Opinion

Hacking EVMs: The EC has issued a challenge. It must first accept the challenge it faces

The real challenge is to remove the trust deficit. The offer to demonstrate tampering of EVMs can only be one step in that direction.

The controversy over electronic voting machines refuses to die down. There continue to be allegations, claims and counter claims about election rigging. Some of the claims, we read, were due to misreporting or do not stand up to scrutiny. Every time a claim about malfunctioning EVMs is found to be false, it hurts public understanding of the real issue: elections that use EVMs are anything but transparent.

Sixteen opposition parties have written to the Election Commission asking to revert to the use of paper ballots, In turn, the Election Commission is said to have issued a challenge to political parties, scientists and technical experts to prove that EVMs could be tampered with.

This could be a step in the right direction. But it cannot be all.

Let’s not forget that such a so-called challenge was also given in 2009. The examination of EVMs should be treated as an opportunity to make the process more transparent and open. In 2009, however, when the Election Commission allowed the public to examine EVMs, the examination was hugely circumscribed so as to prevent anyone from carrying out any substantive – albeit practical – attack.

If this offer of EVM examination is simply a cosmetic offer as in 2009, and not intended to allow for a complete analysis, the trust deficit between the Indian public and Indian elections will continue to grow.

The Election Commission should demonstrate that their claims of EVM security do not rest on the very fragile assumption that all insiders with access to the EVM can be trusted. To understand what an insider with access can achieve if they try to tamper with the systems, they should provide the experts with design documents and details of the tests used to verify the design and security properties. The Election Commission’s approach so far, of keeping design details secret, is termed “security through obscurity” by computer security experts, and was debunked as far back as the late 1800s by Dutch cryptographer Auguste Kerckhoffs.

The Election Commission should allow experts a reasonable amount of time to examine machines whose entire design has been secret for so many years. The experts should be able to work in a laboratory space of their choosing, with the freedom to fully explore the system and its vulnerabilities, including physical tampering, as any attacker with some access to a single storage locker might have.

If the Election Commission circumscribes the testing, it should justify such limits by explaining why a few of the many insiders with access to EVMs could not carry out the attack that they are disallowing in the test.

The purpose of the testing should be for the public to learn about EVM design and vulnerabilities, and those examining the machines should be required to make summary findings public. Additionally, while quick exploration may be performed in the short term, longer term independent testing by well-known voting system security experts is essential; one outstanding example of such testing is the Top-To-Bottom-Review ordered by the Secretary of State of California, USA, in 2007, followed by similar requests from Secretaries of other states.

Thorough, independent testing of the EVMs can expose obvious problems and allow us the opportunity to fix them. If no problems are detected, however, we cannot assume that none exist.

The way forward

Much has been said about a voter-verified paper audit trail or VVPAT. In a recent article, this writer had suggested some other measures along with an election audit.

In addition to the transparency provided by public testing of EVMs before elections, there is a role for transparency after the election as well. Even if one were to believe that EVMs are tamper proof, every election outcome must be checked to ensure that the unexpected did not happen, that “mock drill data” (votes due to key presses during testing) was erased as it is supposed to be, and did not contribute to the count, that errors did not affect the outcome, that the EVMs were correctly calibrated, that somebody did not try to change the outcome and succeed, and so on.

If the VVPAT record is verified by the voter to be a faithful reproduction of the vote, is stored securely separate from the EVMs, and is publicly audited after the election, it provides strong independent confirmation that the outcome is correct.

It is not sufficient to simply print VVPAT records, nor is it sufficient for voters to carefully check them. A correctly printed VVPAT record indicates merely that the machine correctly understood the vote. It does not indicate that the vote was correctly recorded or counted. A public audit needs to be performed to determine that the VVPAT records are consistent with the declared election outcome.

A VVPAT audit is not a full hand count. It requires the examination of VVPAT records chosen at random to determine that the records support the declared election outcome. The number of VVPAT records that need to be examined depends on the margin between the winner and the candidate with the second-highest number of votes. Only when this margin is small will the audit correspond to a full hand count.

The workload of an audit is hence not equivalent to that of a full hand count, and the efficiency benefits of the electronic count are not in vain.

What is missing right now?

Today, however, we do not have independent public testing of EVMS.

Additionally, most of our EVMs are not capable of producing VVPAT records. Even in constituencies with paper records, in the states where the recent election outcomes have been questioned by candidates, the Election Commission has no plans for an audit. If we do not use the existing VVPAT records as the serious tools for detecting problems that they are, our election outcomes will continue to generate suspicion among all except those who support the declared winners, as continues to happen in recent controversies.

Therefore, it needs to be pointed out to the Election Commission, respectfully, that the absence of election audits and the unreliable nature of the VVPAT is already a large enough problem. It is not up to candidates to look for security vulnerabilities in the secretly-designed EVMs to prove that our electoral processes and technology must be improved. It is up to the Election Commission to implement process and technology improvements to increase transparency, so that after each election, the Election Commission can itself prove – using public audits of securely-stored VVPAT – that the outcome is correct.

Regular audits will not require voters and their candidates to have blind faith in insider processes and the insides of an electronic machine, and will provide considerable disincentive to anyone contemplating manipulating an election outcome.

The real challenge

Many of the candidates with concerns have received a very large number of votes in the recent elections. Together, they represent a very large number of voters. If, after every election, every candidate except the declared winner is (understandably) suspicious of the outcome, that is a large number of voters whose trust in our democracy is jeopardised.

This trust is easily lost when taken for granted, but can be built through an unwavering commitment to transparency in election technology and process.

India has an enviable reputation as the world’s largest democracy with a large number of enthusiastic voters. This reputation transfers to our elected leaders too, because world leaders understand that they are negotiating with leaders legitimately chosen by an engaged citizenry. The Election Commission and its independent role in enabling peaceful and fair elections is well-known. The Election Commission could further enhance both reputations by making available EVMs for unrestricted independent examination, auditing any VVPAT available for the recently concluded elections and allowing paper ballots in elections in the near term where candidates request them or it is not possible to print VVPAT records, store them securely and audit them.

In the medium term, it should institute procedures for regular audits of securely-stored VVPAT records. It could look forward to the long term by updating EVM design to enable more flexible and secure audits, perhaps by using end-to-end independently-verifiable approaches, which represent the gold standard of what is possible in secure auditable voting systems.

Civil society groups and candidates, on their part, must educate voters about the importance of reviewing the VVPAT record for their own vote to ensure it is correct and to continue to engage in, and advocate for, public auditing of all electoral processes. Concerns about unfair elections must be raised when necessary, but this must be done with care for the facts, as election integrity loses out when false claims begin to dominate the news.

Poorvi L Vora is Professor of Computer Science at The George Washington University, Washington DC, USA.

We welcome your comments at letters@scroll.in.
Sponsored Content  BY 

Harvard Business School’s HBX brings the future of business education to India with online programs

HBX is not only offering courses online, but also connecting students to the power of its network.

The classic design of the physical Harvard Business School (HBS) classroom was once a big innovation – precisely designed teaching amphitheaters laid out for every student to participate from his or her seat with a “pit” in the center of the room from which professors orchestrate discussions analyzing business cases like a symphony lead. When it came to designing the online experience of HBX—the school’s digital learning initiative—HBS faculty worked tirelessly to blend these tenets of the HBS classroom pedagogy with the power of new technology. With real-world problem solving, active learning, and social learning as its foundation, HBX offers immersive and challenging self-paced learning experiences through its interactive online learning platform.

Reimagining digital education, breaking the virtual learning mold

Typically, online courses follow a one-way broadcast mode – lectures are video recorded and reading material is shared – and students learn alone and are individually tested. Moving away from the passive learning model, HBX has developed an online platform that leverages the HBS ‘case-based pedagogy’ and audio-visual and interaction tools to make learning engaging.

HBX courses are rarely taught through theory. Instead, students learn through real-world problem-solving. Students start by grappling with a business problem – with real world data and the complexity in which a business leader would have to make a decision – and learn the theory inductively. Thus even as mathematical theories are applied to business situations, students come away with a greater sense of clarity and perspective, whether it is reading a financial report, understanding why a brand’s approach to a random sample population study may or may not work, or how pricing works.

HBX Platform | Courses offered in the HBX CORe program
HBX Platform | Courses offered in the HBX CORe program

“Learning about concepts through real-life cases was my favorite part of the program. The cases really helped transform abstract concepts into observable situations one could learn from. Furthermore, it really helped me understand how to identify situations in which I could use the tools that HBX equipped me with,” says Anindita Ravikumar, a past HBX participant. India’s premier B-school IIM-Ahmedabad has borrowed the very same pedagogy from Harvard. Learning in this manner is far more engaging, relatable, and memorable.

Most lessons start with a short 2-3 minute video of a manager talking about the business problem at hand. Students are then asked to respond on how they would handle the issue. Questions can be in the form of either a poll or reflections. Everyone’s answers are then visible to the ‘classroom’. In the words of Professor Bharat Anand, Faculty Chair, HBX, “This turns out to be a really important distinction. The answers are being updated in real-time. You can see the distribution of answers, but you can also see what any other individual has answered, which means that you’re not anonymous.” Students have real profiles and get to know their ‘classmates’ and learn from each other.

HBX Interface | Students can view profiles of other students in their cohort
HBX Interface | Students can view profiles of other students in their cohort

Professor Anand also says, “We have what we call the three-minute rule. Roughly every three minutes, you are doing something different on the platform. Everyone is on the edge of their seats. Anyone could be called on to participate at any time. It’s a very lean forward mode of learning”. Students get ‘cold-called’ – a concept borrowed from the classroom – where every now and then individuals will be unexpectedly prompted to answer a question on the platform and their response will be shared with other members of the cohort. It keeps students engaged and encourages preparedness. While HBX courses are self-paced, participants are encouraged to get through a certain amount of content each week, which helps keep the cohort together and enables the social elements of the learning experience.

More than digital learning

The HBS campus experience is valued by alumni not just for the academic experience but also for the diverse network of peers they meet. HBX programs similarly encourage student interactions and opportunities for in-person networking. All HBXers who successfully complete their programs and are awarded a credential or certificate from HBX and Harvard Business School are invited to the annual on-campus HBX ConneXt event to meet peers from around the world, hear from faculty and business executives, and also experience the HBS campus near Cambridge.

HBXers at ConneXt, with Prof. Bharat Anand
HBXers at ConneXt, with Prof. Bharat Anand

Programs offered today

HBX offers a range of programs that appeal to different audiences.

To help college students and recent graduates prepare for the business world, HBX CORe (Credential of Readiness) integrates business essentials such as analytics, economics, and financial accounting. HBX CORe is also great for those interested in an MBA looking to strengthen their application and brush up their skills to be prepared for day one. For working professionals, HBX CORe and additional courses like Disruptive Strategy, Leading with Finance, and Negotiation Mastery, can help deepen understanding of essential business concepts in order to add value to their organizations and advance their careers.

Course durations range from 6 to 17 weeks depending on the program. All interested candidates must submit a free, 10-15 minute application that is reviewed by the HBX admissions team by the deadlines noted on the HBX website.

For more information, please review the HBX website.

This article was produced by the Scroll marketing team on behalf of HBX and not by the Scroll editorial team.