Andhra Pradesh

Sensitive citizen data illegally transmitted by TDP Govt, says Andhra Assembly panel

The panel constituted in March 2022 to investigate whether Pegasus spyware was used by the Chandrababu Naidu government has submitted an interim report in the Andhra Pradesh legislative Assembly.

Written by : Paul Oommen

A House Committee that was formed by the Andhra Pradesh Legislative Assembly has concluded that a large volume of data from the state’s servers were transmitted to unknown external sources during the Chandrababu Naidu government’s regime.

The Committee, headed by Tirupati MLA Bhumana Karunakar Reddy, in its report said “there was unauthorised and improper transmission of large amounts of sensitive data from the State Data Centre (SDC) to unknown external servers from November 30, 2018 to March 31, 2019.”

Presenting the report in the Legislative Assembly on Tuesday, Karunakar Reddy said the committee found that a large volume of data had been transferred from 18 State Data Centre (SDC) servers to several unknown external IP addresses and that the reason for this data transfer was unknown.

“The data was sent to TDP leaders who used it to make unlawful gains during the elections held in 2019. The TDP leaders have misused the data. There was large-scale deletion of voters’ names before the election,” Karunakar Reddy told the Assembly. The statement evoked angry reactions from the TDP members who demanded a copy of the complete report. The house committee only tabled two copies of the report in the Assembly.      

The State Data Centre (SDC) is where the state government’s servers and network devices are stored. As part of the Praja Sadhikara Survey (smart pulse survey) organised in 2016, the previous government had collected individual details from all citizens. The Naidu government had said that the data was to ensure that government schemes would reach the beneficiaries. Details collected included aadhar card, ration card, voter ID, property tax, electricity bill, driving licence, vehicle registration details, gas connection details, bank account details, water bill details, caste certificate, income certificate, birth certificate etc. It is this data that was stored in SDC and later transferred to external servers, concluded the committee.

“The Committee found that a large volume of data was transmitted from 18 State Data Centre (SDC) servers hosting PSS (Praja Sadhikara Survey) data to several external servers during the period and that there was no permissible purpose or reason to transmit such data to external IP addresses belonging to Google LLC. Google was not able to identify the users of these IP addresses,” the interim report said.

Karunakar Reddy told the Assembly that a deeper investigation is required and that a final report would be presented after that. Reacting to the tabling of the interim report, TDP MLA and Public Accounts Committee (PAC) chairman Payyavula Kesav slammed the ruling government for its failure to prove whether the Pegasus spyware was used by the previous government. He has also criticised the ruling government for constituting a namesake Assembly committee on this issue with only YSRCP leaders in it.

The Andhra Pradesh Computer Security Operations Centre (APCSOC) monitors the SDC. The APCSOC provided the intelligence wing of the police with the logs as part of their investigation. Karunakar Reddy told the Assembly that it was the intelligence wing that provided information about where the data was transmitted.

The logs of the data transfer were reviewed and the findings in the form of a preliminary report were submitted to the house committee.

The Committee was set up to primarily investigate an allegation that the previous Chandrababu Naidu government had purchased and used the illegal spyware called Pegasus. The interim report however did not make any mention about the use of Pegasus spyware.

A claim by West Bengal Chief Minister Mamata Bannerjee in March 2022 that Andhra had purchased the illegal Pegasus spyware had stoked controversy in the state. Following this, a seven-member internal committee on ‘Unlawful Interception of Communications, Data Theft and Illegal Transmission, causing infringement of citizens rights during 2016-2019’ was set up to investigate the allegations. 

The House Committee had Paderu MLA K Bhagyalakshmi, Ankapalle MLA Gudivada Amarnath, Denduluru MLA Kothari Abbaya Chowdary, Penamaluru MLA K Partha Sarathy, Vemuru MLA M Nagarjuna and Guntur West MLA M Giridhara Rao as members.  

How Modi govt is redirecting investments from other states to Gujarat

Inside Bengaluru’s ‘Kannadiga vs Outsider’ divide

‘Adani hosted, Amit Shah attended’: Sharad Pawar confirms 2019 meeting to discuss alliance

Shivendra Singh interview: How ‘Celluloid Man’ PK Nair led him to work on film heritage

The story behind The Hindu journalist Mahesh Langa’s arrest