1. Why the Aadhaar-voter ID link must be stopped
Aadhaar use to construct elector databases has resulted in exclusion and will help in profiling the voter
The Election Laws (Amendment) Bill, 2021 that was passed in haste in the winter session in the Lok Sabha, and which facilitates amendment to the Representation of People’s Act, is a step toward implementing online-based remote e-voting for which the use of Aadhaar will be the primary identity. The linking of Aadhaar with one’s voter ID was primarily to build a biometric dependent voting system from the very beginning. The tall claim made to support this change was to fight “fraud and duplicates” in the electoral rolls. At the same time, in practice, in places where it was used — done by the mashing of Electors Photo Identity Card (EPIC) data with surveillance databases — it facilitated a selective removal of voters from the lists. In the 2018 Telangana Assembly elections for instance, the consequence of such a measure led to the deletion of an estimated two million voters.
The case of two States
In 2014, the Election Commission of India (ECI) conducted two pilot programmes on linking the voter id with Aadhaar in the districts of Nizamabad and Hyderabad. Using the claim of effectiveness in removing duplicate voters, the ECI called for a National Consultation on Aadhaar and voter id linking, organised in Hyderabad in February 2015. The ECI launched the National Electoral Roll Purification and Authentication Programme (NERPAP) on April 1, 2015, which had to be completed by August 31, 2015. After a Supreme Court of India order on August 11, 2015, it was announced that this NERPAP would be shut down. But as Telangana and Andhra Pradesh were early adopters of this programme since 2014, both States have nearly completed linking Aadhaar and voter id for all residents. Though the composite State of Andhra Pradesh was bifurcated in 2014, there was only one office of Chief Electoral Officer (CEO) Telangana and Andhra Pradesh as the bifurcation procedure was not yet complete in 2015.
The methodology followed by the ECI to find duplicate voters using Aadhaar is unknown to the general public. Nor is the information available in the public domain. Several applications under the Right to Information Act to the Chief Electoral Officer, Telangana asking for this information have been in vain. In 2018, the ECI wrote back to the CEOs asking for the methodology used in NERPAP for Aadhaar data collection after questions were raised about the ECI collecting Aadhaar data without the consent of voters. In a letter (No. 1471/Elecs.B/A1/2018-3, April 25, 2018), from the CEO Andhra Pradesh (then for Telangana and Andhra Pradesh) to the ECI, it is clear that the State Resident Data Hub (SRDH) application of the Government of Telangana and Andhra Pradesh was used to curate electoral rolls.
The SRDH has data on residents of the State which is supplied by the Unique Identification Authority of India (UIDAI) or collected further by the State governments. The UIDAI initially created the SRDH to give States information on residents — similar to the Aadhaar database without biometrics. Private parties now maintain the SRDH. While the UIDAI was constrained not to collect data on caste, religion and other sensitive information data for Aadhaar, it recommended to the States to collect this information, if required, as part of Aadhaar data collection; it termed the process as Know Your Resident (KYR) and Know Your Resident Plus (KYR+).
In Telangana and Andhra Pradesh, the State governments also conducted State census where voter data, Aadhaar data, 360-degree profiling with details such as caste, religion, bank accounts and other sensitive personal information were also collected. These State Census surveys were called the Samagra Kutumba Survey 2014 and the Smart Pulse Survey 2016.
The SRDHs are now a part of the State surveillance architecture targeted at the civilian populace. It is these SRDH applications that the ECI used to curate electoral rolls which resulted in the deletion of a sizeable number of voters from the list in Telangana in 2018. It is not just Telangana but across India; the ECI has already linked Aadhaar and voter IDs of close to 30 crore people resulting in voter deletions (Unstarred question 2673, Rajya Sabha of January 2019).
The role of the ECI to verify voters using door-to-door verification (in 2015) has been subsumed (based on RTI replies from the ECI, and widely reported in 2018, after the Telangana Assembly elections in December); a software algorithm commissioned by the Government for purposes unknown to the public and maintained by a private IT company is in control now. While the role and autonomy of the ECI itself is speculative, subjecting key electoral rolls to surveillance software damages the concept of universal adult suffrage. What the experience in Telangana and Andhra Pradesh highlights is voter suppression and disenfranchisement.
A mock election (in October 2021) was conducted in Telangana by the State Election Commission with smartphones using facial recognition, voter ID, Aadhaar number and phone number for authentication while voting (this was tweeted by the Collector, Khammam) . This method kills the “secret ballot”. In a situation where the role of money makes a mockery of the democratic process, linking Aadhaar will be futile. Electronic Voting Machines (EVMs), if foolproof, put an end to the days of booth capturing prevalent in the days of paper ballots. But these manifestations are about to bring the age back. E-voting can also be gamed using malware to change the outcome of an election. While the Bill does not look into large-scale e-voting, there is an issue of ensuring electoral integrity.
An Aadhaar-voter ID linkage will also help political parties create voter profiles and influence the voting process. Online trends on the day of voting and micro-targeting voters using their data will make it easier for political parties in power to use data for elections. A ruling coalition will always have an advantage with the data it possesses. An example is of the Chief Ministers from certain States being asked to get the data of the beneficiaries of welfare schemes. How this data was used in the 2019 elections is a pointer. The way Aadhaar has been pushed across the country has been undemocratic and unconstitutional since its inception. Aadhaar itself has several fake and duplicate names, which has been widely documented. The linking of Aadhaar with voter ID will create complexities in the voter databases that will be hard to fix. This process will introduce errors in electoral rolls and vastly impact India’s electoral democracy.
What are the key provisions in the Election Laws (Amendment) Bill, 2021 that facilitate linking Aadhaar with electoral rolls?
Linking Aadhaar Card to Voter ID: The 1950 Act provides that a person may apply to the electoral registration officer for inclusion of their name in the electoral roll of a constituency. After verification, if the officer is satisfied that the applicant is entitled to registration, s/he will direct the applicant’s name to be included in the electoral roll.
The Bill adds that the electoral registration officer may require a person to furnish their Aadhaar number for establishing their identity. If their name is already in the electoral roll, then the Aadhaar number may be required for authentication of entries in the roll.
Allowed to furnish other documents: No application for inclusion of name in the electoral roll shall be denied and no entries in the electoral roll shall be deleted for the inability of an individual to furnish Aadhaar number. Such people will be allowed to furnish other alternative documents as may be prescribed.
The government will define sufficient cause for not linking: The reasons on the basis of which one can choose not to link the Aadhaar will be prescribed by the government for ‘sufficient cause’.
What are the benefits of linking Aadhaar with electoral rolls?
The government says linking Aadhaar with electoral rolls will solve multiple problems.
1. Ensure authentication of entries in the electoral roll,
2. Avoid duplication: People have changed residence many times. So, same names or have got enrolled in new places without deleting/cancelling the previous enrolment. After linking with Aadhaar, the electoral roll data system will instantly identify the registration of the same person in more than one constituency, or more than once in the same constituency,
3. Facilitate elector registration in the location at which they are ‘ordinarily resident’,
4. Eliminate proxies casting their votes using multiple voter IDs,
5. Unlike EPIC, Aadhaar captures biometric data, which is useful in validating uniqueness.
2. Is the freedom of speech absolute?
Understanding the constitutional and legal definitions as well as restrictions of free speech
The Constituent Assembly extensively deliberated on Article 13 of the draft Constitution. The proposed restrictions to free speech were resisted on the ground that these were not seen in the American Constitution. Dr. Ambedkar countered these arguments by stating that the freedom of speech was not absolute in the U.S. as can be seen by numerous U.S. Supreme Court judgments restricting free speech.
The term ‘public order’ was added later by an amendment which is now known as the First Amendment. Jawaharlal Nehru was a staunch supporter of the First Amendment.
To effectively curb hate speech, Supreme Court requested the Law Commission of India to examine the issue. The 267th report of the Law Commission was of the clear opinion that new provisions in IPC such as section 153C (Prohibiting incitement to hatred) and section 505A (Causing fear, alarm, or provocation of violence in certain cases) were needed to address the issue.
Abhilash M. R
In the wake of the war cry targeting minorities at a religious congregation in Haridwar, it’s high time India recognised hate speech as the vilest affront and the greatest dishonour to the freedom of speech as conceived and cherished by the Indian Constitution. Hate Speech as defined by the 267th report of the Law Commission of India is “an incitement to hatred primarily against a group of persons defined in terms of race, ethnicity, gender, sexual orientation, religious belief and the like”. Any attempt to casually pass off such demagogic claptrap under the political tapestry of free speech in an election-bound State (Uttarakhand) amounts to the denial of all that the Constitution of India represents.
The debates on limits to Free Speech
As the Constituent Assembly deliberated on Article 13 of the draft Constitution, which would later become Article 19 in the enacted Constitution, intense apprehensions were expressed on the proposed proviso to Article 13 listing restrictions to the freedom of speech and expression. These restrictions finally became Article 19(2). The exceptions under the same clause fell under four broad categories: “libel , slander, defamation”, “contempt of court”, “offends against decency or morality” and “undermines the security of or tends to overthrow the state.” The proposed restrictions were resisted on the ground that these sought to rein in free speech and are not seen in the American Constitution, which had tremendously inspired members of the Constituent Assembly. Dr. Ambedkar sought to douse the fire of concern by declaring, “It is wrong to say that fundamental rights in America are absolute. The difference between the position under the American Constitution and the Draft Constitution is one of form and not of substance. That the fundamental rights in America are not absolute rights is beyond dispute. In support of every exception to the fundamental rights set out in the Draft Constitution one can refer to at least one judgment of the United States Supreme Court. It would be sufficient to quote one such judgment of the Supreme Court in justification of the limitation on the right of free speech contained in Article 13 of the Draft Constitution.”
The First Amendment
As the original text of Article 19(2) did not contain the term ‘public order’, the pre-publication ban on newspapers/weeklies in Delhi and Madras under the state laws were invalidated by the Supreme Court on the ground that the amplitude of the restriction under Article 19(2) did not cover “public order”. This prompted Parliament to amend Article 19(2) by way of The Constitution( First Amendment) Act, 1951, to include ‘public order’ among other additional grounds, but with a general rider that such a law shall impose (only) “reasonable restrictions”.
Jawaharlal Nehru, the protagonist of the proposal, defended the First Amendment. In his address to Parliament, he said, “It has become a matter of the deepest distress to me to see from day to day some of these news-sheets which are full of vulgarity and indecency and falsehood, day after day, not injuring me or this House much, but poisoning the minds of the younger generation, degrading their mental integrity and moral standards. It is not for me a political problem but a moral problem. How are we to save our younger generation from this progressive degradation and the progressive poisoning of the mind and spirit?” The laws enacted under the ‘public order’ restriction included Section 153A , Section 153B, Section 295A and Section 502(2) of the Indian Penal code. However, the mesh of law was perforated by weak as well as selective enforcement.
The Supreme Concern
In Pravasi Bhalai Sangathan vs Union of India & Ors.(2014) the Supreme Court said: “Hate speech is an effort to marginalise individuals based on their membership in a group. Using expression that exposes the group to hatred, hate speech seeks to delegitimise group members in the eyes of the majority, reducing their social standing and acceptance within society. Hate speech, therefore, rises beyond causing distress to individual group members. It can have a societal impact. Hate speech lays the groundwork for later, broad attacks on [the] vulnerable that can range from discrimination, to ostracism, segregation, deportation, violence and, in the most extreme cases, to genocide. Hate speech also impacts a protected group’s ability to respond to the substantive ideas under debate, thereby placing a serious barrier to their full participation in our democracy.”
On the proliferation of hate speech, the Supreme Court pointed out that “the root of the problem is not the absence of laws but rather a lack of their effective execution. Therefore, the executive as well as civil society has to perform its role in enforcing the already existing legal regime. Effective regulation of “hate speeches” at all levels is required as the authors of such speeches can be booked under the existing penal law and all the law enforcing agencies must ensure that the existing law is not rendered a dead letter.”
Further, the Supreme Court requested the Law Commission of India to examine the issue. The 267th report of the Law Commission was of the clear opinion that new provisions in IPC were required to address the issue.
It suggested the insertion of new Sections 153C (prohibiting incitement to hatred) and section 505A (causing fear, alarm, or provocation of violence in certain cases) to curb the menace of hate speech.
Despite a draft Bill being annexed to the report, none has been presented to Parliament so far.
Neither has the law been strengthened, nor the existing law strongly enforced. This sums up the citizens’ predicament
3. The Log4j vulnerability
What is Log4j? How will the security concerns surrounding the software be resolved?
Log4j is a widely used software logging library for Java software which was recently exposed by the Apache foundation for having serious security vulnerabilities.
An attacker exploiting the vulnerability could potentially execute arbitrary, malicious code on an affected system.
To rectify this breach, the Apache Foundation released patches for various software projects using vulnerable versions of the Log4j library. Companies that use the library in enterprise software also made updates and security patches available to their customers.
The story so far: Log4j is a widely used software logging library for Java software. Earlier this month, information about a critical security vulnerability in the library was publicly disclosed by the Apache Foundation, a non-profit entity supporting the development and maintenance of a number of open source software projects, including software such as Apache Tomcat, which is an HTTP web server written in Java, Apache AsterixDB, which is a big data management system, and among others, Apache Log4j.
How bad is the vulnerability?
The vulnerability affects a component of the library meant to allow for the insertion of arbitrary system and Java environment variables within software logs. An attacker exploiting the vulnerability could potentially execute arbitrary, malicious code on an affected system. However, it has been noted by some that the possibility of remote code execution on live systems is circumstantially limited, and that it varies from one environment to another.
The vulnerability presents a large attack surface particularly due to the ubiquitous use of the Log4j library in Java software. An advisory issued by the Apache Foundation mentions at least a dozen other software projects backed by the organisation as being affected as a result of Log4Shell.
At the same time, it is not just open source software that is affected. Many proprietary applications developed and used by large companies rely on the Log4j library for logging purposes and are similarly vulnerable.
Has the vulnerability been exploited yet?
Cloudflare, a company that manages a sizeable portion of Internet traffic, mentioned in a blog post analysing the Log4j vulnerability that attackers started attempting to exploit the vulnerability a mere nine minutes after it had been publicly disclosed. At the same time, the blog post also notes that a small set of exploitation attempts, or “test runs,” were made more than a week prior to the vulnerability being publicly disclosed. While this could be an instance of a phenomenon known in security research as “parallel vulnerability discovery,” – where a particular undisclosed vulnerability may be discovered by multiple parties at the same time – it could also suggest that knowledge about the vulnerability was shared with others by an individual or group who happened to discover it.
The Apache Foundation released patches for various software projects using vulnerable versions of the Log4j library. Companies that use the library in enterprise software also made updates and security patches available to their customers shortly after the vulnerability was identified.
At the same time, companies that offer web application firewalls were quick to block various Log4Shell exploitation payloads. Remediation techniques shared by the larger information security community also proved helpful to mitigate risk.
What is a zero-day vulnerability and is log4j one of this kind?
A 0day (or zero-day vulnerability) refers to a security flaw which has not been publicly disclosed and for which a software patch or remediation technique is not available.
Considering that attempts at exploiting Log4Shell were observed at least a week prior to it being publicly disclosed, it could be said that it was a 0day vulnerability, however, only for a very brief period.