Hack it if you can: EC’s challenge on EVMs
The EC’s challenge to political parties to prove EVMs can be hacked is a welcome move
The electronic voting machine has been under strong scrutiny ever since it was deployed in the 1990s. The Indian EVM is a singular instrument with its dependence on standalone hardware-firmware-led machine components to register and tally votes — it is not reliant on computer software or networked components. Questions have been therefore raised about the possibility of EVM-tampering either by the introduction of malicious code (trojans) that could override the logic embedded in the chip, replacing its chip, or manipulating the communication between the ballot and the control units through remote signals or equipment. The Election Commission has evolved improvements over time to address these concerns, and has strengthened technical and administrative safeguards to prevent any manipulation. The steps include time-stamping of key presses, dynamic coding in second-generation machines besides tamper-proofing and self-diagnostics in the third-generation machines that are now being deployed. A strict administrative protocol involving first-level checks after manufacture, randomised deployment, sealed strong rooms for storage, and conduct of mock polls has been instituted. The EC has pledged the universal deployment of voter verifiable paper audit trails beginning 2019. VVPATs will add another layer of accountability, allowing voters to verify the choice registered on the ballot unit in real time, and the machine-read vote tallies post-election.
These steps have obviously not satisfied some political parties which have used the logic of machine fallibility to claim that their recent electoral losses were a consequence of EVM tampering rather than actual voter choice. The Aam Aadmi Party recently demonstrated what it claimed to be a possible hack of the EVM by the introduction of a trojan on to an EVM prototype; it said that, therefore, it was possible to manipulate all EVMs by the replacement of its motherboard (to accommodate a chip that carried a built-in trojan). This critique does not stand scrutiny considering the EC’s technical and administrative safeguards that prevent trojans or the mass manipulation of EVMs. The EC’s challenge to political parties to participate in a hackathon on June 3, to test out manipulation of EVMs with the various safeguards in place, is welcome. The scepticism of some political parties apart, there is definitely a case for constantly improving EVM design and security features in order to completely rule out any sophisticated tampering attempt, howsoever difficult it is to carry it off considering the strict administrative safeguards in place. The more transparent the EC is about demonstrating the robustness of its safeguards and its determination to improve them further, the greater will be the public’s trust in the electoral process.