EVM-VVPAT Manipulation Concerns by Ex-IAS: EC Says No Probe Needed

RTI reply to serious concerns on EVM-VVPAT shows lack of sincerity on part of EC, ex-IAS officer Kannan Gopinathan

Updated
India
6 min read
<div class="paragraphs"><p>Ex-IAS &amp; former Election Returning Officer Kannan Gopinathan had complained to EC saying EVM-VVPAT machines could be  manipulated if connected to an external device, through which a malware could be inserted. But EC says the complaint needs no investigation.&nbsp;</p></div>
i

In October 2019, a complaint was filed with the Election Commission of India by former IAS officer Kannan Gopinathan who was also a Returning Officer in the 2019 Lok Sabha elections.

In his complaint, Kannan explained how EVM (Electronic Voting Machine) and VVPAT (Voter Verified Paper Audit Trail) machines are vulnerable to manipulation. His specific point was that the machines could be subverted by malware that could be easily inserted in them when connected to an external device. Gopinathan demanded that EC look into the matter.

The EC confirmed to The Quint in October 2019 that Kannan’s complaint has been forwarded to Technical Experts Committee (TEC) for further investigation.

The Quint filed an RTI in October 2020 with EC to ask about the outcome of the complaint and also seeking the TEC’s report.

“Each such complaint/aspersion is referred to the Technical Experts Committee (TEC) for examination. This complaint was also accordingly referred to TEC which examined it and briefed the Commission that they found no new point in the complaint and came to the conclusion that EVM-VVPAT systems are not vulnerable to any manipulation. Therefore, no investigation was warranted.”
EC’s reply to our RTI query after almost four months

The EC did not share the TEC’s report, nor did it explain in any detail why TEC did not feel the need to investigate further.

Reacting to EC’s RTI reply, Kannan Gopinathan said,

“Instead of replying to the concerns raised, making an authoritative argument that everything is fine without giving any details, shows either lack of sincerity on part of ECI or lack of competence on part of TEC.”

Kannan further added,

“I had raised these concerns on the vulnerabilities in the EVM-VVPAT process first during the returning officers training at IIIDEM for 2019 LS elections. I did not get any satisfactory answer. I am not sure how EC can dismiss the complaints as ‘nothing new’."

What Was Kannan’s Complaint to EC?

Just 15 days before the polling day, all VVPATs are connected to laptops or Symbol Loading Units (SLU) to upload political party symbols. As we all know, when a voter presses an EVM button, a slip is printed from VVPAT which shows the name and the symbol of the political party chosen by the voter.

In his complaint, Kannan had pointed towards a particular loophole - while uploading the symbol, the engineer on election duty could potentially insert a malware in the VVPAT which could manipulate the information punched by the voters, thereby altering the vote count and election result.

Kannan's theory is - while the voter may have pressed the button for Candidate 1 on the EVM, the VVPAT will issue a printout for Candidate 1, but due to the malware, it will inform the control unit that the vote went to Candidate 2. At the time of voting, the voter would not know what has actually been recorded in the control unit.

Kannan has also explained that the potential 'tampering' described above, is possible because of the manner in which the EVM and VVPAT are connected.

The EVM has two units – a Ballot Unit (BU), on which the voter presses the button to cast a vote and a Control Unit (CU) which records the electronic vote. Now the VVPAT, BU and CU are connected in such a manner that after the voter presses a button of her choice on the BU, the vote is first registered by the VVPAT and then recorded in the CU.

So while the voter choice punched in on the BU and printed out by the VVPAT may be the same, the malware may alter the 'choice' and send aa 'pre-programmed' choice to the CU.

Also, as we all know, on counting day, while 100% electronic votes are counted, only 2% of VVPAT slips are counted to be doubly sure that EVM and VVPAT information is a match. So the 'mismatch' caused by the malware may not be noticed on counting day, and the 'tampering' may succeed.

It is important to point out here that the VVPAT machine was introduced in the election process in 2013 on the Supreme Court’s order. The sole purpose of the VVPAT was to assure voters that their vote has been rightly recorded in the EVM.

That is why, experts and complainants like Kannan believe that the vote should first be recorded by the CU of the EVM, and then that information should go to the VVPAT, which should then issue a printout for the voter to assure herself that her vote has been correctly recorded.

Why EC’s RTI Reply Is Misleading?

Interestingly, instead of providing details on Kannan’s specific complaint, EC in its RTI defends EVM-VVPAT system by saying that, “The Commission is confident of the absolute integrity, non-tamperability and credibility of the EVMs.”

The basis of EC’s confidence is largely based on three parameters - first - mock polls, second - randomisation and third - EVM votes are tallied with paper count of VVPAT.

Mock Polls: Not Enough to Prove EVM-VVPAT Is Tamper-proof

EC has said in its RTI, “Each EVM and VVPAT undergoes Mock Polls at least thrice in the presence of representatives of political parties before every election.”

Kannan’s complaint specifies that the possibility of inserting a malware in the EVM-VVPAT system is high when it is connected to an external device – which happens 15 days before the actual polling day.

So technically, of three, two mock polls are conducted months before the actual polling day. The first mock poll happens during the First Level Check of the EVM-VVPAT machines which starts at least 6 months before the elections. During this phase all defective machines are removed.

The Quint had earlier reported that the FLC is conducted by contractual engineers engaged by EVM-VVPAT manufacturing companies.

After this, the second or the high vote mock poll, of 500 and 1000 votes, is carried out on randomly selected 5% of EVM-VVPAT machines. This again happens before party symbols are loaded on VVPAT machines.

The third mock poll happens on the polling day where only 50 votes are cast in the EVM machine in the presence of the polling agent.

But here is the catch, as per the Citizens’ Commission on Election’s (CCE) report submitted by a group of technical experts including former Supreme Court Judge Madan Lokur, former Chief Information Commissioner Wajahat Habibullah, founding member of Association for Democratic Reform Jagdeep Chhokar, former IAS officers, retired Judges and computer experts,

“A competent attacker will manipulate the EVM through the malware in such a manner that it is not detected during the mock poll, in this case when 50 votes are cast, and yet perform differently when used in the actual polling.”
Citizens’ Commission on Election Report

Commenting on the storage and transportation of the EVM-VVPAT, the CCE report said,

“Many irregularities came to light in the 2019 general election like unused EVMs were transported without security, there was at least one complaint of an EVM serial number not matching at counting time; an RTI filing revealed that 20 lakh EVMs claimed to be delivered by the manufacturers are not in the possession of the EC. These belie the EC’s claims of a tamper-proof process.”

Randomisation Is No Defence

Randomisation of EVM-VVPAT machines is one of the major defence given by the Election Commission to establish that their system is tamper-proof.

EVM-VVPATs are randomised twice - first, after the FLC, but before being allocated to a constituency, and second, before being allocated to specific polling stations.

And randomisation happens before ‘candidate setting’ which in simple words means before it is connected to external device to upload political party symbols. Therefore, randomisation also does not address Kannan’s complaint.

Only a Small Fraction of EVM & VVPAT Counts are Tallied

The EC tallies just 2 percent of the results recorded by EVM and VVPAT machines in any election. Tallying started only after a Supreme Court order that came just before the 2019 Lok Sabha Elections. Hence, tallying cannot prove that none of the EVMs malfunctioned.

The former Chief Election Commissioner SY Quraishi in an interview to The Quint emphasised on counting 100% VVPAT slips to maintain full transparency.

In fact, post 2019 Lok Sabha Elections, the EC itself acknowledged eight cases of EVM-VVPAT mismatch and ordered an inquiry into the matter.

Between March and May 2021, five states, West Bengal, Assam, Puducherry, Tamil Nadu and Kerala are conducting Assembly elections. Such an inadequate RTI reply from EC will only make voters more suspicious about the functioning of the EVM-VVPAT machines.

The question is –

Why did EC not share TEC’s report in response to Kannan Gopinathan’s complaint?

Instead of providing a generic RTI response, why is EC not clearing the air by providing specific answers to specific concerns, raised not just by Kannan, but also many other experts?

(The Quint is available on Telegram. For handpicked stories every day, subscribe to us on Telegram)

Published: 
Stay Updated

Subscribe To Our Daily Newsletter And Get News Delivered Straight To Your Inbox.

Join over 120,000 subscribers!