India's electronic voting faces lawsuit over accountability

Retired computer science professor Satinath Choudhary has filed public interest litigation over India's new electronic voting machines (EVMs) in India's Supreme Court. Dr. Choudhary is a 1964 graduate of the prestigious Indian Institute of Technology and has also taught in the United States. The suit is due to come up for hearing immediately.

In the petition, a copy of which was uncharacteristically released publicly over the tech lists in India, Dr. Choudhary cited news reports of problems with the EVMs in some parts of the country, and said: "In my public-interest litigation (PIL) I have asked the Supreme Court for directions. I hope it will give a direction to save democracy in India."

In an op-ed column for The Indian Express last week, Dr. Choudhary wrote, "Producing doctored EVMs is child's play."

Much of the debate cited problems faced by electronic voting even in countries like the US. India has voted for a new parliament. Results are due only around May 13, from the worlds most-populous democracy with a population of more than one billion. But whoever wins, the demand for openness in standards and source code is already a clear winner.

India held a staggered election to elect 540-plus parliamentarians. This is the first all-electronic Indian poll, with some 725,000 EVMs used in every polling booth in India.

The made-in-India EVMs consists of a control unit and a balloting unit joined by a cable. The vote is cast by pressing the blue button on the balloting unit next to the candidate and symbol of choice.

But official claims over the "achievements" of the EVMs were quickly contested both in the mainstream media, and also among tech-oriented mailing lists that link up some highly qualified techies in this part of the globe.

"The reliability of the EVMs manufactured by the (Indian) public sector Bharat Electronics Limited and the Electronics Corporation of India Limited is doubtful. The software and circuits embedded in the EVMs could very well contain numerous flaws or deliberate backdoors for tampering," commented Ravi Visvesvaraya Prasad, writing in the prominent Delhi-based newspaper 'Hindustan Times'.

Prasad argued that a maxim of software and microelectronics engineering is that all software and electronic and electromechanical systems are to be regarded as error-prone unless rigorous testing proves them to be reliable. Significantly, he said, the Indian firms behind the products had not "disclosed details of the electronic hardware and software used in their EVMs for scrutiny by neutral experts".

"How does the EVM work? Frankly, we don't know. (A professor from the one of the prestigious Indian Institute of Technology who explained its working on TV) could only test the EVMs as a black box. A proper scrutiny of the EVM is possible only when the source code of the EVM is public," argued Ashhar Farhan on the tech-oriented India-GII mailing list, which focuses on Internet and technology issues. The list is hosted on the servers of the network of the Computer Professionals for Social Responsibility, the oldest non-profit, mass membership organization working on social impacts of computer technology.

There was wider agreement with Farhan's view that unless India knows the exact algorithm "and more particularly, the source code, then we, the citizens cannot be assured of fairness of the EVM".

Other questions were also raised over whether the EVMs were secure and had robust hardware.

Some debating the issue raised the possibilities of the EVM being programmed to change the vote count to a paritcular candidate after pressing a combination of other keys. This combination can easily be trigged by successive voters who are a part of the conspiracy.

This will remain only between the programmer and those few voters. They only have to stand in a particular order in the voting queue and press buttons in that particular order.

"Unless we are informed of the exact source code and hardware of the EVM, it is not possible to verify the security of the EVM," said Farhan.

"AFAIK there is no provision for any audit trail or manual/paper verification. Has anyone seen and verified the source code? As far as I know, it is in assembly language burnt into the IC and the source code is not available for inspection. Does anyone have the circuit schematic?" commented another poster to the list, signing his name as the 'Root Of All Evil'.

In another development, in end-April Rick Hohensee announced the release of a ballot editing script for Linux.

Said Hohensee: "Votescript was recently posted to Usenet alt.politics with and will appear in a few days at ftp://ftp.gwdg.de/linux/install/clienux/inteim/votescript.

It is a Bash script that uses a PC and printer to edit a printed ballot and keep a tally file for political and other elections. This provides election accountability *to* the public, creates redundant records, and avoids such things as hanging chads.

In 2001, a team of developers: Bill Kastilahn, Zhiqian Wang, Galen Graham, David Schuller, and Jodi Kastilahn won an Embedded Linux Journal design contest with a Linux-based voting machine and estimated its cost at $300 per unit.