VenkateshNayakof theCommon-
wealth Human Rights Initiative
(CHRI). He foundoutthat themi-
crocontrollers embedded in the
Bharat ElectronicsLtd(BEL)-man-
ufacturedEVMs andVVPATs used
in the electionweremanufacturedby
NXP,a multibillion-dollarcorpora-
tionbasedin the UnitedStates.The
descriptionof the microcontrolleras
OTPdoesnotmatchthe description
of themicrocontroller’sfeatureson
NXP’swebsitethatindicatesthatit
hasthreekindsof memory—SRAM,
FLASH and EEPROM (or
E2PROM).A computerchipwhich
includes FLASH memory is not
OTP.
● The Technical Evaluation
Committee(TEC)of theE.C.,in its
reportsof 1990and2006,suggested
thatIndianEVMs cannot be hacked
because oncethesoftwareis burnt
intothemicrochip,it is secretand
eventhe manufacturingcompanyit-
selfcannot readit. Thismeans it is
notretrievable. Thatis thebasisof
theclaim that EVMs cannot be
tamperedwith.Butthe E.C.booklet
andthe TECreportof 2013together
suggest that the situation has
changed. Under the subheading
“Transparencyof EVMcode”, the
TECof 2013, comprisingProf.Rajat
Moona,Prof.Dinesh Sharma,Prof.
A.K. Agarwala and Prof. D.T.
Shahani, noted: “Facility to be
providedin EVMunitsso thatcode
in the EVMunitscanbe readoutby
an approvedexternalunitandthe
codeso readmaybe comparedwith
corresponding reference code to
showthatcodeis sameas thatin
reference units.”In short, the codeis
nolonger sacrosanctand canbe
accessed.PERIODICCHECKSNECESSARY
●Expertsare of the opinionthatthe
E.C.must considerengaging the ser-
vicesof a top electronicsecurityfirm
of international standing andcredib-
ility (bound by a confidentiality
agreement)to conductperiodic eth-
icalhackingandother modes of at-
tackon its electoral systems and
processes, identifyloopholesif any,
andcertifytheirrobustness.
●In sucha hackathon conducted
in 2017, EVMs were placedbefore
participantswhowere askedto hack
themwithoutbeing providedaccess.
Accordingto an expert contactedby
Frontline, it was like “putting a
gramophoneplayerin frontof you
withoutallowingyouto openit and
thenconcludeit is nothackable”.
●Expertsagreethatit is possible
to substitute large numbers of
tampered with/counterfeit EVMs
for genuineEVMswithoutthe know-
ledgeof theE.C.at threestages—at
theEVM-manufacturing stage in
BELandthe ElectronicCorporation
of IndiaLimited(ECIL);at thedis-
trictlevelduring thenon-electionperiodwhenEVMsare stored in ar-
chaicwarehousesin multipleloca-
tions with inadequate security
systems;andat the stageoffirst-level
checkspriorto an electionwhen
EVMs areserviced by authorised
techniciansfromBELandECIL.
●Thereis no clarityon howthe
namesof candidates, serialnumbers
andelection symbols are enteredin
theEVMs. Themachines arenot
storedat theE.C.headquartersbut
go to theStateelectoraloffices,and
theirfinalrestingplacebeforethe
electionis in theconstituency.Only
afterthelastdateof withdrawal of
candidateswouldthesedetailsbe
readyto be fed intothe EVMs.
●In most constituencies, the
fight is between twomajor parties. A
simpleTrojanHorsewhichcansteal,
say,10 per centof the votesfromthe
partysecuringthe highest numberof
votesandtransferit to the partyse-
curingthe secondhighest number of
votesin a pollingstationcanbe con-
ceivedof. Forthis,the attackerdoes
notneedto knowtheprecisese-
quenceof candidateson theballot
unit. Moreover,witha more ad-
vancedTrojanHorse,variouskinds
of votetransfersbetweencandidates
canbe done.Theprecise modeof
votestealingwilldependuponhow
the Trojan Horseis programmed.
●BELandECILarenotApple
andGoogle andhavenot exactlyfired
the imaginationof the industrialandAPROTESTbytheforum“EVMVirodhiRashtriyaJanAndolan”in MumbaionMay 30againsttheuseof EVMsin elections.
ARUNANGSUROYCHOWDHURY