Clarifications on Cyber Law Compliancy of EVMs

.

 

P.S: Since some of my comments on EVM made recently had raised some observations from some circles which required an elaboration of my stand, I am providing the following clarifications as a personal opinion as an ordinary citizen of India....Naavi

Background:

I refer to the PIL recently filed in Supreme Court raising objections on the existing EVMs and a prayer that the entire process should be annulled and repeated in Paper Ballot form or re design the EVMs with paper trails and hold the elections using a new machine.

While I appreciated the concern of the petitioner that there is a possibility of tampering of the EVMs and this issue needs to be addressed,  it was not possible for me to accept the contention that there was such a wide spread deliberate misuse of the system so as to warrant the cancellation of the elections at a stage when two phases of the poll had already been completed.

I therefore suggested that the prayer in the PIL needs to be modified to seek a direction that EC should take up a proper review exercise of its system through an appropriate body of experts soon after the completion of the current election process and not for canceling the election.

The Supreme Court has now disposed off the petition and suggested that if the petitioner makes a presentation to the EC, it may consider the suggestions.

I welcome this decision of the SC and wish that the petitioners take up the issue with the EC soon after the current election process is over.

A Proud Achievement

The use of EVMs in Indian election process was a natural development of use of IT in the e-Governance process. There has been lot of hard work and dedication behind the development of the system for which the public sector employees of ECIL and BEL must be given credit for. The very fact that it was possible to use the EVMs in the entire election process of 2004 has bewildered the whole world and raised  comments such as "US can outsource their election process to EC".

We as Indians must feel proud of such an achievement.

The Criticisms

On the other hand some of the critics of the EVMs are today imply that this facilitates and has been used for a large scale rigging of the elections. It is alleged that the machines are mal-configured to record votes wrongly in favour of one candidate over the other. Since this cannot happen except with the connivance of the EC and BEL officials, such an allegation casts serious aspersions on the integrity of the officials involved.

I suppose this is an unfair criticism.

Even though I will be suggesting some modifications in the EVMs, I wish to make it clear that I do not subscribe to the view that the officials of BEL or the EC are deliberately rigging the EVMs. One of the observers called my faith on BEL officials as "Touching". Let me admit that I  do hold a strong opinion that criticising public sector employees  for their integrity is an unhealthy fashion amongst some and I do not fall into this category. I am aware that there are as many if not more bad sheep in the private sector than the public sector. The number of honest persons in the public sector is far more than in the commercial private sector (Excluding the voluntary activists and some NGOs).

With this background about my intentions, let me now state why I consider the current generation of EVMs as "Perhaps not Cyber Law Compliant". These views may be taken as the views expressed for debate and I do not reject any alternate view.

ITA-2000 and EVMs

Before the passage of ITA-2000, there was no legally accepted object called "Electronic Document" for which certain provisions of law applied. The current EVMs were developed in this pre-ITA-2000 era.  But after October 17, 2000, the legal scenario has changed.

Section 2(h) of the ITA-2000 states as under:

"Electronic Form" with reference to information means any information generated, sent, received or stored in media, magnetic, optical, computer memory, micro film, computer generated micro fiche or similar device;

Section 2(t) of the ITA-2000 states as under:

"Electronic Record" means data, record or data generated, image or sound  stored, received or sent in an electronic form or micro film or computer generated micro fiche;

Section 2(l) of the ITA-2000 states as under:

"Computer System" means a device or collection of devices, including input   and output support devices and excluding calculators which are not  programmable and capable of being used in conjunction with external files,  which contain computer programmes, electronic instructions, input data, and output data, that performs logic, arithmetic, data storage and retrieval, communication control and other functions
 

The above reading makes it clear that the EVMs can be considered as "Computer Systems" and any document generated by EVMs is an "Electronic Document".

ITA-2000 therefore applies to the transactions of the EVMs.

On May 10, 2001, the undersigned first made this point through the article Hacking and Indian Elections ( http://www.naavi.org/cl_editorial/edit_01may10_01.html ), where in he had made the following point.

Quote:

The interesting issues to be discussed are,

"Does the earlier amendments to the People's Representation Act" enabling electronic voting get superseded by the ITA-2000?

If there is a dispute on "Rigging" and "Tampering of Voting Machines", can action be taken under Section 66 of the ITA-2000 for "Hacking"?

If there is a dispute on the corruption of data due to an induced system error, can it be construed as a "Virus" and action initiated under the ITA-2000?

Can "Impersonation" amount to "Unauthorized Access" to the system?

....etc.

.....

Before the entire country goes into "Cyber Voting", a thought has to be reserved for the need to educate all the Election officials on "Cyber Laws" and the feasibility of allowing "Voting Through Internet" using a "Valid Digital Signature"...atleast in lieu of "Postal Ballots"

Unquote

However, neither the EC nor those who are now harping on cancellation of the current election took note of this early warning and started any activity towards sorting out the issues involved.

In the current design of the EVMs, the names of the candidates and the symbols is fixed on the hardware in written form. The buttons in front of these names are identified by the software as buttons 1 to 16 and are internally accounted as votes cast for candidate 1 or 2 etc.

The voter when he approaches the EVM, is presented a ballot paper which is the front side of the EVM. Then instead of taking a rubber stamp and affixing it in front of the candidate, he instructs the EVM to record his rubber stamp by pressing one of the 16 buttons. When he presses the button 10, he is effectively instructing the EVM, "Please put the rubber stamp for candidate with serial number 10 as I am seeing here".

However, while the voter is seeing the names as given on the front of the EVM which is a "paper document" the software within the EVM itself (Which is like an agent of the voter for affixing the rubber stamp) is seeing an electronic ballot paper where the names of the candidates are defined by the positions 1 to 16.

If the writings on the front of the EVM is changed without proper corrections in the counting logic, there can be possibilities of your electronic agent (i.e. EVM)  affixing the rubber stamp on a wrong candidate.

This situation is similar to a person with a parallax error in his vision who stamps line number 6 thinking that he is stamping the line number 5. The only difference is that in the EVM case, the parallax error is that of the electronic agent and not of the principal.

Some of the mistakes that have been cited in the PIL could have happened because while re using the EVMs, the earlier configuration on the machine might not have been properly wiped out. Hence a button which was earlier meant for BJP may now be linked to the name of a Congress candidate.

This is definitely not acceptable and needs to be corrected. But this is an issue of "Inefficiency" and not of " lack of Integrity" amongst the staff involved.

Additionally there could be problems in circuitry where the links may be short circuited for some reason and the buttons may behave erratically.

At present, these issues are being handled through a process of verification before the start of the election process and change of EVMs where necessary.

Some of the critics have pointed out that these tests can also be made ineffective by an intelligent fraudster. This point is well taken. If a fraudster is determined and he is having access to the machine meant for a particular constituency, he can perhaps manipulate the machines.

It is in such cases that we need to look at whether there is any legal remedy to punish such culprits and also for the judiciary to review the election process.

The present practice of configuring the ballot paper partially as a "Written" instrument (as seen by the voter) and partially as "Electronic instrument" (as seen by the software of the EVM) creates a "hybrid " document.

ITA-2000 speaks of how an electronic document can be authenticated or accepted as equal to a paper document. It does not however speak of how a "hybrid" document can be accepted as a legal document and how it can be authenticated.

The "authentication" in the ballot process is providing an approval without disclosing the identity of a person through the normal signature. Hence "Digital Signature" cannot be used for authenticating the ballot paper.

Again if we go back to the manual ballot paper, there used to be a serial number for the ballot paper and the voter used to sign on the counter foil  of the ballot paper. hence, if one takes out a ballot paper after the vote has been cast and checks the counterfoil, it was possible to identify who voted for whom. Hence an indirect linking of the voter identity to the actual ballot has not been considered un acceptable if there are enough safeguards to maintain confidentiality.

In my opinion, the documents created by the EVM is an "Electronic Document" as per ITA-2000. However, the design of the EVMs as at present make the ballot paper a "hybrid" of "Paper and Electronic" Document. They cannot therefore be properly authenticated (rubber stamped) either by paper based methods or by electronic methods.

It is in this context that I hold the view that EVMs as being used now are not "Cyber Law Compliant".

I therefore support the view that there is a need for upgradation of the EVMs which I call as "Making EVMs Cyber Law Compliant".

I therefore urge EC to take up a review of the system after the current polls.

I already have solutions for the problems I have stated above and could present them when it is required. In fact, it is being incorporated in a prototype under development by an entrepreneur in Chennai which can be discussed with the EC/BEL.

I also contend that any manipulation of the EVM is equivalent to "Hacking" under section 66 of ITA-2000. Such "Hacking" also extends to physical destruction of EVMs as we have seen happen in Bihar. The offenders can be charged under Section 66 of the ITA-2000 and the victim can perhaps also claim compensation under Section 43 of ITA-2000.

Some of the critics of the present system are also holding a strong view that without a "Paper Trail" no ballot would be acceptable with an EVM. This is also the approach adopted by some groups in USA.

While having a paper trail could be advantageous, I do feel that it may not be as critical as one seems to think. The US model is almost like printing out every ballot and storing it in a box. This  totally negates the idea of using electronic system except as a means of printing out ballot papers. Either there should be a summary record sufficient to address the concerns of verifiability or a total electronic solution which addresses the issue of verifiability.

I request my friends who are fighting for the scrapping of EVMs not to consider my comments as an attempt to spoil their objectives at improving the system. This is only an attempt to  help them  achieve their objectives in getting a tamper proof EVM system with a different approach.

Naavi

May 03, 2004

Related Articles:

Hacking and Indian Elections ...Naavi.org

Ghosts in the Machine.. Hindustan Times

Cyber Law Compliancy and Electronic Voting...Naavi.org

PIL Filed on EVMs in Supreme Court..Naavi.org

Order Passed on PIL on EVMs..Naavi.org

Information on EVMs at BEL site

Information on EVM at EC site

 

Comments are Welcome.

The note will be further expanded based on feedback received.




For Structured Online Courses in Cyber laws, Visit Cyber Law College.com

 

Back To Naavi.org