Editor's Note: This article appears in the print edition of Firstpost. To read other stories from the paper, click here.
We were all riveted to our television screens this week as a masked ‘cyber expert’ proclaimed that the 2014 Lok Sabha election was stolen by the Bharatiya Janata Party by hacking electronic voting machines en masse. The evidence for his claims is conspicuously thin: we have no idea of the credentials of the supposed cyber expert or verifications of his hyper-real claims, including mass killings and assassinations.
But that hasn’t stopped plenty of people who should know better from buying the story that EVMs can be manipulated using low-frequency waves, which conspiracy theorists refer to as “military grade technology”.
This is because claims of EVM manipulation have become part of our everyday news cycle — science be damned.
The Election Commission of India has on several occasions explained the workings of the machines and even conducted hackathons inviting the sceptics to prove their claims. No one has been able to hack an EVM in these hackathons but that has done little to put an end to the conspiracy theories.
Such manipulation is simply not possible. The technology used in EVMs and the processes put in place by the ECI do not allow such hacking.
I speak from experience. I was a polling booth agent for the Aam Aadmi Party during the 2014 election. I have had extensive discussions with engineers who work on embedded software and device drivers. I also have 20 years’ experience in the technology sector.
First, the technology aspect. An EVM consists of a control unit and a ballot unit. The ballot unit is the one that voters use to pick their preferred candidate, or reject all of them (NOTA), and the control unit is where the vote is recorded.
Each booth at a polling station has a combination of the two units that are connected through a wire. The control unit has a piece of software listening on a port to receive a vote from the ballot unit.
Just because the control unit receives a vote over the wire from a ballot unit doesn’t in any way mean that it can receive a vote — or malicious code that can manipulate votes — wirelessly from another source.
For it to be able to do so, the control unit has to be explicitly designed and manufactured to be compatible with wireless mechanisms and protocols. That involves both a hardware component — called a Network Interface Card in average desktops, laptops, servers, etc — as a well as a software component that can listen for wireless messages.
The ECI has repeatedly said EVMs aren’t manufactured for wireless communication. Any potential “hacker” should have at least gone to the ECI hackathon and just opened up the machine to check for that.
Also, the code, which assigns a vote to a candidate, totals votes for each of the contestants and adds up the votes registered on a machine, is burnt into the chip. The device is “one time programmable”, which means this burning of code into the chip can only be done once per EVM. It is not the model where software is downloaded separately and installed and later upgraded.
Second, the poll process, which I have seen for myself. Each polling centre has multiple booths.
For instance, a school can be a polling centre and a room in the school can be a booth. Four election officials are present in each booth. In addition, an agent for each candidate is also allowed — I was the agent posted for AAP’s Bangalore Central candidate.
An hour before voting begins, the polling officer conducts a mock poll involving all the agents to ensure that the keys have been correctly mapped to candidates. The control unit is then reset and polling begins.
Once polling ends, the officer generates a receipt from the control unit that mentions the total number of votes polled in that booth.
The receipt is signed by each agent and the EVM sealed with a receipt inside it. Each agent is also given a written receipt, mentioning the number of votes polled.
On the counting day, candidates’ agents use these receipts to cross-check that the votes displayed by the EVMs are the same as those on their receipts and also that the main signed receipt is in the machine.
This ensures that no manual tampering can be done between the polling and counting days.
Let us for a moment assume a scenario of a possible hacking via wireless transmission.
Even if one were to assume that malicious code can be remotely injected into an EVM through wireless transmission, just thinking of what the code has to do starts to boggle the mind.
The code can’t just assign all votes or extra votes to a given candidate since the total is signed off after polling ends. This means the code has to be intelligent enough to dynamically rebalance the total number of votes in each EVM.
The injected code has to be aware of which candidate to assign more votes to and also the proportion in which the remaining votes have to be distributed so that suspicions are not raised.
The code should also know where exactly in the EVM is candidate information stored and also where the votes are stored.
As if doing it at an individual EVM level is not difficult enough, this manipulation has to be orchestrated across all machines in a constituency.
The total votes polled would have to remain unchanged even as the preferred candidate gets more votes. But, the mandate should not be flagrantly at odds with the mood of the people. This should hold true for all other contestants as well, including Nota.
Perhaps, the next time the ECI organises a hackathon, it should just bring some unprogrammed EVMs, ask these ‘master hackers’ to burn their code into the chip and demonstrate their master algorithm for such mass manipulations.
That would be a challenge worthy of the saviours of Indian democracy.
(The writer is a software developer and architect.)