- The Election Commission of India (ECI) could not demonstrate a prototype of its new Remote Electronic Voting Machine (RVM), which would allow domestic migrants to vote in national and regional elections, after the Opposition raised concerns about the logistical and administrative challenges to remote voting.
- The Congress had earlier urged the poll body to first “restore trust in the electoral system” and systematically address fears of the misuse of existing EVMs.
How do existing EVMs work?
- EVMs started being used on a larger scale in 1992 and since 2000, have been used in all Lok Sabha and State Assembly elections.
- There have been three iterations of the machine with improved features, the latest one being the M3 model which was manufactured from 2013 onwards.
- Multiple political parties in 2010 approached the ECI to come up with a mechanism that could help verify that the EVM had recorded the vote correctly as intended by the voter.
- The ECI, thus, developed along with two Public Sector Undertakings (PSU), the Voter Verified Paper Trail Audit (VVPAT) machine to have a paper trail in the voting process. The use of VVPATs has become universal in elections since mid-2017.
- The current EVM setup has a Balloting Unit (BU) which is connected to the VVPAT printer, both of which are inside the voting compartment.
- The VVPAT is connected to the Control Unit (CU), which sits with the Presiding Officer (PO) and totals the number of votes cast, on its display board.
- Only once the PO presses the ballot button on the CU, does the BU get enabled for the voter to cast her vote by pressing the key corresponding to the candidate on the ballot paper sheet pasted on the BU.
- The VVPAT, which is essentially a printing machine, prints a slip with the poll symbol and candidate name, once the voter presses the key on the BU.
- This slip is visible to the voter on the VVPAT’s glass screen for seven seconds after which it gets dropped off in a box inside the VVPAT.
- Once a vote is cast, the BU becomes inactive till the PO schedules the next vote by enabling it again from the CU.
What are the concerns about EVMs?
- Concerned civil society organisations, civil servants who have overseen elections, academicians, journalists, former judges, and political figures formed the Citizens’ Commission on Elections (CCE) in 2020, which conducted analysis, recorded depositions from national and international field experts and released a report in 2021 titled, ‘Is the Indian EVM and VVPAT System Fit for Democratic Elections?’.
- The report highlighted the widely recognised ‘democracy principles’ to be adhered to while conducting public elections.
- It stated that the election process should not only be free and fair but “also be seen to be free and fair”, meaning instead of being told to trust the process the general public should be provided with provable guarantees to facilitate this trust.
- The report points out that the details of the EVM design, prototype, software, and hardware verification are not publicly available for technical and independent review, rendering it available only for a black-box analysis, where information about its inner workings is not accessible.
- However, the ECI says that unlike other countries, Indian EVMs are standalone, are not connected to the internet, and have a one-time programmable chip, making tampering through the hardware port or through a Wi-Fi connection impossible.
- Multiple computer scientists have demonstrated that this claim does not stand up to scrutiny as it does not take into account ‘side-channel’, insider fraud, and trojan attacks.
- Besides, the OTP chip which cannot be rewritten, also has a flip side, even pointed out by BJP leader G. V. L. Narasimha Rao in his 2010 book Democracy at Risk! Can we trust our Electronic Voting Machines
- The ECI sends the EVM software to two foreign chipmakers (in the U.S. and Japan) to burn into the CPU and the manufactured chips are then sent to India for assembly into machines by the two PSUs (BEL and ECIL).
- This means that the manufacturers cannot read back the contents of the software to ensure its integrity is intact. Functionality tests done by manufacturers can only reveal if the machine is working properly.
What are the problems with VVPAT?
- Subhashis Banerjee, the head of IIT-Delhi’s computer science department and a member of the CCE, told The Hindu that for the voting process to be verifiable and correct, it should be machine-independent, or software and hardware independent, meaning, the establishment of its veracity should not depend solely on the assumption that the EVM is correct.
- Ronald Rivest, an MIT professor and the inventor of encryption, defined in his seminal 2008 paper that “a voting system is software (hardware) independent if an undetected change in software (hardware) cannot lead to an undetectable change in the election outcome,” or even if the voting machine is tampered, the same should be detectable in an audit.
- Banerjee explained that a simple way to keep the process software or hardware independent is to keep another record, which in a crude or weak way, he said, is done by the VVPAT, which, he added, has its own set of problems.
- Banerjee contends that the current VVPAT system is not voter verified in its full sense, meaning, while the voter sees their vote slip behind the VVPAT’s glass for seven seconds, it does not mean they have verified it.
- That would happen if the voter got the printout in their hand, was able to approve it before the vote is finally cast, and was able to cancel if there is an error.
- Former IAS officer Kannan Gopinathan, who has overseen both Assembly and Lok Sabha elections, notes in his 2021 paper, that the “voter should have full agency to cancel a vote if not satisfied; and that the process to cancel must be simple and should not require the voter to interact with anybody”.
- Under the current system, if the voter disputes what they have seen behind the screen, they are allowed a test vote in the presence of an election officer, and if the outcome of the test vote is correct, the voter can be penalised or even prosecuted. Mr. Gopinathan and the CCE report argue that this penalisation is discouraging.
- Additionally, the assurance given by the ECI that the EVM-VVPAT system is not connected to any external device has been questioned by former civil servants and multiple studies.
- For the VVPAT to be able to generate voting slips, the symbols, names and the sequence of the candidates need to be uploaded on it which is done by connecting it to a laptop.
- Gopinathan points out that to create a VVPAT sheet on the laptop, an application is either downloaded from the ECI server or copied from a local device.
- It is then uploaded to another device or the Symbol Loading Unit (SLU) through a nine-pin cable, which in turn is connected to the VVPAT for upload. This process raises questions.
What are institutional safeguards?
- The ECI has said time and again that EVMs and their systems are “robust, secure, and tamper-proof”, owing to the technical and institutional safeguards in place.
- The ECI claims that the safeguards, such as the sealing of machines with signatures of polling agents, first-level checks, randomisation of machines, and a series of mock polls before the actual voting, cannot be circumvented. However, domain experts and former observers have shown that vulnerabilities can arise.
- For example, Mr. Gopinathan states in his report that since it is “known upfront that a fixed number of votes cast at the beginning of the polls in each polling station”, will be part of the third mock poll, “theoretically a hack can easily bypass the first few votes, thereby preventing detection of foul play as every key press in the EVM is date and time stamped”.
How will RVMs be different?
- The EC states in its concept note that the Multi-Constituency RVM for migrant voting will have the same security system and voting experience as the EVM.
- This essentially means that the challenges mentioned above with regard to the current EVMs will persist when it comes to the RVMs.
- Besides, the Commission says the RVM can handle multiple constituencies (up to 72) from a single remote polling booth.
- For this, instead of a fixed ballot paper sheet, the machine has been modified to have an electronic dynamic ballot display which will present different candidate lists corresponding to the constituency number of the voter read by a constituency card reader.
- The ECI has added a digital public display unit or a monitor to act as an interface between the constituency card reader and the BU display.
- As for the commissioning process of the machine, the electronic ballot will be prepared by the Returning Officers (ROs) of home constituencies of voters, and forwarded to the remote RO for uploading in the SLU.
- This would raise questions about how these new devices communicate with each other — is there a device with programmable memory
- At what point is the unit connected to an external device for symbol loading, and while the keys on the BU are mapped to the serial numbers, would it be possible to mess with the digital display to show a modified list to the voter
- Besides machine related concerns, Dr. Banerjee pointed out the logistical and administrative challenges that remote voting would present.
- These include questions on how voter registration will take place in remote locations, how names will be removed from the electoral rolls of the home constituency, how remote voting applications will be made transparent etc.
SOURCE: THE HINDU, THE ECONOMIC TIMES, PIB