Dear Chief Election Commissioner, AIOS
As you are aware, Elections to office bearer posts in AIOS 2023 is due in the next few months. As you are aware, a all GBM has been announced on 27th February,  2023  to discuss & pass resolutions on Electoral reforms, safeguards and Model code of conduct. 
Elections since 2021 have been conducted in an opaque manner where the process is not member verifiable and auditable.
Electoral reforms are being demanded since 2021 when you were the chief election officer. However no reforms have been implemented to date inspite of an urgent need to do so. Hence, till such time election reforms are introduced, we the signatories which includes many candidates have decided to not vote and we will start a campaign to encourage other like-minded members too not to vote.
Our specific demands are as follows:
1. There is STQC accreditation for eVoting vendors. The current vendor is not even in level 1 - so he is neither verifiable nor is he auditable. Appoint a STQC accredited vendor with due safeguards in place for 2023 elections.
2. Publication of the voters list and calling for objections is part of every legally held election process. Establish timelines for updation, publication, open verification and freezing of the voters list.
3. The list of those voted should be published for access to member scrutiny in real time as RTVVL in random order & batches of 50. Another list in excel format showing the name masked OTP/autogenerated alfanumeric code/autogenerated ballot reference number based voters choice data should be published on a provisional basis so that voters can verify their choices and do the counting themselves. Final results should be announced after the discrepancies have been resolved. NOTA option should be enabled for every post. Screen recording should also be enabled.
4. Many genuine voters can’t exercise their franchise because of non-receipt of OTP on many a Yahoo mail. So there could be only mobile OTP. Or make such arrangement so that no qualified member is denied his right to franchise.
5. The voters list updation after the election is announced has to be done by the EC, and not by office-bearers who themselves are candidates.
6. One IP address should not be used by more than 5 voters. This is already in the guidelines but has to be strictly implemented to prevent mass-voting or binge-voting. Also using VPN that mask the real IP address should be deactivated.

7. You have issued an illegal notification by compulsorily linking the secy/treasurer posts to the same city/town. This is ultravires of the constitution as the constitution permits the candidates to contest independently. Hence any such election process that creates candidates list or voters list not in accordance with the rules and regulations as prescribed in our constitution will be subjected to a judicial scrutiny. This will lead to cancellation of elections, suspension of office bearers, appointment of committee of administrators who will then be empowered to conduct the elections through a court monitored process. Hence it is prudent to cancel the elections in this format, and start the process afresh by dissolving the EC and constituting a new EC.

 

Although the names of common members will be kept confidential, we will publish and promote the names of candidates in this election who supported us in bringing about the electoral reforms.
Regards
AIOS members
To know more about Reforms suggested, read on...
To,
The Chief Election officer,
Election Commision,
AIOS,
Dear Sir,
Sub: Election reforms for Elections to be conducted in 2023.
Wrf to the above, I would like to bring the following points to your perusal so that adequate safeguards can be instituted to make the elections to the office bearers member verifiable and auditable.
It has been brought to our notice that the vendor selected for conducting these elections does not pass even grade 1 STQC accreditation for devoting vendors.
In addition, I am submitting the following details on elections reforms.
1. What are the gaps in the present system?
Answer: The current system conducts the elections and announces the results based on what the vendor says.
This is leading to a allegation that a selection process from the top may be facilitated rather than a election process from grass roots that represents the will of the ppl.
2. Why this allegation is important ,
A. Because the voter is kept out of the process of ballot authentication and verification in the online system after votes are cast.
3.Were there similar safeguards in the offline system previously in vogue?
Answer: Yes, Everyone could see which voter entered into the polling booth, as it was a common entrance and not anonymous entrance. A list was made by the polling agent. This list could be accessed by any member.
4. What instilled more faith in the offline system was this safeguard. So, what should be done to bring back the same faith in the online system?
4.1Answer . The email & SMS OTPshould be a unique 7 digit alfa numeric code. Unique in that the code received by one person should not be sent to another. Even if the OTP is wasted, a fresh unique OTP only be sent. Any system can easily create these and send. It should not be difficult.
Since Email and phone numbers are being used to deliver SMS as a security feature, All members should provide unique phone numbers and email IDs. If a single email/phone number is being used by 30 members compromising the OTP security, OTP cannot be used as a verification mechanism as this is equal to facilitating bulk ghost voting.
As a policy decision, No two members should have the same phone number and email ID. If only online voting is the way forward, Email and SMS registered by each member should be unique.
If the vendor does not have the capability to send bulk mails to domain email IDs, or if any member does not receive the email link to vote or does not receive OTP, an alternative mechanism where the member can log in to AIOS website member zone and click on the link to vote should be enabled. But the OTP should be generated only by the vendors election system. At no cost, should it be generated by AIOS website for those ppl not receiving OTP. Such ppl should raise grievance with grievance cell and status update on manual or online resolution of these issues must be enabled.
4.2. Once the voter logs in to the electoral system after entering the OTP, and selects his choice/s, there should be a final summary page that indicates the chosen candidates by the voter and the submit button should say " Submit and send confirmation ".
On clicking this ,2 things should happen. One, the votes should be recorded by the system, two, the summary page should be downloadable from a different domain that does not track IP address and downloadable on entering the ballot ref no and date in a pdf format as his copy.
4.3. When the provisional election results are announced, the election office should publish two sets of raw data.
4.3.A. Day wise list of voters who have voted( in random order) with their names, postal address, and IP address in batches of 50 .. downloadable in a locked format where entries are locked for editing. 
4 3.B. Name masked excel sheet where the choice of each voter is listed without the voters name, but along with SMS and Email OTP /autogenerated alfanumeric code/autogenerated ballot reference number(instead of name) mentioned as captured by the system when the voter entered it for authentication before casting the vote. This will enable each member to verify the excel sheet and confirm that his choice of candidate has been captured correctly as per the pdf acknowledgement that the voter has received. He should be able to download this excel sheet in a locked format with entries locked for editing,  where tallying/counting is enabled and verified.
4.3.C. There should be a search function enabled for " 4.3.A " where any common member can put in details like pin code , and see who all in his vicinity has voted, or put in the date and get a list of ppl who voted on that date, or put in a name and see the ppl with that name who voted along with their dates. If an IP address is entered, the list of voters who voted from the same IPadress should be displayed.
This search interface can be done easily by any developer based on the raw excel data sheet of the voters who voted list.
In future this can be integrated with google maps and mapping of the voters too can be made accessible to voters.
4.4. Why 7 digit OTP/autogenerated alfanumeric code/autogenerated ballot reference number?
Because for 25000 members working out various unique combinations with wasted OTPs will req 7 digits. Otherwise there will be a upper limit in working out unique combinations for each voter.
4.5. Why " Submit & Send email " button instead of only submit button?
This is because the voter may dispute that the pdf copy that he received as his evidence was not correct. Like how some ppl say that I voted for congress but VVPAT slip displayed BJP.
4.6. What happens if a rogue voter creates mischief and produces a doctored pdf document as evidence of fraud?
Answer: Doctoring pdf documents and alleging fraud based on such doctored documents is useless because the electoral system will preserve a copy of the sent summary page. Comparing it with what the voter produces will give us an indication that a fraud has happened.
To resolve this now, Screen recordings can be used.
4.6.1. How can screen recordings help?
The voter can record his activity on his mobile by recording his own screen or if he is voting from a laptop/desktop the voter can be asked to use a smart phone to manually record his own screen to enable dispute resolution later. This should be suggested immediately after login, but left to the discretion of the voter. From our side, we should not disable screen recording. .
The vendor too can screen record/capture the voter activity on the interface and save it as a video log file against the voters AIOS ID. If the dispute reaches the courts, we will know who has tampered, the vendor or the voter easily.
So, if any voter has any grievance on the electoral system capturing wrong data, the voter should be given 24 hrs time to bring any discrepancy to the notice of the election office grievance cell with video proof captured on his/her smart phone proving the allegation about the difference between the pdf copy and what he voted.
After 24 hrs, his ballot is sealed and no further queries will be entertained.
The grievance cell on the website should give a ref number and current status update on the resolution.
If the voter is right and some hanky panky is proved, then the voter must be given another chance. And preventive action and corrective action should be listed & implemented.

4.7. Can we make Voters choice public?
We cannot make voter choice public
We dont make voter choice public if the voters name is  masked with his/her OTP/alfanumeric code/ballot referencenumber..
Masked with unique alfanumeric code OTP/autogenerated alfanumeric code/autogenerated ballot reference number instead of their names.
When this masked data is made public, it does not violate privacy of voters and does not violate the law or our constitution. Rather it adds a safeguard in the form of public scrutiny done privately by every voter on the authenticity of the captured data. It enables each voter to verify that his or her choice based on the alfanumeric code and whether such data is captured accurately by the vendors system.. The pdf copy of the ballot choice should be downloadable from a different domain that does not track IP addresses based on Ballot ref no & sent to voters computer when they vote so that his dispute if any can be authenticated with his pdf copy.
This enables public to scrutiny the excel sheet & voter to verify  his choice individually( by that individual only). Since the individuals alfa numeric code or OTP or ballot reference number is not known to the remaining voters. So each voter will know his otp and can verify the choices for correct capture and can tally the results if he wants.
This has 2 benefits.
One, it will authenticate the raw data by voters who will verify their own data for frauds by vendor who is the weakest link in the chain. Any discrepancy can be reported by the voting public with their pdf copy. Everyone can do the counting if interested and report counting errors as the raw data is in excel sheet format.
Second, because it is coded, voter secrecy for his ballot choice is 100% maintained and all your concerns regarding PGs being victimised by HoDs will be irrelevant because no one other than the voter can do the verification.
4.8. Is the voter is not entitled to secrecy as he casts his vote. Hence publishing the voters voted list is not good as his/her privacy is lost.

Answer: AIOS is responsible only for ballot choice secrecy. Not for polling booth Voter entry secrecy. Even in all offline elections voters used to enter publically through a common entrance after public verification by the polling agent who verifies along with other public members that he is not a ghost voter. . Even President of India is not entitled to this unconstitutional secrecy that the current system wants to provide. Hence there is no constitutional bar on publishing the voters voted list. It should be open.

4.9 Why should voters want to know who all has voted through RTVVL ( Real time voters voted list)?

Answer: That info is essential to all members since only when members scrutinise that list, ghost voting reporting to the top from the grass roots can be enabled. This is important because there is no mechanism for election office to provide vigilance against ghost voting from top down. You do not have 2000 vigilance staff for 25k voters going to the length & breadth of the country to verify if the voter is indeed alive or dead or dying.
When you do not have a mechanism to verify each voters physical existence, the least you can do is publish the voters voted list so that you enable grass root reporting for ghost votes as every common member who is a voter will know the current status of the neighbouring ophthalmologist in his locality. Which AIOS / vendor does not know.
By not publishing raw data and voters voted list, and by not having a vigilance cell to prevent ghost voting you r conducting anonymous voting. This is neither having a top down security/vigilance enabled for the election to prevent ghost voting NOR having a bottom up field reporting for frauds.
This has to be rectified as without this we r opening the election office to allegations of improper conduct of elections.

4.10. Wont we have data connectivity issues if we are to screen record every voter.
Answer: No, Screen recording of voter interface activity is done by the cloud server internally and stored internally for ex, if Amazon web server is used with a EC2 instance machine and S3 cloud storage, there is no data transmission of screen recording from the voters computer to the cloud server , rather it happens in the server internally and stored. Same for azure or google cloud servers. So, there wont be data connectivity issues.

4.11 How will I address allegations of every 7th or 8th vote programmed to go to a candidate although the pdf document may mention my selected choice?
Answer, Publishing the masked raw data on voters choice takes care of the problem. If there is a discrepancy between pdf copy and raw data, screen recordings can be seen to investigate and fix culpability.
Voters screen recordings also can be compared to assess who is tampering.

4.12: is screen recording legal?
It is legal if the voter is informed that screen activity will be recorded and consent is taken.
4.13 What happens if consent to record is not given?
If consent to record is not given, then they lose the right to participate in online voting. They can participate in offline voting held at the venue. They also lose the right to allege electoral malpractice later. That should also be mentioned. Recordings are not only used for quality training, but also as a piece of legal evidence in dispute resolution. Hence the choice of getting recorded or not is with the voter, but the implications should be clear. The default option should be automatic recording like in GBMs. The vendor/AIOS cannot know the identity of the voter after OTP based login happens.  OTP should be issued by a different vendor and after login the rest of the process should be completed by a different vendor. If required, the voter can type his OTP also in separate fields or use a autogenerared ballot reference number after login which can be captured in the summary page.
4.14. If a post graduate student does not want to vote for any candidate for some reason , and if we release the list of voters voted, wont HODs put pressure on PGs to vote?
Answer: We can overcome this problem by giving a NOTA option or none of the above option as per Supreme court guidelines.
Not just PGs, anyone can exercise this option if they dont want to vote for anyone, but they want their names to appear in the voters voted list with IP address. The ballot choice is anyway masked and is secret.
It has been brought to my notice that you had raised a few objections and sought clarifications on the above process,
FYI, i am giving a question wise reply
Q1. *First and foremost, in any election, the most important thing is process vetting and due diligence*
A. I AGREE
Q2. *There is no one who can guarantee an election that 100% of all voters will universally accept.*
A. BEG TO DIFFER. AIOS has to adopt a election process and conduct it such that it is free, fair, honest and transparent as per constitutional provisions. 100% Voters need not agree or consent to the provisions of the process & is not a prerequisite as per constitutional provisions to creating processes that are free, fair, honest and transparent.
3. *The democratic principles for e voting is applicable equally to AIOS elections to Indian parliamentary elections to US Presidential Elections.In such scenarios, there is a clear, established and well-understood path to answering questions around this. That path is due diligence, and vetting of the process.*
A. CORRECT
Q4 .Any question of compromises in the election cannot and should not be answered by taking examples.*
A. RELEVANCE OF STATEMENT NOT CLEAR. You can answer about the safeguards either in a clear and crisp layman terms with or without examples for better illustration. The choice is yours.
Q. 5. You have listed out a few ways in which elections can be compromised. There are hundreds more ways. As you can imagine, the process may be never ending.*
A. YES, It was neverending before, neverending now and will be neverending in future. That never prevented our predecessors from taking steps that were relevant to that age and technology to make the election processes free, fair, transparent and honest as and when technology enabled making the system more transparent and objective instead of opaque and subjective. This should not prevent you from taking steps to make the election process free, fair, honest and transparent. I think you will also agree that it should never prevent our future election officers to take steps to make the system free, fair and transparent and honest.
Q. 6. *Therefore, the only reasonable way to address this is by strongly vetting the software vendor.*
A. COMPLETELY DISAGREE.
Reason, If the system is made free, fair, honest and transparent, it becomes IRRELEVANT on who is conducting the election. If the masked raw data on voters choices and RTVVL with IP address are published day wise with a search option and google mapping, even AIOS can conduct these elections. No need for a 3rd party vendor at all. So no need to strongly vet anyone as no one can guarantee that the vendor is holier than thou..

Q.7. *The AIOS Election Commissioner's Office has done this over multiple vendors, and has chosen one based on their track record, references, and many series of interviews along with internal mock elections with the vendors.
Further, the EC Office has verified that beyond their own due diligence, the said vendor has also been independently audited by international auditing firm Deloitte. These audits look in detail at ensuring that the ballots are indeed recorded as cast.

If one is unable to trust the audit report of Deloitte as well as other certifications, they are free to contract a suitable audit firm to look into it. More audits are always better!*

A. THANK YOU,
But transparency in elections is not a trade off waiting to be negotiated. As much as we appreciate the effort that the EC office puts into verification of the trust report of Deloitte or other certifications, the Global Financial crisis of 2009 showed us how trustworthy these certifications are. If there is a system that can be made trustworthy by its adopted practices and processes, paper certifications are not worth even the paper that they are printed on. We cannot talk about these certifications as it it is as strong as oak because at the end of the day, if the process is not open to verification by members, then it means it is a system full of holes and compromises which is why it is reluctant to open up and resistant to bringing in transparency. Otherwise, the changes that are being asked are not rocket science and sermons on trust should not be given least of all by the vendor. The vendor is a third party contracted by AIOS. Hence he should just give us the technological perspective on whether he can publish it or not in the interest of transparency. If he is not doing it, it means he is under the control of vested interests. PLAIN & SIMPLE
Q. 8. *Let us also remember the principle of self-preservation: AIOS holds an election once a year, but the vendor holds elections every week for many organisations. And in this industry, reputation matters a lot: it is just not worth it for the vendor to have questionable behaviour around one election, because that action can destroy their entire organisation. So it is in fact in the self-interest of any organisation with the bare minimum business sense to not do something that will guarantee the destruction of their business altogether.*

A. RIGHT, but without a vigilance system from grass roots and without empowering the members individually & collectively to verify the authenticity of work that the vendor has carried out, how will the principle of self preservation be put to test? So, the vendor in the current system will go scot free even if hundreds of ghost votes are being cast as he holds all the keys and the access to OUR data.
Hence, it is unfair for him to claim that he is not indulging in questionable behaviour as there is no avenue currently available to question it.
Q. 9. *Regarding Comparisons with Offline Process
An online process that is easy, convenient and quick has its benefits and advantages as well as shortcomings compared to an offline central voting system.
It must be re-iterated here that all compromises possible in an online system are also possible offline. Before EVMs, paper ballot elections were the norm, and the same questions were raised then too. We would contend that these errors are far more likely to happen in a human process than in a computerized one.
Polling agents can have human error - and while no software is perfect, this particular vendor has had multiple certifications and audits to minimise the chances of the same.*
A. RIGHT: The comparison with the offline process was to say that these particular set of safeguards existed. For ex: ppl could see who went into the polling booth and a list was made available. Counting too took place with candidates or their representatives available to crosscheck invalidation of votes, and counting errors. While Online system is easy, convenient and quick, what AIOS election officers are doing is trading off transparency and honesty in the existing safeguards in the offline system and bringing in easy, convenience and quickness in the online system. Please do not do that. You are expected to maintain all the safeguards that existed in the offline system to the maximum extend possible in the online system or make it even better at the same time making it easy, quick and convenient.
Q.10. . *In conclusion, the safeguard in an offline system was the decision made by each individual to trust the level of accuracy of information recorded by a small group of people in a stressful environment. The safeguard in an online system is to trust vetting, due diligence involving multiple parties, multiple mock elections and independent third party audits done by firms which are more expert at this than most others.*
A. GREAT, In lieu of all this one single act of publishing of 2 sets of raw data which is already available with you will complete this cycle of trust, due diligence by involving the members also. What is the point in doing a lot of peripheral non binding trust building activities into a anyway opaque system when you are hesitant,reluctant and resistant to the key central binding trust building activity involving the very members who are responsible for the well being of AIOS. The former only augments the opaqueness of the system while the latter enhances the transparency of the system. Why this resistance then?
Q. 11. *Disclosure of Ballot
As you have yourself elucidated, authenticity of ballots can be achieved in two ways:
Choice 1: Examine the software, test it thoroughly, and use experts to ensure that it is working as advertised
Choice 2: Jump through many hoops and hurdles to create a process which is hard to verify and nearly impossible to make accessible for every member irrespective of their technical clout.*
A. WOW, Ours is definitely not Choice 2. There are no hoops, hurdles in creating or publishing because this info is already there. It is also not nearly impossible to make it accessible because it needs to be just published on the website where members can access it along with other details. What is the additional technical clout involved here? You are already fully digital and even conducting only online digital elections. Let us not kid ourselves.. THERE IS NO ADDITIONAL TECHNICAL CLOUT NECESSARY BEYOND WHAT HAS BEEN CURRENTLY ASSUMED BY AIOS BY DECIDING TO CREATE ONLY A ONLINE VOTING SYSTEM FOR ITS MEMBERS. Accessing member zone is easier than online voting FYI.
Q. 12. *What you are suggestion is discriminatory and exclusionary against every member of AIOS who is unable to perform screen recordings without major problems. And making it compulsory or raising these requests would simply amount to voter suppression — where less technically inclined members may find it so difficult to navigate the process that they are simply discouraged from the act of voting itself.*
A. OOPS!! Recording video from their own smartphone of their activity is neither discriminatory or exclusionary. it is not as if recording is compulsory. If someone suspects malpractice by the vendor, they can do it. Those who do not will not record. What is the voter suppression here? This is nothing but fear mongering and insult to our members that they cannot do a simple activity if they suspect wrong doing by the vendor. Hence i will not dwell more on this here as i presume you do not know what you are talking.
Q. 13. *The situation of "I voted for congress but VVPAT slip displayed BJP" is a common question, and yet has never been proven. The process applied in investigating these claims never relies upon on one easily fabricated VVPAT. It relies on auditing the EVM - in this case the software system, which we have done.*
A. IN THE CURRENT SYSTEM with the reforms that are suggested, it is easy to prove who is the mischief monger, the vendor or the voter. The voter can lodge a complaint only with evidence. But you are not empowering him to gather that evidence. Hence you are reluctant, resistant, and want to continue with the Opaque system as you may fear that your shortcomings may be exposed.
Q. 14. *Similarly, a ballot once cast is cast. Introducing these refractory periods simply raises more questions than it answers. What if someone wants the 24 hours to be 36? What if a member logs in 5 minutes after the 24 hours? Should members go in and confirm their votes again in these 24 hours? Should they not?*
A. These and many such questions have been answered before also. Why 6 days of voting, not 10 days of voting? Why 24 hrs and not 36 hrs etc? if a member can show justification for 36 hrs and not 24 hrs, so be it? After all we are here for the welfare and betterment of members. There is no need for members to reconfirm their votes after 24 hrs. It gets sealed automatically after 24 hrs if there is no complaint against the electoral process and system. The period of 24 hrs is given so that discrepancies in the process may be brought to the immediate notice. However discrepancies in the voter acknowledgment pdf copy and the raw data may be brought to the notice of the EO even after the PROVISIONAL results are out and the data is opened up for member scrutiny. Only after the discrepancies are sorted out and recoinciliation of data is finalized, final results should be out. So, in that sense YES, refractory periods may increase for further validation but it will also increase the trust in the system and you are wrong, it answers more questions that it raises..
Q. 15. *Screen recording as you have suggested using an EC2 is technically incorrect and cannot be done. You are perhaps confusing EC2s with Virtual Machines being streamed from the cloud.*
A. PLEASE ELABORATE?? Screen recording can be done by the voter at his end. PERIOD!!. For the vendor to do screen recording, the question asked was whether data connectivity issues may happen. Hence i replied that if the cloud server is hosting the eballot, and the user logs into the server, then the server can automatically screen record the users activity and create a video log into the storage WITHOUT any data connectivity issues. If you beg to differ, please elaborate??
 

Q. 16. *Further, verifying doctored PDFs and videos fall under the domain of digital forensics, which in and of itself is a massively sophisticated field.*
A. PLEASE be assured that no field is out of reach for our society. If a dispute arises, between the vendor and the voter, AIOS cannot simply brush it under the carpet and say it is out of its understanding. It is common pool of resources that OBs are being elected to manage. We cannot be so cavalier about it.
Q. 17. *Regarding Information Disclosure
Personally identifiable information will not be made public. Where, when and what IP a user votes from is their private information, and it is not within the AIOS's ambit to take a decision on whether or not they have the right to make this information public. If a member wants to voluntarily disclose to their colleagues their information, they are of course always free to do, and we encourage voters to tell other voters that they have voted.
It should however be mentioned that these details are available including all metadata with the Election Commission and such metadata is thoroughly reviewed to ensure that all activities are above board.*
A. COLLECTING dynamic or static IP ADDRESSES identifies the computer and not necessarily the person. Making it public will only let us know if multiple voting has occurred from a single geographic location in a syndicated manner legally or illegally. To prevent foulplay, AIOS is within its rights to collect and make IP address info public. There is no bar in the constitution or in our laws against it. Please do not mislead.
 
 

Q. 18. *Regarding Duplicate Records
The EC has already taken the requisite steps to ensure that this situation does not arise, including IP restrictions, as well as duplicate records of contact details.*

A. THIS IS an on going process.
This will become more stronger if the two sets of raw data are published.
 
Please do not hesitate to contact me if you need more clarifications.