Should we discontinue EVMs?

[Pranav]

One would be able to further reduce number of people needed by wireless activation. Yes, an antenna would be needed, and the necessary changes could be done at the time of maintenance. If one uses metallic parts of the casing as an antenna, then one might even be able to do without a separate antenna.

A clean solution would be to swap PCB at maintenance time, with the new PCB having a printed microstrip antenna. You can get such antennas for frequencies 100KHz and up.

Yes, detection is an issue, but the EC is working hard to be as secretive as possible.

[Pranav]

The "randomized" allotment of machines to booths within a constituency is quite irrelevant, as far as activation is concerned.

Fine thats not a point I am debating anyway, all I am saying is that the activation can only be done in a special period. You still need a whole huge number of people.

One would be able to further reduce number of people needed by wireless activation. Yes, an antenna would be needed, and the necessary changes could be done at the time of maintenance. If one uses metallic parts of the casing as an antenna, then one might even be able to do without a separate antenna.

No we are talking of in chip Trojan + physical intervention on box + more people involved at more sites.

More people because now == people needed for activation + people needed to modify boxes
And as you said "would be able" --> hence future possibility, perhaps, and easily detected by cracking open a box -- I wouldn't worry about it.I am sure that all the boxes would be inspected for physical integrity in all sorts of BEL centers anyway.

Yes, I agree one needs to do an audit of the number of critical people. As I have been saying, count and compare, taking into account powers of appointment and transfers, and also how localized or widespread damage would be in case of failure.

[Sanku]

Yes, detection is an issue, but the EC is working hard to be as secretive as possible.

No it would be so easy to detect that it will start showing up everywhere. I don't think EC is being secretive at all BTW. They had a open house and a number of tech panels. All coming up with the same behavior even when BJP was in power.

LKA was clearly very poorly advised on this issue.

[Sanku]

Yes, I agree one needs to do an audit of the number of critical people. As I have been saying, count and compare, taking into account powers of appointment and transfers, and also how localized or widespread damage would be in case of failure.

A very simple and rough conservative estimate (done here) runs into the needed involvement of 100s of people who would need to be told something different from what they are supposed be doing.

That calculation is already on parts of this thread.

[Pranav]

It is also pertinent to mention 3D stacked IC's - so examination of the surface of a chip does not necessarily tell you all about the circuitry.

There is no such thing as 3D stacked ICs (at least not yet) All that's stacked are the via's and not the semiconductor itself. It is possible to talk about via layout from surface geometry visualization and or destructive removal thereof.

Standard stuff.

Take a look at this, for example: eda.ee.ucla.edu/EE201A-04Spring/3D.ppt

[Rahul Mehta]

It is also pertinent to mention 3D stacked IC's - so examination of the surface of a chip does not necessarily tell you all about the circuitry.

Dileep, Tanaji, Raja Bose and Company claims that every bit can be read no matter what ROM is used. Lets believe them for the time being.

Btw, if chip can be read that only means that some EVMs still have trojan code. This does NOT stop them from putting rigged code, as the chip gets examined by a very few people, if at all they do bit level examination. For all I know, they might be doing just functional tests. So even if chip can be read back, that is only a speed breaker and not show stopper.

---

To show the ludicrity of the claim that the BEL CEO can do mischief directly, let us look at the organizational structure of a huge company like BEL.

BEL is majority owned by GOI, and the CEO is the CMD, appointed by GOI. BEL has 9 factories, and employ 12000+ people. The corporate office is in Nagavara, Bangalore. The EVMS are designed at the R&D facility in Bangalore, and manufactured at the Navi Mumbai and/or Bangalore facilities.

Each location have its head, reporting to the board of directors (not to the CEO). The bangalore complex in Jalahall have a director for the whole operation, and the other manufacturing operations have GMs. The R&D will be under one GM, reporting to the director, and under him, there will be a group manager for the commercial products.

The EVM group will be under a manager in that group. He will have managers for the hardware and software teams. The software team will have one leader.

It is practically impossible to byepass any of the hierarchy. In fact, the CEO can not even go to the R&D facility without a formal visit plan, along with his entourage, and joined by the GM and everyone in the chain.

..... Whether it is BEL, or Hitachi, the CEO is virtually powerless to influence the technical side of the business.

Dileep,

Pls spell PwC for me.

So to break this process, I need to buy out

1. BEL CEO
2. Director of Hyderabad of banglore facility who makes EVM
3. EVM unit head

Three senior guys ONLY. No need to buy directors - they wont get a clue.

And in middle/junior guys, I need to buy out the team lead of coding (if I want to put trojan using random encryption) or guy in HW in charge of testing chips (if Hitachi is putting a different code).

----

Dileep,

If Encryption is simple, decryption will not take too much space on chip. eg consider encryption of byte as

8 actual bits = 4 actual bits + 4 random bits + 4 random bytes + 4 actual next bits .

Basically, insert 32 random bits between half-bytes (nibble?). So if code is 1K bytes, the encrypted version will take 1/2 + 1/2 + + 4 + 1/2 + 1/2 = 5k bytes.

So decryption is : read 40 bits and take first 4 and last 4 bits, and ignore the 32 bits in between. The decrypted code is not stored. Microcode can decrypt 2-3 bytes at a time, the result comes into code register where it is executed.

Now microcode implements 50-100 instructions . So few more instruction will increase number of gates by a small %. Even if it is detectable. But then, you are assuming that BEL was actually verifying the entire chip layout, gate by gate when the chip came. And if yes, the team lead of HW verification can put a rigged code in the PC used for verification which when gets tempered design will report the right design.

[Pranav]

Yes, I agree one needs to do an audit of the number of critical people. As I have been saying, count and compare, taking into account powers of appointment and transfers, and also how localized or widespread damage would be in case of failure.

A very simple and rough conservative estimate (done here) runs into the needed involvement of 100s of people who would need to be told something different from what they are supposed be doing.

That calculation is already on parts of this thread.

Only cooperative people would be appointed to the critical positions. Contracts could be steered to Congress companies, and they could source equipment from foreign defense contractors. You have to compare with the alternative methods that are available, and consider how wide the consequences of fraud are.

[Pranav]

A very simple and rough conservative estimate (done here) runs into the needed involvement of 100s of people who would need to be told something different from what they are supposed be doing.

That calculation is already on parts of this thread.

Actually let's do the calculation again.

1. To steer maintenance contracts to friendly companies: You need cooperation of the CEO of BEL/ECIL. The CEO does not need to be complicit, he just needs to steer contracts just like he is being told. Since PSUs are routinely used for enrichment of politicians, and even so called "honest" people are trained not to ask uncomfortable questions, this should not be hard.

2. Inside the friendly maintenance company. Company owner gets replacement PCBs from foreign defense contractors. He hires low-level technicians to do as they are told. He may even use foreign workers if he feels his technicians are not reliable.

3. The activation process: one person can handle 3 or 4 constituencies. Actually, if election is in 5 phases, one person might be able to handle some 10-15 constituencies. Even foreign "tourists" could be used for activation.

So, all in all, for rigging some 100 constituencies, you could do it with about 3-4 people in top management who really know whats going on, and maybe some 25 foreign "tourists" or cooperative Indians.

So, its not more than 50 people max, and some of those 50 could be foreigners.

[Rahul Mehta]

I need following info

List of AP Assembly seats and in which AP LS seat they come inside.

I have list of AP assembly and list of AP LS seats.

But need list of AP assembly seats in each of the LS seat.

Thanks for the info.

.

[Sanku]

Only cooperative people would be appointed to the critical positions. Contracts could be steered to Congress companies, and they could source equipment from foreign defense contractors. You have to compare with the alternative methods that are available, and consider how wide the consequences of fraud are.

Well at least that posts says that so far there has been no rigging but in future there could be.

Yes, if Congress manages to ensure that the entire chain in BEL, programmers, tester, packagers etc etc along with their manager is corrupt, along with Hitachi CEO his managers, technical people etc.

Along with a large number of completely loyal folks lurking around with antennas. Who will also happen to be super efficient as not be seen by anybody.

They deserve to rule the country anyway -- and guess what, if that can happen I will suddenly change my allegiance

[Sanku]

There is no such thing as 3D stacked ICs (at least not yet) All that's stacked are the via's and not the semiconductor itself. It is possible to talk about via layout from surface geometry visualization and or destructive removal thereof.

Standard stuff.

Take a look at this, for example: eda.ee.ucla.edu/EE201A-04Spring/3D.ppt

Sigh... Pranav I do this for a living, note the last slide

3D IC design is a relief to interconnect driven IC design.
Still many manufacturing and technological difficulties
Needs strong EDA applications for automated design

In short, currently (and for next 5-10 years) its vaporware, and even after 10 years its a long shot.

[Dileep]

The activation can be done any time after the assignment of keys to candidates. Since keys are alloted in alphabetical order, this is any time after the last date for withdrawal.

The "randomized" allotment of machines to booths within a constituency is quite irrelevant, as far as activation is concerned.

The first randomization happens before the machines are allocated to the constituency. Thereafter the machines are under control, so you can't do anything to them.

To activate, you need to connect the CU to a BU, power it up and do the magic key combination. This time, you need to accurately key in the time number where the rigging should start. This will be a number of several digits. That itself is a tough call, and takes a lot of time.

Ah, and another killer. You need to know the current time number, and do the math on a per-device basis. That is because the "timestamp" is not IST. You can't use IST, because of the user interface needs, and since it is not really necessary for the security purpose.

And where are you going to do this operation?

In all, your proposal is impossible.

One would be able to further reduce number of people needed by wireless activation. Yes, an antenna would be needed, and the necessary changes could be done at the time of maintenance. If one uses metallic parts of the casing as an antenna, then one might even be able to do without a separate antenna.

The wireless activation is disproved already. It is not only the antenna. You need the whole receiver circuit.

[Dileep]

It is also pertinent to mention 3D stacked IC's - so examination of the surface of a chip does not necessarily tell you all about the circuitry.

Are we talking about the current technology, or future? The current spec uses certain IC that is NOT 3D stacked. If someone replaces it with a 3D stacked one, that itself clear indication of rigging isn't?

We will discuss this AFTER Hitachi released the first 3D stacked IC.

No distractions please.

[Dileep]

The withdrawals gets filed ANY TIME between April 10-13, and no one compiles an interim list. There is no need. Secondly, the withdrawals are not finalized till all the applications are accepted. The final list is compiled after everything.

There is no ongoing compilation of the list. Hence no means to track withdrawals.

The list is complied but not disclosed to public. A friendly call to peon in DC's office will get you the latest list and count. And on Apr-13 3pm (or whatever is the the last date time to withdraw), anyone in DC office election branch can tell you the count. DC makes NO attempt to this information secret , and none is needed.

.

Have you asked the peon? Have you ever tried to get this information? What proof do you have to show that a constantly updated list is available?

[Dileep]

There are some Hitachi Rakshaks like you, Dileep, Tanaji etc who claim that Hitachi CEO will not ask technicians to put rigged code even after CIA Director himself calls Hitachi CEO. In fact, I assume other way round - Sonia etc gave contract to Hitachi ONLY after Hitachi CEO assured that rigged code will be put in place. And trust me, except Hitachi Rakshaks I find here, over 99% (sic) commons including Congress voters will agree that Hitachi *can* put rigged code.

Retract that slander!! What reason do you have to call us Hitachi Rakshaks? You are turning to abude because you are loosing your preposterous argument.

Not only Hitachi or BEL, what you mention is not possible to do in ANY big company. Your slander is not going to make any difference to that fact.

And there are Process Rakshaks like Yourself , Dileep and company, who claim that processes are so water tight that BEL staff will block rigged chip no matter what manipulation BEL CEO does. The processes did not stop Raju of Satyam from making false claim of Rs 1000s of cr of FDs, the processes did not stop Telgiji etc. But BEL seems to be some place outside universe. Worst comes worst, get the boxful of chip with actual code, do the test and after the test is over, replace the boxful of chip with chip with tempered code. These microcontrollers do not have IDs and so replacing one boxful of chip is as easy as replacing boxful of biscuits. In any case, except Process Rakshaks , over 99% of (sic) commons will agree that it is easy for BEL CEO and top 3 guys plus 2 more middle/junior guys to bypass the necessary tests.

Your abuses apart, yes, any major system work on processes.

Raju and Telgi got caught if you don't know. The system and processes did it. Case closed!!

Till date, the only glitch was - what do you do with tempered code, when candidate number is not known? The modulo-5 logic shows that there are several ways to use EXTERNAL parameters like nCandidates, polling date or combination of them to tell machine code whom to favor.

You are ignoring the mountain of impossibilities stacked up, because you have no solution for that. You got the utterly reliable, but sophisticated mod-5 theory, and you want to tom-tom it. That is all.

The fact remains that you need a riged chip, and that is impossible to pull off.

[Dileep]

One would be able to further reduce number of people needed by wireless activation. Yes, an antenna would be needed, and the necessary changes could be done at the time of maintenance. If one uses metallic parts of the casing as an antenna, then one might even be able to do without a separate antenna.

A clean solution would be to swap PCB at maintenance time, with the new PCB having a printed microstrip antenna. You can get such antennas for frequencies 100KHz and up.

Yes, detection is an issue, but the EC is working hard to be as secretive as possible.

But, what happens WHEN it is detected?

[Raja Bose]

It is also pertinent to mention 3D stacked IC's - so examination of the surface of a chip does not necessarily tell you all about the circuitry.

Is the EVM using a 3D stacked IC? No. Why? Because there is no 3D stacked IC in commercial release. Hence, it is not germane to the current debate. If it gets used in the future, we can debate then - but do keep in mind the forensics technology will have also advanced, nothing remains static.

[Raja Bose]

There are some Hitachi Rakshaks like you, Dileep, Tanaji etc who claim that Hitachi CEO will not ask technicians to put rigged code even after CIA Director himself calls Hitachi CEO. In fact, I assume other way round - Sonia etc gave contract to Hitachi ONLY after Hitachi CEO assured that rigged code will be put in place. And trust me, except Hitachi Rakshaks I find here, over 99% (sic) commons including Congress voters will agree that Hitachi *can* put rigged code.

I guess for someone like you who is rabidly for- or anti- something regardless of actual facts on the ground, it is but natural to think that others will be like you too - illogical, biased and opinionated. You are one of those people who first decide on a final result and then twist information and ******** facts to fit your thinking (I come across plenty of such dishonesty even among well-known researchers in top universities here). Fortunately neither Dileep, Tanaji or I posses the dishonesty to do that. It does not matter if NEC, Hitachi or Keltron makes the EVMs - unless there is proof that they are indulging in fraud, whatever you say is libel. I don't believe in picking on random organizations and making outrageous allegations without a shred of evidence - you seem to be comfortable doing that but then you are a neta, we cannot expect anything better from you.

Since you are so sure that Hitachi CEO is committing fraud and accepting money from Sonia/CIA, maybe you will have the guts to take out some public ads in newspapers claiming Hitachi CEO is committing fraud. Then when Hitachi drags you to court and sues you for libel, perhaps you can mouth all your "assumptions" in a court of law.

And trust me, except Hitachi Rakshaks I find here, over 99% (sic) commons including Congress voters will agree that Hitachi *can* put rigged code.

Trust you? After all your dishonesty on display here, you are asking me to trust you, your motive and your judgement? You must be kidding, right?.

Please post here proof that 99% of the commons agree that Hitachi can put rigged code in a way which will influence Indian elections. Don't run away and don't give me some BS sampling coz in a past life I used to do statistics and will drag you over the coals for that too.

And there are Process Rakshaks like Yourself , Dileep and company, who claim that processes are so water tight that BEL staff will block rigged chip no matter what manipulation BEL CEO does. The processes did not stop Raju of Satyam from making false claim of Rs 1000s of cr of FDs, the processes did not stop Telgiji etc.

You just shot yourself in the foot here. If the processes didn't stop Raju or Telgi...I wonder how were they caught? Did someone have divine intervention? And if they were not caught, you would not even be here taking them as examples. Processes are never watertight however, they are designed to ensure that failure of any component does not compromise the integrity of the entire process and such failures get detected. Large companies run on processes - this ensures that no individual or group no matter how powerful can subvert it without getting caught (the very same examples you gave actually demonstrate this). This is what makes them different from mom-and-pop software shops and 1-room startups.

[Raja Bose]

But BEL seems to be some place outside universe.

Yes it is completely outside the Rahul Universe(tm) and resides squarely in the Real Word.

Worst comes worst, get the boxful of chip with actual code, do the test and after the test is over, replace the boxful of chip with chip with tempered code. These microcontrollers do not have IDs and so replacing one boxful of chip is as easy as replacing boxful of biscuits.

Well..well, in absence of arguments we are back to replacing boxfuls of chips like biscuit tins, are we? I must say your fantastic statement provide me much needed entertainment during long meetings/conf. calls - only problem is I have to hold my laughter otherwise people will get startled.

In any case, except Process Rakshaks , over 99% of (sic) commons will agree that it is easy for BEL CEO and top 3 guys plus 2 more middle/junior guys to bypass the necessary tests.

Again, please post proof here that 99% of commons agree to whatever rubbish you posted above. We want numbers, names and solid proof that sampling was non-judgemental. Don't run away now!

Till date, the only glitch was - what do you do with tempered code, when candidate number is not known? The modulo-5 logic shows that there are several ways to use EXTERNAL parameters like nCandidates, polling date or combination of them to tell machine code whom to favor.

I am sorry, but considering that every hair-brained scheme of yours has been debunked here thoroughly, I don't think what you post above is the only glitch. I admire your repeated attempts to turn back the clock but every time you post about "the only glitch left", it has the same effect as Pakistan declaring for the nth time that the Al-Qaeda #3 is dead!

And paper ballots were just fine, only some 2% booths had problem. And you repeatedly keep ignoring camera and stamp with 20 second built in delay. And yes, there were stray cases of booth capturing, but thats because judges promote criminals. So problem was with judges, not with ballot papers.

So it has been proven on public record that at least 2% of ballot voting booths had fraud issues. However, there is no proof yet that any of the EVMs had fraud issues. Hence, ofcourse using Lahori Logic, ballot based voting is much more secure than EVM based voting! What logic Mash'allah! BTW is the booth capturing included in that 2% or were you saving it for later?

[Raja Bose]

And you repeatedly keep ignoring camera and stamp with 20 second built in delay.

Why don't you scroll up the one of my posts of August 9 and you will find that I am the only one not ignoring your beloved idea. I am so sorry that in the middle of your rantings you missed it. To make it up to you, let me repeat the relevant portion of the post here:

I, for example, want to start with how the firmware of the videocamera/webcam can be subverted since only a handful of large scale manufacturers make them in China/Taiwan/S.Korea and obviously they are infiltrated and subverted by CIA. Hence, it is trivial with the help of 5-10 people at the top to simply replace the camera firmware with one which just synthesizes fake images (by composing fake components with real images - pretty well known in special effects and computer vision/augmented reality) instead of reading only from the CCD. In fact, I say the there is NO tool in the world which can tell you for sure if the image is fake since there is no real image to compare it with - even the best labs in the world won't be able to do it and if they were, they are already subverted by CIA/Mossad (JPL is usually the best at these video processing stuff). RM ji, what do you think of that?

There you go, now answer! And in case you think I misunderstood your scheme, please outline in detail the entire video camera and stamping process.

[Raja Bose]

Dileep, Tanaji, Raja Bose and Company claims that every bit can be read no matter what ROM is used. Lets believe them for the time being.

You seem to be big on belief and low on scientific facts. Why don't you go ask some industry professionals in hardware security and analysis and they will tell you whether reading every bit of a ROM is possible or not. Don't try to claim that ROM cannot be read just because you are too lazy to go research it yourself, despite numerous references and books suggested to you.

Pls spell PwC for me.

Please spell ballot fraud, booth capturing for me. And guess what, the all-mighty PWC, Arthur Anderson, Enron and Satyam - all got caught by processes NOT by voodoo.

[Singha]

ibnlive

US scientists say they can 'steal' ballots from EVMs

IANS

TimePublished on Tue, Aug 11, 2009 at 15:51, Updated on Tue, Aug 11, 2009 at 15:56 in Sci-Tech section


Washington: Computer scientists in the US have demonstrated how electronic voting machines (EVM) can be hacked and votes ‘stolen’ using a malicious programming approach that had not been invented when the voting machine was designed.

The team of scientists from the Universites of California, San Diego, Michigan and Princeton employed "return-oriented programming" to force an electronic voting machine to turn against itself.

"Voting machines must remain secure throughout their entire service lifetime, and this study demonstrates how a relatively new programming technique can be used to take control of a voting machine that was designed to resist takeover, but that did not anticipate this new kind of malicious programming," said Hovav Shacham.

Shacham is professor of computer science at UC San Diego's (UC-SD) Jacobs School of Engineering and study co-author. His study demonstrates that return-oriented programming can be used to execute vote-stealing computations by taking control of an EVM designed to prevent code injection.

The computer scientists had no access to the machine's source code--or any other proprietary information--when designing the demonstration attack.

By using just the information that would be available to anyone who bought or stole a voting machine, the researchers addressed a common criticism made against voting security researchers: that they enjoy unrealistic access to the systems they study.

"Based on our understanding of security and computer technology, it looks like paper-based elections are the way to go. Probably the best approach would involve fast optical scanners reading paper ballots. These kinds of paper-based systems are amenable to statistical audits, which is something the election security research community is shifting to," said Shacham.

"You can actually run a modern and efficient election on paper," he said.

"If you are using electronic voting machines, you need to have a separate paper record at the very least," he added.

There findings were presented at the 2009 Electronic Voting Technology Workshop.

[Raja Bose]

This article contains more details as to the machine used and what was done.

http://www.sciencedaily.com/releases/20 ... 161902.htm

A couple of points from the above article:

1) The scientists got a voting machine legitimately and reversed engineered it hardware and software - by reading the ROM (RM, take note).

2) The machine in question is a Sequoia AVC Advantage.

3) The vulnerability used on this machine is the plug-in cartridge which is used to store votes (note, this is a known entry point of malicious code for this specific model as iirc others have exploited it earlier though for injecting a trojan). Hence, it is a weak point in the defence since without any add-on hardware, anybody can essentially plug in a bad cartridge and subvert the machine (through trojan injection or in the case of return-oriented programming, activation). However, it also makes it impractical to influence large-scale elections since the hack initiation process is manpower intensive. It may work for local elections since number of machines is low and localized to a few booths. So in the end as it has been stressed on this thread time and again (and conveniently ignored by RM during his rants), the show stopper is not the existence of a trojan or even its injection or activation (as in case of return oriented programming). The show stopper is the ability to do the same on a massive scale without getting detected at all.

4) The concept of return oriented programming originated from UCSD (in fact the big boy behind it, is the advisor of the student who demonstrated this hack). Basically involves subverting the stack and disrupting flow of instructions. The concept is that a set of small good instructions can be chained in such a way so that they result in malicious code - however this requires a fairly large codebase to succeed. Those interested can read this BlackHat presentation: https://www.blackhat.com/presentations/ ... amming.pdf

5) This highlights the issues that EVM must follow the KISS principle. I think India has taken the right approach in keeping its EVMs low-tech (yet get all its benefits) and also relying on low-tech security of seals, involving people from all parties apart from usual standard production checks. It is the West with its obsession to look cool and sophisticated where EVMs have run into massive problems with their fancy UIs, internet/modem connectivity and bloated software. As usual SDRE triumphs over TFTA!

RM might want to contact Stephen Checkoway and ask his opinion on hackability of Indian EVMs. Stephen is at: [email protected] At least we will be spared RM's hair brained schemes and will see some intelligent dialogue for a change.

[Dileep]

RB, maybe you should contact Stephen on this subject, and see what he says.

[Rahul Mehta]

Rahul Mehta: The processes did not stop Telgi or Raju from committing fraud. They only got caught post-facto after creating damage of 1000s of crores of rupees. And they got caught because there was a paper trail and they were "small" guys. ... And the MAIN guy behind Telgi scam - Sharad Pawar -- is out, roaming free and doing more scams. Telgi was just a front guy. And Raju is enjoying 5 star facilities in prison. And it is done as per "process". The lower court judge and HCj has approved these facilities. So you see, how useless these "processes" are. ......

Muppalla: I agree with RM regarding Telgi and Raju. The process is not helpful as the actual conspirators are not caught. Bakaras are just put behind bars or in some worst cases killed so that the real will never comeout.

AWMTA aka "sooner or later, one has to agree with RM" .

---

Muppalla: Taking an assumpton ( assumption only ) that EVMs are hacked then it will never be proved and even if proved no one will be able to catch the conspirators behind it. It is easy to say Congress did it because it won but in actuality it is far more deeper than just that.

If the trojan is encrypted in masked ROM and microcode supports decrypting and execution of encrypted code, then EVM hacking cannot be proved technologically. One can at best notice that hard wired microcode is different, one cannot "understand" the hard wired circuit by looking at the layout. And to that, add the fact that SCjs themselves are closely guarding all tempered EVMs, and so they will ensure that no technical person ever get a chance to actually touch a tempered EVM. The fact finding committee will come, and it will consist of crooks who will deliberately pick untempered EVMs and then give a clean chit. Just as SIT in charge of stamp paper scam gave clean chit to Pawar despite 100s of evidences all over.

So EVM tempering will never ever get proved, even if that happened and even if 60000 tempered EVMs are still in District warehouses.

===================

Finally, the debate has come to a converged on a matter of faith. Those who have immense faith in the integrity of Hitachi CEO, BEL CEO and "The Processes" can assume that EVMs are all "paak". I call them "Process Bhagats" or "Process Rakshaks" or "Hitachi Bhagats" or "Hitachi Rakshaks". And those who believe that biggies *can* trivially rig processes if they want can assume that EVMs have tempered code. I call them "rustics" or commons or illiterates or fools etc and I am one of them. Pls note that unlike ROM reading etc which was "matter of fact", this process bhakti is a "matter of faith" only.

On this and all matters of faith, it is best we assume that EVERYONE's vote has same value. eg if Dileep says that ROM can be read and some 100 commons were say that ROM cant be read, I will agree with Dileep as he is a ROM-specialist. But if Dileep has "faith" in some processes, and 100 commons dont, then faith of persons should be taken on "all votes equal value" basis, and so in this case, Dileep's faith should be discarded. eg if 100 physicists claim that God exist, it is still a belief and not a fact.

So finally, it boils downs to "How many of us (sic) 71 cr citizen voters aka commons have faith in integrity of BEL CEOs, 3-4 BEL chip testers, other 2-3 BEL employees who are critical, Hitachi CEO and processes". The answer to this question should be the ONLY factor in deciding EVM vs paper issue.

[Muppalla]

^^^^^ I agree with RM regarding Telgi and Raju. The process is not helpful as the actual conspirators are not caught. Bakaras are just put behind bars or in some worst cases killed so that the real will never comeout.

Taking an assumpton ( assumption only ) that EVMs are hacked then it will never be proved and even if proved no one will be able to catch the conspirators behind it. It is easy to say Congress did it because it won but in actuality it is far more deeper than just that.

[Pranav]

The wireless activation is disproved already. It is not only the antenna. You need the whole receiver circuit.

The receiver circuit and printed microstrip antenna is on the replacement PCB that is sourced from the foreign defense contractor, and swapped at the Congress owned maintenance company.

So, there is no difficulty in rigging about 100 constituencies with max 50 people, many of them foreigners.

[Pranav]

The case of DSK, the BSP candidate from Pune is very interesting. There were 43 of his relatives and close friends that voted at one booth, but the EVM from that booth showed only 18 votes for him. (http://www.indianexpress.com/news/for-d ... le/497242/)

There must be a paper trail that shows that those 43 people did cast their votes. It should be verifiable that they are relatives and close friends of DSK. They ought to be willing to give affidavits saying they voted for DSK. Given their verifiable links to DSK, there would be no reason for them to vote otherwise.

So it seems that there is a legal basis to take this further. I hope DSK follows this up.

[Rahul Mehta]

The wireless activation is disproved already. It is not only the antenna. You need the whole receiver circuit.

The receiver circuit and printed microstrip antenna is on the replacement PCB that is sourced from the foreign defense contractor, and swapped at the Congress owned maintenance company.

So, there is no difficulty in rigging about 100 constituencies with max 50 people, many of them foreigners.

Pranav,

And following two things favor your radio enabled EVM scenario

1. the EVMs are receive only, not sending. To receive, a coiled antenna in 2mm * 2mm square will suffice. It can be put in middle layer of multi layer PCB and hence no human eyes can notice. Now a PCB tracker can notice it, but that would need an SCj order first.

2. I need only an accessory and not an agent to activate the RF EVMs. I can buy a media company, like NDTV and put the signal sending equipments in the van. Then I ask the van to go to DC's office to report election etc. The van driver does not even know that the equipment in van are sending candidate number to the EVMs. So sending RF signals to EVMs does not need even one agent.

.

[vera_k]

And guess what, the all-mighty PWC, Arthur Anderson, Enron and Satyam - all got caught by processes NOT by voodoo.

Not before they got away with their malpractice for many many years . And unlike these cases, the government as the owner, creator and patron of the EVM is not exactly motivated to catch the culprits.

[Pranav]

1. the EVMs are receive only, not sending. To receive, a coiled antenna in 2mm * 2mm square will suffice. It can be put in middle layer of multi layer PCB and hence no human eyes can notice. Now a PCB tracker can notice it, but that would need an SCj order first.

2. I need only an accessory and not an agent to activate the RF EVMs. I can buy a media company, like NDTV and put the signal sending equipments in the van. Then I ask the van to go to DC's office to report election etc. The van driver does not even know that the equipment in van are sending candidate number to the EVMs. So sending RF signals to EVMs does not need even one agent.

.

Quite right - and using the internal clock, the activation can be done even before the machines are sent to the individual polling booths.

[Dileep]

If Encryption is simple, decryption will not take too much space on chip. eg consider encryption of byte as

8 actual bits = 4 actual bits + 4 random bits + 4 random bytes + 4 actual next bits .

Basically, insert 32 random bits between half-bytes (nibble?). So if code is 1K bytes, the encrypted version will take 1/2 + 1/2 + + 4 + 1/2 + 1/2 = 5k bytes.

So decryption is : read 40 bits and take first 4 and last 4 bits, and ignore the 32 bits in between. The decrypted code is not stored. Microcode can decrypt 2-3 bytes at a time, the result comes into code register where it is executed.

Now microcode implements 50-100 instructions . So few more instruction will increase number of gates by a small %. Even if it is detectable. But then, you are assuming that BEL was actually verifying the entire chip layout, gate by gate when the chip came. And if yes, the team lead of HW verification can put a rigged code in the PC used for verification which when gets tempered design will report the right design.

This is like the proverbial catch the crane method.

The random bytes are NEVER put in by the manufacturer. If random bytes are put, they are done by the originator of the binary. Now, if the originator can put code in the encrypted instruction form, he can very well do it in the regular instruction form as well. Why go the encrypted route?

And encrypted or not, you need to transfer control to that code block. This should be done from the regular code block, so it will be evident.

And of course you need special assembler toolset to do the compilation too.

In all, this scheme is just a roundabout way of saying that:

You compromise the code and put it in the chip.

[Dileep]

If the trojan is encrypted in masked ROM and microcode supports decrypting and execution of encrypted code, then EVM hacking cannot be proved technologically.

Wrong!!

1. The additonal microcode circuitry will show up on the chip
2. The base code should call the encrypted code, s that will be visible in the base code.

One can at best notice that hard wired microcode is different, one cannot "understand" the hard wired circuit by looking at the layout. And to that, add the fact that SCjs themselves are closely guarding all tempered EVMs, and so they will ensure that no technical person ever get a chance to actually touch a tempered EVM. The fact finding committee will come, and it will consist of crooks who will deliberately pick untempered EVMs and then give a clean chit. Just as SIT in charge of stamp paper scam gave clean chit to Pawar despite 100s of evidences all over.

So EVM tempering will never ever get proved, even if that happened and even if 60000 tempered EVMs are still in District warehouses.

These are lame arguments, and are common factor in EVERY piece of scenario you have brought up. Don't you have anything new?

[Dileep]

^^^^^ I agree with RM regarding Telgi and Raju. The process is not helpful as the actual conspirators are not caught. Bakaras are just put behind bars or in some worst cases killed so that the real will never comeout.

Taking an assumpton ( assumption only ) that EVMs are hacked then it will never be proved and even if proved no one will be able to catch the conspirators behind it. It is easy to say Congress did it because it won but in actuality it is far more deeper than just that.

We are not talking about catching the culprits, or even proving.

Is there a solid ALLEGATION that the EVMS are actually rigged? All we see are arguments that "they are hackable". No one even said that "I have seen the warehouses being accessed un necessarily", or "I have heard trucks getting into the compound" or something like that?

Did the chaiwala in front of BEL say anything?

None!! NADA!!

That is good enough to kick EVMs out. A credible allegation, and it ain't there.

[Dileep]

The wireless activation is disproved already. It is not only the antenna. You need the whole receiver circuit.

The receiver circuit and printed microstrip antenna is on the replacement PCB that is sourced from the foreign defense contractor, and swapped at the Congress owned maintenance company.

So, there is no difficulty in rigging about 100 constituencies with max 50 people, many of them foreigners.

We had disected the "CU replacement and wireless activation" theory long time ago on these pages. Do you have anything new from those?

[Dileep]

The case of DSK, the BSP candidate from Pune is very interesting. There were 43 of his relatives and close friends that voted at one booth, but the EVM from that booth showed only 18 votes for him. (http://www.indianexpress.com/news/for-d ... le/497242/)

There must be a paper trail that shows that those 43 people did cast their votes. It should be verifiable that they are relatives and close friends of DSK. They ought to be willing to give affidavits saying they voted for DSK. Given their verifiable links to DSK, there would be no reason for them to vote otherwise.

So it seems that there is a legal basis to take this further. I hope DSK follows this up.

1. What is the friends and relatives HATED the tyrant neta, and trusted the secrecy of the ballot to vote their mind?
2. What is the neta wanted to hide behind the EVM scare, and ASKED the friends and relatives to vote others, to make this allegation?

[Dileep]

1. the EVMs are receive only, not sending. To receive, a coiled antenna in 2mm * 2mm square will suffice. It can be put in middle layer of multi layer PCB and hence no human eyes can notice. Now a PCB tracker can notice it, but that would need an SCj order first.

Why hide the antenna alone when the rest of the radio circuitry will be visible on the board?

We had been through on this "CU replacement and radio activation" business before. Do you guys have anything new than that?

RM, you lost interest in the mod-5?

[Pranav]

We had disected the "CU replacement and wireless activation" theory long time ago on these pages. Do you have anything new from those?

One doesn't recall your having made any noteworthy points.

[Pranav]

1. What is the friends and relatives HATED the tyrant neta, and trusted the secrecy of the ballot to vote their mind?
2. What is the neta wanted to hide behind the EVM scare, and ASKED the friends and relatives to vote others, to make this allegation?

... you are welcome to argue for perjury in the Courts, if DSK takes it up.

[Dileep]

We had disected the "CU replacement and wireless activation" theory long time ago on these pages. Do you have anything new from those?

One doesn't recall your having made any noteworthy points.

It is not my problem that you have a poor memory. Read up the previous pages.