Can You Really Hack EVMs?

A lot has been said about the Electronic Voting Machines (EVMs) used in India, most recently by those who lost in the recent Assemble elections. While it is the finally the duty of the Election Commission of India (ECI) to dispel these rumours relating to EVMs being manipulated or ‘hacked’, let us take a look at whether they can be taken seriously or not.

Why EVMs in the first place?

The core advantage of EVMs over the traditional ballot paper system is portability, reduced costs and faster counting. In simple terms, the ECI no longer has to maintain a printing press to print the ballot papers, transport them to the polling booths and then carry the sealed ballot boxes to the counting centre, where they are to be counted. This is the exact same reason why transport bodies have moved from issuing punched tickets to printing them using a machine.

In the case of transport, under the earlier system, tickets of different denominations had to be printed, carried across several districts, and after being issued, the conductor would have to manually count the number of tickets sold and enter them on to a trip sheet. In the case of elections, the same applies, except instead of accounting for number of tickets sold, the number of votes per party has to be counted. This gives rise to two possible issues: 1. Human error, where the counting agent might accidentally mark a vote against the wrong party. 2. Malicious intent, where a counting agent either paid by a party or candidate or sympathetic towards a party might mark a vote against the wrong party. The sole purpose of EVMs is to make life easier for those involved in conducting the election process, thus making it cheaper and faster for the ECI.

Introducing the Electronic Voting Machine

Data from the ECI website on the functioning of EVMs answers the basic questions. The EVMs that India uses are jointly manufactured by Bengaluru-based Bharat Electronics Limited (BEL) and Hyderabad-based Electronics Corporation of India Limited (ECIL). A patent was issued to Gadde Raja Koteswara Rao of ECIL in 2001 for the invention.

The basic design of the EVM is simple. It operates using a six volt alkaline battery making it operable in places where there is no power. It can record 3,840 votes, far greater than the maximum number of electors at a polling station which is normally 1,500. A single EVM can support up to 16 candidates and a total of four such EVMs can be connected to each other to support a maximum of 64 candidates per constituency.

The EVM consists of two separate units, A Balloting Unit (BU) and a Control Unit (CU) that are connected by a five metre-long cable. Once a voter casts his/her vote using the BU, it is stored in the CU, thus ensuring that even if there is a malfunction, the BU can be replaced with a new one. An electoral officer covering 10 polling stations carries spare EVMs in such a scenario. The CU’s main purpose is to turn on the BU so that a voter has cast his/her vote. Once the vote has been cast, it is automatically deactivated till the next voter is verified against the electoral rolls and the officer-in-charge activates it again.

Can EVMs be hacked?

Now, the main point. No, an EVM cannot be hacked, or manipulated the way most of the losing politicians have claimed. For any device to be hacked, there has to be a connection between the hacker’s device and the device to be hacked. In the case of EVMs, the only connection is the cable connecting the BU and the CU, nothing else. There is no connection between the CU and the outside world as well, till it enters the counting centre. The BBC report from 2010 claiming that an American scientist ‘hacked’ into an EVM clearly states that the ‘scientists’ changed the components of the device and then manipulated it. While the report itself manipulated facts, it is clear that the device that was ‘hacked’ was not a standard ECIL or BEL developed EVM used by the ECI.

So how can we say the EVMs are secure?

The answer is simple. The only way an EVM can be tampered with is by physically opening it up and replacing the chipset inside it. The chipset used is non-reprogammable and data is ‘burnt’ into the device.

Further, the allegation made against them is: pressing any button would transfer all the votes to one candidate. The order of the candidates is randomly selected after the last date of filing and withdrawing nominations. Further, the EVMs are checked if they are working fine, in the presence of the candidate or their representatives and only after they are satisfied, they are sealed. This process is repeated at different stages right until the day of voting. This makes them virtually tamper-proof. The programming of an EVM is permanent and thus it impossible to transfer votes to other candidates, or for it to change which party or candidate the vote is registered against mid-way.

Enter the VVPAT system

In order to make the process more reassuring, the ECI introduced the Voter Verified Paper Audit Trail (VVPAT) system in select constituencies starting with the 2014 general elections. Under the VVPAT, once the voter presses a button, the candidate’s name is printed on a slip of paper, shown to the voter and then dropped into the box below. It functions as a secondary step to allow the voter to know that they voted for the right candidate and then goes out of view.

ECI explainer on VVPAT:

Under the erstwhile paper ballot system, manipulating was far easier that it is with an EVM. Besides, the first major elections that used the EVM, the 2004 General Elections saw the incumbent Vajpayee government lose, making it quite clear that the system is far better than it is given credit for. Most political parties’ claim, today, that all the votes went to the BJP would be foolish given the outcome of elections in Tamil Nadu, Bihar, West Bengal, Kerala and the National Capital Territory of Delhi that were held in the last two years. Further, given what happened in Jharkhand in 2005, it is again foolish to assume that the current opposition parties aren’t innocent of such crimes.

Moral of the story: The next time any politician says ‘EVMs are tampered with, or hacked’, simply remember the folktale about the fox which couldn’t reach the grapes and then went away claiming that they were sour anyway.