Opinion

Hacking EVMs: The EC has issued a challenge. It must first accept the challenge it faces

The real challenge is to remove the trust deficit. The offer to demonstrate tampering of EVMs can only be one step in that direction.

The controversy over electronic voting machines refuses to die down. There continue to be allegations, claims and counter claims about election rigging. Some of the claims, we read, were due to misreporting or do not stand up to scrutiny. Every time a claim about malfunctioning EVMs is found to be false, it hurts public understanding of the real issue: elections that use EVMs are anything but transparent.

Sixteen opposition parties have written to the Election Commission asking to revert to the use of paper ballots, In turn, the Election Commission is said to have issued a challenge to political parties, scientists and technical experts to prove that EVMs could be tampered with.

This could be a step in the right direction. But it cannot be all.

Let’s not forget that such a so-called challenge was also given in 2009. The examination of EVMs should be treated as an opportunity to make the process more transparent and open. In 2009, however, when the Election Commission allowed the public to examine EVMs, the examination was hugely circumscribed so as to prevent anyone from carrying out any substantive – albeit practical – attack.

If this offer of EVM examination is simply a cosmetic offer as in 2009, and not intended to allow for a complete analysis, the trust deficit between the Indian public and Indian elections will continue to grow.

The Election Commission should demonstrate that their claims of EVM security do not rest on the very fragile assumption that all insiders with access to the EVM can be trusted. To understand what an insider with access can achieve if they try to tamper with the systems, they should provide the experts with design documents and details of the tests used to verify the design and security properties. The Election Commission’s approach so far, of keeping design details secret, is termed “security through obscurity” by computer security experts, and was debunked as far back as the late 1800s by Dutch cryptographer Auguste Kerckhoffs.

The Election Commission should allow experts a reasonable amount of time to examine machines whose entire design has been secret for so many years. The experts should be able to work in a laboratory space of their choosing, with the freedom to fully explore the system and its vulnerabilities, including physical tampering, as any attacker with some access to a single storage locker might have.

If the Election Commission circumscribes the testing, it should justify such limits by explaining why a few of the many insiders with access to EVMs could not carry out the attack that they are disallowing in the test.

The purpose of the testing should be for the public to learn about EVM design and vulnerabilities, and those examining the machines should be required to make summary findings public. Additionally, while quick exploration may be performed in the short term, longer term independent testing by well-known voting system security experts is essential; one outstanding example of such testing is the Top-To-Bottom-Review ordered by the Secretary of State of California, USA, in 2007, followed by similar requests from Secretaries of other states.

Thorough, independent testing of the EVMs can expose obvious problems and allow us the opportunity to fix them. If no problems are detected, however, we cannot assume that none exist.

The way forward

Much has been said about a voter-verified paper audit trail or VVPAT. In a recent article, this writer had suggested some other measures along with an election audit.

In addition to the transparency provided by public testing of EVMs before elections, there is a role for transparency after the election as well. Even if one were to believe that EVMs are tamper proof, every election outcome must be checked to ensure that the unexpected did not happen, that “mock drill data” (votes due to key presses during testing) was erased as it is supposed to be, and did not contribute to the count, that errors did not affect the outcome, that the EVMs were correctly calibrated, that somebody did not try to change the outcome and succeed, and so on.

If the VVPAT record is verified by the voter to be a faithful reproduction of the vote, is stored securely separate from the EVMs, and is publicly audited after the election, it provides strong independent confirmation that the outcome is correct.

It is not sufficient to simply print VVPAT records, nor is it sufficient for voters to carefully check them. A correctly printed VVPAT record indicates merely that the machine correctly understood the vote. It does not indicate that the vote was correctly recorded or counted. A public audit needs to be performed to determine that the VVPAT records are consistent with the declared election outcome.

A VVPAT audit is not a full hand count. It requires the examination of VVPAT records chosen at random to determine that the records support the declared election outcome. The number of VVPAT records that need to be examined depends on the margin between the winner and the candidate with the second-highest number of votes. Only when this margin is small will the audit correspond to a full hand count.

The workload of an audit is hence not equivalent to that of a full hand count, and the efficiency benefits of the electronic count are not in vain.

What is missing right now?

Today, however, we do not have independent public testing of EVMS.

Additionally, most of our EVMs are not capable of producing VVPAT records. Even in constituencies with paper records, in the states where the recent election outcomes have been questioned by candidates, the Election Commission has no plans for an audit. If we do not use the existing VVPAT records as the serious tools for detecting problems that they are, our election outcomes will continue to generate suspicion among all except those who support the declared winners, as continues to happen in recent controversies.

Therefore, it needs to be pointed out to the Election Commission, respectfully, that the absence of election audits and the unreliable nature of the VVPAT is already a large enough problem. It is not up to candidates to look for security vulnerabilities in the secretly-designed EVMs to prove that our electoral processes and technology must be improved. It is up to the Election Commission to implement process and technology improvements to increase transparency, so that after each election, the Election Commission can itself prove – using public audits of securely-stored VVPAT – that the outcome is correct.

Regular audits will not require voters and their candidates to have blind faith in insider processes and the insides of an electronic machine, and will provide considerable disincentive to anyone contemplating manipulating an election outcome.

The real challenge

Many of the candidates with concerns have received a very large number of votes in the recent elections. Together, they represent a very large number of voters. If, after every election, every candidate except the declared winner is (understandably) suspicious of the outcome, that is a large number of voters whose trust in our democracy is jeopardised.

This trust is easily lost when taken for granted, but can be built through an unwavering commitment to transparency in election technology and process.

India has an enviable reputation as the world’s largest democracy with a large number of enthusiastic voters. This reputation transfers to our elected leaders too, because world leaders understand that they are negotiating with leaders legitimately chosen by an engaged citizenry. The Election Commission and its independent role in enabling peaceful and fair elections is well-known. The Election Commission could further enhance both reputations by making available EVMs for unrestricted independent examination, auditing any VVPAT available for the recently concluded elections and allowing paper ballots in elections in the near term where candidates request them or it is not possible to print VVPAT records, store them securely and audit them.

In the medium term, it should institute procedures for regular audits of securely-stored VVPAT records. It could look forward to the long term by updating EVM design to enable more flexible and secure audits, perhaps by using end-to-end independently-verifiable approaches, which represent the gold standard of what is possible in secure auditable voting systems.

Civil society groups and candidates, on their part, must educate voters about the importance of reviewing the VVPAT record for their own vote to ensure it is correct and to continue to engage in, and advocate for, public auditing of all electoral processes. Concerns about unfair elections must be raised when necessary, but this must be done with care for the facts, as election integrity loses out when false claims begin to dominate the news.

Poorvi L Vora is Professor of Computer Science at The George Washington University, Washington DC, USA.

Support our journalism by subscribing to Scroll+ here. We welcome your comments at letters@scroll.in.
Sponsored Content BY 

Tracing the formation of Al Qaeda and its path to 9/11

A new show looks at some of the crucial moments leading up to the attack.

“The end of the world war had bought America victory but not security” - this quote from Lawrence Wright’s Pulitzer-Prize winning book, ‘The Looming Tower’, gives a sense of the growing threat to America from Al Qaeda and the series of events that led to 9/11. Based on extensive interviews, including with Bin Laden’s best friend in college and the former White House counterterrorism chief, ‘The Looming Tower’ provides an intimate perspective of the 9/11 attack.

Lawrence Wright chronicles the formative years of Al Qaeda, giving an insight in to Bin Laden’s war against America. The book covers in detail, the radicalisation of Osama Bin Laden and his association with Ayman Al Zawahri, an Egyptian doctor who preached that only violence could change history. In an interview with Amazon, Wright shared, “I talked to 600-something people, but many of those people I talked to again and again for a period of five years, some of them dozens of times.” Wright’s book was selected by TIME as one of the all-time 100 best nonfiction books for its “thoroughly researched and incisively written” account of the road to 9/11 and is considered an essential read for understanding Islam’s war on the West as it developed in the Middle East.

‘The Looming Tower’ also dwells on the response of key US officials to the rising Al Qaeda threat, particularly exploring the turf wars between the FBI and the CIA. This has now been dramatized in a 10-part mini-series of the same name. Adapted by Dan Futterman (of Foxcatcher fame), the series mainly focuses on the hostilities between the FBI and the CIA. Some major characters are based on real people - such as John O’ Neill (FBI’s foul-mouthed counterterrorism chief played by Jeff Daniels) and Ali Soufan (O’ Neill’s Arabic-speaking mentee who successfully interrogated captured Islamic terrorists after 9/11, played by Tahar Rahim). Some are composite characters, such as Martin Schmidt (O’Neill’s CIA counterpart, played by Peter Sarsgaard).

The series, most crucially, captures just how close US intelligence agencies had come to foiling Al Qaeda’s plans, just to come up short due to internal turf wars. It follows the FBI and the CIA as they independently follow intelligence leads in the crises leading up to 9/11 – the US Embassy bombings in East Africa and the attack on US warship USS Cole in Yemen – but fail to update each other. The most glaring example is of how the CIA withheld critical information – Al Qaeda operatives being hunted by the FBI had entered the United States - under the misguided notion that the CIA was the only government agency authorised to deal with terrorism threats.

The depth of information in the book has translated into a realistic recreation of the pre-9/11 years on screen. The drama is even interspersed with actual footage from the 9/11 conspiracy, attack and the 2004 Commission Hearing, linking together the myriad developments leading up to 9/11 with chilling hindsight. Watch the trailer of this gripping show below.

Play

The Looming Tower is available for streaming on Amazon Prime Video, along with a host of Amazon originals and popular movies and TV shows. To enjoy unlimited ad free streaming anytime, anywhere, subscribe to Amazon Prime Video.

This article was produced by the Scroll marketing team on behalf of Amazon Prime Video and not by the Scroll editorial team.