Former IAS officer Kannan Gopinathan has raised significant concerns regarding the Election Commission of India’s (ECI) management of voter enrolment and deletion processes, highlighting serious security vulnerabilities.
In a comprehensive post on social media platform X, Gopinathan addressed the recent mass deletion attempt in Aland, prompting him to conduct a security assessment of the Commission’s Voter Helpline App (VHA) and voter portal. The findings were alarming, as the portal received a Mozilla Observatory score of just 15 out of 100, indicating major deficiencies, or what Gopinathan termed as a “big whooping F.”
He identified critical issues such as an invalid Content-Security-Policy header that rendered security ineffective, the absence of HTTP Strict Transport Security (HSTS), and session cookies that lacked SameSite protection. Gopinathan warned that the vulnerable architecture of using WebViews to display the portal exacerbated server-side vulnerabilities, making it susceptible to cyberattacks.
Gopinathan resigned from the civil services in August 2019 in protest against the abrogation of Article 370 and the division of Jammu and Kashmir into two Union Territories.
In one of his tweets, Gopinathan communicated directly to the ECI, stating, “Dear @ECISVEEP, after the Aland mass-deletion attempt came up, I ran a security review of your VHA app and voters portal… The Mozilla Observatory score was 15/100 (F). A big whooping F.” His post included concrete data on the security flaws found.
He labeled the situation as “a mockery of voter services” and emphasized the need for accountability. Gopinathan insisted that if the issues stemmed from negligence or incompetence, those responsible should be immediately dismissed. If the flaws were deliberate, he called for a thorough criminal investigation.
Gopinathan recommended that voter enrolment and deletion services be suspended until a complete independent security audit and remediation could be conducted. He urged for the preservation and export of forensic artifacts, including database logs and computing hashes, and recommended the commissioning of an independent penetration test with public reporting.
His statements come amid rising political tension regarding alleged fraudulent voter deletions in Karnataka’s Aland Assembly constituency. Congress leader Rahul Gandhi has accused the ECI of obstructing evidence from state police, claiming that 6,018 deletion attempts were made by individuals impersonating actual voters, using mobile numbers registered in other states.
In response, the ECI denied the accusations, asserting that no deletions had occurred and that a First Information Report (FIR) had been filed regarding the situation. “No deletion of any vote can be done online by any member of the public, as misconceived by Gandhi,” the Commission clarified on X.
Gopinathan countered this assertion, arguing that the ECI’s response was analogous to declaring that an attempted mass shooting warranted no search for the perpetrators because no fatalities occurred. He emphasized, “This isn’t about unsuccessful attempts. It’s about WHO did it, WHO funded them, WHERE else they operated, and HOW deep this electoral sabotage network goes.” He described the 6,000 fraudulent deletion attempts as indicative of an organized effort against democracy and urged that the matter not be trivialized with a simple FIR.
The post originally appeared on Maktoob Media, highlighting the critical need for enhanced security in electoral processes.
Tags: IAS officer, security flaws, Election Commission, voter services portal, accountability
Hashtags: #IAS #officer #flags #security #flaws #Election #Commissions #voter #services #portal #demands #accountability
