Follow us on

|

Election Commission

In EVM do we trust?

Print edition : Jul 05, 2019 T+T-
Security personnel  leaving for polling booths with electronic voting machines and VVPAT on the eve of the second phase of the general election at Bhagalpur in Bihar on April 17.

Security personnel leaving for polling booths with electronic voting machines and VVPAT on the eve of the second phase of the general election at Bhagalpur in Bihar on April 17.

Counting officials  opening the seal of the control unit of an EVM in the presence of representatives of candidates at a counting centre for Anandpur Sahib parliamentary constituency at Khooni Majra in Punjab on May 23.

Counting officials opening the seal of the control unit of an EVM in the presence of representatives of candidates at a counting centre for Anandpur Sahib parliamentary constituency at Khooni Majra in Punjab on May 23.

A protest  by the forum “EVM Virodhi Rashtriya Jan Andolan” in Mumbai on May 30 against the use of EVMs in elections.

A protest by the forum “EVM Virodhi Rashtriya Jan Andolan” in Mumbai on May 30 against the use of EVMs in elections.

Voices against the use of electronic voting machines, which are widely seen as black boxes that lack transparency and verifiability, are growing louder.

THE general election of 2019 yielded a stunning and incredible mandate in favour of the Bharatiya Janata Party and its allies. But was the voting and counting process that delivered this verdict a credible one? Even before the results were announced, questions were raised about the conduct of the election, the allegedly partisan role played by the Election Commission (E.C.) and the possibility of electronic voting machines (EVMs) being tampered with or manipulated by vested interests to generate a favourable outcome for the ruling party and the coalition it leads. Such misgivings have so far not been allayed or even mitigated by the E.C., which has chosen to stonewall questions under the Right to Information (RTI) Act, 2005, on the functioning, storage and managing of EVMs from polling to final counting. Such opaqueness has led to opposition parties and civil society becoming suspicious of the results. The notion is gaining ground among the public that an “EVM sarkar” has been installed at the Centre.

At a convention of party workers in Mumbai on June 10, Nationalist Congress Party chief Sharad Pawar said it should be ascertained what exactly transpired after a voter pressed the button against the name of a party candidate of his or her choice and it got reflected on the voter-verified paper audit trail (VVPAT) system. He had earlier said that the veracity of EVMs must be discussed by the opposition in the presence of experts and technocrats. Congress spokesperson Sanjay Jha recently tweeted that the EVM problem could only be solved if all opposition parties insisted on the scrapping of EVMs. At another level, the former bureaucrat M.G. Devasahayam, writing in The Wire , attributed the electoral outcome to “money, EVM machines and the media”.

Such concerns aired in public raise doubts about the infallibility of EVMs. In fact, over the past few weeks, several glaring discrepancies in the election process have been reported from across the country, calling attention to lakhs of missing EVMs and unsecured transportation and storage of these voting machines. Data put up on the E.C. website (subsequently deleted) revealed that in as many as 371 constituencies there was a huge discrepancy between votes polled and votes counted. Going by the initial figures put out by the E.C., it was reported by the website Newsclick that the difference between the votes polled and the votes counted nationwide was a staggering 54.65 lakh.

It is argued that if such large discrepancies have shown up in basic official data (the E.C. now claims that the figures were provisional and hence misleading), if manipulation did actually take place, the shift of votes from one candidate to another would be alarmingly higher. The E.C. has been unable to provide a reasonable response to these concerns. It has not ordered any inquiry into the serious allegations either. Most countries that use EVMs have made their technology public. But the establishment in India stubbornly refuses to be transparent about its EVMs. Even questions under the RTI Act have so far failed to elicit any concrete answers. This inexplicable opaqueness has further fuelled conspiracy theories.

On high-tech rigging

In “Making Electronic Voting Machines Tamper-proof: Some Administrative and Technical Suggestions”, a policy watch document published by The Hindu Centre for Politics and Public Policy in October 2018, K. Ashok Vardhan Shetty, a former Indian Administrative Service official, quotes from the British mathematician and artificial intelligence expert Roger Penrose’s 1994 book Shadows of the Mind . In the context of the 2019 election, it is pertinent to revisit Penrose’s prescient observations on EVMs.

To quote from Shetty’s paper: “…Roger Penrose, the globally renowned British mathematician and authority on Artificial Intelligence, visualised the hi-tech rigging of an election as follows. The date of a long-awaited election approaches. Numerous opinion polls are held over a period of several weeks. To a very consistent degree, the ruling party trails by three or four per cent but all the polls taken together have a much smaller margin of error, of less than two per cent. Polling day arrives and passes, the polls being held with electronic voting machines. When the votes are counted, the result is a complete surprise to almost everyone. The ruling party is back with a comfortable majority, having achieved its target of eight per cent [lead] over its nearest rivals. Yet the result is false. The vote-rigging has been achieved by a highly subtle means, namely, a computer virus. The virus was cleverly programmed to steal votes from other parties and give the ruling party precisely the majority it needs. The virus does more than just steal votes; it self-destructs, leaving no record whatsoever, bar the evil deed itself, to indicate its previous existence.”

According to Penrose, two conditions are necessary for an election fraud to succeed. First, the voting machine has to be programmable; and second, the vote-counting process should not be checked by humans at any stage. Shetty explains that it followed from Penrose’s first condition that an ideal EVM should be a stand-alone, non-networked machine with a central processing unit (CPU) whose software was burnt into it and could not be programmed after manufacture or manipulated in any manner.

Shetty notes that Indian EVMs fit into this description. They are more like calculators than computers and are not connected to any network (wired or wireless), including the Internet, and if they retain their physical integrity, they cannot be hacked. “But what if dishonest insiders and criminals get physical access to the EVMs and replace the EVM’s non-hackable CPU with a look-alike but hackable CPU that can be programmed to count votes dishonestly together with an embedded Bluetooth device that allows it to be remote controlled?” says Shetty. He goes on to explain in the rest of the paper how it is possible to tamper with EVMs and steal votes on a scale large enough to change election outcomes even with all the security features and administrative safeguards in place.

Unanswered questions

The EVMs, according to the E.C., are not hackable because of two factors. First, as they are not connected to any network, the machines cannot be manipulated. Secondly, they are OTP, or one-time programmable, devices. Given the stonewalling by the E.C. when it comes to giving information, opinions are divided over the second claim. Experts whom Frontline spoke to and documents reviewed throw up the following questions:

The main pillar of the E.C.’s defence of secure EVMs—that they are one-time programmable—was demolished by a recent RTI query by Venkatesh Nayak of the Commonwealth Human Rights Initiative (CHRI). He found out that the microcontrollers embedded in the Bharat Electronics Ltd (BEL)-manufactured EVMs and VVPATs used in the election were manufactured by NXP, a multibillion-dollar corporation based in the United States. The description of the microcontroller as OTP does not match the description of the microcontroller’s features on NXP’s website that indicates that it has three kinds of memory—SRAM, FLASH and EEPROM (or E2PROM). A computer chip which includes FLASH memory is not OTP.

The Technical Evaluation Committee (TEC) of the E.C., in its reports of 1990 and 2006, suggested that Indian EVMs cannot be hacked because once the software is burnt into the microchip, it is secret and even the manufacturing company itself cannot read it. This means it is not retrievable. That is the basis of the claim that EVMs cannot be tampered with. But the E.C. booklet and the TEC report of 2013 together suggest that the situation has changed. Under the subheading “Transparency of EVM code”, the TEC of 2013, comprising Prof. Rajat Moona, Prof. Dinesh Sharma, Prof. A.K. Agarwala and Prof. D.T. Shahani, noted: “Facility to be provided in EVM units so that code in the EVM units can be read out by an approved external unit and the code so read may be compared with corresponding reference code to show that code is same as that in reference units.” In short, the code is no longer sacrosanct and can be accessed.

Periodic checks necessary

Experts are of the opinion that the E.C. must consider engaging the services of a top electronic security firm of international standing and credibility (bound by a confidentiality agreement) to conduct periodic ethical hacking and other modes of attack on its electoral systems and processes, identify loopholes if any, and certify their robustness.

In such a hackathon conducted in 2017, EVMs were placed before participants who were asked to hack them without being provided access. According to an expert contacted by Frontline , it was like “putting a gramophone player in front of you without allowing you to open it and then conclude it is not hackable”.

Experts agree that it is possible to substitute large numbers of tampered with/counterfeit EVMs for genuine EVMs without the knowledge of the E.C. at three stages—at the EVM-manufacturing stage in BEL and the Electronic Corporation of India Limited (ECIL); at the district level during the non-election period when EVMs are stored in archaic warehouses in multiple locations with inadequate security systems; and at the stage of first-level checks prior to an election when EVMs are serviced by authorised technicians from BEL and ECIL.

There is no clarity on how the names of candidates, serial numbers and election symbols are entered in the EVMs. The machines are not stored at the E.C. headquarters but go to the State electoral offices, and their final resting place before the election is in the constituency. Only after the last date of withdrawal of candidates would these details be ready to be fed into the EVMs.

In most constituencies, the fight is between two major parties. A simple Trojan Horse which can steal, say, 10 per cent of the votes from the party securing the highest number of votes and transfer it to the party securing the second highest number of votes in a polling station can be conceived of. For this, the attacker does not need to know the precise sequence of candidates on the ballot unit. Moreover, with a more advanced Trojan Horse, various kinds of vote transfers between candidates can be done. The precise mode of vote stealing will depend upon how the Trojan Horse is programmed.

BEL and ECIL are not Apple and Google and have not exactly fired the imagination of the industrial and commercial world with their products, says Shetty. The E.C. would be making a grave mistake if it overestimated the security features of its EVMs and its administrative safeguards and underestimated the technical prowess of attackers or if it thought that Indian politicians were not “hi-tech” enough to resort to such manipulation.

A lon g election cycle, lasting a few months from the date of announcement to the date of declaration of results, typically creates enough time for the possible tampering of EVMs. The 2019 election cycle stretched from March 10 to May 23. Given this inordinately extended cycle, the rush to finish counting seemed unusual. Hence, the argument that wider EVM-VVPAT matching would delay the results does not ring true. Moreover, the E.C. hastily put up provisional voting figures on its website to declare the winners, which it later retracted. So, were the results declared also provisional?

The E.C. defends its EVMs as unique and secure. But what is its safeguard against manipulation by insiders? Banks, insurance companies, examinations and printing presses are not immune to insider frauds. What is the guarantee that the election process is secure from disgruntled engineers or lax security guards?

Prof. Poorvi Vora, who teaches computer science at George Washington University and has been studying EVMs closely, notes that the E.C. has not made the design of the machine public, which makes it difficult to ascertain its vulnerabilities. She told Frontline : “It is correct that the Indian EVM has closed off popular avenues for hacking that foreign machines are vulnerable to. However, election integrity experts say elections should be evidence-based. Instead of saying ‘trust us, the EVM is secure’, or ‘we fixed the problem and this is the next generation machine’, every time there is a serious allegation of an attack, the E.C. should be proving to the public, especially to the crores who supported losing candidates, that the election was called correctly in a manner that is transparent to the public.”

Botswana’s doubts

The credibility of Indian EVMs is not just a matter of controversy here. There was a political furore in Botswana when there was an attempt to introduce EVMs in the election due in October 2019. With opposition parties objecting vociferously, a delegation of the Independent Electoral Commission (IEC) from the African nation visited the E.C. to convince it to depose as star witnesses before the Francistown High Court on the merits of using EVMs. The IEC delegation further asked the E.C. to dispatch four or five EVMs to Botswana and hold a demonstration of the EVM and the VVPAT system in court to dispel doubts over the credibility of the machines. The E.C. failed to send its team for the presentation. Finally, the law to introduce EVMs in Botswana was withdrawn.

In 2017, Sunday Standard , a newspaper in Botswana, reported that BEL representatives, who refused to reveal their names, carried samples, instead of actual EVMs, for demonstration to the media and potential hackers there. The samples were reportedly labelled “Electoral Commission of Namibia” and the BEL representatives maintained that they could not be hacked but refused to give access to hackers at the meet.

In 2010, a Hyderabad-based technologist, Hari Prasad, collaborated with Alex Halderman, a professor of computer science at the University of Michigan, and Rop Gonggrijp, a technology activist from Holland who was instrumental in having EVMs banned in the Netherlands. They produced a paper titled “Security Analysis of India’s Electronic Voting Machines” in which they explained why using EVMs in India might have seemed like a good idea when the machines were introduced in the 1980s but “science’s understanding of electronic voting security—and of attacks against it—has progressed dramatically since then, and other technologically advanced countries have adopted and then abandoned EVM-style voting”.

Countries like the Netherlands, Ireland and Germany, which experimented with EVMs that were similar to the ones used in India—non networked—have since banned their use. England, France and Italy have made it clear that they will not use EVMs for voting. Paper ballots continue to be the time-tested method of voting in advanced countries such as the United Kingdom, Japan, Canada and Singapore. Only a handful of countries such as Estonia, Bhutan, Nepal, Namibia, the Maldives, Jordan and Brazil apart from India use EVMs.

EVMs are increasingly being seen as black boxes that lack transparency and verifiability. Many experts believe that like all electronic equipment, they are prone to malfunction and tampering. However, failures as well as frauds often go undetected and the losers are left with no means to challenge the results.

In this context, the position taken by Senator Kamala Harris, one of the contenders in the U.S. presidential election scheduled in 2020, is pertinent. She recently tweeted that paper ballots were the smartest and safest way to ensure “your vote is secure against attacks by foreign actors. Russia can’t hack a piece of paper like they can a computer.” Many politicians and voters in India would tend to agree with her.