Can Indian EVMs be hacked?
Can Indian EVMs be hacked? Debapratim Ghosh, Assistant Prof. (Indian Institute of Technology, Bhuba
Can Indian EVMs be hacked?

Can Indian EVMs be hacked?

Debapratim Ghosh, Assistant Prof. (Indian Institute of Technology, Bhubaneswar) replies/gives his opinion as follows:

I know the Indian EVM in a fair amount of detail through an ex-professor during my PhD days. Here it goes:

1. The Indian EVM is not designed by a single person or group of persons from a single company. There are no foreign designers involved. The design is made by taking contributions from (a) the Election Commission of India (b) a Technical Experts Group (TEG) consisting of professors from IITs, IISc etc. and (c) Non-commercial public sector manufacturing units such as BEL (Bharat Electronics) and ECIL (Electronics Corp of India Ltd.).

2. Most EVMs around the world are essentially generic microcomputer systems which can do multiple functions or tasks. On the other hand, the Indian EVM can only be used for voting and nothing else. Hence there is only one single program that runs in it, and that is for voting only. So, introducing a bug in the form of another program is not possible.

3. The Indian EVM has two major parts. The first is a ballot unit (BU), which is there in the polling booth. It looks like a big keyboard where the voter can choose whom to vote for. The second unit is a control unit (CU) which is there with the booth presiding officer, which keeps count of the number of votes cast so far (not which party gets how many votes— that’s not possible!).

4. The BU and CU are connected by a 5-metre-long cable. There exists no other cabling or connections. The Indian EVM does not have WiFi or LAN connectivity. It is not even powered through the 220V wall sockets! It is battery-powered. So external interference is not possible.

5. In the last few years, the BU has been given one additional feature— the VVPAT. A plethora of information is already available on the VVPAT.

6. It is important to note that one BU can be used with one distinct CU only. If you take the CU from polling booth A and connect it to the BU from polling booth B (from a different constituency), then obviously, you can show that a button press for Party X results in a vote for Party Y’! This is a clever hack shown by some people. In reality, mixing BUs and CUs does not happen.

7. Now, let’s get technical. The chips used inside the EVM are one-time programmable only. It is not possible to reprogram them to suit their needs.

8. Many argue that even in a small voting program, it may be possible to introduce malicious code! But wait, the program for the EVM is written by engineers and scientists of BEL/ECIL, and these companies have strong source code audit processes to ensure no malicious code can be inserted. This program is also reviewed separately by an independent group of experts (TEG).

9. All chips used in the EVM hardware are standard, off-the-shelf components. No specific chip is fabricated for the EVM. So even the chip manufacturers cannot possibly know which chip will be used where! Further, there are code testing techniques which check whether the original source code has been altered.

10. Before the actual polling by the public, a series of mock polls are also conducted, usually in the presence of representatives from political parties. Only if they are satisfied (and sign for the EVMs), the machines proceed further.

11. But can the EVMs be tampered with, while in storage before or after the polling day? Well, no. The EVMs are stored in strong rooms with a single door only. The rooms are locked/unlocked in the presence of the contesting candidates, and the lock contains their seal. The lock to that door can be opened by two keys. One key is with the local police in charge, and the other is with the district magistrate. And the strong rooms are guarded by armed policemen.

12. On the day of the polling (before 7 in the morning or so), a fresh mock poll is conducted in the presence of the contesting candidates to ensure that no tampering has happened.

13. When the voter presses the polling button for the desired candidates, a BEEP sound is heard for 12 seconds. During this time, the BU cannot register any more votes, and the voter will have to leave the ballot box within that time. This is done to prevent multiple votes from the same person. This means, not more than 5 people can cast their vote per minute! This is a slow, but secure process.

14. After polling, the same safety procedures as in point 11 are followed.

15. On the day of counting, random checks are done for machines to tally the total number of votes counted by the CU, checked manually against the VVPAT slips. Till date, not a single discrepancy has been found.

16. But what about the hacking claims made by many?

Some popular videos claim the machine can be hacked. In reality, most of these videos have tampered with the CU to fit a Bluetooth-controlled display device on it. So while the BU-CU votes total data is correct, the display can be altered wirelessly as per choice!

17. So why can’t this be done in an actual poll? Well, the EVM has a security feature that is always `ON’, and an attempt to open the system hardware or packaging results in destroying the private key on the machine and is instantly recognizable.

Moreover, making such a big hardware tampering requires physical access to the machine for considerable time by the `hackers’.

18. Many argue that developed Western countries have abandoned the EVMs and use ballot papers instead.

However, no one talks about how badly those EVMs were designed.

The Indian EVM is designed in India and is unique. And to think that just because `Western countries’ do not use the EVM and so India shouldn’t, indicates a slave mentality.

The Indian EVM is designed by Indian engineers and experts, and we should be proud of it.

For an overpopulated country, EVM is the only solution we have seen how ballot votes were tampered with and looted and destroyed in earlier elections

 rajesh pande