‘Many nations have dumped the EVM’

Three intrepid men from three different continents decided to do what Mahatma Gandhi once did: break the law to fight for a larger cause. V Hari Prasad, technical coordinator of VeTA (Citizens for Verifiability, Transparency and Accountability in Elections), Rop Gonggrijp, a Dutch ethical hacker, and J Alex Halderman, professor of electrical engineering and computer science at Michigan University, were convinced that electronic voting machines (EVM) in India were not fool-proof and asked for an EVM to demonstrate their claim.

The Election Commission (EC) refused to give them a hearing. So the three got hold of an EVM, carried out a demonstration, and returned the EVM to its original place. Then they released footage of the entire tampering process to the media.

But instead of thanking the trio, an enraged EC went after them. Hari Prasad, the lone Indian, was arrested on August 21, and kept in custody till August 28, when he was released on bail. Last heard, the cops were still looking for the men who ‘stole’ the EVM for Hari Prasad, Rop, and Alex. In an interview with The Mag, Prof Halderman explains how easy it is to tamper with an EVM and why this is an issue of tremendous import for a democracy like India. Excerpts:

The EC-appointed technical committee has said that your claim that EVMs can be tampered with is a ploy to discredit Indian EVMs for the benefit of rival firms.
These allegations are baseless. Hari Prasad asked Rop Gonggrijp and me to participate in the study because we are established researchers in the electronic voting security field. Rop discovered serious problems in the machines used in his native Holland. Following his research, Holland actually switched back to paper ballots. I co-authored the first academic security analysis of a deployed EVM, which was also the first study to demonstrate the possibility of a voting machine virus.

Since then, I’ve co-authored security reviews that found flaws in many other kinds of machines, including a state-wide voting system review commissioned by the California government. Our participation in this review of the Indian EVM was paid for entirely from our university or personal funds, except for the cost of our travel to India, which was arranged by a citizens’ group named Save Indian Democracy (based in New Jersey, USA).

So how did you get access to an EVM?
Our goal was an independent, objective evaluation of the EVM’s security. Hari Prasad and others in India spent almost a year trying to work with the EC to conduct such a study, but the EC refused to grant access to a machine. Then, in February of last year, Hari was approached by a source who offered to provide him an EVM to study.

This source requested anonymity, but we have every reason to believe that the machine came from someone who had lawful access and that it was provided to us as a matter of conscience, out of concern that security problems might harm Indian democracy.

Can you explain in layman’s language how EVMs can be tampered with?
There are three ways in which the EVM can be tampered with. First, dishonest election insiders or criminals could change the votes stored in the EVM in the time between polling and counting. One way to do this involves attaching an electronic device to the memory chips inside the machine and rewriting the vote data to favour a given candidate.

Such a device could also be used for booth-capturing, because it bypasses the EVM’s ability to control how quickly votes are cast. Not only is this device discreet and simple to use, it’s also cheap enough for a criminal to hand out to a squad of goons.

Second, criminals could replace parts of the EVM (or even whole machines) with look-alikes that behave dishonestly. Many parts of the system could be replaced, but our study focused on the LED display, a small circuit inside the machine that is used during counting to indicate how many votes each candidate received. We built a dishonest display that looks just like the real one but contains a hidden chip that substitutes fraudulent vote totals.

Dishonest election insiders could install look-alike displays. The usual pre-election mock polls wouldn’t catch this cheating, because the display only cheats after hundreds of votes are cast.
Such attacks might seem high tech, but they’re straightforward for anyone with an electronics background. One of my students built our first dishonest display in less than five days. India has no shortage of skilled electrical engineers who would need even less time.

The third category of tampering, and perhaps most worrying, has to do with the software inside the EVMs, which controls almost all aspects of their operation. EC expert committee chairman PV Indiresan has said that only 3-4 junior officials at the EVM manufacturers know what’s in the software code. If some of these officials are dishonest, they could add a back door to the code that would steal votes upon receiving a secret combination of key presses or other signal. If even one of these junior officials is dishonest, he or she can compromise the entire national election system.

Will tampering with an EVM always need the help of an insider or can someone who does not have access to the machine also fix the results?
Some of the tampering methods our study described require physical access to the machines, but insiders routinely have such access when the machines are in storage and during routine maintenance, when workers hired by the manufacturers open and inspect the machines. 

You have said Indian EVMs can be fixed with a mobile phone.
Criminals might tamper with EVMs years before an election. Since the order of the candidates on the ballot isn’t known until shortly prior to an election, criminals would need some way to signal to the machines which ballot position should receive stolen votes. One way they could do this is by installing a radio receiver in the EVM as part of the tampering. We demonstrated this by adding a hidden Bluetooth radio chip to the dishonest display we built. If this display is installed in an EVM, a nearby criminal could signal which candidate should win by using a mobile phone.

If EVMs can be tampered with, that should favour the ruling party. Yet, ruling parties have lost in different states.
Today’s EVMs are susceptible to tampering, and such tampering has the potential to change results in close national elections, but our study does not even attempt to establish that any past election was stolen this way. That said, those who tamper with the machines can only change the result so much before raising suspicion. This means tampering can potentially convey an advantage to one party or another, but it can’t guarantee victory, especially if the real election result is strongly against the cheating party.

Can the EVMs be fixed to ensure fairness? Or should India revert to the ballot paper?
The fundamental problem with today’s EVMs is that they do not provide transparency. With the old paper ballot system, fraud was reportedly widespread, but the reason we knew about this fraud was that it was easy to see. Today’s EVMs might be counting honestly — or they might all be rigged — but there’s no way for you or me or even the EC to tell the difference, because we can’t observe how the votes are counted inside the machines.

The EC should stop pretending that current EVMs are perfect and create a voting system that provides the transparency that voters need in order to have confidence. Many democracies have adopted and then abandoned electronic voting as science’s understanding of the risks has progressed. Others have adopted systems that provide transparency by combining paper ballots with electronic scanners.

I have no doubt that the honourable public servants of the EC have India’s best interests at heart, and so I hope it will work closely with India’s academic and technical communities — with people like Hari Prasad — to evaluate the strengths and risks of a range of options and find the best voting system for India.