Election Commission’s Claim that Micro-controller of EVMs Is One-time Programmed May Be Far from Truth, Reveals RTI
A reply to a query under the Right to Information (RTI) Act obtained from the Election Commission of India (ECI) and the EVM+VVPAT manufacturers—Bharat Electronics Ltd (BEL) and Electronics Corporation of India Ltd (ECIL), points out that the claim about EVMs being infallible is questionable. The prime reason is that the micro-controller used in the EVMs cannot be called `one-time programmable’ (OTP). They contain three kinds of memories including `FLASH’ memory (that can be electrically erased and reprogrammed), which allegedly makes it open to manipulating data. This information is posted on the website of the Netherlands-based NXP Semiconductors NV, which supplies the micro-controller chips. Also, most of the information sought on this vital public issue stands denied by all the three public authorities. 
 
Venkatesh Nayak, RTI research scholar and programme coordinator of Commonwealth Human Rights Initiative (CHRI), who filed these RTI applications, says, “While the ECI continues to claim that the micro-controller used in the EVMs is OTP, the description of the micro-controller’s features on NXP’s website indicates that it has three kinds of memory—static random-access memory (SRAM), FLASH and electrically erasable programmable read-only memory (EEPROM or E2PROM). Experts who know enough and more about micro-controllers confirm that a computer chip, which includes FLASH memory, cannot be called OTP.” Mr Nayak, who filed the RTI application with the ECI in February 2019, sought the following information:
 
  • A clear photocopy of all reports of the technical evaluation committees received since 1990 till date regarding EVMs and VVPATs, along with annexures, if any;

 

  • A clear photocopy of the report of the forensic examination of EVMs conducted by the Central Forensic Science Laboratory (CFSL) pursuant to the direction of the Bombay High Court in EP No. 15 of 2014 along with annexures, if any; and

 

  • The complete list of manufacturers of micro-controllers used in the EVMs along with their postal addresses.
 
In his reply, the central public information officer (CPIO) from ECI simply stated that the file, regarding compliance with the Central Information Commission (CIC)’s recommendation to make the source code related information about EVMs public, was under submission. 
 
The CPIO stated that the report of the forensic examination of the EVMs used in the elections to the Assembly constituency of Parvati at Pune in Maharashtra, in 2014 were submitted to the Bombay High Court in a sealed cover. The ECI’s CPIO claimed that information about suppliers of micro-controllers used in the latest generation (M3) of the EVMs and VVPATs supplied to the ECI were available exclusively with the manufacturers.  Mr Nayak’s analysis of the main findings from documents obtained through the three RTI interventions shows:
 
  • The micro-controllers (computer chip) embedded in the BEL-manufactured EVMs and VVPATs used in the current elections, are manufactured by NXP—a reputable multi-billion dollar corporation based in the Netherlands with offices in over 30 countries. 

 

  • ECIL refused to disclose the identity of the manufacturer of the micro-controller used in its EVMs and VVPATs citing commercial confidence under Section 8(1)(d of the RTI Act;

 

  • In 2017, some segments of the media reported that Microchip Inc, US headed by a non-resident Indian (NRI) billionaire supplied the EVM micro-controllers. Documents released under the RTI Act show, that at least BEL has not used this company’s micro-controllers in the EVMs sold to the ECI for use in the current elections;

 

  • While the ECI continues to claim that the micro-controller used in the EVMs is one-time programmable or OTP, the description of the micro-controller’s features on NXP’s website indicates that it has three kinds of memory – SRAM, FLASH and EEPROM (or E2PROM). Experts who know enough and more about micro-controllers confirm that a computer chip, which includes FLASH memory, cannot be called OTP;

 

  • The ECI has not yet made any decision on the September 2018 recommendation of the CIC to get the competent authorities to examine whether detailed information about the firmware or source code used in the EVMs can be placed in the public domain in order to create public trust in the EVM-based voting system;

 

  • Despite the passage of more than five years, the ECI does not appear to have acted on the 2013 recommendation of its own technical evaluation committee (TEC) to make the firmware or source code embedded in the micro-controller used in EVMs transparent in order to ensure that there is no Trojan or other malware in the EVMs;

 

  • ECIL replied that the firmware or source code testing was done by a third party, namely, STQC, an agency under the ministry of electronics and information technology. But the CPIO denied access to the reports on the ground that they were too voluminous. BEL denied access to this information claiming the exemption relating to commercial confidence and intellectual property rights under Section 8(1)(d) of the RTI Act;

 

  • BEL won a purchase order worth Rs2,678.13 crore to supply EVMs and VVPATs to ECI. ECIL, however, refused to disclose this information also, stating that despatch data will be supplied after the general elections are completed; and;

 

  • While BEL claimed that the battery powering its EVM could last 16 hours of non-stop voting with 4 ballot units, ECIL claimed a battery life of two years for its EVMs!

 

  • While ECIL claimed that the firmware and source code audit related information was 'classified' and could not be disclosed under Section 8(1)(a) of the RTI Act which protects national security interests, BEL claimed commercial confidence and intellectual property rights-related exemption under Section 8(1)(d) to deny access to the same information.
 
The controversial story of India’s EVMs
 
Senior leader of BJP, GVL Narsimha’s book, Democracy At Risk! Can We Trust Our Electronic Voting Machines? states:
 
The most important among the "insiders" are the manufacturers of India's electronic voting machines namely, Bharat Electronics Limited (BEL) and Electronics Corporation of India Ltd. (ECIL). Both are wholly government owned Central public sector undertakings under the administrative control of the government of India.
 
In implementing the electronic voting machine regime, BEL and ECIL have in turn engaged the services of many others including foreign companies manufacturing microcontrollers (commonly referred to as chips) and private players and outsourcing agencies (some of which allegedly having political connections) for carrying out checking and maintenance of electronic voting machines during elections. They all are a source of potential hazard.
 
Another group that has a major role in maintaining the integrity of the voting machines is district administration in whose custody the EVMs are stored throughout their life cycle. As the same voting machines are commonly used in the same district over several elections, there are concerns regarding the security of the voting machines often stored in a decentralised manner in several locations in a district.
 
"Secret" Software Revealed to Foreign Companies: 
 
Shockingly, the EVM manufacturers, namely BEL and ECIL have shared the "top secret" software programming code used in the electronic voting machines with foreign manufacturers (Microchip, USA and Renesas, Japan) to have it fused (copied) onto the microprocessors. These chips are then delivered to BEL and ECIL through their local vendors as 'masked' microchips (in case of ECIL) or 'One Time Programmable Read Only Memory (OTP-ROM)' microchips (in case of BEL).
 
As the microchips delivered to the manufacturers are 'masked' or 'OTP-ROM', when the microchips are delivered, the EVM manufacturers have no facility to read back the contents in the microchips to establish whether the microchips supplied to them have the original software or not. Manufacturers of EVMs, BEL and ECIL can only carry out functionality tests on the electronic voting machines to check whether they are working properly or not. They cannot detect if the microchips supplied to them have malicious programming. To say the least, this is shocking.
 
If the microchips in the electronic voting machines contain malicious software (commonly referred to as Trojan), elections results can be manipulated easily.
 
Malicious programming can remain dormant during normal testing processes, but get activated later at the time of elections. This would result in an election fraud that can neither be detected before elections nor proved after elections.
 
Curiously, BEL and ECIL could have done the 'fusing' of the software onto microcontrollers in their own premises in a secure manner. That being the case, why did they prefer to do this in a foreign country? At whose instance was this decision taken and what were the compelling reasons for taking the decision? Was the Election Commission responsible for taking this decision? If no, did it approve of the decision by the manufacturers? And, was it at least aware of it?
 
Despite repeated queries, there are no answers forthcoming from the Election Commission to any of these questions.
 
According to the RTI replies given by the Election Commission, the software program (referred to as source code) in the EVMs is not available with it. The expert committee of the Election Commission, headed by Prof PV Indiresan, which approved the EVMs currently in use in elections, has done "black box testing". This means that the committee did not examine and certify the software program in the EVMs. It is the software in the EVMs that drives all its functions. By apparently not examining the software and merely relying on functionality tests, the Expert Committee has left a gaping hole in the security of the EVMs. This is horrifying.
 
(Vinita Deshmukh is consulting editor of Moneylife, an RTI activist and convener of the Pune Metro Jagruti Abhiyaan. She is the recipient of prestigious awards like the Statesman Award for Rural Reporting which she won twice in 1998 and 2005 and the Chameli Devi Jain award for outstanding media person for her investigation series on Dow Chemicals. She co-authored the book “To The Last Bullet - The Inspiring Story of A Braveheart - Ashok Kamte” with Vinita Kamte and is the author of “The Mighty Fall”.)

 

Comments
kalai siva
2 years ago
https://twitter.com/cinehifx_kalai/status/1143775441481797632?s=19

https://twitter.com/cinehifx_kalai/status/1143776088088354817?s=19

https://twitter.com/cinehifx_kalai/status/1143778210146074624?s=19

https://twitter.com/cinehifx_kalai/status/1143783063631081472?s=19
kalai siva
2 years ago
it may seem risky, funny.. i had suggested
to swap vote-data into microSD/SD crd from booths of entire Nation collected in to a suitcase ad James bond

through VPN to few HDdiscs of servers, centralised to single pt tht #security🔐 focused n wifi Jammers🔨/ Faraday shield💉

thereby #hack proof enabled thn hack facilitated
current system


firstly the data in SD/microSD crd, #CD cannot be altered unless a physical intervention n external HrD ware to write, the crucial aspect builds trust n awareness

~for every one are shareholders of electoral process??

but within enclosure #EVM the innards n functions undisclosed the sole party who claims authenticity or any secret hw their machine can be #tampered

~Election commission are the proprietor !!???


simply tht battery still inside EVM tht suppose to at rest
1. to energises extra activity
2. micro controller/processor autonomous mode
3. spl coding's awakened 4leathal acts
4. memory Ram physically nt disconnected by switch
5. pwr to wifi connect tools /a satellite

means any data can be rewritten to in front of eyes blind folded / storage

imagine vry latch tht suppose to be trusted a sealing of #evm, bt turns out be a switch that actually activates..

satellites / IT _ who's ministry?


as i already stated a simple mechanism of ppr printed wound as Roll instead of being cut to slips in VVPATS machine thn read to tally with EVM vote count,
do i have to mention this an enabler provides trust in electronic voting the booth agents can sign on the ppr roll?

https://twitter.com/cinehifx_kalai/status/1143775441481797632?s=19

https://twitter.com/cinehifx_kalai/status/1143776088088354817?s=19

https://twitter.com/cinehifx_kalai/status/1143778210146074624?s=19

https://twitter.com/cinehifx_kalai/status/1143783063631081472?s=19
Banu Prakash A S
2 years ago
Do repolling with paper ballots
Ishan JJ
2 years ago
When there are so many questions; it's essential for ECI to prove their point to restore the faith of people in democracy. One easy way is to count all the VVPATs instead of just 5%, but commission refused it by saying it will take 6 long days to count all the VVPATs. Constitutionally it was given the work to conduct free, fair and transparent Elections, but claiming the time taken instead of restoring the faith in Election process in itself create doubts over the intensions of ECI. Moreover the bias and mockery of MCC adds more impetus over the opposition's claims.
NANDAKUMAR M S
2 years ago
When election commission has openly invited people to demonstrate the fallibility of the machines, none came forward! While flash memory might be reprogrammable there is no explanation how the 'contact' will be made in the absence of USB, BT or any other means. Considering lakhs of machines, it is not explained if it is even feasible!
Mahesh S Bhatt
2 years ago
No system is perfect Vinita Deshmukh.Being a Cyber Security & Insider Breach forensics Auditor we believe we are talking more with less facts.This time's 5% physical verification of VVPAT's slips confirms.Mahesh Bhatt Kirticorp
David M. Thangliana
2 years ago
If our election system cannot be trusted, why go to all the trouble and expense of conducting huge and multi-stage elections? It is very troubling when such news as this published. Let us cross our fingers and hope that India's greatest strength, its democracy, has not gone down the drain and that the Indian masses are not going through a farcical democratic process every five years.
B. KRISHNAN
2 years ago
Election Commission openly challenged anyone to prove that the EVM can be manipulated. Where were all these technical experts then? We have to understand that every man-made machine has its limitations. It is not as though that no manipulation took place before the advent of EVMs. In fact those days it was worse! Just because some "expert" has now pointed out some as yet unproven loopholes, is it proper to demonise the entire operation of election of such magnitude? Some of our countrymen are eager to paint our country in bad light, just because the present dispensation does not suit them!
Hem Anth
Replied to B. KRISHNAN comment 2 years ago
Well, Mr. Krishnan, what we're talking about here is of huge consequence, elections being once-in 5 year affair. As individuals our lives may not come apart during this period but the people of this nation or of a state, as the case might be, have to put up with the government they "supposedly" elected. If you ask how worst can things get, i'll quote the most disastrous example in history. Post world war 1, the Nazi govt headed by Hitler actually LOST in their general elections but their election body was hand-in-gloves with this party and falsely declared Hitler's Nazi party as the victor (I'm not cooking this up. You can search on the internet to read the annals of german politics) . Needless to say what ensued in the years to come. Germany was so badly battered that it was reduced to a pile of rubble everywhere. So anything that concerns national interest SHOULD be held in strict scrutiny and there's nothing to "demonize' if anybody questions the sanctity of the election process.
Pankaj Sinha
Replied to Hem Anth comment 2 years ago
I totally agree with B Krishnan when he asks where were all the experts when ECI threw an open challenge to any one to come and hack the EVMs. Hem Anth, when quoting Nazi' manipulating election results after world war is actually favouring the earlier period of booth capturing and buying voters. Five EVM's comparison with VVPAT with no difference stands testimony of fair and unbiased elections in the country. It has become a fashion to continuously blain EVMs in the name of so called democracy in danger. But unfortunately, no one, till date, is able to prove any point. Every one is only shooting in the dark in anticipation on a glimpse of hope by huck or by crook. My humble request is to have faith in ECI untill some one proves it wrong with proof.
B. KRISHNAN
Replied to Pankaj Sinha comment 2 years ago
People who whine about EVMs are those who are unable to stomach the resounding win of NDA despite their false propagandada!
Manoj
2 years ago
Awesome news. Kudos to the activists who continue to pursue this critical issue without fear of their liberty and lives.
Wajidtara
2 years ago
100 % agreed with your one time program chip but, the actual program was made at the time of pulwama attack and celebrate the victory in advance.
2 years ago
Madam, give me only 10 minutes to nail the EC "tamper-proof" EVM claim in your office.
Mahalakshmi Venkatram
2 years ago
If there is no issue in EVM or VVPAT one can be fair enough to tell the people, when they were asking for 100 % VVPAT or Ballot papers should be made available. Why create such a commotion and doubts in everybody 's mind. Making only 5% VVPAT available raises doubts. If one is open and clear no one should fear from anyone nor hide things.
Mahalakshmi Venkatram
2 years ago
If there is no issue in EVM or VVPAT one can be fair enough to tell the people, when they were asking for 100 % VVPAT or Ballot papers should be made available. Why create such a commotion and doubts in everybody 's mind. Making only 5% VVPAT available raises doubts. If one is open and clear no one should fear from anyone nor hide things.
SANJEEV
2 years ago
Instead of making allegations via sensational articles, is there no independent, believable expert in this country who can stand up and say : EVMs can be manipulated and I can show the world? Or : why don't the opposition parties stand together, create a corpus fund to have the technology in EVMs analysed by international experts who will show us EVMs can be hacked or manipulated ? When a party wins an election, EVMs become reliable. When a party loses, they cast aspersions. Media joins the party wanting clickbait!!
Replied to SANJEEV comment 2 years ago
Oh yes, I have been saying that I can nail the EC claim in 10 minutes for the last 10 years now, since the machines were introduced, but the media does not give me a chance. I am an engineer with decades of experience in industry, but our media people think they are the final authority on tech issues. Pathetic.
Pankaj Sinha
Replied to comment 2 years ago
Oh really, I don't believe. Why don't you go to the ECI directl and why are you looking for any media house to sponcer you. Or you are also one of those liberals or Khan Market Gang who don't move an inch without getting some thing in return.
Raghuram J C
Replied to comment 2 years ago
What stopped you from accepting the challenge of EC? If such conspiratorial theories are floated without an inch of substantiating credibility of oneself, god only can save us. Instead of maligning the institutions, you should help to make the system better, if there is an iota of truth in what you proclaim yourself to be.
shadi katyal
2 years ago
It is unfortunate that while EC has failed miserably in allowing not only tickets to criminals or people with criminal cases pending ,It has failed to the nation as far EVM are concerned. Looking back at this election, it is evident that ECI failed all round.
Would we known as one of Banana Republics or need UN and other nations to supervise our elections.
One doubt if ruling party will make any amendmernts or changes in the present rules about ECI
Free Helpline
Legal Credit
Feedback