Kolkata: For a while now, concerns have been raised over the Electronic Voting Machines (EVMs) and VVPAT (Voter Verifiable Paper Audit Trail) used by the Election Commission of India (ECI), with some claiming that they could be tampered with or were not reliable.
Adding to these concerns is a new piece of information revealed by former IAS officer Kannan Gopinathan, raising serious questions over the ECI’s claim that EVMs are stand-alone machines which are neither accessible remotely from any network nor can be connected to any external devices. However, with the introduction of VVPAT, these claims do not hold as these machines are apparently connected to laptops or symbol loading units (SLUs).
VVPATs were inducted into the electoral process in 2013 to provide an additional layer of scrutiny against possible EVM manipulation. They allow physical tallying of votes.
In a series of tweets, Gopinathan claimed that with the addition of the VVPAT mechanism, the voting process became “vulnerable and suspicious” instead of the being strengthened.
Information on the ECI’s website says, “EVMs are stand-alone machines which are not accessible remotely from any network, are connected with any external devices and there is no operating system used in these machines. There is, therefore, absolutely no chance of programming the EVMs in a particular way to select any particular candidate or political party.”
However, the VVPAT user manual prepared by the Bharat Electronics Limited (BEL) under the authority of the ECI mentions that a “laptop computer/desktop PC” is required for the commissioning of VVPAT.
Another VVPAT manual presentation prepared by BEL gives detailed instructions as to how the VVPAT is to be connected to a device called symbol loading unit (SLU) and then how the SLU is to be connected to the laptop. It says, “Connect the Symbol Loading Unit (SLU) to PC port marked on SLU with the 9 pin serial cable (BU cable). Select VVPAT M3 in the main menu of the Symbol loading unit. Select ‘Load Symbols from PC’ in the successive menu. Select the COM port and click on Load VVPAT slips in the application of PC/Laptop. Wait for the loading to get completed.” Later the SLU is connected to VVPAT.”
From this, it is clear that an external device (laptop/desktop) is connected to the VVPAT to load symbols. And this is the reason, Gopinathan says, “chance of manipulations increases.”
In the pre-VVPAT era, EVMs [both Ballot Unit (BU) and Controlling Unit (CU)] were truly standalone machines. When the blue button is pressed on the BU, the CU registers a vote. The machine wasn’t aware of the candidate or symbol.
The above scenario does not hold true any longer. When the blue button is pressed on the BU, the VVPATs print the name and symbol of the candidates. So the machine is now aware of which button contains which candidates and what is the symbol. Now the VVPAT registers a vote in the CU.
VVPATs has a simple processor, a memory and printer unit. It has a memory because serial numbers, names and symbols of the candidates need to be loaded on to it before polling.
“VVPAT has a processor and a programmable memory. If it has a processor and a programmable memory, there is a chance that it can be manipulated. The system is therefore not foolproof,” said Gopinathan.
In a presentation in 2019, the ECI claimed that BUs and CUs can only communicate among themselves and will go into error mode if connected to any other machine. Gopinath asked if that is so, how are EVMs working even after the introduction of VVPAT machines.
The ECI has maintained that their EVMs are robust and tamper-proof and even the manufacturers cannot manipulate them at the time of production. But strangely, the ECI has not responded to concerns raised by Gopinathan, journalists and civil society activists.
In the light of Gopinathan’s claims, The Wire tried to contact ECI spokesperson Sheyphali Sharan to clear the air but she could not be reached. A questionnaire was sent to the ECI via e-mail. The story will be updated if and when a response is received. The Wire asked:
1) if EVMs are stand-alone machines and not connected to any external device. How is the Symbol Loading Machine (SLU) connected to it then?
2) if EVMs have one time programmable (OTP) chips and it cannot be re-written/modified/erased, how and where are the symbols and names of candidates stored, which the VVPATs print?
3) if BUs and CUs can only communicate among themselves and will go into error mode if connected to any other machine. How after the introduction of VVPAT, EVMs are still working?
“If I am wrong in any of my statements, ECI has the duty to counter me & prove me wrong. And if there is truth to what I am saying, then acknowledge it & take steps to improve. The whole process of election is based on trust. People of India trust ECI, so for sake of people and to uphold the trust, the commission must clarify,” said Gopinathan.
Last month, the Citizens’ Commission on Elections (CCE), a civil society group of retired judges, former civil servants, university professors, senior journalists and activists, while releasing a report on the ‘fallibility’ or ‘vulnerability’ of EVMs and VVPATs said “EVM voting should abide by principles of democracy.”
M.G. Devasahayam, the co-ordinator of the Commission, had told The Wire, “In recent years, India’s democracy has been called into question by international watchdogs.” He said the group is advocating the right to a free and fair election. “The electorate must verify their votes as people are sovereign in this republic. With this report, we are trying to make people aware of the current electoral process and what needs to be done to ensure voters’ confidence,” he had said.
Speaking to The Wire, former chief election commissioner T.S. Krishnamurthy said, “If the information is not comprising the inherent security mechanism of the system, the ECI can certainly clarify these issues to satisfy the public and political parties.”
Another former chief election commissioner N. Gopalaswami told The Wire, “It has not convincingly been proven anywhere that the machine can be tampered with. It is all in the realm of imagination. If for every imagination, the election commission has to answer, they will not be able to conduct elections and will keep answering all these imaginary allegations.”
Cybersecurity researcher Sandeep Shukla, after going through the document furnished by Gopinathan, said “The VVPAT unit is connected to a PC to load candidate names and symbols using a software. The VVPAT is then connected via data cable to both the CU and BU. Now, the question is who tests the security of the application and the PC connected to the VVPAT while symbol loading? Do the election officers have adequate knowledge?”
Shukla further observed that if during the process of loading symbols, the VVPAT memory gets a “memory resident short program” to manipulate the BU, then through the data cable connecting the VVPAT to the BU controlling can be done.
“This may or may not be possible depending on the processor and drivers in the BU. But the question definitely arises in the mind, whether the idea of connecting a machine with the BU and the CU with data cables where the machine was connected to a PC would have guaranteed security? Note that I am not saying the scenario which I think is real, but is a possibility. An opaque system defeats the purpose of universal franchise,” Shukla told The Wire.