The order authorising 10 agencies to monitor and intercept computer resources is a pretend law meant to be an enabler of
DR SAURABH GARG, JOINT SECRETARY IN the Ministry of Finance, issued the notification F.NO.10/ 03/2016-CY.I on November 8, 2016, to declare demonetisation. He stated the order was “in exercise of the powers conferred by Sub-section (2) of Section 26 of the Reserve Bank of India Act, 1934 (2 of 1934)”. Subsection (2) of Section 26 requires the recommendation of the Central Board of Directors of the bank appointed as per Section 8 of the RBI Act. The recommendation of the Central Board, which formed the basis and gave legitimacy to demonetisation, has remained elusive. In the absence of such recommendation, demonetisation would be what is called “pretend law”—something that has no force of law but appears to be law.
The RBI’S report on the “Macroeconomic Impact of Demonetisation” states that demonetisation was aimed at addressing corruption, black money, counterfeit currency and terror financing. But there is no report from the RBI on the impact of demonetisation in addressing corruption, black money, counterfeit currency and terror financing.
While a year-end review released by the Ministry of Finance in 2017 claims a 50 per cent reduction in the value of high-denomination notes, the RBI Annual Report actually indicates a doubling of high-value denomination supply. While we seek explanations about demonetisation addressing corruption, black money, counterfeit currency and terror financing, nothing fits as
well as its impact on the political fortunes of the Bharatiya Janata Party (BJP) in the election-bound States immediately after demonetisation.
According to survey data of election funding from Bihar, Jharkhand and Uttar Pradesh, more than 46 per cent of campaign funds are sourced from black money. Political observers and the Election Commission of India (ECI) have for long recognised that political funding happens in cash. In the recently concluded elections in Madhya Pradesh, Rajasthan, Chhattisgarh, Telangana and Mizoram, the ECI seized more than Rs.200 crore.
It is, therefore, unsurprising that the demonetisation of 500- and 1,000-rupee notes happened just three months before the elections in Uttar Pradesh, Uttarakhand, Punjab, Goa and Manipur.
The need for 500- and 1,000-rupee notes to be exchanged with other denomination of any value, it obviously challenged the election funding of those caught by surprise. Political fortunes changed as the money in circulation changed.
Shakespeare obviously understood the ways of men best when he declared: “Though this be madness, yet there is method in ’t.”
Union Home Secretary Rajiv Gauba’s order No.14/07/ 2011-T of December 20, 2018, authorising 10 agencies to monitor, intercept and decrypt any information generated, transmitted, received or stored in any computer resource is not dissimilar to Garg’s notification on demonetisation. Nor is it dissimilar to Mandeep Kaur’s (Deputy Secretary in the Department of Revenue) notification of the Prevention of Money-laundering (Maintenance of Records) Second Amendment Rules, 2017, vide Notification NO.2/F No. P.12011/11/2016-ES CELL-DOR.
The Ministry cites “the powers conferred by Subsection (1) read with Clause (h), Clause (i), Clause (j) and Clause (k) of sub-section (2) of Section 73 of the Prevention of Money-laundering Act, 2002 (15 of 2003)” in formulating these rules.
These rules declared that bank accounts shall cease to be operational until the account holders submit their Aadhaar number to the bank.
Since it is not public knowledge, it should be underlined that Clause (h) of the Prevention of Money-laundering Act, 2002 was omitted by Section 29 with effect from February 15, 2013, and Clause (i), Clause (j) and Clause (k) of Subsection (2) of Section 73 does not allow for freezing of any asset or making it inoperable.
Again, this is not dissimilar to the government’s notification amending the Companies (Appointment and Qualification of Directors) Rules, 2014, on July 5, 2018, which similarly attempts to create powers not conferred under “Sub-section (1), Sub-section (4), Clause ( ) of Sub-section (6) of Section 149, Sub-section (3) and (4) of Section 150, Section 151, Sub-section (5) of Section 152, Section 153, Section 154, Section 157, Section 160, Subsection (1) of Section 168 of and Section 170 read with Section 469 of the Companies Act, 2013”. This notifica-
tion declared that the Director Identification Numbers would be deactivated if the directors did not undergo a KYC (know your customer) procedure.
Rajiv Gauba’s order is guilty of the same pretence. Section 69(1) requires a ‘reasoned’ order to enable interception, monitoring and decryption. The order can only be in the interest of the sovereignty or integrity of India, the defence of India, security of the state, friendly relations with foreign states or public order or for preventing incitement to the commission of any cognisable offence relating to the above or for investigation of any offence. The order is ultra vires of the Act.
The referencing of laws that no one reads, understands or checks makes it easy to create rules that have the appearance of legitimacy. This government has consistently followed the modus operandi of creating rules and notifications that are illegal and invalid and are pretend laws as they are not in accordance with the enabling Acts or have failed to follow the due process of law.
The Parliamentary Standing Committee on Subordinate Legislation, which is normally required to ensure that orders, rules and regulations do not exceed the purpose sanctioned by the enabling Act, appears to have mysteriously turned a blind eye to these pieces of legislation. Laws are intended to protect national and public interests. Pretend laws accomplish partisan interests.
What, then, is the purpose behind authorising 10 agencies of the government to intercept, monitor and decrypt any information generated, transmitted, received or stored in any computer resource?
THE ELECTION STRATEGY
BJP leader Nitin Gadkari launched a book by the BJP psephologist G.V.L. Narasimha Rao on electronic voting machines (EVMS) and their susceptibility to tampering in 2010. He insisted that reservations about EVMS were not confined to the BJP and that many other political parties were wary of their use. The foreword to this book, Democracy At Risk! Can We Trust Our Electronic Voting Machines?, billed as a “shocking expose of the Election Commission’s failure to assure the integrity of India’s electronic voting system”, is written by senior BJP leader L.K. Advani. G.V.L. Narasimha Rao says: “It is a blatant lie that EVMS are tamper-proof. I think the use of EVMS on a national scale is illegal.”
Dr Subramanian Swamy’s book, Electronic Voting Machines: Unconstitutional and Tamperable, also published in 2010, “brings together a panel of political, constitutional and technical experts and makes a powerful and substantive case for the discontinuation of EVMS in Indian elections if these cannot be safeguarded to public satisfaction”.
The BJP’S concerns about EVMS were triggered when, in May 2009, Anupam Saraph, at the time Chief Information Officer for the city of Pune, and Prof. M.D. Nalapat, Vice-chair of the Manipal Advanced Research Group, discovered, and reported to the ECI, spreadsheets with encrypted data on the ECI’S website that seemed to show votes polled by a candidate days before the votes were actually cast and counted.
The 2009 Lok Sabha election was held in five phases, running from April 16 to May 13. Counting was not supposed to begin until all the phases were complete. Before the voting started, Saraph and Nalapat had created a public wiki with pages for each constituency and candidate in order to track the elections. They sourced the data from an Excel spreadsheet publicly available on the ECI website.
The ECI spreadsheet contained what you would expect: candidate’s name, gender, address, party, etc. But, starting on May 6, the spreadsheet changed and something unexpected was added. From May 6 onwards, the candidates’ names were “coded”, based on their position on the EVM, and the number of “votes polled” were added, even though voting had yet to take place in many constituencies and even where voting had taken place but votes were yet to be counted. Even more confounding, the “votes polled” numbers were found to be adjusted in subsequent downloads of the spreadsheet on different days before the results were announced.
The EVM provides no receipt to the voter. The voter has been conditioned to believe that when they press a button a vote is cast, and that vote stays with the person for whom it is cast. Also, unlike in the case of money deposits, it is not possible to verify if every vote in favour of a candidate comes from a genuine voter. The voter makes a leap of faith by accepting the outcome of an unaudited process. This absence of transparency has been exploited by hackers to manipulate votes captured by EVMS. The encrypted “votes polled” spreadsheet discovered suggested that hackers had found a means to transfer predefined results to counting units.
Politicians across parties were shocked, as this implied any strategy of adjusting the winnability of candidates by tampering with individual EVMS would be of no consequence if someone could control the results.
The then Tamil Nadu Chief Minister Jayalalithaa alleged in 2009 that by canvassing the counting officials, voting machines were manipulated by former Finance Minister P. Chidambaram to reverse the votes cast for her candidate. The allegations about EVM tampering have spread across parties as what used to be a covert strategy has become increasingly overt and direct. Like black money, tampering with electronics used for capturing votes is spoken of as the cost of doing business.
This December, three persons, reportedly employees of Reliance Jio, were nabbed by Congress workers from a strongroom with EVMS in Chhattisgarh’s Bastar. The Congress has also alleged EVM tampering in Madhya Pradesh, Telangana, Chhattisgarh and other States.
Responding to Subramanian Swamy’s petition in October 2013, Justice P. Sathasivam ordered for Voter Verified Paper Trail (Vvpat)-enabled new EVMS. The idea of VVPAT is to allow a paper ballot of the vote cast to serve as a means of verifying the votes captured by the EVM whenever doubts are raised about an EVM.
The Ministry of Law and Justice, after consulting the
ECI, exercised its powers under Section 169 of the Representation of the People Act and amended the Conduct of Elections Rules to include VVPAT. The then United Progressive Alliance (UPA) government allegedly delayed the process of switching to VVPAT and slowed funding to the ECI to buy new paper-slip-producing EVMS. Prof. Alex Halderman from the University of Michigan and his colleagues, including Hari Prasad from Net India (Pvt.) Ltd in Hyderabad, with guidance and advice from G.V.L. Narasimha Rao, have demonstrated electronic attacks that can steal votes for the lifetime of the machines. In a bid to replace Upa-era EVMS, a Cabinet meeting chaired by Prime Minister Narendra Modi on July 20, 2016, took the major decision to dump the EVMS purchased from 2000 to 2005. The new EVMS are expected to be VVPAT machines.
While VVPAT machines are not without their own security concerns, they could potentially usher in transparency and clear the air if they ensure that paper ballots are counted. However, the decision to count paper ballots in response to an application made under Rule 56(D)(2) is at the discretion of the returning officer. This means that how many paper ballots are counted, if at all, is not automatic. Manubhai Chavada of the Gujarat Jan Chetana Party had challenged Rule 56(D)(2) as “ex-facie illegal, arbitrary and an infraction of the fundamental rights of the citizens”.
Clearly, information generated, transmitted, received or stored in any computer resource plays an important, if not critical, role in the outcome of elections.
PURPOSE OF THE ORDER
The acts of governments are rarely without a purpose. The purposes of governments, however, are rarely those that they make explicit. The purpose of the act is not what it says, but what it does. The monitoring order does not state whether its purpose, as required by law, is to address any threat to the sovereignty or integrity of India; to ensure the defence of India, the security of the state and friendly relations with foreign states; or to create public order or prevent incitement to the commission of any cognisable offence. Does this order do anything to serve these purposes?
What does the notification enabling 10 institutions to intercept, monitor and decrypt do? These institutions are governed by independent Acts and have diverse sets of powers. If these institutions were to begin monitoring, interception and decryption of information generated, transmitted, received or stored on all computers, they will be crippled.
Most of the institutions listed neither have the mandate, nor the machinery, to undertake the task of monitoring, interception or decryption. They are part of independent Ministries and report to different Ministers. The one common thing these agencies will do, as does most government action, is respond to instructions to monitor, intercept and decrypt specific targets.
Clearly, pretend laws and diktats are an enabler of partisan actions. The monitoring order is no exception.
With just about three months left for the Lok Sabha election, does anyone have to spell out partisan actions that benefit from monitoring, intercepting and decrypting electronic communications?
The answer lies in looking at the target of the demonetisation exercise. Like black money financing the upcoming elections was the covert target of demonetisation, what will be the target of the monitoring order? Computers, mobiles, computer networks and, of course, EVMS are the computer resources that are now being prepared and deployed for elections.
Like black money that funds candidates and controls elections, the information generated, transmitted, received or stored in these computer resources deployed by candidates alters their winnability and consequently the outcomes of elections. The computer resources used in elections will be the obvious targets for monitoring, interception and decryption.
If the national interest and protecting the sovereignty of the people of India were the purpose, would not an independent body like the ECI, and not governmentcontrolled bodies, be empowered to monitor, target and decrypt? Does the 2009 election history not require that the ECI be empowered to monitor, target and decrypt? Or that unless they are conducted without EVMS, the 2019 Lok Sabha election may just favour the computer resources of partisan interests? Is it not evident that this order is to the 2019 election what demonetisation was to the 2017 elections?
The answer to the real purpose of this madness lies in who will be the beneficiaries of this order. Dr Anupam Saraph is a Future Designer, Professor of Systems and Decision Sciences and a renowned expert in governance of complex systems. He can be reached on Twitter at @anupamsaraph.
EVM AND VVPAT machines being checked before being sent to polling centres during the Madhya Pradesh Assembly elections, in Bhopal on November 27.
Source: Data files accessed on respective dates from http://eci.nic.in/candidateinfo/frmcandidate.aspx; Data files archived at: http://www.scribd.com/collections/2319591/candidate-info
CUSTOMERS waiting outside a bank in Chennai to exchange their old 500- and 1,000-rupee notes, on November 11, 2016, following the government’s demonetisation decision.