The process of electing a new government is always fraught with impediment. Violence, booth capturing and identity erasure have been par for the course in elections past in India. This time around though – the month-long process began on April 11 – the threat inheres in digital technology.
With political parties using social media to drive communication strategies and data analytics for targeted political campaigns, the possibility of rogue actors and adversarial states exploiting digital technology to harm the integrity of the election process, cannot be ruled out.
American allegations of Russian interference in the 2016 U.S. presidential elections and the role of firms like Cambridge Analytica, demonstrate how elections can be manipulated by malicious actors through: a) targeting of election infrastructure; and b) propaganda operations aimed at influencing voter behaviour. Such instances have made cyber security a critical part of Indian electioneering. Bringing it about requires a well-crafted, long-term policy response from the state and private sector.
The election infrastructure
The Election Commission (EC), tasked with maintaining the sanctity of India’s electoral process, has taken several steps to ensure the inviolability of the technical infrastructure, which includes the Electronic Voting Machines (EVMs), voter database, voting software and IT systems.
- Reliability of EVMs: Despite their successful use, some political parties in India have raised baseless doubts about their reliability. These machines are produced by Bharat Electronics Limited and the Electronics Corporation of India Limited, public sector units both, which produce sensitive equipment for India’s defence and space sector, such as electronic warfare and radar systems.  Besides, they are stand-alone machines, which cannot be connected to any network. A committee, consisting of technical experts and defence scientists, has certified the software, which makes the EVMs hard to hack. Individual machines can theoretically be tampered with, though there has been no evidence of this. Now with the mandatory use of the Voter Verifiable Paper Audit Trail machines, this doubt too will be eliminated.
- Specialised initiatives on cyber security: In 2017, the EC created the new post of Chief Information Security Officer whose job is to supervise various measures, such as conducting regular cyber security drills and ensuring various EC offices’ compliance with cyber security measures. The EC has also held eight workshops (as of November 2018) in six cities across the country to train its staff in cyber hygiene, such as not responding to phishing emails, which can compromise the EC’s computer network.
- Making election infrastructure ‘critical infrastructure’: The next step for the EC is to redesignate its election infrastructure as ‘critical infrastructure’ under the Information Technology Act 2000. This will enable it to institutionalise regular coordination with the national security establishment and benefit from the cyber security advisories, issued by the National Critical Information Infrastructure Protection Centre, a unit of the National Technical Research Organisation.
This is beginning to be a problem in India as well. During the 2017 Doklam crisis, and most recently, in the aftermath of the Pulwama attack, a sustained anti-India propaganda campaign by the Chinese state media and Pakistan Army’s Inter-Services Public Relations misrepresented India’s military actions and questioned Indian military capabilities. This foreign adversarial propaganda was so well integrated into cyber space that it was virtually impossible to tell it apart from ongoing politically motivated disinformation campaigns, launched by India’s rival political parties.
A related problem has been the spread of ‘fake news’, particularly through the WhatsApp messaging platform. In the run-up to the elections, social media platforms have been full of false news posts, targeting Prime Minister Narendra Modi and other major political leaders. Tackling this issue has been challenging for India.
Twitter, Facebook and WhatsApp, where such malicious content is typically posted, have taken several deterrent measures. They introduced transparency standards for political advertising and clearly labelled content as ‘sponsored’ to distinguish it from that posted by regular users. They partnered with fact-checking websites, deploying Artificial Intelligence (AI), and appointed a grievance officer. A campaign they launched helps internet users verify content on social media platforms. They also work with the EC to implement a ‘Voluntary Code of Ethics’ to report details of political advertisements and prohibit any political canvassing-related content 48 hours before voting.
These are important steps, but still small compared to the scale at which malicious content is spreading through social media. Ten days before the elections on April 1, Facebook removed 687 pages from its platform for spreading misinformation – Facebook terms it ‘coordinated inauthentic behaviour’ – including some linked to the Indian National Congress (INC). Yet, such pages continue to proliferate in ever new avatars.
The spread of misinformation has been a perennial problem even before preparations for the upcoming elections. It surfaced in 2018, with incidents of violence associated with rumours about child lifting in which 29 people across 12 states lost their lives.
The government therefore needs to initiate additional measures for the long term. They can:
- convene an all-party initiative to design a code of conduct for using social media platforms, including for political campaigns and advertising. Animosity between political parties and lack of trust in the government may impede this;
- design a content code, specifically to tackle fake news, on the lines of India’s Programme and Advertising Codes for television, and provide an ombudsman for internet users to report objectionable content, like the Broadcasting Content Complaints Council, which examines content-related complaints against cable television. This will also avoid the bias which has crept into many social media companies’ content code: earlier this year, supporters of the Bharatiya Janata Party (BJP) had accused micro-blogging site, Twitter, of removing pro-BJP content from its platform.
Political parties and cyber security
While political parties have enthusiastically used social media to reach out to voters, some leaders are well-versed with the nuances of cyber security used in their political campaigns and the basics of cyber hygiene. In fact, cyber security figures as an issue in the election manifestos of only three parties – the BJP, INC and the Communist Party of India (Marxist). Of these, only the INC and CPI (M) have promised to take steps to counter the spread of fake news and punish those who misuse digital and social media.
Many of these issues will continue to matter well beyond the current elections. If democracy must stay alive and well, the sanctity of the election process must be preserved. Ever newer threats will emerge as technology acquires newer sophistications – and the environment will need constant vigilance. For now, the noise and dust generated ought not to go in vain for technical reasons.
Sameer Patil is Director, Center for International Security, & Fellow, National Security Studies, Gateway House
This article was exclusively created for Gateway House: Indian Council on Global Relations. You can read more exclusive content here.
For interview requests with the author, or for permission to republish, please contact firstname.lastname@example.org.
© Copyright 2019 Gateway House: Indian Council on Global Relations. All rights reserved. Any unauthorized copying or reproduction is strictly prohibited.
 Intelligence senate, ‘Russian Targeting of Election Infrastructure During the 2016 Election: Summary of Initial Findings and Recommendations’, 8 May 2018, <https://www.intelligence.senate.gov/publications/russia-inquiry>
 Bharat Electronics limited, ‘about us’, <http://www.bel-india.in/ContentPage.aspx?MId=5&CId=1226&LId=1&link=1226>
 Election Commission of India, ‘Manual on Risk Management’, 20 Spetember 2018, < https://eci.gov.in/files/file/6929-manual-on-risk-management/>
 Election Commission of India, ‘Cyber Security Newsletter’, May 2018, <https://eci.gov.in/files/file/5685-cyber-security-newsletter-may2018/>
 Election Commission of India, ‘ECI Cyber Bulletin’, November 2018 <https://eci.gov.in/files/file/9089-eci-cyber-bulletin/>
 facebook for media, ‘Working to Stop Misinformation and False News’, 7 April 2017, <https://www.facebook.com/facebookmedia/blog/working-to-stop-misinformation-and-false-news>
 Election Commission of India, ‘Social Media Platforms present ” Voluntary Code of Ethics for the 2019 General Election” to Election Commission of India’, 20 March 2019, <https://eci.gov.in/files/file/9467-social-media-platforms-present-voluntary-code-of-ethics-for-the-2019-general-election-to-election-commission-of-india/>
 newsroom, ‘Removing Coordinated Inauthentic Behavior and Spam From India and Pakistan’, 1 April 2019 <https://newsroom.fb.com/news/2019/04/cib-and-spam-from-india-pakistan/>
 Telecom Regulatory Authority of India, ‘THE CABLE TELEVISION NETWORKS RULES, 1994′, 29 September, 1994, <https://www.trai.gov.in/sites/default/files/CableTelevisionNetworksRules1994.pdf>
 Communist Party of India (Marxist), ‘Election Manifesto’,p.33, <https://cpim.org/sites/default/files/documents/2019-ls-elc-manifesto.pdf,>