethink Aadhaar campaign and several others have pointed out, often when the government tried to “clean” records like those of Public Distribution System (PDS) and MGNREGA (Mahatma Gandhi National Rural Employment Guarantee Act) with Aadhaar, a high number of genuine beneficiaries ended up being deleted. A 2020 study in Jharkhand found that when the previous BJP government there linked Aadhaar to ration cards, nearly 90% of the deleted cards were from genuine households. Similarly, there’s a danger of voters’ names being deleted from electoral rolls at random.
This is exactly what happened when the Aadhaar-voter ID linking project was first attempted in India. The National Electoral Roll Purification and Authentication Programme (NERPAP) launched in Telangana in 2015 resulted in mass disenfrachisement. While the exercise was halted by the Supreme Court in August 2015, lakhs of voters couldn’t vote in the December 2018 Telangana Assembly elections as their names were missing from the electoral rolls. It was later found that the Telangana State Election Commission had used Aadhaar to delete nearly 55 lakh voters without verification.
The Unique Identification Authority of India (UIDAI) itself admitted in 2018 that Aadhaar authentication for government services had a 12% failure rate. As lawyer and Executive Director at the Internet Freedom Foundation Apar Gupta had earlier explained on TNM, if such a large proportion of voters were to be excluded from voting in their constituency, it could end up changing the very result of the election.
When the Election Laws (Amendment) Act, 2021 was passed, former IAS officer PV Ramesh – who was in-charge of Aadhaar enrolments when it was first rolled out in Andhra Pradesh – had cautioned that Aadhaar-Voter ID linkage could result in excluding a large number of individuals from marginalised communities from the electoral rolls. He had pointed out that this could happen even without a deliberate attempt, as minorities, Adivasis and other marginalised groups are more vulnerable to such exclusions, if the process is not carried out sensitively.
There’s also the possibility of targeted disenfranchisement. Electoral rolls could be manipulated based on caste, religion, language, political leanings etc. Ahead of the 2018 Karnataka Assembly elections, a study found that among all eligible voters, Muslims were more likely to be missing from the electoral rolls. While TNM was investigating the voter data theft in Bengaluru, voters in Shivajinagar alleged that a few persons claiming to be government officials visited their homes and talked about deleting their names from the voters’ list. These allegations came in the wake of a complaint lodged with the Election Commission in October claiming there were defects in the electoral roll of Shivajinagar Assembly constituency. One of the complainants, who is a BJP sympathiser, said the complaint was based on a “suspicion” that a large number of Muslims were registered as fake voters.
After the 2018 Telangana fiasco, opposition leaders and activists in Telangana had alleged that the Telangana Rashtra Samithi (TRS) government had selectively removed people who were found to be critical of the party from the voters list. The Telangana government had an extensive database under the State Resident Data Hub (SRDH), including Aadhaar number, voter ID number, address, phone number, PAN details and family relations. Activists had cautioned that this database was vulnerable to misuse, and could be used to profile voters.
While Aadhaar itself may have limited personal information, in the Bengaluru case, it was collected along with details of caste, employment, education, etc. Voters were also made to share their opinions about the performance of their elected representatives. Aadhaar is also typically linked to various government welfare schemes and subsidies. Such data could also help political parties to reward or punish people based on whether they support them.
Even before the move to link Aadhaar with voter ID, ahead of the 2019 Assembly and Lok Sabha elections in Andhra Pradesh, a similar data theft scandal came to light. A private firm named IT Grids, which had developed the Telugu Desam Party’s official app Seva Mitra, was booked for voter data theft. The TDP was in power in Andhra Pradesh at the time, and it was alleged that IT Grids stole data related to Aadhaar, electoral rolls and beneficiaries of government schemes from the government database for the Seva Mitra app, to help improve TDP’s election outcomes.
The complaint alleged that TDP workers were using the app and going door to door to collect booth-level voters’ data, including caste, political party preference, and rating of a political party on a scale of 1 to 10. Cyberabad police had said at the time that the app had comprehensive profiles of voters along with an option to identify their party-wise affiliations. This is very similar to what the NGO Chilume did in Bengaluru. Chilume’s agents also uploaded details like caste, religion, mother tongue, education, marital status and political grievances into a voter survey app called ‘Digital Sameeksha’. Chilume has also now been booked by Bengaluru police.
Such profiling could also be used to send targeted communication to voters. Last year, the BJP in Puducherry was accused of stealing phone numbers from voters’ Aadhaar data and adding them to WhatsApp groups to send campaign-related messages. The Madras High Court found the allegation to be credible and pulled up the UIDAI on the inadequate protection of Aadhaar details.
Aadhaar is not proof of citizenship, as the Aadhaar Act itself says. It is issued to residents, not citizens. A resident is defined as someone who has lived in India for at least 182 days in the 12 months before applying for it. According to the Representation of the People Act, only Indian citizens can be registered in an electoral roll. The very basis of linking two different databases – one based on citizenship and the other on residence – and “cleaning up” one based on the other is unfounded, as legal experts and activists have noted.
Watch: Field workers show proof of Bengaluru voter data theft