Monday, May 03, 2010

Indian EVMs insecure. Scrap them. Order fresh Lok Sabha elections

may 1st, 2010

the 'decent' manmohan singh and company stole the 2009 election.

this is fascism in action. 

i believe this is how demagogues have come to power in the past (example hitler).

those who allowed this to happen are now suffering the consequences, as a. raja and others sell the country down the river.

they are kept misinformed and ignorant by the purchased media.

---------- Forwarded message ----------
From: S. Kalyanaraman
Date: Fri, Apr 30, 2010 at 7:55 PM
Subject: Indian EVMs insecure. Scrap them. Order fresh Lok Sabha elections
To:




Visit http://indiaevm.org/ See the video and images.

Indian EVMs insecure. Scrap them. Order fresh Lok Sabha elections

The Lok Sabha elections of 2009 are suspect. SC should declare the elections null and void, since use of EVMs is unconstitutionaL Caesar's wife should be above suspicion and Indian EVM are of suspected integrity. 
There are serious reports that ECI had access to results of elections for over 100 constituencies at least 13 days before the official declaration of results on May 19, 2009. Someone has to investigate these reports to save democracy in India and make the ECI accountable to the people, who have given to themselves a democratic, republis of India, that is Bharat.

Even giving a paper printout from EVM is an unsatisfactory, unreliable solution. Best option is to revert to paper ballot for which India holds the patent. cf. the invention by Parakesarivarman about 1000 years ago as documented in Uttaremerur inscription which was also discussed in Constituent Assembly debates by the late CM of Madras Presidency, Shri Tanguturi Prakasam.

kalyanaraman

India's Electronic Voting Machines Are Insecure, Study Finds

A group of researchers say Indian voting machines are vulnerable to fraud.
John Ribeiro, IDG News Service
Friday, April 30, 2010 06:50 AM PDT

Indian electronic voting machines (EVMs) are vulnerable to fraud, researchers said this week, and advocated that a paper trail should be maintained to verify the results of balloting.

The researchers have also released a video where they have demonstrated attacks on an EVM after tinkering with its internal electronics.

They got access to a working EVM, that was already used in an election, through an anonymous source, Hari Prasad, one of the researchers said on Friday. Prasad is managing director of Netindia, a Hyderabad-based technology firm

One attack involved replacing the display board of the machine with a look-alike component that can be instructed to steal a percentage of the votes in favor of a chosen candidate.

The new display board adds a microcontroller that replaces the election results with fraudulent ones as they are displayed, and a Bluetooth radio module that allows the attacker to wirelessly signal through his mobile phone which candidate should receive the stolen votes, the researchers said.

Though the use of mobile phones is prohibited within 100 meters of polling stations, this rule is infrequently enforced, the researchers added.

In another attack on the test EVM, the researchers used a pocket-sized device, attached to the memory chips, to change the votes stored in the EVM between the election and the public vote counting, which in India can be weeks later.

Storage rooms where EVMs are kept between elections are insecure, and criminals can bribe an official and get access to the machines, Prasad said.

Officials at the Election Commission of India were not immediately available for comment. Prasad said the researchers have offered to demonstrate the attacks to the Election Commission.

India uses EVMs of the Direct Recording Electronic (DRE) variety, which record votes only to internal memory and do not provide paper records for later inspection or recount.

The researchers have also raised concerns that criminals and people intending to rig elections can tamper with components. The EVMs are designed so that the firmware is stored in masked read-only memory in the microcontroller, and there is no provision for reading it out or verifying its integrity.

If the software was modified before it was burned into the CPUs, the changes will be very difficult to detect, the researchers said.

The chips are made in the U.S. and Japan, and nobody in India knows for sure what software is in the machines, or whether they count votes accurately, they added.

The researchers have recommended a voter-verified paper audit trail (VVPAT), which combines an electronic record, stored in a DRE machine, with a paper vote record that can be audited by hand. Existing EVMs do not have upgradeable software, but a VVPAT can be added on the cable between the control unit and the ballot unit, they said.

The researchers recommend precinct-count optical scan (PCOS) voting as an alternative. In this model, voters fill out paper ballots that are scanned by a voting machine at the polling station before being placed in a ballot box. Attacking either of these systems would require tampering with both the paper records and the electronic records, according to the researchers.


Security Analysis of India's Electronic Voting Machines

Abstract: Elections in India are conducted almost exclusively using electronic voting machines developed over the past two decades by a pair of government-owned companies. These devices, known in India as EVMs, have been praised for their simple design, ease of use, and reliability, but recently they have also been criticized because of widespread reports of election irregularities. Despite this criticism, many details of the machines' design have never been publicly disclosed, and they have not been subjected to a rigorous, independent security evaluation. In this paper, we present a security analysis of a real Indian EVM obtained from an anonymous source. We describe the machine's design and operation in detail, and we evaluate its security, in light of relevant election procedures. We conclude that in spite of the machine's simplicity and minimal trusted computing base, it is vulnerable to serious attacks that can alter election results and violate the secrecy of the ballot. We demonstrate two attacks, implemented using custom hardware, which could be carried out by dishonest election insiders or other criminals with only brief physical access to the machines. This case study contains important lessons for Indian elections and for electronic voting security more generally.

Full technical paper at http://indiaevm.org/evm_tr2010.pdf

Excerpt:
Conclusions

Despite elaborate safeguards, India's EVMs are vulnerable to serious attacks. Dishonest insiders or other criminals with physical access to the machines at any time before ballots are counted can insert malicious hardware that can steal votes for the lifetime of the machines. Attackers with physical access between voting and counting can arbitrarily change vote totals and can learn which candidate each voter selected. These problems are deep-rooted. The design of India's EVMs relies entirely on the physical security of the machines and the integrity of election insiders. This seems to negate many of the security benefits of using electronic voting in the first place. The technology's promise was that attacks on the ballot box and dishonesty in the counting process would be more difficult. Yet we find that such attacks remain possible, while being more difficult to detect.

It is highly doubtful that these problems could be remedied by simple upgrades to the existing EVMs or election procedures. Merely making the attacks we have demonstrated more difficult will not fix the fundamental problem: India's EVMs do not provide transparency, so voters and election officials have no reason for confidence that the machines are behaving honestly. 

India should carefully reconsider how to achieve a secure and transparent voting system that is suitable to its national values and requirements. One option that has been adopted in other countries is to use a voter-verified paper audit trail (VVPAT), which combines an electronic record stored in a DRE with a paper vote record that can be audited by hand [43]. Existing EVMs do not have updatable software, but it would be possible to add a VVPAT by interposing on the cable between the control unit and the ballot unit. Another option is precinct-count optical scan (PCOS) voting, where voters fill out paper ballots that are scanned by a voting machine at the polling station before being placed in a ballot box. Attacking either of these systems would require tampering with both the paper records and the electronic records, provided that routine audits are performed to make sure these redundant sets of records agree [14]. A third option is to return to simple paper ballots. Despite all of their known weaknesses, simple paper ballots provide a high degree of transparency, so fraud that does occur will be more likely to be detected.

Using EVMs in India may have seemed like a good idea when the machines were introduced in the 1980s, but science's understanding of electronic voting security—and of attacks against it—has progressed dramatically since then, and other technologically advanced countries have adopted and then abandoned EVM-style voting. Now that we understand what technology can and cannot do, any new solutions to the very real problems election officials face must address the problems, not merely hide them from sight.

1 comment:

Anonymous said...

What do we do with a CEC who is a KKangress stooge and anti-BJP? Can the earlier CEC (retd) be persuaded to give a statement condemning these machines?