It is the season of elections. The New Year of 2019 will see elections in countries from as varied as Nigeria to Israel to the European Union. But closer home, the Indian General Elections which will be held in the summer months will probably be the most significant. Elections in the world’s largest democracy have always captured world attention and this election promises to be no different.

Elections in India can get controversial and nothing exemplifies this more than the tool used for voting in the first place – the Electronic Voting Machines (EVMs). A simple electronic device for counting votes, an EVM consists of a control and balloting unit, joined by a cable. Powered by an alkaline battery, voters press labeled buttons of candidates to indicate their choice which is tabulated by the ballot unit. The process sounds simple, but since their implementation in 1999, it has been mired in controversy.

Suspicion and questions

Recently, there was a lot of controversy surrounding the tampering of EVMs in the 2014 general elections. Political parties, depending on the result of the election, are always quick to raise suspicion about EVMs’ security. On the macro level, this can have a discouraging effect on voting as a whole as aspiring voters can often be discouraged about this constructed lack of credibility and choose not to vote.

But is there any truth to these claims?

For what it is worth, the Election Commission of India has studiously rejected claims that EVMs can be tampered with. They have backed up their statement by pointing to various features of an EVM and measures used during polling which prevent tampering. Some of these include:

• A vote is counted only once for a person on the press of a button. Multiple presses of a button cannot lead to multiple votes.
• The operating program of an EVM is etched permanently in silicon after manufacturing and no one, not even the manufacturer, can change the program once the unit is manufactured.
• Polling officers control the balloting unit and can press the “close” button, if they sense any trouble, ensuring that the system does not accept any more votes.
• Votes are recorded in a randomized fashion in an EVM, hence making it impossible to program an EVM to receive votes to one particular candidate
• Many other checks and balances are provided for EVM voting

Additional measures

Despite the number of ways in which EVMs are manufactured and designed to prevent tampering, questions continued to be raised about EVM tampering. The Election Commission of India decided to introduce another layer of security in the 2010s called the Voter-Verified Paper Audit Trail (VVPAT). The VVPAT allows each EVM to record each vote by generating a voter slip which is displayed to the voter. This serves two purposes: voters are immediately assured that their voting choice has been registered while these slips are collected and can be tabulated at the end of the voting process.

Of course, in a country with a breadth and width as large as India, lakhs of EVMs are pressed into operation during a General Election and invariably, there will be some that glitch and may not work properly. But that cannot be termed as proof of EVM tampering – it basically means the machines did not work properly and the ECI tries to replace these machines on the spot. Reports of EVM machines being hacked continue to be unfounded with no specific proof of these being hacked.

Since EVM design does not support usage of any wireless technology (like WiFi, Bluetooth etc.) it cannot be hacked remotely over wireless technology. Thus, we can rule out the possibility of a remote hacking of the EVM. It is difficult to hack the EVM, unless one obtains physical access to it and tampers its build and contents. Poor physical security can also be a possibility for tampering paper ballots. Thus, physical security of the voting centers and EVMs is of utmost importance. In conclusion while one cannot say with utmost certainty that EVMs cannot be hacked, it is true that EVMs are possibly the best voting system in existence currently. While they may have their flaws, their in-built checks-and-balances provide for a system which makes it extremely hard to tamper or hack them.

Seqrite is the enterprise security brand of Quick Heal Technologies Ltd., which offers
world-class enterprise cybersecurity solutions.

This is the third article in the #SeqriteonElectionSecurity series. Watch this space to get more updates on the protection of elections, citizens, and voting infrastructure from cyber attacks or cyber threats.