India's e-voting machines vulnerable to fraud

E-voting security researcher J Alex Halderman writes,

India, the world's largest democracy, votes entirely on paperless electronic voting machines. There are an incredible 1.4 million machines in use. Authorities claim they are "tamperproof", "infallible", and "perfect," but they've prevented anyone from doing an independent security analysis by denying access on secrecy and intellectual property grounds. Hari Prasad, Rop Gonggrijp, and I got access to a machine from an anonymous source, and last week we released a research paper and video that demonstrate how they can be manipulated to steal votes.

Election security researchers have largely ignored computer voting in developing nations, but Nepal, Bhutan, Bangladesh, Mauritius, Malaysia, Singapore, Namibia, South Africa and Sri Lanka are using or considering adopting systems like India's. These machines are much simpler than the designs used in the US and Europe, but this makes attacking the hardware even easier. We developed two attacks that can be carried out by dishonest election insiders or other criminals. The first attack is to replace the part of the machine that displays vote totals with a dishonest look-alike component. It adds a hidden microcontroller that intercepts the totals as they're displayed and replaces them with fraudulent results. A hidden Bluetooth radio allows the attacker to signal which candidate should win using a mobile phone. We also made a second device that attaches directly to the memory chips inside the machine and manipulates the votes. This device fits in a shirt pocket and takes only a couple of seconds to change the results or figure out how everyone voted.

I've studied electronic voting machines for years, but I've never had such a strong sense that actual fraud might be taking place. There have been dozens of reports from around India that politicians have been approached by engineers offering to manipulate the machines to steal votes. My Indian coauthor, Hari Prasad, was himself approached by a prominent party and asked to help them with such manipulations! It's just too easy, thanks to the simple design of the machines and the lack of adequate safeguards, and there are probably a million people in India with the necessary electronics skills.

Many people believe that using a simple design makes these machines safer than the complex machines used in the U.S. (which sometimes contain almost a million lines of code), but simple machines are much easier to attack via hardware, and simplifying too much means giving up standard security techniques like strong cryptography. Essentially, you're left with a system that depends entirely on the physical security of the machines, just like paper ballots depend on the security of the ballot box, but with much less transparency than paper voting. What India and other democracies need is a system that's both secure *and* transparent, so that voters can have well-founded confidence their votes count.

Even Simple E-Voting Machines are Insecure (Thanks, Alex!)

12

  1. This is fine news. It’s important to stay modern and current with the major Western democracies.

  2. Fascinating and informative- Cory, these are the posts that make boingboing worth reading! If the U.S. could get away with complete electronic fraud in 2000, I can only imagine where we are now, a decade later!

    Thanks.

  3. “Tamperproof”, “infallible”, and “perfect” are pretty strong claims – too strong to be accepted without independent verification. An honest company would have no fear of being tested – it would make for great P.R. if the machines passed, and would allow for product improvement if they fail.

  4. Good article Alex. Few days back NDTV (one of popular Indian TV, well connected to ruling congress party) gave outstanding award to Naveen Chawla Election comissioner, for bringing outstanding technological acheivement in election’s. Popular anchor Prannoy Roy (well connected to Congress party’s leadership) went on to say American’s looks at our EVM’s and say wow!
    This is a big network of media, crooked politicans rigging Indian elections. u can watch the award cermony to Naveen Chawla controversial election comissioner

    http://www.ndtv.com/convergence/ndtv/new/ioy09/ioyhome09.aspx

  5. Hope Indian Election Commission wakes up to the calls to save its democracy. It will be difficult ride but Indians will succeed if they keep the pressure.

    Regards,
    satya

  6. Apart from the problem of hacking, the evms without paper receipt are illegal, as without the evidence, of action of the machines on pressing the button, they can not be considered legal. Ajay Jagga, Advocate, India

  7. Scary to think that EVMs could be tampered with on a mass scale. Incremental improvements in design should be effected in the EVMs gradually to avert any such possibility.

    Sanjay Uvach
    Corruption in India

  8. When talking about moving India’s voting system to a more modren system like in the US you have to look at the scale. 1,368,430 machines are used in the previous election and moving them to a modern system is costly, what can be done is improving the existing system. Any electronic system can be tampered with especially systems connected on a network and that use software. Tampering with hardware on disconnected machines needs a cordinated effort from many people to effect the outcome.

  9. In 1971 Parliamentary election, Mrs Gandhis National Congress won with two third majority. It was a ballot paper election.Then the opposition parties made a hue and cry saying some fraud had happened. Mr. Balraj Madhok wrote a book regarding this titled Murder of Democracy. In this book it was alleged that a special magical ink was brought from USSR for voting and only with its help Mrs Gandhi won. But in the next election Congress party was routed out because of Emergency imposition. Then no body gave no explanation why Mr Gandhi didnt bring that magical ink this time.Politician are always politicians. If at all Indian EVM has to be tampered at least thousand persons should cooperate for that, as Dr T.N.Sheshan,the former Election Commissioner of India correctly pointed out.

Comments are closed.