HOME Seprator ABOUT VeTA Seprator BOOK ON EVM Seprator EVM RESOURCES Seprator PRESS RELEASES Seprator SIGN RESOLUTION Seprator CONTACT US

EVMs can be manipulated in elections: Election Commission

The Election Commission of India has made an amazing confession: that the security and integrity of the entire election system will be compromised if the EVM software and the hardware design becomes known.

This is what technologists, activists and political leaders have been saying for many months now and the Commission had steadfastly refuted such claims with a bizarre “our EVMs are fully tamper proof” claim.

The above revelation was made by the Election Commission in a letter dated March 30, 2010 to V.V. Rao, petitioner in the Supreme Court on the EVMs. I quote below:

”…The Commission is concerned that commercial interests could use the route of reverse engineering (a process by which the original software and hardware configuration can be accessed) which may compromise the security and sanctity of the entire election system.”

“…It is once again made clear that any demonstration of alleged tamperability cannot include reverse-engineering as it compromises security and sanctity of the entire election system.”

Reverse engineering is the process of discovering the technological principles of a device through analysis of its structure, function and operation. It often involves taking a device and analyzing its workings in detail to make a new device or program that does the same thing without utilizing any physical part of the original.

In a nutshell, the concept behind reverse-engineering is to break something down in order to understand it and build a copy or improve it.  This process was originally applied only to hardware. Reverse-engineering is now applied to software.

http://en.wikipedia.org/wiki/Reverse_engineering

http://www.computerworld.com/s/article/65532/Reverse_Engineering

There are many instances of reverse engineering by academicians and ethical hackers to unravel the EVM software and understand its hardware configuration. Scientists across the world resort to reverse engineering to expose the vulnerabilities of the electronic voting systems. This is indeed necessary to plug the security holes in voting systems which can be exploited by miscreants. Many such successful attempts have attracted international attention and led to reform in electronic voting systems. One such experiment happened a few months ago.

Computer Scientists Take Over Electronic Voting Machine with New Programming Technique

San Diego, CA, August 10, 2009 — Computer scientists demonstrated that criminals could hack an electronic voting machine and steal votes using a malicious programming approach that had not been invented when the voting machine was designed. The team of scientists from University of California, San Diego, the University of Michigan, and Princeton University employed “return-oriented programming” to force a Sequoia AVC Advantage electronic voting machine to turn against itself and steal votes.

http://www.jacobsschool.ucsd.edu/news/news_releases/release.sfe?id=873

The Election Commission of India now openly admits that the security and integrity of the entire election system may be compromised if anybody reverse engineers the ECI-EVMs.

This statement of the Election Commission raises several questions that impinge on India’s electoral democracy.

1. Why has the Election Commission repeatedly misled the nation so far repeatedly claiming that its EVMs are tamper proof and unriggable?

2. Given that for a reverse engineering operation, one requires access to only a single machine of each make/ model (there are only four models in use), what is the guarantee that people have not gained unauthorized access to EVMs? Over 13 Lakh EVMs are lying all over the country in the districts and it is easy and simple to get a few of them.

3. Manufacturers, software programme developers, other employees, private foreign companies involved in software fusing etc. have access to the machine software and hardware specifications. What is the guarantee that they have not used such knowledge to “fix” elections in the country? In the light of the ground level reports that such insidious operatives are at work, isn’t it silly to make such assumptions? (Refer my book “Democracy at Risk: Can we trust our EVMs?” for vivid accounts of such murky operations.)

4. Ironically, even the Election Commission and its experts committee have not examined the software in the EVMs. The Experts Committee has only done functional testing of the EVMs, referred to as the Black box testing, which is highly unreliable for security testing. What is then basis for the Election Commission’s confidence in the reliability of the EVMs?

5. Why has the Election Commission chosen to blindly trust the EVM manufacturers when it has a splendid record in taking officials involved in elections to task for even minor aberrations? Is it its helplessness or lack of technical familiarity that made it blindly trust the manufacturing PSUs?

6. Why did the Election Commission allow the EVM manufacturers to share the software programme with foreign manufacturers of micro chips who in turn mask the chips which makes it impossible for even the manufacturers to read back the software contents?

After this latest admission, one would have hoped that the Election Commission would reform the voting system to make it absolutely secure. Perhaps, that is too much to expect from the Election Commission. This becomes evident from the Election Commission’s affidavits in the Delhi High Court rebuffing suggestions of transparency and auditability by introducing voter verified paper print out of all votes cast on EVMs.

This is my first blog on the subject.

Will update you regularly with the latest news and analyses.

NARASIMHA RAO

If you have any questions or comments, write to me at nrao@indianevm.com

This entry was posted on Monday, April 12th, 2010 at 12:00 AM and is filed under EVM Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

7 Responses to “EVMs can be manipulated in elections: Election Commission”

  1. Anand Says:

    Dear Sir,

    For some reason or the other, the discussion seem to be one sided. Every one is questioning the authenticity of EVMs and ‘possible’ threats around it. I’m a technical person and I can fully understand the concerns raised by different people and to some extent, share their concerns too.

    However, Unfortunately, no one seem to put-forth an adequate solution without EVMs. We’re talking hundreds of problems and thousands of quotes and examples from different parts of the world which opposes the EMVs.

    At the same time, we simply ignore to compare the efficacy of old paper based elections in india and abroad. Can we draw any comparison in this regard? How many instances of booth capturing, damaging the ballot papers & boxes by the mighty and the violence around it?

    Was it better in the earlier system? I think, best option would be to fully scrutinize the present performance of EVMs and plug the loopholes in it instead of arguing for ‘rollback’.

  2. Dileep Kumar Says:

    This is not correct. Security of a system does not depend upon the design or code being secret. That is because it can NEVER be assured. This argument must never have been put forth by the EC.

    The EC should have provided the schematics and code of the EVM under NDA to qualified people, so that they can analyze the vulnerabilities.

    I have done extensive analysis on the vulnerabilities and found that the EVMS, as per the published specs, are tamper proof. These were debated on the forum http://forums.bharat-rakshak.com/viewtopic.php?f=2&t=5008

  3. Narasimha Rao Says:

    1. The Election Commission of India does not even acknowledge that the concerns regarding the EVMs are indeed valid and stop making unacceptable claims that its EVMs are totally tamper proof. Let them first accept this and appoint a Committee of independent, neutral experts including international experts like Prof. David L. Dill of the Stanford University who has volunteered to help the ECI. Let this Committee go into all aspects of the EVMs, involve all the stakeholders and then make comprehensive recommendations. If the ECI fails in its duty to take such an initiative, let a Joint Parliamentary Committee (JPC) be formed to examine all the relevant issues and hold discussions with electronic voting security experts. There are no magic-bullet solutions to be offered readily. But that cannot be a reason for persisting with the ills of an electronic system that can lead to “wholesale”, invisible and a clean system of electronic booth capturing, while you appear to be unduly worried about “retail”, dirty and visble booth capturing by goons.

  4. murali Says:

    It is ironical that a serious issue concerning the biggest democracy in the world is being brushed away by ECI people as if it is their sole proprietary concern. They must not forget peoples concern is much more important than anything. I was eagerly waiting since september 3rd 2009 when the ECI people abruptly ended the demo of EVM tampering concucted by mr.hariprasad in delhi. THE ECI MUST ACCEPT THE ALLEGATIONS AND INVITE THEM FOR DEMO OF EVM TAMPERABILITY.

  5. panama Says:

    Fantastic, thanks for posting!

  6. Karthik Says:

    I congratulate an intellectual warrior Sri. Narasimha Rao for exposing ECI in a scientific and unbiased manner. As far as the people who question the unethinical means adopted in Paper Ballot system etc, they need to realize that electrol manipulations done in Paper Ballot system will be easy to track as the number of people involved in such manipulations will be more in number and at grassroot level. The science behind EVMs is so complex for a Common man that he simply cannot comprehend electrol frauds commited through the EVM system. If still are we to use EVMs let be the kind of VVPAT ones with ATM like slips generated as a standby option in case of any suspision. Cost is a secondary issue and it can be undone by electing a Good Govt. through transperant means. Only 2 options: 1) Either Ban EVMs or 2) Use EVMs with printout of votes generated.

  7. Roopesh Says:

    Now biggest fraud Naveen Chawla say –>”We have no doubt that our EVMs are cent per cent tamper-proof and foolproof”

    I think the main drawback of EVM is that the voter dont know on what election sign his vote casted by EVM as the voter is not directly cast his vote.Only illusion make him feel that his vote went for a particular party or person.

    Even if not fraud why can’t he try to add ballet support EVM, just like use EVM , it also print the vote in ballet paper, first we can count ballet paper & then check EVM if this two giving same result then its ok