India's electronic voting faces lawsuit over accountability

Retired computer science professor
Satinath Choudhary has filed public interest litigation over
India's new electronic voting machines (EVMs) in India's Supreme
Court. Dr. Choudhary is a 1964 graduate of the prestigious Indian
Institute of Technology and has also taught in the United States.
The suit is due to come up for hearing immediately.In the petition, a copy of which was uncharacteristically
released publicly over the tech lists in India, Dr. Choudhary cited
news reports of problems with the EVMs in some parts of the
country, and said: "In my public-interest litigation (PIL) I have
asked the Supreme Court for directions. I hope it will give a
direction to save democracy in India."In
an
op-ed column for The Indian Express last week, Dr.
Choudhary wrote, "Producing doctored EVMs is child's play."Much of the debate cited problems faced by electronic voting
even in countries like the US. India has voted for a new
parliament. Results are due only around May 13, from the worlds
most-populous democracy with a population of more than one billion.
But whoever wins, the demand for openness in standards and source
code is already a clear winner.India held a staggered election to elect 540-plus
parliamentarians. This is the first all-electronic Indian poll,
with some 725,000 EVMs used in every polling booth in India.The made-in-India EVMs consists of a control unit and a
balloting unit joined by a cable. The vote is cast by pressing the
blue button on the balloting unit next to the candidate and symbol
of choice.But official claims over the "achievements" of the EVMs were
quickly contested both in the mainstream media, and also among
tech-oriented mailing lists that link up some highly qualified
techies in this part of the globe."The reliability of the EVMs manufactured by the (Indian)
public sector Bharat Electronics Limited and the Electronics
Corporation of India Limited is doubtful. The software and circuits
embedded in the EVMs could very well contain numerous flaws or
deliberate backdoors for tampering," commented Ravi Visvesvaraya
Prasad, writing in the prominent Delhi-based newspaper 'Hindustan
Times'.Prasad argued that a maxim of software and microelectronics
engineering is that all software and electronic and
electromechanical systems are to be regarded as error-prone unless
rigorous testing proves them to be reliable. Significantly, he
said, the Indian firms behind the products had not "disclosed
details of the electronic hardware and software used in their EVMs
for scrutiny by neutral experts"."How does the EVM work? Frankly, we don't know. (A professor
from the one of the prestigious Indian Institute of Technology who
explained its working on TV) could only test the EVMs as a black
box. A proper scrutiny of the EVM is possible only when the source
code of the EVM is public," argued Ashhar Farhan on the
tech-oriented
India-GII
mailing list, which focuses on Internet and technology
issues. The list is hosted on the servers of the network of the
Computer Professionals for Social Responsibility, the oldest
non-profit, mass membership organization working on social impacts
of computer technology.There was wider agreement with Farhan's view that unless
India knows the exact algorithm "and more particularly, the source
code, then we, the citizens cannot be assured of fairness of the
EVM".Other questions were also raised over whether the EVMs were
secure and had robust hardware.Some debating the issue raised the possibilities of the EVM
being programmed to change the vote count to a paritcular candidate
after pressing a combination of other keys. This combination can
easily be trigged by successive voters who are a part of the
conspiracy.This will remain only between the programmer and those few
voters. They only have to stand in a particular order in the voting
queue and press buttons in that particular order."Unless we are informed of the exact source code and hardware
of the EVM, it is not possible to verify the security of the EVM,"
said Farhan."AFAIK there is no provision for any audit trail or
manual/paper verification. Has anyone seen and verified the source
code? As far as I know, it is in assembly language burnt into the
IC and the source code is not available for inspection. Does anyone
have the circuit schematic?" commented another poster to the list,
signing his name as the 'Root Of All Evil'.In another development, in end-April Rick Hohensee announced
the release of a ballot editing script for Linux.Said Hohensee: "Votescript was recently posted to Usenet
alt.politics with and will appear in a few days at
ftp://ftp.gwdg.de/linux/install/clienux/inteim/votescript.It is a Bash script that uses a PC and printer to edit a
printed ballot and keep a tally file for political and other
elections. This provides election accountability *to* the public,
creates redundant records, and avoids such things as hanging
chads.In 2001, a team of developers: Bill Kastilahn, Zhiqian Wang,
Galen Graham, David Schuller, and Jodi Kastilahn
won an Embedded Linux Journal design
contest with a Linux-based voting machine and estimated its
cost at $300 per unit.