India is rapidly digitising. There are good things and bad, speed-bumps on the way and caveats to be mindful of. The weekly column Terminal focuses on all that is connected and is not – on digital issues, policy, ideas and themes dominating the conversation in India and the world.
The Indian Supreme Court recently dismissed the hearing of a petition requesting the audit of electronic voting machines (EVMs). A three-judge bench, headed by Chief Justice of India D.Y. Chandrachud, disallowed the petition from being heard on the ground that disclosing the source code of EVMs would allow malicious actors to circumvent the security of the machines.
Security through obscurity
The court’s decision has been met with criticism for relying heavily on the principle of ‘security through obscurity’ – an approach which assumes that if a system’s functioning is not well-known, it will be more secure – and for seemingly prioritising secrecy over transparency in the electoral process.
The petitioner, Sunil Ahya, criticised the current processes that are in place for auditing the functioning of EVMs, where the Technical Evaluation Committee (TEC) of the Election Commission of India (ECI) – a body which is responsible for designing the system and writing the software for it – is also solely responsible for auditing it.
The three-judge bench justified its decision on two grounds. First, that there was “no material before [the] Court to indicate that the Election Commission is not taking suitable steps to fulfill its mandate,” and second, that revealing the source code could potentially compromise the electoral process by exposing security vulnerabilities in EVMs that malicious actors could exploit.
The benefits outweigh the risks
While declining the consideration for the plea to be heard, the three-judge bench stated, “If we start putting out the source code in the public domain, you know who will be able to hack that.” While this line of reasoning may have some merit on face value, it can be argued that the potential risks associated with disclosing the source code of EVMs are vastly outweighed by the importance of ensuring the integrity and credibility of India’s electoral process.
Publishing the source code of EVMs would help build trust in the democratic system by allowing independent experts to scrutinise the functioning of the machines and ensure their integrity.
Integrity of EVMs
The issue of secrecy surrounding the machines has fuelled suspicions about their reliability while raising questions as to whether they could have potentially enabled manipulation or disruption in past elections. A system for verifying that the source code for a given machine has not been tampered with, or the internal circuitry changed, must also exist.
Given the critical role of EVMs in India’s elections, it is essential to have a transparent process for examining the inner workings of such machines. There should exist procedures for conducting formal verification that the source code presented to the public is indeed the same code programmed on the microcontrollers of actually deployed voting machines. This is before supply chain attacks are even considered, which can have severe consequences, such as potential manipulation of election results or disruption of the electoral process. It is essential to implement robust measures that protect EVMs from unauthorised access, tampering, and malicious attacks throughout the entire supply chain.
A checkered past
The ECI has a checkered track record with the security promises of EVMs. In 2010, security researcher Hari K. Prasad, along with J. Alex Halderman and Rop Gonggrijp, demonstrated two distinct attacks on an actual second generation EVM. The EVM was supplied by an anonymous source – presumed then to be an official at the Election Commission – and the vulnerabilities in the machine had to be examined in less than a day’s time. Prasad was arrested following his demonstration on charges of theft. While the second generation of EVMs have since been phased out, Prasad has continued to advocate for greater transparency and security in Indian elections. In 2019, he stated that even the newer, third generation voting machines, might still be susceptible to hacking, emphasising the need for continuous vigilance and scrutiny of these critical instruments of democracy.
DEFCON and the Voting Village
In countries such as the United States, hackers have been invited to perform security audits of various types of EVMs used around the country, without any significant security breaches or vulnerabilities having been exploited by adversaries as a result.
At DEFCON – the largest convening of hackers and security professionals in the world, held annually in Las Vegas, Nevada – the Voting Village has for years now invited conference attendees to try and uncover security vulnerabilities in various types and models of vote casting and counting machines.
Many attempts at finding security vulnerabilities in voting machines at the Voting Village have been successful. Even an 11-year old, named Emerett Brewer, hacked a replica of a particular type of voting machine at the Voting Village in 2018.
Efforts such as those of the hackers at the Voting Village provide great insight into the technological backbone of the electoral process, while also ultimately resulting in greater security for the voting machines that get tested.
Ensuring the security and integrity of EVMs is crucial in maintaining trust in democratic processes. The fact that creating such an ecosystem is possible in countries such as the US suggests that there may be ways for the ECI too to open up the EVM to scrutiny while protecting sensitive information.
The road ahead
The Election Commission has continued to flirt with the idea of introducing Remote Electronic Voting Machines (RVMs) to enable migrant voters to exercise their right to vote. Many parties across the political spectrum are, however, vehemently opposed to this idea – and with good reason. The process by which the ECI conceptualises and introduces new technology is opaque and secretive, when it ought to be open and transparent. The introduction of remote voting can be a boon for migrants, but it also has the potential to introduce a variety of new threats to an electoral landscape which is already quite complex.
In light of all this, it is crucial for India’s judiciary and election authority to reevaluate their stance on the auditing processes of EVMs and disclosure of source code. By prioritising transparency over secrecy, the judiciary and the ECI can help build trust in the democratic system and ensure that future elections are conducted fairly and accurately, with all possible measures in place to safeguard against potential efforts at interference or manipulation.
Karan Saini is a security researcher and technologist from New Delhi, India.