Opinion

Hacking EVMs: The EC has issued a challenge. It must first accept the challenge it faces

The real challenge is to remove the trust deficit. The offer to demonstrate tampering of EVMs can only be one step in that direction.

The controversy over electronic voting machines refuses to die down. There continue to be allegations, claims and counter claims about election rigging. Some of the claims, we read, were due to misreporting or do not stand up to scrutiny. Every time a claim about malfunctioning EVMs is found to be false, it hurts public understanding of the real issue: elections that use EVMs are anything but transparent.

Sixteen opposition parties have written to the Election Commission asking to revert to the use of paper ballots, In turn, the Election Commission is said to have issued a challenge to political parties, scientists and technical experts to prove that EVMs could be tampered with.

This could be a step in the right direction. But it cannot be all.

Let’s not forget that such a so-called challenge was also given in 2009. The examination of EVMs should be treated as an opportunity to make the process more transparent and open. In 2009, however, when the Election Commission allowed the public to examine EVMs, the examination was hugely circumscribed so as to prevent anyone from carrying out any substantive – albeit practical – attack.

If this offer of EVM examination is simply a cosmetic offer as in 2009, and not intended to allow for a complete analysis, the trust deficit between the Indian public and Indian elections will continue to grow.

The Election Commission should demonstrate that their claims of EVM security do not rest on the very fragile assumption that all insiders with access to the EVM can be trusted. To understand what an insider with access can achieve if they try to tamper with the systems, they should provide the experts with design documents and details of the tests used to verify the design and security properties. The Election Commission’s approach so far, of keeping design details secret, is termed “security through obscurity” by computer security experts, and was debunked as far back as the late 1800s by Dutch cryptographer Auguste Kerckhoffs.

The Election Commission should allow experts a reasonable amount of time to examine machines whose entire design has been secret for so many years. The experts should be able to work in a laboratory space of their choosing, with the freedom to fully explore the system and its vulnerabilities, including physical tampering, as any attacker with some access to a single storage locker might have.

If the Election Commission circumscribes the testing, it should justify such limits by explaining why a few of the many insiders with access to EVMs could not carry out the attack that they are disallowing in the test.

The purpose of the testing should be for the public to learn about EVM design and vulnerabilities, and those examining the machines should be required to make summary findings public. Additionally, while quick exploration may be performed in the short term, longer term independent testing by well-known voting system security experts is essential; one outstanding example of such testing is the Top-To-Bottom-Review ordered by the Secretary of State of California, USA, in 2007, followed by similar requests from Secretaries of other states.

Thorough, independent testing of the EVMs can expose obvious problems and allow us the opportunity to fix them. If no problems are detected, however, we cannot assume that none exist.

The way forward

Much has been said about a voter-verified paper audit trail or VVPAT. In a recent article, this writer had suggested some other measures along with an election audit.

In addition to the transparency provided by public testing of EVMs before elections, there is a role for transparency after the election as well. Even if one were to believe that EVMs are tamper proof, every election outcome must be checked to ensure that the unexpected did not happen, that “mock drill data” (votes due to key presses during testing) was erased as it is supposed to be, and did not contribute to the count, that errors did not affect the outcome, that the EVMs were correctly calibrated, that somebody did not try to change the outcome and succeed, and so on.

If the VVPAT record is verified by the voter to be a faithful reproduction of the vote, is stored securely separate from the EVMs, and is publicly audited after the election, it provides strong independent confirmation that the outcome is correct.

It is not sufficient to simply print VVPAT records, nor is it sufficient for voters to carefully check them. A correctly printed VVPAT record indicates merely that the machine correctly understood the vote. It does not indicate that the vote was correctly recorded or counted. A public audit needs to be performed to determine that the VVPAT records are consistent with the declared election outcome.

A VVPAT audit is not a full hand count. It requires the examination of VVPAT records chosen at random to determine that the records support the declared election outcome. The number of VVPAT records that need to be examined depends on the margin between the winner and the candidate with the second-highest number of votes. Only when this margin is small will the audit correspond to a full hand count.

The workload of an audit is hence not equivalent to that of a full hand count, and the efficiency benefits of the electronic count are not in vain.

What is missing right now?

Today, however, we do not have independent public testing of EVMS.

Additionally, most of our EVMs are not capable of producing VVPAT records. Even in constituencies with paper records, in the states where the recent election outcomes have been questioned by candidates, the Election Commission has no plans for an audit. If we do not use the existing VVPAT records as the serious tools for detecting problems that they are, our election outcomes will continue to generate suspicion among all except those who support the declared winners, as continues to happen in recent controversies.

Therefore, it needs to be pointed out to the Election Commission, respectfully, that the absence of election audits and the unreliable nature of the VVPAT is already a large enough problem. It is not up to candidates to look for security vulnerabilities in the secretly-designed EVMs to prove that our electoral processes and technology must be improved. It is up to the Election Commission to implement process and technology improvements to increase transparency, so that after each election, the Election Commission can itself prove – using public audits of securely-stored VVPAT – that the outcome is correct.

Regular audits will not require voters and their candidates to have blind faith in insider processes and the insides of an electronic machine, and will provide considerable disincentive to anyone contemplating manipulating an election outcome.

The real challenge

Many of the candidates with concerns have received a very large number of votes in the recent elections. Together, they represent a very large number of voters. If, after every election, every candidate except the declared winner is (understandably) suspicious of the outcome, that is a large number of voters whose trust in our democracy is jeopardised.

This trust is easily lost when taken for granted, but can be built through an unwavering commitment to transparency in election technology and process.

India has an enviable reputation as the world’s largest democracy with a large number of enthusiastic voters. This reputation transfers to our elected leaders too, because world leaders understand that they are negotiating with leaders legitimately chosen by an engaged citizenry. The Election Commission and its independent role in enabling peaceful and fair elections is well-known. The Election Commission could further enhance both reputations by making available EVMs for unrestricted independent examination, auditing any VVPAT available for the recently concluded elections and allowing paper ballots in elections in the near term where candidates request them or it is not possible to print VVPAT records, store them securely and audit them.

In the medium term, it should institute procedures for regular audits of securely-stored VVPAT records. It could look forward to the long term by updating EVM design to enable more flexible and secure audits, perhaps by using end-to-end independently-verifiable approaches, which represent the gold standard of what is possible in secure auditable voting systems.

Civil society groups and candidates, on their part, must educate voters about the importance of reviewing the VVPAT record for their own vote to ensure it is correct and to continue to engage in, and advocate for, public auditing of all electoral processes. Concerns about unfair elections must be raised when necessary, but this must be done with care for the facts, as election integrity loses out when false claims begin to dominate the news.

Poorvi L Vora is Professor of Computer Science at The George Washington University, Washington DC, USA.

We welcome your comments at letters@scroll.in.
Sponsored Content BY 

Bringing your parents into the digital fold can be a rewarding experience

Contrary to popular sentiment, being the tech support for your parents might be a great use of your time and theirs.

If you look up ‘Parents vs technology’, you’ll be showered with a barrage of hilariously adorable and relatable memes. Half the hilarity of these memes sprouts from their familiarity as most of us have found ourselves in similar troubleshooting situations. Helping a parent understand and operate technology can be trying. However, as you sit, exasperated, deleting the gazillion empty folders that your mum has accidentally made, you might be losing out on an opportunity to enrich her life.

After the advent of technology in our everyday personal and work lives, parents have tried to embrace the brand-new ways to work and communicate with a bit of help from us, the digital natives. And while they successfully send Whatsapp messages and make video calls, a tremendous amount of unfulfilled potential has fallen through the presumptuous gap that lies between their ambition and our understanding of their technological needs.

When Priyanka Gothi’s mother retired after 35 years of being a teacher, Priyanka decided to create a first of its kind marketplace that would leverage the experience and potential of retirees by providing them with flexible job opportunities. Her Hong Kong based novel venture, Retired, Not Out is reimagining retirement by creating a channel through which the senior generation can continue to contribute to the society.

Our belief is that tech is highly learnable. And learning doesn’t stop when you graduate from school. That is why we have designed specific programmes for seniors to embrace technology to aid their personal and professional goals.

— Priyanka Gothi, Founder & CEO, Retired Not Out

Ideas like Retired Not Out promote inclusiveness and help instil confidence in a generation that has not grown up with technology. A positive change in our parent’s lives can be created if we flip the perspective on the time spent helping them operate a laptop and view it as an exercise in empowerment. For instance, by becoming proficient in Microsoft Excel, a senior with 25 years of experience in finance, could continue to work part time as a Finance Manager. Similarly, parents can run consultation blogs or augment their hobbies and continue to lead a fulfilling and meaningful life.

Advocating the same message, Lenovo’s new web-film captures the void that retirement creates in a person’s life, one that can be filled by, as Lenovo puts it, gifting them a future.

Play

Depending on the role technology plays, it can either leave the senior generation behind or it can enable them to lead an ambitious and productive life. This festive season, give this a thought as you spend time with family.

To make one of Lenovo’s laptops a part of the family, see here.

This article was produced on behalf of Lenovo by the Scroll.in marketing team and not by the Scroll.in editorial staff.