Amid allegations of electoral roll manipulation and partisanship levelled against the Election Commission by the Congress, an investigation into a systematic attempt to delete 5,994 votes in the Aland Assembly constituency in Kalaburagi district of Karnataka, has hit a dead end. The case relates to an attempt to remove electors by forging Form 7, ahead of the Assembly election in 2023, and has gone cold since the EC is yet to share crucial data needed to nab the accused.
The case came to light in February 2023, when senior Congress leader and then Aland candidate B.R. Patil was alerted to several applications being filed for voter deletions in his constituency, without the knowledge of the voters. He quickly lodged a complaint with the EC. “One of the Booth Level Officers [BLOs] received a Form 7 application to delete her brother’s vote, when he had not even applied. Her brother was my supporter. The application was made in the name of another voter in the same village, who was also not aware of it. This tipped us off,” said Mr. Patil, who had lost by a narrow margin of 697 votes against a BJP candidate in 2018.
Many electors whose names were sought to be deleted and those whose credentials were misused to make the Form 7 applications soon filed complaints with the Aland Tehsildar. The Hindu is in possession of copies of 38 such applications. Following this, an on-ground verification of 6,018 Form 7 applications in the constituency was carried out.
Mamata Devi, Returning Officer, Aland, and then Assistant Commissioner, Kalaburagi, in her complaint to the Aland Police on February 21, 2023, said of the 6,018 cases, only 24 applications were genuine and were made because the voters had moved out the constituency. Those votes were deleted. The remaining 5,994 voters continued to stay in their addresses. An FIR (26/2023 Aland PS) was registered against unknown persons for forgery, impersonation and providing false documents. Eventually, these 5,994 voter names were not deleted and they could vote in the 2023 election, but the investigation into the case remains open to this day.
Modus Operandi
Shrishaila Barabayi, 42, a two-wheeler mechanic in Sarasamba village, Aland taluk, recalled how he was shocked to discover that there was an application to delete his name from the voter list, saying he had “shifted”. His name is listed in part number 71 (serial number 775). “I have always lived in this village. I realised there was such an application when the BLO came to check. I fail to understand how someone else can apply to delete my vote,” he said.
Similar is the story of Kashim Ali, 48, a farmer in Sarasamba village, also listed in part number 71 (serial number 563). He said after the BLO came asking about the application to delete his vote in 2023, he assumed his vote was deleted and did not vote in both the 2023 Assembly and 2024 Lok Sabha elections. However, based on the BLO report that he continued to stay in the same address, the forged application was rejected.
The Form 7 applications to delete both their names were applied in the name of Suryakant Govin, 67. This retired principal of a private college now runs a pharmacy store in Sarasamba village, and is a voter in the same part number 71 (serial number 1). “There were nine applications made in my name to delete voters from part number 71, where I am also a voter. I don’t know how the miscreants did it. In all these applications, while my other credentials, including EPIC number and photo are correct, phone numbers are different in each application. None of them belong to me,” he told The Hindu.
The Hindu spoke to several voters of Aland, whose votes were sought to be deleted or forged applications made in their names. In several cases, applications were made to delete voters in an entire household. For instance, Veeranna Honashetty, a retired policeman, said there were applications to delete eight votes in his family, including that of his wife Revamma, a Congress member who had contested in the zilla panchayat polls.
A pattern observed was that the applicant for deleting votes was usually the first voter in that part number and in rare instances, the second in the list.
Well-planned operation
The case was transferred to the Criminal Investigation Department (CID) of the Karnataka Police, where after a probe spanning two-and-a-half years, the trail seems to have gone cold.
The probe so far has unravelled a complex web of a sophisticated operation. The Form 7 applications in question were made through the National Voter Service Portal (NVSP), Voter Helpline app (VHA) and Garuda app of the EC. Correspondence between the CID and Chief Election Officer (CEO), Karnataka, showed that the CID requested “IP Logs [Internet Protocol Logs], Date, Time along with Destination IPs and Destination Ports” of the machines and sessions through which these forged applications were made.
In seven letters written to the CEO from January to April 2025, and five written earlier, CID officials said they had repeated the same request for Destination IPs and Destination Ports. “During the course of investigation, the IP Logs are provided. On perusal the Destination IP and Destination Port are missing. Therefore, it is requested to direct the concerned to provide the same,” four letters accessed by The Hindu read. However, there was no response to this specific query, sources said. Without Destination IPs and Destination Ports the probe stalled.
Sources in the CID said in September 2023, the EC shared data for over 5,700 forged Form 7s. While there were enough data regarding over 4,400 applications, the rest had incomplete data. The EC also provided the mobile numbers used to create login IDs and passwords on the EC’s three apps, through which all forged Form 7s were submitted, apart from the IP logs.
“We have tracked down nine mobile numbers among the given lot. They are mostly from Maharashtra and Andhra Pradesh. The owners of these numbers claim they never created these accounts on any of the EC apps. Many of them are digitally illiterate,” a senior official said.
The CID reportedly wrote to Telecom Service Providers (TSPs) and got the public Internet Protocol Detail Record (IPDR), which had IP addresses of IPV4 format, and each IP address had over 200 users attached to it in the form of dynamic IP addresses. This would mean over eight lakh devices to verify and investigate, sources said.
An IP address is a digital address for a machine on the Internet. This can be used to track a machine from which a particular transaction was made from. However, IPs are not always static. A dynamic IP is a temporary address assigned to a machine by a server.
To narrow down the search, the CID has been asking the EC to share Destination IPs and Destination Ports. A Destination IP is a unique address which specifies the intended recipient within a network and a Destination Port is an endpoint for any network communication, also unique.
Since geolocation of a machine is challenging with dynamic IPs, Destination IPs and Destination Ports will help sleuths narrow down their search significantly and help them track down the devices used to make these forged applications and that is expected to take the probe further to identify the culprits behind the scandal, sources said. However, the EC has till date has not shared this data.
“It is a very sophisticated operation where the culprits are hiding behind three layers of obfuscation. The owners of the mobile numbers used to create the login IDs and passwords on one of the three EC apps do not seem to know of this. Thousands of forged Form 7 applications made using these login IDs and passwords use dynamic IPs and each application misuses the credentials of other voters, while only the mobile numbers are different,” a senior official said.
Questions over OTP verification
An analysis of the modus operandi raises questions over security and authentication on the three EC apps. In its letters to the Karnataka CEO, the CID sought a “presentation of the step-by-step usage of the NVSP, VHA and Garuda apps from the voter/public perspective” and posed three questions: “Is OTP/Multifactor authentication facility adopted in NVSP and VHA apps, platforms? Is the same extended to upload the applications? Does authentication like OTP exist, and whether the OTP is sent to mobile number used for login or mobile number provided in the form by applicant or both?” There has been no response from the EC yet on these aspects as well, sources in the CID said.
The Hindu sent an email to the CEO on August 29, asking whether the data sought by the CID were provided and how someone could apply for deletion of a vote, misusing the credentials of other voters, through EC apps. Despite a reminder email on September 4, there was no response.
Mr. Patil, who eventually won the 2023 Assembly election by 10,348 votes, said, “If we had not made a big issue about these applications, the votes may have been deleted.” Mr. Patil claimed that most of the voters who were affected were Congress voters. “After I flagged the issue, the election machinery responded earnestly and helped us make a timely intervention and saved these votes. But it is a matter of concern that the probe has hit a roadblock over the EC not sharing technical data with the investigators. The EC must help unmask the people behind the conspiracy. It is key to save democracy,” he urged.
