Technology Risks to EVM?
- Thread starter Neotheone
- Start date
samavery42
Recruit
Not to sound crass. But what issues have they fixed exactly? Afaik, Vvpat is introduced, which is a completely different unit that is connected to the machines. Other than that the software & hardware technology of the machines are same. It's still opaque and not allowed to be researched on. We're completely basing it on our trust of the ECI.
B
BullettuPaandi
The video that I'd shared in my earlier post covered this in much detail & context; but if you don't understand Tamizh you can find the base info here.
blr_p
Skilled
If it's improbable to keep secret due to human involvement then how can nobody not know if it becomes compromised for years?
Wrong conclusion. I'm with the SC here. It's not because of being boomers but because there is no merit in doing so.
For me there is no better anecdotal proof the system is working than when both sides over the span of a decade complain it doesn't. Both complaining is good. Only one complaining is grounds for suspicion. Does that make sense.
Second, don't you see the contradiction of a party complaining when they lose but quiet when they win. The losing party is unable to hack the system and wants it gone. So allege fraud
It's these fraud allegations dressed up as genuine complaints that is the scam. But these complaints are empty as no party to date has ever come forward to officially challenge the results. Not a single one in over a decade be it at city, state or national.
There is a lot of money involved in these elections yet nothing on this front FROM ANYWHERE IN THE COUNTRY ?? This is very revealing. Way way more than what any researcher has to say anywhere.
What's your conclusion?
Mine is anything is possible but the real question is how probable? Not very. Which is why asking whether something is possible is not a good, question as it is meaningless most of the time. Always ask whether probable.
If nothing has been detected as yet or that's what we've been given to believe then so far so good.
I'm stating it would not at the EVM level as it's impractical. Unless you want to tell me otherwise.
Which is why I'm asking people to look at the most likely place where it can go wrong.
Counting or wherever the results are collated. A digit changed here or there is relatively easier to do, I'm assuming and makes redundant the effort required to do it collectively at the EVM level?
I don't know how to disprove this part.
Other than to say checks & balances in place.
eg. checksums might be involved and there are checks at each stage with other accompanying checks throughout so numbers cannot change from one stage to the next without some alarm being thrown.
Meaning an audit trail would be available and would make finding trivial and hence risky for those concerned at which stage the discrepancy occurred unless there is collusion.
You're now back to the same problem of logistics while not as hard as at the evm level still by no means easy and importantly sustainable. We have elections all the time here. Having to pull off such a feat successfully and consistently throughout the country without so much as a peep would be impossible.
But people are alleging it happens all the time isn't it and for a long while now
Last edited:
samavery42
Recruit
Sorry if you felt offended. My bad. Second, the link you shared said that they introduced "Tamper detection" and "self diagnostic" that can makes it inoperative if opened physically & 2nd one checks Fully whenever it's on.
Other than that, its OTP, advance encryption and things related to pressing buttons.
But get this. These are all physical features that only ECI knows how they work or what exactly they mean by encryption or advanced technologies.
And if you go further down, voila, they are using the same software by the 2 same govt. owned companies that is being used since 1982.
Meaning they're using the same software but they changed some hardware that only they know how works, and even if it is effective to what extent. And only some people like us are literate enough to take their word for it. So imagine explaining this to a general voter and expect them to understand.
I blame political parties as they themselves are incompetent and prude enough that they don't expect general voter to have an understanding of this mechanism. The only reason this issue is not being solved is because of inertia. Nobody wants to take the accountability and that's why it feels like a waste of time by the voter and the politicians.
Also checkout Tom's video on this
samavery42
Recruit
Read the research, it has multiple examples of vulnerabilities.
I agree with Tom
Well... the elections shouldn't be run on so far so good. And detection works on testable things. For eg. Whenever there's ballot voting, and if booth capturing occurs, atleast people get to know that the booth was captured. Every voter in the polling station+ officials + media, and especially now with smartphones, we'll get to know.
So precisely with this line of thinking, it's hard to know the credibility of detection, because nobody knows how to test. And with the recent lost credibility of the Indian institutions, it is becoming harder and harder to put the faith of a billion people in the hands of a few.
roadrash99
Disciple
Any electronic counting machine will be opaque, VVPAT adds a redundancy check so you can verify the counts on randomly selected EVMs, I can't think of any improvements possible to this system.
blr_p
Skilled
Who have delivered now consistently for well over three decades.
Who else can you want to trust
samavery42
Recruit
Well it could be improved.
The EVM-VVPAT case judgment is disappointing
The Supreme Court’s judgment in the Association for Democratic Reforms vs Election Commission of India and Another (2024) is disappointing
@roadrash99
> Any electronic counting machine will be opaque
Need not be, why not allow open designs and there by open review of the h/w and s/w ?
> VVPAT adds a redundancy check so you can verify the counts on randomly selected EVMs
Can doubt considering the knowledge level and general awareness of rural people on technical devices. Even if vvpat prints wrong names, etc. they may not get adequate know-how, mental /physical conditions to properly verify it.
> I can't think of any improvements possible to this system.
Won't open designs make such devices more tamper-proof, avoid conspiracies than depending on security by obscurity method ?
@blr_p
> Who have delivered now consistently for well over three decades.
> Who else can you want to trust
There are trust issues whether it is justified or not. Isn't that why such discussions are happening ?
And had some weird cases like Chandigarh mayoral poll (their behavior and propensity, not the method /technology used). Meaning, they are all humans in the end.
> Any electronic counting machine will be opaque
Need not be, why not allow open designs and there by open review of the h/w and s/w ?
> VVPAT adds a redundancy check so you can verify the counts on randomly selected EVMs
Can doubt considering the knowledge level and general awareness of rural people on technical devices. Even if vvpat prints wrong names, etc. they may not get adequate know-how, mental /physical conditions to properly verify it.
> I can't think of any improvements possible to this system.
Won't open designs make such devices more tamper-proof, avoid conspiracies than depending on security by obscurity method ?
@blr_p
> Who have delivered now consistently for well over three decades.
> Who else can you want to trust
There are trust issues whether it is justified or not. Isn't that why such discussions are happening ?
And had some weird cases like Chandigarh mayoral poll (their behavior and propensity, not the method /technology used). Meaning, they are all humans in the end.
Last edited:
B
BullettuPaandi
Nothing you posted was offensive. No apology necessary; we're just discussing here.
They're not all physical features; if these features are in fact present, software has to be different. These features are so basic and frankly should've been present since Gen1 that, I don't think they added nothing and just reported to press that they did.
It is undeniable that there's room for improvement. Even SC suggested some post-process precedures in their latest statement.
Transparency is also undeniably better than obscurity for developing secure Tech. So, I do not think this is as good as it gets.
But, I am just trying to stick with the topic here: I don't think there's a risk. Current EVMs are not-vulnerable-enough; albeit, mostly due to just a 'security through obscurity' practise & perhaps the incompetence you mentioned xD.
VVPAT prints the symbol. It must be the slightest of edge cases where people can't verify the symbol that they just voted to, if at all.
Last edited by a moderator:
Can I check if you have, or others have thought through about your time horizon? How many years before we have viable technologies that could intrude.
I do not know how to trust institutions when they use obscurity and secrecy as reasons to withhold information. Frankly, most powerful intelligence agencies are likely to have the source code and chip design data of all EVM makes, and the secrecy is most likely limited to the layperson or even a well-meaning security researcher. It is difficult to realistically argue otherwise, unless you think that in this vast network of EVMS spread across India, there is no way to get access to EVMs and analyze them for vulnerabilities even for such well-resourced state backed actors. A I'm not sarcastic here when I say I envy you, trust me. I get a lot of heartburn because I can rely only reason and evidence before trusting statements from authorities, because in my view, governments and bureaucrats are usually so entrenched in power structures that benefit from the status quo, that they tend to recognize problems when the shit hits the fan.
blr_p
Skilled
He's making the same argument I've made with one critical difference. He thinks attacks on a paper ballot do not scale well. Implying they do with an electronic one. This is the conventional wisdom in the west. And I've even heard people say that paper ballots are physical proof that a vote was cast but there is no such equivalent proof with an electronically cast vote.
Atoms over bytes
He says nobody physically takes voting machines to the place they're being counted. Maybe not in the west but in India that does happen under paramilitary guard I might add. Also the case in Brazil going by the comments. Tom seems to have done no research on electronic voting systems. He's speaking purely from a tech point of view. Which is the issue with this thread as well.
He wants an explanation of checksums that the voter can trust. These are internal procedures that won't be made public but have to exist if the system is to be trusted by parties involved and the auditors here would be party representatives. Each with a stake that nothing goes wrong. So no it's not the voter that needs to trust this but the participating political parties.
How the results are transmitted is an open question but this too can be verified with checksums.
The central counting server is the thing. This is where my initial post was directed. But want to add here that if tallies are kept in intervening stages then a false grand total can be caught easily. Isn't it?
Remember when you send parcels by courier that the weight is checked at numerous points along the way? Same principle applies here
He does not mention intermediary checks and balances. He does not mention that all parties participating in the election are just as important stakeholders in the outcome as voters.
India is a strict adherent to the KISS principle. A lot of this casting doubt talk is more applicable with modern systems. Not 80s era calculators with sealed memory. Old does not mean bad here. It means first cheap, then simple which means reliable and finally very well understood.
I don't see us voting from home or via computer anytime soon. I don't think there is even the provision to vote by post either. At least not yet.
Err explain what are you referring to here
I'm saying suppose they have. Then what
Bureaucrats are entrenched. Governments are not. They come and go. They would like most to remain in power though
As for foreign actors that would like nothing better than to see this government gone well you're playing to my forte there
Have posted about it in the past and people here think I'm being overly paranoid
Last edited:
B
BullettuPaandi
Good question. I haven't really. Can't really put a number on future technologies; those could come from anywhere.
Read that they disposed of the Gen1 machines after 15 years; can say for sure that it's too damn long.
I imagine if there's going to be an issue it'll probably be some sort of skimmer device - such as the ones we've been seeing on ATMs that disguise as a part of it. So, if there's reasonable doubt of breach, say someone stole an EVM somewhere which could be used to device a skimmer, a facelift should be ready to roll out after perhaps a reasonable postpone. So, they don't even need to keep instantly updating everything; just be on the loop.
I'd say one just-about-significant update (or) just switching things up every General Election; local elections in between could be used for testing.
blr_p
Skilled
It seems the best way to stop EVM's is to go after trust. Trust in the unseen that is hard to address by the average person.
If a foreign actor wanted to screw with elections in this country they should mount a psychological war campaign that made the electorate lose trust in EVM's.
Kinda hard to do without tiktok huh
If a foreign actor wanted to screw with elections in this country they should mount a psychological war campaign that made the electorate lose trust in EVM's.
Kinda hard to do without tiktok huh
samavery42
Recruit
It's all about trust.
I see. So you're right that this thread is concerned with the technical aspect, which is very valid one, for which you aren't particularly concerned about because you're putting your trust in the incentive structures of political parties.
Why wouldn't they interfere when concerned about their own personal seat?
For which friend I would like to break some news to you. Indian politicians and their cadre are very very very stupid. They aren't organised, disciplined or intelligent to a system. Their system purely works on what the party narrative is. If party says EVM good, they good. If party says no, than it's a no no.
Yes, every party sends a representative to polling booths and checks are ensured. But the party people there are just to stand and see whether the opposition members aren't doing some ghapla. That's it. And even if there's some mistake or error, they'll start blaming each other, even if it's a technical issue.
So I premised by saying it's improbable to do it physically during elections, but technically, the only judge and juror is ECI. And frankly I don't trust them either. As the ruling parties are now capturing institutions for political gains more and more.
This is the inertia i was talking about. Unless there won't be a consensus that there are some doubts and queries towards EVM working, forwarded by all political parties,I'm saying suppose they have. Then what
you and me can't do sh*t. This has to first be addressed by them and communicated to the public, than only a change can be achieved.
blr_p
Skilled
Give examples. Any sources
I hear this line many times but nobody seems to be able to explain
Here's something to look at
ECI is telling you how they go about it
Why don't you read it and give us your assessment?
Discussions are happening because people are ignorant of the process. It takes effort to learn.
So then these people should read what the ECI has put out and familiarise themselves with the procedures. ECI put out a lot of literature..
Manuals and Handbooks
Knock yourself out and learn. Who's up for it? NOBODY
Landmark judgements
This will make for interesting reading
These happen from time to time. They are exceptions that do not make the rule. But try convincing people otherwise..
It takes one line to say something is wrong. Very little time spend. I don't trust this or that. Well, what are you doing about it.. nothing. So keep repeating the same zero value statement. Best part here is 'maybe' wrong.
The effort to correct that perception requires an order of magnitude of effort and knowledge.
The ECI's record speaks for itself. This is one of those institutions people developed a big respect for after one administrator in the 90s that set it straight. Name escapes me. ECI are proud of their record and they should because they're supervising the biggest elections on the planet. All run smoothly with minimal acrimony. Hell of an achievement
Last edited:
B
BullettuPaandi
There are no such internal procedures only the parties know of. There is no reason to not make such procedures public, if they do exist. A huge part of the public, mostly teachers, are the ones that carry out most procedures anyway. All procedures from setting up, like loading symbols into the VVPAT, verifying integrity of the hardware & software, all the way to counting are made public.
Regardless, the issue Tom talks about is that, even with open-sourcing software the voter has to trust that the same software is indeed the one running on their machine; even if there's a checksum/hash function that verifies the integrity, the voter has to trust that the checksum is working properly. There is no absolute fool-proof way to allow even geekiest of geeks for not having to trust; meaning they KNOW that the system is solid.
This issue doesn't apply to us, or rather we don't get to apply, as we are asked to trust the closed software itself & the inherent features that mitigate known issues. Only the basic mechanisms like whether every candidate starts with a zero, whether a count does add one exact count, etc. are shown in front of the party representatives.
roadrash99
Disciple
Design of the machine doesn't matter. People can argue that how can they trust the h/w and s/w has not been tampered with? Nothing can beat paper slips in that aspect.
They are suggesting process improvements, regarding how many VVPATs to cross check with EVM count. But the concept of EVM+VVPAT itself is good enough like I said.Well it could be improved.
The EVM-VVPAT case judgment is disappointing
The Supreme Court’s judgment in the Association for Democratic Reforms vs Election Commission of India and Another (2024) is disappointingwww.thehindu.com
blr_p
Skilled
Check the manuals
We know that it's harder to rig than the paper system that came before. Going through the videos comments it's evident Tom has done zero research on electronic voting systems in use and speaks purely from a tech point view. What surprised me is for an end 2019 video there were hardly any Indians pointing out his video was pointless.. That job fell to Brazilians who concluded the same thing.
People don't want these abstract/theoretical talks. Here is the system. Now show where is the problem.
They do mock counts before the actual counting takes place in front of party representatives.
Isn't the vote also recorded on a second machine and totals for evm and this machine tallied at the end. That way this argument is redundant
Last edited: