Home »  Analysis

Election Commission flunks the openness test on EVMs

Tuesday, 7 September 2010 - 12:45am IST | Place: Mumbai | Agency: DNA
When researchers went out to prove that electronic voting machines are not foolproof, the Election Commission chose to shoot the messengers. Does it have something to hide

I am doubtful about electronic voting machines (EVMs) based on a healthy engineering scepticism.

The touching faith we repose in computers is misplaced, because they are vulnerable to errors and tampering. It is a good idea to have a low-tech backup mechanisms for embedded systems, which run devices such as refrigerators, microwaves, ATMs, etc.

For instance, braking problems that led to Toyota’s massive recalls are almost certainly due to software-based systems. This is the reason why critical systems like nuclear power plants often have electro-mechanical controls, not computer controls. 

As embedded systems, EVMs are inherently risky. Admittedly, they have advantages: for one, it is not possible to do physical ‘booth-capturing’. Besides, votes are converted into digital impulses so that counting can be lightning-fast; and statistical data collection, and analysis are much easier.

Unfortunately, that strength is also, ironically, the Achilles’ heel of EVMs. Since there is no physical audit trail of the vote, once you have cast your vote, you cannot verify that it is honoured. It is a relatively minor task for a software-savvy criminal to fix an election. A paper trail — much like an ATM — is sorely needed to prevent this and provide validation.

There are two major aspects to making such systems more secure — human factors and processes. We have evolved fail-safe mechanisms that require cooperation of several individuals believed to be highly reliable. These people are vetted via security clearances. And processes need to be put in place that can prevent intentional or accidental errors.

The technical systems, human factors, and process issues need to work in perfect synchronicity for a complex system to work correctly. However, in several cases, EVMs have been found wanting, and this has led to bans in countries like the US, Germany, and the Netherlands. The Germans found that EVMs violated their constitution, because the system is obliged to prove to the voter that his vote is registered as per his intent, and EVMs cannot guarantee that.

It is in this context that we need to see the recent arrest of an Indian EVM researcher, Hari Prasad. The Election Commission of India (EC) has claimed that their EVMs are “foolproof”, “perfect,” etc. But Hari Prasad and fellow-researchers put together a proof-of-concept and demonstrated a hack on some other hardware. The EC pointed out, fairly, that this was not on one of the Indian EVMs. But when the researchers requested the EC to provide them with an actual EVM, it appears the EC refused access.

The EC has also emphasised how secure their processes are, how the machines are sealed in high-security currency-quality paper with wax and secured in warehouses in the custody of reliable officials. Alas, a system based on string and sealing wax sounds positively primitive.

Sure enough, the researchers acquired an EVM from one of the EC’s warehouses, and demonstrated several ways of tampering with it, including the use of radio-aware chips that would enable a Bluetooth-based cellphone outside a booth to manipulate the machines. The vaunted process of the EC was, however, not even aware of the missing machine for several months!

Computer security experts are not convinced, either. I listened carefully to the podcast of a session at the recent Usenix conference wherein this was debated, with representatives from both sides making their case. I was disappointed to hear that the foolproof measures that the EC is so proud of boil down ‘security by obscurity’ — that is, a complex process that is expected to be hard to break into — and faith in a small number of software people at firms the EC did not identify.

Instead of lauding Hari Prasad as a well-intentioned white-hat researcher whose suggestions for improvement should have been welcomed, the EC sought to demonise him and terrorise him. This is counter-productive. Thus, on several counts, including constitutionality, the reaction to whistleblowers, and the implications for Indian democracy, this is a fascinating case, and the EC did not cover itself with glory.

Distressingly, another other pillar of society did not distinguish itself. It is the media. So far as I can tell, the entire English-language media chose to bury this story, although a few stray op-eds have been written. This is a dereliction of the media’s duty as the watchdog of society. If an election is fixed, it is a bloodless constitutional coup. The fact that the media is not asking awkward questions and forcing the government to respond raises questions about its integrity and ethics.

Thus, two of the independent institutions in India that should impose checks and balances on the executive branch have abdicated their responsibility. This is a cause for extreme concern; this is a sign of a state whose machinery is breaking down. And that is the crux of the matter in l’affaire EVM.


Jump to comments