Thursday, September 02, 2010

rajeev in rediff on EVMs, in two parts

sep 2nd, 2010


The real issue with Electronic Voting Machines


Rajeev Srinivasan on how EVM problems are much bigger than technology or politics


I have been doubtful about electronic voting machines for quite some time based on what one might call a healthy engineering skepticism. To put it bluntly, I don't trust computers. This comes from, at a point in the past, working with operating system innards and security. Since operating systems are the software that we implicitly trust to run most mission-critical systems, I have noticed that we are basically just one or two bugs away from disaster.


Even though there are rules of thumb and safety factors in software development just as there are in other engineering disciplines, software is still an art, not a science. And even the more mature engineering areas, much closer to science, like civil engineering, are still not perfect – the occasional bridge does collapse, albeit rarely.


Therefore the touching faith we repose in computers – and this is especially true in India – is misplaced. It would be a really bad idea to not have a backup mechanism that is not computer-based, especially when we are talking about embedded systems, the relatively primitive machines that run all sorts of devices such as refrigerators, microwaves, ATMs, etc. This, of course, was the rationale behind the famous Y2K panic, as people worried about whether planes would fall out of the sky as the result of an obscure software practice – years were coded in two digits, not four (ie. 48, not 1948).


Looked at from first principles, then, Electronic Voting Machines are inherently not the most reliable systems available. Nevertheless, they have undisputable advantages: for one, it is not possible to do physical 'booth-capturing'. Besides, votes are converted into digital impulses that can be manipulated easily, so that all sorts of things can be done with them – counting can be lightning-fast; and statistical data collection, analysis, data mining, and so on can all be done with great facility.


Unfortunately, that strength is also, ironically, the Achilles heel of EVMs. Since there is no physical audit trail of the vote, once you have cast your vote, you cannot verify that your choice of candidate has been honored. It is a relatively minor task for a software-savvy criminal to fix an election, with nobody being the wiser.


I made a primitive demonstration of this sort of activity when I ran an Internet poll on my blog about who India's best prime minister was. 300 people voted, and there was a clear winner, and some others got very few votes. But I found that if I took the real results, and applied a simple algorithm to it: that is, such as diverting 1/3rd of each person's votes to a third candidate, I could at will have anybody 'win', even someone who got just 1 vote. And the pattern of votes 'gained' did not look particularly suspicious.


Furthermore, in an eerie reminder of the way real electronic voting works, even after the poll 'closed' with 292 votes, it still accepted 8 more votes. I have no idea how or why it did that, and since I do not have the source code, there is no way I could figure it out, either. That is another important problem – unless third parties are able to verify beyond reasonable doubt that the system is trustworthy, in effect the system is completely untrustworthy.


... deleted

1 comment:

Prince said...

Rajeev

Was one of avid readers of your columns in rediff some years before. But I am now completely avoiding rediff as it has become a junk site and looks like they are being funded by the Congress machinery. Has become similar to Toilet Paper of India!