Recently, the Telangana government began a dry run of an eVoting solution that leverages blockchain technology coupled with facial recognition to record one’s vote.
The TSEC-Vote App will be used to record voting. For the authentication of a valid voter, the process will have “Matching the name associated with Aadhaar”, “Liveness detection of Aadhar”, and “Matching Image corresponding with Election Photo Identity Card (‘EPIC’) Database”.
The whole process will use blockchain technology to secure the encrypted and de-identified votes as per the release.
The Telangana State Technology Services will use Facial Recognition Technology-based Real-Time Digital Authentication of Identity (‘RTDAI’) system to validate e-voters.
The registered voters will need to click a photo of themselves and upload it to the TSEC-Vote App. The RTDAI-enabled system will perform a “liveness check” to authenticate whether the face shown to the camera is that of a real person or not.
The data will be stored in the State Data Centres (‘SDCs’).
Since elections necessarily deal with extensive voter information, including address, party affiliation, birth date, and many more, such information could be easily abused in the absence of privacy legislation or data protection law. It is imperative to ask how efficient would the TSEC-Vote App be to record voting in the light of privacy concerns and how long it will retain the voters’ data. Would there be any legal restraints on the usage of such data?
The Unpleasant Experiences With Blockchain-Based Voting System
In 2018, the blockchain-based mobile voting app “Voatz” was deployed in West Virginia for overseas military voters in the United States (US) elections. The blockchain method carries out an online public bulletin board allowing for a linear collation of data to which users only can further affix data.
In the case of a blockchain-based voting system, the voting authority needs to validate this bulletin board in which users sign in using cryptographic signatures for registering their votes in a ledger. However, the research shows that Voatz suffered from solemn security susceptibilities, facilitating attackers to track cast votes and alter ballots at a large scale, overlooked by election officials.
In 2015, a team of cryptographers and political scientists analysed the panorama of internet voting in the US. It concluded that it was not technically feasible to develop an online system that could preserve all the attributes of democracy,
A similar blockchain voting system was also used in Moscow, Russia, for its 2019 city council elections. However, the system was grimly susceptible twice (the second time after the proposed fix). Switzerland and Japan also conducted blockchain-based voting experiments on a very small scale, though.
The Blockchain-Based Voting System: Studies and Vulnerabilities
Elections are already high-value targets for attackers whose objective is to undermine the confidence in election outcomes. A team of MIT researchers recently concluded that an attacker who intruded a voter’s phone would be able to suppress, observe, and change votes nearly at will.
The researchers said that an attacker who intruded on the servers that regulate the Voatz API might be able to change ballots as they arrive, the danger that distributed ledgers should, in theory, protect against.
Furthermore, the researchers pointed out vulnerabilities: denial of service attacks (DDoS) attacks on voting systems, potential malware on voter devices, and penetration of the individual computers and servers at election offices and polling places.
Even if the blockchain technology itself cannot be compromised, several points include different vendors and third parties that are far less secure and can be easily compromised.
Proprietary voting apps like Voatz provide the public with no way to know whether the voters’ choices are accurately recorded or not. Nor is there any mechanism to know whether the election officials count the ballots’ encrypted copy.
In the case of the TSEC-Vote App, the entire process would be controlled and monitored by the admin using a web portal, but the issues of concerns identified with the voting apps such as Voatz remain unanswered.
In India, presently, there is no law in place to control the operation of blockchain-enabled systems. On 5 April 2018, legal attention was drawn to this issue for the first time.
In its statement 'Developmental and Regulatory Practices', the Reserve Bank of India refrained the business entities and individuals from dealing with virtual currencies (Paragraph 13). The RBI subsequently issued a circular dated 6 April 2018, 'Prohibition on Dealing in Virtual Currencies', which prohibited dealing with blockchain technology-based cryptocurrencies. Also, blockchain, by its very nature, is a decentralised system; the determination of the powers existing with the Election Commission of India and the extent to which the decentralisation can be permitted is a critical question.
Sensitive Personal Data
With the deployments of the Aadhaar system and FRTs made mandatory for the authentication of a valid voter in the TSEC-Vote App, there are two significant issues in the absence of a personal data protection law.
As the Supreme Court has affirmed in Justice K.S. Puttaswamy case [(2015) 10 SCC 92], the Aadhar cannot be made compulsory upon any individual or be the reason for the denial of public service (Paragraph 5). Otherwise, this would just mean that the people need to cough up sensitive personal information to the government to exercise their right to vote.
The current Information Technology Act, 2000 and the rules under it classify the FRTs biometric data as ‘sensitive personal data’, laying down the conditions for its collection and disclosure; the law's scope and implementation remain grossly inadequate. Section 3(36) of the Personal Data Protection Bill, 2019 also classifies specific categories including biometric data, caste, political or religious beliefs as sensitive personal data.
TSEC-Vote App Needs to Pass a High Threshold of ‘Explicit Consent’
Recording such data using Aadhar based authorisation coupled with FRTs for the TSEC-Vote App would constitute ‘processing’ as per Section 3(31) of the PDP Bill.
The consent of the data principal needs to be ‘explicitly’ obtained as per Section 11(3) of the PDP Bill in case any sensitive personal data is processed.
The ‘Explicit consent’ sets a high threshold and requires that apart from the consent being specific, informed, free, and capable of being withdrawn, the data principal must be informed of the purpose of such data processing and its likely significant harms in clear terms.
It would be difficult to meet this high standard of ‘explicit consent’ from many people appearing for voting.
Furthermore, it will not be easy for the Union government to exempt the government agencies from the provisions of the PDP Bill. The same will require the reasons to be recorded in writing with oversight mechanisms, procedures, and safeguards to be specified.
A Threefold Test for Infringement of Privacy
Moreover, the data processing by the government agencies for recording voting needs to conform to the threefold test for restraints on privacy laid down in the Puttaswamy case.
The government agencies need to satisfy the requirements of legality, necessity, and proportionality to their objectives irrespective of the exemptions obtained from any legislation.
The government needs to show that there exists: legislation behind restrictions, a legitimate aim behind restrictions, a rational nexus between the restrictions imposed and the purpose such restrictions sought to achieve, and last, the State has adopted the ‘least restrictive’ alternative to achieve the objective.
The starting point for all three tests is that the infringing act needs to have the authority of law. If the impugned State action does not have the authority of ‘law’, the court will look no further. However, the use of FRT in the TSEC-Vote App to authenticate a valid voter by the State agencies currently lacks any statutory basis.
The Road Ahead
The Telangana State Commission may rely on Article 243ZA of the Indian Constitution as the legal basis for using FRT and Aadhaar based authorisation for voter verification in elections as had been previously relied on. However, all these justifications fail the legality standard as a provision of the Constitution, or for that matter, a cabinet note cannot be a specific authorisation for the infringement of fundamental rights. The restrictions on fundamental rights need to be grounded in specific legal provisions to set out the circumstances under which the fundamental rights can be infringed.
Unless corrective measures in the form of anchoring facial recognition legislation or even a data protection law are undertaken, the measures such as the TSEC-Vote App based on the Aadhaar and FRT authorisation will keep on imperilling our democracy.
(Kshitij Goyal is a BA, LLB (Hons) student at National Law School of India University (NLSIU), Bangalore. This is an opinion piece and the views expressed above are the author’s own. The Quint neither endorses nor is responsible for the same.)
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)