Research Case Study by Hari Prasad, Rop Gonggrijp, and J. Alex Haldermanon on EVM Security

Electronic Voting Machines (“EVM”) are being used in Indian General and State Elections to implement electronic voting in part from 1999 elections and in total since 2004 elections. The EVMs reduce the time in both casting a vote and declaring the results compared to the old paper ballot system.

An international conference on the Indian EVMs and its tamperability of the said machines was held under the chairmanship of Subramanian Swamy, President of the Janata Party and former Union Cabinet Minister for Law, Commerce and Justice at Chennai on 13 February 2010. The conclusion was that the Election Commission of India was shirking its responsibility on the transparency in the working of the EVMs. In April 2010, an independent security analysis was released by a research team led by Hari Prasad, Rop Gonggrijp, and J. Alex Halderman. The study included video demonstrations of two attacks that the researchers carried out on a real EVM, as well as descriptions of several other potential vulnerabilities.


The complete technical paper of the research on EVM security is available for anyone to study.

In order to mitigate these threats, the researchers suggest moving to a voting system that provides greater transparency, such as paper ballots, precinct count optical scan, or a voter verified paper audit trail, since, in any of these systems, sceptical voters could, in principle, observe the physical counting process to gain confidence that the outcome is fair. But Election Commission of India points out that for such tampering of the EVMs, one needs physical access to EVMs, and pretty high tech skills are required. Given that EVMs are stored under strict security which can be monitored by candidates or their agents all the time, its impossible to gain physical access to the machines. Plus, to impact the results of an election, hundreds to thousands of machines will be needed to tamper with, which is almost impossible given the hi-tech and time consuming nature of the tampering process.

On 17 January 2012,Delhi High Court in its ruling on Dr. Subramanian Swamy’s Writ Petition (Writ Petition (Civil) No. 11879 of 2009) challenging the use of EVMs in the present form said that EVMs are not “tamper-proof”.

On October 8, 2013,Supreme Court of India delivered its verdict on Subramanian Swamy PIL, that Election Commission of India will use VVPATs along with EVMs in a phased manner and the full completion should be achieved by 2019.


Voter-verified Paper Audit Trail (VVPAT)

Voter-verified paper audit trail (VVPAT) or verified paper record (VPR) is a method of providing feedback to voters using a ballotless voting system. A VVPAT is intended as an independent verification system for voting machines designed to allow voters to verify that their vote was cast correctly, to detect possible election fraud or malfunction, and to provide a means to audit the stored electronic results.

The VVPAT offers some fundamental differences as a paper, rather than computer memory, recording medium when storing votes. A paper VVPAT is readable by the human eye and voters can directly interpret their vote. Computer memory requires a device and software which potentially is proprietary. Insecure voting machine records could potentially be changed quickly without detection by the voting machine itself. It would be more difficult for voting machines to corrupt records without human intervention. Corrupt or malfunctioning voting machines might store votes other than as intended by the voter unnoticed. A VVPAT allows voters the possibility to verify that their votes are cast as intended and can serve as an additional barrier to changing or destroying votes.

The VVPAT includes a direct recording electronic voting system (DRE), to assure voters that their votes have been recorded as intended. It is intended, and some argue necessary, as a means by which to detect fraud and equipment malfunction. Depending on election laws the paper audit trail may constitute a legal ballot and therefore provide a means by which a manual vote count can be conducted if a recount is necessary. The solution was first demonstrated (New York City, March 2001) and used (Sacramento,CA 2002) by AVANTE International Technology, Inc.

In non-document ballot voting systems – both mechanical voting machines and DRE voting machines – the voter does not have an option to review a tangible ballot to confirm the voting system accurately recorded his or her intent. In addition, an election official is unable to manually recount ballots in the event of a dispute. Because of this, critics claim there is an increased chance for electoral fraud or malfunction and security experts, such as Bruce Schneier, have demanded voter-verifiable paper audit trails. Non-document ballot voting systems allow only a recount of the “stored votes.” These “stored votes” might not represent the correct voter intent if the machine has been corrupted or suffered malfunction.

A fundamental hurdle in the implementation of paper audit trails is the performance and authority of the audit. Paper audit systems increase the cost of electronic voting systems, can be difficult to implement, often require specialized external hardware, and can be difficult to use. In the United States, 27 states require a paper audit trail by statute or regulation for all direct recording electronic voting machines used in public elections. Another 18 states do not require them but use them either statewide or in local jurisdictions.

In India, Voter-verified paper audit trail (VVPAT) system was introduced in 8 of 543 parliamentary constituencies as a pilot project in Indian general election, 2014. VVPAT is implemented in Lucknow, Gandhinagar,Bangalore South, Chennai Central, Jadavpur, Raipur, Patna Sahib and Mizoram constituencies.


About Deepak Devanand

Seeker of knowledge
This entry was posted in Hardware Hacking, Security and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s