Recently there has been lot of controversies regarding electronic voting machines (EVMs) in India. In this “guest column”, Mr. Praveen Dalal is providing his views and opinion in this regard.
Electronic Voting Machines (EVMs) have revolutionised the Indian election process. EVMs have many advantages over the traditional paper based voting system. However, all the advantages are futile if they can be abused and the election results can be manipulated.
The ECI-EVMs in India are claimed to carry many security safeguards. The machine code of the source programme code known as hex-code (not the source code itself) is given to the micro controller manufacturer for fusing in the micro controllers. From this machine code, the source code cannot be read. Source code is never handed over to anyone outside the software group.
This makes the comparisons between ECI-EVM and EVMs used by foreign countries irrelevant. Most of the systems used in other countries are PC based and running on operating Systems. Hence, these could be vulnerable to hacking. The EVM in India on the other hand is a fully standalone machine without being part of any network and with no provision for any input. The software in the EVM chip is one time programmable and is burnt into the chip at the time of manufacture. Nothing can be written on the chip after manufacture. Thus the ECI-EVMs are fundamentally different from the voting machines and processes adopted in various foreign countries.
The source code is so designed that it allows a voter to cast the vote only once. The next vote can be recorded only after the Presiding Officer enables the ballot on the Control Unit. In between the machine becomes dead to any signal from outside (except from the Control Unit). The control units do not electronically transmit their results back the Election Commission, even though a simple and unconditionally secure protocol for doing this exist. The EVMs are purposely designed in this manner to prevent any intrusion during electronic transmission of results. Instead, the EVMs are collected in counting booths and tallied on the assigned counting days.
Despite all these safeguards, the chances of abuses and manipulations cannot be ruled out. These abuses may be man made and effectuated or technological glitches and manipulations.
Some of the objections in this regard point that the machines only display an electronic number but there is no paper trail to cross check against as physical proof of who people actually voted for. Similarly, concerns have been raised that no EVM is safe from hacking or rigging. The EVMs are manufactured by a state owned organisation, Bharat Electronics Limited (BEL). BEL and ECI consider obscurity and obfuscation as security, however this is really not security. The human element is weakest in the security chain and in the absence of an external authentication and corroboration, the results may be manipulated.
If we go through a good cyber forensics phase, these manipulations can be traced and taken care of. For instance, all the data is recorded on non-volatile dual redundant memory chips and can be retained for over 6 months even when the power pack is removed. Even when the battery is removed the memory in the microchip remains intact. If the Court orders a recount, the Control Unit can be reactivated by fixing the battery and it will display the result stored in the memory. Now if any political party, person or institution is not satisfied with the election results and smells some foul play, he/she/it must act within these 6 months otherwise the data may be lost forever. Of course, if there is a backup of the data the same may be kept for a longer period.
Now the crucial question arises is what if voting is proved to be tainted subsequently after cyber forensics appraisal and a Government has been formed on the basis of that voting? Will the Election Commission declare such elections null and void? Will the President of India declare a re-election? Will the Supreme Court of India take cognisance of this fact?
There is no sense if this crucial matter is taken lightly by the Election Commission, President of India, Supreme Court of India, etc. The ghost of EVM is still haunting these authorities and it would be better if the matter is resolved once for all as soon as possible.
Electronic Voting Machines (EVMs) have revolutionised the Indian election process. EVMs have many advantages over the traditional paper based voting system. However, all the advantages are futile if they can be abused and the election results can be manipulated.
The ECI-EVMs in India are claimed to carry many security safeguards. The machine code of the source programme code known as hex-code (not the source code itself) is given to the micro controller manufacturer for fusing in the micro controllers. From this machine code, the source code cannot be read. Source code is never handed over to anyone outside the software group.
This makes the comparisons between ECI-EVM and EVMs used by foreign countries irrelevant. Most of the systems used in other countries are PC based and running on operating Systems. Hence, these could be vulnerable to hacking. The EVM in India on the other hand is a fully standalone machine without being part of any network and with no provision for any input. The software in the EVM chip is one time programmable and is burnt into the chip at the time of manufacture. Nothing can be written on the chip after manufacture. Thus the ECI-EVMs are fundamentally different from the voting machines and processes adopted in various foreign countries.
The source code is so designed that it allows a voter to cast the vote only once. The next vote can be recorded only after the Presiding Officer enables the ballot on the Control Unit. In between the machine becomes dead to any signal from outside (except from the Control Unit). The control units do not electronically transmit their results back the Election Commission, even though a simple and unconditionally secure protocol for doing this exist. The EVMs are purposely designed in this manner to prevent any intrusion during electronic transmission of results. Instead, the EVMs are collected in counting booths and tallied on the assigned counting days.
Despite all these safeguards, the chances of abuses and manipulations cannot be ruled out. These abuses may be man made and effectuated or technological glitches and manipulations.
Some of the objections in this regard point that the machines only display an electronic number but there is no paper trail to cross check against as physical proof of who people actually voted for. Similarly, concerns have been raised that no EVM is safe from hacking or rigging. The EVMs are manufactured by a state owned organisation, Bharat Electronics Limited (BEL). BEL and ECI consider obscurity and obfuscation as security, however this is really not security. The human element is weakest in the security chain and in the absence of an external authentication and corroboration, the results may be manipulated.
If we go through a good cyber forensics phase, these manipulations can be traced and taken care of. For instance, all the data is recorded on non-volatile dual redundant memory chips and can be retained for over 6 months even when the power pack is removed. Even when the battery is removed the memory in the microchip remains intact. If the Court orders a recount, the Control Unit can be reactivated by fixing the battery and it will display the result stored in the memory. Now if any political party, person or institution is not satisfied with the election results and smells some foul play, he/she/it must act within these 6 months otherwise the data may be lost forever. Of course, if there is a backup of the data the same may be kept for a longer period.
Now the crucial question arises is what if voting is proved to be tainted subsequently after cyber forensics appraisal and a Government has been formed on the basis of that voting? Will the Election Commission declare such elections null and void? Will the President of India declare a re-election? Will the Supreme Court of India take cognisance of this fact?
There is no sense if this crucial matter is taken lightly by the Election Commission, President of India, Supreme Court of India, etc. The ghost of EVM is still haunting these authorities and it would be better if the matter is resolved once for all as soon as possible.
Mr. Praveen Dalal, Managing Partner of Perry4Law, is the Leading Techno-Legal Specialist of India and is an Internationally renowned Expert in the fields of Cyber Forensics, Cyber Security, Cyber Law, etc. These are his personal views and opinion.