Hello folks, long time no see.
General Election 2019 is over and the dust has settled. VVPAT was used for every EVM this time, and that is a positive development, on the face of it.
However, after I got home from voting, I had a vaguely uncomfortable feeling. Thinking about my voting experience, I realized that I had seen the VVPAT slip for only about 3 seconds, while the light in the VVPAT window was on. The window seemed dark and opaque when the light was off. Probably made of 1-way glass. The voters were not shown the slip being printed, nor were voters shown the slip being cut and dropped.
This leads to the following vulnerability:
- Voter 1 comes and votes for party A. Slip gets printed and displayed to him for 3 seconds. But the slip does not get cut and drop into the box.
- Voter 2 comes and also votes for party A and gets shown the same slip.
- Voter 3 comes and votes for party B. At this time the slip is cut, and a new slip is printed for party B. This slip is displayed for 3 seconds, and is then cut and dropped.
- Before Voter 4 comes, an extra slip for party B gets printed and dropped.
Thus the box now has 1 slip for party A and 2 slips for party B, although there were 2 voters for A and 1 for B.
The flash memory on which the votes are stored will also have 1 vote for A and 2 votes for B. Therefore, if, by some chance, the slips are checked (which I think happens for 5 booths per assembly segment), there will be no discrepancy between the electronic and paper tallies.
Now, there will be objections about how a Trojan can be activated in favour of a desired candidate, given all the randomization and mock polls. We have been through that discussion many times before. One approach which I have suggested in the past, is for an agent to activate the Trojan by a secret key combination after accessing the ballot unit as an ordinary voter, during actual voting. There are other possibilities if the booth staff is compromised. We need not go through that debate again. It was these vulnerabilities that necessitated the introduction of VVPAT in the first place.
Then I wondered whether this was an issue for the EVM used in my booth, or was it an issue for all EVMs. This official video from the EC published in Oct 2018, shows that this is in fact an issue for all new VVPAT units - https://www.youtube.com/watch?v=QtZIlxw871I
On the other hand, if you look at this video published by the EC for an older model VVPAT unit (from 3:07 to 3:37), it is clear that the light is on for the entire duration - you see the slip being printed and also being cut and dropping - https://youtu.be/Rf3UMQ72j7A?t=187
The conclusion is that the before the 2019 election, a software change was deliberately made, which introduces this vulnerability.
After having reached this conclusion, I reached out to Hariprasad, who is the MD of an embedded systems company NetIndia, and the author of a paper exposing EVM vulnerabilities. Readers may recall how he had been arrested by the Mumbai police for having worked with a "stolen" EVM. It turns out the has been speaking out about this issue on twitter at least since April 11th, which was before I voted and noticed the issue. Here is a video of an interview he gave to Tiranga TV - https://twitter.com/NewsHtn/status/1117384530162176000
As was pointed out by Hariprasad on twitter, here is the official spec regarding the VVPAT slip - "The voter can see this slip through a screened window where it stays for seven seconds, and then it automatically gets cut and falls down into a sealed drop box". See http://pib.nic.in/newsite/PrintRelease. ... lid=161136
Now, if the slip is visible for only 3 seconds, it defeats the purpose of the slip staying in the window for 7 seconds.
It seems that the very first person to notice the vulnerability is in fact our ex-member Rahul Mehta, who has been speaking about it at least since 23rd Feb - https://www.facebook.com/mehtarahulc/po ... 4636926922
. I understand he is banned here currently? Perhaps admins may consider un-banning him, so that he can contribute to this discussion.
In my view, the very least that needs to be done is to have the light in the VVPAT window on for at least 11 seconds, from 2 seconds before the beginning of the printing process till after the slip has dropped into the box. In fact, given that LED bulbs have a long life, there is no reason why the light cannot be on for the entire 12 hours of voting. Also, the window needs to be made of transparent glass, not 1-way glass as is the case now.
And lastly, we need to find out more about the process through which this vulnerability was introduced into the design of the VVPAT units. Who in the EC / BEL / ECIL was lobbying for this??