SCI
Judgment of 26th April’24 – Justices misunderstood EVM petitions; fortuitously
the relief given, which petitioners never asked for, will reduce chances of hacking
considerably
The
two-judge bench of the Supreme Court of India (SCI) delivered its much delayed judgment
on ADR’s petition filed a year ago (other petitions were tagged with it), on
the day of the second phase polling of General Elections 2024 which had started
a week earlier. This was a contest between the citizens of India and ECI and
not one between any political party and ECI or the Government – none of the
political parties were petitioners. The bench missed this point and gave
reliefs that petitioners never asked for. The SCI gave the right to 2nd
and 3rd losing contestants to demand audit of devices - EVM (comprising
Voter Verifiable Paper Audit Trail – VVPAT and Control Unit – CU and Ballot
Unit - BU) and SLU (Symbol Loading Unit) with the help of BEL and ECIL
engineers (para#75
page 37/38 of Order signed by both Justices – Sanjiv Khanna and Dipankar
Datta; separate order was signed by only JDD).
So, the good
part of the order is the directions issued to ECI which will CONSIDERABLY
REDUCE the chances of hacking because of the fear of getting caught during the
audit, if done honestly and competently. Unless the audit process, in the hands
of ECI (BEL and ECIL engineers), is subverted, the risk for hackers getting
caught will be great. The order has limited the audit to maximum of 5% of EVMs per
constituency – had the losing contestants (number 2 and 3) been allowed to ask
for audit of all EVMs, the hacking would have had no chance of escaping
detection. The order makes it explicit that the burden of cost of audit will be
on the challenger, but it does not speak about the consequences of discovery of
malware in the suspected devices – will repoll be ordered around the booth
where EVM was deployed, or the whole constituency, or the whole country? The
order shows its magnanimity (a lofty sense of justice?) in refunding the cost
defrayed by the challenger should any tampering be detected! It is strange that
the order did not consider it justifiable to appoint independent auditors in
resolving the audit challenge. Independent auditors could have compared the
object code (access to source code is not necessary) in the suspected machines
with healthy machines provided by ECI and given their verdict about the evidence
of tampering, i.e. presence of illegitimate stuff (malware or any foreign software).
The order unnecessarily elaborates that “microcontroller’s burnt memory” will
be subject to audit – what about the flash memory of 4MB (see paragraph#22 in
the order)? For the two types hacks which the Justices didn't understand, the problematic parts of the judgment and a semi-technical note on the EVM hackability read here.
Let’s now consider
the curious (bad) part of the order which betrays the misunderstanding on part
of the honorable Justices – and which is worthy of a challenge in a review
petition. The main petitioner’s Sr advocate, Prashant Bhushan asked for sensible
reliefs which would have served to FOIL hacking of EVM System completely. He did not allege that hacking has indeed happened. This does not mean that hacking cannot happen in future becasue of vulnerabilities in the EVM System. He
also explained all the important vulnerabilities and tried to elaborate the possibility
of malware infiltrating the “programmable memory” of VVPAT but JSK cut him off
multiple times – as can be read from proceedings in the court – live updates
from independent websites – read here.
First
relief sought was that the voter should be able to verify the correctness of the
vote slip printed by the VVPAT AND assure himself/herself that it is cut and
dispensed into the ballot box. Prashant Bhushan explained (or tried to) that the existing arrangement is deficient and he offered three alternatives – i) revert to paper ballot,
ii) hand over the vote slip to the voter who can verify its correctness and
dispense it into a ballot box and iii) keep the light inside the VVPAT behind a
dark glass (why on earth this glass should not be transparent is NOT explained
satisfactorily by ECI – the secrecy argument is totally specious as the voter
compartment is always placed in a corner of the room) illuminated all the time
so that the voter would leave the voter compartment only after full
satisfaction: the correct slip is printed, cut and dispensed into the ballot
box – it is not sufficient to light up the lamp for a mere seven seconds to
show the slip to the voter. Amazingly, the order has explicitly denied this
right to the voter – JDD elaborates in his separate order – in para#15 & 16
page#48 & 49 - that under Rule 49M(3), it is sufficient to merely show the
slip to the voter! Obviously, the Judge never understood the method of hack –
in which consecutive votes are stolen and cast in favour of hacker’s party WHEN
THE LAMP IS SWITCHED OFF. In this method of hacking, the vote count in CU and
VVPAT printed slips would match; watch one of many explanatory demos, using
representative machines, how this consecutive votes are stolen demo of 13 min.
The Justices elaborate naively in their order that never in the past have
discrepancies been reported between the CU count and manual count of VVPAT
printed slips, therefore, no hacking could have ever taken place! That hack can happen even when the counts are consistent was not understood at all. The order
quite unnecessarily derides the demand for paper ballot (Godi media had also
amplified the “retrograde demand of paper ballot”) and the demand for voter
slip being handed over to the voter WITHOUT MENTIONING ALL THE THREE
ALTERNATIVES. Based the third alternative Prashant Bhushan offered, the Justices
should have quizzed the ECI to articulate methods of satisfying the voter that
the vote is correctly printed, cut and dispensed into the ballot box – ECI should
have specifically answered why it has designed the complicated system of
switching light on off and generating an audio beep signal – ECI should have
been asked to explain why the simple method of illuminating the cutting
operation and dispensing of the slip in the ballot box was not preferred. ECI had
revealed in the court that there is a sensor which detects the falling slip and
it sends out an audio beep. What if the audio beep signal is generated falsely
by a hacked VVPAT? Therefore, the relief of voter verification should have been
granted to foil this smart method of hacking. Post-results-audit can also detect
this hack, however, the cost of foiling the hack is much smaller than the cost
of recovering from the consequences of a hack after it has been allowed to
happen.
Second
relief the petitioners asked for was manual count of 100% vote slips and
comparing the same with CU count (the comparison would diminish the errors of
manual count – the order shows the wisdom of comparison escaped their comprehension
completely). This comparison would serve to foil the simpler, though a dumber, hack
of voter pressing the button of one candidate and the vote in the CU being
written of another party. In this hack the vote slip of the correct candidate
in a manual count would not match with CU count. This hack is easy to catch,
therefore, it is not likely to be preferred by a sophisticated hacker. It is a
no-brainer that the hacker is not likely to be a run-of-the-mill type; the subversion
of Indian elections can entangle trillions of rupees (the General
Election 2024 is projected to cost 14 Billion USD) and national security. The
order allows only 5% of EVMs to be tallied manually in a constituency. However,
it has directed ECI to evaluate bar code printing on the vote slips for
possible machine counting in future elections. The denial of this relief was
not logical and pennywise pound foolish. According to SY Quraishi the 100%
manual count of vote slips cannot be compared with the paper ballot era when
the ballot papers could be the size of a newspaper. With small VVPAT printed
vote slips, it is feasible to finish counting within one day – watch here.
By capping the manual count to 5% of EVMs per constituency, the chances of the
second type of hack still remain, however, this is not as much a serious
compromise as is the denial of the aforementioned relief of verification by the
voter because that allows the smarter hack to still take place. In a review
petition, the first relief ought to be demanded and perhaps with a bigger
bench, the chances of convincing the judges will be better!
The judgment has many other technical bloopers (for e.g. para#22 the candidate
data file is a bit map file – it cannot be so as the candidate name and ID
apart from the symbol needs to the transferred). The language used in the SCI
order, in many places, seems to be that of BEL or ECIL engineers, as pointed
out by Kannan Gopinathan in a recent interview to Poonam Agarwal who had helped unravel the Electoral Bond scam.