Strange Love (for EVMs!) or Why you should worry and doubt the EVMs!

Strange Love (for EVMs!)
or Why you should worry and doubt the EVMs!

Abhijit A.M.

All general and state assembly elections since 2004 have taken place using Electronic Voting Machines (EVMs) in India. Ever since the EVMs were formally introduced in the electoral system in India in 1998, they have been a subject of controversy. Leaders across the political spectrum, including Bal Thackeray (Shivsena)1, Lal Krishna Advani (BJP)⁷, Sharad Pawar(NCP)2, Chandrababu Naidu (TDP), Subramaniam Swamy(JP, BJP)3, Mamata Banerjee (TMC)⁵, H. D. Deve Gowda (JD(S))⁴, Akhilesh Yadav (SP)4, Abdul Khaleed(LJP)³, Sitaram Yechuri(CPM)³, Arvind Kejriwal (AAP)⁵, Mayawati (BSP)5, Kapil Sibal (INC)6, etc. have questioned EVMs and the process of voting using EVMs from time to time. Even a close ally of the ruling BJP, the Shivsena, doubted the result of a by-election accusing EVM manipulation in Jun 20187^,8, and Feb 2019 saying that “with EVMs Lotus can bloom even in the United States!”9. Many of them have changed their stance, or chose to keep mum, when the results favored them! For example Abhishek Manu Singhavi of INC questioned Advani’s doubts in 2009¹⁰, but was fighting with Chandrababu Naidu against EVM in 2019¹¹!

A number of benefits of the EVMs have been cited in various studies. For example, “a reduction in voter turnout especially in states with politicians with criminal backgrounds, an increase in turnout and the ability to cast a vote for among vulnerable groups, a reduction in the number of rejected ballots, etc.”12 While the benefits like decrease in rejected ballots are obvious to achieve, given the nature of the solution, other benefits like reduction in turnout with politicians having criminal backgrounds which refer to reduction in malpractices can not be termed as the victory of the EVMs themselves.

Nevertheless, election-related frauds even without EVMs are not new to any bourgeois democracy in the world. Frauds including manipulation of demographic data, altering the voter lists like including fake voters or deleting legitimate voters, helping dummy candidates run the race to eat into the vote share of the opponents, booth capturing, prohibiting a section of people from voting, use of violence to coerce people, attacks on polling stations, booth capturing, buying of votes, ballot stuffing, misrecording of votes cast, destruction of ballot boxes, voter impersonation, etc. have been known for more than a century now. All these examples of possible electoral fraud clearly indicate one thing: that intent exists, among the bourgeois political parties to manipulate the electoral process for undue advantage. This intent does not disappear with the introduction of EVMs!

That is why the EVMs have been a cause of debate and controversy since their advent. It is obvious that not only the bourgeois political parties, but the ruling class in a bourgeois democracy, that is the bourgeoisie and the fascist organisations like RSS that they foster, would also have interest in deciding the results of the election. The intent combined with possible lacuna in the process create a scope for manipulation of the EVMs. So far, only circumstantial evidence/news has come forth about troubles with EVMs and no claim has been made about a scandal involving particular persons. However, when it comes to the electoral process, it is not necessary for a scandal to have taken place, but sufficient to establish that a scandal is possible.

In the era of fascism, where all democratic institutions from the courts to police, and from media to election commission are being infiltrated, subjected to coercion, pressure and intimidation by the fascist organisations, when terror accussed are entering the parliament and judges are getting murdered, when cases against terror accused are being withdrawn or accused being let free, when gau-rakshaks are the de facto law enforcement in parts of the country, judges and lawyers are taking to press and resigning citing political pressure, dissenting Election Commissioners13 are being targeted by fascist web portals14, the doubts about the sanctity of the electoral process that decides who rules, are bound to rise. This article tries to raise critical questions on whether EVMs can really be ‘hacked’ and whether the process of using EVMs is a foolproof process beyond doubt.

Status paper of the Election Commission

The Election Commission of India (EC, or ECI) has recently published a Status Paper on EVM (Edition – 3) on 8th October 2018 15. The EC has tried to argue about the infallibility of the EVMs and has given several arguments in favour of EVMs manufacturing and usage process. The detailed description of all claims of the EC is beyond the scope of this article and the interested reader is encouraged to read the status paper. Some of the key arguments of the EC are summarised below.

Technological safeguards

EVMs are stand-alone machines and not connected to computers, also they have no network connectivity, so nobody can remotely communicate with them to alter the results.
Machines are one time programmable at the time of manufacturing, so there is no question of someone introducing a malicious program in the microchip.
The software of EVMs is developed in-house, by a selected group of Engineers in Bharat Electronics Limited (BEL) and Electronics Corporation of India Ltd (ECIL) independently of each other. The source code is not shared with anyone except authorised personnel.
The testing and evaluation of the software is carried out by an independent testing group as per the Software Requirements Specification (SRS).
The manufacturers of microchips, who are based abroad, were given the machine code (and not the source code) to be burnt into the chip for the M1 and M2 versions of the EVMs. The BEL/ECIL conducted functional testing of the microchip samples given by the microchip manufacturers. With latest M3 machines, the burning of the machine code onto microchips is done by BEL/ECIL themselves.
Functional testing is done during manufacturing (i.e. basically the assembling of various parts of the EVM machine, including the microchip) at BEL/ECIL according to set standards.
The latest M3 machines have tamper detection and self-diagnosis features, making them tamper proof.
Latest security enhancements like dynamic coding of key codes, date and time stamping of every key press, real time clock, full display system make it 100% tamper proof.

Administrative procedures

At every stage of use of the EVMs —including testing of machines just before polls i.e. First Level Checking (FLC), two level randomisation of machines for sending to constituencies and booths, testing of machines before poll on poll day (mock poll), sealing of machines after poll, storage of the machines after poll, opening the seals before counting—the representatives of political parties are involved in the process. The representatives put their signatures on the seals during each sealing process.
It is not possible to know which EVM goes to which booth due to randomisation of the machines before polls. The serial numbers of candidates are randomised on the ballot unit and only known after finalisation of the list of candidates.
Machines are fully physically secured under stringent security protocols and no one, except authorised personnel, under a protocol, have access to them, so the microchip or hardware in the machine can not be replaced.
The Voter Verifiable Paper Audit Trail (VVPAT), introduced in the 2019 general elections, ensures that voters verify the vote they have cast .
Candidates can put their own seals on strong rooms where EVMs are stored post-polls and their representatives also can keep watch over these storage houses.

Storage and Transportation of EVMs

Annual verification of EVMs is done by the District Election Officers (DEO, mostly the District Collector) after informing the National and State recognised parties at least 24 hours in advance, and in their presence.
EVMs are stored in a warehouse, which has only one entry point, no windows, double lock with key of each in custody of DEO and Deputy DEO, with 24×7 police security.
EVMs are stored under CCTV protection from the time of First Level Check (FLC, done before elections start) till Election Petition(EP) completion period.
EVMs are not moved out of warehouse without specific approval of the EC and prior information to political parties. EVMs are moved only in vehicles with GPS tracking.
The EVM Tracking System (ETS) is a modern inventory management system to track presence of all EVMs/VVPATs on a real time basis and all movements of the machines take place through this system.

During Election Period

The EVMs are handed over to the Returning Officers, kept in strong rooms in presence of representatives of political parties, under videography, both before election, and after election. The representatives of political parties can also guard the strong rooms.

Indian EVMs and the Process, compared to the world

It is often said that being Electronic machines, the EVMs are highly vulnerable to manipulation. However a careful attention to the specification of Indian EVMs and the process prescribed for using them present, to the credit of the EC, a design of a quite foolproof system. Some have argued that if the protocols are followed in toto, the EVMs are not hackable16.

It should be noted that the Indian EVMs are not better compared to EVMs in other countries because of better or advanced technology, but because they are simple in design. The machines, as claimed, are micro-controller based (not computer based), carry no communication component, have no operating system or networking component, are stand alone, do not require power to operate, and are One Time Programmable (OTP). In addition, as explained above, the EC has put in numerous administrative procedures for safe keeping of the EVMs.

The claim of the EC, on the EVMs being tamper proof relies on both the facts that the EVMs have a non-hackable design and they are perfectly safeguarded.

Putting on the ‘black hat’

The protocols laid out for storage, handling, repair, usage during polls, counting, and the technological capabilities of EVM appear to be a very detailed set of rules, designed with the aim of making the process of elections foolproof. However, for anyone conversant with the world of computer and cyber security, it is commonplace knowledge that all it takes is a security hole of the size of a needle for an elephant of malicious code to pass through! Of-course, when it comes to electoral machinery involving EVMs, the holes are not to be only technical or computer-programmatic in nature, but in the nature of lacuna in administrative processes and human weaknesses as well.

In order to understand how the EVMs can be manipulated, it is necessary to put oneself into the position of someone who has the intention to do electoral fraud, someone who knows the entire electoral process and try to find out possible technical and human flaws that can be exploited and try to find that hole of the size of the needle, in other words to put the ‘black hat’ on. One should also assume that he/she is in the position of power, and able to influence some or many, if not all, parts of the electoral machinery for the purpose of a fraud.

False claims

It should also be noted that many false claims keep circulating the internet and the world of ‘WhatsApp University’ and YouTube videos, and such claims further end up confusing a section of people, and prevent possible valid claims from being given a serious thought. Some of the false claims noticed are listed below.

A claim that the EVMs are connected to internet at the time of counting, to transmit the vote count, and at that time hackers belonging to ruling party send messages using Reliance (!) and Vodaphone(!) towers to these machines, changing the results. This is obviously false as the machines are never connected to internet. 17There is a video where a voter can be ‘seen’ pressing the button of BSP, but the vote goes to BJP. It can be observed very easily that in this video, the user is actually pressing the button of BJP only and carefully hiding it under his hand.
A news circulates saying that Neela Satyanarayan, ex Election Commissioner of Maharashtra questioned EVMs brought from Gujarat. There has been no such incident. 18A tweet that for 3 lakh EVMs the serial numbers do not match with those given by EC. This news exists only on Twitter and nowhere else. 19A mysterious person named Shuja has twice claimed that he was an insider at BEL/ECIL and could demonstrate how EVMs can be tampered with. All the two high intensity events called by this Shuja turned out to be flop as he, maintaining anonymity, failed to demonstrate anything.20 A candidate Shrikant Shirsat, who contested from the Saki Naka municipal ward (No. 164) in suburban Mumbai had said that he had voted for himself and so had his family members. However, he claimed that had he had polled zero votes. A probe revealed that he was enrolled as a voter at two polling booths, which in itself, is illegal and contrary to his claims, he has not got zero votes at either of the two polling booths^v.
The false impression that all EVMs are already programmed to benefit a particular party only has to be done away with, as this would be the most foolish, non-workable and most easily detectable way of tampering.

Some feasible possibilities of hacking the EVMs

(1) Hari Prasad et.al.’s claims

A paper published by some reputed computer security experts21, claims that “Despite elaborate safeguards, India’s EVMs are vulnerable to serious attacks. Dishonest insiders or other criminals with physical access to the machines can insert malicious hardware that can steal votes for the lifetime of the machines. Attackers with physical access between voting and counting can arbitrarily change vote totals and can learn which candidate each voter selected.” It demonstrates that many possible attacks like using a dishonest display board, clip-on memory manipulator attack are possible. Any of the attacks mentioned in this paper requires physical access to the machine.

Interestingly this study was supported by one of the prominent BJP leaders Subramaniam Swamy and GVL Narsimha, both members of parliament now, who are now saying that with introduction of the VVPAT, as suggested in this study, they have no issues with the use of EVMs.

The EC denies that any such physical access to the machine is possible, given the stringent security protocols that it follows. The EC claims that “…replacement of micro controller/chip and the motherboard in earlier generations of machines like M1 and M2 is ruled out due to robust administrative and technical safeguards. Further, the new M3 EVM produced after 2013 have additional features like Tamper Detection and Self Diagnostics. The tamper detection feature makes an EVM inoperative the moment anyone tries to open the machine.”²²

The argument of EC does not rule out the possibility of the entire EVM being replaced in connivance with rogue officials, in the period between two elections when political party representatives are not watching over the store houses. The fact that the authors of this paper were able to obtain an authentic EVM for their study, which is confirmed by the arrest (!) of the author Hari Prasad22 under the charge of stealing an EVM, itself testifies that the so called administrative safeguards are not foolproof! If the entire motherboard is replaced, it is quite likely to bypass the FLC done before any elections. It is not clear if the EC/BEL/ECIL use some kind of signatures on the motherboard and components to detect tampering. The ‘Tamper Detection’ and ‘Self Diagnosis’ of M3 machines may not apply if one is able to replace the entire EVM itself.

(2) Key-sequence Trojan horse

On May 9, 2017 Aam Aadmi Party MLA Saurabh Bharadwaj demonstrated, using a custom made EVM, that it is possible to make a desired candidate win even at the time of voting, bypassing all the safeguards of randomisation of machines and candidate lists. The machine was programmed to work normally until one of the voters pressed, in a particular sequence, a series of buttons on the ballot unit triggering a special code that could make any candidate win. For example, the code 129346 may mean candidate 6 (the last digit) is favoured, and the code 12934 (first 5 digits) signifies the key press to trigger the special code. The machine, after pressing of such sequence of keys, may transfer a fraction or all votes of one, more, or all candidates to the desired candidate.

In response, the EC claims “Control Unit activates Ballot Unit for only one key press at a time. Any additional key pressed on the Ballot Unit is not sensed by the Control Unit making it impossible to send signals by pressing a sequence of keys or secret codes…even if a voter keeps on pressing the other buttons, that is of no use as there will not be any communication between CU and BU of those subsequent key presses,”²² If that was true, the above key sequence can also be entered by a sequence of voters (and not one particular voter), requiring a more coordinated effort on the side of the hacker.

Another explanation offered by EC is that “…The manufacturers are in no position to know several years ahead which candidate will be contesting from a particular constituency and what will be the sequence of the candidates on the BU and, thereof”.²² This explanation does not apply to the key-sequence Trojan horse type of code as it does not rely on the sequence of voters on the ballot unit.

It should be noted that this kind of a Trojan horse code ensures that: (a) Only those with the particular key sequence are in a position to determine the result (b) Whether to influence a particular poll/booth/constituency, is a subjective decision of the person having the key, thus one may not influence the decision if the estimate is that the normal polling will go in his/her favour (c) The decision of which candidate to favour is a flexible one (d) Claims like “how do you explain the other party winning the most recent election”, or “If there was a tampering, the machine would favour one political party only”, etc. are answered (e) Despite all the high security apparatus around EVMs and the apparently waterproof procedure of voting and counting, the manipulation is possible that cannot be caught with simple human eye (f) No matter how much functional testing is done by the EC or independent people on the machines, before elections in FLC, during the mock poll, such Trojan horse can go undetected.

The EC denied this claim by simply saying that this is not an EVM of the EC, but some custom made EVM, and anyone can make such EVM. The EC also maintains that changing the EVM like this is not possible as the microchip used is one time programmable. However, this does not rule out the possibility of the first time programme itself having this Trojan horse. It should be noted that for M1 and M2 versions of the EVM, the program was fused into the microchip in USA and Japan. It also does not rule out that by gaining physical access to the machine someone replaced the motherboard and/or the microchip. A news report alleges that the manufacturers of the microchips in USA, i.e., the company Microchip Inc, USA headed by a NRI billionaire and the beneficiaries of an alleged scandal involving Gujarat State Petroleum Corporation Ltd (GSPC) are the same23, so such possibilities are not entirely ruled out. There is also the possibility that some of the M3 machines, claimed to have the program fused onto them in BEL/ECIL, also have a Trojan horse program if one the BEL/ECIL employees doing this has turned rouge.

Despite the 2013 recommendation of its own technical evaluation committee (TEC) to make the firmware or source code embedded in the micro-controller used in EVMs transparent in order to ensure that there is no Trojan or other malware in the EVMs²³; the EC does not allow anyone inspection of the microchip and the firmware code on it, thus keeping up the suspicion that the first time programmed firmware code itself is compromised.

Possibility of illegal access to the EVMs

Both the ‘hacks’ mentioned above assume physical access to the machines. A large part of the argument of the EC is based on the ‘impeccable’ administrative procedures used for storing of the EVMs saying that no one has access to the machines, unless authorised. Unfortunately, some of the recent news coming in punches holes in the EC story and raises serious doubts.

As already discussed above, the fact that Hari Prasad and other researchers could gain access to an EVM of the EC itself proves that the EVM’s physical security can be breached.

There have been many news reports recently, based on information obtained through RTI, which all point to possibility of EVM machines being replaced. For example, the news about 20 lakh EVMs going missing24 is based on RTI information obtained from EC and BEL/ECIL and there is a discrepancy in the count of machines supplied by BEL/ECIL and those received by EC. This raises the doubt of machines being in custody of some political power and being used for swapping with the EC’s machines. Interestingly, when this RTI activist, Manoranjan Roy asked the EC about unique ID numbers of EVMs supplied to various states along with the challan copy of transport and the name and mode of the transporter, he got in response only a statement showing year-wise budget provision and expenditure! The EC, in a very general and factless reply has said that “This news story carried only partial and one-sided information, which is inaccurate and based on specious misinterpretation of the facts in the matter, thereby creating unwarranted doubts in the minds of general public.” The said activist’s petition is currently pending in the Supreme Court.

Recent news about the M3 machines having re-programmable memory25,26 raise very serious doubts about the claims of the EC so far. The EC always maintained its claims on the basis of One Time Programmability (OTP) of the microchips (even though it itself could not read the firmware on these OTPs!). That the chips come with memory that can be reprogrammed creates a situation where the code in the machines can be changed if one has physical access to the machines. This creates a possibility of manipulation on large scale, at the same time absolves the microchip manufacturers of any responsibility.

It should be noted that manipulating even 10 percent machines is sufficient to give effect to a desired result. The same is claimed by Hari Prasad in one of his interviews.27 On a scale of nearly 16 lakh machines, even 10 percent machines mean 1.6 lakh machines. Whether manipulation of machine on this scale is possible without going unnoticed, is the question raised by some^xiii.Although the number 1.6 lakh appears to be big, on a per Loksabha constituency basis, it turns out to be only nearly 300 on average. Changing the motherboards on 300 EVMs in a constituency may take upto 50 to 100 hours by skilled engineers. Considering a claim by AAP, that it takes only 90 seconds to replace a motherboard, it may take as little as 7 hours.28 Considering that during the FLC, the engineers from BEL/ECIL do not check the firmware in the machines, that the M3 machines have a re-programmable memory, that not only the micro-chip but entire motherboard or the EVM itself can be replaced, and there is a considerable period of few years between elections during which the machines are not kept under the watch of political party observers, the possibility of changing the micro-chip/motherboard in many EVMs can not be ruled out. On top of this, if a party like BJP, which is backed by a strong fascist cadre force of RSS trained to keep secrets and spread rumours, and deep penetration in the state machinery is planning to do this, the chances of such manipulation are definitely much higher.

Although the EC claims, as one of its most important arguments, that all movement of EVMs is tracked using GPS, in reply to a RTI query the EC reported29 that it has no information in “any material form” related to the GPS data and movement of these vehicles! Apparently, the claim about the watchdog EVM Tracking System (ETS) is just a claim on paper. This, combined with news reports on EVMs being found in places like hotel rooms, EVMs reaching late to the collection center further adds to the claim that the security of EVMs, unlike as claimed by EC, is often breached in practice! Some recent news items add to this suspicion. (A) In Chandauli, Uttar Pradesh, on May 20, after the polls were conducted, one of the citizens videgraphed allegedly ‘reserve’ EVM machines being stored in a room in the counting center complex without following any of the protocols of the EC30. The video posted on twitter is blocked in India, at the time of writing this article, in response to a legal demand,31 but is still accessible at a YouTube link.32 According to EC guidelines “all polled and reserve (emphasis ours) EVMs, after voting, shall be under the cover of armed police at all times. Reserve EVMs should also be returned at the same time when the polled EVMs are returned at the receipt center.” The District Election Commissioner said that “Thirty five additional unused EVMs were kept at the Sakaldiha tehsil. These could not be transported on Sunday and were brought from Sakaldiha on Monday to be stored in a different place”.33 Clearly, the EC guidelines are being violated. (B) In Domariyaganj, Uttar Pradesh, May 14 in Uttar Pradesh’s Domariyaganj, Rajendra Agarwal, the deputy Tehsildar, was caught by people carrying EVMs in his jeep. A video of the same incidence is available on YouTube.34 Again it was claimed that these were the reserve EVMs, but clearly the EC guidelines could be seen being violated. (C) In Jhansi, Uttar Pradesh, on April 29, two private vehicles carrying the VVPAT and two vehicles of the City Magistrate carrying EVMs were found. A video of the incident is available on twitter.35 It was claimed that the said EVMs were faulty. Here also we can see a clear violation of the EC norms.

This further corroborated with the news that there has been a mismatch in the count of votes obtained through EVM and reported by the polling officers, in more than 370 constituencies36, including 119 of 120 constituencies in Bihar and Uttar Pradesh37, raises the suspicion on physical safety procedures for EVM being followed in toto. The EC has claimed38 that “the provisional voter turnout data is displayed as percentage figure on Election Commission of India Web site and Voter Helpline Mobile App on the poll day as uploaded by the Returning Officer(RO)/Assistant Returning Officer (ARO) based on the approximate percentage turnout figures obtained from Sector magistrates who in-turn get it periodically over phone/ in person from about 10 Presiding officers.” Thus the voter percentage figures used in the said news items were themselves provisional. The EC website also claims that “the data is estimated and subject to change”. The process claimed by EC is indeed true. But one can see differences in voting percentage upto 2 percent and a discrepancy of this magnitude is difficult to accept based on the explanation of the EC. Secondly, in many constituencies the votes counted have been found to be less than the estimate of votes polled. The former Chief Election Commissioner Rawat says, “The vote polled data will always increase, not decrease.”³⁸All these unanswered questions by EC, remain a mystery as of now.

Various news of faulty EVMs keep propping up during every election. While it must be acknowledged that being electronic equipment, faults are definitely possible, the nature of faults that always caste vote to a particular party raises questions. In Goa, in 2019 Loksabha elections, a faulty EVM was seen casting all votes in favour of the Congress candidate39. Sharad Pawar claimed that he has seen machines which always caste the vote in favour of BJP.40

As per a news report41 quoting Gujarat’s Chief Electoral Officer, “During the FLCs, a total of 1,154 ballot units and 3,565 control units that make up EVMs were found to be defective. Apart from this, 2,594 VVPATs were also found to be defective. These machines have been sent to BEL (Bharat Electronics Limited) for repairs, …”. Thee same news also reports that “In the FLCs before the 2017 Assembly elections in Gujarat, where VVPATs were used across the state for the first time, the EC had found 3,550 VVPATs defective. As many as 5,245 Control Units (from a total of 62,666 units) and 2,907 Ballot Units (from 75,000 units) found defective were returned.” This high number, almost 5%, of VVPATs and EVMs found defective is astonishing. It either talks of the shoddy quality of work being done at BEL/ECIL or there is a possible tampering attempt!

An astounding and unanswered revelation

In one of the most astounding revelation, a team of Prof. Anupam Saraph, then Chief Information Officer for the city of Pune and Prof. M D Nalapat, Vice-chair of the Manipal Advanced Research Group, found incriminating files on the website of the election commission itself during the 2009 General elections.42 They were tracking the overall process of elections and accessing Excel sheets on the website of EC. On 16^th April 2009, the investigators found a file containing list of all candidates on the website. On 24^th April, they found an updated version of the same file. However, from 6^th May onwards till 15^th May, they found files with names of candidates with their EVM codes, and most astoundingly a number for votes polled by the candidates, even before the polling was over! Although the numbers are many times quite far apart, a comparison of the election result and the trends shown in these Excel files shows that for around 106 candidates the first rank matched, for 80 candidates rank 2, and for 59 candidates rank 3 matched 43,44 This leads to the most strong doubt that the result of the election was pre-decided. The EC has not answered to this fact in any of its statements. The fact that the United Progressive Alliance (UPA) lead by Congress won this election, further points to the suspicion of a larger level conspiracy, and possibly one at the level of the bourgeoisie. It is after this revelation that the demand for VVPAT caught speed.

Private players involved!

The EC has for long maintained that the entire process of use of EVMs is carried out under strict scrutiny and no private players are involved. However, in yet another startling revelation reported by ‘The Quint’45, based on a reply to a query under Right to Information Act, the ECIL revealed that it engaged engineers as ‘consultants’ from a Mumbai-based private company called M/s T&M Services Consulting Private Limited. This was done during the 2019 Loksabha elections. ECIL also confirmed that nearly 50 private consulting engineers and only 8 regular employees of ECIL were used to check EVMs during the 2017 Uttarakhand Assembly elections. These private engineers were employed in highly sensitive activities like checking and maintaining EVMs and VVPATs, right from First Level Checking (FLC) till the end of counting. Part of the job was to upload important details like party symbols and candidates’ names on the EVMs and VVPAT, for which the engineers had access to the machines for 15 days before polling. The same allegation was leveled by a Congress politician much before the RTI revelation.46 The EC still denies that private players were involved. These two highly contrary claims by two different government bodies only raise the bar of suspicion very high.

Sheer arithmetic calculations also point to the high possibility of involvement of private players. Nearly 16 lakh control units were used in the 2019 Loksabha elections. We can very conservatively assume that an engineer has to spend at least 30 minutes per machine, thus requiring total 480 lakh minutes of servicing time, which amounts to 1 lakh working days considering an 8 hour working day. Given that the election process went on for nearly 40 days, and assuming that the operations on EVMs also took proportional number of days, the servicing would require at least 2500 engineers. If we change the assumption of 30 minutes to 60 minutes, the requirement scales to 5000 engineers, and so on. It is quite unlikely that BEL and ECIL are able to make their own engineers available in this large a number!

This information, obtained from RTI, further points the finger of suspicion towards the corporates who are in the best position to furnish engineers at this high scale, and have high motivation to control the results of the elections.

EVM challenge of the EC : Self certification process

In a much hyped about challenge, the EC challenged political parties in 2017, to demonstrate that EVMs can be hacked. No political party took up the challenge. The EC has allowed, in such challenges, only external access to EVMs and did not allow anyone to open the EVM and inspect or change the hardware. The EC claims that the process of storage of the EVMs makes sure that nobody can touch the hardware and hence any hacker must be able to demonstrate EVM hack ability without opening it. The EC is saying that a system is hackable should be shown only under black box testing conditions. Under these conditions, no wonder, no serious hackers came forth to take up the challenge. The conditions set by EC are, in essence, a self certification process.

The VVPAT Solution

The paper by Hari Prasad, et. al.²¹ suggests that “One option that has been adopted in other countries is to use a voter-verifiable paper audit trail (VVPAT), which combines an electronic record stored in a DRE with a paper vote record that can be audited by hand”.

VVPATs make manipulation of the process extremely challenging because the manipulators now have to manipulate both the control unit and the VVPATs. One can not just do a manipulation of the machine before the polls, but also has to make sure that after the poll another VVPAT machine, with the exact same count of slips as votes cast replaces the original VVPAT machine, with all the needed seals and bypassing the security mechanisms. Any attempt to only manipulate EVM can be caught with counting of VVPAT slips.

The VVPATs assure the voter that the vote was cast properly. The VVPATs, if counted, also serve as a proof that the EVM were functioning correctly. However, the EC has so far refused not only counting 100 percent VVPATs, but even asked the Supreme Court to refuse the demand for counting 50 percent VVPATs by 21 political parties.47 The SC ruled in favour of the EC directing to count (only) 5 VVPAT machines per assembly segment. The EC cited a report by a Indian Statistical Institute(ISI) committee which says that tallying of 479 randomly selected booths is enough to have above 99.99 confidence level in fairness of elections, and claimed that it is counting much more VVPATs than this. The said report has already been questioned on the basis of its methodology48^,49, and the process of appointment of the committee50. Given the gravity of this issue, the EC should have accepted the demand of the 21 political parties for 50 percent VVPAT matching, just on the political basis and not technical basis.

Further, the rule 56 D of the Conduct of Elections Rules 1961 allows a candidate to complain and demand VVPAT counting, but the rule allows the Returning Officer to take a subjective decision on the said matter. So, practically, the candidates are left with no choice but to move to the courts, in case they are not satisfied with the EVM results.

The whole argument also assumes that after the polling and before the counting, the EVMs and VVPATs were stored completely securely. Using the same arguments as above, regarding physical security and safety of the EVMs, local level or small scale replacement of EVM and VVPAT still remains a non-zero possibility.

Discrepancies involving VVPATs have already been observed. In Gujarat Assembly elections in 2017, EVM and VVPAT mismatch was reported in 4 booths. Interestingly the news headlines ran as “100% Match Between EVMs and Paper Trail Slips on Random Vote Count, Says EC Official”, but reporting the mismatch on 4 booths in the body of the news. The EC blamed it saying “…This occurred because the Returning Officer must have made the same mistake but it could not be detected earlier. So we took into account VVPAT slips for these booths during the counting and resolved the issue”. It is quite surprising that on randomly selected booths, the Returning Officers did the same random mistake!51

The formulation of the Code of Election Rules is highly discouraging for anyone who wants to complain against the EVMs and VVPAT. According to section 49 MA of Code Of Election Rules, if a person files a complaint regarding the discrepancy regarding the EVM, and, if after investigation this is found to be false or incorrect, then the complainant can be prosecuted under section 177 of IPC for furnishing false information and convicted upto six months in jail or a Rs 1,000 fine or both. The procedure for checking whether the complainant is lying or not is that the Presiding Officer will then permit the elector to record a test vote in the voting machine in his presence and in the presence of the candidates/polling agents and if the voter’s allegation is true, the Presiding Officer would immediately report to the Returning Officer and stop further recording of votes in the defective machine. Now, the said rule and it’s penal provisions clearly deter a voter from reporting discrepancies, and further, if the machine has been tampered with, it is not difficult to program it to deliver a correct VVPAT slip after every wrong VVPAT slip, so that the test vote will always be found to be correct. Again, this kind of tampering can not be verified since the EC does not allow inspection of the firmware of EVM. In fact, in a publicly reported case, an officer ranked as high as retired Assam DGP Harekrishna Deka did not complain against the VVPAT mismatch after observing one, as it could have lead to his imprisonment!52

Some reports on the VVPAT machines showing the slip for 3 seconds only, as against 7 seconds claimed by EC, also raise the doubt that the VVPATs themselves have been compromised.53

Introduction of the VVPAT also brings in another possibility in hacking. That of replacing only the VVPATs and making the Control Unit (CU) non-functional. As per the EC rules if the CU does not show results, the VVPATs will be counted. The VVPAT unit being just a holder of votes is much easier to duplicate and replace compared to Control Units!54

As per media reports, the matching of all 20,625 VVPATs with EVMs was completely correct55. While this indicates that there might not have been large scale EVM-VVPAT manipulation, possibility on smaller scale cannot still be ruled out, given that the number of VVPAT matching is still an issue of debate. With some petitions already pending in High Courts and Supreme Courts and demands for 100% VVPAT matching raising in the country, the story of VVPATs in 2019 general elections is yet to unravel itself completely.

Credibility of the EC at historic low

The 2019 general elections witnessed many cases of the EC acting partially in favour of the ruling party. In a joint letter addressed to the President, in April 2019, 66 retired civil servants from IAS, IPS and Secretariats characterised the ECI’s conduct as “obdurate”.56 They say in their letter to the President that “The ECI’s obdurate conduct and its reluctance to undertake a proper VVPAT audit when its present sample size fails to detect a ‘defective EVM’ (i.e. a malfunctioning or manipulated EVM) 99% of the time raise serious questions about its motives for doing so.” Former Chief Election Commissioner S Y Quraishi also criticised the EC saying that it is has overlooked the breaches of Code of Conduct by the Prime Minister.57 The EC rejected the demand of it’s dissenting member Ashok Lavasa for recording the dissenting vote in the minutes, which is a clear violation of the most basic democratic norms.¹⁰ The credibility of the EC has never been so low in its history. This behavior of the EC has further added to the anger and doubt amongst people on the credibility of the EC and EVMs and the demand for replacing the EVMs by the old method of ballot paper is growing.

Qualitative advantage of ballot paper over EVM

Qualitatively the EVMs, irrespective of the entire protocol designed, have following disadvantages against the ballot paper in the following aspects:

Any manipulation of election process involving ballot boxes will be local in nature. Thus the effect of the manipulation is limited. On the other hand, a manipulation involving EVMs can be done on nationwide scale.
A ballot, being a paper handled by the voter, is more transparent to the voter than an electronic machine where the voter only presses a button. The VVPAT tries to solve this problem, but not completely as the result is still primarily counted using the machines and not VVPAT.
The ballot does not malfunction, the EVM can. Any EVM malfunctioning can appear to be an attempt of manipulation to the voter.
Because of the technical nature, EVMs require a very detailed procedure to be evolved to make sure that no manipulation is possible, but this very detailed nature makes it quite difficult for common populace to understand it, creating the scope for always having a doubt over the EVM process.

Actions expected from the Election Commission

Given the range of issues plaguing use of EVMs, the distrust it has created in the minds of people, the never ending allegations against EVMs, there is a need for the EC to seriously rethink on EVMs. In a democracy, the electoral process should be above suspicion. To ensure this the Election Commission must switch back to ballot paper! Considering the way all democratic institutions are infiltrated by the fascist machinery, this seems implausible today without a huge people’s movement. Meanwhile, to bring out any fraud that is possible with EVMs, the following demands should be raised.

Election Commission must undertake the task of counting all the VVPAT slips for 2019 general elections. The argument that it is a time consuming process is too lame an excuse to deny the most fundamental right to the people in a democracy. In an election process that results in spending of thousands of crores of rupees, the time and money investment needed only for counting the VVPAT slips, is minuscule compared to the investment already done in manufacturing the EVMs, VVPATs, and running the entire election process.
In all elections, where the difference of votes between the winner and first loser is very small (like 1%) or on a complaint by any candidate, all VVPATs must compulsorily be counted.
As suggested by Sunil Ahya, a micro-controller manufacture himself and a lawyer, in a petition before Supreme Court, EC should compute the cryptographic hash value (mathematically a one way conversion) of the machine code, and print the value on each EVM58. The same object code should also be available under open source. This will only possibly result in small loss of revenue that could be made by BEL/ECIL by selling EVM under a proprietary license to other countries, but it will greatly increase the confidence in the EVMs. The EC should make available all the source code and machine code used for EVMs and the GPS tracking system of EVMs under an open source license. It is an established fact, that making a software open source increases the security as more and more people report flaws, if any, in the software. The EC has shared the machine code with the foreign vendors who supplied microchips, but it is not willing to share the same with the people of India who paid for it! Something that has importance of deciding who rules a country for five years, can not be kept under carpet citing commercial reasons or patent rights. The democracy is more important than profits of anyone.
The EC should allow examination by independent experts of the firmware of EVMs, using the most modern tools available for decapsulation and examination under microscope. The EC should also allow independent experts to open and analyse the hardware of the EVMs. This should be allowed on machines randomly selected by the experts. If the EC desires, such machines, suspected to be tampered, can be later relegated to a pool of machines not be used for election purposes later.
The EC should welcome all criticisms of EVMs and should not criminalise people who complain against the EVMs.

The Supreme court of Germany ordered switching back to ballot paper saying that it was a constitutional principle in German law that the transparency of elections was more important than the efficiency of conducting elections and the EVMs clearly denied the voters the right to transparency. The EC and Supreme Court of India, on the other hand, through their actions, have upheld that efficiency of electoral process, in the so-called largest democracy, is more important than transparency!

Rise against EVMs

A democratic movement to ban EVMs and bring back the ballot paper is slowly emerging. Some liberal organisations have formed a coalition to demand ballot papers.59 Even candidates who have won the elections are raising questions60. Some of the bourgeois parties have started demanding, in a weak tone, the return to ballot paper61,62. However many are still in a wait and watch mood. The complacency of the opposition parties, be it BJP or Congress or other parties at that time, in not raising with all their might and building a strong people’s movement against EVMs has largely to do with their weakness, their bourgeois class character and the fear that they may not be able to control the peoples’ anger on the most important issue that plagues the purity of the bourgeois democracy. The working class must take the battle in its hands and wage a struggle to preserve the right to franchise obtained after a prolonged battle with bourgeois democracy.

Notes and References

As long as we are unable to disband the bourgeois parliament, we must work against it both from without and within. As long as a more or less appreciable number of working people (not only proletarians, but also semi-proletarians and small peasants) still have confidence in the bourgeois-democratic instruments employed by the bourgeoisie for duping the workers, we must expose that deception from the very platform which the backward sections of the workers, particularly of the non-proletarian working people, consider most important, and authoritative.

…As long as we Communists are unable to take over state power and hold elections, with working people alone voting for their Soviets against the bourgeoisie; as long as the bourgeoisie exercise state power and call upon the different classes of the population to take part in the elections, we are in duty bound to take part in the elections with the purpose of conducting agitation among all working people, not only among proletarians. As long as the bourgeois parliament remains a means of duping the workers, and phrases about “democracy” are used to cover up financial swindling and every kind of bribery (the particularly “subtle” brand of bribery the bourgeoisie practise with regard to writers, M.P.s, lawyers, and others is nowhere to be seen on so wide a scale as in the bourgeois parliament), we Communists are in duty bound to be in this very institution (which is supposed to express the people’s will but actually covers up the deception of the people by the wealthy) to untiringly expose this deception, and expose each and every case of the Renners and Co.’s desertion to the capitalists, against the workers. It is in parliament that the relations between bourgeois parties and groups manifest themselves most frequently and reflect the relations between all the classes of bourgeois society. That is why it is in the bourgeois parliament, from. within it, that we Communists must tell the people the truth about the relation between classes and parties, and the attitude of the landowners to the farm labourers, of the rich peasants to the poor peasants, of big capital to employees and petty proprietors, etc.

– Lenin, Letter to the Austrian Comunists