EVM Petitions - analysis of SCI Judgment of 26th April, 2024 - good part and the curious (bad) parts

 

SCI Judgment of 26^th April’24 – Justices misunderstood EVM petitions; fortuitously the relief given, which petitioners never asked for, will reduce chances of hacking considerably

 

The two-judge bench of the Supreme Court of India (SCI) delivered its much delayed judgment on ADR’s petition filed a year ago (other petitions were tagged with it), on the day of the second phase polling of General Elections 2024 which had started a week earlier. This was a contest between the citizens of India and ECI and not one between any political party and ECI or the Government – none of the political parties were petitioners. The bench missed this point and gave reliefs that petitioners never asked for. The SCI gave the right to 2^nd and 3^rd losing contestants to demand audit of devices - EVM (comprising Voter Verifiable Paper Audit Trail – VVPAT and Control Unit – CU and Ballot Unit - BU) and SLU (Symbol Loading Unit) with the help of BEL and ECIL engineers (para#75 page 37/38 of Order signed by both Justices – Sanjiv Khanna and Dipankar Datta; separate order was signed by only JDD).

So, the good part of the order is the directions issued to ECI which will CONSIDERABLY REDUCE the chances of hacking because of the fear of getting caught during the audit, if done honestly and competently. Unless the audit process, in the hands of ECI (BEL and ECIL engineers), is subverted, the risk for hackers getting caught will be great. The order has limited the audit to maximum of 5% of EVMs per constituency – had the losing contestants (number 2 and 3) been allowed to ask for audit of all EVMs, the hacking would have had no chance of escaping detection. The order makes it explicit that the burden of cost of audit will be on the challenger, but it does not speak about the consequences of discovery of malware in the suspected devices – will repoll be ordered around the booth where EVM was deployed, or the whole constituency, or the whole country? The order shows its magnanimity (a lofty sense of justice?) in refunding the cost defrayed by the challenger should any tampering be detected! It is strange that the order did not consider it justifiable to appoint independent auditors in resolving the audit challenge. Independent auditors could have compared the object code (access to source code is not necessary) in the suspected machines with healthy machines provided by ECI and given their verdict about the evidence of tampering, i.e. presence of illegitimate stuff (malware or any foreign software). The order unnecessarily elaborates that “microcontroller’s burnt memory” will be subject to audit – what about the flash memory of 4MB (see paragraph#22 in the order)? For the two types hacks which the Justices didn't understand, the problematic parts of the judgment and a semi-technical note on the EVM hackability read here.

Let’s now consider the curious (bad) part of the order which betrays the misunderstanding on part of the honorable Justices – and which is worthy of a challenge in a review petition. The main petitioner’s Sr advocate, Prashant Bhushan asked for sensible reliefs which would have served to FOIL hacking of EVM System completely. He did not allege that hacking has indeed happened. This does not mean that hacking cannot happen in future becasue of vulnerabilities in the EVM System. He also explained all the important vulnerabilities and tried to elaborate the possibility of malware infiltrating the “programmable memory” of VVPAT but JSK cut him off multiple times – as can be read from proceedings in the court – live updates from independent websites – read here.  

First relief sought was that the voter should be able to verify the correctness of the vote slip printed by the VVPAT AND assure himself/herself that it is cut and dispensed into the ballot box. Prashant Bhushan explained (or tried to) that the existing arrangement is deficient and he offered three alternatives – i) revert to paper ballot, ii) hand over the vote slip to the voter who can verify its correctness and dispense it into a ballot box and iii) keep the light inside the VVPAT behind a dark glass (why on earth this glass should not be transparent is NOT explained satisfactorily by ECI – the secrecy argument is totally specious as the voter compartment is always placed in a corner of the room) illuminated all the time so that the voter would leave the voter compartment only after full satisfaction: the correct slip is printed, cut and dispensed into the ballot box – it is not sufficient to light up the lamp for a mere seven seconds to show the slip to the voter. Amazingly, the order has explicitly denied this right to the voter – JDD elaborates in his separate order – in para#15 & 16 page#48 & 49 - that under Rule 49M(3), it is sufficient to merely show the slip to the voter! Obviously, the Judge never understood the method of hack – in which consecutive votes are stolen and cast in favour of hacker’s party WHEN THE LAMP IS SWITCHED OFF. In this method of hacking, the vote count in CU and VVPAT printed slips would match; watch one of many explanatory demos, using representative machines, how this consecutive votes are stolen demo of 13 min. The Justices elaborate naively in their order that never in the past have discrepancies been reported between the CU count and manual count of VVPAT printed slips, therefore, no hacking could have ever taken place! That hack can happen even when the counts are consistent was not understood at all. The order quite unnecessarily derides the demand for paper ballot (Godi media had also amplified the “retrograde demand of paper ballot”) and the demand for voter slip being handed over to the voter WITHOUT MENTIONING ALL THE THREE ALTERNATIVES. Based the third alternative Prashant Bhushan offered, the Justices should have quizzed the ECI to articulate methods of satisfying the voter that the vote is correctly printed, cut and dispensed into the ballot box – ECI should have specifically answered why it has designed the complicated system of switching light on off and generating an audio beep signal – ECI should have been asked to explain why the simple method of illuminating the cutting operation and dispensing of the slip in the ballot box was not preferred. ECI had revealed in the court that there is a sensor which detects the falling slip and it sends out an audio beep. What if the audio beep signal is generated falsely by a hacked VVPAT? Therefore, the relief of voter verification should have been granted to foil this smart method of hacking. Post-results-audit can also detect this hack, however, the cost of foiling the hack is much smaller than the cost of recovering from the consequences of a hack after it has been allowed to happen.

 

Second relief the petitioners asked for was manual count of 100% vote slips and comparing the same with CU count (the comparison would diminish the errors of manual count – the order shows the wisdom of comparison escaped their comprehension completely). This comparison would serve to foil the simpler, though a dumber, hack of voter pressing the button of one candidate and the vote in the CU being written of another party. In this hack the vote slip of the correct candidate in a manual count would not match with CU count. This hack is easy to catch, therefore, it is not likely to be preferred by a sophisticated hacker. It is a no-brainer that the hacker is not likely to be a run-of-the-mill type; the subversion of Indian elections can entangle trillions of rupees (the General Election 2024 is projected to cost 14 Billion USD) and national security. The order allows only 5% of EVMs to be tallied manually in a constituency. However, it has directed ECI to evaluate bar code printing on the vote slips for possible machine counting in future elections. The denial of this relief was not logical and pennywise pound foolish. According to SY Quraishi the 100% manual count of vote slips cannot be compared with the paper ballot era when the ballot papers could be the size of a newspaper. With small VVPAT printed vote slips, it is feasible to finish counting within one day – watch here. By capping the manual count to 5% of EVMs per constituency, the chances of the second type of hack still remain, however, this is not as much a serious compromise as is the denial of the aforementioned relief of verification by the voter because that allows the smarter hack to still take place. In a review petition, the first relief ought to be demanded and perhaps with a bigger bench, the chances of convincing the judges will be better!

The judgment has many other technical bloopers (for e.g. para#22 the candidate data file is a bit map file – it cannot be so as the candidate name and ID apart from the symbol needs to the transferred). The language used in the SCI order, in many places, seems to be that of BEL or ECIL engineers, as pointed out by Kannan Gopinathan in a recent interview to Poonam Agarwal who had helped unravel the Electoral Bond scam.