The EVM Controversy: Impossible or Just Invisible?
NEW DELHI: The most precious gift the Indian democracy gave us is universal suffrage. On the one hand ‘equality of voting right’ gave us freedom to choose a party to govern the nation, states and local bodies, on the other, and more importantly, made us equal citizens, in an utterly unequal society.
In the past, there have been many efforts to subvert the right to vote freely. Physical intimidation and Booth Capturing were the most common methods that were used during the paper ballot era.
Today the big question is, have EVMs made freedom to vote impossible, or have they made it invisible?
In the following paragraphs I will try to deal with the recent debate on claims and counter claims related to the EVM’s security or the lack of it.
The elections are over and the Uttar Pradesh results have left every one, including the BJP, stunned. No one had expected, predicted or even felt that the BJP is going to secure so many seats. There was no wave in favour or against any party and even the BJP supported pollsters had not predicted such a huge victory. Shocking as the results were, unexpectedness, became the basis for the doubts raised by many.
Mayawati was the first to question the validity of the results, opening the floodgates of suspicion associated with EVMs.
Just after the results were declared, a section of the electronic media showed how EVMs could be tampered. Soon the social media went on a spin and claims and counter claims crisscrossed cell phone networks. Each one of us continues to receive messages, articles and video clips, unabated.
The public debate, for and against EVMs, is rooted in the 1980s when EVMs were first introduced in India on an experimental basis. It is important to continue the debate because if EVMs are not tamperproof , Indian democracy is in danger as a vote becomes valueless in the process.
However, we should remember that the battle being fought cannot be settled in cyberspace or on TV channels. Finally it will be settled either in the courts or through a mass movement.
I am not anti-technology, but like any ordinary scientist, have always been sceptical about electronic machines being claimed as ‘tamperproof’, ‘fully safe’ or ‘fully-protected from outside attacks’.
However, on the basis of feelings, rejecting a claim made by a highly responsible agency like the Election Commission or the members of two ‘expert committees’ would be utterly unscientific and wrong.
The first one was constituted in 1990 and was composed of C. Rao Kasarbada, P.V. Indiresan, and S. Sampath and the second was constituted in 2006 with A.K. Agarwala and D.T. Shahani and P.V. Indiresan, as its members. The experts were the best names in their own fields. But were they experts in the field of computer security?
A large team of computer security experts, led by Scott Wolchok, Eric Wustrow and J. Alex Halderman working at the University of Michigan, USA, questioned the expertise of the members of the two teams and claimed that they ‘did not have access to the EVM source code and relied on presentations, demonstrations, and site visits with the manufacturers’ and ‘none appear to have had prior computer security expertise.’
The research undertaken by professors working at University of Michigan was triggered by the findings of Hari Prasad, a Hyderabad based engineer, who was one of the authors of a research paper titled ‘Security Analysis of India’s Electronic Voting Machines’ published by the team in 2010.
The team also demonstrated a simple method of tampering with the final results using a cell phone. Hari Prasad gained access to an EVM for investigation in February 2010, and in November he was arrested reportedly, on ‘the charges of stealing an EVM from the collector’s office in Mumbai’.
The paper also informed its readers that ‘according to Election Commission statistics, there were 1,378,352 EVMs in use in July 2009. Of these, 448,000 were third-generation machines manufactured from 2006 to 2009, with 253,400 from BEL and 194,600 from ECIL. The remaining 930,352 were the second-generation models manufactured from 2000 to 2005, with 440,146 from BEL and 490,206 from ECIL’.
Since 2010, the team has relentlessly challenged the claim that Indian EVMs are tamperproof, they have presented their findings at various forums. Since 2010, the number of videos that show and articles on how an EVM could be manipulated has increased exponentially, yet their article and method remains the best researched till date.
It is evident that people are divided on the issue. Those who have participated in the debate can be divided into three categories:
1. First, there are those who believe that EVMs can be manipulated and are manipulated. This category includes skeptics, a section of ordinary citizens, some activists and those who lose elections.
2. Second, come those who believe that EVMs can be manipulated believe that since the electoral operation in India is enormous and therefore tampering 1.4 million EVMs is out of the question. Each EVM passes through various steps of security, and bribing every member involved in electoral process is out of question. Due to the involvement of large manpower secrecy of any such operation cannot be maintained. Most people, including majority of media experts, believe this assertion.
3. Lastly the Election Commission and experts appointed by them who out rightly reject such a possibility.
Personally, I belong to the first category. I know that all machines invented by human beings are designed to be manipulated. There is always an input window and an output window through which we interact with a machine. The computer and internet era have made it possible for any one to manipulate a piece of electronic gadgetry siting in any corner of the globe without revealing his or her identity.
In an era where we interact with robots on Mars siting in a laboratory, it is naive to think that EVMs are ‘tamper proof’. Since only government run institutions, the Election Commission or political parties with large funds, who have access to experts and gadgets, can technically prove that an EVM is not secured, it will be a futile exercise to get into the technical argument.
Ultimately, all efforts to show that EVMs can be manipulated have resulted in failure because it is easy for the Election Commission or its appointed experts to point to technical and procedural problems in the suggested method.
Any one who challenges the security of an EVM starts from an inherent disadvantage. He or she will not have easy access to EVMs, their source code or will not be allowed to test their method in a real election.
It is often argued that only those who lose the election raise the issue, when the same people win they remain silent. Irrespective of who loses or wins, we as common citizens have to safeguard our voting right.
Let me deal with the argument that in India we have security in numbers. Gone are the days when ‘booth capturing’ was, presumably rampant. It should be pointed out that no one could ever capture a booth secretly. In the era of EVMs, if we assume that it can be remote controlled by a device (for example by a cell phone or a laptop), no one will know about it. If one EVM can be tampered with then theoretically any number can be controlled.
‘Security in numbers’ is a most fallacious, misleading and dangerous—yet most accepted—argument. In order to see its fallacy we need to come out of the mindset shaped by a ballot paper based election process.
Let me try to show that, if EVMs can be manipulated, one need not control each of these about 14 lakh machines to achieve desired results. Following a few steps intelligently, using basic statistical tools, any agency can arrive at a minimum optimal number for subverting even the national election results.
Let us assume that agency X has access to a remote control gadget that can interact with any EVM at a given distance. It is hired by a political party A, which is fighting election on 100 seats and has opponents X, Y and Z. The magic number for any party, to achieve a majority would be 51 seats.
Step-1: Agency X will gather all the data of last elections. Identify where A has won elections with large margins. Suppose they find that on 25 seats A has consistently won the elections. This is where they don’t need to manipulate any EVMs. Identify where party A has scored second position, irrespective of which party has scored position one.
Suppose, the number is 20 seats. These are the ones which need manipulation. But they are still short of 11 seats. Look at the data carefully, and identify those seats where X, Y or Z parties scored first and second positions and A is third and the margins between the three are low. If the agency is able to identify 11 or more than 11 such seats then it will focus on these 20 and 11 seats.
Step-2: Undertake a survey to judge the exiting mood of the people on all 100 seats. See if it matches with the results of the previous elections. If not fine tune the selection of seats.
Step-3: Through a survey in chosen constituencies, identify localities where people are going to vote for party A in large numbers, leave these areas out. Identify EVMs that are associated with areas where opponents are likely to score a large number of votes. Identify each EVM that needs to be manipulated.
Step-4: Calculate the numbers of vote that are required to make A win the constituency, suppose this number is 1000 votes. Using a computer programme, generate random numbers for each EVM which add up to 1000. Computer programme can also be made to assign these numbers to each of the selected EVM.
Sept-5: Agency A may recruit innocent young men and instruct them to go to specific booths and press a button on the cell phone or laptop supplied to them which is capable of communicating with the assigned EVM/s and feed the numbers to the specific machine.
Creating confusion in the media is also essential for the manipulation to succeed
Agency A will also purchase a few media channels, pollsters and media experts to create confusion so that no one is able to make any guesses. Pay experts to make completely divergent guesses so that when results are declared every one talks about who was right and who is wrong instead of the validity of results. After the most unexpected results we find that even the most serious commentators take them as the gospel truth and experts express their opinion on what social, economic and political factors were operating among the people.
I undertook testing this method on actual data acquired from a district just after the Gujarat Assembly elections in 2012. The results were amazing.
Party A had won the election and candidate of Party B came second. The total votes polled in favour of A were 77083, and candidate B polled 59677 votes. These were spread over 217 EVMs. Using simple mathematical equations I could arrive at the minimum number of 36 EVM to swing the results in favour of B with a sufficient margin.
The minimum optimum number required to swing results in favour of B candidate was 26 EVMs. It was clear that if I could do these calculations any one with sufficient knowledge of mathematics could do it better.
After this exercise there was no ‘security in large numbers’, which we so proudly boast of.
It is most difficult to argue with this lot. The first point that they make is, EVMs are produced under strict secrecy and security by a government owned company. As if hackers all over the world are scared of secrecy and governments.
The second argument is that the machine is hard-wired and cannot be invaded right from the beginning and cannot be invaded from outside. Then why did we need to upgrade security features and come up with, what we proudly call second and third generation EVM machines.
The third argument is that there are a number of stages between assigning an EVM to a booth and announcement of results and at each stage more than one person, trained in securing the machine is involved. At each stage the machine is tested to see if it is working properly. You cannot buy loyalties of all of them. The conspiracy cannot be executed without some one breaking the news.
The beauty of electronic conspiracy is that you need not involve a large team. A very small cohesive group can execute it more efficiently. Those involved in the process may themselves be innocent victims.
(Gauhar Raza is Former Prof. AcSIR, Chief Scientist National Institute of Science Communication and Information Resources).