P.S: Since some of my comments on EVM made recently had raised some
observations from some circles which required an elaboration of my stand, I am
providing the following clarifications as a personal opinion as an ordinary
citizen of India....Naavi
Background:
I refer to the PIL recently filed in Supreme Court raising objections on the
existing EVMs and a prayer that the entire process should be annulled and
repeated in Paper Ballot form or re design the EVMs with paper trails and hold
the elections using a new machine.
While I appreciated the concern of the petitioner that there is a possibility
of tampering of the EVMs and this issue needs to be addressed, it was
not possible for me to accept the contention that there was such a wide spread
deliberate misuse of the system so as to warrant the cancellation of the
elections at a stage when two phases of the poll had already been completed.
I therefore suggested that the prayer in the PIL needs to be modified to seek
a direction that EC should take up a proper review exercise of its system
through an appropriate body of experts soon after the completion of the
current election process and not for canceling the election.
The Supreme Court has now disposed off the petition and suggested that if the
petitioner makes a presentation to the EC, it may consider the suggestions.
I welcome this decision of the SC and wish that the petitioners take up the
issue with the EC soon after the current election process is over.
A Proud Achievement
The use of EVMs in Indian election process was a natural development of use of
IT in the e-Governance process. There has been lot of hard work and dedication
behind the development of the system for which the public sector employees of
ECIL and BEL must be given credit for. The very fact that it was possible to
use the EVMs in the entire election process of 2004 has bewildered the whole
world and raised comments such as "US can outsource their election
process to EC".
We as Indians must feel proud of such an achievement.
The Criticisms
On the other hand some of the critics of the EVMs are today imply that this
facilitates and has been used for a large scale rigging of the elections. It
is alleged that the machines are mal-configured to record votes wrongly in favour of one candidate over the other. Since this cannot happen except with
the connivance of the EC and BEL officials, such an allegation casts serious
aspersions on the integrity of the officials involved.
I suppose this is an unfair criticism.
Even though I will be suggesting some modifications in the EVMs, I wish to
make it clear that I do not subscribe to the view that the officials of BEL or
the EC are deliberately rigging the EVMs. One of the observers called my faith
on BEL officials as "Touching". Let me admit that I do hold a strong
opinion that criticising public sector employees for their integrity is
an unhealthy fashion amongst some and I do not fall into this category. I am
aware that there are as many if not more bad sheep in the private sector than
the public sector. The number of honest persons in the public sector is far
more than in the commercial private sector (Excluding the voluntary activists
and some NGOs).
With this background about my intentions, let me now state why I consider the
current generation of EVMs as "Perhaps not Cyber Law Compliant". These views
may be taken as the views expressed for debate and I do not reject any
alternate view.
ITA-2000 and EVMs
Before the passage of ITA-2000, there was no legally accepted object called
"Electronic Document" for which certain provisions of law applied. The current
EVMs were developed in this pre-ITA-2000 era. But after October 17,
2000, the legal scenario has changed.
Section 2(h) of the ITA-2000 states as under:
"Electronic Form" with reference to information means any information
generated, sent, received or stored in media, magnetic, optical, computer
memory, micro film, computer generated micro fiche or similar device;
Section 2(t) of the ITA-2000 states as under:
"Electronic Record" means data, record or data generated,
image or sound stored, received or sent in an electronic form or micro film
or computer generated micro fiche;
Section 2(l) of the ITA-2000 states as under:
"Computer System" means a device or collection of devices, including input
and output support devices and excluding calculators which are not
programmable and capable of being used in conjunction with external files,
which contain computer programmes, electronic instructions, input data, and
output data, that performs logic, arithmetic, data storage and retrieval,
communication control and other functions
The above reading makes it clear that the EVMs can be considered as "Computer
Systems" and any document generated by EVMs is an "Electronic Document".
ITA-2000 therefore applies to the transactions of the EVMs.
On May 10, 2001, the undersigned first made this point through the article
Hacking and Indian Elections (
http://www.naavi.org/cl_editorial/edit_01may10_01.html ), where in he had
made the following point.
Quote:
The interesting issues to be discussed are,
"Does the earlier amendments to the People's Representation Act" enabling
electronic voting get superseded by the ITA-2000?
If there is a dispute on "Rigging" and "Tampering of
Voting Machines", can action be taken under Section 66 of the ITA-2000 for
"Hacking"?
If there is a dispute on the corruption of data due to an
induced system error, can it be construed as a "Virus" and action initiated
under the ITA-2000?
Can "Impersonation" amount to "Unauthorized Access" to the
system?
....etc.
.....
Before the entire country goes into "Cyber Voting", a
thought has to be reserved for the need to educate all the Election officials
on "Cyber Laws" and the feasibility of allowing "Voting Through Internet"
using a "Valid Digital Signature"...atleast in lieu of "Postal Ballots"
Unquote
However, neither the EC nor those who are now harping on
cancellation of the current election took note of this early warning and
started any activity towards sorting out the issues involved.
In the current design of the EVMs, the names of the
candidates and the symbols is fixed on the hardware in written form. The
buttons in front of these names are identified by the software as buttons 1 to
16 and are internally accounted as votes cast for candidate 1 or 2 etc.
The voter when he approaches the EVM, is presented a ballot
paper which is the front side of the EVM. Then instead of taking a rubber
stamp and affixing it in front of the candidate, he instructs the EVM to
record his rubber stamp by pressing one of the 16 buttons. When he presses the
button 10, he is effectively instructing the EVM, "Please put the rubber stamp
for candidate with serial number 10 as I am seeing here".
However, while the voter is seeing the names as given on
the front of the EVM which is a "paper document" the software within the EVM
itself (Which is like an agent of the voter for affixing the rubber stamp) is
seeing an electronic ballot paper where the names of the candidates are
defined by the positions 1 to 16.
If the writings on the front of the EVM is changed without
proper corrections in the counting logic, there can be possibilities of your
electronic agent (i.e. EVM) affixing the rubber stamp on a wrong
candidate.
This situation is similar to a person with a parallax error
in his vision who stamps line number 6 thinking that he is stamping the line
number 5. The only difference is that in the EVM case, the parallax error is
that of the electronic agent and not of the principal.
Some of the mistakes that have been cited in the PIL could
have happened because while re using the EVMs, the earlier configuration on
the machine might not have been properly wiped out. Hence a button which was
earlier meant for BJP may now be linked to the name of a Congress candidate.
This is definitely not acceptable and needs to be
corrected. But this is an issue of "Inefficiency" and not of " lack of
Integrity" amongst the staff involved.
Additionally there could be problems in circuitry where the
links may be short circuited for some reason and the buttons may behave
erratically.
At present, these issues are being handled through a
process of verification before the start of the election process and change of
EVMs where necessary.
Some of the critics have pointed out that these tests can
also be made ineffective by an intelligent fraudster. This point is well
taken. If a fraudster is determined and he is having access to the machine
meant for a particular constituency, he can perhaps manipulate the machines.
It is in such cases that we need to look at whether there
is any legal remedy to punish such culprits and also for the judiciary to
review the election process.
The present practice of configuring the ballot paper
partially as a "Written" instrument (as seen by the voter) and partially as
"Electronic instrument" (as seen by the software of the EVM) creates a "hybrid
" document.
ITA-2000 speaks of how an electronic document can be
authenticated or accepted as equal to a paper document. It does not however
speak of how a "hybrid" document can be accepted as a legal document and how
it can be authenticated.
The "authentication" in the ballot process is providing an
approval without disclosing the identity of a person through the normal
signature. Hence "Digital Signature" cannot be used for authenticating the
ballot paper.
Again if we go back to the manual ballot paper, there used
to be a serial number for the ballot paper and the voter used to sign on the
counter foil of the ballot paper. hence, if one takes out a ballot paper
after the vote has been cast and checks the counterfoil, it was possible to
identify who voted for whom. Hence an indirect linking of the voter identity
to the actual ballot has not been considered un acceptable if there are enough
safeguards to maintain confidentiality.
In my opinion, the documents created by the EVM is an
"Electronic Document" as per ITA-2000. However, the design of the EVMs as at
present make the ballot paper a "hybrid" of "Paper and Electronic" Document.
They cannot therefore be properly authenticated (rubber stamped) either by paper based
methods or by electronic methods.
It is in this context that I hold the view that EVMs as
being used now are not "Cyber Law Compliant".
I therefore support the view that there is a need for
upgradation of the EVMs which I call as "Making EVMs Cyber Law Compliant".
I therefore urge EC to take up a review of the system after
the current polls.
I already have solutions for the problems I have stated
above and could present them when it is required. In fact, it is being
incorporated in a prototype under development by an entrepreneur in Chennai
which can be discussed with the EC/BEL.
I also contend that any manipulation of the EVM is
equivalent to "Hacking" under section 66 of ITA-2000. Such "Hacking" also
extends to physical destruction of EVMs as we have seen happen in Bihar. The
offenders can be charged under Section 66 of the ITA-2000 and the victim can
perhaps also claim compensation under Section 43 of ITA-2000.
Some of the critics of the present system are also holding
a strong view that without a "Paper Trail" no ballot would be acceptable with
an EVM. This is also the approach adopted by some groups in USA.
While having a paper trail could be advantageous, I do feel
that it may not be as critical as one seems to think. The US model is almost
like printing out every ballot and storing it in a box. This totally
negates the idea of using electronic system except as a means of printing out ballot
papers. Either there should be a summary record sufficient to address the
concerns of verifiability or a total electronic solution which addresses the
issue of verifiability.
I request my friends who are fighting for the scrapping of
EVMs not to consider my comments as an attempt to spoil their objectives at
improving the system. This is only an attempt to help them achieve
their objectives in getting a
tamper proof EVM system with a different approach.
Naavi
May 03, 2004
Related Articles:
Hacking and
Indian Elections ...Naavi.org
Ghosts in the Machine.. Hindustan Times
Cyber
Law Compliancy and Electronic Voting...Naavi.org
PIL Filed on EVMs in
Supreme Court..Naavi.org
Order Passed on PIL on EVMs..Naavi.org
Information on EVMs at BEL site
Information on EVM
at EC site
