This week the debate on whether electronic voting machines (EVMs) in India are tamper-proof, reached boiling point in far-away Washington, as a representative of the Election Commission of India (ECI) and an American university professor clashed publicly over contradictory claims regarding the machines.
The controversy was stoked at an industry conference on EVMs, where Alok Shukla, Deputy Election Commissioner at the ECI and Alex Halderman, Assistant Professor of electrical engineering and computer science at the University of Michigan, also put forth different accounts regarding the case of Hari Prasad, a colleague of Mr. Halderman who was alleged to have appeared on Indian television with an EVM that he procured from unnamed sources.
Mr. Halderman, who said that he and his colleagues had worked with Mr. Prasad to demonstrate the vulnerability of EVMs to tampering, pleaded with Mr. Shukla to call off efforts by the ECI to have the Indian police question Mr. Prasad.
Mr. Shukla however pointed out that if the Indian police had sought out Mr. Prasad after his television appearance, it was because he was known to have government property in his possession and that such unauthorised access to EVMs could have serious consequences for election results themselves.
The technical arguments surrounding the question of the vulnerability of EVMs to tampering were also in stark contradiction.
On the one hand Mr. Shukla, along with P.V. Indiresan, former director of the Indian Institute of Technology, Madras, argued, “Indian EVMs are fully tamper-proof when used under complete administrative safeguards prescribed by the ECI... There is no justification in the demand for a change in the voting system.” However, Mr. Shukla conceded, “Improvements are always possible and ECI has an open mind to consider all constructive suggestions.”
Vulnerable to “dishonest display”
Yet, Mr. Halderman noted that based on the experiments that he and his colleagues had undertaken, they could demonstrate that EVMs were vulnerable firstly to the so-called “dishonest display” attack whereby a microcontroller and a Bluetooth radio chip could be smuggled into the device using a genuine-looking display board. Through the use of these devices, which Mr. Halderman said he had assembled at the cost of “just a few dollars”, the attacker could then signal which candidates should receive stolen votes via a Bluetooth smart phone.
Electronic booth capture
Second, Mr. Halderman alleged, the Indian EVM was also susceptible to attack through the use of an electronic clip, which attached directly to the EVM chips and could rewrite the votes stored there. Not only could the votes be changed through this “electronic form of booth capture,” but the secrecy of election data could also be violated as the clip would allow the attacker to copy out the votes stored.
Further, Mr. Halderman said that the paper, wax and string seals used to protect EVMs had been “widely discredited” and were entirely vulnerable to tampering. “Machines [are] stored around the country in a variety of locations, from abandoned warehouses to schools, etc. [and it is] likely many of them could be accessed by criminals, especially with the aid of dishonest insiders,” Mr. Halderman said.
Substantiating these arguments Indian pollster G.V.L. Narasimha Rao said that employees of Public Sector Undertakings and their technicians – responsible for manufacturing the EVMs – were a “huge potential source of fraud,” even if the ECI had ruled out any form of insider threat. Further, he said, a large number of private players were involved in election operations including manufacturers, their agents, vendors of foreign companies, government officials and so on.
However Mr. Shukla and Mr. Indiresan denied these claims. Mr. Shukla noted that the uniqueness of the Indian EVM was that it had no operating system, could not be networked and no input was possible except from the ballot unit of the machine. He also added that claims that the EVMs had been corrupted with a Trojan programme were unfounded. Most of the Indian courts including the Bombay, Karnataka, Kerala and Madras High Courts had refuted such claims and recorded their appreciation of the efficiency of EVMs.
Mr. Indiresan noted too that the claims regarding EVM vulnerability were exaggerated, especially given the machines’ new security features. These included, he said, dynamic code hopping with encryption, an interconnecting cable that was crimped and moulded and a digital signature in the control unit.