Subversion of Indian Elections — Vulnerabilities, Fixes & Debates for Election Reforms

  

By Anil Srivastava | Full Blog Post | November 8, 2025 – Updated May 7, 2026

Overview

Indian elections are beset with serious problems at multiple levels — ironically, all of these can be fixed. The biggest reason reforms haven't happened is the lack of public pressure. Some fixes require constitutional amendments with a 2/3rd majority, a few require legislative amendments with a simple majority, and others require only a procedural change which could be mandated by ECI (Election Commission of India) or forced by SCI (Supreme Court of India).

ECI, once a reputed independent institution, is today seen as a government agent. SCI has been generally dismissive of activists' challenges against ECI's processes and conduct. Therefore, it is only public pressure that can save India's democracy.

---

Reform Table: All 11 Vulnerable Stages

(S=Short-term, M=Medium-term, L=Long-term | E=Essential, D=Desirable)

---

Sr. 1 [L & E] — Political Funding & Accountability of Contestants

Vulnerability: Unrealistically low expense caps force candidates to mobilise funds under the table, entailing quid pro quos. Honest candidates are sidelined. Wild promises are made with no accountability. Humongous election rallies cause public inconvenience.

Fix: Expense caps to be raised 10x with full transparency in disclosures. Political parties must disclose 100% of funds. Donors above a threshold must disclose all government contracts. State to provide broadcast time and organise moderated debates. Physical rallies capped at two per candidate and five per party. ECI to publish candidate statements of objects and past performance in easy-to-read searchable tables.

🔗 Deep dive: World's biggest election | Costliest election | Political party proliferation

---

Sr. 2 [L & D] — First-Past-The-Post (FPTP) System

Vulnerability: With multiple parties, FPTP distorts representation — winning parties often have minority voter support. Dummy candidates are propped up with slush funds to split opposition votes.

Fix: India should replace FPTP with a Two-Round System (TRS) or Proportionate Representation System, ensuring winning candidates always have >50% vote share.

🔗 Deep dive: FPTP vs TRS which is better for India?

---

Sr. 3 [M & E] — Scheduling of Elections (Phase-wise)

Vulnerability: ECI announces election phases without consulting major parties and appears to follow the ruling party's demands. The last General Election stretched to 42 days.

Fix: ECI must adopt a transparent, consultative approach to phase scheduling with all major parties.

---

Sr. 4 [M & E] — ECI Appointment of Election Commissioners & Immunity

Vulnerability: All three ECs are appointed by PM & Cabinet with little say for the Leader of Opposition (LOP). ECI becomes partisan and beholden to the ruling party. ECs face no accountability for their conduct or violations of the Model Code of Conduct (MCC).

Fix: Appointment committee should comprise PM + Chief Justice of India (CJI) + LOP. ECs must be made accountable and prosecutable for acts of both commission and omission.

🔗 Deep dive: ECI beholden to Government  LOP has little say

---

Sr. 5 [S & E] — Electoral Rolls Preparation & EPIC (Electors Photo ID Card) Issuance

Vulnerability: Very poor system design with no use of India's DPI (Digital Public Infrastructure). Huge errors — ~17% dubious additions in one Assembly Constituency; 6,000 names attempted to be programmatically deleted in another. Duplicate EPICs and entries in Electoral Rolls without EPICs abound. ECI refuses to release digital searchable rolls citing false legal reasons (it releases scanned pdf files for no good reason).

Fix:

1. Aadhaar must be mandatorily linked with EPIC (legislative support needed; ~650 million already seeded).
2. EPIC generated only after biometric Aadhaar authentication; both EPIC & Aadhaar numbers must be printed in Electoral Roll.
3. EPIC to carry current address (determining constituency), separate from permanent address. This will enable migrant workers (tens of millions) to vote from their current addresses.
4. Deletion process made rigorous: requester identity authenticated biometrically; ID & IP stored; suspicious high-speed deletion attempts referred to NIA (National Investigation Agency).

🔗 Deep dive: Wrongful additions & deletions | Indian Citizen vs Voter explainer | Linking Aadhaar with Voter Card |  

---

Sr. 6 [S & E] — Polling Booth Voter Identification

Vulnerability: Photos in Electoral Rolls are of very poor quality and miniscule size, allowing impersonators to pass scrutiny of Polling Assistants (PAs) and Presiding Officer (PO).

Fix: Identity must be established via biometric Aadhaar authentication. All booths to be equipped with fingerprint scanners and facial recognition (ECI to develop an app). At least one iris scanner per polling station. Satellite phones/VSAT kits for remote areas. Two fallback biometric methods to ensure no genuine voter is excluded.

🔗 Deep dive: Voting system before and after EPIC linked with Aadhaar

---

Sr. 7 [S & E] — Physical Electoral Roll & Ink-Smearing Process

Vulnerability: Errors occur in manually marking voters on physical rolls and recording serialised numbers. The process is antiquated and error-prone.

Fix: Eliminate physical Electoral Rolls entirely. ECI's Voter Management System (VMS) to provide booth-specific electronic voter lists to logged-in PAs (Polling Agents) and POs (Presiding Officer) on smartphones/tablets. PO/PA to mark authenticated voters electronically; VMS records EPIC in a "Votes Cast" table. Indelible ink smearing becomes unnecessary as the system prevents double-voting automatically.

🔗 Deep dive: Voting system before and after EPIC linked with Aadhaar

---

Sr. 8 [S & E] — Voting with the EVM System

Vulnerability: EVM is a "black box" — source code and technical design not revealed. The dark glass + 7-second lamp design of VVPAT means voters cannot reliably verify their vote slip being printed and dispensed. A gamed VVPAT can steal votes with no proof, as the malware self-erases before poll closing leaving no audit trail. ECI has also ordered CCTV footage deleted after 45 days.

 

Fix:

1. VVPAT must have transparent glass with the inside lamp constantly lit so voters can see the slip printing and being dispensed into the ballot box.
2. On polling day, in 2% of booths per constituency (chosen by contestants), EVMs to be removed for Black Box Testing (BBT) — simulated voting at real pace, with worksheet results compared against CU display and printed slip count. Discrepancies to trigger investigation or countermanding of election. A pattern favouring one party may lead to disqualification.
3. CCTV footage must be shareable with contestants to verify the maximum 4-votes-per-minute EVM rule. ECI's deletion policy is described as mala fide.

🔗 Deep dive: EVM usage & vulnerabilities | Voting system overview

---

Sr. 9 [S & E] — Poll Closing Processes & Form 17-C

Vulnerability: After polling closes, the PO is supposed to record in Form 17-C, total votes as displayed on CU, timestamp and serial numbers of CU, BU and VVPAT.  The filled-up Form-17C is supposed to be signed by PO and PAs. If fraudulently, higher vote count and timestamp is recorded on Form-17C then the extra votes could be cast by the PO; as a precaution, to escape audit enquiry, the PO could tick off names of those who had not voted, on physical electoral roll. Delays and fudging in manual submission, without a photograph of CU display of vote count and poll closure time, undermine integrity.

Fix:

1. CU display fields (total votes, serial number, date-time stamps) and VVPAT serial number to be photographed and uploaded to ECI portal immediately.
2. Form 17-C, signed by all present, to be photographed and uploaded to ECI portal.
3. Total booth votes with CU & VVPAT serial numbers to be input online on ECI portal (with male-female breakup).

🔗 Deep dive: Form 17-C, process modifications for preventing fraud

---

Sr. 10 [S & E] — DEO Submission to ECI After Form 17-C Collection

Vulnerability: The District Election Officer (DEO) compiles booth-wise votes from Form 17-C and files on ECI portal — but there is inadequate verification of accuracy.

Fix:

1. DEO to verify booth-wise votes by cross-checking physical Form 17-C against PO-uploaded photos.
2. ECI's VMS to generate a digitally signed (DSC) statement of booth-wise votes within 24 hours of poll closing.
3. All contestants to be able to view booth-wise totals with filters on ECI portal.

---

Sr. 11 [S & E] — Vote Counting in the Counting Room

Vulnerability: In the counting room, booth-wise candidate results are read off each CU. There is currently no systematic check that the physical CU being counted is the same machine used at the booth — creating a window for EVM substitution or tampering.

Fix: Before reading results from each CU, contestants' representatives must be given an opportunity to verify the CU's displayed serial number against Form 17-C, the tamper-proof sticker with serial number on VVPAT, and uploaded photos. Any discrepancy must halt counting for that constituency and trigger an investigation.

---

Most Important Short-Term & Essential (S & E) Reforms

As concluded in the blog, the following items can significantly reduce risks to India's democracy quickly and should be prioritised:

Sr. 5 — Electoral Roll cleanup via mandatory Aadhaar-EPIC linking and biometric-authenticated deletions (especially sub-action 5.4)

Sr. 6 — Biometric voter authentication at booths using Aadhaar

Sr. 7 — Replace physical Electoral Rolls with electronic VMS-based system; eliminate ink smearing

Sr. 8 — Fix VVPAT transparent glass; introduce Black Box Testing in 2% of booths; share CCTV footage with contestants (especially action 8.2 to thwart EVM hacks)

Sr. 9, 10 & 11 — Digital upload of Form 17-C, DEO verification, and serial number cross-check before counting — to thwart all post-poll gaming

By utilising India's excellent Digital Public Infrastructure (DPI) coupled with tweaking the Aadhaar Act and making minor changes in VVPATs, India's democracy can be quickly secured. Subversion of Indian elections is a high-stakes game — if hacking/manipulation is being done, it is likely done by top-drawer hackers who will not leave an audit trail.

---

The two longer-term structural reforms — Sr. 1 (political funding transparency) and Sr. 2 (replacing FPTP) — remain critical but require much broader public debate and constitutional/legislative action over time.

 

Building a New World Order: Why Military Supremacy is a Bankrupt, Dangerous Delusion

 

The advocates for unrestrained military buildup are not just wrong—they are peddling a catastrophic anachronism. Their arguments crumble under the weight of modern technological, economic, and strategic reality. Here is the systematic demolition.

 

I. The Fatal Flaws of the "Hard Power" Fantasy

1. The Speed & Agility Myth: Alliances vs. Algorithms

Their Claim: "Military alliances ensure security and enable swift action." The Demolition: Military coalitions are geologically slow. They require treaty debates, parliamentary approvals, complex logistics, and risk-sharing negotiations that take months or years. By contrast, a digital sanctions regime can be activated in one day. When a transgression occurs, the global community can, by a simple majority vote in a 194-member (Palestine to be 194th nation) body, trigger an automated system that:

• Imposes escalated tariffs on trades with the defaulter nation
• Instantly freeze target-nation assets in participating banks.
• Revoke international payment processing (SWIFT access).
• Cancel visas for its elite.
• Place an embargo on essential supplies (e.g. Pharmaceuticals, Rare Earths).

This is not a future concept; it is a technological and administrative (implementable) reality. The above responses can be graded (i.e. calibrated) according to the nature and severity of transgression. Why wait for an aircraft carrier group to sail when you can collapse a regime's financial system with a keyboard command?

2. The Sovereignty Shield: The UN Charter is Their Worst Enemy

Their Claim: "National sovereignty justifies any military buildup for self-defense." The Demolition: They selectively ignore the UN Charter's core principles they claim to defend:

• Article 2(1): Sovereign equality of all members.
• Article 2(4): Prohibition of the threat or use of force.
• Article 2(7): Non-interference in domestic jurisdiction.

A world order based on "Right is Might" enforces these very rules. It protects sovereignty by making foreign invasion and electoral interference unthinkably costly through collective non-military retaliation. The militarist's path—forcible regime change, covert ops, and pre-emptive strikes—is itself the greatest violation of the sovereignty they pretend to cherish. Our system actually upholds the Charter; theirs blatantly shreds it.

 

II. Why Military Force is Futile in the 21st Century

The militarist's mind is trapped in the past, extrapolating from eras where the strong could crush the weak on a battlefield. That world is gone. Modern threats have decentralized and democratized destruction, making traditional armies like expensive, slow dinosaurs.

Ancient/Industrial Age Threat	21st Century Equivalent	Why Military Power Fails Against It
Invading Army	Cyber Attack	Can't bomb a server in another country's basement. Attribution is slow; response is disproportionate. Cyber Attack can knock out entire city’s or country’s power grid, communication system, central bank etc.
Battleship Fleet, Iron/Golden Dome	Swarm of AI-Enabled Drones, Hypersonic Missiles	A 175-billion-dollar air defense system can be overwhelmed by $500 - $10,000 drones. Fibre-linked drone with 10Kg payload emerging from a truck can fly up to 50Km and take out any military or target asset. Hypersonic Missiles can do worse at long range. Cost-exchange ratio is fatal.
Nuclear Superpower	Rogue State/NGO with a "Dirty Bomb"	Deterrence fails against non-state actors. A crude radiological device, built with stolen material, can paralyze a global city.
Fortified Bunker	Engineered Pathogen	Borders and missiles are irrelevant. A bio-weapon, potentially AI-designed, requires a global public health response, not an army.

The Inescapable Conclusion: Pouring trillions into carriers, jets, and tanks is like building a magnificent castle wall while your enemy has already invented the airplane and the virus. You are fortifying against the last war.

 

III. The Superior System: Pre-Announced, Inescapable Existential Cost

What we need is not a bigger hammer, but a smarter system of consequences. The principle is simple and must be communicated in advance to any potential defaulter or terrorist:

"The global order will not meet your aggression with a symmetrical military response you might hope to survive or exploit for propaganda. It will respond asymmetrically, by dissolving the economic, digital, and social foundations of your power. Your regime will not be toppled by invasion; it will be suffocated by the collective will of humanity, expressed through rules you agreed to."

The Operational Blueprint: The United Nations General Assembly - UNGA or UN2.0 or a New Accountability World Association - as the Core Engine

1. Principle: One-Nation-One-Vote in the 194-member Assembly.
2. Mechanism:
• A simple majority (50%+) triggers Tier 1 measures: Targeted travel bans, asset freezes on leadership, and light trade tariffs.
• A super-majority (66%+) triggers Tier 2 measures: Comprehensive financial sanctions, full trade embargoes on strategic goods, and blockage of profit repatriation or expropriation of assets.
3. Calibration: Measures are automatically graduated and can be lifted by the same voting thresholds upon compliance. This is transparent, rules-based, and predictable. It can be enforced within 24 hours of voting.

Why This is an Existential Threat to Aggressors: A regime can survive a battlefield loss and spin it as a heroic stand. It cannot survive its central bank being frozen, its global supply chains severed, and its political elite unable to access their overseas wealth or send their children to foreign universities. This creates immediate, powerful internal pressure for change from the very people who prop up the regime.

 

The Final, Unanswerable Argument: Cost-Effective Righteousness

The choice is now starkly clear:

• Path A (Militarist Delusion): Spend $2.x Trillion on a new generation of weapons systems (according to SIPRI the world spent $2.4 trillion in 2025 which was 9.4% above the previous year-spend). Create a more dangerous world, trigger arms races (Trump is forcing UK and NATO bloc to up their military budgets from 2.5% of GDP to 5%; New START treaty expires 5-Feb-26 and Trump said let it lapse), divert funds from climate (Trump calls the fight against climate change the biggest scam in history) and health, and still be vulnerable to a drone swarm or a cyber-attack or a virus attack from a non-state actor.
  
  
• Path B (Rational Order): Invest a fraction of that cost in strengthening global institutions, monitoring systems, and rapid sanction mechanisms. Achieve greater security by making aggression futile from the start. Preserve resources for actual human advancement. Contrast this with the unfortunate spectacle – the heads of UK and EU are scurrying like headless chickens after Trump has threatened annexation of Greenland whereas these leaders were complicit with USA in the genocidal war Israel (so determined by ICC) inflicted upon Palestine; PM Modi has been mocked and insulted by Trump - he is being ordered to buy or not buy oil from specified countries, withdraw from investing or operating a port in another country (according to Epstein he even sang and danced to please Trump). If members of BRICS, NAM, OIC, G77, ASEAN, G7 and other blocs speak in unison they can force the glacial pace of reform of UNSC to create UN 2.0, alternatively (if P5 nations don't get aligned) they can forge, “Accountability World Association” and borrow the UN Charter and tweak the existing punitive actions framework.

Self-preservation and righteousness are no longer conflicting goals. In a world where a single hacker or a vial of engineered virus can pose an existential threat, our only viable "defense" is a universal, cooperative system that makes such acts obviously self-destructive. Investing in that system is the most cost-effective, humane, and strategically brilliant form of patriotism possible.

The advocates of endless military buildup are not strong. They are terrified—terrified of a future they cannot control with old tools. Our vision offers control, not through brute force, but through the irresistible, collective power of a connected world. That is true strength.

We are no longer in the world of Genghis Khan, Alexander the Great, Timur, Attila the Hun, Napoleon Bonaparte, Julius Caesar or Ashoka the Great. We are also not in the world of Joseph Stalin, Pol Pot, Idi Amin, Mao Zedong or Adolf Hitler. Are these people revered today? All contemporary leaders, includng known autocrats, seek and claim legitimacy through popular mandates. Without popular mandate, in today's world, no autocrat can last long. Wily politicians manufacture public consent by arousing tribalism but dressing it as nationalism. Fortunately, in an inter-connected world, it is difficult to fool people for too long. Unfortunately, though, the risk of a rogue leader becoming an existential threat to humanity has increased alarmingly. The doomsday clock was recently set to 85 seconds to mid-night.

Militarists and ultra nationalists are two faces of the same beast. Unless people are re-educated, the doomsday will arrive before super abundance arrives with the help of AGI and ASI (most experts believe this is no more than 10 to 20 years away). We should take advantage of the digital world which can invert the rising "might is right" tide. We have discussed above the power and efficacy of a non-military world order. What is lacking is intellectual leadership.     

We should reflect on thoughts about Nationalism these leaders expressed:

Nationalism is an infantile disease. It is the measles of mankind.” 
—Albert Einstein

Patriotism is when love of your own people comes first; nationalism, when hate for people other than your own comes first. 

Nationalism is good in its place, but it is an unreliable friend and an unsafe historian. It blinds us to many happenings, and sometimes distorts the truth, especially when it concerns our own history.
--Jawaharlal Nehru

Nationalism is a great menace… It is the particular thing which for years has been at the bottom of India's troubles… It is my conviction that my countrymen will gain truly their India by fighting against that education which teaches them that a country is greater than the ideals of humanity.
--Rabindranath Tagore

Antithesis of above ideas are today’s tribalistic slogans:

“Make America Great Again”, Donald Trump (deserves credit for incentivizing formation of a new   non-military world order)

“Atmanirbhar Bharat”, Narendra Modi. Modi's is actually an empty slogan coined for electioneering to inflate his chest size to 56". Reality check: India's trade deficit with China grew from $38 billion in 2014 to $116 billion in 2025. [आत्मनिर्भर भारत frames the nation as a closed, muscular, self-contained body, the conceptual opposite is not “weak” or “dependent”, but open, networked, and mutually enabling.  परस्परनिर्भर भारत - means Interdependent India - this should have been the slogan if Modi had any trace of Nehru's intellectual heft and, he could have added a tag line, “समृद्धि सहयोग से आती है, अलगाव से नहीं”! When you build global supply chains, you spread prosperity, the interdependence disincentivises conflicts - it can buy you leverage just as, at times, it creates vulnerabilities. It works when you have an enforceable world order. - Notes]

“Take Back Control” UK’s Brexit campaign

“The Chinese Dream”, Xi Jinping

Other similar slogans invoking Nationalism, Revivalism, Protectionism

“Saudi Arabia, the heart of the Arab and Islamic worlds”,

“Fortress Russia”  

 

 

 

Subversion of Indian Elections – Systems Vulnerabilities, Fixes & Needed Debates

Summary: Indian Elections are a spectacle – of a scale and intense slug fest that evoke admiration, derision and now alarm. This note unpacks what is dangerously wrong with the system at each level and what are the debates we need to have and what are clearly the best practical fixes. In this note, the most urgent and serious problems and how to address them are discussed. Interested readers can click on relevant hyperlinks to deep dive into references and my notes. For e.g. EVM system as used in the  Indian Election System deserves careful study because it is a critical element besides other factors like manipulated Electoral Rolls and immunity granted to Election Commissioners which, on the face of it, can upend the Indian Democracy. It is also important to know the difference between Indian Citizen, Indian Voter and Resident Indian. Those who are not subject experts should first consult the abbreviations.

 

Indian Election System is far from what India deserves. It is beset with serious problems at multiple levels – ironically all of these can be fixed – the biggest reason why this has not happened is lack of public pressure. Some fixes require constitutional amendments with 2/3^rd majority, a few require legislative amendments with a simple majority and others require only a procedural change which could be mandated by ECI or forced by SCI. No one needs to be told that subversion of Indian elections is a big stakes game, consequential reforms will not happen automatically through institutions, without public pressure nothing much will happen. The required changes can be classified as Essential and Desirable – and further, by the time that will likely be needed for debates followed by legislative or institutional actions and actual implementation.

The Political Funding System and the FPTP, First-Past-The-Post System which have got exacerbated due to rising cost of elections (world’s biggest and costliest) and proliferation of political parties, have completely warped the representation of people’s will and put in power parties which do not represent the views of the majority and all manner of machinations are employed for making and unmaking coalitions. Debating and fixing these two very serious problems are long-term projects and they must not be sidelined. However,  there are other urgent problems related to the Voting System which must be fixed ASAP. The priority should be to first save Democracy and then to work on making it a responsive Democracy.

The processes of Electoral Roll preparation and EVM’s usage which constitute the Voting System have followed the law of entropy and the disorder in the system continues unabated. ECI (Election Commission of India), once a reputed independent institution is today seen as a government agent. SCI has been generally dismissive of activists’ challenges against ECI’s processes and conduct. Therefore, it is only public pressure that can save India’s Democracy.

In its 75-year history, the Voting System has evolved from Paper Ballots (1951-2004) → EVMs (trial 1982, law 1989, full use 2004) → EVMs + VVPAT (SCI order 2013, partial 2014, full 2019) → VVPAT with dark glass modification (2017 onward; by 2019 full rollout). ECI has refused to share the source code citing security concerns and objections by ECIL and BEL. These two PSUs are sole suppliers and they have claimed IPR over the EVM’s program – which could be easily developed by a small team of programmers in one month. Many other countries which use some form of EVMs have published the source code for public scrutiny, for e.g. Australia.

Today India has a first-class DPI (Digital Public Infrastructure) but ECI is oblivious. ECI behaves as if it is in another backward country! The errors and fraudulent additions and deletions in the Electoral Rolls ECI prepares, even after SIR (Special Intensive Revisions) are being uncovered daily. These wrongful additions and deletions in electoral rolls are so striking in terms of volumes and types that they point to ECI’s extraordinary incompetence & arrogance, at best and, collusion with fraudsters, at worst.   

ECI continues to imperil the Indian Democracy. CECs not only tell lies, they are amazingly ignorant - Gyaneshwar Kumar in a press conference on 17-Aug-25 said digital electoral rolls (searchable text pdf as opposed to scanned pdf files) are not released because they can be edited and further, a SCI ruling of 2019 restrains ECI from releasing such searchable pdf files. He was fibbing, there is no such ruling. Ex-CEC Rawat, in presence of two other Ex-CECs, at a conclave on 6-Sep-25, similarly claimed electoral rolls in digital searchable formats are not released due to fear of editing, apparently these CECs haven't heard of DSCs (Digital Signature Certificates) which make the searchable pdf files tamper-proof. Documents signed with DSCs are legally enforceable. Even SCI orders are released with DSCs and published on its website. Current and past CECs don’t seem to be aware of such basic techniques? Furthermore, editing a file downloaded from ECI portal does not alter the state of the database on ECI's server. Rahul Gandhi has provided proof of 12% to 17% bogus electors in the lists of Haryana and Mahadevpura constituency. The high volume of these "errors" coupled with ECI's policies of withholding CCTV footage and not sharing Form 17-C immediately after poll closing time, invite strong suspicion of hanky-panky and naturally diminish faith in the Election system. No wonder, “Vote Chori” campaign spearheaded by LOP is gathering steam.

ECI's reputation has declined rapidly and, today its credibility is at its nadir. [The story of ECI - A 37 min documentary by DeshBhakt, Akash Banerjee dated 6-Sep-25]. ECI has failed to respond to most challenges of the citizens and Opposition Parties. Unfortunately, SCI has sided with ECI and treated citizens' challenges as motivated or instigated by Opposition Parties. SCI has also issued absurd post-poll audit orders which betray technical ignorance; SCI Judges are not aware that the malware used to game EVMs can self-erase before poll closing, leaving no trace for any auditor to find any evidence of manipulation. A few innocent contestants paid hefty fees and asked for such audits but no one has heard anything about the outcome so far.

There are eleven levels or stages where elections are being subverted or could be subverted. The delimitation of constituencies is the twelfth level where games can be played but that is not discussed here. 

The vulnerable stages in the election system are classified based on the characteristics of fixes – S for Short-term, M for Medium-term and L for Long-term and E for Essential or D for Desirable (abbreviations marked in square brackets in the first column).  An Opposition Leader of Bihar who was interviewed recently identified many stages which have likely been subverted by the ruling party. 

Vulnerable Stages of Election Subversion and Fixes: TABLE

CONCLUSION

Risks India's democracy faces can be cut significantly by implementing Actions marked S&E (Short-term & Essential). ECI has become an untrustworthy organisation due to EC's immunity and appointment rules. ECI's & SCI’s rulings make reforms difficult. Therefore, public debate and persuasion is essential. By utilising India's excellent DPI coupled with tweaking the Aadhaar Act and making minor changes in VVPATs, we can quickly secure India's democracy. Subversion of Indian Elections is a high stakes game and if hacking/manipulations is being done, it is likely being done by top drawer hackers who will NOT leave an audit trail. Reducing the need for humongous political funding and the necessity of changing the First-Past-The-Post system need to be much more vigorously debated. The large-scale deletion of genuine voters can be mitigated by making citizens alert and implementing remedial action# 5.4. In existing type of EVMs, malware introduction at DEO’s level allows a constituency’s result to get hijacked without an audit trail. Action at Sr# 8.2 is enough to thwart EVM hacks/manipulations. CU machine ID hack is also easy but it requires more accomplices to manage stolen machines and substitution. Actions#9,10 & 11 will thwart post-poll gaming.

AI-171 Air Crash - System Malfunction most likely cause but Pilot Actions are under cloud - against Common Sense

Updated: 1-Aug-25

Synopsis: There is enough evidence to indicate that the culprit was FADEC (Full Authority Digital Engine Control system) which is a computer program coupled with sensors - it was a system failure - and not pilot(s) actions which crashed A-171. AAIB (Aircraft Accident Investigation Bureau) report is unnecessarily sketchy and ambiguous, likely intentionally. Meant to be confidential, the report's contents were leaked and a false narrative built by Western media. Common sense methods Sherlock Holmes applied can debunk the "pilot error-suicide-murder" narrative. The analysis below relies solely on data and evidence contained in AAIB's report.

AAIB of India released its preliminary report barely in time. The Air India's B787-8 aircraft bearing registration VT-ANB had crashed in Meghaninagar, less than 1.5 Km from the Ahmedabad Airport on 12-Jun-25. 

A preliminary report is required to be released within 30 days and AAIB released one on Saturday, 12-Jul-25 past mid-night. The 15-page report was unsigned - there was no press briefing. 

It's 14 pages contain almost useless information, lot of pictures and descriptions which were all known to everyone following the story. The article 12 has critical but truncated information, and information which is undoubtedly available with AAIB but has been withheld has created doubts about pilots' behaviour. One wonders why AAIB took the maximum time allowed to it for releasing the few facts it did in its preliminary report. Perhaps the time it took was for word-smithing and determining which time-stamps of events to hide and which to publish.  

The report seems to give a clean chit to Boeing and GE as it says, there are no recommendations to be made to these companies. Yet AAIB says, its preliminary report is not for apportioning blame (as if absolving parties of blame means something else)!

From the time plane starts rolling for takeoff it took 1Minute:34Seconds to crash. It became air-borne in 1M:02S, therefore, it was in the air for 0M:32S only. A second by second account could have been easily provided in one page with maximum of 32 lines in double space.

The following table lists the notable events after takeoff for Air India Flight AI-171, based exclusively on the AAIB preliminary report (article 12). Times are relative to the start of the takeoff roll at 08:07:37 UTC on June 12, 2025.

Time (MM:SS)	Event
00:00	Aircraft starts takeoff roll (08:07:37 UTC).
01:02	Aircraft reaches 155 knots, air/ground sensors transition to air mode, consistent with liftoff (08:08:39 UTC).
01:05	Engine 1 fuel cutoff switch transitions from RUN to CUTOFF (08:08:42 UTC).
01:06	Engine 2 fuel cutoff switch transitions from RUN to CUTOFF (08:08:43 UTC).
?	Pilot conversation: One pilot asks, “Why did you cut off?” Other responds, “I did not do so.” (No exact time specified).
?	Ram Air Turbine (RAT) deploys, indicating dual engine failure (No exact time specified).
01:15	Engine 1 fuel switch transitions from CUTOFF to RUN, initiating relight (08:08:52 UTC).
01:17	Engine 2 fuel switch transitions from CUTOFF to RUN, initiating relight (08:08:54 UTC).
01:28	MAYDAY call issued by pilots (08:09:05 UTC) - mentioned in article 10 on page 12
01:34	Flight data recorder stops, aircraft crashes (08:09:11 UTC).

In article no. 4 Aircraft Information, on page 5&6 of the AAIB's report, there is nothing that would draw any suspicion to an improper or insufficient maintenance performed or any known defect or deficiency in the particular plane. Were there any prior incidents of dual engine shutdown? AAIB failed to ask or answer this question? In this section, AAIB did cite one non-mandatory advisory issued by FAA (Federal Aviation Authority of USA): Special Airworthiness Information Bulletin (SAIB) No. NM-18-33 on December 17, 2018, regarding the potential disengagement of the fuel control switch locking feature. Air India confirmed that it did not carry out checks on fuel control switch as they were advisory in nature and not mandatory.

The above account would leave the cause of the accident to be explored in
i) the design and performance of the plane manufactured by Boeing,
ii) the design and performance of the engines made by GE and
iii) the conduct of the Air India pilots.

Performance of the plane ought to have included performance of the software or a system malfunction which can occur due to a bug or malware introduced by a saboteur. But this possibility is not cited anywhere in the AAIB report.

AAIB's report, going further, gave almost a clean chit to Boeing and GE by saying that at this time, it had no recommendations to offer to Boeing or GE. It was less equivocal with respect to the conduct of the pilots. After reading AAIB's report more people think Pilots are responsible for the crash than Boeing and hardly anyone blames GE. AAIB has been proclaiming that the preliminary report is not a final report and people should not jump to conclusions. However, AAIB's report is a dead give away of its incompetence and susceptibility to extraneus pressures.  

Captain Sumeet Sabharwal, designated as PM (Pilot Monitoring the flight) and First Officer Kunder Clive designated as PF (Pilot Flying the plane) in the context of flight AI-171 were, between them, above average pilots' crew because the former had logged flying time of 15,638:22 Hrs and the latter 3,403:12 Hrs. The former held ATPL (Airline Transport Pilot License) - which is the highest rated commercial Pilot License and he had been Air India's flight instructor too.  

Curiously, in AAIB report - many events' time stamp hidden, Pilots' conversation truncated and identity hidden, full transcript and audio alarms going off, if at all, not disclosed, simple  Question not posed to Boeing: Can the 787-8B's system CUTOFF fuel to the engines without manual operation of fuel control switches or without physical movement of fuel control switches? Most importantly, The AAIB chose not to disclose the transcripts and descriptions of voices and sounds in the 32 seconds the plane was airborne - did the two pilots work in concert or did they have disagreements in the specific actions they took after they discovered the emergency (loss of dual engines)? Other than the question one pilot asked, what other indicators of dual engine shutdown (or loss of thrust) were there and when did they occur? AAIB has given a miss to this information in its preliminary report. 

Both pilots, reportedly have adequate or above average relevant flyig experience. They have an unblemished mental health record. The chances of their acting in concert to deliberately crash the plane, in a fit of suicidal-cum-murderous frenzy, are far less than the chances of a simultaneous dual engine failure which is calculated by many as less than 1 in one billion. 

Suppose only one pilot had gone berserk and the other was in a sane state, in such a case they would not act in concert. The Cockpit Voice Recorder would have been definitely processed by the AAIB. 

If the pilots did not work in concert, there would have been an altercation between them. The chances that officers involved in the AAIB's report preparation, from foreign agencies, particularly from Boeing, would not publish any incriminating conversation between the two pilots can be certainly ruled out. After all the Boeing and GE companies are interested in clearing their name ASAP. [As per AAIB, Officers involved were: "NTSB, USA appointed an Accredited Representative and Technical Advisers from Boeing, GE and the Federal Aviation Administration (FAA) to assist in this Investigation. A team led by the NTSB Accredited Representative comprising of representatives from Boeing, GE and FAA arrived at Ahmedabad on 15.06.2025 and participated in the Investigation. A team of officials from AAIB, UK also arrived at Ahmedabad and visited the site with DG, AAIB."]  See motivations to blame pilots - short clip

Common sense indicates that this accident is not caused by one or both pilots' deliberate actions to cut off fuel supply to engines - it would be simpler or easier to just nose dive rather than cut fuel supply and then try to restore the same all the while keeping the nose of the plane up - videos show the plane's attitude as it sinks from its peak height of four-hundred and odd feet above the ground level - AAIB report also has a diagram that shows 8 degrees upward inclination at the time of crash. Likely, there was a malfunction and the dual engine failure occured for reasons other than the fuel control switch moving from RUN to CUTOFF. 

It is reported, the two switches "transitioned" from RUN to CUTOFF after 3 seconds of takeoff with one second interval. The transition events are picked up from the Enhanced Airborne Flight Recorders (EAFR), which also record cockpit voices (there are two EAFRs one in the front and second in the rear of the aircraft). 

Let's consider two scenarios of system malfunction in which pilots are heros rather than villains:

A) It is possible that immediately after takeoff the plane suffered a dual engine loss owing to an unknown system failure and the pilots sensed it at once. They quickly decided after seeing the fuel switches in the RUN state that there was something amiss. They figured there was a need to recycle - i.e. reset. As per Boeing's manual for achieving fuel flow revival, in case of dual engine failure, requires exactly the type of recycling actions the pilots took - move the switches from RUN to CUTOFF and then back again from CUTOFF to RUN. See the videos at these links made by an experienced Captain of a Domestic Carrier - Gaurav Taneja (X reference @flyingbeast320): Part-1 Part-2 and Part-3.

B) It is possible that three seconds after takeoff, due to a system malfunction, even without anyone touching the fuel control flow switches, the fuel supply was cut off and the plane suffered a dual engine loss. The pilot who got alerted to the dual engine loss first, asked the other "Why did you cut off"?, to which the other responded, "I did not do so". In this scenario, it is possible the FADEC system shifted the switches from RUN to CUTOFF or it is possible that it did not shift the switches but CLOSED THE VALVES that shut the fuel (or drastically REDUCED the flow) to both engines and sent a signal for recording in EFAR - very likely the sensors are in the valves and not in the switches  and likely the FADEC decided to shut the valves based on incorrect inputs from sensors coupled with it.         

There was such a precedent in flight NH985 (from Tokyo to Osaka) just before touch down. KJM Today article has the details - dual engine shutdown occurred through system command, without manual operation of any switches. See also what Mary Schiavo, an Aviation Expert Lawyer has to say here (The Guardian article) and here (Mojo Video).  

Summary and Conclusion:

Revised Chronology of Events for AI-171

The table below lists the events from takeoff to crash (08:07:37 to 08:09:11 UTC, 1 minute and 34 seconds), integrating my hypothetical scenario#1 with AAIB-reported events. Times are relative to the takeoff roll start (08:07:37 UTC = 00:00), with absolute UTC times provided. Hypothetical events are marked as such, and AAIB-reported events are noted for clarity. The remarks column distinguishes the source of each event.

Time (MM:SS)	Event	Remarks
00:00	Aircraft starts takeoff roll.	AAIB-reported: Takeoff roll begins at 08:07:37 UTC.
01:02	Aircraft reaches 155 knots, air/ground sensors transition to air mode, consistent with liftoff.	AAIB-reported: Liftoff at 08:08:39 UTC.
01:03	System malfunction reduces or cuts off fuel flow to both engines, triggering EICAS warnings and/or audible alarms (e.g., “ENGINE FAIL”). Commanding pilot (First Officer) detects dual engine thrust loss.	Hypothetical: Assumes system (e.g., FADEC/TCMA) malfunction causes thrust loss one second after takeoff, as per my scenario. Alerts align with standard 787 cockpit warnings.
01:04	Commanding pilot asks, “Why did you cut off?” Other pilot responds, “I didn’t.” Pilots observe fuel control switches in RUN position despite thrust loss.	Hypothetical: Places CVR conversation one second after thrust loss detection, consistent with pilot confusion noted in AAIB report. AAIB confirms conversation but provides no timestamp.
01:05	Engine 1 fuel cutoff switch transitions from RUN to CUTOFF.	AAIB-reported: Switch movement at 08:08:42 UTC. Hypothetically, pilots deliberately move switch to reset system after noticing thrust loss with switches in RUN.
01:06	Engine 2 fuel cutoff switch transitions from RUN to CUTOFF.	AAIB-reported: Switch movement at 08:08:43 UTC. Hypothetically, pilots continue reset attempt.
01:07	Ram Air Turbine (RAT) deploys, indicating dual engine failure and loss of primary power.	AAIB-reported: RAT deployment noted but no timestamp provided. Hypothetically placed after switch movement, as thrust loss persists. CCTV confirms deployment during climb. Few experts have said that RAT would require 6+ seconds to automatically deploy after a dual engine failure
01:08–01:14	Pilots notice persistent thrust loss despite switches in CUTOFF, prepare to return switches to RUN to attempt engine relight.	Hypothetical: Assumes pilots assess situation and follow emergency procedures (e.g., engine restart checklist) within seconds, constrained by short timeline.
01:15	Engine 1 fuel switch transitions from CUTOFF to RUN, initiating relight attempt.	AAIB-reported: Switch movement (transition) at 08:08:52 UTC. Hypothetically, pilots attempt to restore fuel flow after reset fails.
01:17	Engine 2 fuel switch transitions from CUTOFF to RUN, initiating relight attempt.	AAIB-reported: Switch movement (transition) at 08:08:54 UTC. Hypothetically, pilots complete relight attempt for second engine.
01:18–01:27	Pilots observe one engine partially relighting but insufficient thrust to maintain flight. Aircraft begins descent.	Hypothetical: AAIB notes one engine regained some thrust, but not enough to prevent crash. Descent aligns with 625-foot maximum altitude and crash 1.5 km from runway.
01:28	Pilots issue “MAYDAY MAYDAY MAYDAY” call.	AAIB-reported: MAYDAY call at 08:09:05 UTC. Reflects pilots’ recognition of imminent crash. As seasoned pilots they follow the protocol in extreme emergencies - aviate, navigate & communicate (in that order)
01:34	Flight data recorder stops, aircraft crashes.	AAIB-reported: Crash at 08:09:11 UTC, 32 seconds after liftoff, into B.J. Medical College hostel.

The 787-8’s fuel system is designed to respond to both manual pilot inputs and system-generated signals, reflecting its fly-by-wire architecture.

The Boeing 787-8’s fuel flow pipeline delivers fuel from tanks to engines via boost pumps, engine-driven pumps, and valves (spar, metering, cross-feed), controlled by a combination of manual fuel control switches and automated systems (FADEC - Full Authority Digital Engine Control, IFS - Integrated Fuel System). The switches manually actuate the spar valves, while the FADEC manages pumps and metering valves using sensor inputs and software logic. The NH985 incident confirms that software (TCMA - Thrust Control Malfunction Accommodation /FADEC) can reduce fuel flow without pilot intervention, but no evidence confirms it can close spar valves or mimic switch movement to CUTOFF, as seen in AI-171. The 787’s fly-by-wire design makes a software-induced cutoff theoretically possible, supporting my AI-171 scenario, but the AAIB’s focus on switch movement and lack of inquiry into software possibilities leaves this unresolved. Software malfunction could result from a bug or malware introduced by a saboteur. The fuel system’s electrical and electronic components enable both manual and system-driven control, with redundancy to prevent unintended cutoffs, but a rare glitch could disrupt this balance, as hypothesized for AI-171. The final AAIB report (due June 2026) should clarify whether such a malfunction occurred. In the near term, the Indian Pilots ought to haul AAIB to the court on charges of deliberate obfuscation, issuing a premature clean chit to Boeing and placing the integrity of Indian pilots under a cloud. AAIB should also be charged for leaking its draft report to Western media.

References:

1. My Q&A with ChatGPT on premature clean chit AAIB gave to Boeing and what is Boeing design and training related to fuel flow cutoff and relighting engines. Link

This chat reveals a critical design flaw - in an emergency FADEC should NOT overrule manual FULL THRUST COMMAND; possibly (unless there were other factors at play) pilots could have pulled up their plane even at the last moment but for this flawed design - FADEC was the boss as the Fuel Control Switches were in the RUN state and it disregarded pilots by design and merrily regulated the fuel flow "efficiently", at its own pace!! Should the Pilots not be given a button sequence or a pass code to tell the FADEC to yield?

2. Here is another software engineer pointing out how FADEC could have crashed the plane while Pilot's got overruled by the system - he describes the sequence of components failing after a lithium battery got into a thermal runaway:

Ranjit John, Founder Hawkai Data, has a great analysis and a scenario he constructs like Sherlock Holmes. His article dated 16-Jul-25 in LinkedIn reveals what likely happened and why it happened - his analysis is an example of smart sleuthing for finding the root cause. For those who prefer interviews - Barkha Dutt & Dr Ranjit John - 24-Jul-25 video of 45 min

3. 30-Jul-25 Geofrey Thomas Video - he reaches exactly the same conclusion I did - the RAT deployed 1 second after takeoff- BEFORE the switches reportedly transitioned, dual engine failure had occurred. He points out more inconsistency in the speeds Vr V1 V2 Vmax given the weight, temperature and pressure readings. Points to perplexing report of AAIB and its incompetence. Video 17 min

India’s Digital Public Infrastructure – achievements and possibilities soon?

India has a great digital infrastructure stack with its unique Aadhaar foundation. This is mostly owned and sustained by Government, therefore, it is referred as Digital Public Infrastructure. There are already many successful applications that have reached the remotest and poorest habitats in rural and forest areas. After introduction of Low Earth Orbit Satellites communication networks, India can opt for developing and implementing many new exciting services which make for 100% inclusion and help create a more responsive democracy. Before we start discussing those, lets become aware of few facts and possibilities from 2025 onwards.

Today India has among the best, if not the best, Digital Public Infrastructure (DPI) of all major countries of the world. Other countries that have a great Digital Infrastructure have private players owning most of it; this is not so in India where ownership is significantly that of the Government or Government subsidised services constitute most of the DPI (China may be an exception).

In India the number of people who make online transactions as a proportion of literate people will likely be the highest in the world. The DPI provides great quality and reliable services free of cost and private players have built applications on top of it. Even the not-so-literate street vendors display a QR Code of their UPI (Universal Payment Interface) account mapped to their bank accounts or Paytm wallet accounts and people make payments into their account from their bank accounts or electronic wallets. India's top payment wallet players are listed at the end of the article.

The DPI has three pillars – what PM, Modi, the acronyms making champion, calls the JAM trinity. Jan-Dhan Bank account, Aadhaar ID system and Mobiles. In 2013 digital transactions as well as DBT (Direct Benefits Transfer) by the Government were already taking place among those who had bank accounts.  

On August 28, 2014, Prime Minister Narendra Modi launched the Pradhan Mantri Jan Dhan Yojana (PMJDY) with the goal of promoting financial inclusion by opening bank accounts for the unbanked. Banks were encouraged to open many accounts quickly, and reports claim that over 18 million accounts were opened in just one week as part of this initiative. PM forced RBI to drop the onerous requirement of KYC (Know-Your-Customer) paperwork and allow banks to open accounts for any Indian citizen above 10 years of age and having an ID proof. With this initiative, the financial inclusion, contemplated by Nilekani under the UPA regime, was scaled up rapidly. Today there are over 500 million Jan-Dhan active bank accounts, 56% belong to women and 67% are in rural and semi-urban areas.

The foundation of the DPI stack was laid in 2009 by the launch of Aadhaar project. Prime Minister Manmohan Singh recruited Nandan Nilekani who had proposed a biometric based ID System for every resident Indian. Nilekani had described his vision of an online ID System and its potential benefits, in his book, “Imagining India: Ideas for the New Century”. The project faced opposition from most of the people in positions of power – political leaders and bureaucrats – at the Centre and State Governments. As the Chairman of the Unique Identification Authority of India (UIDAI) in the rank of a Cabinet Minister, Nandan Nilekani did a stellar job of convincing almost all CMs and Cabinet Ministers, and conceptualizing, designing, developing and deploying Aadhaar ID System across the country. Nilekani was easily one of the best IT Managers in the world, a billionaire entrepreneur and one who was highly articulate. Time magazine had chosen him the Businessman of the Year in 2003. Nilekani joined Indian National Congress in March 2014. He contested from the Bangalore South constituency. Contrary to all expectations, he lost by 228,575 votes to BJP candidate Ananth Kumar in the 2014 Lok Sabha election. Modi had actively canvassed against him calling the Aadhaar project a big scam and one which deserved to be buried ASAP. Though Nilekani chose to retire from politics, he sought a meeting with the victor, Narendra Modi and convinced him about the utility of Aadhaar. After the meeting, Modi changed his stance and asked his government to aggressively continue issuing Aadhaar to all Indian residents. Today 99.8% of Indian residents have Aadhaar number.

By 2013, Aadhaar had been linked to 600 million Voter Cards (EPIC – Electoral Photo Identity Card). Had this exercise been continued with legislative support, India today would have had the biggest online voting system, far more reliable than the existing EVM System, in the world.

Unfortunately, Modi made the mistake of Passing the Aadhaar as a Money Bill. The Aadhaar Act, 2016 was passed by the Lok Sabha on March 11, 2016. The Act was introduced as a money bill, and certain provisions came into force on July 12, 2016. Money bill requires majority vote only in Lok Sabha. As BJP was not sure of securing +50% votes in Rajya Sabha, it did not propose Aadhaar as a General-Purpose ID System bill. As a result, Aadhaar cannot be legally mandated or used in applications which are not monetary in nature. Furthermore, SCI (Supreme Court of India) has ruled that even if one does not have Aadhaar, Government cannot refuse the monetary or other entitlements of that person.

If Aadhaar is passed as a security or General-Purpose ID System bill by both houses of the Parliament and extended in scope to the presently excluded territories of Assam, Jammu & Kashmir and Meghalaya, India can have a very robust security system besides online voting system and the world's most inclusive financial system.  

Here are some statistics, to console ourselves, that indicate how the investment in India’s DPI has paid off.

Year	Number of digital transactions per   day	Value of digital transactions per   day
2015	5.7 million	Rs.25,205 crores
2020	24.2 million	Rs.1.2 lac crores
2025	284 million	Rs.6.3 lac crores

 

Today the Government makes over 9 million DBT (Direct Benefits Tranfer) transactions daily of the value of Rs. 1,726 crores. The annual value of DBT in 2023-24 was Rs.6.9 lac crores. Approximately Rs. 2.2 lac crores have been saved due to avoidance of corruption and leakages through intermediaries. In future, DBT could be made "coupon linked money", in which the redemption of money could be made for specific purchases only - for e.g. school fees, food grains not just at PDS Ration shops but any shop! As of June 30, 2023, there were around 545,000 Fair Price Shops (FPSs) in India. These shops are the backbone of the country's Public Distribution System (PDS) and are responsible for distributing subsidized food grains to millions of citizens.

Over 1.2 billion mobile connections are active in India today. As of October 2024, there were 941 million broadband subscribers of which 896 million were wireless.

Over 99% of Indian families have at least one member with a bank account in India.

The above are statistics which must be sobered down a bit by the following statistics, which show India has long way to go in terms of user education and digitalisation, i.e. digital literacy and digital usage.

• Account Ownership: As of 2021, about 77% of Indians above 15 years owned a bank account.

• Digital Payments: The total transaction value in the digital payments market is projected to reach $1,892 billion by 2025 (China will reach a value of $4,240 billion).

• Online Banking: Approximately 51% of Indians use online banking channels (China's figure is 80%) .

While Direct Benefit Transfers (DBT) have helped in bringing more people into the banking system, true financial inclusion also involves regular usage of financial services, access to credit, insurance, and financial literacy.

Going forward, the following applications will deliver great efficiencies to users, thanks to India's DPI:

1. Account Aggregator (AA) network was introduced as a financial data-sharing system by Reserve Bank of India (RBI) when it issued the Master Direction viz Non-Banking Financial Company (NBFC) - Account Aggregator (Reserve Bank) Directions, dated September 02,2016.
   
   
2. DigiLocker is a key initiative under Digital India program. Aimed at providing paperless governance to the citizen. Citizens can log into DigiLocker account to securely access and manage their digital documents, e.g. Aadhaar, Driving License, PAN, EPIC, Ration Card, Ayushman Card etc. provided by various government departments.
   
   
3. National Digital Health Mission envisages a secure online platform for storing and exchanging health related data of citizens. The Ayushman Bharat Digital Mission aims to create a connected digital health ecosystem in India. It intends to enhance accessibility and equity of healthcare services by ensuring continuity of care with citizens being the owners of their health data. This mission will link the digital health solutions of hospitals across the country.
   
   
4. After introducing Aadhar linked EPIC, India can not only have online voting for elections, it can introduce online Referendum voting - making Indian democracy truly responsive. Furthermore, India can easily introduce Two-Round System (TRS) in place of First Past The Post (FPTP) system. In FPTP the winning party can have much below the 50% Vote share but much above the 50% Seats share! Not so in TRS, the winner will always be the one having over 50% Vote share. FPTP distorts democracy in a multi party country like India much more than it can in a two-party country like USA.
   
   
5. After introduction of Coupon linked DBT, Government can remove all subsidised prices which distort the markets. Examples are - PDS prices at Ration Shops will be changed to market prices, Fertiliser prices will be made market prices, Electricity will be made market prices - because targeted beneficiaries will be given Coupon linked DBT for specific purposes. Going forward we will discover true cost of Subsidies AND we will be able to introduce market efficiencies - as consumers will have freedom of choice - she can buy rice from any shop not just PDS shop etc. Going sill further, we can remove all subsidies or coupon linked DBT and introduce DBT for targeted Basic Income (modified UBI - Universal Basic Income meant for all the poor people - i.e. BPL people).

 

List of top ten payment wallets in India:

Bajaj Finserv App: offers a wide range of services including bill payments, UPI transfers, and financial products. 

Paytm: A comprehensive app for UPI payments, bill payments, ticket booking, and shopping.

Amazon Pay: Provides a seamless payment experience with Amazon-specific offers.

WhatsApp Pay: Facilitates UPI transactions directly from WhatsApp chats.

Mobikwik: Combines digital wallet features with UPI payments, offering bill payments, mobile recharges, and credit line options.

BHIM: A UPI app developed by the National Payments Corporation of India (NPCI) for simple and secure transactions.

Freecharge: Offers UPI payments, bill payments, and recharges with cashback options.

JioMoney: Provides UPI payments, bill payments, and recharges, integrated with Jio services

Indian EVM System vs Paper Ballot – Cars vs Bullock Carts – Common Sense vs Nonsense

 

 Summary: It would indeed be wise to switch to Paper Ballot just as it would be to demand switching to bullock carts if the Government of the day fails to recognise the prerequisites of safe journeys in cars. One of the safety requirements is that the car manufacturers obtain road worthiness certificate for every model they manufacture and sell. Car manufacturers use many components protected by patents; however, an independent agency checks the roadworthiness of the cars before granting their certification. The story of Electronic Voting Machines (EVM) in India has no parallels and, it is weird, to say the least. Government owns the manufacturers of EVMs and instead of an independent agency, the Government itself issues their fitness certificates; Election Commission of India (ECI) says the EVM’s software is protected by Intellectual Property Rights of the manufacturers, besides election security requires secrecy so, neither the EVM's technical design nor the software can be made public. The Supreme Court of India (SCI) wants citizens to believe whatever ECI says! ECI's processes are fraught and umpteen discrepancies in its own data remain unexplained and petitions in SCI kept pending for years on end. As a result, the Indian democracy suffers from exposure to i) manipulating hackable EVMs or ii) subverting what are faulty identifying, transporting and counting processes of EVMs. If we want to safe-guard Indian democracy, it is very important to make a few changes both, in their usage processes and in EVMs.  

 

1.      First let's list few smart-ass questions people have asked with regards to alleged hackability of EVM or subversion of existing processes (which are two different things) of the Indian EVM System (at this link, read descriptions and also watch demo of a hack in which VVPAT votes match with Control Unit, yet votes stolen):

1.1 EVMs have now been used in thousands of elections and counting of billions of votes. Where is the evidence of hacking? [Fact: Anomalies reported without answers from ECI; Citizen activists have consistently reported concerns - they are the bigger stakeholders; SCI should have known better than to view the tussle with EVMs as one mounted by Opposition parties]

1.2 Losers complain about EVMs but when the same party wins unexpectedly, everything seems to be kosher with EVMs! [Fact: Citizens are the main stakeholders, not Political parties - citizen activists have been consistent in expressing their concerns and asking for greater transparency and auditability; investigative journalist, Poonam Agarwal's queries to ECI regarding discrepancies in ECI's own published data remain unanswered since 2019, ADR's petitions are still not adjudicated by SCI - either they have not been heard or only interim orders passed]

1.3 If the ruling party can hack or manipulate results in one constituency, why does it lose in other constituencies? [Fact: Hacking methods may involve subverting integrity of District Election Officers/Returning Officers (DEO/RO) or Presiding Officers (PO) - therefore, risk of exposure must be limited by the hackers - they are not foolhardy to try to subvert officers across multiple constituencies]

2. Questions such as above are asked by people who may be technically qualified but are naive and certainly arrogant; though most of them are "digital illiterates" (who can't distinguish hardware from firmware from software from malware). Both sets of people are arrogant because they have not looked at demos of possible hacking (in which CU and VVPAT slips are in sync and yet votes can be stolen) and methods of subterfuge possible with utterly flimsy methods of identification of EVMs, non-disclosure of Form-17C, dark glass coupled with 7-second lamp in VVPAT, VVPAT having writable memory and EVM System not being a standalone system (most of the time ECI falsely portrays VVPAT and other EVM devices are OTP - one-time-programmable types and “EVM” is not connected to Internet but “EVM System” is - and the distinction between “EVM” and “EVM System” is not known to most people).

2.1 When technical design and software are kept secret, how can anyone (regardless of their technical competence) make a categorical statement that EVM is NOT hackable? Furthermore, when processes of identifying EVMs are flimsy, the challenge of wrong voting is fraught and conditions of testing are illogical and can invite fines and prison terms, record of counts and polling agent signatures are not revealed immediately after poll closing (in Form17-C), how can evidence of hacking or manipulations be gathered? Therefore, in the face of such odds, it is not very intelligent to ask for evidence of hacking or counter by citing the numbers of elections and votes counting that EVMs have been used for over the years!

3.      ECI in tandem with SCI have thwarted citizens’ efforts to introduce more transparency (make public hardware design and software source code) or simple measures of minor hardware modification (open VVPAT so voter can pick up vote slip and insert it into ballot box or VVPAT with transparent glass instead of tiny dark one-way view glass with an inside lamp that remains lit up for a longer period) and process changes in the existing EVM System and their usage (share Form 17-C with public). ECI has refused to reveal full details of technical design of EVM components, kept the software secret under the pretext of protecting IPR of Government owned units (actually this simple software will hardly require few weeks to develop)! Furthermore, questions raised about alarming levels of data discrepancies between votes polled and votes counted have been ignored by ECI for years on end. Seemingly curious  levels of battery charge of 99% in EVM components (the Control Unit) observed on the day of counting were only recently explained by ECI.

Ironically, while "timid or couldn't-care-less" types of Indian tech tycoons have kept mum (with the exception of Sam Pitroda), non-technical politicians and commentators have often cited non-sensical reasons for either continuing the existing EVM System or, revert to paper ballot – among the former are Yogendra Yadav, Justices Sanjiv Khanna and Dipankar Datta who asked civil rights petitioners (in their April 26th, 2024 order): Where is the evidence of hacking (?), we cannot act on mere suspicion (!) and, among the latter is Elon Musk who said, “anything could be hacked” and, in a tweet, he suggested that EVMs should be eliminated due to the risk of being hacked by humans or AI, even if the risk is small. It must be noted, not all EVMs are same, and Elon Musk was certainly not commenting about the Indian EVM System about which he likely knows nothing (In USA many States use Electronic devices and VVPATs) .

Experienced software engineers know it is possible to write malware (rogue software) which activates only when given parameter's values are in a certain range and the program can self-erase leaving no trace or evidence when certain values are reached (e.g. certain date-time or certain number of votes cast etc.).

ECI has falsely claimed that EVM is a standalone type of system even though in every election cycle, the laptop of DEO/RO is connected to ECI server via Internet to download Candidate ID, Name and Party Symbol file; this file is copied into 3 to 5 Symbol Loading Units (SLU - is a pompous name for a pen drive with flash memory) which are used to commission the EVMs in each booth of the constituency managed by the DEO/RO, by copying the file into the writable memory of VVPAT. ECI has asserted that malware cannot be infiltrated into the VVPAT via this file without revealing technical details of the devices and SCI has ruled that citizens cannot question ECI without any evidence of hacking! This is a Catch-22 situation.

3.1 It would be non-sensical for the car manufacturer to issue roadworthiness certificate to its own cars – which is exactly what ECI is doing in India – as EVMs are manufactured by Government owned companies, BEL and ECIL, and the quality certification is also done by STQC - the Standardisation Testing and Quality Certification (STQC) Directorate, which is an attached office of the Ministry of Electronics and Information Technology, Government of India. Unfortunately, in case of the Indian EVM System, these commonsensical and basic democratic tenets are missing and all attempts to make the Indian EVM System trustworthy have been stalled by ECI and refused by the SCI.

3.2 SCI on its own introduced an "innocent" post-election audit option and ECI distorted it further making it a complete joke. On page#37 in para#76 the Judges had observed in their 26th April judgment: "Nevertheless, not because we have any doubt, but to only further strengthen the integrity of the election process, we are inclined to issue the following directions": ECI to allow post-election audit of EVM and SLU which was a pointless measure ab initio as no hacker would be so naive as to leave evidence of malware infiltration in EVM or SLU. The SCI should be petitioned to modify the testing methodology as mentioned below in prescription no.5.1 (the innocent SCI Judges will first need to be informed about self-erasing malware).

3.3 At stake is the Indian Democracy and the principal stakeholder is the citizen of India. To uphold the constitution of India, the ECI and SCI must respond to citizens’ demands for a safe and trustworthy EVM System.

4.      Without going into the history of petitions and pending queries with the SCI and ECI respectively, or the farcical stand of ECI to treat EVM as a black box and the SCI’s endorsement of ECI’s stand to maintain secrecy of software and hardware design and, ECI’s refusal to make public the Form 17-C data immediately after poll closing, let us consider the minimum tweaks in hardware and processes that SCI/ECI must be petitioned to accept.

5.      PRESCRIPTION: What can be done to make the existing EVM System trustworthy - assuming that ECI and SCI will not reverse their stand to keep the EVM's technical design and software secret? Petitions already filed before the SCI need to be amended or supplementary petitions added as follows. 

5.1 SIMULATED (BLACK BOX) EVM TESTING ON THE DAY OF VOTING (in lieu of post-election audit option mentioned in the SCI's order of 26th April'24): This is somewhat similar to the "mock polling" that ECI has prescribed but only that it will be done separately. Presently mock polling is conducted just before polling starts in every booth, to check the performance of EVMs. After successful testing, the samples of mock votes are deleted from the memory of CU, and the ballot box of VVPAT is emptied out of the printed votes.

In each constituency, one day before the polling day, ten EVMs at random should be replaced from the reserved stock; this doesn’t pose a problem because ECI manual prescribes stocking of backup EVMs, to meet the contingency of replacing defective EVMs at a short notice. These ten EVMs should be taken away for simulated testing, the next day, i.e. on the date of actual polling, by contestants’ parties. 

The simulated voting should be done on the ten EVMs by casting random votes, at a natural cadence (say 1,200 votes in 10 hours) throughout the day, however, each vote that is cast will also be noted on paper or a worksheet, with the date-time stamp. At the end of the day, the poll closed button should be pressed as usual on the CU, the total votes recorded and displayed in the CU, and the vote slips printed and dispensed in the VVPAT will be compared with the manual record – i.e.  the list or the worksheet. If there is zero discrepancy, the constituency's election will be considered valid, otherwise it will be countermanded and based on the pattern of discrepancies favouring a particular candidate, a competent authority will adjudicate on the question of fraud committed. The findings could lead to disqualification of the candidate or the banning of the candidate’s party from contesting any election for six years or instituting an appropriate criminal case.

 

5.2 NEW PROCESS TO IDENTIFY EVMs: In every election cycle, new type of tamper proof stickers (which cannot be peeled off without tearing them) should be pasted on EVM components - stickers should be large with space for machine IDs, should also have space for signatures of polling agents (at least two) and PO; who must sign these at the same time they sign the Form - 17C after the poll closes. [It is curious that these machines do not have mac IDs which could have been digitally displayed].

 

5.3 NEW PROCESS TO RECORD THE STATUS UPON POLL CLOSING: Photos of signed stickers of machine IDs of CU, VVPAT, Digital display of total votes count on CU and Form-17C should be uploaded on the ECI's portal within 30 minutes of poll closing. DEO/RO must unlock the uploaded photos for public viewing within 24 hours of poll closing. Form-17C Part 1 itself should be reduced to the size of a small sticker with the number of votes polled information (i.e. CU count, test votes count etc. and the net total of votes polled count) - this form has identification numbers of EVM component machines, i.e BU, CU and VVPAT; it also carries signatures of the PO and polling agents. This modified Form-17C sticker should be pasted on VVPAT and also photographed along with the CU display of votes count - then there is no need of a separate Form-17C Part 1.

 

5.4 NEW PROCESS WILL ENSURE EVM IS NOT SUBSTITUTED: On the day of counting, the contestants' agents should be allowed to compare the signatures seen in all photos of stickers on CU and VVPAT - with those on the physical EVM devices and the total vote count reported in Form-17C must match with the total vote count and candidate wise total count displayed by the CU in the counting room - if there is a mismatch of any type - either of signatures or vote counts - the EVM should be set aside for adjudication by a competent authority - these are conditions under which, normally speaking, a repoll must be triggered.  

 

5.5 MODIFICATION IN VVPAT TO ASSURE VOTER THAT CORRECT VOTE IS PRINTED AND DELIVERED: The light inside the VVPAT gets switched off within seven seconds of the vote being cast, i.e. the button being pressed on the BU - reason ECI has offered for this curious design is preservation of secrecy of vote. As VVPAT is placed in a secluded corner within a “voting compartment”, this untenable reason ought to be rejected. And the VVPAT design should be modified to make the inside lamp remain lit constantly so the voter can see both operations – i) a new vote slip getting printed and ii) the printed vote slip getting cut and dispensed into the ballot box.

6.      Out of the above five changes, first four ( #5.1 to 5.4 ), process changes, are essential. If 5.1 to 5.4 are accepted, demand for VVPAT modification #5.5, which is desirable but not essential, could be waived; similalry, the following demands pending in petitions before the SCI, may then be safely withdrawn: i) Vote slips printed by VVPAT to manually count (100%) and use the CU count only to counter check. ii) Post-election audit option as mandated by SCI in its 26th April'24 order (and incorrectly implemented by ECI) 

6.1 Fall back position: If process change #5.1 of simulated tests is not accepted, then the four demands # 5.2 to 5.5 become essential along with the pending demand of "100% VVPAT count", other wise type (a) EVM hacking of delayed printing and stealing votes or type (b) EVM hacking of printing correct vote and recording another (hacker-party's) vote in CU, should either (a) or (b) perpetrated, will not be caught - as already explained, the SCI's post-election audit is useless (malware could self-erase leaving no trace or evidence so audit will never find anything amiss). 

 7.      If the essential demands described above are not met, it would make sense to agitate for reverting to paper ballot system; Bullock carts are a better option than uncertified cars operating without a sensible framework.

 References and notes

EVM: petitions and legal challenges - only Civil Rights activists seem to be fighting - political parties mostly passive. Notes

Mar'24 (written before GE2024): The most urgent reforms India needs - election processes; political funding and changing FPTP to TRS or Proportional Representation System Blog