India's electronic voting faces lawsuit over accountability

With a billion voters all depending on one proprietary system, the risks of tampering are high. With his recently filed lawsuit, a professor attempts to restore confidence in electronic voting.

Retired computer science professor Satinath Choudhary has filed public interest litigation over India's new electronic voting machines (EVMs) in India's Supreme Court. Dr. Choudhary is a 1964 graduate of the prestigious Indian Institute of Technology and has also taught in the United States. The suit is due to come up for hearing immediately.

In the petition, a copy of which was uncharacteristically released publicly over the tech lists in India, Dr. Choudhary cited news reports of problems with the EVMs in some parts of the country, and said: "In my public-interest litigation (PIL) I have asked the Supreme Court for directions. I hope it will give a direction to save democracy in India."

In an op-ed column for The Indian Express last week, Dr. Choudhary wrote, "Producing doctored EVMs is child's play."

Much of the debate cited problems faced by electronic voting even in countries like the US. India has voted for a new parliament. Results are due only around May 13, from the worlds most-populous democracy with a population of more than one billion. But whoever wins, the demand for openness in standards and source code is already a clear winner.

India held a staggered election to elect 540-plus parliamentarians. This is the first all-electronic Indian poll, with some 725,000 EVMs used in every polling booth in India.

The made-in-India EVMs consists of a control unit and a balloting unit joined by a cable. The vote is cast by pressing the blue button on the balloting unit next to the candidate and symbol of choice.

But official claims over the "achievements" of the EVMs were quickly contested both in the mainstream media, and also among tech-oriented mailing lists that link up some highly qualified techies in this part of the globe.

"The reliability of the EVMs manufactured by the (Indian) public sector Bharat Electronics Limited and the Electronics Corporation of India Limited is doubtful. The software and circuits embedded in the EVMs could very well contain numerous flaws or deliberate backdoors for tampering," commented Ravi Visvesvaraya Prasad, writing in the prominent Delhi-based newspaper 'Hindustan Times'.

Prasad argued that a maxim of software and microelectronics engineering is that all software and electronic and electromechanical systems are to be regarded as error-prone unless rigorous testing proves them to be reliable. Significantly, he said, the Indian firms behind the products had not "disclosed details of the electronic hardware and software used in their EVMs for scrutiny by neutral experts".

"How does the EVM work? Frankly, we don't know. (A professor from the one of the prestigious Indian Institute of Technology who explained its working on TV) could only test the EVMs as a black box. A proper scrutiny of the EVM is possible only when the source code of the EVM is public," argued Ashhar Farhan on the tech-oriented India-GII mailing list, which focuses on Internet and technology issues. The list is hosted on the servers of the network of the Computer Professionals for Social Responsibility, the oldest non-profit, mass membership organization working on social impacts of computer technology.

There was wider agreement with Farhan's view that unless India knows the exact algorithm "and more particularly, the source code, then we, the citizens cannot be assured of fairness of the EVM".

Other questions were also raised over whether the EVMs were secure and had robust hardware.

Some debating the issue raised the possibilities of the EVM being programmed to change the vote count to a paritcular candidate after pressing a combination of other keys. This combination can easily be trigged by successive voters who are a part of the conspiracy.

This will remain only between the programmer and those few voters. They only have to stand in a particular order in the voting queue and press buttons in that particular order.

"Unless we are informed of the exact source code and hardware of the EVM, it is not possible to verify the security of the EVM," said Farhan.

"AFAIK there is no provision for any audit trail or manual/paper verification. Has anyone seen and verified the source code? As far as I know, it is in assembly language burnt into the IC and the source code is not available for inspection. Does anyone have the circuit schematic?" commented another poster to the list, signing his name as the 'Root Of All Evil'.

In another development, in end-April Rick Hohensee announced the release of a ballot editing script for Linux.

Said Hohensee: "Votescript was recently posted to Usenet alt.politics with and will appear in a few days at ftp://ftp.gwdg.de/linux/install/clienux/inteim/votescript.

It is a Bash script that uses a PC and printer to edit a printed ballot and keep a tally file for political and other elections. This provides election accountability *to* the public, creates redundant records, and avoids such things as hanging chads.

In 2001, a team of developers: Bill Kastilahn, Zhiqian Wang, Galen Graham, David Schuller, and Jodi Kastilahn won an Embedded Linux Journal design contest with a Linux-based voting machine and estimated its cost at $300 per unit.

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

PD VVPT on any PC

Rick Hohensee's picture

There's a votescript demo video at www.youtube.com/presidentbyamendment
and I beleive the script itself is in the blog at
www.myspace.com/presidentbyamendment

It's public domain, Bash, runs on any Linux PC, and
although we didn't do any hardcopy in the video demo,
prints a yes-votes-only paper ballot and a coded receipt.

rick_hohensee@email.com

Deep Analysis required

M Balachandran's picture

This is a matter of concern requires deep enquiry & we should ban this EVMs in all coming elections. Advanced nations do not depend on EVMs because they know how easily it can be manipulated. If the programme in the chip is to direct every alternative vote after 200 votes to another candidate, 50% votes to this candidate after 200 votes will go to the other person. Remote operated transmitter mounted inside the EVM can be used to cheat easily. Hence we should call a press conferance with experts in electronics/software to challenge the authenticity of EVMs immly. The political parties then will complain & take up to ban this.

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix