( Part-1)
By Dr. Khomdon Lisam
On the election day (17-4-2014), I went to the Polling Booth at Maharaj Bodhchandra College, Palace Compound to cast my vote. I was expecting a huge crowd . Surpisingly, I was the only person at that particular time to come for voting . I was in a good mood hoping to find an EVM with paper trail (Vote Verifier Paper Audit Trail (VVPAT) system with EVMs). But I was quite disappointed to find the same paperless EVM which was used during 2012 State Assembly election. I was quite aware that the Union Law Ministry, Government of India has amended the Conduct of Election Rules, 1961, to allow use of electronic voting machines fitted with the Voter Verifiable Paper Audit Trail (VVPAT) system. I was also quite aware that the Hon’ble Supreme Court has directed the Election Commission of India to use EVM with paper trail in order to ensure free and fair election. Only few days back, I have written an “Open letter to the Hon’ble Chief Minister “ in many English newspapers in Manipur for ensuring use of EVM machines with paper trail so that the EVM machine may not be manipulated in favour of a particular candidate. In April, 2012, I have written an article in many English newsapers in Manipur, entitled “How can Electronic Voting Machines (EVM) be manipulated ?” http://e-pao.net/ep SubPageExtractor.asp? src=news_section.10th_Manipur_ Legislative_Assembly_ Election_2012. How_can_Electronic _Voting_Machines_EVM_ be_manipulated_Part_1) . At the end of the article, I have requested the State Government to use only the EVM with Vote Verifier Paper Audit Trail (VVPAT) system to ensure free and fair election. The heart of democracy is voting. The heart of voting is TRUST that each vote is recorded and counted with accuracy and impartiality . The purpose of an election is not to name the winner, but to convince the losers that they lost. (Dr. Dan Wallach, Computer security expert, Rice University ). Voting is a statutory right under the Representation of People Act 1951 and fundamental rights in India under Article 19(1)(a) to know the antecedent of the candidates contesting for the election. A voter has the right to know whether his / her vote has been recorded and counted.
But I am wondering why the Hon’ble Chief Minister, Manipur and the Chief Electoral Officer are using the same paperless EVM which was the bone of contention during the 2012 State Assembly Election. Is this the reason why the Hon’ble Chief Minister and the Hon’ble Deputy Chief Minister are proudly telling to the people that the Congress will surely win the Lok Sabha election. Do the Hon’ble Chief Minister and the Hon’ble Deputy Chief Minister know the results of election before the election is held ? Have they bribed leading EVM hackers in India, including the most infamous “Cyber Army” for ensuring a massive victory of the Congress party in Manipur. These are quite possible if we use paperless EVM.
Election Commission’s earlier claim
Earlier, the Election Commission of India has claimed that the paperless EVM machines are not susceptible to hacking or other forms of fraud. On 13 February 2010, an international conference on the Indian EVMs and its tamperability of the EVM machines was held under the Chairmanship of Dr. Subramanian Swamy, President of the Janata Party and former Union Cabinet Minister for Law, Commerce and Justice at Chennai. About 35 experts from India, Germany, the Netherlands and the U.S. took part in the conference. The conclusion of the international conference was that the Indian EVM is easily hackable and very easy to hack. The hacking can be done before voting and /or after voting Even brief access to the machines could allow dishonest election “Insiders “ or other criminals to alter election results.
Vulnerabilities of paperless EVMs
Contrary to claims by Indian election authorities, these paperless EVMs suffer from significant vulnerabilities.
1. EVM Software Isn’t Safe
The electronic voting machines are safe and secure only if the source code used in the EVMs is genuine. Shockingly, the EVM manufacturers, the Bharat Electronics Limited (BEL) and Electronics Corporation of India (ECIL) have shared the ‘top secret’ EVM software programme with two foreign companies, Microchip (USA) and Renesas (Japan) to copy it onto microcontrollers used in EVMs. This process could have been done securely in-house by the Indian manufacturers. Worse, when the foreign companies deliver microcontrollers fused with software code to the EVM manufacturers, the EVM manufacturers cannot “read back” their contents as they are either OTP-ROM or masked chips. Amusingly, the software given to foreign companies is not even made available with the Election Commission, ostensibly for security reasons. With such ridiculous decisions, the Election Commission and the public sector manufacturers have rendered security of the EVMs a mockery. (GVL Narasimha Rao-http://www.indianevm.com/articles/ten-reasons-for-banning-indian-evms.pdf)
2. EVM hardware Isn’t Safe
The danger for EVM manipulations is not just from its software. Even the hardware isn’t safe. Dr. Alex Halderman, professor of computer science in the University of Michigan says, “EVMs used in the West require software attacks as they are sophisticated voting machines and their hardware cannot be replaced cheaply. In contrast, the Indian EVMs can easily be replaced either in part or as wholesale units.” One crucial part that can be faked is microcontrollers used in the EVMs in which the software is copied. EVM manufacturers have greatly facilitated fraud by using generic microcontrollers rather than more secure ASIC or FPGA microcontrollers. Not just only microcontrollers, mother boards (cards which contain microcontrollers) and entire EVMs can be replaced. Neither the Election Commission nor the manufacturers have undertaken any hardware or software audit till date. As a result, such manipulation attempts would go undetected. To detect such fraud, the upgraded EVMs have a provision to interface with an Authentication Unit that would allow the manufacturers to verify whether the EVM being used in the election is the same that they have supplied to the Election Commission.
3. Vulnerability to hacking:
The Indian EVMs can be hacked both before and after elections to alter election results. Apart from manipulating the EVM software and replacing many hardware parts discussed above, Indian EVMs can be hacked in many ways. Two possibilities may be mentioned :-
Each EVM contains two EEPROMs inside the Control Unit in which the voting data is stored. They are completely unsecured and the data inside EEPROMs can be manipulated from an external source. It is very easy to read (data from) the EEPROMs and manipulate them (GVL Narasimha Rao-http://www.indianevm.com/articles/ten-reasons-for-banning-indian-evms.pdf)
The second and the most deadly way to hack Indian EVMs is by inserting a chip with Trojan inside the display section of the Control unit. This requires access to the EVM for just two minutes and these replacement units can be made for a few hundred rupees. Bypassing completely all inbuilt securities, this chip would manipulate the results and give out “fixed” results on the EVM screen. The Election Commission is completely oblivious to such possibilities. ( http://www.indianevm.com/articles/ten-reasons-for-banning-indian-evms.pdf)
There are allegations that some “insiders” demanding vast sums (Rs. 5 Crore or more for each assembly constituency) to fix election results. Who are these insiders? Unlike in the traditional ballot system where only the election officials were the “insiders”, electronic voting machine regime has spawned a long chain of insiders, all of whom are outside the ambit and control of the Election Commission of India. There is every possibility that some of these “insiders” are involved in murky activities in fixing elections. The “insiders” include the public sector manufacturers of India’s electronic voting machines namely, the Bharat Electronics Limited (BEL) and Electronics Corporation of India (ECIL), the foreign companies supplying microcontrollers, private players (some of which are allegedly owned by some political leaders) for carrying out checking and maintenance of electronic voting machines during elections.(http://www.indianevm.com/articles/ten-reasons-for-banning-indian-evms.pdf)
A team of researchers showed precisely how a display component could be replaced with a fake substitute programmed to steal a percentage of the votes in favour of a chosen candidate. They also demonstrated how stored votes could be changed between the election and the public counting session, which in India, can be weeks later, with a pocket-sized device. The team, comprising Hyderabad-based NetIndia, Dr J Alex Halderman, professor & noted expert on electronic voting security from the University of Michigan and Holland-based security expert Rop Gonggrijp, was instrumental in the ban on EVMs in the Netherlands.
4. Which candidate to favour -Once the dishonest display is installed in an EVM (possibly months or years before the election), the attacker must communicate which candidate is to be favoured or disfavoured and by what margin. There are many different ways that attackers could send such a signal—various kinds of radios, secret combinations of key presses, or even by using the number of candidates on the ballot.
5. Stealing of Votes To steal votes, the attacker indicates his favoured candidate using the rotary switch, which selects a number from 0–9, and the attacker can use it to pick a favoured candidate in any of the first 9 ballot positions, which normally include the major national parties. When the switch is set to positions 1-9, the chip on the clip-on device executes a vote-stealing programme . The programme runs in two passes: first, it reads the list of votes and calculates how many votes to steal from each candidate, and second, it rewrites the list of votes, stealing votes as calculated in the first phase. Any time between the start of polling and the public count, dishonest election insiders or other criminals could use the clip-on device to change the votes recorded in the EVM. In India, counting sometimes takes place weeks after voting, so criminals could wait for an opportunity to tamper with the machines while they are in storage. In normal operation, the EVM limits the rate of voting to no more than
5 per minute. However, Clip-on device bypasses the software restrictions of the EVM, so an attacker is able to again forcibly take control of an EVM and stuff the electronic “ballot box” with any number of votes. These attacks are neither complicated nor difficult to perform, but they would be hard to detect or defend against.
6. Dishonest insiders or other criminals with physical access to the machines at any time before ballots are counted can insert malicious hardware that can steal votes for the lifetime of the machines. Attackers with physical access between voting and counting can arbitrarily change vote totals and can learn which candidate each voter selected.