---
abstract: |
  Free and fair elections are the expression of democratic emancipation.
  India's electronic voting machines (EVMs) are well-suited to Indian
  electoral conditions, and are better in terms of security than paper
  ballots. However, we still need to improve on two front: physical
  security of the EVMs, as well as mandatory risk limiting audits of the
  paper trail.
archive-url: "https://web.archive.org/web/20230908220711/https://timesofindia.indiatimes.com/home/sunday-times/all-that-matters/how-to-make-evms-hack-proof-and-elections-more-trustworthy/articleshow/67004651.cms"
author:
- Pranesh Prakash
authors:
- Pranesh Prakash
categories:
- Security
citation:
  abstract: Free and fair elections are the expression of democratic
    emancipation.
  accessed: 2019-01-12
  archive: "https://web.archive.org/web/20230908220711/https://timesofindia.indiatimes.com/home/sunday-times/all-that-matters/how-to-make-evms-hack-proof-and-elections-more-trustworthy/articleshow/67004651.cms"
  author: Pranesh Prakash
  available-date:
    date-parts:
    - - 2018
      - 12
      - 9
    iso-8601: 2018-12-09
    literal: 2018-12-09
    raw: 2018-12-09
  citation-key: prakashHowMake2018
  container-title: Times of India
  issued:
    date-parts:
    - - 2018
      - 12
      - 9
    iso-8601: 2018-12-09
    literal: 2018-12-09
    raw: 2018-12-09
  license: Creative Commons Attribution-NonCommercial 4.0 International
    License (CC-BY-NC)
  title: How to make EVMs hack-proof, and elections more trustworthy
  type: article-newspaper
  URL: "https://timesofindia.indiatimes.com/home/sunday-times/all-that-matters/how-to-make-evms-hack-proof-and-elections-more-trustworthy/articleshow/67004651.cms"
comments:
  hypothesis:
    theme: clean
date: 2018-12-09
engines:
- path: /opt/quarto/share/extension-subtrees/julia-engine/\_extensions/julia-engine/julia-engine.js
keywords:
- risk limiting audits
- electronic voting machines
- EVM
- security
- VVPAT
license:
  text: CC BY-NC 4.0
  type: creative-commons
  url: "https://creativecommons.org/licenses/by-nc/4.0/"
listing-page: ../press.html
original-url: "https://timesofindia.indiatimes.com/home/sunday-times/all-that-matters/how-to-make-evms-hack-proof-and-elections-more-trustworthy/articleshow/67004651.cms"
publication: Times of India
title: How to make EVMs hack-proof, and elections more trustworthy
title-block-categories: true
toc-title: Table of contents
---

# How to make EVMs hack-proof, and elections more trustworthy

------------------------------------------------------------------------

*By Invitation*\
*Pranesh Prakash*

Free and fair elections are the expression of democratic emancipation.
India has always led by example: the Nehru Committee sought universal
adult franchise in 1928, at a time when France didn't let women vote,
and laws in the USA allowed disqualification of poor, illiterate, and
African-American voters. But how reliable are our voting systems,
particularly in terms of security?

Electronic voting machines (EVM) have been in use for general elections
in India since 1999 --- having been first introduced in 1982 for a
by-election in Kerala. The EVMs we use are indigenous, having been
designed jointly by two public-sector organisations: the Electronics
Corporation of India Ltd and Bharat Electronics Ltd. In 1999, the
Karnataka High Court upheld their use, as did the Madras High Court in
2001.

Since then a number of other challenges have been levelled at EVMs, but
the only one that was successful was the petition filed by Subramanian
Swamy before the Supreme Court in 2013. But before we get to Swamy's
case and its importance, we should understand what EVMs are and how they
are used.

The EVM used in India are standardised and extremely simple machines.
From a security standpoint this makes them far better than the myriad
different --- and some notoriously insecure --- machines used in
elections in the USA. Are they "hack-proof" and "infallible" as has been
claimed by the ECI? Not at all.

Similarly simple voting machines in the Netherlands and Germany were
found to have vulnerabilities, leading both those countries to go back
to paper ballots.

Because the ECI doesn't provide security researchers free and unfettered
access to the EVMs, there had been no independent scrutiny --- until
2010. That year, an anonymous source provided a Hyderabad-based
technologist an original EVM. That technologist, Hari Prasad, and his
team worked with some of the world's foremost voting security experts
from the Netherlands and the US, and demonstrated several actual live
hacks of the EVM itself and several theoretical hacks of the election
process, and recommended going back to paper ballots. Further, EVMs have
often malfunctioned, as news reports tell us. Instead of working on
fixing these flaws, the ECI arrested Prasad (for being in possession of
a stolen EVM) and denied Princeton Prof Alex Halderman entry into India
when he flew to Delhi to publicly discuss their research. Even in 2017,
when the ECI challenged political parties to "hack" EVMs, it did not
provide unfettered access to the machines.

While paper ballots may work well in countries like Germany, they hadn't
in India, where in some parts ballot-stuffing and booth-capturing were
rampant. The solution as recognised by international experts, and as the
ECI eventually realised, was to have the best of both worlds and to add
a printer to the EVMs.

These would print out a small slip of paper containing the serial number
and name of the candidate, and the symbol of the political party, so
that the sighted voter could verify that her vote has been cast
correctly. This paper would then be deposited in a sealed box, which
would provide a paper trail that could be used to audit the correctness
of the EVM. They called this VVPAT: voter-verifiable paper audit trail.
Swamy, in his PIL, asked for VVPAT to be introduced. The Supreme Court
noted that the ECI had already done trials with VVPAT, and made them
mandatory.

However, VVPATs are of no use unless they are actually counted to ensure
that the EVM tally and the paper tally do match. The most advanced and
efficient way of doing this has been proposed by Lindeman & Stark,
through a methodology called "risk-limiting audits" (RLAs), in which you
"keep auditing until either you've done a full hand count or you have
strong evidence that continuing is pointless". The ECI could request the
Indian Statistical Institute for its recommendations in implementing
RLAs. Also, it must be remembered, current VVPAT technology are
inaccessible for persons with visual impairments.

While in some cases, the ECI has conducted audits of the printed paper
slips, in 2017 it officially noted that only the High Court can order an
audit and that the ECI doesn't have the power to do so under election
law. Rule 93 of the Conduct of Election Rules needs to be amended to
make audits mandatory.

The ECI should also create separate security procedures for handling of
VVPATs and EVMs, since there are now reports of EVMs being replaced
'after' voting has ended. Having separate handling of EVMs and VVPATs
would ensure that two different safe-houses would need to be broken into
to change the results of the vote. Implementing these two changes ---
changing election law to make risk-limiting audits mandatory, and
improving physical security practices --- would make Indian elections
much more trustworthy than they are now, while far more needs to be done
to make them inclusive and accessible to all.

*The writer is a technology law and policy expert*