 a slide on the Zoom session and on the YouTube link. If you are going to watch this later at a convenient time, greetings appropriate for the time of your day. We have today at the session, which is, I believe, going to be exceedingly interesting because it is also very timely and it intersects with some of the things that we have been discussing at OneBoat. OneBoat is a project that we started off in May of last year, originally to investigate and examine the topic of introducing blockchains in voting. But sooner we understood that we have to broaden the scope of things we look at and also examine the technology interventions in voting from the perspective of rights, the perspective of technology designs or constitutionality of legality and also to be able to frame the conversations in the perspectives which focus on privacy, security, agency and also the intended unintended consequences of the choices made in technology being introduced into elections. OneBoat is hosted at HAZI, which is a platform for collaborations in the domains of technology, design, law, policy, systems and related topic. And what we do want to talk about today is about something that happened way back in September at Bihar as part of the Panchayat elections. Recently, Anushka, who's a journalist from Indian Emma reported on it and that got us, I wouldn't say us actually, I think it got Srikanth's attention to try and dig deep into what exactly was going on. Now, this session is also timely because if you have had the time to go through the recent report from the CAG on Aadha, you would realize that some of the things we talk about today and help discover are linked to some of the conclusions about the driveless of Aadha that have been highlighted in that report. So we are going to do this in a very neat format, of meeting. So we're going to lead off with Anushka, who's going to provide us with a perspective of what exactly happened because she reported on that and spent quite a bit of time figuring out and surprising us with some of the facts of the case. We are going to, from there, we're going to have Ria, who's a lawyer, a researcher and a part of the reading Aadha collective to discuss about the implications of having Aadha, the legality of this and all things around that. And finally, we're going to hand it over to Srikanth, who's going to walk us through some of the things that he has found out specifically in this case. So I'd like to welcome all our speakers, all the audience members who are going to be watching us. And with that, I'm going to hand it over to Anushka. Hi, Sankarshan. Please let me be here. So sorry, is my audio and my video clear? Thank you. Yes. Okay, glad. So yeah, I'm really glad to be here on Sunday afternoon with a bunch of other people who are also similarly interested in how technology is back to the election. And also, me too, thanks for Sankarshan. I've bothered him a lot with my questions, reporting on this issue, Sankar. And yeah. So, you know, on the Bihar elections, we're trying to set a base on this first, acquainting everyone with the facts on this. So I first reported on this in September, which is when the Bihar Panchayat election started and then 11 phase set up. And it went down on through December. And during this time, it was essentially just a very effective, savvy election to really look at it and what happened in the elections. So, you know, the Bihar S&P hosted a tender which was ultimately taken up by a Gujarat-based company called Vimukti, who would take up, you know, major tasks of related to those elections, such as video streaming, video recording. They also used the lockers during this time, the big strong rooms where the EVMs are kept in the elections. And they also did optical character recognition, which would count towards based on the characters that are coming on EVM machines and the results at the end. So for this one, they roped in a company called Staku, which, you know, which touted to have about 99.7% accuracy or something of that sort. You can nothing, such sort of OCR recognition. And then of course, they roped in all, they also had biometric verification for the elections. For this, they roped in state-owned broadcasting engineering consultants of India, and from what we also can blame from the post, a lot of CSP agents, the common service center agents, were a part of conducting these elections. So this is because they said that, you know, these people are very familiar with how biometric verification works in this case. And now, during these elections, you know, what happened was, so now, I'm not going to go into exactly how this thought happened. I think she can't just go into that factor. But reportedly the agents got the wisdom, the agents got the wisdom to conduct a fingerprint verification, the biometric verification twice. And, you know, it impacted around 10 to 15 victims in one row where they saw losses up to, I think, 10,000 degrees. And now, in another case, in another district, it impacted about 30 to 40 people who lost up to 50,000 degrees. And now, it started to second case happen because a few weeks before in that area, someone had promised people quick loans while taking the fingerprint and then, you know, done withdrawals from their accounts on the day of the election. Now, following the incident, the State Election Commissioner has said that these were one of the incidents the CSE agent was told off, he was arrested, he was not allowed to participate in the process after this. And this has decided to minimize the blowback from these incidents. But, you know, regardless, there has been quite a lot of interest that has been generated from what happened in Bihar already. So now, during the elections, the Bihar FTC did multiple workshops demonstrating, you know, the text that they used during those elections, where, which was from what I know at least, I was attended by the State Election Commissioner of Pondicherry, State Election Commissioner for Jharkhand, State Election Commissioner for Delhi, who also handles Sandhi West. And, you know, and now the FTC has already said that, you know, it has explicitly expressed interest in replicating such a system. For the Delhi municipal elections, however, from what I know, in the tender that has been voted for those elections, OCR and biometrics have not been mentioned. But the FTC had said that, had said that he didn't have the time to include that in the tender. But, you know, who knows, we've had some delays from the unification bill that's been passed in parliament. So, you know, maybe it might be in certain government. Jharkhand meanwhile has already, you know, approached the Bihar government to get details of the vendors the Bihar FTC had roped in for their own projects. So, who knows, let's say we might, we might see another use of such technology in elections. Now, while reporting on the story, Aditya Tzindabandari told me that, you know, the use of such technology could potentially be unlawful. It could be the mandatory use of Abha and even amendment under the law. And there's also multiple tests in the Kusami judgment that it would have to pass, like legality, proportionality, et cetera. I think we all will get into this later in the session. So, I'm not going to go into that further. So, this is it for me, then there's the facts of Bihar elections. I'll have it back to Shankar to take it forward. Thank you, Anushka. I understand that you are also going to be with us in this session only for a little bit more time. So, anyone would have any questions that you'd want to ask, Anushka? Please do so, or else we'll go and figure out how to get that done later. Neeta, are there questions on YouTube that we need to consider? Sorry, we are also trying to check on... Is there a question? Sometimes we do have questions that come through the YouTube channel. Okay. Aditya, please go ahead. Hi, thank you, Anushka. That was really interesting. And I was just wondering whether they talked about the Election Amendment Act that was passed in December 2021, because I mean, that's the interesting thing that I've been trying to understand with the link between what's happening at the state election commission level and with the ECI pushing this through. So, I was wondering if you came across anything on that? No, there really wasn't anything around that. Hi, Anushka. Sikand here. I have a question. Was Adhaar mandated compulsorily or were there instances of people voting with just the normal way of using a voter ID? Because I would believe that even with such, say, high saturation levels of Adhaar, not everybody might probably take Adhaar to the voting booth because people are accustomed to take the voter ID to the voting booth and they may not know their Adhaar. So, do you know if the Adhaar requirement was mandated? Yeah. So, now, during these elections, there was a, you can understand that as like a two-step, two-pronged. So, there was the identity verification that did take place. Like, once you go to the booth, I think you have to confirm that you're on the electoral role, you have to show your slip, et cetera. So, you go and you do that. And you can do that from any of the 11 or so, I think, of ID proof, which has been approved for a purpose. But then after that, you have to mandatory be subjected to a biometric verification. Yes. Which is based on the Adhaar database. Okay. I have different findings. I'll come to that. All right. So, this is the interesting thing, Sikand. You probably were easing before we started the session. Good. This becomes fantastic. Any more questions that we have for the non-script? Yes, please go ahead. Thanks. I also saw that there was a way that they were doing an offline verification in case that there was an interruption. Did you get any more information on that? What does that mean? Does that mean that they've got an entire, they've downloaded the database and they can check it offline? Where is that database? So, did you find any information on that? That's very, I found that strange. Yeah, so that was interesting. They apparently, they got around the way of conducting those verification offline. But all that would happen was that they only, like a subsequent update, would go to the SEC, which was sitting in Patna, on the information on how many voters were coming in and voting and everything else. But the verification itself could be taking place, even if the CSC agent at the booth had lost his internet connection. This is becoming more and more interesting. The fact that the CSC agent can get this done without an active internet connection, I think if this becomes, OK, we'll not try to hype up this point for the moment, but we'll see how this goes. And any more questions for Anushka? I'd like to remind those who are participating that Anushka has really, really is on a clock. She's got personal things to attend to. And she's just carved out a little bit of time for us today, for which I am thankful. And we had one voter. So any more questions? If you have, else we will reach out to Anushka separately and see if certain doubts can be presented. If you do not have questions, I'd like to thank Anushka for meeting time on this Sunday afternoon, amidst all the other things that you have going on. Thank you so much. Thanks, Anushka, for treating my questions as well. And if anyone has any questions, they can feel free to reach out to me on my email or on Twitter as well. Right. With that, we'll go over to Ria if that's all right. Thank you. I have a little presentation. While I was trying to read up on this, I think one is I was conscious that I'm going to be repeating a lot of the things that we've been saying over and over about Aadhaar. And I see some familiar names here. And so apologies in advance if this is just more of the same. But I think that I'm ending on a note of how many open questions there are. I'm going to try and share my screen because I have this presentation. Can you see this fine? Is it possible to take it to a presentation mode kind of stuff? I'll do that, yeah. But I just want to make sure you can see the screen. Anyway, so very, very short history of Aadhaar. Can you see it as a presentation screen? Sorry. Not really. It is something that I can read. So it's not a problem for me. I'm not sure. Now I think it should be good, right? Now it is. Yes. Short history of Aadhaar. I think everybody here knows this. I'm not going to go too deep into it. But basically, just a reminder that's useful. Aadhaar project began in 2009. Around then, 2010, biometrics of people were collected. There was no law, no safeguards, nothing that we knew. So it was challenged in the Supreme Court around 2013. The central government said, well, we don't really have a fundamental right to privacy. It was referred to a constitution bench. Meanwhile, the Aadhaar Act was enacted. People continuously being enrolled in Aadhaar. And it was becoming mandatory. Around 2015, there was interim order saying that Aadhaar cannot be made mandatory for services. 2017, the constitution bench affirmed privacy as a fundamental right. In 2019, a truncated version of the Act was upheld by the Supreme Court bench. And the majority upheld this while just a chance to dissent that I think many of us here would have read, stuck it down totally as not proportion. Subsequently, we had the Aadhaar Amendment Act, the Good Governance Rules, and the Election Law Amendment Act. Now, I just want to reiterate the reasons that Aadhaar was challenged are very relevant for understanding what's happened in the Bihar Panchayat elections today. These are some of the main reasons that the Aadhaar project as a whole was challenged. The threat to privacy, the threat of exclusion that was documented quite extensively and was unfortunately not really looked into by the court. The violation of dignity by people's personal data being collected, their intimate biometric details being collected without consent. The unreliability of the database and the fact that it was untested technology. This was the largest experiment of using biometrics at this scale globally. And so India was really used as this test case. Now, I think that similar Anushka mentioned what Vrindra raised about the use of biometrics in these Bihar elections. Like she said that we have to look at the proportionality test that was laid down in the Constitution Bench Right to Privacy case. So there's various articulations of this test. One is, was there a law, was there a legitimate purpose and was the measure that is being enacted, is it proportional in terms of what rights are being violated? Justice Sikri had a slightly different articulation, a four-part test. Is it for a legitimate goal? Is there a rational collection? Is it necessary and is it balanced against the impact? So I think we should look at how we can apply this to what we've seen in the limited amount that we know about the law, about the experiment in Bihar. This is actually, I wrote this before I heard Anushka's talk and based on the articles that they were. And it seems like this is what we know that there's mandatory biometric verification, no law presumably authorizing either the collection of Aadhar and also note that the election amendment came in December, 2021. And this is all happening in August, 2021. As far as I can tell, no, you know, act methods of exceptions for those whose biometrics may have failed. No real articulation of the privacy threat, you know, of the another body now having access to biometric data. And this is sort of, it goes to the point that, you know, we discussed briefly with Anushka, is there an offline copy of the biometric records which enabled them to do this offline kind of verification of people's biometrics? And also, you know, non-studies of the extent of the types of voter fraud that this entire process is seeking to avoid. And so, you know, we apply the test here. First, is there a law authorizing the measure? So, you know, the first thing to note is the state election commissions are separate from the election commission. But also the law that we do have currently, which is, you know, it's a controversial law. It may be under challenge soon. It only authorizes voluntary, the election officer can ask people for their Aadhar. But nobody is to be denied the right to vote for not linking their Aadhar or not giving their Aadhar. You know, what we're hearing from this, it seems that the biometric verification was a mandatory step. The second test, you know, was the goal legitimate. You know, and of course, you know, the goal of countering voter fraud is legitimate in our democracy. But this goal has to be looked at with a little more nuance. I think it goes to one of the questions I raised, which is, what is the, are there studies on the types of voter fraud? Are there studies on whether this kind of biometric verification is required to counter those types of voter fraud? A similar parallel was seen in the entire argument around using Aadhar for welfare purposes. There was this idea or this chimera of corruption and corruption in the welfare system that was going to be all, you know, avoided and done away with through Aadhar. Of course, we saw that that was, you know, based on a, you know, simplification at best of the types of fraud that we actually see. Ritika Khera has written a lot about this and there's a lot of literature there. Is the means suitable to meet this, you know, to meet this aim, you know, is biometric verification suitable to meet this aim? And, you know, I can argue that absolutely not, you know, that there are a lot of people whose biometrics cannot be read. There are a lot of people who, you know, and there's also a lot of authentication errors that could arise through this verification process. And the CIG report is interesting in noting that the UIDI didn't have a proper hold on these authentication errors. Is there no less restrictive but equally effective means, you know, and this is another, an interesting one. What is the argument to say that the existing type of verification of identities is not sufficient? And I'm not even going into at this stage the kind of back end linking and deduplication that we saw in Telangana and that we are, that we're expecting with the election commission's plans for linking Aadhaar and voter ID. And then finally, does it have a disproportionate impact on rights? And I think you can argue, yes, there is this, there is a right, you know, while it's a right to privacy, it's impacting the right to vote, it's potentially causing disenfranchisement. And so, you know, some total of all of this is it doesn't seem to meet this test at all. You know, these are my open questions. Which I mean, I think we need to know more about this before we can really go into challenging this or thinking about what types of challenges can be mounted. I'm going to stop here and hand over to Shikant and because I'm interested to hear about the kinds of, you know, if this would also articulate the kinds of risks or the disproportionate impact on rights that I haven't fully captured here, which is all of the financial, you know, financial fraud that we saw in parallel. And so I'm just, I'm going to stop here. I'm going to just leave this sort of page open for a second. These are some nice like juicy quotes from the CHE report that looks at, you know, the unreliability of the Aadhaar database, you know, and so I just took some screenshots just to show, you know, just to show that what we've been saying, sorry, what we've been saying has, you know, been in a way, in many ways, like affirmed by the CHE report. One last idea that I just want to leave with is this idea of the precautionary principle, you know, that is an established principle in environmental law. And I think it's something that we should be trying to introduce more as we look at the introduction of new technology into governance, you know, that there is, you know, the burden of proof should be on the body seeking to introduce a new type of technology, you know, of course, even in environmental law today, we're seeing a dilution of this principle with all of this notion of post facto, you know, risk analysis being accepted. So, you know, that's a separate question, but I do think that this is the principle that we should be kind of articulate, that we should be trying to flesh out a little more as we look at experiments like this. But yeah, that's it for me for now and over to Shikant. Thank you. Thank you. Shikant, are you ready to go live with the staff? Yes. All righty. All yours then. Can you see my screen? We'll post a link to the CHC report as well on the Zoom chat. I know everyone who's here has likely read it at least once, but for others who are coming to it later, that will be helpful. But yeah, please go ahead. Yeah, thanks, Nishant. So brief overview of what we are going to look at today. So one is what's this Bihar SCC app and how does it work? I have a small video and as we heard from Anushka, we had like strange claims like we can verify without internet. So we'll try and understand what this is exactly. And I also have a video of this app workflow. And then we'll come to the payment fraud bit and try and see how that happened. And then lastly, summarize the various issues and how to extend this analysis more. Because there is a lot more pieces of puzzles that are yet to be figured out and then need to be placed to get a full picture. We just have some information from Anirbhan's report and Anushka's report and from these apps. But there are still a lot more missing pieces. So with that, so the way I had gone about this is getting all the apps that were used. So the elections were held in 11 phases. And I was able to source 14 apps from the internet. One thing is that the software that was used did change across versions. And when I had quickly analyzed, there were some significant changes around data collection as well as verification modes around phase 4, 5, and 6. And I would probably plan on putting up a document in detail on what the exact changes are. But one broader first observation is that if a software is being used through a multi-phase election, it should not change. One could understand that this is being done for the first time. But real elections are still real elections, which is why probably it's good to have a mock election like what Telangana had. However, bad they actually were because there were no stakes there. It was purely a technology experimentation day. Whereas this app went live straight away on an election and did face some probably on-the-ground challenges. And then on the version 9, there was this payment fraud that came out. And I'm probably guessing that has happened before and is happening now after as well. And I'll come to that when we discuss how the payment fraud happened. So then this is the app. And I'm going to now switch to a video, which now shows the app workflow. And I'll play a video for a couple of minutes and then get back to this presentation. And then the voter list will have an active vote. First of all, the voter will have to search for the number of votes and then match their name and age. Then we'll press the Not Voted button. Then we'll ask for the ID type from the voter. And then we'll select that ID type from here. Then after that, the voter's ID and the voter's number will be clicked. Then we'll press the right sign. Then we'll press the Upload button. Then we'll ask the voter to keep his thumb on the biometric machine and press the Capture button. Then we'll press the thumb button on the screen and press the Indicate button. When you can vote and see the right sign, the voter will be sent in to vote. And then we'll press the OK button here. OK, so a few things. Like one, as we had a contention around whether Aadhaar was mandatory. Thank you, sir. And I know. Sorry. Yeah, I think one contention was whether Aadhaar was mandatory or not. And we could see the video that the ID types do support all the various ID types that are usually supported for an election. So I mean, you all might know, right? I mean, we can still vote in an election as long as we have any one of the ID proofs that are listed, even if one doesn't have an epic. As long as the name isn't the roles and the ID that we carry, the details of it and the other role details match, we can vote. So here what we saw was basically an enrollment client which was first capturing this fingerprint. And then on the next screen, when the not-voted button is pressed, they again capture two things. So what was shown on the video did have only one thing, which was that it was showing the man with the ID, a full photograph of it. Whereas I would believe that the ID is also actually keyed in. Or probably it's quite possible that the voter ID is already linked with other IDs in the SRDH. And then in the process, the person had to again use a fingerprint. So a fingerprint was placed twice. And my belief is that this, in essence, is basically a parallel enrollment. And the authenticate need not always necessarily be an other authentication. And what could be happening is basically it is using a fusion mode of other authentication and the compare mode. And I'll come to that bit, how the biometric verification actually happens. And then the user is allowed to vote. And then the voting status is changed in the database. So this is the app. And I came across another interesting article around this tech use, which basically said that biometric details of photographs, thumb impression, and include individual physical identification marks will be collected during the elections. And here is the interesting bit. After the elections are over, the biometrics of details of voters who did not cast the votes will also be collected and fed into this central database. So clearly, what we are having is not an Aadhaar-based biometric verification. Rather, it's a biometric verification in which some sort of comparison is happening. And we don't know what the baseline is. So in all practical purpose, we can actually treat this as an enrollment, because this is the first elections that is happening where biometrics are captured along with the voter ID. So and this is basically the way we need to see this exercise is basically Bihar building a parallel Aadhaar database with voter ID as the key. And if you provide Aadhaar during the process, then that's a bonus. And SRDH anyway has, let's say, voter ID and Aadhaar details as part of the KYR. So what we are seeing is a full-fledged biometric enrollment of photograph thumb impression. I don't know about this physical identification marks, because I don't see that reference on the app. But this was probably on their minds. OK, let's move on and see what the flow is. So as we saw, the verifier logs in. There is an on-device local database that's maintained on that particular device, which has a local database of all the booth, basically the voting list of the booth, and as well as the additional data that's being collected. So all the data that we saw, which is fingerprint photo and the document details, and the voting status, whether the person has voted or not, would be captured and maintained in a local SQLite database on that device. And now let's try and understand how or what they do try and how they do the biometric verification. I've been going through the reverse engineered source code to try and understand. And each time I'm kind of confused and to see whether there is any form of verification actually happening or not. So the common assumption that was in the mind of average individual was that biometrics is being used, so it's probably authenticated against the other database. But as we saw in the video, it's not compulsory for the author to use Adar. He could give any of the other IDs as well and give a fingerprint. But they do have something called as a compare server, which is basically a backend server having fingerprints against which this currently captured fingerprint is compared. But here is the question. So this is the first election that has been happening with this biometric code verification. What are they comparing against? Are they comparing the fingerprint that was captured twice within two minutes on the same device? What's the purpose of such comparison? But it is quite possible that if the elections are repeated, now at least those of who have already voted in this election would have their biometrics captured on this compare server, because basically what we are seeing now is an enrollment happening. And in the next election, whenever that happens, this compare server could actually compare and biometrically authenticate. But I don't know what baseline it is comparing today, but there is something called as compare server. There are two of them, which did pass. And the other thing that happened basically is that all these details are captured on the device, and then there is a sync that happens to the backend server. So all this data, both vice, is then uploaded to the backend server. So this is basically the voter verification slash enrollment. And I would probably say this is basically a parallel enrollment system. And there have been states which have had parallel databases. And Anand here probably knows about the Kuchirath example where they had an entire ration card database that was also having biometrics and was essentially a parallel database of biometrics. So what we are seeing here is basically an enrollment client for the election voter ID based parallel database. So that is basically what I could find on the client reading through the code. The code is available open. I'll put through the links on the page. We could probably analyze more and see what exactly is happening. So that's on the voter verification process. Now we'll come to the most interesting part of the payment fraud that has happened. So there were actually in the same report of Anirban, there were two instances of payments fraud noted. So on one instance on Mungar district, on one particular booth, people found money being withdrawn from $5,000 to $10,000. And it says just after an hour, they had cast their votes. Now the subsequent note on the same report says that basically the agency agent who was running this booth had captured it twice and then used the same fingerprint to do the APS transaction. Now this basically falls flat on two counts and we'll come to that on why this falls flat. Basically, there were basically multiple people. So they say dozen voters were defrauded. So if you have to basically parallely capture for a dozen voters, you would need to have a dozen APS apps and then keep capturing, which is not how it probably happened. It probably happened because there is this local database that stores the fingerprint and in all likelihood that this guy used that template that is being stored on that local database and then did a replay by putting a gummy finger. That's most likely it happened. And in this case, police had actually arrested the agent and in all likelihood, it's probably because he had logged in with his ID. So there was basically a trace back. Whereas in the next case, there was another case that was mentioned of the same report. And here in a different place on two different booths in multiple places, again, 30 persons had lost money. And of which 27 people were defrauded after the elections and three people had found they had been defrauded before the elections. Now, this is even more interesting because you can't backdate the bank transaction. So if the authentication is happening on 29th November, the transaction cannot happen on 28th November. And if this happens, it's a lot more serious on the banking system. But I won't be surprised as well because it depends on the banks and some of these banks would be like a rural cooperative bank or a rural bank, which may not even be running like a first class CBS and it is possible to do such backdated transactions. But this is something to note as well that some transactions have happened actually prior to the election. And here again, but for 27 of the 30 people, they were actually defrauded after they had cast their vote. And here again, there was apparently an investigation that was conducted and an inquiry report was submitted to the district magistrate. It would be actually helpful if we get a copy of that report. But no arrest has been made. So they do allege something like saying that one person had came to the village and collected biometrics, citing some scheme. And it's possible that he would have defrauded. But then that is still a usual dumping up cases on, let's say, a known accused because here, unlike the previous case where the same person in the voting booth was traced back, here I believe that they have not traced back the person and hence they have not made any arrests. So this brings us to this point where basically the second case could have happened because the local data was then synced to the server and somebody having access to server could then use it from any of the ghost accounts they have and that is possibly a harder to trace. Whereas unlike the first case where the same booth person did the fraud and got caught immediately. So how did this happen? So a brief context on the other based payment system and the replay attacks that have been there from 2017. And for some of us who are totally new to other enabled payment systems, I could give a parallel example on the card. So remember, we all used to have a Magstripe based cards and the vulnerability in a Magstripe based card is that it is susceptible to skimming devices and can be easily cloned if there is a skimming device. And hence, sometime in 2019-20, all of our cards basically got upgraded into a chip and dip card, which is now a smart card and it's technically harder to make a clone off. A parallel example in the APS was that initially when other enabled payment systems began and other based, biometric based authentications began until 2017, it was possible to basically do a software level cloning or in the sense that you could capture your fingerprint into a file and then you could load that file and then authenticate using that stored biometrics. And this was highlighted in the axis. So with our case and for which UIDI came up with the concept called as registered devices. And with registered devices, all the biometrics are encrypted and stored with the timestamp. So it is technically, it should be impossible to do a file based loading. But you can still use the template that is captured and stored and create a gummy finger and there have been again instances around the Telangana or Andhra SIM card fraud where one particular agent had procured 6,000 SIM cards using a gummy finger and gummy finger which he made from property documents which he was able to access. So he had access to property document which had a fingerprint and then he used that to create gummy fingers and procured SIM cards. So replay attack technically is still possible in other enabled payment system and what could have happened in both these cases is that since the voter enrollment client stores the biometrics on the device and then syncs to the cloud. On the first case, the same person who was manning the booth probably created gummy fingers and then did transactions. And the second place since it was synced to the central system, anybody having access to that central system can then create a gummy finger and then transact. So what are the problems in the entire verification process? So one is, as I said, it's a parallel state voter ID based biometric database enrollment. Here is the interesting thing. This also uses a local non-RDE service based biometric capture, which means that your unlike what UIDI has been saying. So the RDE service is basically a wrapper which UIDI provided which ensures that your biometrics are encrypted on capture. Basically, this was the response to the access to that case. But think of it like this, you could use, let's say a hardware without installing a custom software which will encrypt, in which case, whenever you use that hardware, the data is unencrypted. This particular voter verification app basically has both modes of authentication, both other and non-other based fingerprint captures. So when it captures the fingerprint on an other system, it uses the RDE service. So the other authentication takes place. But if you don't use the other system for the local enrollment, it actually does not use the RDE service and hence captures biometrics in an unencrypted format, stores that in an encrypted format. It's exportable as CSV and then it's also synced to the backend. And here is the other thing that was interesting that this whole operation was run by a company called PhoneMe, which as per its website is a digital media consultancy. And they probably do not have any sort of experience around biometrics. So that's the other shady part. And digital media consultancy or social media consultancy is probably another name for a 90 cell. So there could also be that angle on whether this was run by an entity. And if this was run by an entity run which also runs an IT cell, we have an entire state's voter data plus biometric data that's been with them. So this was the question that I had previously for Anushka and we probably need to do more analysis or at least from what we could see from the app, the other use of other is not mandatory but we all know the voluntary mandatoryness of other. And this is the again, another funny part where they had actually used the authentication devices for enrollment. So now this entire process was basically an enrollment masquerading as authentication. But the downside is that since they had to do that, they are also used authentication devices and captured the templates instead of actually using an enrollment device. If you enrolled for another, you would know that the other enrollment device is basically a slightly more sophisticated device which can capture fingerprints more granularly and it costs something like 8,000 to 10,000 rupees. Whereas the authentication devices is for one finger and you could get it for 2000 rupees and usually the problem is that the authentication devices kind of capture slightly at a lower quality. So here the problem that we would be facing is that if they had to use this enrolled data for future verification, the quality of such verification will be far, far worse than what current other verification itself because the current other verification at least has, let's say a better device when it comes to enrollment. And here is all the code that was reversed from the app and I had versioned with multiple versions of the app. We could do some PIF and compare and analyze them and I'll be in the process of doing that while writing some form of a report on this. And with that, I come to close. I'm open for questions. I'll start off with one shake. And so I think the honor that you see is not the honor that you intended to direct your demo. So same name, but different honor. But anyway, so I have my question is fairly simple. I think when all of us read the report from Anirvan and Anushka our idea was that somehow this was an overreach of using the other system to purify the electoral rules and then also allow voting. From what you just described, it seems far more insidious and completely different. And it has far more ramifications if indeed the governments of Jharkhand and other places are interested in this. So based on that fact, do you have any comments to me? And I'll also request others to go on and ask questions. Okay, so first thing is, I think the lack of clarity or I don't know whether it's insidiousness or lack of clarity in solution design. We are kind of unable to kind of see what they intend to do or if one could take the Swarajya article as a baseline, it was very clear that they were trying to basically build a parallel database of biometrics. Now, when you do that, when UIDA has already kind of been established like decade back and whole range of, let's say a biometric standards on captures and stuff have evolved over the last decade. And that is not without its, let's say, discounting Aadha's deficiencies, but even if you discount that, Aadha has probably built up a whole range of both software and hardware and processes on enrollment. Here you replace that with, let's say, a very quote unquote, cheap enrollment solution. And I don't know what the purpose of such enrollment is because even UIDA, we had the same problem as garbage in garbage out in the case of demographics at least. On biometrics, the issue was slightly, I mean, as we've seen in the audit report, the biometric service providers have not penalized on their SLAs or there's no sufficient penalty, which is basically leading to the authentication failures. But here you have a very wrought solution of biometric capture. Now, another thing that I could kind of see from the code is that this code basically looks very similar to the biometric attendance systems that are in place. And by biometric attendance systems, I mean the local ones, not the Aadha based ones. You know, a lot of these shops do have their own biometric attendance systems which can also be connected and data reports can be generated, which is how it works in both places. And in those cases, such, let's say, a capture of a finger is sufficient enough because your search set would be something like very small, like maybe 10 or 20 employees, and maybe it could also be like that being put in as a factor where, again, technically one could say that a booth would probably have only 150 people. So it's sufficient to capture a poor quality biometric. Now, we don't know if they actually considered that fact and made that the same choice, but one could actually see that the whole enrollment process is kind of being done in a very kind of shabby manner. And if one sees that, let's say, entire data was encrypted and stored in local database, which is how probably that the first payment fraud happened because the operator was able to access the biometrics and was able to replay via a gummy finger, which means that the data was stored on that device and encrypted. And it's also getting stored in a central server and that technically basically leaves everyone who has voted in this set of elections pretty vulnerable. And whether like that state should have had a separate legislation on this parallel database and this is as good as Aadhaar in some sense. So should they have had a better system in first place rather than having this quote unquote cheap solution? Even if they were to kind of, let's say, do this verification. One thing that surprises me is that they say it's verification, but what are they comparing against? That is something that we don't have answer because it's not always that it's Aadhaar authentication that takes place. I mean, as we go back to that non-internet situation, so in a non-internet situation, it's just an enrollment that's happening, but even after that enrollment, there is quote unquote an authenticate button that needs to be clicked. Now, what is that authenticating against this? I mean, we still could figure out by looking through the code, but it'll take some time. True, I think the fascinating part for me is two parts. One is that we started off seeing this more as an overreach by the state election commission. And now it has turned out to be more in terms of it's a wholesale data and biometric market gathering. It's a rebuilding of a database for no declared reason, for no obvious legal backing to it, and obviously no good explanation to the citizens whose biometrics are being captured and stored in a database. So it's actually, to me, it's a bit more problematic than even if I go back to the questions that Rhea had on the slide that she put up, and even if I look at those and then try and reconcile what you just walked us through. It's far more problematic. It's no longer a very simple set of questions at this moment at all. So I don't really know what to make of it. Rhea, yes, go ahead please. Yeah, sorry, I just wanted to echo what you said that this is even more worrying. Just a brief thing. UIDAI countered this claim that Aadhaar sets up a surveillance architecture. On the basis of saying, well, we are purpose, we're collecting this data, but we don't know why it's being used when you're authenticating it. And there are federated databases, they're not talking to one another. And there was that famous PowerPoint after which all of us started doing PowerPoint presentations because you realize that that's why that's when people actually listen to you. But this is what's really worrying is that this is what, and I think people who I can see on this call have written about these parallel databases, the SRTH, the state resident data hubs, that in court, the government came and said, no, we deleted those registrar packets. And so we don't actually, we haven't used the Aadhaar enrollment process to create parallel databases. But what I'm hearing now is that this seems to be a resurgence of that attempt to create parallel databases. And like you said, Sankajan, without any clear articulation of the purpose, any analysis or any thought on the quality of the biometrics or how they're going to be preserving and safeguarding this data, let alone preventing it from being used for other purposes. So it's pretty very, very concerning from where I'm sitting. Yeah, the other part that, so this happened in September, 2021, which is quite a few months from where we are now. And it also, I'm not very clear in terms of what could be good next steps to figure out information pieces that Srikanth mentions are. So there is obviously a set of knowledge that can be gained from diverse engineering, considering some of the constraints of diverse engineering, but there is also exist knowledge, which we should be able to extract from the relevant authorities by seeking and providing and getting them to provide us with the information. But I don't know if this is far too late in the game as well, but maybe we can go back and then find that one out. When I would probably, I mean, just as he was preparing for the talk, and I got that note saying that there was a report submitted to the district magistrate, and that should be quite accessible in a sense because it was probably submitted to the DM. But that's only on the payment fraud bit. Now, if one has to basically look through the entire design, this is as big a system, which should have had its own, even all the SRDHS had a very detailed technical RFP and solution design, what were the objectives? I mean, forgetting the fact, they'll say they don't have a legal status and so on, but at least from a technical governance standpoint, what was developed was clear, whereas here we have like very few details on that and it's probably more worrisome if other states are replicating the same because they aren't supposed to. And in that sense, this is probably a very poor system to replicate because this has its weaknesses written all over. Yeah, Manse. I was just wondering that on lines of how Masood fired a sense and legal notice to the Hyderabad police after his photograph was taken. And since I mean, since we have discussed on this call that there is no legal basis on which the state election commission has gone ahead and corrected the biometrics. One is that of course, we can consider filing some RTIs to get some more information on what that data has been used for since then, how it has been stored, et cetera, under what law. But I think this does call for, I mean, if there is no law in it as far as the Supreme Court judgment is concerned, it's very clear that something like this cannot be done in the absence of an enabling law. And even the new election amendment doesn't actually provide for a collection of biometrics. It only talks about linking our number with voter ID. So I think this does, I mean, we can actually consider if we are going to be taking this up actively. I think there are sufficient grounds for one filing of RTI and second, perhaps even considering a legal notice to the state election commission explaining this and... Yeah, thank you. I think this will be required to be pursued a bit more vigorously and not just in the way we usually try and examine both talks. Primarily, I mean, I'll say that my worry is fairly simple. Someone somewhere saw this system and decided it is very successful. And Srikanth and I, just before we started this entire thing, we were debating what is the measure of success that was even applied. But someone saw this as a success and the success is desirable enough to be repeated at other states. And so it's going to be propagated. And there is a reason to try and find more information and find exactly what is going to happen. So we'll need to explore all the possible revenues that we mentioned and see where it is. So something that I could think of hand on the success discussion is that probably the fact that so many people could be enrolled on a single day is seen as a success. Because unlike, I mean, other enrollment was, let's say staggered quite, right? And that's because other enrollment actually stresses more on biometric data capture quality. So even when you place your fingers, friend, you might need to place it multiple times so that it is captured. Whereas this system does not have such checks. It just takes a capture like an authentication. So somebody actually thought that so many people enrolling in multiple phases of election is still possible in a single day. And the cost of enrollment now basically gets hidden into the cost of elections. And the other interesting part of this elections is that the CSE agents, they're not actually getting paid for this. And that's probably another reason why the payment fraud happened. So basically, these were agents who were promised of a pay, but were never paid. And so some of them were like, okay, now we have biometrics. Why should we ask them if we can transact on some of these other numbers and get money ourselves? And that's probably the motivation for the fraud as well. Fair point. Yes, please go ahead. And I agree with Mansi. This is probably deadly, but I think I'm sorry. I'm using it at the right way. Hi. No, I just wanted to make a quick comment. I can't help but totally agree with Shikant. One, and not just this, but also looking at other databases and other such exercises of statewide enrollment, say Telangana did, Andhra Pradesh did, in the name of state censors a few years ago. And now as Shikant is saying, because of the elections we have, the name of election, there is this entire enrollment. There from at least my limited understanding and interactions with government officials in the states, while reporting on these, they do consider Adhaar's legal safeguard, whatever or however strong or weak they are, as a constraint and limitation in using Adhaar data and Adhaar database for multiple purposes. There is always a fear or say a frustration that Adhaar thing does land up them in legal troubles, et cetera, because of the strict regulations rules. So there is a tendency from my understanding always to create these parallel databases where a similar level of accuracy or at least de-deplication can be achieved and then use this data for whatever purpose they want and doesn't have to stay on record that they are using Adhaar database. So here, this enrollment of biometrics, et cetera, by using this I think is one reason and often it's not, it's a very broad purpose that they think they do not have to assign a very specific purpose to such enrollments. They can just say that this is for governance and then it's always open for multiple use, misuse scenarios, which has happened in the past also in other states. So yeah, I think while in this case, it's important to file RTIs and get these reports of misuse how it happened, but as Srikanthu mentioned, it's something to think as a larger strategy of while we have legal safeguards for Adhaar, what do you do with these kinds of similar databases being created where you can't apply the same safeguards that apply on Adhaar? Yes, punk work, biometric databases are difficult to keep track of, difficult to figure out the rationale for creating them. Also in terms of who exactly gets to handle any sort of contacts around those data source, should they deny anyone, a citizen access to any service? So there is a whole bunch of topics that we need to go through. One of the things that Srikanth had mentioned he would be doing is eventually get, being able to wrap up his findings into a report that would be presented. And hopefully we can collaborate with the reporters who have interest in this story, to also check if there are other additional details that can, because it's fairly obvious this is not going to be a one-off. If other states are angling for this, we are going to see more and more of such things coming up. So I know we are already over time that we had allocated by around 10 minutes. So glad that everyone could hang around a bit. I'll just go around the room and check if there are any more comments, remarks, or closing remarks that you would like to make before we call this one. I guess that's about it. So thank you to Riya and Srikanth, and obviously thank you to Anushka who had joined us at the very start and all the conversations that we had. I will reiterate that the reason we wanted to have this conversation today is that we find this very, very concerning. Regardless of the fact that we started off thinking that it was an other overreach into elections and now we are finding it that it's basically a parallel data store creation. Either of these don't reduce the problem. They actually increase it. And so we need to figure out how to get to the information we need, close the gaps, knowledge gaps we have to be able to shed more light on it. And hopefully we'll be making some progress to do that. Yes, I think with that remark from Riya, which is that the legal vacuum that this parallel database is operating is used to get away with anything. And that's pretty much, I think, all of us, the concern all of us share, right? That getting away with anything is becoming more the norm than the exception in these times. So with that, I'll thank you for joining. Good conversation. Good having you here. And have a great rest of the afternoon evening. We'll see each other around on other social media channels and other places. Thank you. Thank you.