Sunday, September 1, 2019

The Case Against Electronic Voting

There is a lot of debate on the pros and cons of electronic voting. Those promoting the idea point to the fact that we will get results quickly, that the chances of errors are fewer, less cumbersome, cheaper, saves paper etc. But here are some reasons why electronic voting is a terrible idea.

I'm not making a Luddite argument here. The fact that paper voting is centuries old, means that nearly every attack against the process has been thought of and countered. It takes too much effort and too many people to rig at the scale needed to make it feasible in a country as large as India. And whenever you have too many people involved, that conspiracy is bound to break down sooner than later.

With electronic voting, you may not need as many people to do this, If you have access to the machines at the right time, you could replace the software and even the hardware that can steal an election without anyone being any wiser.

Auditing the software

Right now the software that drives the EVMs is closed source. The Election Commission believes that hiding the source code is a way to ensure sanctity of the electoral process. The problem with this is that you and I and most certainly the average voter do not know what goes in the software - whether it is designed to steal a certain percentage of votes - is baked into the software. The counter-arguments to this are: a) that machines are tested on the spot; b) randomized; and c) there is no way to input anything except the ballot button.

The software could be designed in such a manner that the malicious code stays dormant till a certain sequence of votes are cast which instruct the malicious code to activate and start stealing votes for the party in question. For example, let's say there is a five-vote sequence, which goes ADBCB, with the last button in the sequence carrying the instruction to steal votes for button B.

You could write malicious software that lights up correctly, while what gets recorded is something else altogether.

Let's say we make progress from here and the Election Commission decides to open-source the software and everyone goes over it with a fine-toothed comb. Does it solve the problem? Well, not really.

There is no guarantee that the software audited is what has been burned on to the chip that is running the machine. Who created the chip? Was it done by the EC? No. Was it done by a government-owned company? No. Was it done by an Indian company? I honestly don't know the answer to this.

Between the point at which the software gets audited and is sent to the chip factory, did it get changed? Is there an audit trail that guarantees it hasn't been changed? No.

The machine that is in front of you, does it run the same software as the one that was meticulously audited? Did the software/chip get replaced during the maintenance cycle? If your answer is the voter should check the checksum, you now need to trust the software that checks the checksum. And honestly, checksums! That's pretty much beyond 99.99% of the electorate.

The next defence of EVMs is the VVPAT (Voter Verifiable Paper Audit Trail). Except, the EC NEVER plans to count them all. They have arrogantly resisted all suggestions that we do indeed count 100% VVPAT to ensure transparency and voter satisfaction. If everything is hunky dory, what is the EC afraid of? Count everything. Right?

However, there's the possibility of yet another layer of software interference here. The problem with VVPATs is not only the non-counting of the slips. The problem is also that we have no way of verifying if the machine has printed something other than what you voted for.

Now we have two things to worry about. The possibly incorrect electronic record and the possibly incorrect VVPAT slip. There have been reports by various people on the social media site Twitter, including a retired police officer, who have said that the VVPAT slip showed a symbol different from the one they voted for on the EVM.

There is no way to remedy this. People who complain are threatened with jail. There is no provision under Indian laws to do this. But this doesn't prevent the EC from citing incorrect laws to shrug off or suppress complaints.

After all this we have the totaliser machine. Again you have software, with all the same problems as before, that will read bits on the EVM and pronounce the result-whether this count is okay, or not. No one knows, because we don't know how the software behaves inside the black box. So now you have three pieces of software to worry about - the one running the EVM, the one running the VVPAT, and the one running the totaliser machine.

The one thing we must all remember is this - if the stakes are high enough, someone will invest time, energy and resources to win those stakes. And no stakes are higher than to influence the process of who gets to govern India.

No comments:

Post a Comment

Time for a cold shower

Last week Russia invaded Ukraine and the western world reacted with alacrity to try and stop Russia. Not by launching a physical counter str...