The general elections in India concluded a couple of months ago and the ruling Indian National Congress-led United Progressive Alliance won. The Congress party won over 200 seats. The main opposition BJP was pushed to a distant second securing a little over 115 seats. Just about two months since the results were announced, the Electronic Voting Machines (EVM) that have been used for so many elections for several years are suddenly finding themselves mired in allegations of being dysfunctional.
Leader of the Opposition LK Advani says: “We should revert to ballot papers unless the Election Commission is able to ensure that EVMs)are foolproof and every possibility of their malfunctioning is taken care of”. The same sentiment is being echoed by many other opposition parties who have bitten the dust in the recent general elections. Further, we have been seeing, hearing and reading stories of developed countries dumping the EVMs and adopting the good old paper ballot once again. Critics of EVMs say that even the US presidential elections in 2004, which returned George Bush to power, had been rigged. There has also been a Public Interest Litigation (PIL) filed in the Indian Supreme Court challenging the integrity of these EVMs.
In this backdrop, when the average citizen is confused about the veracity of the integrity of these EVMs, this writer explores the Indian EVM and its security aspects and chances of breaching the same.
The EVMs used in India are not the same as those the West uses. The Indian machine is merely a vote recording device. Technically, its appellation "Electronic Voting System" is a misnomer. The Indian EVMs contain 2 units, namely the Control Unit (CU) and the Balloting Unit (BU). They run on batteries. The CU rests with the presiding officer or polling officer of the booth. Before a vote is cast, the presiding officer needs to enable the balloting unit by pressing a button in the CU. Once he does that, the BU is ready to record the vote. It is interfaced to the BU through a cable. The BU contains vote buttons against the respective candidates' names and symbols. The vote is cast by pressing a button in the BU. A vote so cast is transferred and recorded into a memory device in the CU. A BU, a CU and a battery together constitute an independent unit.
This system cannot be influenced in any manner other than by a physical impact. Contrast this with the Western Voting Machines that are similar to ATMs. In the US, votes are cast on a touch screen surface as against India where the machines have distinct buttons against each candidate. Further, in the Western system, the electronic votes are transmitted through a public network; that is, through telephone and internet lines. These lines are susceptible to hacking and are thus vulnerable; a person can not only manipulate the transmitted information but could also gain control and manipulate the voting machine itself. But no such thing can happen with the Indian EVMs. In other words, the Western voting machines are like a mobile phone while Indian EVMs are like calculators. A mobile phone has various interfaces like Wireless Fidelity (WiFi), infrared, bluetooth, apart from a wireless interface through which we make calls. The information stored on a mobile phone can be accessed/manipulated through all the above means/interface. But in case of a calculator, you will need to press the buttons to influence it, or in other words there needs to be a physical impact. This makes the Indian voting machines free from remote access unlike their western counterparts.
Another allegation from the critics of EVMs is that the software in it can be pre-programmed so that after a particular pattern of voting, the system shall automatically transfer the votes in favour of a particular candidate. This is the most contentious issue that many people point to as they want to know the complete circuit schematics and algorithm used by the software. This is the information which the election commission has not divulged so far. There can be no second opinion that it should be disclosed and put to test and cleared by independent neutral experts. Well, as far as the Indian EVM is concerned, it knows no candidate. In other words, the machine is not intelligent. All it can do is record the number of times each button has been pressed. The CU receives the signal from the BU and, based on the signal received ,increments the count against that particular button. Every CU has a pre-programmed device. The program is stored in a Programmable Read Only Memory (PROM); a Microprocessor simply executes the instructions given in the PROM. The PROM can be recorded or burned only once: at the time of manufacture. A calculator too has a PROM. At the time of manufacture of a calculator, if an instruction (or in other words program) is given that if button “5” is pressed followed by “+” then “3” and finally the button “=”, the result should be “8” which is flashed on the screen. This can never be changed as long as this particular PROM is changed. Those instructions that are stored at the time of manufacturing of these PROMs are the ones that stay till the destruction of the EVM. It is not like a computer where you can have WIN 95, then Windows 2000, followed by Windows XP and finally Vista. Hence, there is no question of further tampering of EVMs.
Moreover, these PROMs are manufactured by two government owned enterprises namely Electronics Corporations of India Limited (ECIL) and Bharath Electronics Limited (BEL). They are tested extensively at the manufacturing facilities for errors and pass some of the most exhaustive standards. Hence, if at all there is some foulplay, it has to be in the labs of the said government undertakings. Once they are out of the manufacturing facility, nothing can be done to them.
Yet another contention of the detractors of the device is that there exists no proper audit trail in the EVMs. Rather it should be read as “there exists no paper audit trail in the EVMs”.
Today is the age of IT. In “WYSIWYG” or “What You See Is What You Get” era, technology is being abstracted, encapsulated and fed to humans. Today all online monetary transactions are without a paper trail. Take the case of booking an e-ticket or making a utility bill payment over the internet or a web check in. What stands as record to these transactions are the electronic data; there are no paper trails. Today the scientific fraternity is so advanced that they are able to design 99.99% reliable electronic systems that virtually runs the entire world. Science has advanced so much; it's sad that human habitual suspicion refuses to take note of it.
Back to the Indian system, the recorded vote in the memory of the CU is a audit evidence by all acceptable standards. The CU has the following options:
- Ballot Button – To enable the ballot unit to register a vote;
- Total Button – This displays the total number of votes recorded;
- Close Button – This closes the recording of votes;
- Result I Button – This displays the result;
- Result II Button - To display the result;
- Clear Button – Clears the memory of stored votes.
The demand for making the circuit schematic and algorithm public and proving the worthiness of the machine in front of neutral experts is absolutely justified. However, allegations of tampering and arguments that lack of audit trail is tantamount to lack of transparency are far fetched. They only try to subvert a technological achievement by this great nation rather than oppose the technology on the ground of merits of the case and science.
The writer is an engineer (BTech in Information Technology) from BSA Crescent Engineering College, Anna University, Chennai. His final year project was on e-voting where his team simulated an online voting system. In that connection, they met with officials from EC and BEL