[Reader-list] Fudged EVM's ?

[Pawan Durani]

India's electronic voting faces lawsuit over accountability
May 3rd, 2004 by Frederick Noronha inLinux Journal

With a billion voters all depending on one proprietary system, the
risks of tampering are high. With his recently filed lawsuit, a
professor attempts to restore confidence in electronic voting.

Retired computer science professor Satinath Choudhary has filed public
interest litigation over India's new electronic voting machines (EVMs)
in India's Supreme Court. Dr. Choudhary is a 1964 graduate of the
prestigious Indian Institute of Technology and has also taught in the
United States. The suit is due to come up for hearing immediately.

In the petition, a copy of which was uncharacteristically released
publicly over the tech lists in India, Dr. Choudhary cited news
reports of problems with the EVMs in some parts of the country, and
said: "In my public-interest litigation (PIL) I have asked the Supreme
Court for directions. I hope it will give a direction to save
democracy in India."

In an op-ed column for The Indian Express last week, Dr. Choudhary
wrote, "Producing doctored EVMs is child's play."

Much of the debate cited problems faced by electronic voting even in
countries like the US. India has voted for a new parliament. Results
are due only around May 13, from the worlds most-populous democracy
with a population of more than one billion. But whoever wins, the
demand for openness in standards and source code is already a clear
winner.

India held a staggered election to elect 540-plus parliamentarians.
This is the first all-electronic Indian poll, with some 725,000 EVMs
used in every polling booth in India.

The made-in-India EVMs consists of a control unit and a balloting unit
joined by a cable. The vote is cast by pressing the blue button on the
balloting unit next to the candidate and symbol of choice.

But official claims over the "achievements" of the EVMs were quickly
contested both in the mainstream media, and also among tech-oriented
mailing lists that link up some highly qualified techies in this part
of the globe.

"The reliability of the EVMs manufactured by the (Indian) public
sector Bharat Electronics Limited and the Electronics Corporation of
India Limited is doubtful. The software and circuits embedded in the
EVMs could very well contain numerous flaws or deliberate backdoors
for tampering," commented Ravi Visvesvaraya Prasad, writing in the
prominent Delhi-based newspaper 'Hindustan Times'.

Prasad argued that a maxim of software and microelectronics
engineering is that all software and electronic and electromechanical
systems are to be regarded as error-prone unless rigorous testing
proves them to be reliable. Significantly, he said, the Indian firms
behind the products had not "disclosed details of the electronic
hardware and software used in their EVMs for scrutiny by neutral
experts".

"How does the EVM work? Frankly, we don't know. (A professor from the
one of the prestigious Indian Institute of Technology who explained
its working on TV) could only test the EVMs as a black box. A proper
scrutiny of the EVM is possible only when the source code of the EVM
is public," argued Ashhar Farhan on the tech-oriented India-GII
mailing list, which focuses on Internet and technology issues. The
list is hosted on the servers of the network of the Computer
Professionals for Social Responsibility, the oldest non-profit, mass
membership organization working on social impacts of computer
technology.

There was wider agreement with Farhan's view that unless India knows
the exact algorithm "and more particularly, the source code, then we,
the citizens cannot be assured of fairness of the EVM".

Other questions were also raised over whether the EVMs were secure and
had robust hardware.

Some debating the issue raised the possibilities of the EVM being
programmed to change the vote count to a paritcular candidate after
pressing a combination of other keys. This combination can easily be
trigged by successive voters who are a part of the conspiracy.

This will remain only between the programmer and those few voters.
They only have to stand in a particular order in the voting queue and
press buttons in that particular order.

"Unless we are informed of the exact source code and hardware of the
EVM, it is not possible to verify the security of the EVM," said
Farhan.

"AFAIK there is no provision for any audit trail or manual/paper
verification. Has anyone seen and verified the source code? As far as
I know, it is in assembly language burnt into the IC and the source
code is not available for inspection. Does anyone have the circuit
schematic?" commented another poster to the list, signing his name as
the 'Root Of All Evil'.

http://www.linuxjournal.com/article/7561