This article is written to try and clarify why EVMs being hackable or not is an irrelevant question in Indian elections. This is because the security of the system relies on external transparency and procedure rather than security of a computer system to make it work well.
For all requirements of this article I use the word Hack/Hacking in its most flexible form - as any form of unintended modification or control on a digital system. Even when done directly with direct access.
Challenges of hacking and EVM
The biggest roadblock to this is that the machine is a dumb hardwired system than a programmable smart system. This means that there is no software you can update but circuits you can change.
It is capable of only very limited operations of maintaining few states and maintaining count.
System can't differentiate between mock polls and real polls. Without this the hack will be caught in test mock polls done.
This means that inorder to hack the system the only way is to replace the principle circuitry/ motherboard with a system that can not only do more complex operations such as calculating redistribution of votes and update it but also be able to recieve some form of signal inorder for it to know that the current counting is the actual poll counting and not a mock test.
Procedures to prevent this at place.
All machines are publicly opened and checked by engineers of the designated manufacturers in front of the public and party representatives.
The machines are then put through mock polls to test if all functions are as per expectations.
The internal circuits of the control unit and the access to.them are then sealed using physical seals and security taping. The tapes are signed by representatives to make it a verifiable security system.
At this point the circuit inside the system is no longer modifiable without breaching the security seals and tapes.
The above four steps are executed at the FLC or first level checking procedure. The machines are from this point maintained under strict security in locker room with 24/7 surveillance.
These machines are then randomised at two stages to assign them to constituencies and again randomly assigned to polling booths.
Once the candidate list is final and ready the ballot units are opened and the ballot sheet with name and symbol of the candidates are added.
This is also when the VVPAT assigned to a booth recieves the symbols loaded in by Symbol Loading Units.
Both these happen in front of observers, public and party representatives and mock polls are carried out again before the ballot units are also sealed.
The machines are again stores under strong room procedure until poll date.
On the day of polls the presiding officer checks if all seals are intact and solid.
The PO then conducts a mock polls in the presence of representatives and public at the booth. The results are verified by the representatives and public.
The PO then clers the result using the clear button and checks if total votes are zero using total button.
Once this is done the PO seals the machine again with security bands and seals preventing access to - Result, Clear and Print buttons. Again signed and sealed by representatives.
At this point only the ready, close and total buttons are available.
After this the machines are again secured physically and maintained under strong room protocols. Until the dayoffountin when yh seals at chcked and reopened.
Challenge of beating such an operation.
While theoretically and technically with sufficient resource someone can try to interfere with this process within a small area or booths, execuing an attack at large enough scale to impact results becomes impossible.
Even that attempt would have to bypass these strinnt and publicly audited steps designed to keep suck actions away.
It's also noale hat he risk of executing his is immensely high compared to results attainable. This is majorly because you will need few dozens of trusted people cooperating with you to execute this. This type of schemes do not stay hidden simply because eof the number of people involved.
Hency such and attempt to hack the process of election via EVM manipulation is infeasible, and unrewarding.
Write a comment ...