EVMs: BJP once swore by Alex Halderman but no longer

Last year computer scientist J. Alex Halderman rolled an electronic voting machine onto a Massachusetts Institute of Technology stage and demonstrated how simple it is to hack an election. Halderman, whose research involves testing the security of election systems, tampered with the ballot programming, infecting the machine’s memory card with malicious software. The machine declared a mock candidate the winner by securing two votes to just one by the rival. But all three votes, it was earlier demonstrated, had been cast in favour of the rival, who lost!

Halderman is the same scientist who demonstrated that the Indian EVM could be hacked with a machine that one Hari Prasad was accused to have stolen. He is also the one who inspired BJP spokesman GVLN Rao to write a book on the unreliable EVMs. Hari Prasad was arrested and later released on bail.

While Halderman continues to conduct his research on electronic voting machines and is convinced that they are a threat, BJP and GVLN Rao have made a U-turn after 2012, now reposing their faith in the EVM and describing the machine as infallible.

Late last year ( November, 2018) Halderman gave an interview to Scientific American in which he made several points which are of interest to those in India who have been debating on the EVM.

Here are some of the points he made:

• When we did the first voting machine study 10 years ago, we talked about a range of different possible attackers, dishonest election officials and corrupt candidates. But the notion that it would be a foreign government cyber attack, that that would be one of the biggest problems to worry about—well, that was pretty far down on the list. Over the past 10 years cyber warfare went from something that seemed like science fiction to something you read about every almost every day in the newspaper.

• One possibility is that attackers could infiltrate what are called election-management systems. These are small networks of computers operated by the state or the county government or sometimes an outside vendor where the ballot design is prepared.

• There’s a programming process by which the design of the ballot—the races and candidates, and the rules for counting the votes—gets produced, and then gets copied to every individual voting machine. Election officials usually copy it on memory cards or USB sticks for the election machines. That provides a route by which malicious code could spread from the centralized programming system to many voting machines in the field. Then the attack code runs on the individual voting machines, and it’s just another piece of software. It has access to all of the same data that the voting machine does, including all of the electronic records of people’s votes.

• So how do you infiltrate the company or state agency that programs the ballot design? You can infiltrate their computers, which are connected to the internet. Then you can spread malicious code to voting machines over a very large area. It creates a tremendously concentrated target for attack.

• Unfortunately, it’s also possible to more subtly manipulate things, especially in close elections, in ways that would result in the wrong candidates winning—and with high probability of that not being detected

•The National Academies of Sciences, Engineering and Medicine in the US released a report in September, 2017 that urged all states to adopt paper ballots before 2020

• The idea of a post-election paper audit is a form of quality control. You want to have people inspect enough of the paper records to confirm with high statistical probability that the outcome on the paper and the outcome on the electronic results is the same. You’re basically doing a random sample.

• How large a sample you need depends on how close the election result was. If it was a landslide, a very small sample—maybe even just a few hundred random ballots selected from across the state—could be enough to confirm with high statistical confidence that it was indeed a landslide. But if the election result was a tie, well, you need to inspect every ballot to confirm that it was a tie.

• The key insight behind auditing as a cyber defense is that if you have a paper record that the voter got to inspect, then that can’t later be changed by a cyber-attack.