These machines need to be tested for any possible security flaws — that is a standard operating procedure which is carried out by the world’s biggest technical conglomerates to make their systems foolproof
An interesting incident regarding Electronic Voting Machines (EVMs) has hit the headlines in recent days. Hari Prasad, managing director of Hyderabad-based Net India Private Limited, was arrested for 'stealing' an EVM.
He 'stole' the machine to demonstrate that the EVM can be tampered with. In fact, he - along with a University of Michigan professor and a Dutch security researcher - has even published a research paper on the vulnerability of the EVM.
In today's world of security, hacking into a system in a lab environment to show its vulnerabilities is an accepted practice. It is called by various names such as ethical hacking, or penetration testing. The only difference in this case is because of the way in which Mr Prasad acquired the machine to test the hacking techniques. Mr Prasad's claim is that he had approached the Election Commission (EC) with a request to allow him access to the machine, but they refused to do so; at the same time
the EC claimed that the EVMs are foolproof and secure. Finding no other way to address an issue which is at the heart of India's democracy, namely free and fair elections, Mr Prasad acquired the machine by other means.
Mr Prasad in my opinion has done a great service to the nation. By showing that the EVMs can be tampered with, he has opened up a dialogue on the vulnerability of the EVMs. The EC on the other hand is blatantly misleading the Indian people saying that these machines are secure. Further, they refused to allow access to these machines to security professionals. If indeed the machines are secure as they claim, why not allow access to security professionals?
In fact, the EC should have hired ethical hackers themselves to find vulnerabilities in their machines.That is the practice followed worldwide by companies whose products can be potentially hacked. The behaviour of the EC reeks of ignorance of current security practices.
That the implications of their behaviour hit at the crux of India's 'free and fair' elections makes that an act against the nation's wellbeing itself.
Our EC has over the years gained a good reputation for conducting the world's largest free and fair elections. But this act nullifies at least some of it. It is high time the EC opens up the machines to public and professional security. There is nothing wrong with having security vulnerabilities provided one has an open mind and they are fixed. Right from Google to Microsoft's products, no popular product in the world has escaped security holes. It is by fixing the security holes that the product keeps becoming more and more secure.
Meanwhile, today's reports indicate that some of the top officials in India have claimed that there is a political conspiracy to discredit India's election process via this hacking attempt. Politicising everything is the nature of India's politicians. It is irrelevant to the discussion whether there is a political angle behind Mr Prasad's act or not. That certainly does not absolve the EC of its lack of attention to security vulnerabilities in the machine. It is also interesting that the EC is not concentrating much on the technical aspects of the vulnerabilities disclosed by Mr Prasad. At least, getting into a deeper technical dialogue on that front and openly showing that the vulnerabilities disclosed by Mr Prasad are not critical would give more credibility to their response.
It is high time this country wakes up to this and fixes the vulnerabilities in EVMs lest politicians take advantage of the vulnerabilities and doctor the elections, assuming they have already not done so in the last elections.
(The author has a B Tech from IIT Bombay, and a PhD from Columbia University, New York. He currently runs a start-up, Teknotrends Software Pvt Ltd that does cutting-edge work in the area of network security).
Inside story of the National Stock Exchange’s amazing success, leading to hubris, regulatory capture and algo scam
Fiercely independent and pro-consumer information on personal finance.
1-year online access to the magazine articles published during the subscription period.
Access is given for all articles published during the week (starting Monday) your subscription starts. For example, if you subscribe on Wednesday, you will have access to articles uploaded from Monday of that week.
This means access to other articles (outside the subscription period) are not included.
Articles outside the subscription period can be bought separately for a small price per article.
Fiercely independent and pro-consumer information on personal finance.
30-day online access to the magazine articles published during the subscription period.
Access is given for all articles published during the week (starting Monday) your subscription starts. For example, if you subscribe on Wednesday, you will have access to articles uploaded from Monday of that week.
This means access to other articles (outside the subscription period) are not included.
Articles outside the subscription period can be bought separately for a small price per article.
Fiercely independent and pro-consumer information on personal finance.
Complete access to Moneylife archives since inception ( till the date of your subscription )
I am of the opinion that technology can do very little to prevent systemic frauds. There needs to be separate checks and balances to prevent that.
I am not against any review. However, there is a need to separate technology vulnerabilities and systemic vulnerabilities and address them separately. The way the problem is being articulated now confuses the issues.
If you can recall, even during the paper ballot days, there used to be allegations of booth capturing and ballot paper tampering - invalidating the ballot by stamping on multiple candidates. You cannot verify that by looking at the ballot papers. In western countries, such frauds surronding the ballot papers are rare. In India that allegation was all too common , especially in some states. Hence, I am not too sure going back to the paper ballot is the only solution. To overcome the limitation of not having hard copy, one can embed a thermal or punch card (easy to read) printer to record each vote count. However, any electro-mechanical device would reduce the reliability of the system as printers are prone to frequent failures.
Your cliam of ballot process is reasonably full proof cannot be accepted. Have you seen the hacking video and Hari Prasad lecture in IIT allimini. Please search in youtube. Democracy cannot be run on the anybodies mere assumption that its a full proof. Then why developed countries like Germany, Ireland, Netherland, Usa..etc have not gone towards EVM. Simple in the Europe election it was simply rigged it. 2004 california banned evm. Counties first take EVM as choice and they have left it. So its good to know the history of EVM first. I cannot believe that congress owned Maharastra and central govt cannot do anything to the machine. The chips are manufactured from hitachi and software is fused into the chip. So not even Election commission can verfiy the software. So if somebody changed the software with a trogen then nobody can detect it.
Also Hari Prasad shows way to temprorary and permanent changing of votes with Eprom and dual memory chips. He basically hacked in 30secs with LED display. Please take a look at those videos.
So in Germany they gave a court argument verdict that democracy cannot be run on trust. There needs to be verifiablility and Paper trail proof. The common people should be able to understand that there was some kind of hacking "when it was tampered". Here chips cannot be detected by common man. If balot paper were looted then there is a proof and here there is nothing. Also it takes effort to fraud a paper trail and here it would take BEL and ECIL employees or chips that is been generally carried from USA by an ordinary man to be tamper it.
So now that people have got a doubt, things cannot run through as usual. Also its baseless arugment and sentiment that its been produced by India. The main thing is DEMOCRACY and VOTING not the Patent of machines.
Also when EC calls people to prove that its tamperable then its not allowing to even touch the machine. Well if you argue that machines are kept in safe site I cannot believe the maharastra Commissioner who is guarding 1.3 million machines. Its a joke. Politician have 1000s of crores and history shows that IPS/IAS people have been bought for money.
So there are so many many ways of tampering things......
Shivakumar - Hariprasad went to EC office for showing the proof and when they were given the mahcine mister Chawla from election commission got panic as they recognized the architecture of machine. They were easily tamperable and so they sent them to home. Also sent them a criminal notice for intimidation. Basically everything is there in manual it seems which is available to study. So forget about IIT even Harward/MIT or any others have not come up with tamper proof machines. If you want your vote to go at a right place then you choose which method you want.
Also people must have choice whether they want to vote with Paper or EVM. My way would be through PAPER. You guys can choose your method and put the vote. So both choice must be given to citizens.
What is to be proved is not just that a machine can be hacked (almost every machine can be hacked), but in a given election hacking / rigging of EVMs has indeed taken place to the advantage of a particular party.
My point is, if a particular party is indulging in the rigging of EVMs thru hacking, then that party should win every election, which is not the case.
At the same time, EC should address all legitimate doubts and fears of independent Indian experts not connected with any political party.
Having said that, it does not hurt to subject EVMs to scrutiny. However, I am a little concerned about the process adopted and what is being claimed, which in a classical sense cannot be termed as hacking. Hacking typically refers to breaking into a system from outside - something like using random key sequeces or altering the voltages to change the recorded votes.
BTW, the EC claims that they did give them access to machine after the SC directive, but the teams could not conclusively prove their claims.
I believe most of the machines can be hacked, but in the context of EVM, the issue is little different.
When certain parties loose elections then they immediately blame the EVMs and this applies to all the political parties without exception.
Otherwise how is it that BJP continues winning in Gujarat, MP and Raipur and sometime back evenadded Karnataka to its kitty.
In Maharashtra, Congress won by default because of the division of Saffron votes due to division in Sena.
Now we are witnessing the changing scenario in West Bengal. In the next elections if Left is thrown out, which looks very likely, then they will grumble that EVMs are to blame.
We Indians are argumentative, that is fine but let us not be willing to damage the credibility of our own Institutions without some solid grounds.
If Hari Prasad still believes that he has a solid case, he can file a PIL in the court and present his case. In the meantime, let us not make a mockery of our election process, which is hailed the world over.
BTW, the system that existed prior to EVM, the paper ballot, was much more fraudulant. People who worked as presiding officers with paper ballot would tell you harror stories around it.