The panel's interim report said that large volumes of data were sent from 18 SDC servers over five months, but it didn't mention voter lists.
Published Sep 20, 2022 | 9:17 PM ⚊ Updated Sep 20, 2022 | 9:18 PM
Though the committee was appointed after the uproar over the alleged purchase of the Israeli spyware, it mentioned only data theft in its preliminary report. (Creative Commons)
A House committee constituted by the Andhra Pradesh Assembly Speaker in March has concluded that there was indeed unauthorised and improper transmission of large amounts of sensitive government data — the panel’s chief said it was voter data — from the State Data Centre (SDC) to unknown external servers during the TDP regime in the runup to the 2019 polls.
However, Google was not able to identify the users of the IP addresses of these servers, which it owns. The data was transmitted from 30 November, 2018, to 31 March, 2019, said the committee.
The panel — on “Unlawful interception of communications, data theft and illegal transmission, causing an infringement of citizens rights during the period 2016-2019” — was constituted by Assembly Speaker Seetharam Thammineni on 25 March after an uproar in the House regarding the alleged purchase of controversial Israeli spyware Pegasus software by the previous TDP government.
It held its preliminary meeting on 14 June, and has had four sittings in all.
The committee held discussions with state government secretaries of both the Home and IT E&D departments at least twice each.
It tabled its interim report in the state Assembly on Tuesday, 20 September.
Though the committee was appointed after the uproar over the alleged purchase of the Israeli spyware, it mentioned only data theft in its preliminary report.
“There is a need for a detailed and in-depth probe into the data theft. The House committee concluded there was data theft during the TDP government period. Using the government data, the TDP tried to delete at least 30 lakh names from the voters’ list, who it thought would vote for the YSRCP,” Bhumana Karunakar Reddy, who heads the committee, told the Assembly while tabling the interim report.
However, the report itself made no mention of voter lists being sent to external servers.
“The committee was informed that the AP Computer Security Operations Centre (APCSOC) monitors the servers and network devices in the SDC, and logs were provided for a detailed analysis,” said the report.
“The police (Intelligence Department) reviewed the logs as part of their investigation and submitted a preliminary report of their findings along with a list of annexures,” it added.
“Based on an analysis of the network logs and other available information, the Intelligence Department provided a report on where the data was transmitted to,” read the report.
The committee also found that there was no permissible purpose or reason to transmit such data from the SDC servers to external IP addresses belonging to Google.
Google was apparently unable to identify the users of the IP addresses where the data was sent.
In response to the House committee’s request, Google replied: “Regarding your attached legal request, we understand you are requesting subscriber information associated with the provided IP address.”
It explained: “IP addresses from this IP block belong to Google and are not assigned to a specific user. If you obtain this IP address from email header information, the provided IP address is not the sender’s originating IP address.”
Google concluded: “For these reasons, after a diligent search and reasonable enquiry, there are no documents responsive to your request.”
The House Committee was constituted after an uproar in the House regarding the alleged purchase of controversial Israeli spyware Pegasus.
The issue flared up after West Bengal Chief Minister Mamata Banerjee said in March that the then TDP government had purchased the NSO Group-developed spyware, which can be covertly installed on mobile phones running most versions of iOS and Android.
After Banerjee’s claims in a meeting in West Bengal, the political heat rose in the state, with YSRCP leaders levelling allegations that the then TDP government had used the software to tap the phones of its leaders ahead of the 2019 polls.
The TDP leaders denied the purchase of any such software, and added that the Pegasus issue was raised to divert the public’s attention from the Jangareddygudem hooch tragedy, which led to the deaths of dozens of people.
Telangana’s Cyberabad Police registered a case against IT Grids India Pvt Ltd CEO Ashok Dakavaram before the 2019 polls, alleging that his company had stolen the data of AP voters and beneficiaries of government schemes.
The case was registered after YSRCP leaders complained about data theft, allegedly done to damage the prospects of the party in the run-up to the polls.
YSRCP leaders alleged that the TDP had kept a tab on voters with the Seva Mitra app and deleted pro-YSRCP voters from the voters’ list.
Finance Minister Buggana Rajendranath, during one of the sessions in the house, also flashed photos of TDP general secretary Nara Lokesh with Dakavaram before the 2019 polls.
Rajendranath said that voters’ Aadhaar data was collected and the then government tried to identify the voters who were going to vote against the TDP.
