The SCI judgment, of the morning of 26-Apr-24, on the EVM VVPAT petitions delivered zero justice to citizens
of India and a partial consolation to political contestants in the Indian elections. No
thanks to Political Parties, which never took a consistent or firm stand against the EVM usage, the heroic efforts of Jagdeep Chhokar of ADR represented by Prashant
Bhushan and many other petitioners deserve a salute. This is a fight between
citizens and ECI, and not between a political contestant and ECI, as the
two-judge bench’s order unfortunately seems to project.
Saving grace of SCI order:
ECI has been ordered to seal the SLU (Symbol Loading Unit –
a fancy name of a pen drive which is used to transfer candidate data file into
VVPAT) and EVMs after close of polling for a possible audit by engineers of BEL
and ECIL. A losing contestant, either 2nd or 3rd, will be
allowed to ask for audit of the memory of microcontroller of VVPAT (Voter
Verifiable Paper Audit Trail) and CU (Control Unit) within 7 days of results. Bench
does not seem to have realized that there is memory outside microcontroller too
and the device can be compromised by malware sitting in that memory! Unfortunately,
the order has capped the audit as well as manual count of vote slips to
previously set limit of 5% per constituency. Regardless of these oddities, this
order will deter a hacker as he will fear getting caught during the audit, unless
the hacker and the auditors from BEL and ECIL, already accused of being under
influence of BJP affiliated directors, are co-conspirators. SCI should have
allowed independent auditors to have access to source code to enable them to do
audits. However, the bench had refused to divulge the source code earlier.
Finally, SCI should have asked ECI to seal the devices effective today instead
of 1.5.2024, why allow hackers, if any exist, a free pass?
The order, with directions to ECI, passed by the two-judge bench of Justices Sanjiv Khanna and Dipankar Datta is deficient on many counts and it is very likely that ADR, the lead petitioner, will file for a review by a larger bench. Indian democracy cannot be exposed to the slightest risk. The existing EVM System is easy to hack and many IIT Professors, other than those on Technical Experts Committee of ECI have confirmed this view. 7,000 eminent citizens had filed a petition before ECI but it did not even acknowledge it. General Elections of 2024 are projected to cost 14 Billion Dollars. Hackers, not the run-of-the-mill type, can entangle not only huge money but also national security. SCI must be tested to see if it pays heed to the voice of India’s citizens.
After this Judgment, the possibility of hacking could reduce considerably due to the possibility of the hacker getting caught. If the audit is done honestly and competently, the hacking would be caught surely if the right EVMs (out of 5% per constituency) are picked by the challenging contestant, otherwise he may still escape detection!
RELATED
EVM petitions - proceedings in the SCI
Also read previous blogs - the two methods of hacks and the two reliefs petitioners had asked for.
To reduce the hacking chances to zero, the two reliefs necessary are: 1. Voter must be able to verfify her vote is correct, it is cut and it is dispensed into the ballot box before she walks out of the compartment of voting at the polling booth and 2. 100% of VVPAT printed vote slips must be manually counted and compared with the CU count - in whichever EVM there is discrepancy, recount should be automatically trigerred and in case of persistent difference, the manual count should prevail (this is the existing ECI rule anyway).
3 comments:
Funny. SC affirms credibility of EVM VVPATs; but will not allow its validity check. So very logical.
Thank you. The decision is bad but not unexpected. The judges were convinced beforehand that everything was in order. I do not understand how the demand for audit by the second or third candidate will reduce the possibility of hacking. One, it will be very difficult to unearth all technical details of the hacking process and second, hackers will be smarter now and take care of all possible loose points in their design. No one can read a hacker's mind in advance that too in a short span of seven days. You have rightly said: "This is a fight between citizens and ECI, and not between a political contestant and ECI, as the two-judge bench’s order seems to project."
If the audit is performed honestly and competently, the programs in the suspected devices can be compared with the programs in a healthy set of machines - by taking bit map dumps of the entire memory of all machines - not just the microcontroller's burnt memory (as the Judgment qualifies - unnecessarily). This is an easy method of detecting presence of unexpected stuff (whether malware or something else doesn't matter) in the suspected devices. The judgment unnecessarily gives this audit responsibility to BEL and ECIL engineers - because this audit could have been done by independent auditors without divulging source code to them. BEL and ECIL should be responsible for only providing a healthy set of machines to independent auditors. In a review petition this point ought to be argued. It is now known to all that BJP functionaries are serving on the board of one of the two manufacturers. Furthermore, both companies are PSUs under control of GOI. Judgment talks about when the cost of audit will be borne by the challenger, more importantly, it should have talked of what to do if indeed unexpected stuff is found on suspected devices? Will a repoll be ordered? Where repolling will be needed? In the area of a booth, in the whole constituency, or in the whole country? Justices should realise that it is far better to PREVENT or FOIL hacking rather than DETECT the event of hacking after it has happened! What ADR was asking for would FOIL the two possible hacks.
Post a Comment