Sunday, May 31, 2009

EVMs are not tamper-proof -- Dr. Subramanian Swamy

EVMs are not tamper-proof

* Jayalalithaa, Chandrababu Naidu want to return to ballot papers.
* In Orissa, parties are approaching EC with dozens of complaints.
* Nowhere in Europe or US are EVMs used.


By Dr Subramanian Swamy


JUNE 07, 2009

Numerous electronic voting inconsistencies in developing countries, where governments are often all too eager to manipulate votes, have only added to the controversy. After Hugo Chavez won the 2004 election in Venezuela, it came out that the government owned 28 per cent of Bizta, the company that manufactured the voting machines.


Now Madras High Court is hearing a PIL on the EVMs. This is a good news. I believe time has arrived for taking a long, hard look at these riggable machines that favour the ruling party which has ensured a pliant Election Commission. Otherwise, elections would soon become ridiculed and lose their credibility. The demise of democracy would then be near.


There is much talk today about the possibility of rigging of the electoral outcome in the recent general elections to the Lok Sabha. These doubts have arisen from the unexpected number of seats won by the Congress nation-wide, and these doubts are accentuated by the recent spate of articles published in reputed computer engineering journals as also in the popular international press which raises doubts about the EVMs.


For example, the respected International Electrical & Electronics Engineering Journal (The IEEE, May 2009, p.23) has published an article by two eminent professors of computer science, titled: "Trustworthy Voting" in which they conclude that while electronic voting machines offer a myriad of benefits, these cannot be reaped unless nine suggested safeguards are put in place for protecting the integrity of the outcome. None of these nine safeguards are in place in Indian EVMs. Electronic voting machines in India today do not meet the standard of national integrity and safeguard the sanctity of democracy.


Newsweek magazine issue (dated June 1, 2009) has published an article by Evgeny Morozov, who points out that when Ireland embarked on an ambitious e-voting scheme in 2006, such as fancy touch-screen voting machines, it was widely welcomed: Three years and Euro 51 million later, in April, the government scrapped the entire initiative. What doomed the effort was a lack of trust: The electorate just didn't like that the machines would record their votes as mere electronic blips, with no tangible record.


Morozov points out that one doesn't have to be a conspiracy theorist to suspect the fallibility of electronic voting machines. As most PC-users know by now, computers can be hacked. We are not unwilling to accept this security risk in banking, shopping and e-mailing since the fraud is at the micro-level, and of individual consequence which in most cases is rectifiable. But the ballot box needs to be perfectly safeguarded because of the monumental consequence of a rigged or faulty vote recording. It is of macro-significance much like an "e-coup d'etat". At least that's what voters across Europe seem to have said loud and clear.


Thus, a backlash against e-voting is brewing all over the European continent. After almost two years of deliberations, Germany's Supreme Court ruled last March that e-voting was unconstitutional because the average citizen could not be expected to understand the exact steps involved in the recording and tallying of votes. Political scientist Ulrich Wiesner, a physicist who filed the initial lawsuit, said in an interview with the German magazine Der Spiegel that the Dutch Nedap machines used in Germany are even less secure than mobile phones! The Dutch public-interest group Wij Vertrouwen Stemcomputers Niet (We Do Not Trust Voting Machines) produced a video showing how quickly the Nedap machines could be hacked without voters or election officials being aware (the answer: in five minutes!). After the clip was broadcast on national television in October 2006, the Netherlands banned all electronic voting machines.


Numerous electronic voting inconsistencies in developing countries, where governments are often all too eager to manipulate votes, have only added to the controversy. After Hugo Chavez won the 2004 election in Venezuela, it came out that the government owned 28 per cent of Bizta, the company that manufactured the voting machines. On the eve of the 2009 elections in India, I had in a press conference in Chennai raised the issue and pointed out that those who had been convicted in the US for hacking of bank accounts on the internet and credit cards had been recruited just before the elections. In the US, the Secretary of State of California has now set up a full-fledged inquiry into EVMs, after staying all further use.


Why are the EVMs so vulnerable? Each step in the life cycle of a voting machine— from the time it is developed and installed to when the votes are recorded and the data transferred to a central repository for tallying—involves different people gaining access to the machines, often installing a new software. It wouldn't be hard for, say, an election official to paint a parallel programme under another password, on one or many voting machines that would ensure one outcome or another pre-determined even before voters arrived at the poll stations.


These dangers have been known to the Election Commission since 2000, when Dr MS Gill, the then CEC, had arranged at my initiative for Professor Sanjay Sarma of Massachusetts Institute of Technology (MIT) and Dr Gitanjali Swamy of Harvard to demonstrate how unsafeguarded the chips in EVMs were. Some changes in procedures were made subsequently by the EC, but not on the fundamental flaws that make it compliant to hacking. In 2004, the Supreme Court First Bench of Chief Justice VN Khare, Justices Babu and Kapadia had directed the Election Commission to consider the technical flaws in EVMs put forward by Prof. Satinath Choudhary, a US-based software engineer, in a PIL. But the EC has failed to consider his representation.


There are many ways to prevent EVM fraud. One way to reduce the risk of fraud is to have machines print a paper record of each vote, which voters could then deposit into a conventional ballot box. While this procedure would ensure that each vote can be verified, using paper ballots defeats the purpose of electronic voting in the first place. Using two machines produced by different manufacturers would decrease the risk of a security compromise, but wouldn't eliminate it.


A better way, it is argued in the above-cited IEEE article, is to expose the software behind electronic voting machines to public scrutiny. The root problem of popular electronic machines is that the computer programmes that run them are usually closely held trade secrets (it doesn't help that the software often runs on the Microsoft Windows operating system, which is not the world's most secure). Having the software closely examined and tested by experts not affiliated with the company would make it easier to close technical loopholes that hackers can exploit. Experience with web servers has shown that opening software to public scrutiny can uncover potential security breaches.


However, as the Newsweek article points out, the electronic voting machine industry argues that openness would hurt the competitive position of the current market leaders. A report released by the Election Technology Council, a US trade association, in April this year says that disclosing information on known vulnerabilities might help would-be attackers more than those who would defend against such attacks. Some computer scientists have proposed that computer code be disclosed only to a limited group of certified experts. Making such disclosure mandatory for all electronic voting machines would be a good first step for preventing vote fraud, and also be consistent with openness in the electoral process.


Now Madras High Court is hearing soon a PIL on the EVMs. This is a good news. I believe time has arrived for taking a long, hard look at these riggable machines that favour the ruling party which has ensured a pliant Election Commission. Otherwise, elections would soon become ridiculed and lose their credibility.


The demise of democracy would then be near. Hence evidence must now be collected by all political parties to determine how many constituencies they suspect rigging. The number would not exceed 75 in my opinion. We can identify them as follows: In the 2009 general elections, any result in which the main losing candidate of a recognised party finds that more than 10 per cent of the polling booths showed less than five votes per booth, should be taken prima facie a constituency in which rigging has taken place.


This is because the main recognised parties usually have more than five party workers per booth, and hence with their families would poll a minimum of 25 votes per booth for their party candidate. Hence if these 25 voters can give affidavits affirming who they had voted for, then the High Court can treat it as evidence and order a full inquiry.


(The writer is a former Union Law Minister.)



http://www.organiser.org/dynamic/modules.php?name=Content&pa=showpage&pid=294&page=2



******************">

From

http://indianrealist.wordpress.com/2009/05/30/the-evm-fixing/

May 30, 2009...6:13 am


EVM Fixing (excerpts)



The results of recent Indian elections have taken everyone by surprise. They are really bizzare. There is something rotten going on. How did Congress and the Western countries which support it slyly managed to get these dream results? Does the possibility of EVM (electronic voting machines) rigging exist?


Why were the Congress courtiers hell-bent on getting Navin Chawla to head the Election Commission? What role could this despicable doormat of 10 Janpath have possibly played? EVMs hold the key to this mystery. Interestingly EVMs are thoroughly discredited the world over because they are prone to manipulation. One agency has even called them a “threat to national security.”


All non-Congress parties in India would do well to launch a campaign to ban the use of EVMs. Or at least ensure that the EVM prints a ballot that is then dropped into a box for later counting and tallying the results with the EVMs. Strange things are possible with the use of EVMs. The most bizzare of these being the last-minute win of Chidambaram when he was trailing the other candidate the whole day in counting. Seems like Congress courtiers are allying with some foreign intelligence agencies to rule India in a “you scratch my back, I scratch yours” pact.


Many countries have banned EVMs.


Got the following in my email as a response to this blog post:


You might be interested to hear that Dr Anupam Saraph (CIO of Pune, India, and an adviser to the UN and the Asian Development Society) and Professor Madhav Nalapat (Director of the Department of Manipal University, India, as well as a UNESCO Peace Chair holder, http://en.wikipedia.org/wiki/Nalapat) accidentally discovered files on an official Indian government website that seemed to have voting result numbers long before votes were actually cast.


On May 6th, while looking for routine, publicly available, candidate data during the election, a detailed Excel file of votes polled results for every candidate in India was found on the official website of the Election Commission of India (http://eci.nic.in/candidateinfo/frmcandidate.aspx). That was 9 days before the final votes were cast on May 15. And, even so, the Election Commission was not supposed to have access to votes cast data until May 16, when official counting was to be done.


On May 7 and 11, the Excel file was downloaded again from the Election Commission site. The numbers of votes cast for some candidates changed in each version of the file. In the version of the file downloaded on the last day before the official counting, May 15th, the votes cast results column was blank.


The downloaded files can be found here (the votes cast numbers are in Column N “votespolled”): http://government.wikia.com/wiki/Tracking_the_elections


When news of the files started to spread, the Election Commission closed its site from May 23 to 25. It was back up on the 25th but, until the 29th, you couldn’t download the file anymore. You can now, but the votes cast data for each candidate is gone (you can just see who won) even though now, two weeks after the election, is when that data should be available.

The implications are unsettling.