Loopholes in EVM security and ECI regulatory actions
A 1979 EVM prototype was adopted in the Indian election system in 1999. Since then, EVMs have gone through various technological changes and soon we will be using the 4th generation EVMs. These are classified in following categories based on their evolution.
M1: pre 2006 EVMs
M2: 2006 - 2010 EVMs
M3: EVMs produced since 2013
Evolution and Security Features: Every 4 - 8 years, there is a new generation of EVMs. Along with developing EVMs, new security technologies e.g. GPS, CCTV cameras have also been adopted for secure and transparent elections in India. Can we still believe that EVMs are more economic than paper ballots? Ballot paper booth capturing is now replaced by EVM manipulations. From time to time, incidents related to EVM manipulations have been reported. A booth capturing which required a lot more manpower and planning/strategy is reduced to certain EVM experts possibly doing their job prior or post elections. As a consequence, application of CCTV and GPS technology is almost useless as EVMs can be manipulated even while they are secured in a strong room. A vote on EVM can be digitally manipulated while it is sealed and total number of casted votes remain the same. Is it possible with paper ballots while CCTV and GPS are in use? Maybe, but it will require a lot more planning and manpower.
Hackathon: In a latest hearing on Oct 8, 2013, ECI was asked to introduce the Voter Verifiable Paper Audit Trail (VVPAT) in a phased manner by the Hon’ble Supreme Court of India. EVMs have been used in the past by some developed countries but due to hacking threats demonstrated by many hackers, most of the countries pulled back EVMs from their election procedure. EVMs are still used in the USA but only 5 states are using EVMs without VVPAT, rest of them use EVMs with verified paper trail. It is the one year anniversary of ECI organized EVM hackathon in May 2017. The hackathon ended as a puppet show with the boundary conditions posed by ECI. Since then the resistance against EVMs have slowed down as nothing much happened and ECI is slowly moving towards the introduction of VVPAT. Counting and matching VVPAT votes is still a challenge.
Safety and Security Guidelines: Leaving all the hackathon and hacking threats behind, ECI mentioned strict guidelines for safety and security of EVMs in their report. If we look at the guidelines, it is impossible for any unauthorized user to access any EVM. However in the past people were found taking selfies with EVMs prior to elections. Recently during the 2018 Karnataka assembly elections, 8 VVPAT machines were found inside a shed by daily laborers. So, what happened to the safety and security guidelines? Were the guidelines followed? If not, will the guilty be arrested?
Remember Hari K Prasad? He was the first person to publish a technical paper about the procedure of hacking EVMs. I don't know how he got access to EVM used in the technical paper, but later when ECI came to know about this paper, author Hari K Prasad was jailed for EVM theft. How was it possible to steal an EVM from the most secure strong room of ECI? I could not come across any other person who was arrested for not following safety guidelines.
Kannada TV news channel NEWS9 and ANI reported about the 8 VVPATs which were found after the Karnataka assembly elections.
EVM Security Conclusions: The Status Paper on Electronic Voting Machine released by ECI in Apr 2017 in embedded in this blog. Let's just focus on the safety and security guidelines. You may find this blog lengthy and boring if I list all the safety and security protocols mentioned in the status paper. You can read the guidelines by skipping to page 13 of the embedded document. 15 page long guidelines were useless after 8 VVPATs were found abandoned by daily laborers. Have a look at the safety and security summary released by ECI (Embedded document is available below the image).
Status Paper on Electronic Voting Machine (EVM) released by ECI on Apr 11, 2017.
If ECI does not come up with an explanation about loopholes reported from time to time and gains voter confidence about safety and security of EVMs, fight against EVMs will continue. We can not rely on the baseless assumption that EVMs are secure and can't be hacked while contradictory incidents are pouring in every election.
After Karnataka assembly elections, former IAS officer Raghunandan TR pointed out 6 deficiencies in Indian election system. These deficiencies are somehow related to loopholes in EVM security measures. It is worth to read and learn more about these deficiencies.
Read other blogs on EVMs
Developments since May 2017 on India-made EVMs
Status report on EVM and its reality check
M1: pre 2006 EVMs
M2: 2006 - 2010 EVMs
M3: EVMs produced since 2013
Evolution and Security Features: Every 4 - 8 years, there is a new generation of EVMs. Along with developing EVMs, new security technologies e.g. GPS, CCTV cameras have also been adopted for secure and transparent elections in India. Can we still believe that EVMs are more economic than paper ballots? Ballot paper booth capturing is now replaced by EVM manipulations. From time to time, incidents related to EVM manipulations have been reported. A booth capturing which required a lot more manpower and planning/strategy is reduced to certain EVM experts possibly doing their job prior or post elections. As a consequence, application of CCTV and GPS technology is almost useless as EVMs can be manipulated even while they are secured in a strong room. A vote on EVM can be digitally manipulated while it is sealed and total number of casted votes remain the same. Is it possible with paper ballots while CCTV and GPS are in use? Maybe, but it will require a lot more planning and manpower.
Hackathon: In a latest hearing on Oct 8, 2013, ECI was asked to introduce the Voter Verifiable Paper Audit Trail (VVPAT) in a phased manner by the Hon’ble Supreme Court of India. EVMs have been used in the past by some developed countries but due to hacking threats demonstrated by many hackers, most of the countries pulled back EVMs from their election procedure. EVMs are still used in the USA but only 5 states are using EVMs without VVPAT, rest of them use EVMs with verified paper trail. It is the one year anniversary of ECI organized EVM hackathon in May 2017. The hackathon ended as a puppet show with the boundary conditions posed by ECI. Since then the resistance against EVMs have slowed down as nothing much happened and ECI is slowly moving towards the introduction of VVPAT. Counting and matching VVPAT votes is still a challenge.
Safety and Security Guidelines: Leaving all the hackathon and hacking threats behind, ECI mentioned strict guidelines for safety and security of EVMs in their report. If we look at the guidelines, it is impossible for any unauthorized user to access any EVM. However in the past people were found taking selfies with EVMs prior to elections. Recently during the 2018 Karnataka assembly elections, 8 VVPAT machines were found inside a shed by daily laborers. So, what happened to the safety and security guidelines? Were the guidelines followed? If not, will the guilty be arrested?
Remember Hari K Prasad? He was the first person to publish a technical paper about the procedure of hacking EVMs. I don't know how he got access to EVM used in the technical paper, but later when ECI came to know about this paper, author Hari K Prasad was jailed for EVM theft. How was it possible to steal an EVM from the most secure strong room of ECI? I could not come across any other person who was arrested for not following safety guidelines.
Kannada TV news channel NEWS9 and ANI reported about the 8 VVPATs which were found after the Karnataka assembly elections.
#KarnatakaKurukshetra: Daily wage labourers have found 8 #VVPAT machines at a shed in #Basavanabagewadi in #Vijayapura. #ShivanandaPatil from #Congress has won from the constituency. pic.twitter.com/NEL7mwAM3a— NEWS9 (@NEWS9TWEETS) May 20, 2018
#Karnataka: Police says, "we have seized 8 VVPATs without batteries from the house of a labourer in Vijayapura. A case has been registered, investigation will be conducted." pic.twitter.com/9HXvtF68v1— ANI (@ANI) May 20, 2018
EVM Security Conclusions: The Status Paper on Electronic Voting Machine released by ECI in Apr 2017 in embedded in this blog. Let's just focus on the safety and security guidelines. You may find this blog lengthy and boring if I list all the safety and security protocols mentioned in the status paper. You can read the guidelines by skipping to page 13 of the embedded document. 15 page long guidelines were useless after 8 VVPATs were found abandoned by daily laborers. Have a look at the safety and security summary released by ECI (Embedded document is available below the image).
 |
| EVM safety and security summary from status paper on EVM |
If ECI does not come up with an explanation about loopholes reported from time to time and gains voter confidence about safety and security of EVMs, fight against EVMs will continue. We can not rely on the baseless assumption that EVMs are secure and can't be hacked while contradictory incidents are pouring in every election.
After Karnataka assembly elections, former IAS officer Raghunandan TR pointed out 6 deficiencies in Indian election system. These deficiencies are somehow related to loopholes in EVM security measures. It is worth to read and learn more about these deficiencies.
Read other blogs on EVMs
Developments since May 2017 on India-made EVMs
Status report on EVM and its reality check
No comments