Should we discontinue EVMs?

[RamaY]

Is there any criteria on how the candidates are positioned in an EVM? Is it alphabetic order of candidate names or party names? or the national parties in the top?

This may give some clues...

[vera_k]

Vera, that attack involves a number of people at the manufacturer which is impossible to contain. After that, you have the following difficulties:

1. Reliably track these machines through changes in officials and locations. Remember these machines gets used in multiple elections. At any point it can get caught. There is a big chain of officials who handles these. How can it be contained?
2. Pass the mock poll.

I am not that confident that it would be impossible to contain. The manufacturers are owned by the government, and the government employs resources of the kind that have successfully kept the nuclear program under wraps from the citizenry for many decades. This would not be much of a concern if the machines were sourced from private entities that made a living off them.

#2 is meaningless in the face of this attack because the attack can be programmed to start after a certain number of votes have been cast.

[Dileep]

The order is in the alphabetic order of the local language. There is clear guidelines in the handbook.

The secrecy of the nuclear programme is in the supreme interest of every citizen. Whoever exposes/leaks that conducts treason, and gets severe repercussions. No one in the sane mind would even think of leaking that.

The secrecy of the 'tampering operation' is just the opposite. Whoever exposes/leaks that is serving the country. No one in sane mind would think twice before exposing it.

How can you compare those?

Question. Put yourselves in the place of a BEL engineer who suspects that something unusual is going on. What would you do?

[Pranav]

Revelation made by the Election Commission in a letter dated March 30, 2010 to V.V. Rao, petitioner in the Supreme Court on the EVMs:

”…The Commission is concerned that commercial interests could use the route of reverse engineering (a process by which the original software and hardware configuration can be accessed) which may compromise the security and sanctity of the entire election system.”

“…It is once again made clear that any demonstration of alleged tamperability cannot include reverse-engineering as it compromises security and sanctity of the entire election system.”


http://www.indianevm.com/blogs/?p=11

Clearly, the software and hardware configuration is known to insiders.

So, in effect, the EC has admitted that the election can be rigged by insiders.

[ArmenT]

^^^^
Please. That's a strawman argument. It goes along the lines of
(a) I'm a human being
(b) So in effect, the EC has admitted that human beings can hack the EVM

[Raja Bose]

Clearly, the software and hardware configuration is known to insiders.

So, in effect, the EC has admitted that the election can be rigged by insiders.

What kind of Lahori logic is this?
Ofcourse it is known to insiders - software and hardware is not created using the process of natural selection or Darwinian evolution, it has to be written and designed by humans (aka insiders).

[vera_k]

The secrecy of the 'tampering operation' is just the opposite. Whoever exposes/leaks that is serving the country. No one in sane mind would think twice before exposing it.

How can you compare those?

Question. Put yourselves in the place of a BEL engineer who suspects that something unusual is going on. What would you do?

What if the BEL engineer who finds out believes it is the right thing to do because it agrees with his political disposition. Or if the engineer is 'persuaded' to stay quiet. We may find out many years down the line just as with the nuke dud.

[Dileep]

What if the BEL engineer who finds out believes it is the right thing to do because it agrees with his political disposition. Or if the engineer is 'persuaded' to stay quiet. We may find out many years down the line just as with the nuke dud.

How can it 'agree to his political disposition'? Does the software decide 'vote communist'?

[Pranav]

What kind of Lahori logic is this?
Ofcourse it is known to insiders - software and hardware is not created using the process of natural selection or Darwinian evolution, it has to be written and designed by humans (aka insiders).

^^^^
Please. That's a strawman argument. It goes along the lines of
(a) I'm a human being
(b) So in effect, the EC has admitted that human beings can hack the EVM

Hello ArmenT, Raja Bose, one appreciates your wittiness. The point is a simple one - the EC's confession that elections can be rigged by anybody who knows the hardware and software configuration. If you have any objections, please feel free to state them.

[ArmenT]

What kind of Lahori logic is this?
Ofcourse it is known to insiders - software and hardware is not created using the process of natural selection or Darwinian evolution, it has to be written and designed by humans (aka insiders).

^^^^
Please. That's a strawman argument. It goes along the lines of
(a) I'm a human being
(b) So in effect, the EC has admitted that human beings can hack the EVM

Hello ArmenT, Raja Bose, one appreciates your wittiness. The point is a simple one - the EC's confession that elections can be rigged by anybody who knows the hardware and software configuration. If you have any objections, please feel free to state them.

No one has "confessed" anything and I wasn't making a witticism. I was merely pointing out that your argument is flawed and you are now stating your own assumptions as actual facts. By the way, "may" is not the same as "will", so there is a huge difference between "may be compromised" and "will be compromised". Both you and Mr. Rao are making the same assumption there. Personally, I would prefer if they let some qualified person or persons actually try to compromise an EVM (by reverse engineering if needed) after signing the requisite NDAs.

Incidentally, as a person who's publicly published some exploits on bugtraq, I belong to the full disclosure party. Security is a process, not just a program. It is possible for the most secure program in the world to be exploited by a hole in the process, and for a program that is full of holes not to be exploited because of the processes around the program. Not sure why the EC won't publish the specs, but that is by no means an admission that the EVM has been hacked.

[vera_k]

What if the BEL engineer who finds out believes it is the right thing to do because it agrees with his political disposition. Or if the engineer is 'persuaded' to stay quiet. We may find out many years down the line just as with the nuke dud.

How can it 'agree to his political disposition'? Does the software decide 'vote communist'?

The subtext is that the engineer would know who is manipulating and for what purposes.

[Raja Bose]

Incidentally, as a person who's publicly published some exploits on bugtraq, I belong to the full disclosure party. Security is a process, not just a program. It is possible for the most secure program in the world to be exploited by a hole in the process, and for a program that is full of holes not to be exploited because of the processes around the program. Not sure why the EC won't publish the specs, but that is by no means an admission that the EVM has been hacked.

400% agree with this. The age of security thru obscurity has been long over. But requisite protection must be there, otherwise activist type like our Mehta ji might start singing the opposite tune if the specs get published (like Dileep has mentioned umpteen times here).

[Dileep]

This is a follow up since GVLN Rao had agreed to debate his article here. Could you answer my questions please?

[Pranav]

No one has "confessed" anything and I wasn't making a witticism. I was merely pointing out that your argument is flawed and you are now stating your own assumptions as actual facts. By the way, "may" is not the same as "will", so there is a huge difference between "may be compromised" and "will be compromised". Both you and Mr. Rao are making the same assumption there. Personally, I would prefer if they let some qualified person or persons actually try to compromise an EVM (by reverse engineering if needed) after signing the requisite NDAs.

Incidentally, as a person who's publicly published some exploits on bugtraq, I belong to the full disclosure party. Security is a process, not just a program. It is possible for the most secure program in the world to be exploited by a hole in the process, and for a program that is full of holes not to be exploited because of the processes around the program. Not sure why the EC won't publish the specs, but that is by no means an admission that the EVM has been hacked.

You can call it a "confession" or you can call it something else. The fact remains that EC has stated that revealing the "hardware and software configuration" will "compromise the security and sanctity of the entire election system".

But the hardware and software configuration already stands revealed - to the insiders.

As regards my assumptions, I haven't made any that I am aware of.

[Pranav]

Email received from RM ji ....

====

http://www.indianevm.com/international.php

Prof. Alex Halderman
University of Michigan

Hacking Indian EVMs is easy. They can be hacked by just inserting a simple 8 pin chip behind the display section of the control unit, which would go unnoticed. When the results button is pressed on the counting day and the results begin to flash on the display screen of the control unit, the Trojan in the inserted chip may get activated.

EVMs used in the United States and Europe required software attacks as they are sophisticated voting machines and their hardware cannot be replaced cheaply. In contrast, the Indian EVMs can easily be replaced either in part or as wholesale units. In the beginning, U.S. citizens were enamoured of the EVMs' efficiency and modernity. Once they became aware that elections could be 'stolen', they began demanding paper ballots once again.

For vulnerability demonstration of Diebold AccuVote-TS Voting Machine by Alex Halderman and team click here.

====

Prof Alex Halderman says that by manipulating display of EVM, one can rig the results shown by EVM. How can this be done on Indian EVM, and can it be done at all? For this I will need to open the EVM and see the display unit. I havent opened an EVM yet, as EC doesnt give EVMs to anyone. But here is how it can be done by insiders at high levels.

The display generally are one complete units with one female connector consisting or 8-10 holes that plugs into a male connectors with 8-10 pins. The male connectors is typically on the mother board with CPU. Now EVM display has about ten 7-segments LEDs commonly known as "square eights". So there are 70 segments. The displays are dumb, and CPU sends explicit signals showing which of the 70 segments to highlight and which to note. Using these commands India's EVMs displays following lines one after another the time of counting votes

===

nCandidates = 15
Total Votes = 1300
candidate 1 = 330 votes
candidate 2 = 134 votes
...
candidate 15 = 25 votes

================

Now this is how rigging can be done.

1. The display has radio receiving circuit
2. Using this, it receives favorite candidate number
3. The second line shows total number of votes
4. It reduce 20% votes from each candidate and add 20% votes to the favorite candidate

===

Now the rigging is done by insider - the display manufacturer - by keeping a pre-programmed radio-capable intelligent circuit in display instead of keeping usual dumb circuit. So the votes in EVM's memory will be honest. But display will show what EVM's remote owner wants to show.

Now if an experienced hardware designer rips apart display circuit, he will notice the radio receiving circuit as well notice that circuit is not what a dumb display is supposed to have. But NO , not even one, hardware manufacture ever tested his display's internals. In any hardware manufacturing company, chips and displays are treated by God's items, and only rudimentary checks are done. No hardware manufacturer ever tests displays for trojans.

Any feedback?

[Raja Bose]

The fact remains that EC has stated that revealing the "hardware and software configuration" will "compromise the security and sanctity of the entire election system".

EC is coming from a typical babu's perspective where secrecy is everything - I dont think they have discovered the concept and benefits of open source yet.

But the hardware and software configuration already stands revealed - to the insiders.

That will always be the case with every device on this planet including devices which can have a larger impact on life (and death) than EVMs.

[Dileep]

Debating with RM is tough, and doing it by proxy is tougher. I request the admins to let Rahul Mehta back

[ArmenT]

You can call it a "confession" or you can call it something else. The fact remains that EC has stated that revealing the "hardware and software configuration" will "compromise the security and sanctity of the entire election system".

But the hardware and software configuration already stands revealed - to the insiders.

As regards my assumptions, I haven't made any that I am aware of.

Note that the actual quote is:

”…The Commission is concerned that commercial interests could use the route of reverse engineering (a process by which the original software and hardware configuration can be accessed) which MAY compromise the security and sanctity of the entire election system.”

(emphasis added by me). As I mentioned above, there's a huge difference between "may" and "will". You and Mr. Rao have concluded (and I quote from your post above):

So, in effect, the EC has admitted that the election can be rigged by insiders.

Without any actual proof, there's no way to unequivocally say that this is true. The one fact doesn't imply the other.

Debating with RM is tough, and doing it by proxy is tougher. I request the admins to let Rahul Mehta back

Admit it sir, you really want to increase your post count, don't you

[Pranav]

You can call it a "confession" or you can call it something else. The fact remains that EC has stated that revealing the "hardware and software configuration" will "compromise the security and sanctity of the entire election system".

But the hardware and software configuration already stands revealed - to the insiders.

As regards my assumptions, I haven't made any that I am aware of.

Note that the actual quote is:

”…The Commission is concerned that commercial interests could use the route of reverse engineering (a process by which the original software and hardware configuration can be accessed) which MAY compromise the security and sanctity of the entire election system.”

(emphasis added by me). As I mentioned above, there's a huge difference between "may" and "will". You and Mr. Rao have concluded (and I quote from your post above):

So, in effect, the EC has admitted that the election can be rigged by insiders.

Without any actual proof, there's no way to unequivocally say that this is true. The one fact doesn't imply the other.

You missed out the second part: "any demonstration of alleged tamperability cannot include reverse-engineering as it compromises security and sanctity of the entire election system".

Be that as it may, a system that may be compromised by insiders is a system that is not good enough.

[Dileep]

Prof. Alex Halderman
University of Michigan

Hacking Indian EVMs is easy. They can be hacked by just inserting a simple 8 pin chip behind the display section of the control unit, which would go unnoticed. When the results button is pressed on the counting day and the results begin to flash on the display screen of the control unit, the Trojan in the inserted chip may get activated.

I checked him out. His CV is here: http://www.cse.umich.edu/~jhalderm/home ... man-cv.pdf

Education
Princeton University, Princeton, NJ
– Ph.D. in Computer Science, June 2009
Thesis: Investigating Security Failures and their Causes:
An Analytic Approach to Computer Security
Adviser: Ed Felten
– M.A. in Computer Science, June 2005
– A.B. in Computer Science, summa cum laude, June 2003
Thesis: Digital Privacy-Rights Management for Ubiquitous Recording
Advisers: Andrew Appel, Ed Felten, and Tom Funkhouser

Evidently having an upper hand on these matters I see, especially since his skin have lower amount of melanocytes.

I challenge the good professor, or anyone else, to demonstrate insert an 8 pin chip on the display module and show that they can modify the result. It is IMPOSSIBLE.

The display module is a piece of dumb circuitry, with 7 segment LED displays. Each display have 8 signal lines. To the minimum, you need to read the inputs coming from the control board, and then choose to drive the display as intended by the control board, or drive your own version. You can't do it with 6 data lines of one chip, whatever type of multiplexing you do.

Secondly, how will the chip know when to do the trick? When it is a mock poll and when it is a real counting? A radio receiver as RM mentioned? That makes things even more complex.

Once again, this is the same as "hardware replacement" theory, which is already refuted.

[Dileep]

Question to VHKPrasad. What is the means of connectivity to the display section? As I see the ECIL photos, the display have 2+4 7 segment displays. How are they driven? Is there a multiplexer on the display sub module? Or are there 6 X 8 lines? How are they connected? Ribbon cable? I see what looks like ribbon cable connectors, 16 position, 6 locations.

Thanks in advance.

[Raja Bose]

Be that as it may, a system that may be compromised by insiders is a system that is not good enough.

That includes all systems including the aircraft you fly in and the life-support machine we will all be eventually hooked up to.

[Raja Bose]

But NO , not even one, hardware manufacture ever tested his display's internals. In any hardware manufacturing company, chips and displays are treated by God's items, and only rudimentary checks are done. No hardware manufacturer ever tests displays for trojans.

Are these your statements or part of RM's email that you are quoting - they look like the latter.

I guess whoever made that statement has as much idea about how hardware production works, as I have about the wonders of djinn fizzyics.

[Pranav]

Be that as it may, a system that may be compromised by insiders is a system that is not good enough.

That includes all systems including the aircraft you fly in and the life-support machine we will all be eventually hooked up to.

If messing with your life support machine would help its manufacturer acquire a colony, then you should be concerned.

[Pranav]

But NO , not even one, hardware manufacture ever tested his display's internals. In any hardware manufacturing company, chips and displays are treated by God's items, and only rudimentary checks are done. No hardware manufacturer ever tests displays for trojans.

Are these your statements or part of RM's email that you are quoting - they look like the latter.

I guess whoever made that statement has as much idea about how hardware production works, as I have about the wonders of djinn fizzyics.

Everything in that post is from RM.

[ArmenT]

Evidently having an upper hand on these matters I see, especially since his skin have lower amount of melanocytes.

I challenge the good professor, or anyone else, to demonstrate insert an 8 pin chip on the display module and show that they can modify the result. It is IMPOSSIBLE.

Why not send the good professor a separate email and ask him if he actually made those quotes on that page .

[Dileep]

Evidently having an upper hand on these matters I see, especially since his skin have lower amount of melanocytes.

I challenge the good professor, or anyone else, to demonstrate insert an 8 pin chip on the display module and show that they can modify the result. It is IMPOSSIBLE.

Why not send the good professor a separate email and ask him if he actually made those quotes on that page .

Well, without a PeechyDee, or even a MasterDebaters degree, I have no upper hand, and am too intimidated to confront one. And of course professors and cops are two of the species I am scared $hit of. I guess the Hakims on board, like yourself or RB, do the honours.

I suspect he actually might have made the observation. That is a hunch

[Raja Bose]

If messing with your life support machine would help its manufacturer acquire a colony, then you should be concerned.

I guess then we should be coz the stakes in their game are much higher than any colony!

[Raja Bose]

Everything in that post is from RM.

Yeah I guessed so coz I recognized this phrase "chips and displays are treated by God's items" from his previous posts - sometimes I wonder if RM is describing a hardware manufacturer or a puja-paath organization

[Raja Bose]

Well, without a PeechyDee, or even a MasterDebaters degree, I have no upper hand, and am too intimidated to confront one. And of course professors and cops are two of the species I am scared $hit of. I guess the Hakims on board, like yourself or RB, do the honours.

I suspect he actually might have made the observation. That is a hunch

Isn't this the good professor whose hack for the Diebald machine involved inserting an SD card or something with a trojan. He was the one I was referring to when I said that many have proven the technical aspect of hacking, none have shown that you can do it on a large enough scale without detection.

Unfortunately for most hactivists (and this is not limited to EVM debate), in order to support their views they become so polarized in their stance over time (all Markov chain onlee ) that they forget that the main goal is to make the systems secure by identifying holes in tech/process and resolving them. Instead what it usually degenerates into, is a futile effort of trying to prove one's stance 400% universally correct and trashing everything else. That is the problem I see in this EVM debate also where instead of resolving holes in EVM process/tech, it is becoming more about advocating kneejerk my-way-or-the-highway solutions. And in the middle the EC is just compounding the problem by acting like the baboo(n)s that they are.

[GVLNRAO]

From the article by GVLN Rao on his website, which he agreed to debate here. My comments in this colour

1. The Whole World has Discarded Similar EVMs
2. Use of EVMs is Unconstitutional and Illegal Too!
3. EVM Software Isn’t Safe
4. …..Nor is The Hardware
5. EVMs are Sitting Ducks
6. “Insider” Fraud a Concern
7. Storage and Counting are Concerns
8. Vote of No Confidence
9. EC is Clueless on Technology
10. Trust Deficit

My comments to your observations are in red font.

1. The Whole World has Discarded Similar EVMs
<snip>
{1/4 of the whole world don't have a fair vote. Does that mean we shouldn't as well? Also, there is no other country that have the enormity of our election process. This argument is just rhetoric.}

Let me ask you a counter question. Which 1/4th of the World are you referreing to? Is it your case that elections in the US, Germany and the Netherlands---countries that have either banned or imposed restrictions on direct-recording EVMs---don't have a fair vote? You always want to compare with electoral systems that are more robust, fair and where the civil society. Enormity of our electoral process is unparelled. Does that mean we should give up on transparency of electoral process and the verifiability of elections which are hallmarks of a democracy? While my argument ios rhetorical, yours are typical arguments of ECI babus (bureaucrats) who hate transparency in any process, let alone elections.
2. Use of EVMs is Unconstitutional and Illegal Too!

<snip>
{So is homosexuality and oral sex. It doesn't mean anything.}

I can't possibly see any remote connect between homosexuality, oral sex and elections. (By the way, Oral sex was never illegal!! Now, homosexuality is also legal.) Further, unlike sex, elections are not a private matter.

3. EVM Software Isn’t Safe

The electronic voting machines are safe and secure only if the source code used in the EVMs is genuine. {That is totally wrong. It is an incorrect stance from the EC, which they shouldn't have. But it is an easier way of explaining to people without technical background} Shockingly, the EVM manufacturers, the BEL and ECIL, have shared the ‘top secret’ EVM software program with two foreign companies, Microchip (USA) and Renesas (Japan) to copy it onto microcontrollers used in EVMs. This process could have been done securely in-house by the Indian manufacturers.

Most of these technical aspects have been dealt with in the book on EVMs. Due to paucity of space and for reasons of brevity, I have not dealt with them in detail.

{First of all, it is not the 'source code' that is given to the manufacturer. It is the executable code. Of course you can de-assemble the code and figure how the thing works. If the programming is OTP, then it could have been done in house. Mask programming can not be done in house. That must be done by the chip supplier. In any case, it is OK to get the chips programmed by the supplier, provided the code in the delivered chips are verified on a sample basis.}

Worse, when the foreign companies deliver microcontrollers fused with software code to the EVM manufacturers, the EVM manufacturers cannot “read back” their contents as they are either OTP-ROM or masked chips. {It is not because they are OTP or Masked. It is because they employ a security feature to do so. Those chips which employ this system will have a method of verifying the code by means of a hash or checksum. I am not sure if this is employed in the EVMs made by BEL/ECIL}

Amusingly, the software given to foreign companies is not even made available with the Election Commission, ostensibly for security reasons. With such
ridiculous decisions, the Election Commission and the public sector manufacturers have rendered security of the EVMs a mockery. Adopting an open standards policy by making the software public and allowing parties to test the software installed in the EVMs would have offered better protection.

{I support publishing of the architecture of the machine, but not publishing the source code. That is because of the 'paranoia factor by the uninformed'. The source may be give for audit by qualified people under NDA}

I have followed on this Forum that you are a supporter of open source and verification/ audit. I hope voices like yours would be heard in the ECI. It does not see any need to verify anything. It just wants us to trust the ECI and the PSU manufacturers of EVMs.


4. …..Nor is The Hardware

The danger for EVM manipulations is not just from its software. Even the hardware isn’t safe. Dr. Alex Halderman, professor of computer science in the University of Michigan says, “EVMs used in the West require software attacks as they are sophisticated voting machines and their hardware cannot be replaced cheaply. In contrast, the Indian EVMs can easily be replaced either in part or as wholesale units.”

{Here is where the system of handling comes into picture. It is not an easy task to get exact replicas of the machines made, and inserted into the system, WITHOUT ANY LEAKS. We have dissected this approach on this thread a lot, and found that it is impossible to pull off}

All forms of fraud are difficult to pull off. By no means is it easy. But by no means it is impossible. Did you know about the STAMPS SCAM worth Rs. 60,000 Crore!! Did you believe that cricket icons were involved in Cricket betting until it was exposed? Did you anything was fishy about IPL? Have all the scams happened in India without the collusion of officials? Remember Murphy's Law, If anything can go wrong, it will. More so in india. Leaks happen when some insiders involved speaks out. One can wait until proof of election fraud surfaces, while we are trying to alert everyone about such possibility.

One crucial part that can be faked is microcontrollers used in the EVMs in which the software is copied. EVM manufacturers have greatly facilitated fraud by using generic microcontrollers rather than more secure ASIC or FPGA microcontrollers.

{I support COTS processors, because you can mitigate any argument of a 'hidden trojan' which is difficult to disprove in a custom chip. In a COTS chip, all you need to secure is the code, which is easier.}

Not just only microcontrollers, mother boards (cards which contain microcontrollers) and entire EVMs can be replaced. Neither the Election Commission nor the manufacturers have undertaken any hardware or software audit till date. As a result, such manipulation attempts would go undetected.

{All these arguments fall into one class. Replacing the hardware. It is impossible to pull off through the system}

As I stated above, all forms of fraud appear IMPOSSIBLE until they happen. One again, Murphy's Law comes into play here.

To detect such fraud, the upgraded EVMs have a provision to interface with an Authentication Unit that would allow the manufacturers to verify whether the EVM being used in the election is the same that they have supplied to the Election Commission. The EVM manufacturers developed an “Authentication Unit” engaging the services of SecureSpin, a Bangalore based software services firm. The Unit was developed and tested in 2006 but when the project was ready for implementation, the project was mysteriously shelved at the instance of the Election Commission. Several questions posed to the Election Commission for taking this decision went unanswered.

{Then the question will come, "who authenticates the authenticating machine?" Also, if you assume that the hardware/software could be replaced, then the perpertrators could very well make it to authenticate itself. So, this proposal is useless}

We are talking about a mechanism where every political representative/ candidate will have the freedom to verify the hardware and software at any stage in the election process. This will certainly improve the security but I agree cannot be trusted completely. Authentication Unit was ECI expert committee's and EVM manufacturers' idea--which they themselves shot down. I personally won't be satisfied with anything other than physical proof of voting.

5. EVMs are Sitting Ducks

The Indian EVMs can be hacked both before and after elections to alter election results. Apart from manipulating the EVM software and replacing many hardware parts discussed above, discussions with knowledgeable sources revealed that Indian EVMs can be hacked in many ways. I mention just two of them below.
{Of course they can be hacked. The question is, can it be done in the scale needed, without any leaks? The answer is NO}

I have answered this above. Intelligent manipulations, done on a small scale, can alter election results completely. I have discussed in my box on how it can be done.

Each EVM contains two EEPROMs inside the Control Unit in which the voting data is stored. They are completely unsecured and the data inside EEPROMs can be manipulated from an external source. It is very easy to read (data from) the EEPROMs and manipulate them.

{When, and How? To manipulate the EEPROM, you have to open the unit, make electrical connections to the chip and do some activity. This should be done AFTER the close of the poll, and BEFORE counting. Can you do this given the security detail in place? If you can, then manipulating the ballot boxes is EASIER and CHEAPER.}

Admittedly this form of fraud would require access to the EVMs after polling, which appears quite difficult. If you can gain aceess, this can be done pretty quick. Replacement of ballot boxes is also possible but is far more difficult being a manual process, involves many more people, more visible and can be CAUGHT and FRAUD ESTABLISHED through a verification mechanism (as all individual ballots are signed by the presiding officer and the voter as well). In the EVMs, if access is available, just one or two techies can do the job in constituency. The EVM seal can be broken and the EVM resealed with not much fear of detection as polling agents who sign the seals never get to see the EVMs again and the counting agents are a different set of people. Large time gap between polling and counting (upto a month in the earlier phases in 2009 Lok Sabha polls) makes it easier.

The second and the most deadly way to hack Indian EVMs is by inserting a chip with Trojan inside the display section of the Control unit. This requires access to the EVM for just two minutes and these replacement units can be made for a few hundred rupees. Bypassing completely all inbuilt securities, this chip would manipulate the results and give out “fixed” results on the EVM screen. The Election Commission is completely oblivious to such possibilities. A demonstration of these vulnerabilities is on the cards.

{The "display section" is a simple panel of LED displays. A 'chip' can dop nothing there. You have to make a board module to the exact size of the original display module and replace it. Now, you come back to the "hardware replacement" argument, which is already addressed.}

This replacement would take no more than two minutes. A large number fo people have access to the EVMs at different stages. If you argue that the EVMs are so secure that nobody can gain access at any stage in their life cycle when they are lying in the district and taluka godowns for years, hats off to your faith. We are seeing things from different perspectives: you have total 'faith' in the system like the Election Commissioners and their learned experts and I have no FAITH at all in them and I want total transparency and proof of honesty!! So these arguments can't find a common ground.

6. “Insider” Fraud a Concern

Personal accounts from some well placed political sources and experts say that there are some “insiders” demanding vast sums (Rs. 5 Crore for each assembly constituency) to fix election results. Who are these insiders? Unlike in the traditional ballot system where only the election officials were the “insiders”, electronic voting machine regime has spawned a long chain of insiders, all of whom are outside the ambit and control of the Election Commission of India. There is every possibility that some of these “insiders” are involved in murky activities in fixing elections. The whole world—except us in India--is alive to the dangers of insider fraud in elections. The “insiders” include the public sector manufacturers of India’s electronic voting machines namely, the Bharat Electronics Limited (BEL) and Electronics Corporation of India (ECIL), the foreign companies supplying microcontrollers, private players (some of which are allegedly owned by some political leaders) for carrying out checking and maintenance of electronic voting machines during
elections.

{Here you glaze over one factor. BEL/ECIL have no control on which machine goes to which constituency. Any tampering done before the finalization of candidates will not work, because the position of the candidate is not known. So, what exactly can they do?}

The position of candidates is not known before the contesting candidates are finalised. If the EVM has dishonest display board (hardware tampering) or if the EVM software has backdoors, activation of the Trojan has to be (and can) be done after keys are assigned to the candidates. This is not a security feature of the Indian EVMs. This is what the RP Act has prescribed. This can be overcome in many ways. You will have to wait for a few days until we make our findings public.

7. Storage and Counting are Concerns

The EVMs are stored at the district headquarters or in a decentralized manner in different locations. Election Commission’s concern for EVM safety becomes apparent only during elections, where as security experts say that voting machines must remain in a secure environment throughout their life cycle. There could be many malpractices associated with electronic counting. “Everybody watches polling closely. Nobody watches counting as closely),” says Bev Harris, an American activist.
{There could be malpractices with electronic counting, but the possibility of malpractice is several times higher in a ballot}

You know that "the possibility of malpractice is several times higher in a ballot" because an ordinary person can see and understand such fraud. In the EVMs, an ordinary voter cannot figure out easily even if the EVMs are manipulated. Most people prefer EVMs because they are clean (though they may be less secure) and detest ballots because they are messy and ugly. Tell me what is better: transparent elections with ballots (which are often visbly messy) or clean and vulnerable EVMs which have the potential to be manipulated. The world's mature democracies in the West have taken the route of ballots and shunned EVMs. India has to make its choice.

Our Election Commission takes three months to conduct parliamentary elections but wants counting to be over in just three hours! In the rush to declare results and the winners, several serious lapses go unnoticed in the counting process. As a result, parties cannot give it the kind of attention that this activity deserves. Massive discrepancies between votes polled and counted in a large number of polling stations across the country raise serious concerns in this regard.

{It is my opinion that announcement of results must be as fast as possible. I don't see any advantage in doing otherwise, except to faxcilitate more corruption}

8. Vote of No Confidence

The political class cutting across all sides of the divide has just one verdict: “we don’t trust the EVMs”. This vote of “no confidence” stems from the personal experiences of parties and leaders as well as the nature of results thrown up by the EVMs. Parties are looking at EVMs with great suspicion and dread the prospect of EVMs “defeating” them. This mistrust in EVMs is not confined to any single party and is all pervasive.

Almost all mainstream political parties, including the BJP, Congress, left parties, regional parties like the Telugu Desam party (TDP), AIADMK, Samajwadi party, Rastriya Lok Dal (RLD), Janata Dal (United) etc. have all expressed reservation about EVMs in the aftermath of 2009 Lok Sabha polls. Even the Congress party that decisively won the 2009 general elections alleged that the EVMs have been manipulated in Orissa.

Today, it is difficult to find parties that vouch for the continued use of EVMs in Indian elections. On the contrary, there is a flood of opposition to the EVMs from the political class.

{Of course! The political parties lost the feeling of "in control" with the EVMs. thjey could capture the boot and do whatnot with the ballots, but that is no longer possible. No wonder they object.}

A more important reason than that is that they fear that the EVMs are manipulated by their rivals. It is this distrust that has propelled all parties across the spectrum to oppose the EVMs. In a democarcy, it is important for the losers to believe that they have indeed lost the election. Growing distrust in the EVMs is making parties to increasingly doubt the accuracy of election verdicts. This is bad for a democracy.

9. EC is Clueless on Technology

The Election Commission has adopted the EVM technology about which it has practically no knowledge. As a result, it has little control over many aspects of the election process.

{Well, most of the government activity, be it economic, commercial, or defense, is done by babus who have no domain knowledge. For example, does the defense minister, ministry officials, and most of the air force brass understand how a radar or missile work? Does that hamper anything.}

None of the election commissioners, neither the present commissioners nor their predecessors, have proper understanding of the EVM technology. The only source of technical understanding for the Election Commission is a Committee of experts led by its chairman, Prof. P.V. Indiresan. Even the Expert Committee seems very weak in its capacities and understanding. Alex Halderman, professor of computer science at the University of Michigan and an expert on the security of voting systems who was present in New Delhi for the launch of the book, Democracy at Risk, Can We Trust our EVMS? commented, “When I read the 2006 technical report prepared by the Expert Committee of the Election Commission. I scribbled on it that there was a
cause for alarm and quickly decided to agree to come here.” That speaks volumes for the quality and rigor of security testing done on the Indian EVMs.

{And you make all these points. Do you know the technology inside out? I guess not. You can not demand that everyone who deals with the devices must be an expert. and about the report, I don't know neither Prof Halderman or Prof Indiresan, so can't comment on that. But I know a lot of activist type academics who will cheat their own intellect in support of their ideology}

I have begun to study the EVM system only in the past few months. I have no technology background, whatsoever. But I dare say, without a dash of modesty, that we know more about the vulnerabilities and security lapses of the EVM tachnology than the ECI and its expert committee which has free access to the real EVMs. When so many questions have been raised about the EVM technology, I expect the babus defending the EVMs ought to engage with us in a technical debate, come out with facts, accept security lapses and promise to make improvements. The least we expect them is to resort to blatant lies and mislead people. I expect the highest level of expertise, competence, supervision and integrity from the ECI. After all, at stake is not just your stupid EVM, but the integrity of the entire election process.

10. Trust Deficit

Election Commission’s conduct in the wake of the serious reservations expressed by people has been unbecoming of a constitutional body. It has uttered many lies – our EVMs are “tamper proof”, they are “different” etc. etc. It has refused to provide any clarifications sought to the petitioners in the Supreme Court, despite a reference from the Supreme Court of India. It has taken several questionable decisions for which it has refused to offer any explanations. For instance, it does not explain why old EVMs were used in Lok Sabha elections despite the recommendations of its own Expert Committee. It does not explain why as many as 4.48 Lakh new EVMs (which are more secure as per the Expert Committee) were not used in any Congress party or UPA ruled
states? Why and where it had allowed use of state government owned EVMs? The non-transparent conduct of Election Commission in the use of EVMs and the farce of an “enquiry” it has conducted following serious reservations on EVMs does not inspire confidence in its unbiased functioning.

{I agree that the EC handled it in the way of burocrats, not technocrats. But how else they would do? They ARE burocrats!}

Now, everything boils down to two arguments:

1. The software can be modified or replaced.
2. The hardware can be replaced or modified.

Neither can be done in a scale needed, without getting caught. Plain and simple. But the real killer is elsewhere.

Even if these were pulled off, there is the triffle problem of manipulating the tampered EVM units to the appropriate constituency, and making sure that the candidates appear in the specific order on the ballot paper. OR, alternatively, execute an "Activation" where you configure/program the EVM with the right candidate you want to be favoured. that too, without being found. We have spent pages and pages of discussion on those points.

Do you have anything to offer in that area, GVLN?

Thank you very much for reading my article and making many interesting observations. I have tried to respond to most of your observations. For more , you have just to be patient. These will be revealed shortly.

May I request you and all others on this forum to do two things: 1) Please write to me your specific Questions on why EVM tampering is difficult or impossible. We will try to answer all such questions in the FAQ section of our website (indianevm.com). 2) Can you all please write to the ECI about your suggestions to them to make the electoral system more secure? If you all agree, please sign the resolution on our website.

Actions like these will help our voice heard outside this forum, lest this excercise remains limited in its impact.

[ArmenT]

Well, without a PeechyDee, or even a MasterDebaters degree, I have no upper hand, and am too intimidated to confront one. And of course professors and cops are two of the species I am scared $hit of. I guess the Hakims on board, like yourself or RB, do the honours.

I suspect he actually might have made the observation. That is a hunch

Isn't this the good professor whose hack for the Diebald machine involved inserting an SD card or something with a trojan. He was the one I was referring to when I said that many have proven the technical aspect of hacking, none have shown that you can do it on a large enough scale without detection.

Now this is beginning to sound familiar -- I remember reading his report. There were a couple of design flaws and a couple of huge process flaws in the way that the machines were used.

1. The Diebold machines had a separate JTAG connector built into the board, so one could use that to install their own OS. No one would even have to do their own soldering!

2. Worse, there was no provision to detect if the case had been tampered with, since all that held it together were four philips head screws. There isn't any special tape that indicates that the case has been opened, like the EVM has.

3. Worst of all (and this is the severe process flaw) these machines were allowed to be taken home by poll workers, a few days before the election.

4. No one was willing to open the case and find out if the code or hardware had been tampered with because this would invalidate the manufacturer warranty,

[Dileep]

Thanks GVLN for the responses.

Here are my questions, based on your responses.

1. You claim that the signature of the presiding officer and voter on the ballot could be verified, but think that the signatures on the seals can't be. Why?

2. Can you demonstrate the replacement of the display module under 2 minutes? Te process will involve the following steps:

- Open the seals of the control unit carrying case
- Take the control unit out
- Break open the seals and labels.
- Removes the screws of the box and dismantle it
- Disconnect the display module
- Remove the display module
- Mount the 'modified' display module.
- Re-Connect the cables
- Re-Assemble the box
- Carefully re-apply the seals and stickers
- Re-package the control unit in the carrying case.

Think before you shoot numbers. You CAN'T do it in 2 minutes. Can you? Same goes for re-programming the EEPROM, and every other scenario involving tampering AFTER POLL.

3. Can you do it the above defeating the added security of the warehouse where the polled units are kept?

4. Can you demonstrate a modified display module using a 8 pin IC? It is impossible to do so.

5. For EVERYONE of your theories of 'tampering at the factory' scenarios: Please explain how:

a) The tampered machines will be channeled to the correct constituency. How many people from how many organizations need to be involved?
b) The information on which candidate to favour is fed to the unit before poll
c) How it defeats the mock poll?

Thanks.

[geeth]

IIRC, there is a time lag of between one-two weeks between demonstration/fixing of buttons (i.e., which button will have respective symbols of contestants) and the actual poll. Can this time be used to change the sequence? For eg, when you press for Kangress, it actually goes to BJP or vice versa?

[Pranav]

If messing with your life support machine would help its manufacturer acquire a colony, then you should be concerned.

I guess then we should be coz the stakes in their game are much higher than any colony!

By colony I meant as in colonization ... as long as we use EVMs, the independence of the country becomes a matter of debate.

For example, just see how MMS makes a craven fool of himself, chanting slogans that the global warming fraud is real. Even viceroys in colonial times conducted themselves with greater dignity.

But lust for power and pelf, and fear of blackmail, can reduce a human being to a gibbering idiot.

[vera_k]

For EVERYONE of your theories of 'tampering at the factory' scenarios: Please explain how:

a) The tampered machines will be channeled to the correct constituency. How many people from how many organizations need to be involved?
b) The information on which candidate to favour is fed to the unit before poll
c) How it defeats the mock poll?

The attack is not based on sending machines to constituencies, rather a tampered machine has to be sent to a polling booth that is known to be the stronghold of the candidate who is to be defeated. The tampered machines will be sent to such a polling booth by the person(s) assigning machines to booths. The only information that is needed for this is something that marks the machine out to be a tampered one. It can be a different model number or an obscure notch somewhere on the body.

As I have explained earlier, b) is not needed for this attack. c) is defeated by having the tampered program start after a certain number of votes have been entered. Alternatively, it can also be based on a timed mechanism.

[Raja Bose]

By colony I meant as in colonization ... as long as we use EVMs, the independence of the country becomes a matter of debate.

It actually has nothing to do with EVM - subversion can occur regardless of whether you have paper ballot or not. We have had paper ballots for the past half century, has that prevented the subversion in anyway? Not really. Let us not blame a dumb machine (whether paper-based or silicon-based) for the spineless behavior and submissiveness of our leaders.

The issue at debate in the limited context of voting should be how to secure EVM-based voting because it has some real benefits compared to paper ballots. Every system is insecure - since the birth of civilization. One must not throw the baby out with the bath water!

[Pranav]

The issue at debate in the limited context of voting should be how to secure EVM-based voting because it has some real benefits compared to paper ballots. Every system is insecure - since the birth of civilization. One must not throw the baby out with the bath water!

Yes, that was somewhat off-topic. But nobody has countered the fact that getting a Trojan onto the EVM is a matter of managing just the 4 or 5 people who are responsible for writing and compiling the source code.

[ArmenT]

Yes, that was somewhat off-topic. But nobody has countered the fact that getting a Trojan onto the EVM is a matter of managing just the 4 or 5 people who are responsible for writing and compiling the source code.

Actually, the matter is the other way around. Those "facts" have been countered multiple times in the last 40 pages or so. It is not simply a matter of managing 4 to 5 people as you so confidently state. People have been asking Rahul Mehta to explain the process by which he could do this, assuming that he has complete control of (as he says) the 4 to 5 people writing the source code alone and no one else. So far he's failed to come up with one.

You can read the previous pages and see for yourself exactly what's wrong with your statement above. No point rehashing the same old conspiracy theory.

[Pranav]

Yes, that was somewhat off-topic. But nobody has countered the fact that getting a Trojan onto the EVM is a matter of managing just the 4 or 5 people who are responsible for writing and compiling the source code.

Actually, the matter is the other way around. Those "facts" have been countered multiple times in the last 40 pages or so. It is not simply a matter of managing 4 to 5 people as you so confidently state. People have been asking Rahul Mehta to explain the process by which he could do this, assuming that he has complete control of (as he says) the 4 to 5 people writing the source code alone and no one else. So far he's failed to come up with one.

You can read the previous pages and see for yourself exactly what's wrong with your statement above. No point rehashing the same old conspiracy theory.

No, nobody has countered the fact that getting a Trojan on the chip is indeed a matter of managing 4-5 employees of a Govt-controlled PSU.