EC Disables Easy Access to Electoral Data Across States

EC Disables Easy Access to Electoral Data Across States is a report published in The Economic Times on 6 June 2018, written by Akshatha M. The article examines the Election Commission of India’s decision to publish electoral rolls only in image PDF and CAPTCHA formats across all states, following Karnataka’s pioneering privacy protection measures. It features expert commentary from Sunil Abraham on the limitations of these technical solutions and proposals for more robust data access controls that balance transparency with voter privacy.

Article Details
Full Text
Context and Background
External Link

Article Details

📰 Published in:: The Economic Times
✍️ Author:: Akshatha M
📅 Date:: 6 June 2018
📄 Type:: News Report
📰 Newspaper Link:: Read Online

Full Text

The recently-concluded Assembly elections may have set more than just one precedent with implications for the entire nation.

While the poll result led to what many see as the beginning of a national front comprising regional parties, the steps Karnataka's chief electoral officer took to protect the privacy of its electoral rolls will be emulated across the country.

The Election Commission of India, in an internal circular issued in January, ordered the chief electoral officers of all states and union territories to publish electoral rolls only in image PDF and CAPTCHA formats. These formats ensure that no individual can access electoral data, except as readonly files. While the image PDF format disables the search option in the rolls, CAPTCHA does not allow visitors to either extract or download the rolls.

"It has been decided that electoral rolls should be published on (the) website in image PDF only. If presently-available PDF electoral rolls are not image PDF, then the same shall be done immediately," the EC circular said.

It all started in the latter part of 2017 when Karnataka's chief electoral officer published the draft electoral rolls as image PDF with CAPTCHA formats. Earlier, rolls were published in text PDF (minus CAPTCHA) format. Electoral analysts and citizen groups took exception to the new formats on the grounds that that did not allow them to analyse errors.

CEO Sanjiv Kumar's contention was that analysts were seeking easy access to data. He defended his move on the grounds that the personal data of voters need to be protected. The tiff eventually reached the EC's doorstep. It turns out that the chief election commissioner was convinced about Sanjiv Kumar's intent.

Speaking to ET, CEC Om Prakash Rawat said: "After Cambridge Analytica and Facebook episodes, the EC has decided to protect voters' data from data harvesting and data manipulation as a precautionary measure. We are also working towards adding special data security features in the electoral rolls."

Electoral roll analysts continue to see the EC's decision as a bid to cover up flaws in the rolls. "Their argument is self-defeating on two counts: One, an individual can still extract the data, though it is a little time-consuming. Two, voter data is sold in broad daylight for 7 paise per record and despite knowing this, the election authorities have not taken any action to prevent the same," said Bengaluru-based electoral roll analyst PG Bhat.

Data security researchers say the EC decision to have the new formats is no long-term solution.

Sunil Abraham, executive director of the Centre for Internet and Society, said that the image PDF format would not be a longterm solution at a time when the optical character recognition software has become all-powerful. "The EC should first remove EPIC numbers from the public database as it allows people who are into data-mining exercise to combine data. The solution would be to have mandatory registration in order to access data, even for voters," he said.

He said the EC should have a system that enables it to track those who access electoral data. "Mass export of data should be permitted only for those who are monitoring electoral rolls at the polling-station level," he said.

Context and Background

The Election Commission’s decision to restrict electoral roll access emerged directly from the Cambridge Analytica scandal that erupted in early 2018, which revealed how political campaigns could harvest and weaponise voter data for microtargeting. Chief Election Commissioner Om Prakash Rawat’s explicit reference to these “Facebook episodes” demonstrated how global data controversies were reshaping Indian electoral governance. Karnataka’s Chief Electoral Officer Sanjiv Kumar had pioneered the restrictive formats in late 2017, and his approach—initially controversial amongst transparency advocates—gained institutional validation as international data protection concerns intensified.

Sunil Abraham’s critique identified fundamental limitations in the Election Commission’s technical approach. His observation that optical character recognition (OCR) software could easily circumvent image PDF protections highlighted how superficial these measures were against determined data extraction efforts. Modern OCR technology, powered by machine learning, could convert image-based text into searchable, exportable data with minimal effort and high accuracy. This rendered the format restrictions largely performative—creating obstacles for legitimate researchers and civic monitors whilst providing negligible protection against commercial data miners or malicious actors with basic technical capabilities.

Abraham’s alternative proposal—removing Electoral Photo Identity Card (EPIC) numbers from public databases—addressed a more substantive vulnerability. EPIC numbers functioned as persistent identifiers that enabled data linkage across multiple databases. Someone possessing EPIC numbers could potentially combine electoral roll information with other datasets containing the same identifiers, creating comprehensive voter profiles that individual databases alone wouldn’t reveal. This data fusion capability posed far greater privacy risks than simple access to electoral rolls, yet the Election Commission’s measures left EPIC numbers exposed whilst restricting less sensitive information.

His recommendation for mandatory registration to access electoral data represented a middle path between complete openness and absolute restriction. Such systems, implemented in various democracies, create audit trails showing who accessed what data and when. This traceability serves dual purposes—deterring misuse through accountability whilst preserving legitimate access for researchers, journalists, and civic organisations monitoring electoral integrity. The suggestion that mass data export should be limited to polling-station-level monitors acknowledged that different stakeholders require different levels of access, and blanket restrictions often harm transparency more than they protect privacy.

The article’s mention of voter data being “sold in broad daylight for 7 paise per record” exposed a glaring contradiction in the Election Commission’s approach. Whilst implementing technical barriers to prevent web-based data extraction, authorities apparently tolerated or failed to prevent commercial data brokers from acquiring and selling comprehensive electoral information. This suggested that the restrictive formats primarily inconvenienced legitimate researchers and civic groups who relied on official channels, whilst black market data flows continued unimpeded. Electoral roll analyst PG Bhat’s characterisation of the measures as “self-defeating” captured this fundamental disconnect.

The tension between transparency and privacy in electoral rolls reflects broader challenges in democratic governance. Electoral rolls must be sufficiently accessible to enable citizens and organisations to verify their accuracy and detect irregularities, yet overly permissive access creates privacy vulnerabilities and enables commercial exploitation. The Election Commission’s reactive, technology-focused response to the Cambridge Analytica crisis failed to grapple with these deeper tensions, instead implementing quick fixes that satisfied neither transparency advocates nor privacy proponents.