The dismissal of EVM petitions was a disaster and deserves to be challenged before a larger bench; the Directions to ECI are amateurish and likely to turn into a spectacular charade – of false negatives and false positives; either way elections can get subverted; Post June 4th, with ECI of a diminished stature, India should ready itself for a chaos of charges and counter charges
Both the Election
Commission of India (ECI) and Supreme Court of India (SCI) have fallen short, and
they have imperiled the Indian democracy. The Electronic Voting Machine (EVM),
created by ECI, being a “gold standard” and its existing processes being “fool-proof”
are a myth SCI bought into, despite these being questioned by experts, members
of civil society and multiple petitioners. ADR (Association of Democratic
Reforms), the lead petitioner, was ignored for a year. Ultimately, the
two-judge bench of SCI which seemed in no hurry to deliver its judgment, started
hearing the ADR’s and two more tagged petitions, on 16th April, two
days before 2024 General Elections commenced, and after ten days, it delivered
its judgment on 26th April 2024!
The proceedings, in the court of Justices Sanjiv
Khanna and Dipankar Datta were indicative of what was coming. The SCI’s
two-bench order dismissed all petitions and instead
offered an “EVM audit” option for the losing contestants! The “EVM audit” conditions
mentioned in the order make a strange reading – the conditions render the audit
technically absurd and due to the composition of audit team, quite untrustworthy.
Before understanding the “EVM audit” as SCI envisages, let’s consider the much
better alternatives that would have assured the integrity of elections, but were
rejected.
The reliefs petitioners had sought were:
i) voter must get to satisfy himself/herself that Voter Verifiable Paper Audit
Trail (VVPAT) machine has printed the correct vote slip, cut it, and dispensed
it into the ballot box – such a basic assurance is NOT provided by the existing
system because the vote slip viewing window with a dark glass is back lit by a
lamp for merely 7 seconds during which the slip printing, cutting and dropping
operations cannot be seen – only the slip is getting displayed (the limited-time-lighting
of 7 seconds enables hacking by method#1 mentioned in notes
which includes a demo link).
ii) 100% of the vote slips dispensed in the ballot box must
be counted – as voter has no clue of the vote record that gets written into the
Control Unit (CU).
ADR’s lawyer, Prashant Bhushan cited experts, explanatory
demonstrations, and reasons how hacks can happen and how it could be thwarted
through the reliefs sought. But the judges on the SCI bench did not bother to
ask ECI how relief (i) can be provided? The petitioner had offered multiple solutions
– the simplest one was to keep the light, in the VVPAT, on until the voter
could see the vote slip printed, displayed, cut AND dropped in the ballot box –
at present voter can only see the slip displayed (as explained in hack method#1
in the linked notes, it could be the previous voter’s slip that gets displayed).
Nor did the judges ask ECI what were their estimates of time and cost of
complying with the relief (ii)? A reasonable answer from ECI, which it ought to
have volunteered, would have revealed – one or two day(s) and Rs.20 crores
extra – in percentage terms: a mere 4.27% more-time and a mere 0.2% more cost (computations
here).
Affirming
their own faith in ECI and the EVM, the Justices issued directions to ECI for
post-result audit of EVMs – petitioners had prayed for none of this!
SCI
Judgment on EVM audits may appear to be brilliant but is highly amateurish and
flawed
Post
declaration of results on June 4th, following predictions can be
made based on possible scenarios – INDIA loses, or BJP/NDA loses (lose means
win less than 272 seats). Both scenarios will trigger massive requests for EVM
audits. Since audits will be a technical absurdity and auditors untrustworthy,
a maelstrom is going to hit ECI.
Directions
to ECI are in para#76 on page# 37; Extracts in italics below:
a) On
completion of the symbol loading process in the VVPATs undertaken on or after
01.05.2024, the symbol loading units shall be sealed and secured in a container…
They shall be opened, examined and dealt with as in the case of EVMs. (b) The
burnt memory/microcontroller in 5% of the EVMs, that is, the control unit,
ballot unit and the VVPAT, per assembly constituency/assembly segment of a
parliamentary constituency shall be checked and verified by the team of
engineers from the manufacturers of the EVMs, post the announcement of the
results, for any tampering or modification, on a written request made by
candidates who are at SI.No.2 or Sl.No.3, behind the highest polled candidate.
At present
ECI has not published any document describing details of the audit process it
will follow. However, the very proposition of a post-result audit of EVM and
Symbol Loading Units (SLU) in context of EVM system is a non-sequitur – you can
only audit a device that is currently in the state of being hacked and not one
which was hacked and sanitized before being presented for audit.
It must be
assumed that hacking of EVM System will not be attempted by a run-of-the-mill
hacker. At stake is national security or an election that costs Rs.1.2
trillion -even both can get entangled.
A
high-level hack leaves no smoking gun behind. The way field staff commission
1.2 million EVMs (one per booth) by using SLUs over a two-week period by using
2-5 SLUs in each constituency (which are
handed over to them by the District Election Officer/Returning Officer who
connects his/her laptop via Internet to ECI Central server to download the
candidate data file that is then copied into SLUs), it is eminently possible to
infiltrate VVPATs (Voter Verifiable Paper Audit Trail) with a self-destructive
malware and then remove the malware payload from SLUs (therefore, only
sanitized SLUs with the legitimate candidate data file will be sealed after
poll closing in each constituency). A self-destructive malware is one which
erases itself from the device’s memory upon receiving a trigger, for e.g. when
“Close Polling” button is pressed by the Polling Officer on his Control Unit
(CU) – the malware on the connected VVPAT will self-destruct. Therefore, after
poll closing, the EVMs and SLUs sealed for the audit envisaged by SCI will all
be sanitized with no evidence of any malware/hack.
SCI’s
directions have more absurdities.
Firstly,
the audit should be done of the full device and not just the “burnt
memory/microcontroller” because a device like VVPAT has additional programable
memory. A malware can sit in the additional memory and make the machine
misbehave, leaving the “burnt memory/microcontroller” intact.
Secondly,
there was no compelling reason for the Justices to require the audit team to
come from the manufacturers of EVMs which happen to be ECIL and BEL,
enterprises which are owned by the Government. One of them has BJP members on
its board. Audit could have been done by independent engineers who could have
been provided healthy set of EVMs – because then they could have compared the
object code running on them with the suspected EVMs and detected tampering; it
was not necessary to part with source code. Any sophisticated hacker can
reverse compile the object code from stolen EVMs (a RTI query had revealed that
between ECI, BEL and ECIL 1.9 million EVMs are missing) and write malware to
make EVM misbehave. Malware could work with multiple parameters – Constituency,
Party to steal votes from, Party to favour, date, time, rate of voting etc. The
misbehaviour, therefore, cannot be predicted without the knowledge of program
logic and parameters used.
Read about
the three types of hacks and audits necessary to catch them - here. The ballot stuffing method requires audit of
time stamp of vote record in CU versus the time stamp in the printed vote slip
– they must match, and they must be spaced apart by at least 15 seconds – as
per ECI submissions, the maximum rate of voting designed for is 4 votes per
minute.
The SCI’s
directions to ECI for sealing of EVMs and SLUs commence from 1st
May. So, what will happen to contestants whose constituencies’ polling finished
in April?
As the SLUs
do not have device IDs probably, these are not mentioned in Form17C Part I. At the close of poll, Form 17C
Part I has to be filled in, duly signed by the Presiding Officer, the Polling
Officer, all present Polling Agents of contestants. This form mentions all three
EVM Machine IDs but there is no mention of SLU ID. If Form 17C Part I is not
placed in public domain before the devices are sealed and moved, it would leave
the door open for manipulation – vote count inflation, even switching the
EVMs. Poonam Agarwal, an investigative journalist has interviewed polling
agents who did not sign Form 17C and no one asked them to! It is confounding to
find that ECI does not require the Presiding Officer to sign the Form 17C using
his/her Digital Signing Certificate (DSC).
SCI
directions to ECI do not mention this: The audit must include examination of
signatures on Form 17C Part I and matching with machine IDs, the Total Voters –
registered and votes cast. ECI portal should host a table with the columns of
Constituency Name, Booth ID and Scanned Form 17C Part I duly signed by PO and
DEO/RO. Form 17C Part I total vote count must match the CU total vote count. Is
ECI innocent about the importance of Form 17C Part I being signed and shared
with the citizens of India or there is more than meets the eye?
What
would it take for ECI to share Form 17C data? Essentially zero additional manpower would be
required and not more than 500GB storage space – the program to manage the data
table could be written in one day, read here.
Other
troubling questions:
The
auditors without integrity can allow malware to be copied into SLUs and then
report tampering in that constituency to please the challenger (a losing
contestant). Since SLU is utilized across the constituency, will ECI declare a
repoll in that constituency?
Can the
ruling party with control over the auditors countermand an entire election by
the simple subterfuge of arranging copying malware into a few dozen SLUs?
An abridged version of this blog was published on 24th May, 2024 in The Wire
No comments:
Post a Comment