1. First
let's list few smart-ass questions people have asked with regards to alleged
hackability of EVM or subversion of existing processes (which are two different things)
of the Indian
EVM System (at this link, read descriptions and also watch demo of a hack in which VVPAT votes match with Control Unit, yet votes stolen):
1.1 EVMs have now been used in thousands of elections and
counting of billions of votes. Where is the evidence of hacking? [Fact:
Anomalies reported without answers from ECI; Citizen activists have
consistently reported concerns - they are the bigger stakeholders; SCI should
have known better than to view the tussle with EVMs as one mounted by
Opposition parties]
1.2 Losers complain about EVMs but when the same party wins
unexpectedly, everything seems to be kosher with EVMs! [Fact: Citizens
are the main stakeholders, not Political parties - citizen activists have been
consistent in expressing their concerns and asking for greater transparency and
auditability; investigative journalist, Poonam
Agarwal's queries to ECI regarding discrepancies in ECI's own published
data remain unanswered since 2019, ADR's petitions are
still not adjudicated by SCI - either they have not been heard or only interim
orders passed]
1.3 If the ruling party can hack or manipulate results in one constituency, why does it lose in other constituencies? [Fact: Hacking methods may involve subverting integrity of District Election Officers/Returning Officers (DEO/RO) or Presiding Officers (PO) - therefore, risk of exposure must be limited by the hackers - they are not foolhardy to try to subvert officers across multiple constituencies]
2. Questions
such as above are asked by people who may be technically qualified but are
naive and certainly arrogant; though most of them are "digital
illiterates" (who can't distinguish hardware from firmware from software
from malware). Both sets of people are arrogant because they have not looked at
demos of possible hacking (in which CU and VVPAT slips are in sync and yet votes can be stolen) and methods of subterfuge possible with utterly
flimsy methods of identification of EVMs, non-disclosure of Form-17C, dark
glass coupled with 7-second lamp in VVPAT, VVPAT having writable memory and EVM
System not being a standalone system (most of the time ECI falsely
portrays VVPAT and other EVM devices are OTP - one-time-programmable types and “EVM”
is not connected to Internet but “EVM System” is - and the distinction between “EVM”
and “EVM System” is not known to most people).
2.1 When technical design and software are kept secret, how
can anyone (regardless of their technical competence) make a categorical
statement that EVM is NOT hackable? Furthermore, when processes of identifying
EVMs are flimsy, the challenge of wrong voting is fraught and conditions of
testing are illogical and can invite fines and prison terms, record of counts
and polling agent signatures are not revealed immediately after poll closing
(in Form17-C), how can evidence of hacking or manipulations be gathered?
Therefore, in the face of such odds, it is not very intelligent to ask for
evidence of hacking or counter by citing the numbers of elections and votes
counting that EVMs have been used for over the years!
3. ECI
in tandem with SCI have thwarted
citizens’ efforts to introduce more transparency (make public hardware
design and software source code) or simple measures of minor hardware
modification (open VVPAT so voter can pick up vote slip and insert it into
ballot box or VVPAT with transparent
glass instead of tiny dark one-way view glass with an inside lamp that
remains lit up for a longer period) and process changes in the existing EVM
System and their usage (share Form 17-C with public). ECI has refused to reveal
full details of technical design of EVM components, kept the software secret
under the pretext of protecting IPR of Government owned units (actually this simple software will hardly require few weeks to develop)! Furthermore,
questions raised about alarming
levels of data discrepancies between votes polled and votes counted have been
ignored by ECI for years on end. Seemingly curious levels of battery
charge of 99% in EVM components (the Control Unit) observed on the day of
counting were only recently
explained by ECI.
Ironically, while "timid or
couldn't-care-less" types of Indian tech tycoons have kept mum (with the exception of Sam Pitroda),
non-technical politicians and commentators have often cited non-sensical
reasons for either continuing the existing EVM System or, revert to paper ballot
– among the former are Yogendra Yadav,
Justices Sanjiv Khanna and Dipankar Datta who asked civil rights petitioners (in
their April 26th, 2024 order): Where is the evidence of hacking (?), we
cannot act on mere suspicion (!) and, among the latter is Elon Musk who said,
“anything could be hacked” and, in a tweet, he suggested that EVMs should be
eliminated due to the risk of being hacked by humans or AI, even if the risk is
small. It must be noted, not all EVMs are same, and Elon Musk was certainly not
commenting about the Indian EVM System about which he likely knows nothing (In
USA many States use Electronic devices and VVPATs) .
Experienced software engineers
know it is possible to write malware (rogue software) which activates only when
given parameter's values are in a certain range and the program can
self-erase leaving no trace or evidence when certain values are reached
(e.g. certain date-time or certain number of votes cast etc.).
ECI has falsely claimed that EVM
is a standalone type of system even though in every election cycle, the laptop
of DEO/RO is connected to ECI
server via Internet to download Candidate ID, Name and Party Symbol file; this
file is copied into 3 to 5 Symbol Loading Units (SLU - is a pompous name for a
pen drive with flash memory) which are used to commission the EVMs in each
booth of the constituency managed by the DEO/RO, by copying the file into the
writable memory of VVPAT. ECI has asserted that malware cannot be infiltrated
into the VVPAT via this file without revealing technical details of the devices
and SCI has ruled that citizens cannot question ECI without any evidence of
hacking! This is a Catch-22 situation.
3.1 It would be non-sensical for the car manufacturer to
issue roadworthiness certificate to its own cars – which is exactly what ECI is
doing in India – as EVMs are manufactured by Government owned companies, BEL
and ECIL, and the quality certification is also done by STQC - the
Standardisation Testing and Quality Certification (STQC) Directorate, which is
an attached office of the Ministry of Electronics and Information Technology,
Government of India. Unfortunately, in case of the Indian EVM System,
these common sensical and basic democratic tenets are missing and all attempts
to make the Indian EVM System trustworthy have been stalled by ECI and refused
by the SCI.
3.2 SCI on its own introduced an "innocent" post-election
audit option and ECI distorted it further making it a complete joke. On page#37
in para#76 the Judges had observed in their 26th
April judgment: "Nevertheless, not because we have any doubt, but to
only further strengthen the integrity of the election process, we are inclined
to issue the following directions": ECI to allow post-election audit of
EVM and SLU which was a pointless measure ab initio as no hacker would be so
naive as to leave evidence of malware infiltration in EVM or SLU. The SCI should be
petitioned to modify the testing methodology as mentioned below in prescription
no.5.1 (the innocent SCI Judges will first need to be informed about self-erasing malware).
3.3 At stake is the Indian Democracy and the principal
stakeholder is the citizen of India. To uphold the constitution of India, the
ECI and SCI must respond to citizens’ demands for a safe and trustworthy EVM
System.
4. Without
going into the history of petitions and pending queries with the SCI and ECI
respectively, or the farcical stand of ECI to treat EVM as a black box and the
SCI’s endorsement of ECI’s stand to maintain secrecy of software and hardware
design and, ECI’s refusal to make public the Form
17-C data immediately after poll closing, let us consider the minimum
tweaks in hardware and processes that SCI/ECI must be petitioned to accept.
5. PRESCRIPTION: What can be done to make the existing EVM System trustworthy - assuming that ECI and SCI will not reverse their stand to keep the EVM's technical design and software secret? Petitions already filed before the SCI need to be amended or supplementary petitions added as follows.
5.1 SIMULATED EVM TESTING ON THE DAY OF VOTING (in lieu of post-election audit option mentioned in the SCI's order of 26th April'24): This is somewhat similar to the "mock polling" that ECI has prescribed but only that it will be done separately. Presently mock polling is conducted just before polling starts in every booth, to check the performance of EVMs. Ater successful testing, the samples of mock votes are deleted from the memory of CU, and the ballot box of VVPAT is emptied out of the printed votes.
In each constituency, one day before the polling day, ten EVMs at random should be replaced from the reserved stock; this doesn’t pose a problem because ECI manual prescribes stocking of backup EVMs, to meet the contingency of replacing defective EVMs at a short notice. These ten EVMs should be taken away for simulated testing, the next day, i.e. on the date of actual polling, by contestants’ parties.
The simulated voting should be done on the ten EVMs by casting random votes, at
a natural cadence (say 1,200 votes in 10 hours) throughout the day, however,
each vote that is cast will also be noted on paper or a worksheet, with the
date-time stamp. At the end of the day, the poll closed button should be pressed as usual on the CU, the total votes recorded and displayed in the CU, and the vote
slips printed and dispensed in the VVPAT will be compared with the manual
record – i.e. the list or the worksheet.
If there is zero discrepancy, the constituency's election will be considered
valid, otherwise it will be countermanded and based on the pattern of
discrepancies favouring a particular candidate, a competent authority will
adjudicate on the question of fraud committed. The findings could lead to
disqualification of the candidate or the banning of the candidate’s party from
contesting any election for six years or instituting an appropriate criminal
case.
5.2 NEW PROCESS TO IDENTIFY EVMs: In every election cycle, new type of tamper proof stickers (which cannot be peeled off without tearing them) should be pasted on EVM components - stickers should be large with
space for machine IDs, should also have space for signatures of polling agents
(at least two) and PO; who must sign these at the same time they sign the Form
- 17C after the poll closes. [It is curious that these machines do not have mac
IDs which could have been digitally displayed].
5.3 NEW PROCESS TO RECORD THE STATUS
UPON POLL CLOSING: Photos of signed stickers of machine IDs of CU,
VVPAT, Digital display of total votes count on CU and Form-17C should be
uploaded on the ECI's portal within 30 minutes of poll closing. DEO/RO must
unlock the uploaded photos for public viewing within 24 hours of poll closing.
5.4 NEW PROCESS WILL ENSURE EVM IS
NOT SUBSTITUTED: On the day of counting, the contestants' agents should
be allowed to compare the signatures seen in all photos of stickers on CU and
VVPAT - with those on the physical EVM devices and the total vote count reported in
Form17-C must match with the total vote count and candidate wise total count
displayed by the CU in the counting room - if there is a mismatch of any type - either of signatures
or vote counts - the EVM should be set aside for adjudication by a competent
authority - these are conditions under which, normally speaking, a repoll must
be triggered.
5.5 MODIFICATION IN VVPAT TO ASSURE
VOTER THAT CORRECT VOTE IS PRINTED AND DELIVERED: The light inside the
VVPAT gets switched off within seven seconds of the vote being cast, i.e. the button
being pressed on the BU - reason ECI has offered for this curious design is
preservation of secrecy of vote. As VVPAT is placed in a secluded corner within
a “voting compartment”, this untenable reason ought to be rejected. And the VVPAT design
should be modified to make the inside lamp remain lit constantly so the voter
can see both operations – i) a new vote slip getting printed and ii) the
printed vote slip getting cut and dispensed into the ballot box.
6. Out of the above five changes, first four ( #5.1 to 5.4 ), process changes, are essential. If 5.1 to 5.4 are accepted, demand for VVPAT modification #5.5, which is desirable but not essential, could be waived; similalry, the following demands pending in petitions before the SCI, may then be safely withdrawn: i) Vote slips printed by VVPAT to manually count (100%) and use the CU count only to counter check. ii) Post-election audit option as mandated by SCI in its 26th April'24 order (and incorrectly implemented by ECI)
6.1 Fall back position: If process change #5.1 of simulated tests is not accepted, then the four demands # 5.2 to 5.5 become essential along with the pending demand of "100% VVPAT count", other wise type (a) EVM hacking of delayed printing and stealing votes or type (b) EVM hacking of printing correct vote and recording another (hacker-party's) vote in CU, should either (a) or (b) perpetrated, will not be caught - as already explained, the SCI's post-election audit is useless (malware could self-erase leaving no trace or evidence so audit will never find anything amiss).