Security study of Indian electronic voting machine to figure in leading computer conference

27th August 2010
Security study of Indian electronic voting machine to figure in  leading computer conference
Lead authors of the ACM paper on Indian EVM ( from left) J. Alex Halderman, Hari Prasad and Rop Gonggrijp ( Photo courtesy IndiaEVM.org)

 Arrest of lead Indian investigator  fuels  furious blogging

As Hari K. Prasad the Hyderabad-based technocrat and head of IP Surveillance & Streaming Systems and Solutions company Net India, spends his first week behind bars in Mumbai, the global information technology community is furiously blogging its outrage at India’s treatment of those who presume to question the reliability of the electronic voting machines used in all her state and general elections.
Earlier this year Prasad, with three fellow engineers from his company collaborated with academics and research students at the University of Michigan (US) and a Netherlands-based technologist to put an Indian EVM to the test. Their study, whose results as well as a demonstrative video, they have posted on a special website IndiaEVM.org , showed how the EVM could be made to alter the result in favour of one candidate, by a quick and temporary insertion of external hardware, which could then be controlled wirelessly from a mobile phone.
The Election Commission of India, the nodal agency that conducts central and state elections which have used up to 1.3 million EVMs in a single operation, has chosen to disregard any suggestions that the machines can be tampered with. Some opposition political parties have embraced the controversy to push forward their own demand that India go back to paper-based voting.
The machines are manufactured by the two government-sector agencies, Bharat Electronics in Bangalore and Electronics Corporation of India, Hyderabad and both of them have consistently refused to share any technical information about the products they roll out -- though it is known that both depend on a foreign silicon foundry to mass-produce the key ASIC or application specific integrated circuit that fuels the system.
Prasad has given demonstrations in a number of Indian towns,www.hindu.com/2009/08/03/stories/2009080354400300.htm usually in partnership with voluntary organisations, to show how the EVMs can be tampered with, fairly easily. He and his co-researchers – Dr J. Alex Halderman, Professor of Computer Science at Michigan University and Rop Gonggrijp, a Dutch technologist, who is credited with helping drive the campaign that saw Netherlands, go back to paper based voting, are scheduled to present a paper with their findings at the respected annual conference of the Association of Computer Machinery (ACM) on Computer and Communications Security (CCS’10), in Chicago, on October 5. Possibly because of the public interest in their work, the paper entitled “Security Analysis of India’s Electronic Voting Machines” has been given pride of place as the first presentation on Day One of the conference, immediately after the inaugural events. The full text of the 25-page paper is available here. indiaevm.org/evm_tr2010-jul29.pdf

The Indian government’s response-- the case against Prasad is one of theft, since he refuses to say who lent him the machine that was used to carry out the experiment – and the somewhat bizarre conspiracy theories that are being floated by sections of the Indian media timesofindia.indiatimes.com/articleshow/6441674.cms-- is likely to garner even more adverse global attention, in October, when the ACM event provides the peg for more discussion…..unless the government and the multiple agencies involved, the EC and the two manufacturing agencies, are seen to be more sensitive to peer concerns in technology matters.  The  pre publication of the paper allows  Indian agencies  to   formulate a technical rather than a political response and to rebut or challenge any of the conclusions at the same conference.

Denying bail, as a Mumbai court has done this week, to a technologist and “whistleblower” in, as mundane a case as alleged theft, is possibly the wrong signal to send to the international technology fraternity. And in an age of viral social networks it may provoke the type of galloping global Web-driven responses that will only besmirch the worthy electoral processes of the world’s largest democracy.
August 28 2010