Election Commission flunks on EVMs
October 29, 2010
A version of the following was published in the DNA on sep 7th:
Are Electronic Voting Machines reliable?
Rajeev Srinivasan wonders whether EVMs as they are today are a fundamental threat to India’s democracy
I am doubtful about electronic voting machines based on a healthy engineering skepticism. The touching faith we repose in computers is misplaced, because they are vulnerable to errors and tampering. It is a good idea to have a low-tech backup mechanisms for embedded systems, which run devices such as refrigerators, microwaves, ATMs, etc. For instance, braking problems that led to Toyota’s massive recalls are almost certainly due to software-based systems. This is the reason why critical systems like nuclear power plants often have electro-mechanical controls, not computer controls.
As embedded systems, Electronic Voting Machines are inherently risky. Admittedly, they have advantages: for one, it is not possible to do physical ‘booth-capturing’. Besides, votes are converted into digital impulses so that counting can be lightning-fast; and statistical data collection, analysis, etc. are much easier.
Unfortunately, that strength is also, ironically, the Achilles heel of EVMs. Since there is no physical audit trail of the vote, once you have cast your vote, you cannot verify that it is honored. It is a relatively minor task for a software-savvy criminal to fix an election. A paper trail – much like an ATM – is sorely needed to prevent this and provide validation.
There are two major aspects to making such systems more secure – human factors and processes. We have evolved fail-safe mechanisms that require co-operation of several individuals believed to be highly reliable. These people are vetted via security clearances. And processes need to be put in place that can prevent intentional or accidental errors.
The technical systems, human factors, and process issues need to work in perfect synchronicity for a complex system to work correctly. However, in several cases around the world, EVMs have been found wanting, and this has led to bans in, among others the US, Germany, and the Netherlands. The Germans found that EVMs violated their constitution, because the system is obliged to prove to the voter that his vote is registered as per his intent, and EVMs cannot guarantee that.
It is in this context that we need to see the recent arrest of an Indian EVM researcher, Hari Prasad. The Election Commission of India (ECI) has claimed that their EVMs are “foolproof”, “perfect” etc. But Hari and fellow-researchers put together a proof-of-concept and demonstrated a hack on some other hardware. The EC pointed out, fairly, that this was not on one of the Indian EVMs. But when the researchers requested that the EC provide them with an actual EVM, it appears the EC refused access.
The EC has also emphasized how secure their processes are, how the machines are sealed in high-security currency-quality paper with wax and secured in warehouses in the custody of reliable officials. Alas, a system based on string and sealing wax sounds positively primitive.
Sure enough, the researchers acquired an EVM from one of the EC’s warehouses, and demonstrated several ways of tampering with it, including the use of radio-aware chips that would enable a Bluetooth-based cellphone outside a booth to manipulate the machines. The vaunted process of the EC was, however, not even aware of the missing machine for several months!
Computer security experts are not convinced, either. I listened carefully to the podcast of a session at the recent USENIX conference recently wherein this was debated, with representatives from both sides making their case. I was disappointed to heat that the foolproof measures that the EC is so proud of boil down ‘security by obscurity’ – that is, a complex process that is expected to be hard to break into – and faith in a small number of software people at firms the EC did not identify.
Instead of lauding Hari Prasad as a well-intentioned white-hat researcher whose suggestions for improvement should have been welcomed, the EC sought to demonize him and terrorize him. This is counter-productive.
Thus, on several counts, including constitutionality, the reaction to whistleblowers, and the implications for Indian democracy, this is a fascinating case, and the EC did not cover itself with glory.
Distressingly, another other pillar of society did not distinguish itself. It is the media. So far as I can tell, the entire English-language media chose to bury this story, although a few stray op-eds have been written. This is a dereliction of the media’s duty as the watchdog of society. If an election is fixed, it is a bloodless constitutional coup. The fact that the media is not asking awkward questions and forcing the government to respond raises questions about its integrity and ethics.
Thus, two of the independent institutions in India that should impose checks and balances on the executive branch have abdicated their responsibility. This is a cause for extreme concern; this is a sign of a State whose machinery is breaking down. And that is the crux of the matter in l’affaire EVM.
825 words, 3 Sept 2010