This blog is not a plea for junking the EVM System, rather about making two process changes and junking few rules that thwart legitimate challenges. This will make the EVM System safe to use - the citizens will be saved from hacking that any party or anyone (a hostile country) with resources can EASILY execute in the existing system.
[Reference links given at the bottom. If you want to cut to chase, the link related to challenges to EVM copied here: Challenges to EVM and reaction of authorities ]
In a democracy, it is said, the people get the government they deserve. But what if the election process gets or can get compromised (hacked)? What if only one side gets all the resources to campaign and fight elections by tilting "the level playing field"? Both these problems have become manifest in India, and it is unlikely they can be resolved without the intervention of the Supreme Court of India. With what India has now begun to be called a "Electoral Autocracy", will very soon turn into a "Sham Democracy" or a "Total Dictatorship"; very far from "Mother of Democracy" boast of PM Modi.
Election Commission of India (ECI), an "independent constitutional authority", has announced India’s 18th Parliamentary Elections in seven phases 19th April through 1st June 2024 (a record duration of 44 days) with results scheduled to be announced three days later. ECI will setup 1.2 million polling booths across 543 Parliamentary Constituencies in which 960 million eligible voters could exercise their franchise. In the 2019 General Elections, 669 Political Parties and 3,469 independent candidates contested, and each one was allotted a unique symbol by the ECI.
ECI uses the Electronic Voting Machine System which has been hyped as the “Gold Standard”. Using the EVM System, the results can be announced within three days or else with manual counting, it may take about a week. The reality is that EVM System uses obsolete technology coupled with Internet and millions of staff to conduct the elections whereas India has the necessary Digital Public Infrastructure to conduct online elections in a fraction of the time and cost.
The 2019 General Elections involved an expense estimated at $ 8 Billion and the 2024 General Elections are projected to cost $ 14 Billion making them the costliest in the world. BJP (Bhartiya Janta Party) the ruling party, is estimated to have outspent ALL other parties put together in 2019. The skew will likely become greater in 2024. This is apparent from the partial disclosure of “white money” BJP mobilised through Electoral Bonds (white money is mobilised via banking channels and black money outside it). The black money every party mobilises and spends in elections is estimated to be 10x times the white money. There is little or no transparency in political funding – it was always fraught with quid pro quo but now it has emerged that extortion by the ruling party is routinely being used. SCI recently ruled EB to be illegal and forced State Bank of India and ECI to publish all details of bonds purchased and encashed by all political parties in the interest of transparency and curbing extortion and quid pro quo.
With the above background information, let us consider the two problems and fixes one by one.
First, the EVM System which can upend the election results - what are the fixes:
After many curious results in 2019 elections, there have been multiple petitions filed in the Courts including, the Supreme Court of India (SCI) as ECI has either refused meetings sought by Opposition leaders or summarily dismissed all challenges. SCI has either turned down appeals for many of the reforms sought or dismissed them. However, in the past few months, particularly after statistical improbabilities of certain results were highlighted in a research paper, entitled “Democratic Backsliding in the World’s Largest Democracy” by Sabyasachi Das (who resigned afterwards from Ashoka University due to backlash) and also technical repudiations of claims ECI has made - (a) EVM is NOT a standalone system and (b) the VVPAT is NOT an One-Time-Programmable (OTP) device - by Kannan Gopinathan, who had work experience as an engineer with Motorola, as an ex-IAS Government officer and as an ex-Returning Officer (RO is in charge of conducting elections in a district) - the question of hackability has been closely examined and confirmed by many technical and industry experts. Furthermore, demos have shown how the EVM System can be gamed. The opposition to the manner of EVM usage has now picked up steam. ECI itself contradicts both its claims (those repudiated by Kannan Gopinathan) in its presentation and FAQ pages on its website. CCE (Citizens Commission on Elections) and ADR (Association of Democratic Reforms) and others have filed multiple petitions against use of EVMs and SCI has finally agreed to hear these before the end of March’24. Over 7K eminent citizens have signed petitions - these include retired Supreme Court Judges, retired Secretaries of GOI, Lawyers, Activists and Computer Science Professors.
Just so that we are clear of the terminology, let’s understand what “EVM” is versus “EVM System” - the graphics below are copied from ECI website - red colour annotations are added. In the ECI website pages revised in Feb’24, the “EVM” consists of these three machines (CU, VVPAT and BU):
To commission the above three machines, the following devices are also employed (not disclosed by ECI in any public document), and most importantly, it is nowhere mentioned by ECI that Laptop needs to be connected via Internet to a central server (presumably belonging to ECI) which has the data of contestants (candidate names, ID, and symbol):
It is important to note that within 15 days before polling commences, the “commissioning” must be done: Symbol Loading Unit (SLU) is connected to a laptop for downloading the symbols of candidates from the central server accessible via Internet, then it is inserted into the VVPAT for uploading the same – it is at this moment, a rogue program can infiltrate the VVPAT AND EVM SYSTEM COMPROMISED. The hacker needs to subvert only few field staff – only in those booths which matter to his side. The hackers’ planners undoubtedly have booth level voters’ list – available in public domain; they know which are “sensitive” booths – which can swing the results. As there are over a million EVM Systems to be commissioned, within 15 days, there is an army of field staff hired by ECIL and BEL. Electronic Corporation of India and Bharat Electronics are the two public sector units which supply EVM hardware, firmware, and software. News has emerged that BEL’s board includes 3-4 BJP officers. To say the least, the EVM commissioning process in million plus booths should be a security nightmare for any System Designer. Why ECI has not discussed – the process in which Internet access via a laptop becomes necessary - in either its FAQ or Presentation pages – is a question begging to be asked.
It is also ironical that none of the well-known IT tycoons of India has spoken out about the obsolete design and vulnerabilities of the "EVM System". In the meanwhile, ECI is flogging the “invincible EVM” assessments of few IIT Professors (all on Government's payroll) of whom 2 or 3 on their expert committee, hold patents over the VVPAT design. The conflict of interest, as well as the fact that none of these professors are security experts, does not bother the ECI; nor the fact that the software source code is not divulged by ECIL and BEL to ECI. The ECI presentations do not distinguish the "EVM" (three animals) and "EVM System" (six animals with Internet connectivity). One would wonder if ECI is innocent, or it is obfuscating terminologies and hiding the details of commissioning process, which makes the EVM System easily hackable, on purpose.
Just as the rewards or stakes of hacking India's elections bear no comparison with hacking of an organisation's or an individual's account, so also the calibre and organisational wherewithal of the former are expected to be many magnitudes higher than the latter. Motivation for subversion of India’s elections can entangle not just trillions of rupees but national security too.
In the existing process (graphic copied from ECI website), this is what happens (or can happen):
- An elector (voter) walks into the Polling Station (PS) with an ID proof. S/he walks up to the row of Polling Agents of Political parties, and they tick off the name after verifying his/her name on the voters list. If name is not found, the voter is not allowed to vote. [It is alleged that many voter names are deleted by ECI due to system deficiencies or mala fide designs of the ruling party.]
- Indelible ink is smeared with a thin swab on one finger of the eligible voter. [ECI is not sure if the same voter is listed multiple times in different locations (booths) as there is no citizen ID in India at present.]
- The voter walks up to the Voting Compartment and waits to press a button on the BU to register his/her vote. The BU has the names of contestants and election symbols adjacent to buttons. Max 16 names per BU - they can be daisy-chained.
- The Polling Officer with the CU presses a key to enable the BU to register a vote.
- After hearing the audio beep that tells everyone in the room that BU is enabled to accept one vote, the voter pushes a button on the BU to register his/her vote.
- A tiny window with one way mirror glass on the VVPAT lights up for 7 seconds during which the voter can see the voting slip with the name of the candidate and symbol! Voter must assume that this slip is not of the previous voter - though there is no telling it could well be of the previous voter who voted for the same candidate - a hacked VVPAT could behave in this manner. If the visible slip is NOT as per the vote cast, then the Voter can complain to the Presiding Officer, and fill out a form to nullify the "wrong vote". There is an intimidating process to rectify the error - which includes actions to "prove" that the machines are misbehaving! Failure to prove the misbehaviour attracts a penalty of Rs.1,000 and imprisonment of three months! VVPAT is supposed to write a record of the vote in the CU; a hacked VVPAT could well write a vote in favour of a candidate of hacker's choice.
- The voter having cast his/her vote, walks out trusting the vote is recorded correctly in the CU and that the slip s/he saw in the VVPAT has been indeed dispensed in ballot box. It could well be that the slip has NOT been dispensed in the ballot box nor recorded in the CU. A hacked VVPAT could behave like this - hold all consecutive votes of an adversary party (adversary of the hacker's party) until a vote is cast of a different party - upon that happening, the hacked VVPAT could print and dispense all the votes it had held back, in favour of the hacker's party candidate, and record the votes in the CU consistent with the printed slips!
CJI recently said, "The great stabilizing force in the country is the purity of the election process". As ECI is clearly aligned with the Government, it is only the SCI that can provide a solution.
What exactly is the fix for the EVM System that will foil the above hacks and is feasible to implement before the polling starts on 19th April 2024? It is really a very easy fix that SCI can order:
CHANGE # 1 The voter should be able to pick up the VVPAT printed slip for verification and physically insert it into the ballot box.
CHANGE # 2 The election results should be based on a manual count of 100% slips. In case of discrepancy between the manual count and the CU count, up to two recounts may be ordered. Ultimately, the manual count would prevail and not the CU Count.
CHANGE # 3 After the Polling finishes, the CU and the Ballot Box pairs are transported to the counting station. During the journey:
i) CU and Ballot Box pairs should NOT be transported and stored together and
ii) Oversight of contestants' representatives should be allowed.
CHANGE #4 Presently a voter who complains to the Presiding Officer (PO) in the Polling Booth that his/her vote is not properly generated, i.e. the VVPAT has printed the wrong vote - is required to prove the allegation is correct through a retest. If the error is repeated well and good but if it is not repeatable, the voter can face a fine of up to Rs.1,000 and imprisonment of up to 3 months or both. It is a matter of common knowledge that programs can be written to work with random parameters or based on parameters such that without the knowledge of source code, no one can predict if the error will repeat nor when it will repeat. The punishment under rule 49MA - Section 177, should be totally removed as it is illogical, and it works as a deterrent for genuine voter complaints - unless source code is made public, and its auditability allowed before and during elections.
Anything more than above demands in petitions pending in the SCI, may not be feasible to implement in the short time available before the elections. Anything less will not eliminate the threat of the election results getting hijacked.
Manual count in 100% of polling stations may take one week at most for counting which is trivial considering the current schedule which is of 47 days: 44 days for polling + 3 days for counting.
Summary:
Remember the VVPAT hack can be of two types -
- The vote slip dispensed, and the vote recorded in CU are consistent but NOT according to the vote cast on the BU, therefore, Change # 1 of verification by voter is required
- The vote slip dispensed is consistent with the actual vote cast, but the vote recorded in CU is NOT, therefore, Change # 2 of rule of manual count compared with CU count and manual count to prevail, is required
- The possibility of a fraud of replacing the CU and Ballot Box pairs is non-trivial because a RTI based PIL had revealed that whereabouts of many EVM Systems are not known to ECI. Therefore, Change # 3 of rule of transportation is required
- The punishment should be totally removed as it is based on an illogical premise of predictability of hacked programs, and it deters genuine complaints of voters. If source code is made public, independent auditors can confirm if VVPAT, BU and CU are working as per original program; this will allow citizens to prove hacking else it is NOT provable. Therefore, Change #4 of rule of fines or punishment should be removed or else the source code should be made public and the option of auditability of the source code should be provided
Second, the pernicious political funding system which reduces chances of honest and smart candidates winning elections - fixes required
Funding reforms that can be done immediately
- ECI should mandate 100% disclosure of all funds mobilised by every contestant and every political party. In todays world this is easy and the name of the donor, his identifier, the amount of donation and date should be the minimum data included in the list to be published on the website of the party or individual or ECI provided platform. At present donations below Rs.2,000 need not be disclosed. This loop hole is exploited by parties - one party had claimed that its entire funding was of smaller donations, therefore, not a single name was disclosed!
- The elections expense caps which apply to contestants should be totally removed. The expense caps are so low that virtually all contestants are forced to tell lies because they spend much more money than is legally allowed. Those who do not have unaccounted (black) money, tend to lose out. The existing system reduces the chances of honest and smart candidates winning elections and it rewards those who have lot of black money and who can manipulate the system and get others to spend on their behalf (with quid pro quo of course).
- The State should provide free airtime on its TV channels – national and regional - to all contestants. It should also arrange leading three or four contestants to debate so that voters are better informed before they vote. The moderators can be selected by the candidates themselves. The recorded debates and statements of objects should be made available on ECI's portal.
The above election reforms related to political funding will improve the transparency and reduce costs candidates incur in fighting elections. At the same time the citizens will make more informed decisions and the candidates become more accountable because their statements can be recalled by voters, and their accomplishments, can be compared with their promises or objects.
The reforms that can be done in the next five years (2024 – 2029) – before the General Elections of April-June 2029
In the previous Elections of 2019, of those 900 million eligible voters, 67% voted. The largest share of votes was polled by BJP. With 37.4% vote-share, BJP bagged 303 seats; they can thank India’s First Past The Post (FPTP) system for the disproportionate seat-share of 55.8% (absolute majority) they got. The NDA (National Democratic Alliance) of which BJP was the main partner, polled 45% of the votes and won 353 seats which amounts to 65% seat-share in the 543-member lower house of the Indian Parliament – Lok Sabha (LS).
The Two Round System (TRS) followed by France ensures the winner has at least obtained 50% votes. India uses TRS for President and Vice-President elections but not for legislators in LS or State Assemblies (Vidhan Sabha). With TRS, the Opposition parties with similar ideologies (aka “secular” ideologies), or the types which conflict with the right-wing Sangh Parivar ideology (aka Hindu Supremacist ideology), would have fared better because their votes which get splintered in the first round would likely coalesce in the second round in a one-on-one contest; in TRS, if in the first round no candidate wins over 50% votes, the top two candidates in the first round, get to contest in the second round. Therefore, in TRS, Opposition parties and not BJP would have obtained the majority of seats in the Parliament. The election reform of replacing FPTP system with TRS could ensure a far more representative democracy in India as India has multiple parties and often coalition governments, unlike in USA which has two dominant parties. Even without a pre-poll alliance, the Opposition parties would have defeated the BJP in 2019 – a completely different outcome would have been assured – one which would better reflect the preference of the majority (62.6%) of the voters. The irony is that Modi is pushing forward the reform of “One-Nation-One-Poll” (ONOP) whereas the Opposition has no interest in advocating alternative systems – one wonders if they have any clue about the importance of the TRS in context of INDIA grouping they are trying to create before the 2024 elections? ONOP, it is argued will save costs and time whereas an online voting system can save far more cost and time. Even while continuing the FPTP system, an online system can easily replace the obsolete EVM System and assure greater security – reliability and cost savings.
RELATED REFERENCES:
Challenges updated - on 1-Apr-24 SCI has issued notice to ECI in the petition against EVM processes
how Iran Nuclear fuel processing centrifuges were
knocked out by CIA even though Iran's engineers had claimed the plant had
"stand alone" systems - just like ECI is claiming their devices are
in a "stand alone" state - they allow connecting a SLU before
commissioning the system - this is sufficient to infiltrate a rogue program
into VVPAT. The hacking can be done selectively - in certain systems only - as
all the machines have unique IDs. The rogue program can behave according to a
date - time - number of votes cast - schedule - thus defeating the FLC which
ECI pompously claims is sufficient proof of proper functioning of the EVM
system. They are fooling the public or they are ignorant.
EVM System - updated website - new revelations and
questions
(ECI has updated its
website pages; new FAQ on 7-Feb-24, Presentation too is changed; probably in
response to recent protests and demos of hacking; it has now changed the
definition of EVM - earlier it used to mean BU and CU but now it includes VVPAT;
so, EVM now cannot be claimed to be OTP device as VVPAT has programmable
memory; furthermore EVM System, is more than EVM but ECI is silent on
it).
ECI presentation on EVMs - false claims and
misrepresentations discussed in this note
Are EVM System components OTP type devices? No
clear answer from ECI/GOI
The hardware in EVM System of today can be easily
replaced by Smartphones running a secure App - within weeks
Kannan Gopinath's interview on EVM system
hackability
Read about the two hack demos. Recently hacks of
EVM System were demonstrated and videos shown on 4pm News Network. In these
hacks the VVPAT votes differently from the actual votes cast - the slips
printed and vote recorded in the CU were consistent. Therefore, the manual
count of slips and the count from the CU would match. This type of fraud can
only be prevented if Demand#1 is met, else it would require software audit but
that is not possible as ECI and SCI have said that software is secret. SCI on the
one hand ecourages Open Source - but on the other hand, in this particular
instance, it protects the IPR of a ridiculously simple program - GOI can easily
get the same software developed in Open Source or buy the IPR for cost which is
not likely to exceed few million rupees! Another intriguing thing to read about
is that 1.9 Million EVM Systems have gone missing - The Wire article of 22-May-19.
The Wire article series on multiple issues including EVMs "India Black Boxed":
4-Jan-24 MK Venu
24-Feb-24 Venkatesh Nayak
EVM Opposition - by senior leaders - call for
reforms - urgency ignored by ECI and SCI - 2024 General Elections become
fraught
Political funding existing in India today is recognised as the
fountainhead of corruption: Notes
SBI
stonewalling SCI - is it perjury and contempt? SCI's honour was at stake -
partially redeemed
How
BJP raises its funds - white (5% to 10%) and black (90% to 95%) - world's
biggest and most corrupt party
On-line voting and political funding India requires: Blog
