The controversy over electronic voting machines refuses to die down. There continue to be allegations, claims and counter claims about election rigging. Some of the claims, we read, were due to misreporting or do not stand up to scrutiny. Every time a claim about malfunctioning EVMs is found to be false, it hurts public understanding of the real issue: elections that use EVMs are anything but transparent. Sixteen opposition parties have written to the Election Commission asking to revert to the use of paper ballots, In turn, the Election Commission is said to have issued a challenge to political parties, scientists and technical experts to prove that EVMs could be tampered with. This could be a step in the right direction. But it cannot be all.
Let’s not forget that such a so-called challenge was also given in 2009. The examination of EVMs should be treated as an opportunity to make the process more transparent and open. In 2009, however, when the Election Commission allowed the public to examine EVMs, the examination was hugely circumscribed so as to prevent anyone from carrying out any substantive – albeit practical – attack.
If this offer of EVM examination is simply a cosmetic offer as in 2009, and not intended to allow for a complete analysis, the trust deficit between the Indian public and Indian elections will continue to grow.
The Election Commission should demonstrate that their claims of EVM security do not rest on the very fragile assumption that all insiders with access to the EVM can be trusted. To understand what an insider with access can achieve if they try to tamper with the systems, they should provide the experts with design documents and details of the tests used to verify the design and security properties. The Election Commission’s approach so far, of keeping design details secret, is termed “security through obscurity” by computer security experts, and was debunked as far back as the late 1800s by Dutch cryptographer Auguste Kerckhoffs.
Full Article: The Election Commission’s challenge to show hacking of EVMs needs to be backed with an action plan.