Executive Summary
The ‘Seva Mitra’ app promoting the Telugu Desam Party (TDP) involved in privacy breach and misuse of data of around 4 crore citizens in Andhra Pradesh (Seemandhra). The MP of YSR Congress Party has complained, the Smart Pulse Survey which was linked with State Resident Data Hub (SRDH) containing Aadhaar and electoral rolls created by Election Commission of India were misused.
IT Grids (India) Private Limited
The company located in Madhapur (Hyderabad) has developed several software applications & IT solutions for the State Government.
‘Seva Mitra’ App
The App contains voter identity number, names, photographs, booth information, family ethnicity information, government schemes allotted and beneficiary a voter gets as part of the election. This is exclusively designed for the TDP cadre.
Constitutional Impact
This hits the fundamental right of privacy, meaning one’s personal information isn’t protected from the public viewpoint (scrutiny) and the IT company is liable to be punished under sections 120B, 418, 420, 380, 409, 167, 177, 182 read with Section 511 of IPC.
Response from Election Commission of India
The ECI supplies soft copy of non-photo electoral roll to candidates of recognized political parties or organizations as per the norms. The hard copies of this data will be in black and white. No other data has been shared to any party or company.
Response from UIDAI
The UIDAI has already requested the Government of Andhra Pradesh, Telangana and 13 other states to destroy the SRDH after the judgement was given by the Supreme Court in-line with the Aadhaar Act, 2016.
State Resident Data Hub (SRDH)
The SRDH was created by Government of AP in association with UIDAI and mirrored the data from UIDAI, Bengaluru which has the resident’s Aadhaar number, name, date or year of birth, gender, address, pin code, photograph and bio-metric data.
SRDH with Smart Pulse Survey
The chairman of UIDAI has stated that SRDH is integrated with Smart Pulse Survey, proving it is no more an independent entity and has multiple layers of data connection with various databases of socio-economic data. The purpose of SPS was for indicating real-time governance and checking the status of beneficiaries.
Lawsuit Position
The cyber crime department has conducted searches at the offices of IT grids and found the data collected pertains to the voters’ information in the Andhra Pradesh and it was misused by the developers. Four of them have been detained for further interrogation & investigation.
Analysis & Key Takeaways
- The SRDH should have been destroyed if there are any signs that another system mandated by the Central Government is in place.
- There must be approvals / permissions obtained from Supreme Court to retain systems for other purposes.
- The Supreme Court will monitor systems put in place by State & Central and the contracts signed must have legal relationship between the entities involved.
- The contracts should be valid with enforceability, rather than being illegal or void leading to larger crimes.
References
- https://kractivist.org/andhra-pradesh-data-breach-by-tdp-app-uidai-ec-launch-probe/
- https://timesofindia.indiatimes.com/city/hyderabad/andhra-pradesh-tdp-app-breached-data-of-3-7cr-voters-probe-begins/articleshow/68161226.cms
- https://www.firstpost.com/tech/news-analysis/aadhaar-hearing-major-arguments-made-over-the-past-38-days-of-hearings-4467323.html
- https://www.ap7am.com/lv-309586-data-breach-by-tdp-app-cops-search-offices-of-it-grids-detain-four.html
- https://english.sakshi.com/andhrapradesh-politics/2019/03/04/massive-voter-data-breach-by-ap-government
Business Management 
Good analysis.
LikeLike