The Supreme Court’s two-judge bench on April 26 delivered its much-delayed judgement on the demand for 100% verification of EVM-VVPAT.
The petition was filed by the Association for Democratic Reforms (ADR) a year ago. Other petitions were tagged with it.
The verdict came on the day of the second phase of polling of the 2024 General Elections.
This wasn’t any contest between any political party and the Election Commission (EC) or the government. This was a contest between the citizens of India and the EC. None of the political parties were petitioners. However, the bench seemed to have missed this point and gave a relief that petitioners never asked for.
The order was signed by both Justices Sanjiv Khanna and Dipankar Datta. A separate order was signed by only Justice Datta.
SC order on EVM-VVPAT
The only positive aspect of the order is the direction issued to the EC, which is expected to considerably reduce the chances of hacking because of the fear of getting caught during the audit, if done honestly and competently.
Unless the audit process, which is in the hands of the EC (BEL and ECIL engineers), is subverted, the risk for hackers getting caught will be huge.
The top court order has limited the audit to a maximum of 5% of EVMs per constituency. If the losing contestants (the second and third runner-up) had been permitted to request an audit of all EVMs, the possibility of hacking would have been eliminated.
The order makes it explicit that the burden of the cost of audit will be on the challenger. However, it does not speak about the consequences of malware detection in the suspected devices: will a re-poll be ordered around the booth where the EVM was deployed, or the whole constituency, or the whole country?
The order shows its magnanimity in refunding the cost incurred by the challenger should any tampering be detected.
It is strange that the order did not consider it justified to appoint independent auditors in resolving the audit challenge. Independent auditors could have compared the object code (access to the source code is not necessary) in the suspected machines with healthy machines provided by the EC and given their verdict about the evidence of tampering, i.e. presence of illegitimate stuff (malware or any foreign software).
The order unnecessarily elaborates that the “microcontroller’s burnt memory” will be subject to audit. What about the flash memory of 4MB (see paragraph#22 in the order)? For a semi-technical note on the EVM hackability, read here.
Let’s now consider the curious (bad) part of the order which betrays the misunderstanding on part of the honorable judges – and which is worthy of a challenge in a review petition.
The main petitioner, senior advocate Prashant Bhushan, asked for sensible reliefs which would have served to foil hacking of the EVM system completely. He also explained all the important vulnerabilities and tried to elaborate the possibility of malware infiltrating the “programmable memory” of the VVPAT but Justice Khanna cut him off multiple times – as can be read from the court proceedings and live updates from independent websites.
Also read: The Anatomy of an Electronic Voting Machine: What We Know and What We Don’t
The method of hack
The first relief sought was that the voters should be able to verify the correctness of the vote slip printed by the VVPAT and assure themselves that it is cut and dispensed into the ballot box.
Senior advocate Bhushan offered three alternatives: i) revert to paper ballot, ii) hand over the vote slip to the voter who can verify its correctness and dispense it into a ballot box, and iii) keep the light inside the VVPAT behind a dark glass (why on earth this glass should not be transparent is not explained satisfactorily by the EC. The secrecy argument is totally specious as the voter compartment is always placed in a corner of the room, illuminated all the time so that the voter would leave the voter compartment only after full satisfaction: the correct slip is printed, cut and dispensed into the ballot box. Merely lighting up the lamp for a brief seven seconds to show the slip to the voter is insufficient.
Watch in this video how the hacking method – in which consecutive votes are stolen – works. In this method of hacking, the vote count in CU and VVPAT printed slips would match.
However, the top court order has explicitly denied this right to the voter. Justice Datta elaborates in a separate order – in para#15 & 16 page#48 & 49 – that under Rule 49M(3), it is sufficient to merely show the slip to the voter.
It appears that the judge never understood the method of hacking – in which consecutive votes are stolen and cast in favour of the hacker’s party when the lamp is switched off.
Control unit in an EVM said to be tamper-proof by the Election Commission of India. Photo: CC BY 3.0/Wikimedia Commons
The judges elaborate naively in their order that never in the past have discrepancies been reported between the CU count and manual count of VVPAT printed slips. Therefore, no hacking could have ever taken place. The order quite unnecessarily derides the demand for paper ballots and voter slips being handed over to the voter without mentioning all the three alternatives.
‘Godi media’ has also amplified the view that asking for paper ballots is a “retrograde demand”.
Based on the third alternative Bhushan offered, the judges should have quizzed the EC to articulate methods of satisfying the voter that the vote is correctly printed, cut, and dispensed into the ballot box. The EC should have specifically answered why it has designed the complicated system of switching light on and off and generating an audio beep signal. Further, the EC should have been asked to explain why the simple method of illuminating the cutting operation and dispensing of the slip in the ballot box was not preferred.
The poll body had revealed in the court that there is a sensor which detects the falling slip, and it sends out an audio beep. What if the audio beep signal is generated falsely by a hacked VVPAT? Therefore, the relief of voter verification should have been granted to foil this smart method of hacking.
After the results, the audit can also detect this hack. However, the cost of foiling the hack is much smaller than the cost of recovering from the consequences of a hack after it has been allowed to happen.
The second relief the petitioners asked for was a manual count of 100% vote slips and comparing the same with the CU count. The comparison would diminish the errors of the manual count.
The Supreme Court court order shows that the wisdom of comparison escaped their comprehension completely. This comparison would serve to foil the simpler, though a dumber, hacking of the voter pressing the button of one candidate and the vote in the CU being written of another party. In this hack, the vote slip of the correct candidate in a manual count would not match with the CU count. This hack is easy to catch. Therefore, it is not likely to be preferred by a sophisticated hacker.
It is a no-brainer that the hacker is not likely to be a run-of-the-mill type. The subversion of Indian elections can entangle trillions of rupees (the General Election 2024 is projected to cost $14 billion) and national security. The order allows only 5% of EVMs to be tallied manually in a constituency. However, it has directed the EC to evaluate bar code printing on the vote slips for possible machine counting in future elections.
The denial of this relief was not logical and penny-wise-pound-foolish. According to S.Y. Quraishi, the 100% manual count of vote slips cannot be compared with the paper ballot era when the ballot papers could be the size of a newspaper. With small VVPAT printed vote slips, it is feasible to finish counting within one day – watch here. By capping the manual count to 5% of EVMs per constituency, the chances of the second type of hack still remain. However, this is not as much a serious compromise as is the denial of the aforementioned relief of verification by the voter because that allows the smarter hack to still take place.
In a review petition, the first relief ought to be demanded. Perhaps, if a larger bench hears this petition, there would be more chances of convincing the judges.
The judgement has many other technical bloopers (for example, in para#22, the candidate data file is a bit map file. It cannot be so as the candidate name and ID, apart from the symbol, needs to be transferred). The language used in the Supreme Court order, in many places, seems to be that of BEL or ECIL engineers, as pointed out by Kannan Gopinathan in a recent interview to Poonam Agarwal.
