The recent judgment of the Supreme Court in the matter of Electronic Voting Machines and Voter Verified Paper Audit Trails, dismissing the writ petitions seeking reversion to the manual or full verification of the paper trail, has brought out some details that were otherwise not there for all to see. But it has also left some questions unanswered, perhaps not asked, about the transparency of the EVM procedure.
The judgment, whose text can be seen online, starts by recounting that none of the petitioners has brought out any evidence of bias or any reason to believe anything to be the matter with the work of the Election Commission. And with many similar petitions having been disposed of, there is really no reason not to dispose of this lot in the same way.
However, ‘for the record,’ the court describes the procedure and safeguards that exist as consisting of three units, the ballot unit, the control unit, and the VVPAT. The 16 keys of the ballot unit correspond to assigned parties or candidates and the control unit permits a voter to select a key, which signals the VVPAT to print, display and store the record of the vote.
The control unit is hardwired to be ‘candidate agnostic’ and simply records the fact of each key press, emitting a ‘beep’ when the vote is recorded. The programme that controls the action is ‘burnt’ into the machine at the time of manufacture and the SC describes how it cannot be altered.
Before the EVMs are deployed, each one is ‘First Level Checked’, in the presence of representatives of political parties. All the EVMS are checked by casting a vote, six times, using each of the 16 keys. And then, 5% of the EVMs undergo a mock poll, 1% with 1200 votes and 2% each with 1000/500 votes. And the result is tallied with the VVPAT count.
And when EVMs are to be used, the 16 keys are assigned to parties/candidates and symbols, using an interface, in the presence of representatives.
Also read: The Anatomy of an Electronic Voting Machine: What We Know and What We Don’t
The procedure includes stages of randomising, as when serial numbers are allotted to candidates, which, the description concludes, obviates any suspicious pre-programming.
One glaring shortcoming in the system, which appeared to have been missed by the petitioners, however, is that the software that programmes the EVMs is not made public. The SC did consider this question, and the judgment cites an order of September 22, 2023, which dismissed a petition for independent audit of the source code.
The reasoning of the SC in this case is that the petitioner has disclosed “no actional material” which shows the EC not to be following its “constitutional mandate.”
This seems to be odd, as such material can be found only upon the source code being available for inspection.
The nature of the software that would be used can easily be visualised. It would be a cycle, each time a vote is cast, to sense the serial number of the key depressed, to display the details in the VVPAT and to add the vote to the number against that candidate,
And what can go wrong? A simplest malicious program could, for instance, display correctly the VVPAT, but for every 5th vote, for instance, record the vote against a particular candidate. It could be argued that the trials and mock voting sessions would detect such a thing. That is true, but it is not difficult to get this behaviour to kick in only after 2000 votes are cast, for instance, to escape the mock voting.
In fact, there are innumerable, ingenious ways to manage malpractice, if required, and the only way to know that all is well is to inspect the source code of the program that is hardwired.
It could again be argued that the randomising process, where even the serial number of a candidate is not known beforehand, would prevent malpractice. This is also true. But the onus to state what feature of the program could have a loophole cannot fall on the applicant who seeks to see the program so that she could be assured.
While the procedure states the stages where representatives of political parties are present, nowhere do the representatives see what code is loaded in the EVM. Malicious code could even provide a way to mark a particular key as the ‘selected one’ at the time of assigning candidates and symbols to the keys. This is not something an applicant can prove before the source code is shown to her.
What is not understood is why the EC is unwilling to publish the source code and why the SC does not order it to do so. This is a normal practice in many fields of work. If a researcher, for instance, arrives at some conclusions based on a set of data, with some custom-made software, she is obliged to place the data, as well as the software used, with source code, in some public repository.
Referees, and any other researcher or lab can then audit the data and the software to assess the quality of research.
In the September 22, 2023 case, the SC says, “Ultimately, the manner in which the source code should be audited…bears on sensitive issues pertaining to the integrity of the elections which are conducted under the superintendence of the Election Commission.” Is it not all the more the reason that the audit be public? But, for the same reason, the SC declined the petition.
S. Ananthanarayanan is a civil servant who retired from the Indian Railway Service.
This piece was first published on The India Cable – a premium newsletter from The Wire & Galileo Ideas – and has been updated and republished here. To subscribe to The India Cable, click here.
