In­dis­pens­able EVMs

While a re­view of the hard­ware and soft­ware will en­sure quick fix­ing of bugs, the con­fi­dence of vot­ers in the elec­toral process can also be re­stored

Business Standard - - ISSUES AND INSIGHTS - DEVANGSHU DATTA

Ev­ery elec­tion is pre­ceded by a de­bate about EVMs (Elec­tronic Vot­ing Ma­chines). Given the scale of In­dian elec­tions, EVMs are in­dis­pens­able. But the tech­nol­ogy is opaque and hence, open to ac­cu­sa­tions of rig­ging. The Elec­tion Com­mis­sion of In­dia (ECI) has con­sis­tently de­nied that it is tech­ni­cally im­pos­si­ble to hack an EVM. This is ab­surd — any elec­tronic com­puter can be hacked.

The EVMs are man­u­fac­tured by the PSUs, Bharat Elec­tron­ics Lim­ited (BEL) and the Elec­tron­ics Corporation of In­dia Lim­ited (ECIL). The EVM is a com­puter, with a spe­cialised chip em­bed­ded in the moth­er­board, and a mem­ory unit to store votes. It’s sup­posed to be a stand-alone, non-net­worked, pro­gram­mable unit. The chip that con­trols op­er­a­tions has the pro­gram code etched into it. It can­not be read, or tam­pered with. This cre­ates po­ten­tially se­vere is­sues.

The can­di­dates’ names are listed in al­pha­bet­i­cal or­der with their sym­bols. Each ma­chine can store around 3800 votes and cater for 64 can­di­dates. A new sys­tem has been im­ple­mented where voter-ver­i­fi­able paper au­dit trails (VVPAT) are avail­able.

In VVPAT-en­abled sys­tems, a slip of paper is printed and dis­played, with the voter’s can­di­date name and sym­bol, af­ter the EVM but­ton is pressed. The voter has about 7 sec­onds to ver­ify that her vote is cor­rectly recorded be­fore the paper slip is de­posited into a sealed box. The VVPAT tally can later be matched ver­sus EVM records, if re­quired.

A voter who sees a mis­match be­tween vote and VVPAT slip, should in­form the polling of­fi­cer. Then there is a “test vote”. If this is in­cor­rect, the EVM may be with­drawn and re­placed. If this test vote has no mis­match, the com­plaint is re­jected.

Ev­ery EVM has a con­trol unit, and a bal­lot­ing unit (the VVPAT is a sep­a­rate ma­chine). The two units are joined by a ca­ble. The vot­ing but­tons are on the bal­lot­ing unit while the con­trol unit stores votes and can dis­play re­sults. Each but­ton-press leads to a sin­gle vote be­ing recorded, and the ma­chine is then locked. The con­trol unit is used to un­lock it to record the next vote.

In Jan­uary, a man who calls him­self Syed Shuja made ab­surd and sen­sa­tional claims. Ad­dress­ing jour­nal­ists in London over Skype while wear­ing a mask, Shuja said he worked for ECIL from 2009-2014. Shuja claimed he was in a team, which de­signed and tested the EVMs used in the 2014 elec­tions. He said he was forced to seek asy­lum in the USA. He also said that Reliance Jio used low-fre­quency sig­nals to ma­nip­u­late EVMs in 2014, on be­half of the BJP. (Jio only launched com­mer­cial ser­vices in Septem­ber 2016.) “Shuja” gave no ev­i­dence for these in­cred­i­ble as­ser­tions.

Also in Jan­uary, the Aam Aadmi Party MLA Sau­rabh Bharad­waj did demon­strate how it was pos­si­ble to very quickly re­place EVM hard­ware. Other re­searchers have also demon­strated hacks, show­ing how chips or cir­cuit boards could be eas­ily re­placed, to al­low hack­ing. The big prob­lem with the chip that can­not be tested or ver­i­fied: there is no way for the ECI to tell if it has been re­placed by an­other chip.

Se­cu­rity ex­perts have pointed out re­peat­edly that the ECI’s re­fusal to share source code makes it much more in­se­cure. Any code that is se­cret and con­tains bugs, can be ex­ploited, with­out fear of de­tec­tion. There is an ex­cel­lent rea­son why gi­ant cor­po­ra­tions re­lease source code for their pro­grams: In­de­pen­dent se­cu­rity re­searchers can test it to de­tect bugs, and patch buggy code. In­deed, com­pa­nies re­ward indy re­searchers for point­ing out bugs.

Ob­vi­ously, the ECI is not go­ing to re­place ei­ther EVMs, or VVPATs, at this late date. One de­mand that has been put for­ward is that 50 per cent of EVMs be matched with VVPATs, with manda­tory re-polling if there’s a high er­ror in tal­lies. An­other sug­ges­tion is that there should be manda­tory VVPAT counts if there’s a nar­row vic­tory mar­gin.

Ran­dom sam­pling of EVMs and VVPATs should be done to en­sure high con­fi­dence in the vot­ing process. The process for iden­ti­fy­ing VVPAT er­rors also needs re­view. A clever hacker would en­sure that con­sec­u­tive votes are not in­ter­fered with, in or­der to pass the VVPAT test vote process. For ex­am­ple, ev­ery third vote could be rigged and the VVPAT test vote process would show the sys­tem was work­ing fine.

The orig­i­nal EVM de­sign was done in the 1980s. It’s high time there was a re­view of the hard­ware and soft­ware, and the source code should also be re­leased. That way, bugs can be fixed quickly and the con­fi­dence of vot­ers in the sanc­tity of the elec­toral process can be re­stored.

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.