VK Sanju
August 21, 2010 – The residence in Hyderabad of Hari K Prasad, an engineer with Net India Pvt Ltd. Around 5.30 am, the serenity of the dawn was disrupted by some unexpected visitors. Ten police officers descended upon the home.
To his colleagues, he is celebrated as India’s foremost election security researcher. But not so for the police to whom he is an alleged thief of electronic voting machines (EVMs). Participants in his groundbreaking research assert that his experiments with authentic voting machines unearthed the chilling possibility of tampering with the machines used in India, exposing how the country’s electoral sanctity could be compromised and its democratic results subverted.
The burning question then is: how did Hari, an engineer in a private firm, come into possession of a voting machine meant to be safeguarded under the strictest security, accessible only during elections? The only plausible explanation points to an unsettling scenario - someone entrenched in the upper echelons of power, vested with the authority to handle these machines, must have clandestinely passed it on to him.
For the police, the singular issue was unraveling the mystery of who had provided the voting machine. But Hari and his associates remained steadfast, and insisted they could not divulge the identity of the source who had arranged the machine for their research.
Hari was apprehended from his Hyderabad residence and transported to Mumbai in a grueling 14-hour road journey with veiled threats and promises of leniency. Accompanying him was Prof J Alex Holderman from the University of Michigan, a collaborator in the contentious research that had set this chain of events into motion. Holderman reveals that along the way, the police officers told Hari, "If you tell us who gave you the machine, no one will touch you. We have good pressure from above."
"If I reveal the secret, no one will ever dare to step forward for such vital endeavours again. Our ultimate aim is to prove that these machines are not fit for elections. I sincerely believe that everything we have done is right," Hari declared with unwavering conviction, as recounted by Holderman.
The paper titled 'Security Analysis of Indian Voting Machines' has been prepared by eight researchers. Besides Hari and Holderman, the paper names Scott Wolchock and Eric Wustro from the University of Michigan, Indian’s Arun Kankipati, Saikrishna Sakamuri and Vasavya Yagathi, besides Rop Gongrijp, whose address is not specifically given.
What if their revelations hold a kernel of truth? Before succumbing to moral outrage over who granted these "outsiders" the right to scrutinize our voting machines, and before racing to apprehend them, perhaps it is worth pausing to reflect. In the world’s largest democracy, the focus instead should be on the integrity of the very system that embodies the people’s sovereignty.
Holderman’s assertion that the arrest was politically motivated need not be taken at face value. However, it does raise pressing questions that demand answers. The government and the authorities owe it to the people to uncover how these highly secured voting machines, meant to be untouchable except during elections, found their way into unauthorized hands. Equally critical is the right of every Indian to know the truth - whether the findings of this controversial research expose genuine vulnerabilities or not. Until this is determined, the shadow of uncertainty looms over a cornerstone of the nation’s democracy.
Even those who’ve never pressed a button on an EVM are well-acquainted with its facade, thanks to the media spotlight. Yet, the true enigma lies within - its inner workings remain a mystery to the masses. But Hari and Holderman in their research paper peel back the layers and dissect its anatomy: the control unit, the main board and the display board, presenting an illustration of its every component. Adding a human touch to their technical triumph is a photograph of the researchers embracing the machine.
The research paper delves deep into the design and mechanics of the EVM, unveiling its potential vulnerabilities. It highlights two chilling methods of tampering. The first involves manipulating the display board - swapping the original with a near-identical replica. This covert substitution ensures that, no matter how a vote is cast, the outcome is based on a pre-decided script. A mere mobile phone, whose signals stealthily dictate the verdict, rewires the EVM's allegiance to favour a chosen candidate.
The second method of tampering strikes at the very core - the memory itself. Unlike elaborate reengineering, this method requires no overhaul of the machine. A temporary hardware device is clipped onto the memory chip that logs votes. Since counting in India is generally after a few days, the researchers underline that the results can be manipulated at any time. The tool for this is a sophisticated gadget like a remote control.
Adding to the unease, the researchers reveal another alarming vulnerability: the potential breach of voter confidentiality. With a system they developed, a printout of the vote can be generated the moment it is cast. By cross-referencing this with the polling booth records, it becomes possible to unveil the voter's choice, stripping away the fundamental promise of anonymity in the democratic process.
As revelations about the manipulability of voting machines spread, self-proclaimed technical experts have flooded the digital space with blogs echoing similar concerns. Among these theories is one that says the computer chips governing EVMs can be pre-programmed to act with precision. According to this argument, once a specific threshold of votes is cast, the remaining can be stealthily rerouted to favour a predetermined candidate, leaving no trace of suspicion.
The manipulation, as argued, operates with calculated subtlety. The extra votes diverted to the favoured candidate are limited to a few hundreds or thousands. This makes the number of votes cast not an overwhelming 90 per cent, but a modest yet decisive range of 40-45 per cent. This strategic precision ensures victory by a margin of mere thousands, leaving little room for suspicion and cloaking the tampering in an air of plausibility.
Another chilling claim emerges - the existence of Trojan programmes capable of rewriting election outcomes before erasing their own tracks. These malicious codes are designed to self-destruct after orchestrating the intended manipulation, leaving behind no trace of tampering. Such Trojans evade detection during pre-voting tests, as they remain dormant until a specific threshold of keystrokes, representing votes, has been surpassed. This sinister sophistication ensures that the manipulation unfolds invisibly, shielded from scrutiny and accountability.
Political parties such as the BJP and the AIADMK were among the earliest voices in India to challenge the sanctity of electronic voting machines. This was when the Congress-led coalition ascended to power at the Centre. Holderman asserts that no fewer than 16 political parties across the nation had aligned with their research findings.
Meanwhile, the Election Commission and the public sector entities responsible for manufacturing these EVMs have stood steadfast in their defence. They asserted the machines' reliability, claiming rigorous tests had been conducted to explore the potential for tampering through magnetic fields and found no evidence of manipulation.
Researchers acknowledge that technical tests were indeed conducted in 1990 and 2006, but they contend that these tests did not use the right models. Crucially, computer security experts were not brought into the process. Holderman argues that the machines have never undergone independent testing, nor have their intricate technical operations been fully disclosed to the public.
Hari and his colleagues are said to have made repeated overtures to the Election Commission, offering to collaborate in ensuring the security and integrity of the machines. But never did a favourable response come. Undeterred by the cold silence, they went on to manage procurement of an EVM for research through an officer who insisted on remaining anonymous.
Bharat Electronics Limited and the Electronics Corporation of India Limited, after years of research, unveiled the EVMs, but their inner workings remain a mystery to the vast majority. Calls for the release of the software’s source code have been rejected outright, fueling a debate that rages on. Some argue that the true reliability of the EVMs can never be fully assessed without access to this code. However, another layer of complexity is added by those who caution that releasing the source code could unwittingly open the door to potential sabotage.
The Electronics Corporation of India pioneered the introduction of voting machines in the early 1980s, initially using them on an experimental basis in select regions, though they were not accepted nationwide. Separate machines were employed for casting and counting votes, a practice that continued with the machines rolled out in 2000. It wasn’t until 2009 that a staggering 13,78,352 of these EVMs were introduced across the nation. Of them, 9,30,352 machines were manufactured between 2000 and 2005, while the remainder were built between 2006 and 2009. According to the researchers, it was one of these newly developed machines that they acquired for their experiment.
The study highlights that California, Florida, Ireland, the Netherlands, and Germany have all abandoned the use of EVMs, citing concerns over security and reliability. However, the design and operation of voting machines in India are considerably simpler, which, paradoxically, opens the door to different possibilities of sabotage.
Indian voting machines are now being exported to various countries, with many considering adopting a system similar to that in India. In this global context, the integrity of the study, conducted under the supervision of foreign experts, may be called into question. However, it is the fundamental right of the people to seek clarity and address any doubts. The sanctity of the democratic process must remain untarnished, and allegations of it being manipulated into a chilling game of stealth and precision cannot be dismissed without due scrutiny.
Security Analysis of Indian Electronic Voting Machines
Scott Wolchok, Eric Wustrow, J Alex Halderman (The University of Michigan), Hari K Prasad, Arun Kankipati, Sai Krishna Sakhamuri, Vasavya Yagati (Netindia, (P) Ltd., Hyderabad)
Rop Gonggrijp