On June 27, 2025, an experimental phone-based voting system was deployed across six municipal councils in three districts of Bihar—State Election Commissioner Deepak Prasad said “This facility is for those unable to reach the polling station due to physical or locational reasons… like senior citizens, disabled persons, those who are pregnant and migrant voters.”
While the move was hailed by some as a technological leap, and the casting of votes through E- voting has been 70.20% more than booth voting, many experts, political observers, public, and netizends are sounding alarms. The reason? The very mechanism that was supposed to ensure ease, inclusivity, and transparency may instead have silently opened a door to undetectable electoral rigging.
The Election Commission’s pilot project allowed eligible voters in selected municipal councils to cast their vote. How does it work? The voters have to download the E- SECBHR app. This is only available for the Android users.
The phone number mentioned in the voter list has to be linked to the app. Following this verification will be done.
Superficially, the system seemed secure. It involved biometric-linked voter registration, encryption of transmitted data, and limited-time OTP-based access. Yet beneath the surface, massive vulnerabilities could be exploited with minimal chances of detection.
The Hidden Dangers of Invisible Manipulation
Let’s unpack how such a phone-based voting system could be manipulated and why such manipulation would be hard—if not impossible—to detect:
Opaque Backend Architecture
Unlike traditional EVMs (Electronic Voting Machines), which are standalone and auditable, phone-based systems rely on a complex chain of digital infrastructure: servers, software code, telecom channels, databases, and encryption keys. This backend is entirely hidden from voters and even from polling agents. If even a small part of this system such as the vote-mapping algorithm or the final tallying script were tampered with, it could reassign votes or discard some entirely without any visible trace.
Authentication Vulnerabilities
The reliance on Aadhaar or voter ID-based authentication assumes the integrity of those databases. However, fake or duplicate Aadhaar entries are not unheard of. Further, if the system allowed call-in voting from any phone (as long as the credentials matched), vote buying or coercion becomes simple. However, according to Prasad, the validity of every vote will be cross-checked against individual IDs.
Call Spoofing and Systematic Fraud
Telecom-level attacks such as SIM swapping or call spoofing could allow large-scale automated voting from a central hub. With modest resources, an actor could place thousands of spoofed calls, mimicking legitimate voters and casting ballots systematically.
Lack of Verifiable Paper Trail
Perhaps the most disturbing feature of the system is its lack of verifiability. In traditional elections, votes are either cast physically on ballot papers or digitally on EVMs, both of which leave a retrievable trail. In contrast, phone-based votes are ephemeral, transmitted as data packets and stored in databases that are accessible only to election authorities and technology vendors.
What if someone changes the vote database after voting closes? What if there’s a script that biases the tally subtly—say, redirecting 2% of all votes to a preferred candidate?
Real-World Scenarios of Possible Manipulation
Consider the following hypothetical, yet entirely plausible, scenario:
1)A candidate has access to local voter rolls.
2)His party operatives contact elderly or illiterate voters, offering to help them vote over the phone.
3) These operatives then obtain the voters’ credentials, generate OTPs, and vote on their behalf.
4)Alternatively, a malicious actor within the IT vendor’s team tweaks the backend to count every third vote for Candidate X, regardless of input.
In both cases, the final tally would appear mathematically plausible and face little to no resistance—because there’s no audit trail, no paper ballots, and no means for the voter to verify whether their vote was recorded as intended.
Even if a political party suspects foul play, how would they prove it? Would the Election Commission allow forensic inspection of its servers and vote logs? Would the telecom partners reveal call data records to independent investigators?
