EVMs - Good Idea. But Is It Time Yet ?
New Delhi | Monday, Dec 20 2010 IST
A conference segment scheduled to hear two Western experts' claims that electronic voting machines used in India are not tamper-proof was called off, sponsors say.
''The talk was cancelled since they did not come,'' a spokesman for the sponsor, Dhirubhai Ambani Institute of Information and Communication Technology, Gandhinagar said in a telephone interview.
The speakers listed: J Alex Halderman, Assistant professor of electrical engineering and computer science at Michigan University, and Rop Gonggrijp, a Dutch hacker and WikiLeaks contributor from Amsterdam.
Halderman and Gonggrijp arrived separately in New Delhi last week but were detained at Indira Gandhi Airport for almost 12 hours over a ''technical'' violation, an airport official said.
The two had allegedly visited India before on tourist visas and went on to deliver lectures or participate in conferences.
Officials said Indian missions were under instructions not to issue them visas, but lapses occurred in each instance.
Officials did not say whether or what action was taken for the lapses, besides detaining the visa recipients.
Halderman and Gonggrijp were eventually allowed to enter India provided they do not violate the terms of their tourist visas.
According to Gonggrijp's blog,''this may all be a consequence of the Election Commission of India having us investigated for some made-up conspiracy to destabilise India for daring to prove that the Electronic Voting Machines used here can be quite easily manipulated.'' But any such involvement of the ECI was denied by a senior official. ''Let them lecture all they want,'' the official said.
At the same time, officials point out that visitors must honour the terms of their entry as tourists.
Before they were intercepted, both men appeared headed for Gandhinagar to attend the Sixth International Conference on Information Systems Security scheduled December 15-19.
Neither researcher was available for comment, having apparently not reported at the DAIICT event.
The two reportedly co-authored-- alongwith six others-- a paper titled: Security Analysis of India's Electronic Voting Machines presented at Chicago, Illinois in October 2010.
An Abstract of the study available through the sponsor website notes that elections in India ''are conducted almost exclusively'' using EVMs ''developed over the past two decades by a pair of government-owned companies.'' The EVMs are manufactured by Bharat Electronics Limited, Bangalore and Electronics Corporation of India Limited, Hyderabad, with a 'programme code' which controls their functioning written onto the chips in the United States by foreign private companies.
The study says the EVMs ''have been praised for their simple design, ease of use, and reliability, but recently they have also been criticised following widespread reports of election irregularities.'' But it says that despite ''criticism, many details of the machines' design have never been publicly disclosed, and they have not been subjected to a rigorous, independent security evaluation.'' The authors ''present a security analysis of a real Indian EVM obtained from an anonymous source.'' ''We describe the machine's design and operation in detail, and we evaluate its security in light of relevant election procedures.
''We conclude that in spite of the machines' simplicity and minimal software trusted computing base, they are vulnerable to serious attacks that can alter election results and violate the secrecy of the ballot.
''We demonstrate two attacks, implemented using custom hardware, which could be carried out by dishonest election insiders or other criminals with only brief physical access to the machines.
''This case study carries important lessons for Indian elections and for electronic voting security more generally.'' The study does not say how the researchers got hold of the EVM.
One co-author, Hari K Prasad, was reportedly arrested by a Maharashtra police team on August 21, 2010 from his home in Hyderabad ''on the flimsy charge of 'theft of EVM' used for vulnerability demonstration.'' The other five: Scott Wolchok, Eric Wustrow, Arun Kankipati, Sai Krishna Sakhamuri and Vasavya Yagati.
The study concludes that ''despite elaborate safeguards, India's EVMs are vulnerable to serious attacks. Dishonest insiders or other criminals with physical access to the machines can insert malicious hardware that can steal votes for the lifetime of the machines.
''Attackers with physical access between voting and counting can arbitrarily change vote totals and can learn which candidate each voter selected.
''The design of India's EVMs relies entirely on the physical security of the machines and the integrity of election insiders.
''India's EVMs do not provide transparency, so voters and election officials have no reason to be confident that the machines are behaving honestly.
''India should carefully reconsider how to achieve a secure and transparent voting system that is suitable to its national values and requirements.'' It suggests three options: -- A voter-verifiable paper audit trail which combines an electronic record stored in direct-recording electronic voting machines with a paper vote record that can be audited by hand.
-- Precinct-count optical scan voting where voters fill out paper ballots that are scanned by a voting machine at polling stations before being placed in a ballot box.
-- Simple paper ballots.
''Despite all of their known weaknesses, simple paper ballots provide a high degree of transparency, so fraud that does occur will be more likely to be detected.
''Using EVMs in India may have seemed like a good idea when the machines were introduced in the 1980s, but science's understanding of electronic voting security-- and of attacks against it-- has progressed dramatically since then, and other technologically advanced countries have adopted and then abandoned EVM-style voting.
''Now that we better understand what technology can and cannot do, any new solutions to the very real problems election officials face must address the problems, not merely hide them from sight.'' Reservations about the EVMs have been voiced by many.
As early as March 18, 2004, the CEC was petitioned by a group of Supreme Court lawyers to ''modify and upgrade'' EVMs to generate a verifiable paper record that permits a proper recount should need arise.
A month later, on April 21, the lawyers reported they were assured by then Deputy Commissioner A N Jha that the EC is ''seriously considering'' attaching small printers to EVMs to produce an auditable paper trail that allows recount.
Indian politicians have even cited the experience of some Western nations-- Germany, the Netherlands and others-- which tried electronic vote but went back to good old paper ballots.
Answering a member in the Rajya Sabha last month, Law and Justice Minister M Veerappa Moily acknowledged it all but held that Indian EVMs ''are different.'' Dr Moily said the ECI ''uses strict administrative safeguards in this regard for greater transparency... All of these ECI-EVMs are fully tamper proof.'' He said the ECI EVMs ''are different'' in three respects.
They: -- Are stand alone machines-- not networked; -- Use a masked One-time Password microcontroller chip; -- Do not use an operating system.
He cited a consensus among Indian political parties achieved in an All Party Meeting on October 4, 2010 to continue using EVMs.
''The only request by the political parties was to consider the possibility of a verifiable paper trail,'' Moily said, adding that the ECI has ''already referred that matter to its technical expert committee for examination.''
-- (UNI) -- 20DI45.xml
Watch News Videos