Andhra Govt Helps Itself To Citizens’ Data To Design Policy Despite Loss Of Privacy, Data Leaks

28 Oct 2022 11 min read  Share

An e-governance dashboard to track and improve the efficiency of service delivery of government schemes also collects sensitive data from citizens, including income details, asset ownership and Aadhaar-linked information. While data-gathering continues despite data leaks, experts said the exercise profiled citizens and invaded their privacy.

Representative image of fingerprinting/Istockphoto

Srikakulam & Kurnool (Andhra Pradesh) : An Android phone, a fingerprint reader, a water bottle and a notebook in his bag, Nelapatla Krishnam Rao set out on his daily rounds of Srikakulam town, going door to door. 

At every home, he noted in his book and on his phone answers that locals gave to his questions—age, gender, religion, caste, annual income, education, asset ownership. Then, he took a photo with the phone and collected fingerprints of every adult in the household. 

Alongside the biometric data and the information he collected, he fed in the GPS coordinates of the apartment or house before uploading the material to the E-Pragati portal of the Andhra Pradesh state government. 

When he started visiting households in 2019, suspicious citizens would interrupt his data-gathering with their questions, he said. “Now they are used to it,” Rao, 22, told  Article 14. “They do not mind sharing their details.”

Rao is one of 400  ‘grama volunteers’ or village volunteers employed by the Andhra Pradesh state government in the coastal district of Srikakulam, 500 km north-east of the state's capital city Amaravathi. Grama volunteers are now present in each  village in each of the state’s 26 districts. 

“Jagan Anna kosam seva chestam,” said Rao. “We will help brother Jagan achieve his goal.” 

Since 2014, the government of Andhra Pradesh, led first by the Telugu Desam Party’s N Chandrababu Naidu and since 2019 by Jagan Mohan Reddy of the   Yuvajana Sramika Rythu Congress Party (YSRCP), has collected exhaustive  information about citizens. 

This was initially done through a population enumeration exercise when the state was bifurcated to carve out the new state of Telangana. Both states have since emerged as among India’s most surveilled states (here, here and here). 

Both states then launched surveys to capture citizens’ data for better-informed policy design and assessment of government schemes’ efficacy. In Telangana, this was the Samagra Kutumba Survey (intensive household survey) while Andhra Pradesh government launched the Praja Sadhikara Survey, or Smart Pulse Survey (SPS), in 2016, seeking to collect socio-economic data of every household directly in digital form, duly validated online by volunteer-surveyors. 

The SPS, aiming to achieve what the state government believes will be India’s first ‘Real Time Governance Society’ (RTGS), envisions a digitised administration in which, eventually, every beneficiary of every government subsidy or scheme, and every voter identification number, is linked with an Aadhaar number. 

The RTGS dashboard is designed to be a mechanism for data analytics that will improve service delivery of government schemes and help course correct welfare programmes. 

However, experts feared that the data collection leads to a 360-degree profiling of citizens.

“Any data collection procedure that is taking place in this country has the potential to be harmful because there is no data protection law in place,” Anushka Jain, a policy counsel with the Internet Freedom Foundation, told Article 14.

Since its inception, the IFF has been advocating a data protection law in India.

Jain said collecting data from citizens could contribute to building a 360-degree profile of every person, “which has a chilling effect on the freedom of speech and expression in this country as there is no transparency between the people and their government”.

The July 2018 report of a committee of experts under the chairmanship of Justice B N Srikrishna titled ‘A Free And Fair Digital Economy: Protecting Privacy, Empowering Indians’ pointed to the need to create a data protection framework that protects citizens’ privacy “from state and non-state actors”.   

Experts said that the integrated information of beneficiaries of multiple schemes and subsidy programmes, including sensitive data such as asset ownership, income details and other Aadhaar-linked information, may be missing the informed consent of citizens who tend to part with their data when sought by a government employee. 

In Andhra Pradesh, 400-500 grama volunteers in every district, each paid a monthly salary of Rs 5,000 per month, collect this information in a continuing drive. 

Ajay Jain, principal secretary of the Andhra Pradesh government’s department of gram volunteers/ ward volunteers and village secretaries/ward secretariats, told Article 14 that the  government’s objective in collecting the data was to make sure every citizen in the state gets access to resources, and that the grama volunteers’ work aimed to  make sure every available subsidy reaches every home through a door-to-door effort. 

“Misuse does happen on an individual level, it can happen in any system,” Jain said, “but when we identify such people, we immediately take action against them and remove them straight away.” 

Leaks Of Aadhaar Numbers, Profiling Of Citizens

Since the data collection started, a series of data leaks has placed sensitive information belonging to citizens at risk of misuse.

On 22 December 2021, cyber-security researcher Sai Sravan Prabhala contacted the Delhi-based Internet Freedom Foundation regarding a vulnerability in the Andhra Pradesh Directorate of Government Examination website. 

The IFF and Prabhala together discovered that the website allowed any person to access and edit sensitive personal data of minors, including caste, location, religious affiliation and disability status. Their phone number and identification marks as per school records could also be edited on the website. 

The IFF drafted a representation urging the state government to act against such vulnerabilities and to implement policies for public reporting of data breaches. 

In April 2018, the Aadhaar card details of about 134,000 Andhra Pradesh citizens  were found to be available on the state’s housing corporation website, including  religion, caste and bank details. This was among the first incidents of a data leak from the state government. 

In August 2018, around 20 million Aadhaar card holders’ data was leaked. Of these, more than 1 million Aadhaar numbers along with bank details were visible on the National Rural Employment Guarantee Act (NREGA ) website.

Independent researcher and whistleblower Srinivas Kodali told Article 14,  “What you are witnessing in Andhra Pradesh is the end of how a digitised government will look like in an offline world. This is how it would be if Aadhar is linked to everything.”

He said Andhra Pradesh and Telangana were always experimental grounds for new forms of governance. 

According to Kodali, the AP government’s data is stored in data hubs which, according to the government’s submissions to the Supreme Court in 2015, no longer exist. “Except for the name, nothing has changed,” Kodali said. “The very mechanism continues.” 

In 2018, Naidu inaugurated the Andhra Pradesh Cyber Security Operation Centre (APCSOC), but data leaks continued

Meanwhile, the state government used Aadhaar data to build profiles of a housing scheme’s beneficiaries. On 12 July 2019, the Andhra Pradesh government launched the YSR housing scheme to provide housing to low-income group families. The government’s anticipated expenditure for construction of these houses was  Rs 50,490 crore. 

Prospective beneficiaries would have to fill online forms or provide to the grama volunteers information and documents including copies of their ration cards, Aadhaar cards, bank accounts, bank passbooks, caste certificates, evidence of domicile and mobile numbers.    

At the time, Kodali told journalists that this information could be misused by political parties for voter profiling.

In another instance, in 2019, the Telangana police filed an FIR against an information technology company for allegedly illegally collecting and possessing Aadhaar data of nearly 8 crore citizens in Andhra Pradesh and Telangana, reportedly for profiling of voters.

A subsequent analysis by Telangana State Forensic Science Laboratory (TSFSL) showed that the company was in possession of a whopping 7,82,21,397 Aadhaar numbers in a particular structured format.

The YSRCP alleged that this company was using the information for development of the then ruling Telugu Desam Party’s mobile application, Seva Mitra.

‘Grama Volunteers Are YSRCP Scamsters’

In 2019, due to excess rainfall and floods in the Kurnool district of Andhra Pradesh, as thousands of acres of crop land turned unproductive, chief minister Reddy ordered relief measures. About 1,000 farmers in Kurnool were listed as having lost their crop, based on information collected from grama volunteers. 

A list with their details was sent to officials at Rythu Bharosa Kendram, a government centre that supplies seedlings, fertilisers and seeds under the YSR Rythu Bharosa Scheme.

The YSRCP  government sanctioned ex gratia of Rs 1.19 crore. There were 130 affected farmers from Bheemunipadu village who received Rs 13,70,400 in total.

Keshava Kumar of Bheemunipadu was among them. “My name was on the list but I have not received any compensation from the government till date,” Kumar told Article 14.

“This is not the first time.” He said grama volunteers were known to have put fake names on such lists in order to purloin funds. “They are YSRCP scamsters.”

Kumar also accused a local grama volunteer of putting names of ineligible farmers on the list. He and fellow farmers had also staged a protest against officials at the Rythu Bharosa Kendram in June 2020.

Neither was action taken against the grama volunteer nor were affected farmers seeking compensation added to the list, he said. The volunteer, a resident of the same village, refused to speak to Article 14 about the allegation.

In June 2022, Ambati Rambabu, a YSRCP legislator from Sattenapalli constituency and also Andhra Pradesh’s irrigation minister, stirred up a controversy by appearing to concede that the volunteers had been appointed based on recommendations of the party leaders. 

“Those volunteers working against the interests of the party will be removed from service and new volunteers will be appointed” Rambabu said.

YSRCP Member of Parliament Vijay Sai Reddy also made a controversial statement on the appointment of grama volunteers. He said jobs as volunteers had been given only to YSRCP party activists who had worked hard during the election.  

Principal secretary Ajay Jain said out of 2.65 lakh grama volunteers, cases of complaints of misuse of grama volunteers’ powers numbered in the hundreds.  “Irrespective of whether they are motivated complaints, once proven guilty, we take immediate action,” he said.

Jain also clarified that the grama volunteers were appointed by a separate mandal revenue office (MRO)  as per set guidelines and that the volunteers are not associated with any political party. 

“There are set guidelines for every scheme,” said Jain, “So it would be wrong to say that the grama volunteers have discretionary powers to decide who qualifies as beneficiaries.” 

The ward secretariats provide oversight to this work, he said.

How A Grama Volunteer Works 

Anyone with a class 10 certificate is eligible to apply for a job as a grama volunteer. Interested candidates fill out an online form and attend an interview before they are recruited. 

Rao, a fourth year engineering student, was born and brought up in the town of Srikakulam. He enrolled as a grama volunteer in 2019 after seeing an advertisement for the job on a Telugu news channel. 

“I applied with an intention to help people in my town cooperate with Jagan brother’s vision,” Rao told Article 14. 

Four days a week, volunteers are expected to go door to door and collect information. Every month, the government launches the information collection drive for a new scheme, and information for each scheme is collected separately. 

In September 2022 he collected information for a new subsidy scheme that involved paying unemployed women above the age of 55 a certain sum to help them start small-scale businesses. Rao visited at least 10 houses a day, asking women their age, income, employment, caste, family income and other details.  

The volunteers feed citizens’ data into 50-odd separate applications, one for each scheme or subsidy of the government. This information is viewed at the collectorates, where eligible beneficiaries for each scheme or subsidy are finalised.  

At the end of the day, he deposited the information at the district sachivalayam  (secretariat) from where the data would be compiled and sent to the district collector’s office.

Every two weeks, after the state government reviews details provided by the grama volunteers, a list of eligible candidates is sent back to the sachivalayam,  where work begins to distribute the money to eligible candidates as analysed from the data collected. 

Rao said he was not affiliated with the YSRCP. “I am a faithful volunteer doing my job,” he said. “I gain no extra perks from the ruling party, nor am I a member.”

‘Started By Naidu, Worse Under Jagan’

Kodali told Article 14 that data collection practices lacking any data protection framework, having begun during the chief ministership of Chandrababu Naidu, continued under the new regime. “... rather it has become worse,” Kodali said. 

“Grama volunteers hold immense power to decide who gets what,” he added. “That indicates how flawed the system is.” 

Kodali pointed out that Andhra Pradesh was the only state that conducts a door-to-door survey for the information, whereas all information in Telangana is  collected at the government’s MeeSeva Kendras.

Grama volunteers who go door to door are sometimes panchayat-level teachers from the same village, he said, adding that the possibility of political party leaders controlling the volunteers could not be ruled out.

Several cases of allegations against the volunteer have been reported

In September 2021, a woman in the Pattegada panchayat of Chittoor district noticed that money was being transferred out of her bank account. The bank officials eventually found out that a grama volunteer had reportedly robbed from her and from others in the same village, after gaining information about their accounts through his door-to-door data gathering exercise.  

In June 2022, a farmer from Subhani Nagar in East Godavari district alleged that a grama volunteer stole Rs 68,000 from him under the Rythu Bharosa Scheme which the government had found him eligible for. 

A message on his mobile number from the government said the money had been transferred to him. He never got it.

(Vidheesha Kuntamalla is a freelance journalist based in Hyderabad. She covers gender, politics and social justice.)