Anil Srivastava: few ideas - real issues
Wednesday, June 19, 2024
Results of General Election 2024 - the gaming of EVMs – saving future elections
Tuesday, May 28, 2024
Whither Indian Democracy – SCI Judgement of 26th April and impossibility of EVM Audit
The dismissal of EVM petitions was a disaster and deserves to be challenged before a larger bench; the Directions to ECI are amateurish and likely to turn into a spectacular charade – of false negatives and false positives; either way elections can get subverted; Post June 4th, with ECI of a diminished stature, India should ready itself for a chaos of charges and counter charges
Both the Election
Commission of India (ECI) and Supreme Court of India (SCI) have fallen short, and
they have imperiled the Indian democracy. The Electronic Voting Machine (EVM),
created by ECI, being a “gold standard” and its existing processes being “fool-proof”
are a myth SCI bought into, despite these being questioned by experts, members
of civil society and multiple petitioners. ADR (Association of Democratic
Reforms), the lead petitioner, was ignored for a year. Ultimately, the
two-judge bench of SCI which seemed in no hurry to deliver its judgment, started
hearing the ADR’s and two more tagged petitions, on 16th April, two
days before 2024 General Elections commenced, and after ten days, it delivered
its judgment on 26th April 2024!
The proceedings, in the court of Justices Sanjiv
Khanna and Dipankar Datta were indicative of what was coming. The SCI’s
two-bench order dismissed all petitions and instead
offered an “EVM audit” option for the losing contestants! The “EVM audit” conditions
mentioned in the order make a strange reading – the conditions render the audit
technically absurd and due to the composition of audit team, quite untrustworthy.
Before understanding the “EVM audit” as SCI envisages, let’s consider the much
better alternatives that would have assured the integrity of elections, but were
rejected.
The reliefs petitioners had sought were:
i) voter must get to satisfy himself/herself that Voter Verifiable Paper Audit
Trail (VVPAT) machine has printed the correct vote slip, cut it, and dispensed
it into the ballot box – such a basic assurance is NOT provided by the existing
system because the vote slip viewing window with a dark glass is back lit by a
lamp for merely 7 seconds during which the slip printing, cutting and dropping
operations cannot be seen – only the slip is getting displayed (the limited-time-lighting
of 7 seconds enables hacking by method#1 mentioned in notes
which includes a demo link).
ii) 100% of the vote slips dispensed in the ballot box must
be counted – as voter has no clue of the vote record that gets written into the
Control Unit (CU).
ADR’s lawyer, Prashant Bhushan cited experts, explanatory
demonstrations, and reasons how hacks can happen and how it could be thwarted
through the reliefs sought. But the judges on the SCI bench did not bother to
ask ECI how relief (i) can be provided? The petitioner had offered multiple solutions
– the simplest one was to keep the light, in the VVPAT, on until the voter
could see the vote slip printed, displayed, cut AND dropped in the ballot box –
at present voter can only see the slip displayed (as explained in hack method#1
in the linked notes, it could be the previous voter’s slip that gets displayed).
Nor did the judges ask ECI what were their estimates of time and cost of
complying with the relief (ii)? A reasonable answer from ECI, which it ought to
have volunteered, would have revealed – one or two day(s) and Rs.20 crores
extra – in percentage terms: a mere 4.27% more-time and a mere 0.2% more cost (computations
here).
Affirming
their own faith in ECI and the EVM, the Justices issued directions to ECI for
post-result audit of EVMs – petitioners had prayed for none of this!
SCI
Judgment on EVM audits may appear to be brilliant but is highly amateurish and
flawed
Post
declaration of results on June 4th, following predictions can be
made based on possible scenarios – INDIA loses, or BJP/NDA loses (lose means
win less than 272 seats). Both scenarios will trigger massive requests for EVM
audits. Since audits will be a technical absurdity and auditors untrustworthy,
a maelstrom is going to hit ECI.
Directions
to ECI are in para#76 on page# 37; Extracts in italics below:
a) On
completion of the symbol loading process in the VVPATs undertaken on or after
01.05.2024, the symbol loading units shall be sealed and secured in a container…
They shall be opened, examined and dealt with as in the case of EVMs. (b) The
burnt memory/microcontroller in 5% of the EVMs, that is, the control unit,
ballot unit and the VVPAT, per assembly constituency/assembly segment of a
parliamentary constituency shall be checked and verified by the team of
engineers from the manufacturers of the EVMs, post the announcement of the
results, for any tampering or modification, on a written request made by
candidates who are at SI.No.2 or Sl.No.3, behind the highest polled candidate.
At present
ECI has not published any document describing details of the audit process it
will follow. However, the very proposition of a post-result audit of EVM and
Symbol Loading Units (SLU) in context of EVM system is a non-sequitur – you can
only audit a device that is currently in the state of being hacked and not one
which was hacked and sanitized before being presented for audit.
It must be
assumed that hacking of EVM System will not be attempted by a run-of-the-mill
hacker. At stake is national security or an election that costs Rs.1.2
trillion -even both can get entangled.
A
high-level hack leaves no smoking gun behind. The way field staff commission
1.2 million EVMs (one per booth) by using SLUs over a two-week period by using
2-5 SLUs in each constituency (which are
handed over to them by the District Election Officer/Returning Officer who
connects his/her laptop via Internet to ECI Central server to download the
candidate data file that is then copied into SLUs), it is eminently possible to
infiltrate VVPATs (Voter Verifiable Paper Audit Trail) with a self-destructive
malware and then remove the malware payload from SLUs (therefore, only
sanitized SLUs with the legitimate candidate data file will be sealed after
poll closing in each constituency). A self-destructive malware is one which
erases itself from the device’s memory upon receiving a trigger, for e.g. when
“Close Polling” button is pressed by the Polling Officer on his Control Unit
(CU) – the malware on the connected VVPAT will self-destruct. Therefore, after
poll closing, the EVMs and SLUs sealed for the audit envisaged by SCI will all
be sanitized with no evidence of any malware/hack.
SCI’s
directions have more absurdities.
Firstly,
the audit should be done of the full device and not just the “burnt
memory/microcontroller” because a device like VVPAT has additional programable
memory. A malware can sit in the additional memory and make the machine
misbehave, leaving the “burnt memory/microcontroller” intact.
Secondly,
there was no compelling reason for the Justices to require the audit team to
come from the manufacturers of EVMs which happen to be ECIL and BEL,
enterprises which are owned by the Government. One of them has BJP members on
its board. Audit could have been done by independent engineers who could have
been provided healthy set of EVMs – because then they could have compared the
object code running on them with the suspected EVMs and detected tampering; it
was not necessary to part with source code. Any sophisticated hacker can
reverse compile the object code from stolen EVMs (a RTI query had revealed that
between ECI, BEL and ECIL 1.9 million EVMs are missing) and write malware to
make EVM misbehave. Malware could work with multiple parameters – Constituency,
Party to steal votes from, Party to favour, date, time, rate of voting etc. The
misbehaviour, therefore, cannot be predicted without the knowledge of program
logic and parameters used.
Read about
the three types of hacks and audits necessary to catch them - here. The ballot stuffing method requires audit of
time stamp of vote record in CU versus the time stamp in the printed vote slip
– they must match, and they must be spaced apart by at least 15 seconds – as
per ECI submissions, the maximum rate of voting designed for is 4 votes per
minute.
The SCI’s
directions to ECI for sealing of EVMs and SLUs commence from 1st
May. So, what will happen to contestants whose constituencies’ polling finished
in April?
As the SLUs
do not have device IDs probably, these are not mentioned in Form17C Part I. At the close of poll, Form 17C
Part I has to be filled in, duly signed by the Presiding Officer, the Polling
Officer, all present Polling Agents of contestants. This form mentions all three
EVM Machine IDs but there is no mention of SLU ID. If Form 17C Part I is not
placed in public domain before the devices are sealed and moved, it would leave
the door open for manipulation – vote count inflation, even switching the
EVMs. Poonam Agarwal, an investigative journalist has interviewed polling
agents who did not sign Form 17C and no one asked them to! It is confounding to
find that ECI does not require the Presiding Officer to sign the Form 17C using
his/her Digital Signing Certificate (DSC).
SCI
directions to ECI do not mention this: The audit must include examination of
signatures on Form 17C Part I and matching with machine IDs, the Total Voters –
registered and votes cast. ECI portal should host a table with the columns of
Constituency Name, Booth ID and Scanned Form 17C Part I duly signed by PO and
DEO/RO. Form 17C Part I total vote count must match the CU total vote count. Is
ECI innocent about the importance of Form 17C Part I being signed and shared
with the citizens of India or there is more than meets the eye?
What
would it take for ECI to share Form 17C data? Essentially zero additional manpower would be
required and not more than 500GB storage space – the program to manage the data
table could be written in one day, read here.
Other
troubling questions:
The
auditors without integrity can allow malware to be copied into SLUs and then
report tampering in that constituency to please the challenger (a losing
contestant). Since SLU is utilized across the constituency, will ECI declare a
repoll in that constituency?
Can the
ruling party with control over the auditors countermand an entire election by
the simple subterfuge of arranging copying malware into a few dozen SLUs?
An abridged version of this blog was published on 24th May, 2024 in The Wire
Sunday, April 28, 2024
EVM Petitions - analysis of SCI Judgment of 26th April, 2024 - good part and the curious (bad) parts
SCI
Judgment of 26th April’24 – Justices misunderstood EVM petitions; fortuitously
the relief given, which petitioners never asked for, will reduce chances of hacking
considerably
The
two-judge bench of the Supreme Court of India (SCI) delivered its much delayed judgment
on ADR’s petition filed a year ago (other petitions were tagged with it), on
the day of the second phase polling of General Elections 2024 which had started
a week earlier. This was a contest between the citizens of India and ECI and
not one between any political party and ECI or the Government – none of the
political parties were petitioners. The bench missed this point and gave
reliefs that petitioners never asked for. The SCI gave the right to 2nd
and 3rd losing contestants to demand audit of devices - EVM (comprising
Voter Verifiable Paper Audit Trail – VVPAT and Control Unit – CU and Ballot
Unit - BU) and SLU (Symbol Loading Unit) with the help of BEL and ECIL
engineers (para#75
page 37/38 of Order signed by both Justices – Sanjiv Khanna and Dipankar
Datta; separate order was signed by only JDD).
So, the good
part of the order is the directions issued to ECI which will CONSIDERABLY
REDUCE the chances of hacking because of the fear of getting caught during the
audit, if done honestly and competently. Unless the audit process, in the hands
of ECI (BEL and ECIL engineers), is subverted, the risk for hackers getting
caught will be great. The order has limited the audit to maximum of 5% of EVMs per
constituency – had the losing contestants (number 2 and 3) been allowed to ask
for audit of all EVMs, the hacking would have had no chance of escaping
detection. The order makes it explicit that the burden of cost of audit will be
on the challenger, but it does not speak about the consequences of discovery of
malware in the suspected devices – will repoll be ordered around the booth
where EVM was deployed, or the whole constituency, or the whole country? The
order shows its magnanimity (a lofty sense of justice?) in refunding the cost
defrayed by the challenger should any tampering be detected! It is strange that
the order did not consider it justifiable to appoint independent auditors in
resolving the audit challenge. Independent auditors could have compared the
object code (access to source code is not necessary) in the suspected machines
with healthy machines provided by ECI and given their verdict about the evidence
of tampering, i.e. presence of illegitimate stuff (malware or any foreign software).
The order unnecessarily elaborates that “microcontroller’s burnt memory” will
be subject to audit – what about the flash memory of 4MB (see paragraph#22 in
the order)? For the two types hacks which the Justices didn't understand, the problematic parts of the judgment and a semi-technical note on the EVM hackability read here.
Let’s now consider
the curious (bad) part of the order which betrays the misunderstanding on part
of the honorable Justices – and which is worthy of a challenge in a review
petition. The main petitioner’s Sr advocate, Prashant Bhushan asked for sensible
reliefs which would have served to FOIL hacking of EVM System completely. He did not allege that hacking has indeed happened. This does not mean that hacking cannot happen in future becasue of vulnerabilities in the EVM System. He
also explained all the important vulnerabilities and tried to elaborate the possibility
of malware infiltrating the “programmable memory” of VVPAT but JSK cut him off
multiple times – as can be read from proceedings in the court – live updates
from independent websites – read here.
First
relief sought was that the voter should be able to verify the correctness of the
vote slip printed by the VVPAT AND assure himself/herself that it is cut and
dispensed into the ballot box. Prashant Bhushan explained (or tried to) that the existing arrangement is deficient and he offered three alternatives – i) revert to paper ballot,
ii) hand over the vote slip to the voter who can verify its correctness and
dispense it into a ballot box and iii) keep the light inside the VVPAT behind a
dark glass (why on earth this glass should not be transparent is NOT explained
satisfactorily by ECI – the secrecy argument is totally specious as the voter
compartment is always placed in a corner of the room) illuminated all the time
so that the voter would leave the voter compartment only after full
satisfaction: the correct slip is printed, cut and dispensed into the ballot
box – it is not sufficient to light up the lamp for a mere seven seconds to
show the slip to the voter. Amazingly, the order has explicitly denied this
right to the voter – JDD elaborates in his separate order – in para#15 & 16
page#48 & 49 - that under Rule 49M(3), it is sufficient to merely show the
slip to the voter! Obviously, the Judge never understood the method of hack –
in which consecutive votes are stolen and cast in favour of hacker’s party WHEN
THE LAMP IS SWITCHED OFF. In this method of hacking, the vote count in CU and
VVPAT printed slips would match; watch one of many explanatory demos, using
representative machines, how this consecutive votes are stolen demo of 13 min.
The Justices elaborate naively in their order that never in the past have
discrepancies been reported between the CU count and manual count of VVPAT
printed slips, therefore, no hacking could have ever taken place! That hack can happen even when the counts are consistent was not understood at all. The order
quite unnecessarily derides the demand for paper ballot (Godi media had also
amplified the “retrograde demand of paper ballot”) and the demand for voter
slip being handed over to the voter WITHOUT MENTIONING ALL THE THREE
ALTERNATIVES. Based the third alternative Prashant Bhushan offered, the Justices
should have quizzed the ECI to articulate methods of satisfying the voter that
the vote is correctly printed, cut and dispensed into the ballot box – ECI should
have specifically answered why it has designed the complicated system of
switching light on off and generating an audio beep signal – ECI should have
been asked to explain why the simple method of illuminating the cutting
operation and dispensing of the slip in the ballot box was not preferred. ECI had
revealed in the court that there is a sensor which detects the falling slip and
it sends out an audio beep. What if the audio beep signal is generated falsely
by a hacked VVPAT? Therefore, the relief of voter verification should have been
granted to foil this smart method of hacking. Post-results-audit can also detect
this hack, however, the cost of foiling the hack is much smaller than the cost
of recovering from the consequences of a hack after it has been allowed to
happen.
Second
relief the petitioners asked for was manual count of 100% vote slips and
comparing the same with CU count (the comparison would diminish the errors of
manual count – the order shows the wisdom of comparison escaped their comprehension
completely). This comparison would serve to foil the simpler, though a dumber, hack
of voter pressing the button of one candidate and the vote in the CU being
written of another party. In this hack the vote slip of the correct candidate
in a manual count would not match with CU count. This hack is easy to catch,
therefore, it is not likely to be preferred by a sophisticated hacker. It is a
no-brainer that the hacker is not likely to be a run-of-the-mill type; the subversion
of Indian elections can entangle trillions of rupees (the General
Election 2024 is projected to cost 14 Billion USD) and national security. The
order allows only 5% of EVMs to be tallied manually in a constituency. However,
it has directed ECI to evaluate bar code printing on the vote slips for
possible machine counting in future elections. The denial of this relief was
not logical and pennywise pound foolish. According to SY Quraishi the 100%
manual count of vote slips cannot be compared with the paper ballot era when
the ballot papers could be the size of a newspaper. With small VVPAT printed
vote slips, it is feasible to finish counting within one day – watch here.
By capping the manual count to 5% of EVMs per constituency, the chances of the
second type of hack still remain, however, this is not as much a serious
compromise as is the denial of the aforementioned relief of verification by the
voter because that allows the smarter hack to still take place. In a review
petition, the first relief ought to be demanded and perhaps with a bigger
bench, the chances of convincing the judges will be better!
The judgment has many other technical bloopers (for e.g. para#22 the candidate
data file is a bit map file – it cannot be so as the candidate name and ID
apart from the symbol needs to the transferred). The language used in the SCI
order, in many places, seems to be that of BEL or ECIL engineers, as pointed
out by Kannan Gopinathan in a recent interview to Poonam Agarwal who had helped unravel the Electoral Bond scam.
Friday, April 26, 2024
EVM VVPAT curious Judgment of SCI - good thing - it will deter hackers as they could get caught
The SCI judgment, of the morning of 26-Apr-24, on the EVM VVPAT petitions delivered zero justice to citizens
of India and a partial consolation to political contestants in the Indian elections. No
thanks to Political Parties, which never took a consistent or firm stand against the EVM usage, the heroic efforts of Jagdeep Chhokar of ADR represented by Prashant
Bhushan and many other petitioners deserve a salute. This is a fight between
citizens and ECI, and not between a political contestant and ECI, as the
two-judge bench’s order unfortunately seems to project.
Saving grace of SCI order:
ECI has been ordered to seal the SLU (Symbol Loading Unit –
a fancy name of a pen drive which is used to transfer candidate data file into
VVPAT) and EVMs after close of polling for a possible audit by engineers of BEL
and ECIL. A losing contestant, either 2nd or 3rd, will be
allowed to ask for audit of the memory of microcontroller of VVPAT (Voter
Verifiable Paper Audit Trail) and CU (Control Unit) within 7 days of results. Bench
does not seem to have realized that there is memory outside microcontroller too
and the device can be compromised by malware sitting in that memory! Unfortunately,
the order has capped the audit as well as manual count of vote slips to
previously set limit of 5% per constituency. Regardless of these oddities, this
order will deter a hacker as he will fear getting caught during the audit, unless
the hacker and the auditors from BEL and ECIL, already accused of being under
influence of BJP affiliated directors, are co-conspirators. SCI should have
allowed independent auditors to have access to source code to enable them to do
audits. However, the bench had refused to divulge the source code earlier.
Finally, SCI should have asked ECI to seal the devices effective today instead
of 1.5.2024, why allow hackers, if any exist, a free pass?
The order, with directions to ECI, passed by the two-judge bench of Justices Sanjiv Khanna and Dipankar Datta is deficient on many counts and it is very likely that ADR, the lead petitioner, will file for a review by a larger bench. Indian democracy cannot be exposed to the slightest risk. The existing EVM System is easy to hack and many IIT Professors, other than those on Technical Experts Committee of ECI have confirmed this view. 7,000 eminent citizens had filed a petition before ECI but it did not even acknowledge it. General Elections of 2024 are projected to cost 14 Billion Dollars. Hackers, not the run-of-the-mill type, can entangle not only huge money but also national security. SCI must be tested to see if it pays heed to the voice of India’s citizens.
After this Judgment, the possibility of hacking could reduce considerably due to the possibility of the hacker getting caught. If the audit is done honestly and competently, the hacking would be caught surely if the right EVMs (out of 5% per constituency) are picked by the challenging contestant, otherwise he may still escape detection!
RELATED
EVM petitions - proceedings in the SCI
Also read previous blogs - the two methods of hacks and the two reliefs petitioners had asked for.
To reduce the hacking chances to zero, the two reliefs necessary are: 1. Voter must be able to verfify her vote is correct, it is cut and it is dispensed into the ballot box before she walks out of the compartment of voting at the polling booth and 2. 100% of VVPAT printed vote slips must be manually counted and compared with the CU count - in whichever EVM there is discrepancy, recount should be automatically trigerred and in case of persistent difference, the manual count should prevail (this is the existing ECI rule anyway).
Saturday, April 20, 2024
EVM VVPAT Petitions and the SCI - Voter verification even more important than 100% manual vote count (updated 27th April'24)
The spectacular bluff of two "silos" of data of Electoral Bonds (EB) that State Bank of India (SBI), represented by top lawyers, tried to pull off was live streamed to the whole country from the Supreme Court no.1 in the month of March 2024. The two "silos" were actually two tables of data. Such data of EB buyer and EB recipient in two tables of a Database (or even Excel worksheets) would require not even three minutes to match but the lawyers of SBI, FICCI and GOI asked the five-judge bench to grant them three months. Had SBI used the word tables instead of "silos", any computer literate person could have pointed out that the matching is a trivial exercise of writing one join query in a database or "vlookup" command in an Excel worksheet.
Saturday, March 23, 2024
Election Reforms for India - EVM and Political funding - immediate fixes required to save democracy
This blog is not a plea for junking the EVM System, rather about making two process changes and junking few rules that thwart legitimate challenges. This will make the EVM System safe to use - the citizens will be saved from hacking that any party or anyone (a hostile country) with resources can EASILY execute in the existing system.
[Reference links given at the bottom. If you want to cut to chase, the link related to challenges to EVM copied here: Challenges to EVM and reaction of authorities ]
In a democracy, it is said, the people get the government they deserve. But what if the election process gets or can get compromised (hacked)? What if only one side gets all the resources to campaign and fight elections by tilting "the level playing field"? Both these problems have become manifest in India, and it is unlikely they can be resolved without the intervention of the Supreme Court of India. With what India has now begun to be called a "Electoral Autocracy", will very soon turn into a "Sham Democracy" or a "Total Dictatorship"; very far from "Mother of Democracy" boast of PM Modi.
First, the EVM System which can upend the election results - what are the fixes:
- An elector (voter) walks into the Polling Station (PS) with an ID proof. S/he walks up to the row of Polling Agents of Political parties, and they tick off the name after verifying his/her name on the voters list. If name is not found, the voter is not allowed to vote. [It is alleged that many voter names are deleted by ECI due to system deficiencies or mala fide designs of the ruling party.]
- Indelible ink is smeared with a thin swab on one finger of the eligible voter. [ECI is not sure if the same voter is listed multiple times in different locations (booths) as there is no citizen ID in India at present.]
- The voter walks up to the Voting Compartment and waits to press a button on the BU to register his/her vote. The BU has the names of contestants and election symbols adjacent to buttons. Max 16 names per BU - they can be daisy-chained.
- The Polling Officer with the CU presses a key to enable the BU to register a vote.
- After hearing the audio beep that tells everyone in the room that BU is enabled to accept one vote, the voter pushes a button on the BU to register his/her vote.
- A tiny window with one way mirror glass on the VVPAT lights up for 7 seconds during which the voter can see the voting slip with the name of the candidate and symbol! Voter must assume that this slip is not of the previous voter - though there is no telling it could well be of the previous voter who voted for the same candidate - a hacked VVPAT could behave in this manner. If the visible slip is NOT as per the vote cast, then the Voter can complain to the Presiding Officer, and fill out a form to nullify the "wrong vote". There is an intimidating process to rectify the error - which includes actions to "prove" that the machines are misbehaving! Failure to prove the misbehaviour attracts a penalty of Rs.1,000 and imprisonment of three months! VVPAT is supposed to write a record of the vote in the CU; a hacked VVPAT could well write a vote in favour of a candidate of hacker's choice.
- The voter having cast his/her vote, walks out trusting the vote is recorded correctly in the CU and that the slip s/he saw in the VVPAT has been indeed dispensed in ballot box. It could well be that the slip has NOT been dispensed in the ballot box nor recorded in the CU. A hacked VVPAT could behave like this - hold all consecutive votes of an adversary party (adversary of the hacker's party) until a vote is cast of a different party - upon that happening, the hacked VVPAT could print and dispense all the votes it had held back, in favour of the hacker's party candidate, and record the votes in the CU consistent with the printed slips!
- The vote slip dispensed, and the vote recorded in CU are consistent but NOT according to the vote cast on the BU, therefore, Change # 1 of verification by voter is required
- The vote slip dispensed is consistent with the actual vote cast, but the vote recorded in CU is NOT, therefore, Change # 2 of rule of manual count compared with CU count and manual count to prevail, is required
- The possibility of a fraud of replacing the CU and Ballot Box pairs is non-trivial because a RTI based PIL had revealed that whereabouts of many EVM Systems are not known to ECI. Therefore, Change # 3 of rule of transportation is required
- The punishment should be totally removed as it is based on an illogical premise of predictability of hacked programs, and it deters genuine complaints of voters. If source code is made public, independent auditors can confirm if VVPAT, BU and CU are working as per original program; this will allow citizens to prove hacking else it is NOT provable. Therefore, Change #4 of rule of fines or punishment should be removed or else the source code should be made public and the option of auditability of the source code should be provided
Second, the pernicious political funding system which reduces chances of honest and smart candidates winning elections - fixes required
Funding reforms that can be done immediately
- ECI should mandate 100% disclosure of all funds mobilised by every contestant and every political party. In todays world this is easy and the name of the donor, his identifier, the amount of donation and date should be the minimum data included in the list to be published on the website of the party or individual or ECI provided platform. At present donations below Rs.2,000 need not be disclosed. This loop hole is exploited by parties - one party had claimed that its entire funding was of smaller donations, therefore, not a single name was disclosed!
- The elections expense caps which apply to contestants should be totally removed. The expense caps are so low that virtually all contestants are forced to tell lies because they spend much more money than is legally allowed. Those who do not have unaccounted (black) money, tend to lose out. The existing system reduces the chances of honest and smart candidates winning elections and it rewards those who have lot of black money and who can manipulate the system and get others to spend on their behalf (with quid pro quo of course).
- The State should provide free airtime on its TV channels – national and regional - to all contestants. It should also arrange leading three or four contestants to debate so that voters are better informed before they vote. The moderators can be selected by the candidates themselves. The recorded debates and statements of objects should be made available on ECI's portal.
how Iran Nuclear fuel processing centrifuges were
knocked out by CIA even though Iran's engineers had claimed the plant had
"stand alone" systems - just like ECI is claiming their devices are
in a "stand alone" state - they allow connecting a SLU before
commissioning the system - this is sufficient to infiltrate a rogue program
into VVPAT. The hacking can be done selectively - in certain systems only - as
all the machines have unique IDs. The rogue program can behave according to a
date - time - number of votes cast - schedule - thus defeating the FLC which
ECI pompously claims is sufficient proof of proper functioning of the EVM
system. They are fooling the public or they are ignorant.
EVM System - updated website - new revelations and questions
(ECI has updated its
website pages; new FAQ on 7-Feb-24, Presentation too is changed; probably in
response to recent protests and demos of hacking; it has now changed the
definition of EVM - earlier it used to mean BU and CU but now it includes VVPAT;
so, EVM now cannot be claimed to be OTP device as VVPAT has programmable
memory; furthermore EVM System, is more than EVM but ECI is silent on
it).
ECI presentation on EVMs - false claims and
misrepresentations discussed in this note
Are EVM System components OTP type devices? No
clear answer from ECI/GOI
Kannan Gopinath's interview on EVM system
hackability
Read about the two hack demos. Recently hacks of EVM System were demonstrated and videos shown on 4pm News Network. In these hacks the VVPAT votes differently from the actual votes cast - the slips printed and vote recorded in the CU were consistent. Therefore, the manual count of slips and the count from the CU would match. This type of fraud can only be prevented if Demand#1 is met, else it would require software audit but that is not possible as ECI and SCI have said that software is secret. SCI on the one hand ecourages Open Source - but on the other hand, in this particular instance, it protects the IPR of a ridiculously simple program - GOI can easily get the same software developed in Open Source or buy the IPR for cost which is not likely to exceed few million rupees! Another intriguing thing to read about is that 1.9 Million EVM Systems have gone missing - The Wire article of 22-May-19.
Political funding existing in India today is recognised as the
fountainhead of corruption: Notes
SBI
stonewalling SCI - is it perjury and contempt? SCI's honour was at stake -
partially redeemed
On-line voting and political funding India requires: Blog