There is an urgent need for public scrutiny of Electronic Voting Machines

These machines need to be tested for any possible security flaws — that is a standard operating procedure which is carried out by the world’s biggest technical conglomerates to make their systems foolproof

An interesting incident regarding Electronic Voting Machines (EVMs) has hit the headlines in recent days. Hari Prasad, managing director of Hyderabad-based Net India Private Limited, was arrested for 'stealing' an EVM.

He 'stole' the machine to demonstrate that the EVM can be tampered with. In fact, he - along with a University of Michigan professor and a Dutch security researcher - has even published a research paper on the vulnerability of the EVM.

In today's world of security, hacking into a system in a lab environment to show its vulnerabilities is an accepted practice. It is called by various names such as ethical hacking, or penetration testing. The only difference in this case is because of the way in which Mr Prasad acquired the machine to test the hacking techniques. Mr Prasad's claim is that he had approached the Election Commission (EC) with a request to allow him access to the machine, but they refused to do so; at the same time
the EC claimed that the EVMs are foolproof and secure. Finding no other way to address an issue which is at the heart of India's democracy, namely free and fair elections, Mr Prasad acquired the machine by other means.

Mr Prasad in my opinion has done a great service to the nation. By showing that the EVMs can be tampered with, he has opened up a dialogue on the vulnerability of the EVMs. The EC on the other hand is blatantly misleading the Indian people saying that these machines are secure. Further, they refused to allow access to these machines to security professionals. If indeed the machines are secure as they claim, why not allow access to security professionals?

In fact, the EC should have hired ethical hackers themselves to find vulnerabilities in their machines.That is the practice followed worldwide by companies whose products can be potentially hacked.  The behaviour of the EC reeks of ignorance of current security practices.

That the implications of their behaviour hit at the crux of India's 'free and fair' elections makes that an act against the nation's wellbeing itself.

Our EC has over the years gained a good reputation for conducting the world's largest free and fair elections. But this act nullifies at least some of it. It is high time the EC opens up the machines to public and professional security. There is nothing wrong with having security vulnerabilities provided one has an open mind and they are fixed. Right from Google to Microsoft's products, no popular product in the world has escaped security holes. It is by fixing the security holes that the product keeps becoming more and more secure.

Meanwhile, today's reports indicate that some of the top officials in India have claimed that there is a political conspiracy to discredit India's election process via this hacking attempt. Politicising everything is the nature of India's politicians. It is irrelevant to the discussion whether there is a political angle behind Mr Prasad's act or not. That certainly does not absolve the EC of its lack of attention to security vulnerabilities in the machine. It is also interesting that the EC is not concentrating much on the technical aspects of the vulnerabilities disclosed by Mr Prasad. At least, getting into a deeper technical dialogue on that front and openly showing that the vulnerabilities disclosed by Mr Prasad are not critical would give more credibility to their response.

It is high time this country wakes up to this and fixes the vulnerabilities in EVMs lest politicians take advantage of the vulnerabilities and doctor the elections, assuming they have already not done so in the last elections.

(The author has a B Tech from IIT Bombay, and a PhD from Columbia University, New York. He currently runs a start-up, Teknotrends Software Pvt Ltd that does cutting-edge work in the area of network security).
 

Comments
RNandakumar
1 decade ago
EVM s that are tamper proof is a challenge for our IT professionals. But first they should get approval from our Netas. India had shown remarkable voting skills though the literracy rate may not indicate such. Considering the past record if centre could ensure the safety of the ballots paper ballots in the past had proved their worth.
ramdass
1 decade ago
Mr. Srinidhi,

I am of the opinion that technology can do very little to prevent systemic frauds. There needs to be separate checks and balances to prevent that.

I am not against any review. However, there is a need to separate technology vulnerabilities and systemic vulnerabilities and address them separately. The way the problem is being articulated now confuses the issues.

If you can recall, even during the paper ballot days, there used to be allegations of booth capturing and ballot paper tampering - invalidating the ballot by stamping on multiple candidates. You cannot verify that by looking at the ballot papers. In western countries, such frauds surronding the ballot papers are rare. In India that allegation was all too common , especially in some states. Hence, I am not too sure going back to the paper ballot is the only solution. To overcome the limitation of not having hard copy, one can embed a thermal or punch card (easy to read) printer to record each vote count. However, any electro-mechanical device would reduce the reliability of the system as printers are prone to frequent failures.
Srinidhi
1 decade ago
Mister Ramadss and shivakumar..
Your cliam of ballot process is reasonably full proof cannot be accepted. Have you seen the hacking video and Hari Prasad lecture in IIT allimini. Please search in youtube. Democracy cannot be run on the anybodies mere assumption that its a full proof. Then why developed countries like Germany, Ireland, Netherland, Usa..etc have not gone towards EVM. Simple in the Europe election it was simply rigged it. 2004 california banned evm. Counties first take EVM as choice and they have left it. So its good to know the history of EVM first. I cannot believe that congress owned Maharastra and central govt cannot do anything to the machine. The chips are manufactured from hitachi and software is fused into the chip. So not even Election commission can verfiy the software. So if somebody changed the software with a trogen then nobody can detect it.

Also Hari Prasad shows way to temprorary and permanent changing of votes with Eprom and dual memory chips. He basically hacked in 30secs with LED display. Please take a look at those videos.

So in Germany they gave a court argument verdict that democracy cannot be run on trust. There needs to be verifiablility and Paper trail proof. The common people should be able to understand that there was some kind of hacking "when it was tampered". Here chips cannot be detected by common man. If balot paper were looted then there is a proof and here there is nothing. Also it takes effort to fraud a paper trail and here it would take BEL and ECIL employees or chips that is been generally carried from USA by an ordinary man to be tamper it.

So now that people have got a doubt, things cannot run through as usual. Also its baseless arugment and sentiment that its been produced by India. The main thing is DEMOCRACY and VOTING not the Patent of machines.

Also when EC calls people to prove that its tamperable then its not allowing to even touch the machine. Well if you argue that machines are kept in safe site I cannot believe the maharastra Commissioner who is guarding 1.3 million machines. Its a joke. Politician have 1000s of crores and history shows that IPS/IAS people have been bought for money.

So there are so many many ways of tampering things......

Shivakumar - Hariprasad went to EC office for showing the proof and when they were given the mahcine mister Chawla from election commission got panic as they recognized the architecture of machine. They were easily tamperable and so they sent them to home. Also sent them a criminal notice for intimidation. Basically everything is there in manual it seems which is available to study. So forget about IIT even Harward/MIT or any others have not come up with tamper proof machines. If you want your vote to go at a right place then you choose which method you want.

Also people must have choice whether they want to vote with Paper or EVM. My way would be through PAPER. You guys can choose your method and put the vote. So both choice must be given to citizens.
Shivkumar
Replied to Srinidhi comment 1 decade ago
I think you have missed out my point. The issue is every political party complains only when it looses an election or does badly in an election, but does not say a word against the EVMs if it wins the election.

What is to be proved is not just that a machine can be hacked (almost every machine can be hacked), but in a given election hacking / rigging of EVMs has indeed taken place to the advantage of a particular party.

My point is, if a particular party is indulging in the rigging of EVMs thru hacking, then that party should win every election, which is not the case.

At the same time, EC should address all legitimate doubts and fears of independent Indian experts not connected with any political party.
ramdass
1 decade ago
The western nations do not require EVMs as the size of the electorate is managable and the ballot process is reasonably foolproof. The same cannot be said about Indian system.

Having said that, it does not hurt to subject EVMs to scrutiny. However, I am a little concerned about the process adopted and what is being claimed, which in a classical sense cannot be termed as hacking. Hacking typically refers to breaking into a system from outside - something like using random key sequeces or altering the voltages to change the recorded votes.

BTW, the EC claims that they did give them access to machine after the SC directive, but the teams could not conclusively prove their claims.
Shivkumar
1 decade ago
The truth is that we Indians can't give credit for any achievment to our fellow men unless some foreign University guy gives a nod. Just because US or UK are not using EVMs due to their own incompetence, should be we doubt our own system. Recall the mess the US system created during Bush's election.

I believe most of the machines can be hacked, but in the context of EVM, the issue is little different.

When certain parties loose elections then they immediately blame the EVMs and this applies to all the political parties without exception.

Otherwise how is it that BJP continues winning in Gujarat, MP and Raipur and sometime back evenadded Karnataka to its kitty.

In Maharashtra, Congress won by default because of the division of Saffron votes due to division in Sena.

Now we are witnessing the changing scenario in West Bengal. In the next elections if Left is thrown out, which looks very likely, then they will grumble that EVMs are to blame.

We Indians are argumentative, that is fine but let us not be willing to damage the credibility of our own Institutions without some solid grounds.

If Hari Prasad still believes that he has a solid case, he can file a PIL in the court and present his case. In the meantime, let us not make a mockery of our election process, which is hailed the world over.
ramdass
1 decade ago
I am not too convinced by the arguments of Hari Prasad. They have tried to create a confusion around hacking. Here, they opened the system, changed the circuit, or possibly replaced with a look alike system, and then demonstrated that the new machine can hoodwink people into believing they are genuine. Such changes would require a systemic support and cannot be termed hacking. They are akin to organized fraud. A simple integrity check to see if the system hardware is tampered could prevent even such remote possibilites.

BTW, the system that existed prior to EVM, the paper ballot, was much more fraudulant. People who worked as presiding officers with paper ballot would tell you harror stories around it.
Joseph Hall
1 decade ago
Thanks very much for this thoughtful, well-written and nicely argued post. It seems wishful but the best result would be, as you say, if the Indian government and the Elecion Commission could only learn that bringing their critics into the fold would result in more trustworthy election equipment and processes.
Array
Free Helpline
Legal Credit
Feedback