The spectacular bluff of two "silos" of data of Electoral Bonds (EB) that State Bank of India (SBI), represented by top lawyers, tried to pull off was live streamed to the whole country from the Supreme Court no.1 in the month of March 2024. The two "silos" were actually two tables of data. Such data of EB buyer and EB recipient in two tables of a Database (or even Excel worksheets) would require not even three minutes to match but the lawyers of SBI, FICCI and GOI asked the five-judge bench to grant them three months. Had SBI used the word tables instead of "silos", any computer literate person could have pointed out that the matching is a trivial exercise of writing one join query in a database or "vlookup" command in an Excel worksheet.
Another more spectacular drama of EVM System hackability has been unfolding in the two-judge bench of the Supreme Court but this time it is not live streamed; as only constitutional bench proceedings are live-streamed at present. This time ECI is the culprit for obfusctions or outright lies which have left everyone confused. What could have been argued and concluded in two hours went on for three days without any order by the bench. As a result the General Elections of 2024 which have commenced from 19th April with status quo on the EVM System which people of India rightly suspect can be gamed.
The petitioners have laboured to convince the court that EVM System has deficiencies and the possible hacks can be easily foiled by making two changes in processes: i) allow voter to verify the correctness of the printed vote slip and ii) manually count all the printed vote slips and compare with the EVM count (in case of discrepancy, as per existing ECI rules, the manual count prevails). ECI's lawyers and experts argued that there is no deficiency; ECI representatives actually lied and made self-contradictory statements (such contradictory statements also exist on ECI's website).
Firstly ECI has claimed that EVM machines are a standalone system - standalone in IT industry means, "not ever connected to Internet or any network (WAN or LAN)". Secondly, ECI claimed that EVM has only "firmware" as opposed to "software". ECI claimed that the VVPAT (Voter Verifiable Paper Audit Trail) into which Symbol Loading Unit (SLU is a "red herring" name for a pen drive, like silo was the fancy name for a data table) has only OTP (One-time-programmable) memory and that no software (or malware) can be transferred into it through the SLU or by any other means. Both these claims are contradicted by ECI's own admission - as visible on its website pages.
Search for "standalone" and "OTP" in the linked note here and here - you will find multiple occurrences of "standalone", "laptop" and "OTP" - you can read in five minutes in context what ECI has mentioned. EVM machines (BU, CU and VVPAT) are not the whole picture - EVM System is the whole picture - it comprises of a Central Server to be accessed via Internet, Laptop (in the custody of DEO/RO) and SLU. EVM System by no means is a standalone system and VVPAT has programmable memory too. This being the case, malware (software written by a hacker) can enter the system: via the central server or via the Internet into the Laptop, via the Laptop into the SLU, and finally via the SLU into the VVPAT's programmable memory. This infiltration of malware can occur with or without the knowledge of District Election Officer/Returning Officer or field engineers deployed in the over 1.2 million booths to commission the EVM during the 15 days prior to poll commencement. The malware can make the VVPAT misbehave as per multiple parameters set by the hacker, for e.g. date, time slots, constituency, the party to favour, the party to steal votes from, preceding rate of voting (i.e. misbehave only when there is rush) etc. Prashant Bhushan, ADR's Sr advocate, did try to explain some of these characteristics but the Justices cut him off frequently.
The petitioners have made very sensible and feasible demands. Will the bench grant these reliefs? Without these reliefs, the 2024 Election's system will be highly fraught and its results untrustworthy. The public, at least a large section, will lose complete faith in the ECI's and GOI's democratic credentials.
Reliefs sought:
RELIEF # 1 to defeat 1st method of "steal the same successive votes - hack": The voter should be able to pick up the VVPAT printed slip for verification and physically insert it into the ballot box; else the voter should be able to see the vote slip printed is correct and it is actually cut and dispensed into the ballot box - it is not sufficient for the voter to just see the vote slip (because it could be the previous voter's slip which has not been cut and dispensed due to a hack) - this means the light should remain on and not merely for seven seconds, as is presently the case. This is a clever hack because it cannot be caught - the stolen consecutive 2nd or 3rd or successive votes (as parameterised) - cast in favour of the hacker's party - will not be seen because their printing, cutting, dispensing into ballot box and writing into the CU will all occur only when the light is in the switched off state and in few seconds after the button for a different party's candidate is pressed by a subsequent voter or when the stealing parameter count is reached. In this hack, the vote count in CU and the manual count of VVPAT printed votes will match. Therefore, even a 100% manual vote count cannot foil this hack. This delayed printing of consecutive vote will likely be the preferred method of hack.
RELIEF # 2 to defeat the 2nd method of "print correct vote slip but write vote in CU for hacker's party candidate - hack": The election results should be based on a manual count of 100% slips. In case of discrepancy between the manual count and the CU count, recounts may be ordered. Ultimately, the manual count would prevail and not the CU Count. This change in process is required to foil the second method of possible hack of VVPAT printing a vote slip for one party and writing into the CU a vote of another party. Compared to the above method of hack, this one is laible to be caught and, therefore, less likely to be preferred by the hacker.
RELIEF # 3 for safe transport: After the Polling finishes, the CU and the Ballot Box pairs are transported to the counting station. During the journey, oversight of contestants' representatives should be allowed.
RELIEF #4 for enabling genuine complaints: Presently a voter who complains to the Presiding Officer (PO) in the Polling Booth that his/her vote is not properly generated, i.e. the VVPAT has printed the wrong vote - is required to prove the allegation is correct through a retest. If the error is repeated well and good but if it is not repeatable, the voter can face a fine of up to Rs.1,000 and imprisonment of up to 3 months or both. It is a matter of common knowledge that programs can be written to work with random parameters or based on parameters such that without the knowledge of source code, no one can predict if the error will repeat nor when it will repeat. The punishment under rule 49MA - Section 177, should be totally removed as it is illogical, and it works as a deterrent for genuine voter complaints - unless source code is made public, and its auditability allowed before and during elections.
The RELIEF#1 and 2 are essential but the 1st one is more important. Without these changes, the results of 2024 General Elections will always be suspect.
Both ECI and SCI have treated the challenges to the EVM usage in elections with contempt and derision. Requests for a meeting of political parties, citizens councils and lawyers to ECI have been ignored, not even acknowledged.
The petitions principally focused on EVM vulnerabilities have been pending with the SCI for many months or even years. In March'24, when Kapil Sibal and Prashant Bhushan, on behalf of ADR (Association of Democratic Reforms) requested SCI for an urgent hearing since the General Elections 2024 were set to start from 19-Apr-24, they were told that there are many pending matters and their pleas will be heard and decided before the polling starts.
The bench of Justices Sanjiv Khanna and Dipankar Datta finally heard the petitioners on 16th April, 18th April and 24th April for about 2.5 days and finally reserved the order. On 24th April the bench had asked ECI to provide answers to six questions. One question was about the repgrammability of microcontroller program in the EVM - in the VVPAT or the CU? This is a wrong question to ask. Even if the program is unalterable because it sits in the OTP memory, the device can be hacked - by malware being loaded into the programmable memory (VVPAT has both OTP and programmable memory) and intercepting the commands going into or out of the program. So the elections have started with status quo being maintained, no one knows when and what the bench will rule on the two main demands of the petitioners.
RELATED
Search for "laptop" in the proceedings - live updates from Bar & Bench here
There is a crucial fact of use of a laptop in every election cycle in every constituency, possibly every booth, where "EVM" must be commissioned within two weeks prior to polling date - this has always been obfuscated by ECI. Judge asks an incoherent but a leading and somewhat meaningless question, "software by ECI has a lock mechanism". Firstly, the software according to ECI does not exist in VVPAT - only firmware exists in VVPAT, secondly ECI itself does not have software which is kept secret by BEL and ECIL; no one knows what is meant by "lock in mechanism", ECI does not provide an answer either.
Excerpts (copied from Bar & Bench updates):
12:03 pm, 18 Apr 2024
ECI: Yes, it is a secured software.
------------------------------------------------------------
21-Apr-24 The Leaflet this article reproduces portions of the proceedings and highlights the relevant issues here
Terminology primer for non-IT readers:
Any computer system or an intelligent device (e.g. VVPAT, Smartphone) works with the following components:
Hardware
Firmware - this sits in OTP (one-time-programmable) memory
Operating System - OS (or Control Program) - this sits in programmable memory
Application Program
Data (input from keypad or sensors or attached devices like pen drive)
Hacker corrupts the Operating System or the Control Program - if someone has the source code (or even the object code - from the set of stolen EVM machines - object code could be retrieved and reverse compiled - this is surely within the reach of a sophisticated hacker) then malware can be written into the programmable memory - in context of VVPAT, this can be done at the time SLU is inserted for copying the candidate data file; the SLU would likely be infected via the DEO/RO's laptop.
Any laptop requires an OS and the OS can be infiltrated by malware knowingly or unknowingly by the user. Everyone knows when a computer is connected to Internet, virus can enter the computer - even if anti-virus program is installed on the device - this happens unknowingly - user can also download a malware knowingly, if he wants to. Everyone knows Windows OS is easy to hack, that's why antivirus programs are necessary to instal. Most of the computers today run under Windows OS. We donot know which OS runs on the laptops the DEO/RO use in commissioning the EVM. ECI representative at some point mentioned in the court that PO's (Polling Officer) laptop is used in commissioning of EVM, whereas on ECI website, it says, DEO/RO's laptop is used. The SLU (pen drive) inserted into an infected laptop will carry the malware and transfer it into any other computer or intelligent device (like the VVPAT) into which it is inserted. This is not rocket science.
No comments:
Post a Comment