Technology seems to be tripping up the electoral process in the world’s largest democracy with disturbing frequency.

Of late, two key issues have threatened the right to franchise of many of India’s 800 million voters. One is a software that seems to be marking genuine voters’ names for deletion from the electoral rolls. The other is electronic voting machines (EVMs), which some believe are vulnerable to tampering.

While complaints relating to these issues have done the rounds for years, the latest bout, involving a large number of such grievances, was sparked during the recent elections to five Indian state legislative assemblies.

The most egregious complaints occurred in the south-central state of Telangana. On polling day (Dec.07) in the state, many voters were shocked to find their names missing from the electoral rolls. This followed the election commission of India’s (ECI) admission weeks before that up to 2.2 million names had been deleted by its software for being supposed duplicates.

Some people, including international badminton ace Jwala Gutta, tweeted #whereismyvote in frustration.

EVMs, meanwhile, drew fire across Madhya Pradesh, Rajasthan, Chhattisgarh, and Mizoram, besides Telangana. While there’s no proof that any of these machines were tampered with, many breaches in their physical security were reported. This included deviation from the prescribed method and mode of their transport or in the strongrooms where they were stored.

Regardless of the assertions that EVM rigging isn’t possible, some argue that the doubts over them can erode public faith in the electoral process. It is viewed as particularly important that voting stays simple and transparent in a country that is home to the largest illiterate population in the world.

“Electronics are never transparent. The poor man has always got this doubt in his mind,” said Arun Mehta, a technologist who in the late 1980s became one of the first in India to research and speak publicly about the vulnerabilities of EVMs. “The process needs to be sufficiently transparent so that the poor man who’s wasting his daily wage to go and vote should have confidence in the process.”

These issues will assume even greater importance as India heads for its next parliamentary election in 2019.

A dangerous game

The large-scale disenfranchisement in Telangana was not a complete surprise.

Several media reports in November drew on internal ECI documents to reveal that a software linked to Aadhaar, India’s controversial biometrics-backed identity number, was used in 2015 to “purify” India’s electoral rolls. This, the reports said, may have disenfranchised millions of Indians. In fact, in September, the chief electoral officer of Telangana himself said at a press conference that around 2.2 million names had been deleted, in part, due to Aadhaar-linking and a “new software.”

Many experts and politicians are now seriously concerned about the prospect of an opaque algorithm being given so much sway over the electoral process.

“It’s deeply concerning to see people’s ability to exercise their franchise being restricted in this manner,” Raman Chima, policy director at digital-rights organisation Access Now, told Quartz. “There’s an over-reliance on technology and algorithms to do this, to the detriment of democratic accountability and respecting the law on this issue.”

Anticipating such problems in Telangana, cybersecurity researcher Srinivas Kodali filed a petition in the Hyderabad high court on Nov. 03. He sought measures by the ECI to ensure transparency, including making public the logs for each instance of voter deletion, as well as the algorithm and source code used in the de-duplication software. Disclosing such information would help the public look into cases of unreasonable deletions and zero in on why the software may have caused them in the first place.

The petitioner claimed that election authorities rarely followed the due process to verify whether a voter was indeed a duplicate before deleting the name. This is especially problematic because the software seems to often incorrectly flag “false positives,” listing many real voters as duplicates, the petition argued.

It also cites government documents, including a 2015 letter from the Bihar chief electoral officer to the ECI’s deputy election commissioner. The Bihar officer said that the software, when applied to the state electoral database, flagged over 3.7 million entries as potential duplicates, but on verifying voter identities, officials found fewer than 250,000 duplicates.

Srinivas Kodali

The Bihar example is ominous for 2019. “We don’t know which state election commission is using what software,” Kodali said. “Each of them could develop their own procedures.”

Kodali’s petition was heard only on Dec. 11, the day the results of the five states’ polls were announced, despite his hopes of an early hearing. The court has now sought the ECI’s counter-arguments and the matter will be heard again on Dec. 27.

Following the Telangana outcry, the state chief election officer apologised during a press conference. The state election commission, he said, would “aggressively revise” the rolls before next year’s polls. A few days later, however, he denied that the number of voter deletions had been “large.”

The ECI did not respond to a questionnaire from Quartz.

Concerns over such deletions are especially pressing given that the ECI seems to be trying to reinstate the connection between Aadhaar and voter IDs. Even after the supreme court significantly curbed the applications of Aadhaar in September, the ECI has supported a petition heard in the Madras high court that called for Aadhaar to be linked with voter IDs. A recent Economic Times report suggested that the ECI may soon try to pitch for Aadhaar-voter ID linking to be made mandatory.

Rage against the machine

First introduced in the 1980s, EVMs and their tamper-proof nature have long been viewed with suspicion from several quarters. Cybersecurity experts generally acknowledge that no machine can be hack-proof. In 2010, a global group of scholars conducted a thorough review of an EVM, detailing its vulnerabilities.

“At the end of the day, it’s a black box. You don’t know how it works,” Kodali said. “Can it be rigged? Yes, definitely yes. But can it happen at a large scale across the state? Probably very difficult.”

The reason why pulling off tampering would be difficult, most believe, is because access to EVMs is tightly controlled.

However, on several occasions during these recent elections, that all-important control seems to have slipped. Among other publicised incidents, an EVM was found at the home of a Rajasthan legislator and a power outage caused CCTV cameras in an EVM strongroom to black out for an hour in Madhya Pradesh. A military official was found using a laptop inside an EVM strongroom in Chhattisgarh against ECI policy and two EVMs were even found abandoned on the roadside in Rajasthan.

The ECI has acknowledged these breaches but still maintained that the EVMs were safe. It also reportedly said that the EVM found at the Rajasthan lawmaker’s house was not used and that the poll official who brought it to that house was suspended.

Political hot buttons

Many political parties opposing the Bharatiya Janata Party, to which prime minister Narendra Modi belongs, have cried foul over both voter deletion and EVMs.

A Telangana leader from the Indian National Congress, the most prominent opposition party at the national level, has claimed that he found tens of thousands of unserved notices (which the ECI was supposed to submit to voters before deletion of their names) at a ward office in the state.

The Aam Aadmi Party (AAP) has been vocal on the issue for years, claiming that around 3 million voters from Delhi have seen their names deleted. “There’s a very elaborate process defined if the election commission, in a very rare case, has to do suo moto deletions,” said Ankit Lal, the party’s social media strategist. “But in the past few years, that manual has not been followed, either in word or in practice.”

The ECI has, however, denied that the deletions were unfair or discriminatory.

Political parties have been speaking out against EVMs as well. Congress president Rahul Gandhi, in his speech at the end of results day on Dec. 11, criticised them and spoke about the concerns over security and public confidence. This despite the Congress performing well in the elections.

A politician of the All India Majlis-e-Ittehadul Muslimeen (AIMIM) party in Telangana tweeted that the counting of votes on results day was delayed because of “EVM malfunctions.”

The AAP has criticised EVMs, too. Lal said that even the newer machines with the voter-verifiable paper audit trail (VVPAT), which include printer-like devices that issue paper slips so that people see their votes are being recorded properly, pose problems. The number of such devices checked by the ECI by counting the ballot slips they print is too low, he said.

Currently, the ECI is double-checking VVPAT slips in just one polling station per constituency, although it is reportedly considering increasing that number. If election officials actually double-check so few VVPAT machines, “how would somebody know there’s not a discrepancy?” Lal asked.

The AAP wants the ECI to verify at least 25% of the VVPATs, while some parties are asking for the poll body to verify around 10% of the slips.

Another difficulty with EVMs is that they can potentially be made a scapegoat when a party loses.

“Casting doubt on technology should not become your excuse for having lost an election—and it very often is,” Mehta, the EVM technologist, said. “It is not healthy for our democracy that doubts continue to be cast on the election process.”

Read Quartz’s coverage of the 2019 Indian general election here.