Wednesday, December 13, 2023

EVM voting & ECI processes - program, data and counting - current vulnerabilities, remedies and action required by INDIA


Synopsis: It is said in a Democracy people get the Government they deserve; but what if the Election System - the machines or the processes - are deficient? Then the Government ought to fix it or else the people should agitate to fix the deficiencies. Recent disclosures - as documented by independent journalists and pointed out by activists - show the Electronic Voting Machines (EVM), voting and counting processes in use in India can be manipulated (are hackable). Denying audit challenges is not consistent with democratic norms nor the Constitution of India. The Government, Election Commission of India (ECI) and Courts should accept the citizens' right to know and even provide the means to the contestants to make feasible verifications and allow them to mount audit challenges. The authorities should publish a fair process to allow and resolve contestants' audit challenges. What can be the means and processes for enabling audit challenge which will deter frauds that thwart our democracy?   

In the context of Electronic Voting Machines (EVM), how democracy is subverted, or can be subverted, is a question much debated. Concerned citizens have been agitating in India and have met with only limited success - especially now, since all pillars of the Indian democracy seem to be failing in unison.

Election Commission of India (ECI) is a constitutional body supposedly independent of the GOI. However, in reality, a whole lot of processes related with the use of Electronic Voting Machines reveal that GOI is in charge where ECI ought to be in charge. Under the bogey of secrecy for reasons of national security or abdication of judiciary to rule in its domain by calling it the domain of the executive, the democratic processes have been imperiled and even subverted.

People who have little understanding of Information Technology and Digital Security are in charge of designing policies and processes and even SCI has ruled in a way to curtail citizens rights to access programs that ought to be "open source" under the garb of "sensitive", "Intellectual Property" and "Executive Domain". After observing strange coincidences (statistical improbabilities), unexpected electoral results (outside the forecast of all pollsters) and documented anomalies (see articles below in RELATED section), this note references the on-going agitations for fair elections and prescribes what ought to be additional and very important concerns of Indian citizens and actions required for deterring electoral frauds in the future.

PETITION FILED TO ECI to conduct FREE AND FAIR ELECTIONS - Citizens campaign, started a few months ago, by concerned citizens - Petition started on 24-Aug-23 by Prof. MG Devasahayam

ADR's recommendations for Electoral Reforms, Political Reforms and Rules for ECI: PDF file from

The above petition and recommendations miss out some of the important issues arising from the points raised in the article of 10-Nov-23 in The Wire by Meetu Jain.

Most importantly, there are three points of hacking that need to be safeguarded against for preventing subversion of the voting and counting process -
i) EVM program hack,
ii) EVM results hack and
iii) results counting by ECI hack.

>>INDIA parties should ask for the following five things in the petitions to ECI and SCI; these steps for transparency are meant to deter voting frauds without forcing withdrawal of EVM or change in any methodology ECI follows in their deployment:

1) Source code of EVM must be shared with public - (this will have to go into a review petition as SCI has already ruled against revealing the source code even to ECI for audit),

2) "Audit Challenge" to discover fraud through any EVM must be resolved through a published process that should include comparing source code of suspect EVM with master copy - can be done by Political Parties/independent auditor,

3) At the Start of voting and after close of voting, the program AND results from each EVM should be allowed to be saved in an external storage by each contestant party for fulfilling the option of an "audit challenge" - each record in the votes cast data file will contain EVM ID, date time stamp, ID of candidate voted for; voter id is not available (so secret ballot is honoured - no one can find out who voted for whom); if there is an "audit challenge" then ECI's database from which results were announced will have to be compared with records saved in external devices submitted by the challenger political party/parties; If ECI aggregates the results filed (entered online manually) by the ECI's Returning Officer (RO) at each constituency, then the audit challenge will involve comparison of the EVM wise Candidate wise counts filed by the RO i.e. the figures from each of the EVMs the RO took into account (see the ECI's counting process note here: link). It should be noted that the data copied from memory stick has only the candidate ID and NOT the name of the candidate; as ECI does not want the results to be known until all voting is completed, in multi-phase and bunched multi-State elections, the password to the list of Candidate ID + Names will be released by the ECI when it wants - i.e. after voting is over; the encrypted list of Candidate names & their IDs will be downloadable from ECI portal by authorized Party representatives and Independent candidates right at start of elections.

4) ECI must have control over randomized distribution of EVMs at State and Constituency levels,
5) Sample checking at random of 5% to 30% should always be done of results counted through EVMs and manually of VVPATs.

[For meeting the requirements in point# 2 (detection of program hack) & 3 (detection of "data of EVM results" AND "results transmission & counting by ECI" hacks) EVM could provide a removable memory stick (flash memory card) which can easily hold the copy of the program AND results stored in the internal memory of EVM. Memory sticks have capacities ranging from 1 GB to 1 TB and more. EVM will have to be provided two buttons - "Start" and "End" - when these buttons are pressed, BOTH - the program and results data will be copied into the memory stick - further, only after the Start button is pressed, voting can commence and after the End button is pressed, voting will cease - i.e. the EVM will not be usable for any further voting until it is initialised for next round of election through the existing ECI processes. Using the removable memory stick, the ECI's booth officer and contestants' representatives will be allowed to copy the program + data into their own phones or computers - twice - at the time of Start event and also at the End event]

If these requests (#1 to #4) are denied, all Opposition parties should resist the use of EVMs henceforth and INDIA parties could use Point#5 - for negotiating 100% of VVPAT counting AND for the printed slip to be physically picked up by the voter and for the voter to push it into the box of votes for counting - ONLY the physical count would be treated as the final result - not the EVM memory results (in case they differ). See the hack video in the Notes below on Challenges to EVM and reaction of authorities (presently 5% VVPAT vs EVM counting comparison per constituency has been allowed - this is pointless in view of the hack of EVM + VVPAT actually demonstrated).

Most disconcerting facts and revelations uncovered by the staff of The Wire and reported in the article (verbatim extracts):

(1) In September, the Supreme Court refused to entertain a public interest litigation that asked for an audit of the source code of the Election Commission’s electronic voting machines (EVMs) by an independent agency. While dismissing the case, the court said “there is no material on record to indicate the Election Commission is not fulfilling its mandate.” 

(2) The TEC in fact recommended again and again that the veil of secrecy surrounding source codes should be lifted. In 2013, the TEC said that a facility be provided so the “code in the EVM units can be read out by an approved external unit and the code so read may be compared with corresponding reference code to show that code is same as that in the reference units. The scope of comparision is only to ensure that there is no trojan or other malware for EVMs in use.” 
This report of 2013 was the last the government shared with activist Venkatesh Nayak via RTI. No report has been made public post 2013. 

(3) India’s disproportionate secrecy is in marked contrast to other countries still using electronic voting devices. 

(4) Emails and phone calls to officials of the ECI and spokesperson elicited no response. However, government officials told The Wire, “There is no reason why the source code information should be shared. People have gone to the Supreme Court again and again on this matter and their efforts have been rebuffed. The Election Commission has answered the court each time. These are nothing but motivated questions.” 
Former CEC, Ashok Lavasa, says, “There have been a number of discussions on making source code public though the ECI goes by what the TEC says. The ECI prefers to be guided by academics like those at the TEC and go with their wisdom.” 

(5) In an RTI response to Venkatesh Nayak, BEL admitted that the chip they are using is from US-based NXP semiconductors. In addition, the NXP website says, this is not OTP. Instead, it has three different kinds of memory – SRAM, FLASH AND EEPROM. All three types can erase and rewrite data, or retain data bits in its memory or the memory can be electronically erased and rewritten. In other words, software that can be overwritten or reprogrammed cannot have the safeguards of being one time programmed. 

In a paper on EVMs in 2010, a committee including Michigan University professor Alex J. Halderman had this to say with reference to expert committee members picked for EVMs: “This time the committee members were A.K. Agarwala and D.T. Shahani, with P.V. Indiresan serving as chair. All three were affiliated with IIT Delhi, but, like the first committee, none appear to have had prior computer security expertise. Again, the committee members did not have access to EVM source code and relied on presentations, demonstrations, and site visits with the manufacturers. 

“In their report, the ECI has reiterated its view that the machines were “tamper-proof”. 
In fact, Professor Indiresan is reported to have once said that questioning the ECI’s integrity is like asking Sita to undergo trial by fire.

Observations on the above facts and revelations:

(1) Judgment of SCI is beyond ridiculous - judiciary needs education on the concept of "Open Source" (ironically CJI, DY Chandrachud is a votary of "Open Source" technologies - having introduced a number of open source ICT based innnovations he only needs to be reminded of the benefits of Open Source in a voting system which is plainly a public service system); citizens right to know that fair processes are in place for elections is non-trivial; knowledge of source code cannot compromise national security; policy of executive is violative of citizens right to information; finally the alibi of IPR in not sharing the source code is a big joke - the program for EVM is one a junior programmer can write - even an elevator operations program will be more complex in comparison! 

(2) TEC report of 2013 is absolutely correct - made by competent people of integrity

(3) India can learn from USA, Australia and many other countries before claiming to be mother of democracy - the article cites many examples

(4) ECI boss needs to show some spine, it is doable - s/he can take inspiration from late T.N. Seshan

(5) These so called ECI's tech experts claiming the EVMs are tamper proof and that ECI cannot be questioned - are at best digital illiterates or worse - individuals of compromised integrity - like Sita, they must be subjected to undergo trial by fire!



Challenges to EVM and reaction of authorities: Notes
(See the link in the notes to the most ingenious hack - 4pm New Network - viral video)

See in this 5 min video the striking pattern of BJP wins whenever the counting happened after a delay of a week or more of polling; BJP lost more seats whenever the counting happened soon after polling..

Ds4 News clipping of 5M:53S

8-Dec-23 INC TV Chhatisgarh voting % changed by ECI after having announced the voting percentage two days earlier and confirming that EVMs were sealed and placed in a strong room. ADR representative has pointed this out. Reply from ECI? Tweet

Citizens’ Commission on Elections’ Report on EVMs and VVPAT - Report of 11 pages of 8-Apr-21 - recently signed by 6,500 eminent people Report

12-Dec-23 The Wire - Meetu Jain's article on the bill GOI intends to pass that will replace CJI by a Minister of PM's choice in the Committee that appoints CEC and ECs - making ECI totally subservient to the Government: Link

Electoral Reforms India urgently needs - Anil Srivastava's blog:  Link


Prof J P Singh IIMA said...

Take as many safeguards as possible, the hacker will always be a step ahead. So complete reliance on EVMs, even with VVPATS is foolhardy.
My suggestion is that 30% seats with low victory margins and sensitive seats should be through ballot papers. Next 30% can be through EVMs with VVPATS and balance 40% can be even without VVPATS.
However the process of voting and counting by itself does not address the flaws in our system of seeking peoples’ mandate.
First past the post win system is a lopsided favour to a person getting higher number of votes in a constituency. A proportionate representation based on vote share is a singularly better reflection of people’s mandate.. As per this system a party with 42% vote share gets only 42% of seats. Instead what we see in first past the post system is that a party gets 60% plus seats in the legislature with a mere 37% vote share and then pretends that it has a mandate of the 100%.

All said and then, there is no hope left from the babied ECI.
Presently, even SC has failed the people in the reign of last Five CJIs and therefore hope on SC is grandiosely paper thin.
To expect the GOI to take a rational step in this regard is to live in a fools paradise.

Anil Srivastava said...

Thank you - I updated notes on Proportionate Representation in the reference to Run-off or Two Round System of voting as opposed to FPTP system. I also updated point#3 for supporting audit challenge. As to the other points you made:
If ECI agrees with transparency - to the extent of sharing of source code and pre and post voting status of program and results in each EVM, we can pretty much close off the avenues of manipulations and hacking and also derive advantage of faster voting. Besides, the additional steps prescribed here donot upset the existing ECI methodology and deployment of EVM - except the provision of memory stick in EVMs and two buttons; this could be retrofitted.
What you say is right, the EVM and VVPAT are susceptible to be hacked and a paper ballot in their place will eliminate those risks. However, even the graded substitution with paper ballot you suggest in 30% closely contested or sensitive constituencies, will be a greater departure and a climb down from GOI's much vaunted system being marketed as a "Gold Standard". Perhaps, the modifications and change in processes suggested here could be viewed as an upgrade of the "Gold Standard" to a "Paltinum Standard"!
GOI has chosen to substitute CJI's seat by a Cabinet Minister in the Committee which has two other members - viz. the Leader of Opposition and PM - and which is responsibile for the appointment of CEC and ECs. So you are right, ECI is expected to become even more subservient to the GOI than it already is and will likely refuse to accept any reforms not aligned with GOI's stand.