THE results of the 2019 Lok Sabha elections were announced on 23 May 2019, following which there been a vigorous debate on the efficacy of the Electronic Voting Machines (EVMs) used during the polling process. At this juncture, it would be useful to look at some of the key arguments being offered in defence of the EVMs. Let us ask ourselves: what is the nature of this defence? Is it being suggested that technically speaking EVMs can never be tampered? Or is it being suggested that tampering of EVMs would require the involvement of thousands of people and several institutions, which is highly unlikely? As we shall see, it is clear that EVMs can be compromised. There is no technological reason to prevent the tampering of EVMs. Yes, this would require a serious compromising of institutions and institutional mechanisms. In the given political climate in India, where we are witnessing the complete breakdown of several institutions, we are therefore left with little confidence that tampering could not have happened. In particular, the track record of the Election Commission of India (ECI) in the EVM controversy has been dubious, to say the least. In fact, the ECI itself has allowed for doubts regarding EVMs to creep in. They have supplied patently false information in response to serious questions. The regulations and safeguards that are supposed to prevent the tampering of EVMs have often been publicly flouted. Technology is as safe, as ‘untamperable’ as the people who manage and administer it. People cannot be expected to trust a process based on a technology which is managed by a highly compromised institution battling a credibility crisis.
The ECI has routinely stated that EVMs are secure and tamper-proof; it has repeated ad nauseam that the strict protocol followed and the technology itself ensures this. The ECI has said several times that the software used in EVMs is ‘One Time Programmable’ (OTP), and thus cannot be rewritten and tampered with. The ECI has also consistently claimed that unlike machines in Europe for instance, EVMs in India are “stand-alone” devices unconnected to the Internet. This lack of internet connectively in the use of Indian EVMs has been highlighted time and again to suggest that EVMs cannot be hacked because they cannot be remotely controlled via the internet. We now know that these claims no longer stand up to strict scrutiny. A response to an Right to Information (RTI) query tells us that the software in EVMs is not OTP and can indeed be rewritten. Similarly, it has been proved that remote access software can be (illegally) installed in EVM machines, thus enabling them to be manipulated via the internet by external agents. In addition, EVM manufacturers and distributers admit that EVMs are not always GPS-tracked and transported under strict supervision. According to a recent RTI query, around 20 lakh EVM machines are effectively ‘missing’. The ECI has no idea where they are right now. In other words, some of the tall claims being put forward by the ECI have by now been completely debunked, thus leaving us with little trust in the ECI and its many assurances. With this brief background, let us look at some of the arguments in detail:
It has been suggested that Indian EVM machines are not, and cannot be connected to the internet. Since the EVMs do not have remote access software, this argument states, there is very little chance of EVM manipulation on a large scale. However, it has come to light that even the EVM machines used in the 2016 presidential elections had remote access software installed, when they were not supposed to . The company manufacturing these EVMs claims that it has got this software uninstalled. But the fact remains that this software was part of the EVM machines, without its existence being common knowledge. In fact, public institutions were loudly claiming that EVM machines were isolated from the internet, even as this software was quietly installed in several machines! In other words, one cannot deny the possibility of someone adding a software or a modem to allow an EVM to be remotely controlled.
Defenders of the EVM have come up with logistical rebuttals to this danger. They claim that installing this software or modem in each EVM machine is a logistical impossibility, because it requires physical tampering of each compromised machine. Let us address this question. Hypothetically speaking, let us consider that a political party wants to rig the elections. In order to do so, all it needs is to tamper with the results in around 150-175 Lok Sabha (LS) constituencies. We know that EVM machines are sent to specific LS constituencies around 3-6 months prior to elections, at which juncture they are physically and electronically verified. Is it not possible for a powerful party to allow the subversion of the physical security provided to EVMs for the short while required to physically tamper with these machines after the EVMs have been officially ‘verified’? Anyone with knowledge of Indian politics and the weakness of Indian institutions would never be able to confidently deny this possibility. All this requires is that certain people are quietly allowed access to the rooms were EVMs are stored (in select constituencies), long before the election process has actually started and the Model Code of Conduct (MCC) is in place and hence EVMs are more closely watched. Is this really impossible? Surely not. Once all the EVMs in a constituency are illegally connected to the internet, not all of them have to be manipulated after the polling to ensure the desired result. As many of them as required can be tampered after polling so as not to raise suspicions.
EVM defenders state that those questioning the recent election results are effectively denying Indian social and political reality. Our society is hopelessly communalised, they tell us, and there is now a solid ‘Hindu’ vote bank which supports Narendra Modi and the BJP. We believe that this is exactly the reason why EVM tampering can indeed take place on a large scale. If there are sufficient numbers of people who believe in the RSS agenda of a Hindu Rashtra, why is it not possible to imagine that they would look away while subversion of the election process takes place under their noses?
Let us now consider the case of the so-called ‘OTP’ chip. The ECI consistently told us that the chips used in the EVM machines cannot be reprogrammed. These chips were ‘One Time Programmable’ (OTP). To begin with, we have to ask: how does the existence of an OTP chip ensure its infallibility? Isn’t it possible that the initial programme itself is designed to cause the EVM to malfunction? There are of course some obvious errors in design that can be caught out when the mandated testing of the software takes place, But a more sophisticated tampering of the software during the design stage could possibly avert detection. Moreover, the so-called OTP chip has landed itself into greater controversy.
Now, one of the major EVM suppliers in India, Bharat Electronics, has revealed in an RTI response that the chip can be reprogrammed (http://www.humanrightsinitiative.org/download/BEL-EVMs-RTIdocs.pdf). This means two things: One, that the ECI has consistently been lying to the Indian public. Secondly, tampering of the EVM software is not a technological impossibility. Yes, as in the above case of interference through the internet, this would require physical tampering of the EVM machine – something that we cannot breezily discount. One of the main reasons for the falling credibility of the ECI has been the patently false information it has been providing, such as in this case. Let us not forget that the ECI had us believe for the longest time that the software for the EVM was being written in India, by Indian engineers employed in Indian PSUs. We now know that this is false on multiple levels. We had to find out through an RTI that the original software is written by a foreign company and not in India and moreover that this software can be reprogrammed. Why couldn’t the ECI be upfront on this matter? Why did it keep providing dubious information? It is this suspicious behaviour that has rung alarm bells.
It has been argued that each EVM machine (along with its various components) has a unique ID to identify it. This means that swapping of EVMs after polling (or even during the period when EVMs lie waiting to be used in warehouses before the elections and MCC) is not possible, for instance. However, even this claim of the ECI has has left many unanswered questions. Take the instance of discrepancies that arose after the Assembly elections in Uttarakhand in 2017. Some Congress candidates went to the High Court in Uttarakhand, challenging the election results in some constituencies. The High Court ordered the seizure of some EVM machines. Serial numbers of some EVMs used during the polling process (and recorded in forms submitted by the ECI’s Presiding Officers for the concerned booth) did not tally with the serial numbers in the EVMs used during counting. What could this mean? It is possible that the machines had been swapped in the time period between the polling and the counting. The Uttarakhand case has been pending in the HC for 2 years now, with no verdict.
Fears of swapping or large-scale tampering also gain credence because of the documented evidence of spurious activity. A response to an RTI revealed that there was a mismatch of a whopping 20 lakh EVMs dispatched by EVM manufacturers and EVMs received by the ECI. While the ECI has tried to allay fears by stating that the movement of every single EVM is provided with security and monitored through a GPS-based system, these claims are hardly substantiated by real experiences. In the short duration between the end of the polls and the counting of votes in May 2019, there were reports from multiple cities of EVMs being transferred with no security.
The Voter Verified Paper Audit Trail (VVPAT) has often been offered as a justification for the use of EVMs. The VVPAT can ensure that each vote on the EVM is physically tallied through a paper trail, it is argued, thus preventing manipulation. This is true only if the potential of the VVPAT is fully utilised. In other words, if the VVPAT is merely treated as a box to collect the votes – which are not actually counted – what is the purpose of VVPAT? The fact is: the BJP and the ECI have routinely refused to allow for large-scale counting of VVPAT slips and their tallying with the EVM votes. Far from allowing 50 or 100% counting of the votes, they have argued that it is enough to count a mere 5 EVM machines in each LS constituency which uses 2200-2500 EVMs. They have not even allowed the physical verification of votes in 5 EVMs per Assembly constituency.
Once again here, the actions of the ECI have been dubious, to say the least. The ECI submitted a report to the Supreme Court (SC), calling it a ‘report by the reputed Indian Statistical Institute (ISI)’. This report stated that statistically speaking, it is enough to count 1 EVM machine per Assembly constituency (or 5 EVMs in a LS constituency). It has now come to light that this information provided by the ECI to the SC is misleading. Concerns have been raised regarding the composition of the committee, the process of forming the committee, and on the mathematical validity of its findings. The administration of the ISI had nothing to do with the committee. The Head of ISI’s Delhi chapter was the lead researcher in the committee. None of the other members were from the ISI, and the ISI had no official role in roping in and recruiting the other members. In a sense, this so-called ‘ISI report’ was written by a group of statisticians from across the country; in all probability picked and chosen by the ECI.
We have summarised some of the crucial issues related to the possibility of EVM tampering. Other methods could possibly be used to tamper the EVM machine, such as a method showcased by AAP MLA Saurabh Bharadwaj in the Delhi Assembly. The point is that several roots to EVM tampering do exist – via the internet, via tampering the software, via swapping the machine.
Let us ask political questions. WHY has the ECI lied to us ever so often? Why is there such a HUGE reluctance to allow for VVPAT verifications of all votes cast? Forget all votes, we now have physical counting and VVPAT verification in just 5 EVM machines in a LS constituency (out of 2200-2500 machines used). What is the government and the ECI so scared of, that they are vociferously pushing back any attempt to ensure large-scale VVPAT verification? The Election Commission of Botswana, Africa (a country which uses EVMs manufactured in India) requested the ECI to showcase the infallibility of our EVMs. The ECI did not entertain this request. Why? Why is it that whenever EVMs have ‘malfunctioned’, this has been in favour of the BJP, the ruling party in the country with considerable resources, political clout and a reputation of running roughshod over institutional autonomy and integrity? All these individual pieces of information come together to leave a very bitter taste in the mouth. We are left with ample reasons to distrust EVMs. The Botswana case in particular is revealing. What exactly is happening there? When ECI is asked tough questions in India by individuals, it hides behind institutions: its own purported ‘sanctity’, the media, the Supreme Court and so on and so forth. It asks Indians to trust Indian institutions come what may, whatever be the evidence to the contrary. But when institutions in Botswana ask tough questions of the ECI, they cop out! They refuse to subject themselves to scrutiny by public institutions.
It is curious and saddening that several respected technologists and activists continue to rubbish serious concerns emerging from the EVM debate. We wonder how the likes of Prabir Purkayastha and Bappi Sinha for instance find it in themselves to trust the ECI at a time when its integrity lies seriously eroded. Clearly, a machine is as dependable as the people who operate and manage it. The EVM is ‘untamperable’ only when the ECI displays basic elements of impartiality, integrity and trustworthiness. When the ECI fails to do so, it should be held accountable and EVMs should be treated with a degree of scepticism.
How can one establish the authenticity of EVMs? That can happen only if the ECI allows for a transparent challenge at every step. We need multiple transparent audits. We need for instance CCTV footage of storage rooms where EVMs are stored, even during non-election periods. We need external and public audits of the software and hardware of the EVMs. We need genuine hackthalons, where absurd terms of reference are not set the ECI. We need VVPAT verifications of each vote. As of now, the Indian public has several reasons to be sceptical. The ECI has not been transparent about the actual design of the EVM and its software. It has not even told us for sure who exactly is writing the software and assembling the hardware. In fact, it has deliberately deceived us on this matter. No serious public or social audit of the EVM has been allowed. When the ECI announced a hackathalon and invited political parties to try and hack the EVMs, it put a curious condition on the participants: they could not physically open the machine and tamper the motherboard or the software. As a result of this attitude, doubts regarding the EVM refuse to wither away.
The fact of the matter is: platitudes, opaque ‘expert’ opinions, and self-certifications by the ECI cannot assure credibility of the EVM-based electoral process. In a democracy, it is important that the voter trust the final verdict of the elections. We cannot allow for a situation where serious doubts persist. The individual voter cannot be asked to unthinkingly trust the ECI and the EVM machine, even as serious concerns are raised. This situation is not sustainable in the democracy. Therefore, it is our collective responsibility to address this issue with the seriousness it requires.