Joint Plan by Election Commission and UIDAI compromised privacy of millions of Indians

Representative image of polling in Rajnandgaon Chhattisgarh.

Representative image of polling in Rajnandgaon Chhattisgarh.

JALANDHAR, Punjab — In Godrej almirahs, on shelves in forgotten storerooms, and in kitchen cabinets in private homes of government school teachers, are dusty electoral lists of millions of voter identity cards with their corresponding Aadhaar numbers carefully scribbled down by hand.

These printouts, linking two extremely sensitive personal identity numbers, are the remnants of the 2015 National Electoral Roll Purification and Authentication Programme (NERPAP), the Election Commission of India’s (ECI’s) controversial drive to use Aadhaar-related software developed by the Unique Identification Authority of India (UIDAI) to ostensibly weed out so-called duplicate entries in India’s voter rolls by flagging these names for deletion.

The project ran till August 2015, when it was curtailed by the Supreme Court as it was still adjudicating the constitutional validity of Aadhaar.

Interviews with serving and retired election officials in Punjab, Andhra Pradesh, Rajasthan and Delhi, and a review of hundreds of pages of internal documentation reveal how the ECI and UIDAI sought to use Aadhaar-linked biometric authentication, and unproved algorithms, to toy with the most fundamental right of any citizen in a democracy — the right to vote.

The documents show how Aadhaar-related technology, particularly data-sorting algorithms, have permeated some of the most fundamental aspects of civic life in India without any public discussion about its efficacy, or the risks involved. Rather than create transparency and accountability, the UIDAI’s software has had the opposite effect — where senior government officers defer their judgement to software which they barely understand.

In Andhra Pradesh and Telangana, two states that served as a template for a wider, national roll-out in February 2015, election officials admit that software could have played a role in the elimination of 2.2 million voters from Telangana’s electoral rolls.

“A new software has been put in place as well and there could be other reasons also behind the deletion of names,” Telangana chief electoral officer Rajat Kumar told a press conference, as reported by Mint, in September this year. “There are people living here who have chosen to exercise their voting rights in the neighbouring state of Andhra Pradesh. There could be multiple reasons.”

The issue of so-called missing voters has since animated political parties, with Delhi Chief Minister Arvind Kejriwal going as far as to suggest that the Bharatiya Janta Party has deliberately sought to suppress voting of those opposed to the BJP.

On 27 November this year, the Madras High Court will hear a petition asking for the ECI to link voter cards to Aadhaar numbers. The poll body has indicated that it will not oppose the petition, paving the way for the revival of the project.

Yet the roll-out of electoral roll purification programme, and its aftermath, raise questions of whether such an exercise should be attempted at all. If the ECI’s launch of the programme in February 2015 was poorly conceived, its conduct when the project was halted in August 2015 was marked by rank incompetence.

Rather than secure the private and confidential data of the 350 million Indians it had already collected, the Commission left it to individual officers and departments to do what they saw fit with the information.

In Punjab, HuffPost India found that many booth-level officers simply locked the printouts and Aadhaar numbers in the safest place they could think of— their office almirahs and their homes. In at least one case, HuffPost India found the Aadhaar numbers stored in the kitchen cabinet of a government school teacher, deputed to the election commission, who was worried that the files might get lost at her office.

In another case, a teacher handed over his data to the office of the sub-divisional magistrate, but kept a copy for himself. HuffPost India has reviewed these aadhaar-linked voter rolls, but is not reproducing them here to protect the privacy and sanctity of the electoral rolls.

“You never know when the file gets lost,” the official told HuffPost India. “The ECI may ask for it again. Since the process was so tedious, we cannot afford to repeat it again.”

The ad hocism of the exercise was so extreme that when the Supreme Court asked all seeding projects to be halted, the ECI was confronted with having printed millions of voter-enrollment forms that asked for Aadhaar numbers to complete the voter registration process.

On 17 August 2015, the ECI came up with a high-tech solution to the problem.

“To avoid wastage of paper, existing stocks of the forms and BLO registers with Aadhaar numbers shall be used by removing Aadhaar field by hand or by blackening it with black sketch pen,” the ECI circular read.

An Election Commission of India (ECI) circular asking that forms asking for Aadhaar numbers be blackened by hand using sketch pens.

Needless to say, very few officers took up the arduous task of manually blacking out the Aadhaar field. As a consequence, enrollment officers told HuffPost India, Aadhaar numbers of voters continued to be collected well after the project was halted.

The ECI has not responded to repeated emailed inquiries sent by HuffPost India. The Commission has also declined to disclose how many voter ids have been linked to Aadhaar numbers, claiming it does not know, in response to a Right to Information request filed by Medianama.


The UIDAI, two former Chief Election Commissioners told HuffPost India, had long lobbied to link voter IDs and Aadhaar cards as a means to illustrate the value of the controversial project.

“They said we should integrate Aadhaar with electoral rolls to eliminate duplicates,” said a former Chief Election Commissioner, seeking anonymity to speak freely. “The Commission held the view that we should hold off until we fully understand the implications.”

“It was during a meeting with (Nandan) Nilekani , we agreed to link voters card with the Aadhaar numbers,” SY Quraishi, another former election commissioner, agreed. Nilekani is the architect and a vocal cheerleader of the Aadhaar project.

Quraishi insisted that the decision was taken by the ECI, but it is pertinent to note that such a significant decision, with the potential to strip disenfranchise millions of voters, was taken with little public deliberation,

HuffPost India has reached out to Nilekani for comment, and will update the if he responds.

The ECI’s reluctance, the former Commissioner who sought anonymity revealed, stemmed from the fact that there is no one official unified national electoral roll of India. Rather, each state keeps its own voter rolls.

“Each state Election Commission is the custodian of the rolls for that particular state,” he said, admitted that this allowed for voters to have more than one voter card, “but removing duplicates is a sensitive exercise to be done with caution.”

The ECI cannot share voter data—in a manipulable form—with any other body. Hence, Commission officials worried that seeding voter ids would mean sharing the data with the UIDAI.

In 2015, HS Brahma became the Chief Election Commissioner. Brahma was the CEC for barely three months, but made it a priority to push through the seeding process.

“Brahma wanted to leave a mark, he pushed very hard for the process,” the former Chief Election Commissioner said.

“It was always meant to be voluntary,” Brahma told in a recent interview. “Campaigns were organised across the country and state election commissions were roped in for the purpose. The message had to be delivered to common people about how the initiative would help weed out bogus voters and strengthen democracy.”

A February 2015 Election Commission of India (ECI) presentation on linking of voter identity numbers and Aadhaar numbers.

On 23 February 2015, the ECI held a conference to discuss seeding their rolls with Aadhaar numbers at its headquarters on Ashoka Road in New Delhi.

“Year 2015 is the golden year available to the Electoral Machinery to utilise for improving the quality of roll and linking with Biometric data,” stated a powerpoint presentation made by the commission’s IT team. HuffPost India has reviewed a copy of the presentation.

By 1 October 2015, the presentation said, the ECI hoped to build a unified electoral roll with “100% linked and authenticated by Biometric data of Adhaar and in absence of non-coverage, by one of the 5 documents namely Passport, Driving License, PAN Card, TIN No. or by Bank Account.”

Also at the conference were election officials from Andhra Pradesh and Telangana who shared the results of a pilot project in their states.

“We worked with the regional office of the UIDAI in Hyderabad,” said a senior former election officer involved in the Andhra Pradesh project. “They developed a software that allowed us to seed voter ids with aadhaar numbers.”


The software, documents reviewed by HuffPost India reveal, allowed the ECI to seed voter IDs with Aadhaar numbers in bulk using a tool provided by the UIDAI — a process known as “inorganic seeding” of voter ids with Aadhaar numbers.

As a first step, the UIDAI shared the names, addresses, dates of birth, and Aadhaar numbers of citizens—gathered under the Aadhaar project—with the State Resident Data Hub(SRDH), essentially a giant storage server containing the personal details of all the residents of a state.

The software then scanned the electoral rolls and the Aadhaar databases, comparing names, dates of birth and address pin codes to find matching entries in the two databases, and assigned a particular score to the exactness of the match.

The matching as not an exact science: a voter recorded as S.Shiva in the ECI database for example, could be registered as Siva Srinivas in the Aadhaar database. So the UIDAI used a set of algorithms to come up with a score to evaluate these matches.

Presentation by Chief Electoral Officer Andhra Pradesh, listing the algorithms used in the bulk seeding of voter ids and Aadhaar numbers.

For matches above 50%, the software linked the Aadhaar number and the voter id, those below 50% were flagged as needing verification.

Once the software had run its matches, the Commission embarked on a door-to-door household survey to verify these matches. If a house was locked, the election official was supposed to visit the house two more times, paste a sticker asking the voter to reach out to the ECI on the door, and then recommend that the voter be struck off the rolls.

In interviews with HuffPost India, officers involved in the exercise recalled several instances where names were recommended for deletion because residents were not at home when the verification officer visited.

“The problem with inorganic seeding is that if you have wrong data about an individual, and you use that information, you will cause harm to the individual,” said Srinivas Kodali, a cyber security researcher. “The individual has no idea that this data has been used against him because he doesn’t know.”

In Andhra Pradesh, a pilot exercise limited to about 20,000 voters in 15 polling stations resulted in claims that 42% of electors had either shifted residences or did not answer their door.

A much larger exercise in Nizamabad district, with a sample size of 18,88,348 voters, claimed 22% had shifted residences.

This might seem like an impressive number of duplicates, but a similar exercise to ‘verify’ ration cards, food rights activists said, simply excluded genuine, vulnerable, beneficiaries in the guise of weeding out ‘duplicates’.

“Aadhaar linking has been the source of exclusion of a large number of people,” said economist Reetika Khera, who has critically examined the impact of linking Aadhaar to welfare services. “Those who did not, or could not, link Aadhaar numbers were suspected to be “ghosts” or “fake”, and without ever giving them notice or warning them, their names were struck off the rolls.”

Aadhaar-linking to voter IDs, Khera said, would curtail democracy’s most fundamental right—the right to vote.

“Our experience with welfare programmes suggests that if Aadhaar and biometrics are brought in — in any manner— it will lead to exclusion of the most vulnerable,” she said. “Bedridden elderly who cannot authenticate themselves, migrants who may miss the government’s deadlines, those whose biometrics do not work due to age or the nature of their work.”

The deletion of 2.2 million voters in Andhra Pradesh and Telangana—two states that have become laboratories for all things Aadhaar— and the admission by Telangana chief electoral officer Rajat Kumar, that a “new software” could have played a role, suggests Khera’s concerns are not unfounded.


Serious constitutional matters apart, HuffPost India’s reporting in Punjab reveals how such a massive data-gathering exercise presents its own problems. Aadhaar’s defenders have long argued that privacy is an elite concern of little interest to most Indians.

Yet in Punjab, the election officials—mainly school teachers deputed to record Aadhaar numbers by data—encountered vigorous, occasionally violent, resistance from residents concerned about how the data would would be used.

“We faced protests, threats and even physical and verbal abuse in areas especially sensitive for communal violence as the information sought by ECI was ‘too personal’,” said an election official who went from door to door collecting the data. “We took local leaders along to prevent any resistance.”

From February 2015 to August that year, the teachers spent long hours knocking on doors and recording Aadhaar numbers by hand in bulky paper ledgers. But when it was time to submit these ledgers to district offices, they were told that the ECI had suspended the drive.

So these ledgers, with sensitive personal information that residents had fought hard to keep private, were stored by officials who had an innate sense that the information was valuable and sensitive, but no knowledge of how to secure it.

“I kept the election roll safely in my kitchen cabinet,” an earnest school teacher in Jalandhar told HuffPost India, adding she feared the rolls might have been misplaced had she stored them in the school where she worked.

The teacher insisted that the data was stored safely—just not in the way that most cybersecurity experts would expect.