Opinion EVMs: The question of manipulation

The Election Commission has so far dogmatically refused to review the security protocol of our voting machines on the grounds that it has not received a single credible piece of evidence of misuse of EVMs. Nor has anyone so far effectively demonstrated that our EVMs can be manipulated,it asserts.

But the point really is not whether the EVMs have been manipulated so far,rather,whether it can be done. Free and fair election is the touchstone of a democracy. If there is the slightest suspicion that the electoral process can be compromised,it is the duty of the Election Commission to remove such misgivings. Computer experts believe there is no piece of software in the world that cannot be hacked or cracked into. Microsoft,the world largest software company with a turnover of over 60 billion dollars,has gone on record to state that it is not a question of ‘if’ the software you use will be hacked but a question of ‘when’. A secure computer software is an oxymoron.

An Election Watch body in Andhra Pradesh,whose members are highly respected citizens and many of them software experts,argues that since all software can be tampered with,there is a need for constant monitoring of our EVMs. There must be total transparency in providing information about how the EVMs operate rather than prohibiting all outsiders,including experts,from examining the machines.

Most importantly,there should also be a system in the EVMs where there is a paper trail as a back-up procedure to ensure that your vote has been correctly registered. The group has filed an appeal before the Supreme Court,which,in turn,has directed the body to approach the Election Commission.

I quote some of the salient points raised in the application and by the body’s individual members. I find the arguments they have made very pertinent and they need to be addressed by the EC:

“I have heard that EVMs are allocated only at the last minute to the constituencies and therefore cannot be rigged in advance. However,it is perfectly possible to plant a trojan in advance,which can be triggered by a single voter by keying in a combination of keys,first to trigger the code,and then press the key of his preferred candidate,which then arms the code to allocate let’s say every fifth vote to that candidate ¿ and then self-destruct before the voting is closed for the day.”

“The world has learnt that that the best security comes when a million eyes all over the world looks at the software and hardware and comment on the security in an open process. You cannot have a small group of experts sitting behind closed doors and coming out with a conclusion on the security of the software. Openness is the key.”

“As a technology literate citizen of the country I have no idea about the technology details behind the workings of the EVM. I do not know when the software was written,how many times it was upgraded,what are the security protocols used to protect the EVM’s from being tampered with. What physical security protocols are in place is a mystery to me. All that I know is that there is some committee of experts that is supposed to look into these issues. Their deliberations are not made public. These wise old men will meet in secrecy and I have to accept their decisions without any questions.

“We need to understand that our EVMs cannot be called computers,they have more in common with calculators as they are not intelligent in any manner. I f they were full- fledged computers then we could very easily write a virus that would control the entire EVM. As they are stupid machines,writing a virus may be next to impossible. The flip side is that as they have no complicated software within them,it can be a child’s play to rig the software already there in the EVM. If the software is on a chip that cannot be written to,we can replace the chip if need be. When things are not smart,the number of internal checks may be very few and this can lead to tampering with the system. As our EVMs are very old,the concept of security was non-existent then. A lot of security issues we face today are only because we did not bake security into our products,we added an extra layer after the systems were build. The Internet is insecure as the designers never thought of security when they first build the Internet. We would love to have the original design report of the EVM and will not all be surprised that security would not be a major concern then. All major software companies took security seriously only in the past decade.”

The election watchdog’s very valid suggestions for ensuring that the EVMs work fairly include:

1. As elections are always happening in the country,as a short term measure,the EC can request,say a dozen security professionals who can test the mechanism,to conduct mock polling and check if the results tally. This could be done under the glare of video cameras and the entire country can watch. This is to show that the EC has nothing to hide and is planning to make the entire process open and transparent.

2. Security is a process and not a onetime step. The EC must create a process of continuous auditing of the EVM system.

3 The best solution is a combination of technology and paper. Most of our population will never ever be comfortable with technology. So no matter what security experts may say about the security of EVMs,the vast majority of our citizens will have a lingering doubt. Hence,we believe that each time we cast our vote,a small printer connected to the EVM also prints out the vote,not the name of the candidate but the number of the candidate in different languages. This would make the design of the system much simpler as the EVM per se does not know the name of the candidate. The person who is voting can obtain a physical confirmation that the machine printed the number of the button he or she pressed and then this ballot paper can be placed in the ballot box and sealed. A physical counting of votes can only be ordered by a court of law. This process may increase the cost of the election process,waste more paper,be environment unfriendly but we believe it will set all nay sayers to rest. We will get the best of both worlds. This is why no country in the world relies on just an electronic system simply because people do not believe that the EVM got their vote right.