In a dramatic session in the Delhi Assembly on Tuesday, the Aam Aadmi Party (AAM) legislator Saurabh Bhardwaj used an electronic voting machine (EVM) prototype to highlight a possible hacking of the actual EVM used by the Election Commission of India (ECI). The model used by Mr. Bhardwaj had a similar look and feel to the actual EVM and had its own ballot and control units.
It registered votes for candidates (parties in the prototype as opposed to candidates with symbols in the ECI-EVMs) and allowed for the ballot unit to display total votes polled by each candidates tallied at the end of polling. Mr. Bhardwaj also showed that the use of malicious code (“secret codes”) by a voter affiliated to a certain party could fix the results to be different from the actual tally and in favour of that party and, ergo, demonstrated that the machine could be hacked. He went on to allude that this is how EVMs are being hacked in the country and that it is easily possible to do the same with the ECI’s EVMs.
In reality, the ECI’s EVM does not allow for any trojan horse (malicious code) enabled key presses. Only one key press on the ballot unit is allowed during the act of voting and recognised by the control unit, so the use of a secret code to lock the tally in favour of a party as alleged by the demonstration does not hold true in the case of the ECI’s EVM.
Mr. Bhardwaj later claimed in his presentation that a simple change of the “motherboard” in the ECI’s EVM was enough to render the manipulations of the kind he demonstrated as possible. In other words, if the ECI’s EVM was manipulated by the change of its microcontroller, it could function in the manner he demonstrated. But for that to happen, a large-scale operation of changing the microcontroller embedded in every EVM to be used in an election is required, and this is only possible if there is direct collusion between the ECI authorities who are in charge of storage, commissioning and allocation (which is done via several stages of randomisation) and the political party that is orchestrating this mass fraud. That is, every administrative safeguard instituted by the ECI would have to deliberately violated by its own officials to allow for the manipulation that Mr. Bhardwaj implied is possible through his demonstration.
In media interviews, he went on to claim that the ECI as an authority is in charge of only certain aspects of safekeeping and monitoring of EVMs and that many others — such as procurement of microcontrollers from abroad, calibration of machines — are done externally, and it is in these stages that the manipulation can be done beforehand. But this again negates the fact that quality control checks are done during and after manufacture, and besides these, the ECI's new models (M2 and M3) prevent tamper-proofing by time-stamping key presses and provide for encryptions and tracking software that handle EVM logistics.
In other words, the AAP’s EVM-hacking demonstration did nothing to raise any relevant questions about the technical and procedural safeguards that are already in place and set by the ECI. It seemed more like an amateur-hour display of the use of a random microcontroller.
Theatrics in Parliament and Legislative Assemblies are not new. But this display by the AAP was qualitatively different. The party has been under tremendous strain recently to explain its underwhelming performances in Assembly elections in Punjab and Goa and the municipal polls in Delhi. It has taken the easy way out (as have other parties such as the Bahujan Samaj Party) to ascribe this performance to technological fault through EVM manipulation.
The EVM, just as any other machine, needs to constantly evolve in order to remain secure and workable under any condition while at the same time keeping its operations simple. The introduction of the VVPAT should enable another layer of accountability to the EVM. To seek to improve the use of EVMs and to secure them better is one thing; to call them faulty machines which are being deliberately manipulated by a pliant system that is in cahoots with dominant political actors is another, considering the experience of its use for the past two decades and repeated clarifications and improvements made to them by the ECI. This amounts to delegitimising the entire system of an accountable and independent ECI that conducts elections with the participation of other administrative actors as watchdogs and checks over it.
The AAP is playing a dangerous game by doing this. The answers to the present stasis in the AAP’s electoral growth lie in the application of its politics and not in technology.