The verdict of the Supreme Court in Writ Petition (Civil) No. 434 OF 2023, Association of Democratic Rights v. Election Commission of India, raises more questions than it answers, especially regarding the technological operation of the Electoral Voting machines. It is very heartening that the Court has reiterated that it is the fundamental right of voters to ensure that their vote...
The verdict of the Supreme Court in Writ Petition (Civil) No. 434 OF 2023, Association of Democratic Rights v. Election Commission of India, raises more questions than it answers, especially regarding the technological operation of the Electoral Voting machines.
It is very heartening that the Court has reiterated that it is the fundamental right of voters to ensure that their vote is accurately recorded and counted. But how far has the court gone to ensure the above?
Software not scrutinized, known only to a selected few is a real risk.
The Court has said “While we acknowledge the fundamental right of voters to ensure their vote is accurately recorded and counted, the same cannot be equated with the right to 100% counting of VVPAT slips, or a right to physical access to the VVPAT slips, which the voter should be permitted to put in the drop box. These are two separate aspects – the former is the right itself and the latter is a plea to protect or how to secure the right". But how does a voter or the court ensure that the votes are accurately recorded and counted when the software used to record the vote as well as count it, is still a mystery. The shift in voting and counting to a sophisticated electronic system itself is sort of restricting the fundamental right to an elitist group. Atleast there should be a public scrutiny of the software being used. But here, we are being asked to trust the ECI. And ECI in-turn is trusting somebody else whose identities and numbers remain a secret. Should our fundamental rights be dependent on such mere trust, especially regarding a scientific product like software?
The Election commission says publishing such software has its risk. But there are certain people who have knowledge about that software. Keeping that to such a selected few alone, is the real risk.
Election Commission emphasis that the EVM is standalone, non-networked and cannot be accessed from outside. Then why this apprehension about the software being made public? If the ECI and the technical team supporting them are so confident that it is technically impossible to connect to the EVM by any external source, then why are they apprehensive about releasing the source code? Writing a source code to just have a summing up counter against each agnostic key and displaying it, is a simple piece of code which any programmer can write and there is no secrecy in it. Publishing the source code enables public scrutiny that there are no glitches in the code, that there is no additional piece of code or backdoor and that it is foolproof.
The one time burnt program on the microcontroller chip is very crucial for ensuring the sanctity of elections and to rule out the possibility of manipulating the mandate of the people. The Court has emphasized the point that the EVM is being manufactured by PSUs. The verdict says "The EVMs are manufactured and supplied to the ECI by two public sector undertakings, namely, Bharat Electronics Limited (which functions under the Ministry of Defence), and Electronic Corporation of India Limited (which functions under the Department of Atomic Energy)". But the all-important code is burnt by private firms abroad. Renesas, a Japanese firm and Microchip a US firm were doing this. The extent of trust reposed on public sector undertaking by the Hon'ble Court can be accepted only with a pinch of salt. A final report filed in court by the investigating officer, whatever is his honesty, is not accepted by a court to convict the accused without producing evidence beyond reasonable doubt.
Is the Control unit agnostic? Are input sources connected to the EVM?
The Court in the judgment says "The EVM setup is designed in a rudimentary fashion and the EVM units are standalone and non-networked, that is, they are unconnectable to any other third-party machine or input source.” But a 'symbol loading unit' is an input source which is connected to the EVM. Hence saying the EVM is unconnectable is not correct from technical point of view.
The court has laid great emphasis on the Control unit being agnostic. The verdict points out that the keys are political party and candidate agnostic. But a bitmap with candidate, symbol and key assigned is loaded to VVPAT by the 'symbol loading unit'. This inturn is being read by the Control unit and is being printed. The verdict has observed that the control unit sends the command to the VVPAT. The VVPAT then prints the VVPAT slip comprising of the serial number, candidate name and the symbol. In other words, Control unit receives input from VVPAT unit. Hence the conclusion that the Control unit is political party and candidate agnostic, may not be factual.
Software Testing - lacking and not explained at all
The Court has laid down why it is explaining the functionality and how the EVM works. The verdict says "Our discussion aims to address the uncertainties and provide assurance regarding the integrity of the electoral process. A voting mechanism must uphold and adhere to the principles of security, accountability, and accuracy". But only the hardware behavior and manual interactions are explained. Unfortunately the software which controls the entire procedure still remains a mystery. Providing assurance regarding the integrity of the electoral process, making sure it is secure and accurate needs a proper auditing of the software and even subjecting it to rigorous testing.
Functionality testing is one thing. Exceptional testing and vulnerability testing are different. The court as well as ECI explains functionality. It is tested and is reliable. But it is not undergoing an exceptional testing or vulnerability testing. Atleast it is not explained. How has the court or even ECI made sure that there is no additional piece of code burnt into the chip? For example, there could be a piece of code which triggers action when a particular key sequence is made and that action could do a deletion for a particular key and addition to another key. If the control unit is not agnostic after the symbol loading unit is connected, the above addition and deletion could happen even without an external trigger.The presence of such additional peice of code would not be reflected in a normal functionality testing. Given a chance, the technical community can demonstrate to ECI or the Supreme Court that we can have such a microcontroller based machine which does all the functionality as explained but with an additional code which can manipulate the results residing in it.
If ECI is sure, it is foolproof, why not allow it to be proved right?
The ECI is insisting citizen to believe that code deployed is foolproof and without any backdoor. It says it is not possible to be tampered with or accessed from outside. In that case, the ECI should conduct an exercise like 'Voting Village' and call for Ethical hackers to expose flaws, if any. Technological giants with world class programmers and vulnerability testing experts call for such exercise and find their code vulnerable but end up making their product more robust. They infact reward such hackers with awards nicknamed ' bug bounties'.
It is true that we don't have specific incidents about EVM hacking. But in the Defconheld at Las Vegas, which allowed ethical hacking in July 2017, almost all EVMs allowed to be inspected were found effectively breached. All of them were in use for voting in the US. Should we not learn from somebody else's mistake rather than trying to make the same mistake and learn from it?
Why leave the decision of having electronic counting of VVPAT to ECI?
The Supreme Court has said in Subramanian Swamy v. Election Commission of India that "From the materials placed by both the sides, we are satisfied that the 'paper trail' is an indispensable requirement of free and fair elections. The confidence of the voters in the EVMs can be achieved only with the introduction of the “paper trail”. If we extend it further, the confidence of voters in EVM is not just on introduction of paper trail but in counting them. When it could be done without the use of manpower or without consuming more time with a Counting machine, what is the point in not doing so? The judgment requires a revisit before commencing the counting. Why should the Court leave that decision to the Election Commission? Our fundamental right should not be dependent on what ECI thinks.
The court has described how the introduction of EVM has reduced or eliminated the possibility of booth capturing. But if software is compromised then we are just centralizing the capturing, may be a country capture. And this could be done by external sources too. By directing the counting of VVPAT in all constituencies across the country, the process would have ensured more confidence for which sparing of one or two hours, if at all, is not as costly than democracy.
Author is a Software Engineer, entrepreneur and Former IT advisor to Government of Kerala.
Views Are Personal