The inscrutable EVM engine

Ballot papers can be substituted; ballot boxes stuffed, switched or looted—which is why the EVM-VVPAT combine is deemed to be a superior voting system, with greater security and verifiability.

So we have heard. However, the stubborn refusal of the Election Commission of India to allow actual verification, to respond to criticisms or suggestions, or hold a transparent and independent audit of the process is what leaves citizens uneasy. When we are asked to believe what should be a scientifically verifiable article on faith alone, suspicion is bound to mount.

Surely the onus is on the ECI to establish, beyond reasonable doubt, that the EVMs are working as advertised? Then the electorate may trust the process is fair and secure, and all questions/arguments can die down once and for all. “The ECI’s reluctance resembles that of examiners who are wary of showing examination papers they have graded to students, lest their mistakes are detected,” quipped Ajaz Ashraf in a column in Mid-Day this week.

The apparent disconnect between the reported public mood on the ground and the actual election results in some of the five states polled last month has given a fresh lease of life to questions around the EVM–VVPAT. It is surely odd that Madhya Pradesh—widely reported to be facing a 20-year anti-incumbency wave—saw the Congress leading in 199 of 230 constituencies in postal ballots but saw it trailing far behind in the EVM counts. Postal ballots typically align with the EVM trend. If anything, the remote voter is more likely to be opposed to anti-incumbency than those present in person, having had less opportunity to see government failures up close.

Instances of EVMs not registering a candidate’s own vote or those of his family members, in booths where the machine recorded that that same person did not get any votes, have also added to the disquiet.

Verifiability of EVMs

Ironically, it was the BJP that first opposed the EVM, and vehemently. Rajya Sabha MP G.V.L. Narasimha Rao even wrote a book, with the blessings of party leader L.K. Advani, on its fallibility. The book was co-

authored by Michigan computer science professor Alex Halderman and Hari Prasad, a computer scientist from Andhra Pradesh.

The same Hari Prasad was arrested in 2010 for allegedly stealing an EVM, while he was demonstrating on a Telugu TV channel that the machine can be hacked. The BBC in 2019 reported that Prasad was working in Andhra Pradesh with the Telugu Desam Party and still believed that EVMs can be hacked.

Prasad alleged that the Election Commission did invite him and his team to demonstrate how the machine could be hacked—but stopped him midway. He urged the Commission to release the video recording of the demonstration. He was also stopped from examining the machine closely, on the pretext that this would violate the patent and intellectual property rights of the manufacturer (the Electronic Corporation of India).

Not only have Rao and the BJP been mysteriously silent on the hackability of EVMs ever since, Hari Prasad too—after courting controversy in 2019 again, by alleging that VVPAT slips were visible for just 3 seconds and not for the mandated 7—went quiet. Did it no longer suit their interests?

Till 2019, the ECI would tell critics that the EVM was an independent, ‘one-time-programmable’ unit and tamper-proof. Not all were convinced. And the ECI made no show of proof via audit.

In Australia, EVMs use Linux, an open-source software. Venezuela audits EVM source code before every election. The US keeps its source codes and hashes in a public repository. Germany and several other countries have got rid of EVMs entirely. In India, those fighting for transparency say that exposing the source code would actually make malicious manipulation difficult, because easier to audit.

Writing in the Wire last month, investigative journalist Meetu Jain reported that it is the government, government agencies and private contractors—not the Election Commission—that supervise the repair, maintenance, storage, software programming and checking of EVMs. The source code of the EVMs has never been revealed even to technical evaluation committees (TECs) mandated by the ECI to audit EVM software, she reported, though they have repeatedly recommended removal of the veil of secrecy. All members of the committees are government appointees.

‘The crucial job of designing the source code and writing the software is carried out by employees of Bharat Electronics Limited and Electronics Corporation of India Limited, which manufacture the EVMs. BEL is under the Ministry of Defence and ECIL reports to the Department of Atomic Energy,’ the Wire report highlights.

Jain also quotes from the ECI’s status paper, edition 4, of November 2021, which says that for the current EVMs, ‘the exact original source code cannot be derived’ from the older versions (M1 and M2) manufactured till 2010. This is because the chips or micro controllers are imported and came pre-loaded.

Significantly, the report adds that in 1990, the TEC had recommended that source codes be made public. The TEC report also says, ‘As a matter of abundant precaution, the instrument’s signature may be tested by the suppliers before a poll to check that they have not been replaced.’ This was repeated by the 2006 committee as well, which did not have access to the code either.

In 2013, the TEC called for a facility whereby the ‘code in the EVM units can be read out by an approved external unit and the code so read may be compared with corresponding reference code… only to ensure that there is no trojan or other malware for EVMs in use’.

This 2013 report was the last the government shared with activist Venkatesh Nayak via RTI. No report has been made public since then.

Curiously, the ECI has told the courts that a TEC of the Electronic Corporation of India audits the software. But the TEC has in separate RTI replies claimed that the audit is done by the ministry of electronics and information technology (MeitY) audit cell, Standardisation Testing and Quality Certification (STQC). STQC in turn said this information was with the ECI.

As for the pre-programmed microcontroller chip, repeated RTI requests for the country or company supplying it were rebuffed by the government.

In one RTI response to Venkatesh Nayak, Jain reports, BEL said the chip was from US-based NXP Semiconductors. NXP’s website says its chip has three different kinds of memory—SRAM, FLASH and EEPROM. All three types are eraseable and rewriteable.

EVMs in hotel rooms and other issues

Other deficiencies in the process have been noted, too. From Madhya Pradesh in 2019, it was reported that EVMs reached the collection centre at Sagar 48 hours after polling ended—in a school bus without a number plate. Various videos also surfaced showing EVMs in hotel rooms and in private vehicles. Although the ECI had ordered all authorised vehicles to be monitored by GPS and each vehicle to be accompanied by a polling officer, no explanation was offered.

Then there is the matter of sending the actual vote cast at the ballot unit (BU) to the control unit (CU) that tallies the votes. How do voters verify their votes have actually gone to the party and candidate they intended? The BU does not carry names of parties or candidates, only numbers corresponding them. While national parties come before regional in the sequence, the CU is supposed to be agnostic of the identities corresponding to numbers on the BU. Ergo, it can’t be rigged, the EC says.

Critics argue the position of ‘NOTA’ at least is fixed at the end of the list. But even if it is technically possible to transfer NOTA votes (or a percentage of them) to a preferred candidate, the CU cannot identify the candidate or party by number—unless the list was fixed beforehand, say alphabetically, B for BJP and C for CPM.

The Supreme Court finally stepped in and directed the ECI to use a Voter Verified Paper Audit Trail (VVPAT) in the 2019 general election. When the voter presses a button on the EVM, the VVPAT unit should display a slip with the relevant symbol for 7 seconds, letting the voter satisfy herself her vote has been correctly registered.

However, several experts believe VVPAT units have increased the vulnerability of the EVM. Now the VVPAT’s memory holds the names of parties, candidates and symbols—and could be programmed to print and show one thing while something else was sent to the CU.

While EVMs before 2019 were truly candidate-agnostic, the VVPAT is not—it can be pre-programmed or ‘fixed’ during repair and maintenance. Details of parties and candidates are uploaded to it from external laptops, adding to its vulnerability.

Checks mandated by the Election Commission before 2019—randomisation, a mock poll held before representatives of the political parties and a verification process just before polling—do not help in this changed system, as former IAS officer Kannan Gopinathan noted in an interview. The Supreme Court-mandated counting of VVPAT slips in five booths per constituency is statistically insignificant.

The only possible checks are to physically count the VVPAT slips or let voters verify what is registered at the CU end of the system. “A voter should be able to get the VVPAT slip in her hand, and cast it in a chip-free ballot box for the vote to be valid,” suggested another retired IAS officer, M.S. Devasahayam, to the Election Commission this week.

Devasahayam is a signatory to an ongoing online public petition on change.org for going back to ballot papers; but despite collecting 10,000 signatures, it is unlikely to change popular perception that this is a case of sour grapes.