Did you know before that India’s electoral democracy is hostage to three idiots? Lest you think that I am being irreverent to the three election commissioners holding constitutional office, let me inform right away that the three people that I am referring to are junior programmers in the EVM manufacturing companies who have written the EVM software or source code that drive all the functions of the EVMs.
This revelation was made by none other than Prof. P.V. Indiresan, chairman of the expert committee of the Election Commission of India at the Electronic Voting Technology (EVT) workshop in Washington, DC yesterday. He told a stunned audience comprising some of the best voting system security experts and computer scientists that the Election Commission of India believes that these junior programmers are honest and trustworthy as they have been told so by the EVM manufacturers namely, the BEL and ECIL. The Election Commission is told that each company has three chaps who have written the software and all of them are trustworthy.
He made these observations in a panel discussion on India’s Electronic Voting Machines at the workshop. I was also a member of the panel at the Workshop besides Dr. Alok Shukla, deputy election commissioner of India and Prof. J Alex. Halderman, University of Michigan, U.S.
Ironically, the EVM software has not been shared even with the Election Commission of India forcing its expert committee to do what is called “Black Box testing.” Is it that the ECIL / BEL do not trust the Election Commission of India – constitutional body vested with the holding of “free and fair” elections – or its experts like Prof. Indiresan but trust these three junior programmers. That sounds like a dangerous proposition.
Several experts at the EVT conference in Washington were horrified to hear that the software is in the hands of a few programmers. They all felt unanimously that this was a scary proposition with dangerous consequences for election results and not a security feature as the as the ECI seems to believe.
Prof. David Dill, Stanford University, one of the best known electronic voting security expert contested the ECI’s claims that it has administrative safeguards and checks and balances that make EVMs “fully tamper proof”. He said, “all voting systems that have been claimed to be secure have been proved to be insecure. And all systems that have been alleged to be insecure by critics have been proved to be insecure.”
“Security through obscurity”
As if relying on the “trust” of three programmers was not enough, the EVM manufacturers have “masked” the software on the microchips installed in the EVMs. This means that even if a “Trojan” (malicious software that can manipulate election results) has been inserted in the software either by the three programmers themselves or their bosses, there is no scope for people to detect it. While the whole world sees this as a security hazard, the ECI has so far claimed this to be a security feature. The EVM manufacturers are trying to claim what is referred to as “security through obscurity.” In Prof. David Dill’s words, this obscurity is a matter of concern and actually a cause for raising a red flag.
Can manufacturers of systems be actually manipulating them? Yes. Several experts at the EVT workshop told the Indian participants on the sidelines of the Workshop that there are several instances where the manufacturers of electronic systems are themselves perpetrating fraud. A case study of how electronic gaming companies that claimed 100% security of their systems were later detected to have been engaged in utterly fraudulent operations.
From the facts available in public domain so far, the record of the two public sector EVM manufacturers namely, ECIL and BEL does not appear to be above board. We at VeTA therefore demand that the ECIL/ BEL should come clean on the following immediately:
- Who are the programmers who have written the source code for the EVMs? Where are they now? What is their present job and income profile?
As some techies have been approaching politicians offering EVM fixing solutions, I want the ECI to find out the names of these programmers and investigate them thoroughly. The investigation must cover their antecedents and their involvement in any murky financial dealings to see if they have made any windfall gains from their “exclusive” insider knowledge.
- The ECIL/BEL must immediately come out with the facts and circumstances leading to the decision to make the EVM software unreadable. Who suggested this? Was this done to prevent detection of any fraud and such that the crime can never be established?
- The ECIL/ BEL must reveal why, when and at whose instance they have chosen to engage foreign multinational companies for fusing software in them.
- The ECIL/ BEL must reveal the names of its own employees, names of other companies and individuals who have been hired/ contracted as “authorized” technicians for “first level checking” before all elections so far and explain the modalities of their selection and make public the contract documents, letters of appointment etc.
These government owned companies have so far resisted scrutiny. They have to be held accountable and cannot escape scrutiny on flimsy grounds like commercial interests and non-existent patent rights.
We will do everything possible to force these two companies to reveal all the above information. How would we do it? For instance, we would move RTI applications on all these questions, raise these questions in the media and advocate members of Parliament to raise questions in Parliament over the issue.
If the companies still resist revealing information citing commercial considerations, there is just no way left but seek outright removal of the bosses of these companies. After all, the nation’s interests are supreme and these two companies have put Indian democracy at a huge risk of being hijacked by three junior programmers and their bosses.
I can be contacted at nrao@indianEVM.com