Allow us to physically tamper EVMs: Challengers to poll panel
In a letter to CEC, the challengers said they want to get a tech perspective and understand what kind of tampering is possible
A group of computer scientists, engineers and security technologists have asked the Election Commission to allow them to perform actions that “might be performed by an insider in the process, or a criminal,” to be able to get a “technical perspective, to understand what kind of tampering is possible” before it sets out the “open challenge” to hack its electronic voting machines (EVMs).
The poll panel will hold a hacking challenge in May, putting out EVMs that were used in the recent elections and some which will be used in the upcoming ones for the challenge.
The move comes in the wake of the opposition rallying together to demand a scrutiny of the machines, alleging that the voting machines could have been manipulated to favour the ruling BJP. In a letter to chief election commissioner Nasim Zaidi, the group has asked for design documents, test descriptions and results, as well as information about the security procedures in place, for each generation of EVM currently in use.
It includes a professor from University of British Columbia, a senior principal software engineer at the New York Genome Center and a professor at the New York University (Brooklyn).
“Electronic devices cannot be guaranteed to be immune from tampering when there are a large number of insiders with access and non-insiders with mal-intent, attempting to subvert the device’s functioning. These include everyone who may have access to the EVM over the cycle of design, manufacture, testing, storage, maintenance, calibration and deployment,” the group has written.
Though the commission will lay down a set of rules such as not allowing the machines to be taken out of the premises or physically ripping them apart, the group has insisted that should the EC not allow physical tampering, then it must “explain why an insider or a criminal would not have that kind of access” to tamper the machines.
“A team of experts should be tasked with preparing recommendations to address each important security vulnerability discovered during the challenge and the longer-term testing; their report and the decisions of the EC regarding a timeline for addressing each issue should be made public,” the group has written.
In 2009, when a similar exercise was carried out by the poll panel it had refused to let the challengers take the machines apart.
The group said it was aware that the previous challenge could not show how the machines can be tampered with and pointed out, “electronic devices can be designed to detect when they are being tested, and it is practically impossible to test for every possible configuration and scenario. Hence, if the EVM challenge does not detect a problem, this does not mean that election outcomes are guaranteed to be secure in the future”.
They have also added a rider that “it is virtually impossible, whatever the qualification of the individual examining the EVM, to determine with certainty that EVMs are tamper-proof.”
Delhi chief minister Arvind Kejriwal, an IIT alumnus, told a television channel recently that there are 10 ways to hack the machines. Though he clarified that he does not know how to tamper one, he said the manufacturers of the computer chip in the machines could add a code, virus or a bug.
His claims have been dismissed by the poll panel.