The Union Law Ministry responded positively to a request from the Election Commission seeking legal powers to resume linking of voter cards with Aadhaar numbers but asked the EC to “enumerate” the safeguards in place to prevent “theft, interception and hijacking” of data, The Indian Express has learnt.
In its response last month, the EC sent a detailed list of safeguards at both the application and infrastructure levels — and said that the electoral roll database system “does not enter” the Aadhaar ecosystem.
Last August, in a letter addressed to the Law Secretary, the EC had proposed amendments to the Representation of the People Act, 1950, and the Aadhaar Act, 2016, for powers to collect and use Aadhaar data for “cleaning” voters’ list as a “back-end exercise”.
According to the proposed amendment to the Representation of the People Act, the Electoral Registration Officer (ERO) may ask those seeking to enter the voters’ list and those already enrolled to furnish their Aadhaar numbers.
The poll watchdog argued that seeding of voter cards with Aadhaar would help weed out duplicate entries and bogus voters, and hence, serve national interest. However, the amendment also states that no one will be denied enrollment or deleted from the voters’ list for inability to furnish Aadhaar numbers.
The Law Ministry wrote back in September stating that the EC’s rationale would “pass the benchmark test laid down by the Hon’ble Supreme Court for collecting Aadhaar details for purposes other than getting benefits of state-sponsored schemes”.
However, given the Supreme Court’s emphasis on the need for “protecting the privacy of individuals”, the EC was asked to list the safeguards built into the electoral roll data platform.
The poll watchdog replied on December 12, 2019, stating that it has already taken “multiple measures” for the security of the electoral roll data.
“At the application level, various protocols like two-factor authentication encryption… algorithm communication only through https protocol, and frequent security audit of applications are ensured. Electoral roll database system does not enter into the Aadhaar ecosystem and the system is only used for the authentication purpose keeping a tight air gap between the two systems,” the EC’s response states.
“At the infrastructure level, the servers are protected through multilevel security through the access control system, firewall, IPS and anti-virus. The raw data has been prohibited to be made available/ shared/ transferred/ distributed/ transmitted/ circulated to any other person,” it states.
The EC had first initiated the exercise of linking Aadhaar with the Electors Photo Identity Cards (or EPIC) in February 2015, when H S Brahma was the Chief Election Commissioner. It was suspended in August that year after the Supreme Court restricted the use of Aadhaar to Public Distribution System (PDS), LPG and kerosene distribution. The poll panel had already linked 38 crore voter cards to Aadhaar by then.
In its final order, the apex court had held that although ‘Right to Privacy’ is a fundamental right, it can be curtailed if there is either a specific law authorising collection of Aadhaar or if the state interest is involved or the test of proportionality is satisfied. This prompted the EC’s demand for legal powers to resume seeding of voter cards with Aadhaar.