India’s EVMs to Aim for ideal standards
By: Hari Prasad
Fair & transparent elections form the fundamental basis of a great democracy. In an ongoing process of improving the entire election processes, the Election Commission of India has sought to increase the use of technology in elections to help automate the process. The intention was good & was to curb booth capturing and invalid votes. The idea was conceived in late 80's, design evolved and piloted in 1982.
Unfortunately, the design made by the two public sectors ECIL & BEL might have convinced the ECI in automating their process but failed in providing the much needed transparency and verifiability. The widely acclaimed ECI-EVM only allowed voter to franchise his vote but did not provide any verification that his/ her choice is honestly recorded. Trust and assumptions are surely not enough for fair elections?
Most parties and candidates typically lack technical expertise to check if the
purported safeguards (like mock polls, First Level Checking, sealing etc.) whether are not properly implemented. Importantly the entire voting system must be sufficiently transparent that even non-technical observers can observe the whole process and have confidence in results.
Generally, most systems become trustworthy when redundancy is used to protect
against internal errors. We need a secure process to authenticate hardware, software, operations, and results. It is utmost essential to have trustworthy paths for transport of all components used in the system.
Can anybody identify original components inside?
Display: Easy to duplicate!
The Election Commission of India should/must have complete control of the entire process to ensure that the voting machines are secure rather than merely rely on trust and certification by third parties. One cannot ignore the involvement of different entities outside the ECI’s control in the election process. Some foreign entities like chip vendors, their distributors are also involved in the procurement process.
The lack of transparency in EVM software is a matter of serious concern. The present EVM uses a OTP (code is written permanently only once in OTP) chip and the code fused inside cannot be read by anyone. The ECI claims this is a security feature against hacking of EVMs. But there is no verification mechanism available to authenticate the code fused outside the country and delivered by the third parties out of its control. Can we call this strength of the EVMs?
The life cycle of an Electronic voting machine without verificationfeature need to be under complete surveillance. If there is any violation in its security, such voting machines lose their sanctity. The checks and balances of the ECI are enforced only for a brief period during elections. This cannot certify the chastity of a machine from its storage life. The ECI seems to think that even if a few EVMs are infected by Trojans (malicious software to manipulate election results) in a warehouse, the possibility of triggering the Trojan and manipulating results can be ruled out as allocation of EVMs is decided through a twostage randomization procedure. This is not an adequate safeguard as randomization is typically done within a district using locally developed software. Is randomization a safeguard against EVM manipulations activating existing Trojans? The answer is a no.
One of the major threats to the present EVM system emanates from insiders. Electoral system checks and balances generally focus on effective defense against outsider attackers. The present system does not offer much protection against the phenomenon of insider threat.
EVM developers, component Vendors, Election officials and similar other insiders are generally ignored by the system on trust.
The possibility of insiders corrupting the results cannot be ruled out. Though threat exists in both paper ballot & electronic
systems, the possibility of detection is significant in the first and impossible in the latter.
Generally ECI-EVMs are supplied directly by manufacturers to the district electoral offices where the EVMs are functionally tested, though no software checking is done, (which is a serious security lapse) and stored in a warehouse under the supervision of the District electoral officer. The warehouse in-charge keeps the stock records and these records are to be verified on a periodic basis and appraised to ECI by state chief electoral officers. The actual implementation of these instructions is unknown and recent letter from ECI to all state CEO's on May 3, 2010 confirms the same.
That the EVM storage is lax is best illustrated by the case of the missing EVM that we have been given for security research. It is this case booked for “theft” that I have been arrested for though we were given the machine by an anonymous source, which we promptly returned after the scientific study.
Curiously, the FIR registered by the Mumbai police only reported “theft” of the control unit (whose serial number was shown on TV9 while demonstrating vulnerabilities of the EVM), while it is silent about the ballot unit provided by the same source.
Both the control & ballot units have been returned to the warehouse after the study in the month of February, and it was only the video that was aired in the television channel on 28th April 2010. It looks like the control unit could be located by the number (as displayed in the video aired) from the lot in the warehouse, so it has disappeared and eventually the FIR, but couldn’t locate the ballot unit as the number was not displayed in the video aired hence couldn’t get a place in the FIR.
Does it mean that the Ballot Unit is still lying as an unknown unit amongst other units inside the warehouse?
  Ballot Unit: Control Unit:
The sad reality is that the ECI or Mumbai collectorate have no proper records and thus would have no idea about the security of EVMs.
The questions that arise in the minds of voters are a) “How do I know the button pressed is correctly recording the votes?”b) “How do I verify that the voting machine has not been tampered with?” Similar concerns have been expressed by political parties at the all-party meeting held last week.
Introduction of technology in voting system is laudable but keeping such technology as a closely held “secret” to protect the commercial interests of manufacturers in the name of patent rights is exceptionable. It is high time the BEL and ECIL surrendered their Intellectual Property rights on EVM design to the ECI. These claims of “proprietary” technology and IPRs are seriously impeding the much needed assurance for the integrity of the EVMs.
Everything adopted to run an election should be transparent to convince the stakeholders of election integrity. Adoption of open standards in EVMs could resolve the transparency issue with open source available for public inspection to identify potential flaws. An authentication tool developed using open standards and approved under certification by NIC should be made available to anyone to authenticate the code and functionality of an EVM.
ECI with an open mind should take initiative in constituting a new expert committee or add new experts to the existing committee with the necessary technical expertise to study and address all the concerns raised with regard to the present EVMs. The committee appointed should call for proposals/ concepts from the technocrats of both academic and industry fronts. The best design selected by majority decision can be developed and tested in public domain by keeping it open for ethical hacking by scientists and researchers in the world. The design that withstands all the tests can finally evolve as an ideal EVM design. Only such a rigorous effort would help India to achieve worldwide recognition of its technological prowess. The present EVMs are miles away from meeting these ideal standards.