India’s voting machines are open to fraud, says group

The electronic voting machines (EVMs) used in India are vulnerable to fraud, and it is important for votes to be counted in a manner that can be seen and verified, a group of experts said Thursday.In a collaborative study, a team of Indian and international experts has revealed that even brief access to the voting machines can allow criminals to alter election results.As details of the machines’ design have never been publicly disclosed, and they have not been subjected to a rigorous, independent security analysis, the experts said in a statement that their research findings acquire vital significance.These findings, they said, were at odds with the Election Commission claims that weaknesses found in other EVMs around the world do not apply to the Indian product.But the statement said the findings of this group’s research “clearly show that India’s EVMs are far from being perfect and suffer from serious security vulnerabilities”.
This collaborative study was performed by a team of researchers from NetIndia Ltd, based in Hyderabad, the University of Michigan in the US and a non-profit organisation in the Netherlands specialising in electronic voting related issues.India has around 1.4 million EVMs, which record votes only for internal memory and provide no paper records for later inspection or recount. Here, trust is placed in the hardware and software of the voting machines.The researchers said they had shown that the EVMs can be attacked, either by replacing a small part of the machine with an identical component that can be silently instructed to steal a percentage of the votes in favor of a chosen candidate.These instructions can even be sent from a mobile phone.Another attack would involve the use of a pocket-sized device to change the votes stored in the EVM between the day of polling and when the votes get counted.“The simple design of the EVMs lends itself for such attacks. Our study has demonstrated two attacks on the EVMs. More such attacks are possible. These attacks are possible despite the existence of procedural checks and safeguards that the Election Commission has introduced,” said Hari Prasad, a computer engineer from Hyderabad who organised the study.The design of EVMs relies entirely on physical security of machines and the integrity of election insiders, including private technicians hired by the EVM manufacturers.The EVMs have no provisions for storing secrets to prevent manipulations by attackers having physical access to the machines.Rop Gonggrijp, a security researcher from the Netherlands, said: “Such machines have already been abandoned in Ireland, the Netherlands, Germany, Florida (US) and many other places. India should follow suit.”Gonggrijp added: “Computers can be programmed to count votes honestly. But since nobody can watch them, they might just as easily be programmed to count dishonestly.”Political analyst G.V.L. Narasimha Rao said the distrust among political leaders of all hues on voting machines was high. “It is about time India shunned paperless voting to make its election outcomes credible and verifiable.”
======================================================