US panel on Bharat's Electronic Voting Machine. Sensational disclosure by Indiresan in Washington DC

7 views
Skip to first unread message

and/or www.mantra.com/jai

unread,
Aug 11, 2010, 4:53:01 PM8/11/10
to
Forwarded message from S. Kalyanaraman

USA panel on India's Electronic Voting Machine. Sensational
disclosure by Indiresan in Washington DC

Wednesday, August 11, 2010

USA panel on India's Electronic Voting Machine. Sensational disclosure by Indiresan in Washington DC

EVT/WOTE '10: Panel on India's Electronic Voting Machine

Posted by Anand Sarwate

Tags: engineering, conferences, India, elections

August 9, 2010

I'm attending the...

Panel on Indian Electronic Voting Machines (EVMs)

Moderator: Joseph Lorenzo Hall, University of California, Berkeley
and Princeton University

Panelists: P.V. Indiresan, Former Director, IIT-Madras; G.V.L
Narasimha Rao, Citizens for Verifiability, Transparency, and
Accountability in Elections, VeTA; Alok Shukla, Election Commission
of India; J. Alex Halderman, University of Michigan

The first speaker was G.V.L. Narasimha Rao, who is also a blogger on
the topic of elections. He is a staunch opponent of Electonic Voting
Machines (EVMs). He gave a summary of voting in India -- until 1996,
all voting was with paper ballots and hand counting. In 1998 there
were some EVMs introduced in urban areas, and then in 2004 it moved
entirely to EVMs. Vote confirmation was given by a beep, and there
were several complaints of machine failure. His claim is that exit
polling was accurate prior to 2004 and then after the introduction of
EVMs, the exit polls diverged widely from the actual results. In
these elections I believe the BJP got a drubbing from Congress (Rao
probably got suspicious since he appears to be a BJP political
analyst).

Next up was Alok Shukla, the Deputy Election Commissioner of India.
He gave an overview of the EVMs in use in India. He gave a review of
how India decided to move to EVMs (the Parliament ended up approving
the use of EVMs). He claimed that a paper trail was not the solution
(mostly due to infeasibility/cost/remoteness of polling locations,
etc), and said solutions lie in better transparency and
administrative oversight. His main answer to claims that the EVMs
have been hacked is that the attacks are infeasible and detectable by
election officials. Finally, he said essentially "different systems
for different people" (or different strokes for different folks?).

The third speaker was J. Alex Halderman, who is one of the people who
attacked the Indian EVM. He described how he got hold of an EVM and
showed details on the insides. The first problem is that the devices
can be duplicated (or fake ones could be substituted). Another issue
is that verifying the code in the EVM is not possible (so they can be
tampered with at the time of manufacture). Finally, the reported
counts are stored in two EEPROMS which can be swapped out. There are
two attacks (at least) that they performed. The first is to hack the
display so that false counts are displayed on the LED. A bluetooth
radio lets a mobile user select who should win. He described two
physical attacks on the EVMs. Full details will appear at CCS.
Halderman's last bit of news was that one of their co-authors in
India, Hari K. Prasad, has been summoned by the police as a result of
a criminal complaint that he stole the EVM, which seems like an
attempt by the government of India to silence their critics. He
called upon Shukla to drop the suit, who was rather upset.

The last panelist was P.V. Indiresan, who is on the advisory
committee to the government. He discussed some new security features
in EVMs, such as signatures to prevent tampering with the cable
between the ballot unit (where people push buttons) and the control
unit (which counts the ballots). He claimed that most of the attacks
proposed so far are farfetched. Much of his latter complaints were to
the effect that to break the EVM is a criminal act (which is a claim
of security through obscurity). He ended with a plea to ask
researchers to stop (!) hacking the EVMs because they "are working."

To sum up : the Indian government says the system works and that
there is no actual evidence of tampering (with the exception of
Prasad, who apparently received stolen goods). Halderman says the
attacks show that the system as a whole are not secure, and Rao says
that the results are suspicious.

Shukla responded to critics that the Election Commission of India is
willing to listen to critics and said that the only kind of attack
that is of interest is one on a sealed machine. He reiterated the
statement that Prasad was in receipt of stolen government property
and needs to be questioned.

The Q&A was quite contentious. I might have more to say about it
later... but wow.

http://ergodicity.net/2010/08/09/evtwote-10-panel-on-indias-electronic-voting-machine/


Integrity of Indian EVMs rests on the integrity of 3 programmers !

"3 Idiots" determine Indian election results by GVL Narasimha Rao

10 Aug. 2010

Did you know before that India's electoral democracy is hostage to
three idiots? Lest you think that I am being irreverent to the three
election commissioners holding constitutional office, let me inform
right away that the three people that I am referring to are junior
programmers in the EVM manufacturing companies who have written the
EVM software or source code that drive all the functions of the EVMs.

This revelation was made by none other than Prof. P.V. Indiresan,
chairman of the expert committee of the Election Commission of India
at the Electronic Voting Technology (EVT) workshop in Washington, DC
yesterday. He told a stunned audience comprising some of the best
voting system security experts and computer scientists that the
Election Commission of India believes that these junior programmers
are honest and trustworthy as they have been told so by the EVM
manufacturers namely, the BEL and ECIL. The Election Commission is
told that each company has three chaps who have written the software
and all of them are trustworthy.

He made these observations in a panel discussion on India's
Electronic Voting Machines at the workshop. I was also a member of
the panel at the Workshop besides Dr. Alok Shukla, deputy election
commissioner of India and Prof. J Alex. Halderman, University of
Michigan, U.S.

Ironically, the EVM software has not been shared even with the
Election Commission of India forcing its expert committee to do what
is called "Black Box testing." Is it that the ECIL / BEL do not trust
the Election Commission of India -- constitutional body vested with
the holding of "free and fair" elections -- or its experts like Prof.
Indiresan but trust these three junior programmers. That sounds like
a dangerous proposition.

Several experts at the EVT conference in Washington were horrified to
hear that the software is in the hands of a few programmers. They all
felt unanimously that this was a scary proposition with dangerous
consequences for election results and not a security feature as the
as the ECI seems to believe.

Prof. David Dill, Stanford University, one of the best known
electronic voting security expert contested the ECI's claims that it
has administrative safeguards and checks and balances that make EVMs
"fully tamper proof". He said, "all voting systems that have been
claimed to be secure have been proved to be insecure. And all systems
that have been alleged to be insecure by critics have been proved to
be insecure."

"Security through obscurity"

As if relying on the "trust" of three programmers was not enough, the
EVM manufacturers have "masked" the software on the microchips
installed in the EVMs. This means that even if a "Trojan" (malicious
software that can manipulate election results) has been inserted in
the software either by the three programmers themselves or their
bosses, there is no scope for people to detect it. While the whole
world sees this as a security hazard, the ECI has so far claimed this
to be a security feature. The EVM manufacturers are trying to claim
what is referred to as "security through obscurity." In Prof. David
Dill's words, this obscurity is a matter of concern and actually a
cause for raising a red flag.

Can manufacturers of systems be actually manipulating them? Yes.
Several experts at the EVT workshop told the Indian participants on
the sidelines of the Workshop that there are several instances where
the manufacturers of electronic systems are themselves perpetrating
fraud. A case study of how electronic gaming companies that claimed
100% security of their systems were later detected to have been
engaged in utterly fraudulent operations.

From the facts available in public domain so far, the record of the
two public sector EVM manufacturers namely, ECIL and BEL does not
appear to be above board. We at VeTA therefore demand that the ECIL/
BEL should come clean on the following immediately:

o Who are the programmers who have written the source code for the
EVMs? Where are they now? What is their present job and income
profile?

As some techies have been approaching politicians offering EVM fixing
solutions, I want the ECI to find out the names of these programmers
and investigate them thoroughly. The investigation must cover their
antecedents and their involvement in any murky financial dealings to
see if they have made any windfall gains from their "exclusive"
insider knowledge.

o The ECIL/BEL must immediately come out with the facts and
circumstances leading to the decision to make the EVM software
unreadable. Who suggested this? Was this done to prevent detection of
any fraud and such that the crime can never be established?

o The ECIL/ BEL must reveal why, when and at whose instance they
have chosen to engage foreign multinational companies for fusing
software in them.

o The ECIL/ BEL must reveal the names of its own employees, names
of other companies and individuals who have been hired/ contracted as
"authorized" technicians for "first level checking" before all
elections so far and explain the modalities of their selection and
make public the contract documents, letters of appointment etc.

These government owned companies have so far resisted scrutiny. They
have to be held accountable and cannot escape scrutiny on flimsy
grounds like commercial interests and non-existent patent rights.

We will do everything possible to force these two companies to reveal
all the above information. How would we do it? For instance, we would
move RTI applications on all these questions, raise these questions
in the media and advocate members of Parliament to raise questions in
Parliament over the issue.

If the companies still resist revealing information citing commercial
considerations, there is just no way left but seek outright removal
of the bosses of these companies. After all, the nation's interests
are supreme and these two companies have put Indian democracy at a
huge risk of being hijacked by three junior programmers and their
bosses.

I can be contacted at nrao[AT]indianEVM[DOT]com

http://www.indianevm.com/blogs/?p=387

End of forwarded message from S. Kalyanaraman

Jai Maharaj, Jyotishi
Om Shanti

o Not for commercial use. Solely to be fairly used for the educational
purposes of research and open discussion. The contents of this post may not
have been authored by, and do not necessarily represent the opinion of the
poster. The contents are protected by copyright law and the exemption for
fair use of copyrighted works.
o If you send private e-mail to me, it will likely not be read,
considered or answered if it does not contain your full legal name, current
e-mail and postal addresses, and live-voice telephone number.
o Posted for information and discussion. Views expressed by others are
not necessarily those of the poster who may or may not have read the article.

FAIR USE NOTICE: This article may contain copyrighted material the use of
which may or may not have been specifically authorized by the copyright
owner. This material is being made available in efforts to advance the
understanding of environmental, political, human rights, economic,
democratic, scientific, social, and cultural, etc., issues. It is believed
that this constitutes a 'fair use' of any such copyrighted material as
provided for in section 107 of the US Copyright Law. In accordance with Title
17 U.S.C. Section 107, the material on this site is distributed without
profit to those who have expressed a prior interest in receiving the included
information for research, comment, discussion and educational purposes by
subscribing to USENET newsgroups or visiting web sites. For more information
go to: http://www.law.cornell.edu/uscode/17/107.shtml
If you wish to use copyrighted material from this article for purposes of
your own that go beyond 'fair use', you must obtain permission from the
copyright owner.

Since newsgroup posts are being removed
by forgery by one or more net terrorists,
this post may be reposted several times.

Reply all
Reply to author
Forward
0 new messages