EVM Technology

30 July 2024 — Written by Veda, Aishwarya and Sahil — Poster designed by Jatin

DISCLAIMER:This article in no way alleges that the EVMs are manipulated. The motto of the article is to create awareness about the EVM technology and its concerns, which are relevant irrespective of the results.

An Electronic Voting Machine (EVM) is a portable electronic device used to conduct elections. It is divided into two sections:

  1. Control unit (CU): This unit handles data management and oversees the functioning of the Ballot Units.
  2. Ballot unit (BU): Voters actually cast their ballots using this portion of the EVM. A cable is used to link the BU and CU.

Security Concerns and Safety measures of the CU-BU system:

Before Voter Verifiable Paper Audit Trail (VVPATs) were implemented, the EVM process relied on both administrative and technical safeguards to assert that the entire election process was impenetrable.

According to the Election Commission of India, the CU-BU combination is a simple device with a predetermined and unchangeable function. It is programmable only once and it is not connected to the outside world. The EVM functions in a manner similar to that of a basic calculator—it is a stand-alone device that does not communicate with any other devices and performs a specific pre-designed function.

But, given physical access, even a calculator can be hacked. Election officials maintained constant supervision over EVMs, with CCTVs and armed police manning double-locked strong rooms. However, pre-programmed EVMs that are transported into the districts which are triggered based on a predetermined number pattern render physical security useless. To intercept this threat, we were relying on a combination of process checks.

Process Checks:

  1. The candidate-agnostic nature of the EVMs
  2. At no point throughout the voting process are the voting machines electronically aware of the names of the candidates, party or candidate symbols, or the order in which they appear on the ballot paper that is adhered to the ballot box.
    All that the EVMs do is record votes in accordance with each candidate's serial number.

  3. A two-stage randomisation of EVMs
  4. EVMs are subsequently distributed at random to polling places and constituencies. The potential for targeted EVM manipulation through earlier programming was mitigated by these two stages of randomization before they were placed in district strong rooms/warehouses. This is due to the fact that prior to randomization, it would be unknown which EVM would travel to which constituency and to which booth.

  5. Three-stage mock polls conducted in front of political party or candidate representatives
  6. During the mock poll, people can cast their votes in randomly selected electronic voting machines and determine for themselves whether or not there has been any manipulation.

Implementation of VVPAT (Voter Verifiable Paper Audit Trail):

The current VVPAT design was first introduced in the 2019 elections. As an extra level of voter transparency, the VVPAT would print the name and symbol of the selected candidate as and when the voter pressed the button in the BU.

This, however, appeared to contradict the fact that EVMs are to be unaware about candidate details. The VVPAT is located directly between the BU and CU. It is directly connected to them. This basically indicates that votes move from the BU to the VVPAT and subsequently from the VVPAT to the CU. There is now a programmable device between the voter casting the vote and the CU recording it. Any vulnerability in the VVPAT is a vulnerability in the voting process.

Because the names and symbols of the candidates differ from constituency to constituency and election to election, the VVPAT must be connected to the SLU (Symbol Loading Unit) prior to each election. This implies that the VVPAT requires a programmable memory in order to upload the candidate data.

To finish both rounds of randomization online, a software system called the EVM Management System (EMS) is hosted centrally. This implies that anyone with access to the EMS may now remotely determine which EVM is heading to which constituency and polling place as soon as randomization is complete.

The second vulnerability stems from the fact that both randomizations were finished before the EVMs were placed into service. This suggests that each VVPAT already knows which exact booth it is going to when the external device is linked to it. This makes targeted manipulation specific to polling stations possible. As a result, the two randomization phases serve no purpose as a process safety measure.

It is theoretically possible to avoid the fake poll on any day other than the polling day by performing a simple date check, since the day of the actual poll is known at the moment the VVPAT is connected to the external device. Therefore, any mock poll conducted on a day other than election day will be unable to identify any possible manipulation.

It is again possible to defeat the third mock poll, which is conducted on election day, by using a count check that will cause the manipulation algorithm to start only after a predetermined number of votes are cast.

Conclusion

The field of electronic voting is fairly advanced. Both its benefits and drawbacks are well documented. After consulting with all relevant parties, the Election Commission of India should come up with a solution and create an open procedure that includes peer review for design vetting in order to avoid these vulnerabilities that may jeopardize the elections in the largest democracy on the earth.

-Veda, Aishwarya & Sahil