New Delhi: Two Computer scientists associated with US non-profit Verified Voting named as Barbara Simons and Mark Halvorson says that any electronic voting machine (EVM), which is essentially a computer with a clock, can be manipulated with malware, rigging devices and software programmes and are vulnerable to be hacked.
Random investigation of VVPAT units in 182 booths out of 50,264 in Gujarat, effectively less than one per cent, is not statistically significant enough to decrease doubts, say American computer scientists.
Scientists replied while disagreeing with the Election Commission of India’s stand that EVMs cannot be tampered with, “EVMs are computers and all computers can be tampered with” in an email interviewed with National Herald.
They reply to question that “The software or hardware in the EVM is vulnerable to tampering during manufacturing, transport, storage and at the booth. Depending on the security of how it is sealed after polling, it most likely is vulnerable then too.”
Asked if there could be a rational explanation for EVMs recording votes for the same candidate or party irrespective of the votes cast, they replied that this could be due to software bugs or vote-rigging software in the computer. At the same time this could also be due to malfunctioning, poor storage, high temperature conditions, poor maintenance etc.
Asked if the EVMs can function perfectly well up to a certain time and then transfer all the votes or most of the votes to a single party, the scientists said, “Yes, because all computers have clocks. Election rigging software can be told when the election will occur, and the software can track that date on its internal clock.
The software can tell the computer in the voting machine to behave correctly until the election. During the election the software can instruct the voting machine to change votes, and then after the election it can revert to correct behaviour. It is not difficult to write such software.”
“There is the risk of a supply chain attack that could insert back doors, and physical hardware attacks that exploit the low-cost nature of the EVMs to introduce low-cost malicious hardware”, in reply on whether an Electronic Voting Machine can be hacked by remote from a distance, the scientists added. See Security Analysis of India’s Electronic Voting Machine. That paper demonstrates that the hardware could be tampered with in a way that adds a low-power radio and would allow subsequent elections to be tampered with from a smartphone.
They said that, The introduction of VVPAT is useful only when every EVM as universal and also if a manual counting of a ‘statistically significant’ number of VVPAT units is done after the election and ‘before the election is certified’ to ensure that the units functioned properly.
As claimed by ECI, “VVPATs provide essentially no security unless they are used to check the machines. A Risk Limiting Audit is a manual audit that examines a statistically significant number of VVPATs to check that the machines are recording and counting the votes correctly,” they explained.