As the Election Commission held a series of webinars on the use of blockchain for remote voting on Monday, the issue of voter privacy emerged as a major talking point, with lawyers and academics believing that it should be given as much importance as the process of voting itself. “When we talk about blockchain-based remote voting, we should also talk about the importance of data process in the entire process of voting and not just the voting itself,” said Nappinai NS, an Advocate at the Supreme Court, and founder of Cyber Saathi.
Referring to the Telangana Election Commission’s use of facial recognition technologies at some polling booths during civic elections earlier this year, Nappinai said that, “we’re seeing the use of a lot of intrusive technology being used in elections, which when interconnected can go against the Puttaswamy judgement [on the right to privacy]”. She also questioned the entire idea behind using tech during elections, pointing out that even the “current method of voting using EVMs requires a paper trail [VVPAT]”; “do you even need tech,” she asked.
The Election Commission’s IT Director VN Shukla said that the organisation should approach remote voting as a “layered system”, which should be a “good mix of processes which are easy to use, tech which is robust and scalable, standardised databases, and easy and maintainable user interface”. He said that any new process should not seem much different from the previous one and that the adoption should be “gradually increased”.
While it is believed that use of blockchain-based voting can be beneficial for people who don’t live in their home constituencies, such as migrants, studies from institutions such as Stanford, and MIT have shown that this form of voting raises a number of data privacy issues, said Trilochan Shastry from the NGO, Association for Democratic Reforms.
“[In blockchain-based voting] voter data is sitting somewhere and we don’t know if someone can gain control over it. There were rumours that Russia had meddled with the 2016 US elections, and our systems can be potentially vulnerable if tomorrow we have a problem with China,” Shastry said. He also noted that a blockchain server could be more prone to hacking, and potentially alter the course of an election.
However, even as Nappinai called Telangana’s use of facial recognition at the civic polls an “intrusive technology”, she suggested that India could explore a “one nation one card” type solution, enabled by blockchain which can be linked to a system to ensure a voter’s identity. “Such a card will also help overcome the problem of territoriality,” she remarked.
Readers should however note that having an all-encompassing ID for exercising democratic rights isn’t an advisable solution given that it creates a single point of failure. In contrast, a federated means of identification ensures that people can identify themselves where needed without necessarily compromising the only ID they have.
‘Our laws are not ready for blockchain-based voting’
“Legally we are not prepared for a blockchain voting mechanism,” Advocate Pavan Duggal said. He also said that while Estonia’s name comes up in all digital ID discussions, it is perhaps not right to compare India to the European nation because India is much larger with a very different socio-economic situation.
The current Information Technology Act doesn’t give legal recognition to blockchain, “as long as you don’t take a very broad view that blockchain is data and information,” Duggal said, adding that India will have to come up with blockchain specific legislation if it were to experiment with the technology during elections. Countries like Estonia, Malta, and Belarus have all come up with blockchain specific regulations, he remarked.
Aside from the IT Act, Duggal also suggested that the Indian Contract Act is not adequate. “A blockchain is essentially a smart contract, but does that make it legal? While the IT Act gives legality to e-contracts, blockchain is likely to throw more challenges, which can’t be addressed by the current IT Act or Contract Act,” he said.
“It’s now possible to get blockchain servers located in different parts of the world so the Election Commission might not have substantial control over that data,” Duggal said. “When that happens, where is a voter’s privacy? Who all can see their voting preferences? These questions will have a huge impact on the sovereignty and security of India,” he added.
He also called India’s National Cybersecurity Policy a “paper tiger” and said that the imminent cybersecurity strategy of 2020 is “not likely to shed light on blockchain-based voting mechanism”.