On the 20th of May 2017 the Election Commission of India (ECI) announced that it would offer its electronic voting machines to political parties for them to try and prove that EVMs can be tampered with. The challenge will begin on June 3.
The ECI has put forth some conditions for the supposed hackathon. It's a long list but here are the most important points:
- The challenge will only be open to up to three members nominated by national and state parties which contested assembly polls in five states.
- Each participating group will be given four hours to hack the machine.
- Foreign experts have been barred from participating in the challenge.
- Participants can use a combination of keys on EVMs or communication devices such as cell phones and Bluetooth to tamper with the machines to change the results.
Before talking about the above points and dissecting them one by one I will address some questions being asked by some sceptics.
Unpacking the EVM controversy
Q1. Is AAP against EVMs? Does it want to take India back by a few decades?
While much of the western world, which happens to be far more technologically advanced than India, has shunned the electronic voting system, we insist on sticking to it. The Netherlands and Germany have done away with them completely, while in the USA individual states can choose whether to use EVM or paper ballot. Then there is Japan, the bastion of all things high-tech, which started the EVM project but did away with it without every using it in an election.
The ECI and EVM supporters have been saying that the VVPAT will make the voting process more reliable. That establishes one thing—the process is not reliable right now!
The only major advantage of EVMs is that the counting time is a lot less than in the paper ballot system. The other argument is that it saves paper, but by how much? Let's take a typical scenario for one booth with about 15 candidates. So one EVM machine can hold votes for one booth (around 1200 votes) and the lifetime of one EVM is 10 years. In 10 years, if a machine is used for five elections, two national and three state, then one machine would save around 6000 newspaper-size sheets of paper over a decade.
But—and it's a big but—paper is a locally available resource and easily recyclable while the electronic circuit storage, maintenance, transport and most importantly, disposal is a huge challenge. Also, the people required to manage paper ballots need no special training while managing EVMs requires training. While paper ballot elections can be managed easily by class 3 and 4 employees, managing EVM-based voting requires regular intervention from class 1 or class 2 officers.
Despite all that, EVMs are still being used. It is clear that we should look at how to improve the existing system. The Hon'ble Supreme Court ordered the implementation of the Voter-Verifiable Paper Audit Trail (VVPAT) and after languishing for several years, now the Union government has finally released the funds.
Q2. Won't VVPAT make the voting process more reliable?
The ECI and EVM supporters have been saying that the VVPAT will make the voting process more reliable. That establishes one thing for sure—the process is not reliable right now! The fact that EVMs can be tampered (much like any other electronic equipment) is not under question. That's why the Supreme Court asked for implementation of the VVPAT in the first place—because EVMs are not foolproof. The ECI claimed the process is secure but the Supreme Court didn't buy its argument.
First of all we need to understand how VVPAT fits into the EVM system.
Currently, the EVM has a Ballot Unit (BU) and a Control Unit (CU). The BU is the part where the votes are polled and the CU is where the votes are stored. The two are connected by a long wire. The votes that are in the CU are the ones that are counted for the election results. The apex court said that this is not enough and that the voter needs to be assured that his/her vote is going to the person they voted for. For this purpose the VVPAT was introduced.
The ECI forgets that any electronic equipment, whether it's closed or open to outside connections, can be tampered with.
Now let's see what VVPAT does as of now and what it should be doing. Currently, the VVPAT, which is basically a printer, prints out a slip with the name and election symbol of the candidate that the voter voted for. The slip is visible for seven seconds to the voter post which it falls into a box. The slips only serve the purpose of assuring the voter that their vote went to the right candidate. It doesn't have any ramifications for the ultimate electoral result.
What should happen, however (and which in India that currently happens in the rarest of rare scenarios), is that the VVPAT result should be compared to the CU result. If the VVPAT doesn't have any impact on the actual result, it's as good as not having it. One model that we at AAP have proposed is that 25% of VVPAT results should be compared with the CU result on a random basis.
However, while on this quest to dig into EVMs I came across two very interesting stories around VVPATs. One is around the result comparison and that is the one I will share first.
The ECI has a team of experts that gives it suggestions on EVMs. The primary reason for this is that ECI officials are non-technical bureaucrats. One of these experts, rumoured to be a professor in IIT Delhi, gave a suggestion around VVPAT recounting. His proposal was that instead of the VVPAT slips getting cut and falling into a container, the slips can be rolled back using an automated mechanism and when the results come, both VVPAT and CU results can be counted in an automated manner and all critics could be answered. That way an automated manner of counting could be maintained while cross-verifying the results at all the VVPAT booths. The interesting part is that instead of being applauded for the idea, the professor was asked to leave the meeting. (This story was told to me by a person who was in the meeting but has asked to not be named.)
The second story was shared with me by VV Rao, whose petition (civil) No 292 of 2009 resulted in the Supreme Court in 2013 directing the ECI to work along with the petitioners for the implementation of the VVPAT. After the release of funds of ₹3256 crores by the GOI the petitioner VV Rao tried to get in touch with the Election Commissioner. He made several visits to the EC office trying to get an appointment but failing to do so. He then wrote an email to the CEC Dr Zaidi asking for an appointment. In his reply to Rao, Dr Zaidi redirected Mr Rao to an Electronics Corporation of India Limited (ECIL) consultant. (The above email conversation is available with Mr VV Rao and anyone with any doubts can reach out to him and verify).
So, is the SC order being implemented by ECIL or by EC?
Q3. EVMs are safe as they are closed systems—what's the doubt?
The most repeated argument used by the ECI against those questioning the EVMs is that these machines are not connected to the internet. The ECI forgets that any electronic equipment, whether it's closed or open to outside connections, can be tampered with. Germany also used so called "closed" EVM's from 1998 to 2009.
The EC admitted to our party functionaries that anywhere between 2-5% EVM's malfunction. Yet, they claim that the system is tamperproof. Imagine the day even 1% of flights or banking transactions start to fail!
In 2005, the system of electronic voting in Germany was challenged by two voters in the German Federal Constitutional Court (German equivalent of the Supreme Court). In 2009 Germany ended electronic voting. The German Federal Constitutional Court in its decision said:
"The use of voting machines which electronically record the voters' votes and electronically ascertain the election result only meets the constitutional requirements if the essential steps of the voting and of the ascertainment of the result can be examined reliably and without any specialist knowledge of the subject."
Even in the case of Indian machines it is not possible to ascertain results reliably without any specialist knowledge of the subject.
I might be called an anti-national and many more names for citing a German court but let's not forget that our founding fathers studied the Constitutions of multiple countries and adopted the good ideas from them. If our founding fathers were so open-minded and willing to learn from across the world, what stops us from doing so?
Furthermore, any average citizen who has ever encountered the Indian bureaucracy and administrative system would vouch for its ineffectiveness and corruptibility—whether it's the police or healthcare or education.
I recently put forth this argument to a "Sanghi" friend, and he retorted, "You cannot bracket organisations that manufacture advanced electronic products for the armed forces with the police and health departments."
Weak point, but I still gave him the benefit of doubt despite the fact that BEL and ECIL, the two companies manufacturing EVMs, outsource much of the work to private contractors.
Then there are cases in which malfunctioning EVMs are replaced during the voting process. Ever wondered who these people who replace these machines are? What training did they have? Where did they get the replacement machine from? Where was the extra machine stored? What was the security protocol for these extra machines?
The EC is basically saying—you can test the machine for all possible keystrokes but we won't give you enough time.
As per an RTI report given to me by an activist from Madhya Pradesh, the state election commission asks each district collector/district electoral officer to nominate three "master trainers" with knowledge about EVMs. These "master trainers" are sent to the state election commission headquarters. The selection criteria for these master trainers are very vaguely defined and left entirely at the discretion of the district collector/district electoral officer. However, let's also give them the benefit of doubt. Let's assume (and that's a BIG assumption) that all DCs send competent and unbiased people as "master trainers."
The tricky part is after all this happens. As per EC's own admission, there is a team of technicians for every set of 10 or so booths responsible for the technical maintenance and replacement of EVMs if there is any issue during the polls. Is a three-member team of "master trainers" enough to provide services at all the booths in a district? According to the RTI report given to me by the activist, the "master trainers" hire a team of around 20 local electricians under them who work as maintenance staff. The question of how easy it might be to manipulate them pretty much answers itself.
Q4. Is it possible to tamper with EVMs on such a mass scale?
The mean loss margin for assembly elections is around 5000 votes. Around 70% of the seats are won and lost within this margin. As I have mentioned above, one CU has around 1200 votes. So if five EVMs in an assembly election are tampered with for 50% of the votes, the number of votes manipulated would be 3000. That's 3000 votes added to someone and 3000 deducted from others. Thus, by manipulating just five EVMs in an assembly the entire result can be altered.
[We need] guidelines framed by technical people whose aim is to improve the EVM system, and not those drafted by some bureaucrats who want to maintain the status quo.
Moreover, with ballot papers at least finding out the irregularities was easier. With EVMs the manipulation will rarely leave a trace, and when it does, like in Bhind or Dholpur, the EC will do everything in its power to ensure that those questioning the system are silenced.
So, here's my basic submission: there are way too many loopholes in the current EVM system. The EC itself admitted to our party functionaries in a meeting that anywhere between 2-5% EVM's malfunction. Yet, they claim that the system is tamperproof. Imagine the day even 1% of flights or banking transactions start to fail!
Why the EC's hackathon conditions are laughable
Now coming back to some of the primary conditions put forth by the EC for the supposed hackathon—which I would like to rechristen as "jokeathon"—and my rebuttal to them.
Condition 1: The challenge will only be open to up to three members nominated by national and state parties which contested assembly polls in five states.
Why can't independent technical experts, teams from IITs or similar institutions and people who work in firms dealing specifically in VLSI and chip manufacturing try their hand at hacking the EVMs? Most such professionals have no political affiliation, so why is the EC not letting them demonstrate the vulnerability of EVMs?
Condition 2: Each participating group will be given four hours to hack the machine.
Just to do a "black box testing" of five key combinations out of the 16 available on the BU means 10,48,576 combinations. Given that there is a gap of about 15 seconds between two button pushes (includes time for reactivation of BU from CU after each button press and the beep duration), the number of seconds required is 1,57,28,640, which is 262144 minutes which is around 4369 hours or roughly 182 days. Even if we choose to test only 5% of the possible combinations, the number of days of nonstop keystrokes required at every 15 seconds would be a bit more than nine days.
Dear EC, we are not trying to do a "mann ki baat" with the EVMs. We want to do actual tampering with the machines...
Also, does the EC really think that anyone actually trying to manipulate EVMs would only have four hours and three technical people at their disposal?
Condition 3: Foreign experts cannot participate in the challenge.
Of course! How can we allow foreign experts? The facts that we still procure the chips used in EVMs from Japan and the USA, and that the code that is flashed in the chips is not a facility that is available in India till date, are irrelevant. Also, we export these EVMs to great democracies of the world like Nepal, Namibia, Botswana and Kenya. Any foreign expert, if they actually want to lay their hands on the machine can get them from there, but it will be blasphemy if we allow them to do so on Indian soil.
Condition 4: Participants can use a combination of keys on EVMs or communication devices such as cell phones and Bluetooth to tamper with the machines to change the results.
I've already explained the illogical time limit given for testing using key combinations (known as black box testing in technical terms). The second option given by the EC is using over-the-air communication devices. If the EC is willing to divulge the handshake mechanism and other details between the BU and CU, it would be child's play for even a 3rd year Electronics Engineering student to hack the machine, but figuring out the handshake details is what will take a lot of time and some high-end equipment. Again, the equipment configuration will change based on what chip is being used in the EVM and what generation the machine belongs to.
The EC is basically saying—you can test the machine for all possible keystrokes but we won't give you enough time. And you can try and tamper with it using over-the-air communication devices such as cell phones and Bluetooth but we won't give you enough time to figure out what the communication protocol between the two can be.
Saurabh Bhardwaj has inside the Delhi Assembly shown that how a seemingly perfect machine can be manipulated. What he demonstrated is perfectly replicable with any EVM given enough time and permission to tamper with the hardware. By changing the printed circuit board (PCB) inside an EVM it is possible. And that is just one of several ways.
So, dear EC, we are not trying to do a "mann ki baat" with the EVMs. We want to do actual tampering with the machines—for that to be done you need to first of all come up with an actual set of guidelines framed by technical people whose aim is to improve the existing EVM system, and not those drafted by some bureaucrats whose only aim is to maintain the status quo. Because let me assure you, whatever happens, the status quo is too dangerous for Indian democracy and cannot be allowed to continue.