Both the Election Commission of India and the Supreme Court have fallen short, and they have imperilled Indian democracy.
The Electronic Voting Machine (EVM), created by ECI, being a ‘gold standard’ and its existing processes being ‘fool-proof’ are myths the SC bought into, despite these being questioned by experts, members of civil society and multiple petitioners. ADR (Association of Democratic Reforms), the lead petitioner, was ignored for a year. Ultimately, the two-judge bench of SC which seemed in no hurry to deliver its judgment, started hearing the ADR’s and two more tagged petitions, on April 16, two days before 2024 general elections commenced, and after 10 days, it delivered its judgment on April 26.
The proceedings, in the court of Justices Sanjiv Khanna and Dipankar Datta were indicative of what was coming. The SC’s two-bench order dismissed all petitions and instead offered an ‘EVM audit’ option for the losing contestants. The ‘EVM audit’ conditions mentioned in the order make a strange reading – the conditions render the audit technically absurd and due to the composition of the audit team, quite untrustworthy. Before understanding the ‘EVM audit’ as the SC envisages it, let’s consider the much better alternatives that would have assured the integrity of elections, but were rejected.
Affirming their own faith in ECI and the EVM, the judges issued directions to the ECI for post-result audits of EVMs. It is noteworthy that the petitioners had prayed for none of this.
A flawed judgment
The following predictions can be made on the possible scenarios awaiting the declaration of results on June 4.
The INDIA alliance loses, or the National Democratic Alliance led by the Bharatiya Janata Party loses. Both scenarios will trigger massive requests for EVM audits. Since audits will be a technical absurdity and auditors untrustworthy, a maelstrom is going to hit ECI.
The SC said:
- a) On completion of the symbol loading process in the VVPATs undertaken on or after 01.05.2024, the symbol loading units shall be sealed and secured in a container… They shall be opened, examined and dealt with as in the case of EVMs.
(b) The burnt memory/microcontroller in 5% of the EVMs, that is, the control unit, ballot unit and the VVPAT, per assembly constituency/assembly segment of a parliamentary constituency shall be checked and verified by the team of engineers from the manufacturers of the EVMs, post the announcement of the results, for any tampering or modification, on a written request made by candidates who are at SI.No.2 or Sl.No.3, behind the highest polled candidate.
At present, the ECI has not published any document describing details of the audit process it will follow.
However, the very proposition of a post-result audit of EVM and Symbol Loading Units (SLU) in the context of EVM system is a non-sequitur. This is because you can only audit a device that is currently in the state of being hacked and not one which was hacked and sanitized before being presented for an audit.
Also read: It’s Time the Innards of the EVM Stopped Being a Secret
It must be assumed that hacking of EVM systems will not be attempted by a run-of-the-mill hacker. At stake is national security or an election that costs Rs 1.2 trillion. The two can, in fact, get entangled.
A high-level hack leaves no smoking gun behind. Field staff commission 1.2 million EVMs (one per booth) by using SLUs over a two-week period. Two to five SLUs are deployed in each constituency. Each District Election Officer or Returning Officer connects their laptop via Internet to the ECI’s central server to download the candidate data file that is then copied into SLUs.
Thus, it is eminently possible to infiltrate VVPATs (Voter Verifiable Paper Audit Trails) with self-destructive malware and then remove the malware payload from SLUs. Therefore, only sanitized SLUs with legitimate candidate data files will be sealed after the closing of polls in each constituency. A self-destructive malware is one which erases itself from the device’s memory upon receiving a trigger, for e.g. when the ‘Close Polling’ button is pressed by the Polling Officer on his Control Unit (CU) – the malware on the connected VVPAT could self-destruct. Therefore, after poll closing, the EVMs and SLUs sealed for the audit envisaged by the SC will all be sanitized with no evidence of any malware or hack.
More absurdities
First, contrary to what the SC said, the audit should be done on the full device and not just the ‘burnt memory/microcontroller’. This is because a device like VVPAT has additional programmable memory. A malware can sit in the additional memory and make the machine misbehave, leaving the ‘burnt memory/microcontroller’ intact.
Secondly, there was no compelling reason for the judges to require the audit team to come from the manufacturers of EVMs which happen to be ECIL and BEL, enterprises which are owned by the government. One of them has BJP members on its board.
The audit could have been done by independent engineers who could have been provided with a healthy set of EVMs – because then they could have compared the object code running on them with the suspected EVMs and detected tampering. It was not necessary to part with source code. Any sophisticated hacker can reverse compile the object code from stolen EVMs (a RTI query had revealed that between ECI, BEL and ECIL 1.9 million EVMs are missing) and write malware to make the EVM misbehave. Malware could work with multiple parameters – constituency, party to steal votes from, party to favour, date, time, rate of voting and so on. The misbehaviour, therefore, cannot be predicted without the knowledge of programme logic and parameters used.
More on the three types of hacks and audits necessary to catch them can be found here. The ballot stuffing method requires an audit of the timestamp of the vote record in CU versus the timestamp in the printed vote slip – they must match, and they must be spaced apart by at least 15 seconds. As per ECI submissions, the maximum rate of voting the system is designed for is four votes per minute.
The SC’s directions to ECI for sealing of EVMs and SLUs commence from May 1. So, what will happen to contestants whose constituencies’ polling finished in April?
It is likely that the SLUs do not have device IDs. Thus these are not mentioned in Form17C Part I. At present, the Form 17C itself is something the EC has held is unnecessary. At the close of poll, Form 17C Part I has to be filled in, duly signed by the Presiding Officer, the Polling Officer, all present Polling Agents of contestants. This form mentions all three EVM machine IDs but there is no mention of a SLU ID. If Form 17C Part I is not placed in public domain before the devices are sealed and moved, it would leave the door open for manipulation – vote count inflation, even switching the EVMs.
Also read: ‘Mischief’ in the EC’s Argument: The Commission Has Contradicted Its Own Handbook
Poonam Agarwal, an investigative journalist, interviewed polling agents who did not sign Form 17C. They said no one asked them to! It is confounding to find that ECI does not require the Presiding Officer to sign the Form 17C using their Digital Signing Certificate.
SC directions to the ECI do not mention this: The audit must include examination of signatures on Form 17C Part I and match them with machine IDs, and the total voters – registered and votes cast.
The ECI portal should host a table with the columns of constituency name, booth ID and scanned form 17C Part I duly signed by the Presiding Officer and Returning Officer. Form 17C Part I total vote count must match the CU total vote count. Is ECI innocent about the importance of Form 17C Part I being signed and shared with the citizens of India or there is more than meets the eye?
Let us not forget that auditors without integrity can allow malware to be copied into SLUs and then report tampering in that constituency to please the challenger (a losing contestant). Since SLU is utilised across the constituency, will the ECI declare a repoll in that constituency in such a case?
Can the ruling party with control over the auditors countermand an entire election by the simple subterfuge of arranging copying malware into a few dozen SLUs?
Anil Srivastava is a software professional based in Ahmedabad.