Is there a possibility of rigging electoral outcomes in a general election to the Lok Sabha? This question has arisen not only because of the unexpected number of seats won or lost by some parties in the recent contest. It is accentuated by the recent spate of articles published in reputed computer engineering journals and in the popular international press, which raise doubts about the integrity of Electronic Voting Machines (EVMs). For example, the respected International Electrical & Electronics Engineering Journal (IEEE, May 2009, p.23) has published an article by two eminent professors of computer science, titled “Trustworthy Voting.†They conclude that although electronic voting machines do offer a myriad of benefits, these cannot be reaped unless nine suggested safeguards are put in place for protecting the integrity of the outcome. None of these nine safeguards, however, is in place in Indian EVMs. Hence, electronic voting machines in India today do not meet the standard of national integrity or safeguard the sanctity of our democracy. Newsweek (issue of June 1, 2009) has published an interesting article by Evgeny Morozov, who points out that when Ireland embarked on an ambitious e-voting scheme in 2006, such as touch-screen voting machines, the innovation was widely welcomed. Three years and 51 million euros later, the government scrapped the entire initiative. What doomed the effort was a lack of people’s trust in the machines. Voters just didn’t like that the machines would record their votes as mere electronic blips, with no tangible record. Mr. Morozov points out that, as most PC-users know, computers can be hacked. While we are not unwilling to accept this security risk in banking, shopping, and e-mailing (since the fraud is at the micro-level and of individual consequence, which in most cases is rectifiable), the ballot box is sacred. It needs to be perfectly safeguarded because of the monumental consequence of a rigged or faulty vote recording. It is of macro-significance, in the nature of an e-coup d’etat. At least that’s what voters across Europe seem to have said loud and clear. Thus, a backlash against e-voting is brewing across the European continent. After nearly two years of deliberation, Germany’s Supreme Court ruled last March that e-voting was unconstitutional because the average citizen could not be expected to understand the exact steps involved in the recording and tallying of votes. Ulrich Wiesner, a software consultant who holds a Ph.D. in physics and who filed the initial lawsuit, said in an interview with the German magazine Der Spiegel that the Dutch Nedap machines used in Germany were even less secure than mobile phones! In fact, the Dutch public-interest group ‘Wij Vertrouwen Stemcomputers Niet’ (‘We Do Not Trust Voting Machines’) produced a video showing how quickly the Nedap machines could be hacked without voters or election officials being aware (it took just five minutes). After the clip was broadcast on Dutch national television in October 2006, the Netherlands banned all electronic voting machines from use in elections. Numerous electronic voting inconsistencies in developing countries, where governments are often all too eager to manipulate votes, have only fuelled the controversy. After Hugo Chavez won the 2004 election in Venezuela, it came out that the government owned 28 per cent of Bizta, the company that manufactured the voting machines. On the eve of the 2009 elections in India, I raised the issue at a press conference in Chennai, pointing out that a political party just before the elections had recruited those who had been convicted in the U.S. for hacking bank accounts on the Internet and credit cards. In the U.S. too, there is a significant controversy on Elms. In fact, the Secretary of State of California has set up a full-fledged inquiry into EVMs, after staying all further use. Why are the EVMs so vulnerable? Each step in the life cycle of a voting machine — from the time it is developed and installed to when the votes are recorded and the data transferred to a central repository for tallying — involves different people gaining access to the machines, often installing new software. It wouldn’t be hard for, say, an election official to paint a parallel programme under another password on one or many voting machines that would, before voters arrived at the poll stations, ensure a pre-determined outcome. The Election Commission of India has known of these dangers since 2000. Dr M. S. Gill, the then CEC, had arranged at my initiative for Professor Sanjay Sarma, the father of RFID software fame at the Massachusetts Institute of Technology (MIT), and his wife Dr Gitanjali Swamy of Harvard, to demonstrate how unsafeguarded the chips in EVMs were. Some changes in procedure were made subsequently by the EC. But the fundamental flaws, which made them compliant to hacking, remained. In 2004, the Supreme Court’s First Bench, comprising Chief Justice V. N. Khare and Justices Babu and Kapadia, directed the Election Commission to consider the technical flaws in EVMs put forward by Satinath Choudhary, a U.S.-based software engineer, in a PIL. But the EC has failed to consider his representation. There are many ways to prevent EVM fraud. One way to reduce the risk of fraud is to have machines print a paper record of each vote, which voters could then deposit into a conventional ballot box. While this procedure will ensure that each vote can be verified, using paper ballots defeats the purpose of electronic voting in the first place. Using two machines produced by different manufacturers decreases the risk of a security compromise, but doesn’t eliminate it. A better way, it is argued in the IEEE article I have cited, is to expose the software behind electronic voting machines to public scrutiny. The root problem of popular electronic machines is that the computer programmes that run them are usually closely held trade secrets (it doesn’t help that the software often runs on the Microsoft Windows operating system, which is not the world’s most secure). Having the software closely examined and tested by experts not affiliated with the company would make it easier to close technical loopholes that hackers can exploit. Experience with web servers has shown that opening software to public scrutiny can uncover potential security breaches. Now several High Courts are hearing PILs on the EVMs. This is good news. I believe the time has arrived for the Supreme Court to transfer these cases to itself, and take a long, hard look at these riggable machines that favour a ruling party that can ensure a pliant Election Commission. Else, elections will soon lose their credibility and the demise of democracy will be near. Hence evidence must now be collected by all political parties to determine the number of constituencies in which they suspect rigging. The number will not exceed 75, in my opinion. We can identify them as follows: any 2009 general election result in which the main losing candidate of a recognised party found that more than 10 per cent of the polling booths showed fewer than five votes per booth should be taken, prima facie, as a constituency in which rigging took place. This is because the main recognised parties usually have more than five party workers per booth, and hence with their families will poll a minimum of 25 votes per booth for their party candidate. If these 25 voters can give affidavits affirming who they voted for, the High Court can treat this as evidence and order a full inquiry. source : http://www.hindu.com/2009/06/17/stories/2009061755160900.htm
scientists say they can 'steal' ballots from EVMs Computer scientists in the US have demonstrated how electronic voting machines (EVM) can be hacked and votes ‘stolen’ using a malicious programming approach that had not been invented when the voting machine was designed. The team of scientists from the Universites of California, San Diego, Michigan and Princeton employed "return-oriented programming" to force an electronic voting machine to turn against itself. "Voting machines must remain secure throughout their entire service lifetime, and this study demonstrates how a relatively new programming technique can be used to take control of a voting machine that was designed to resist takeover, but that did not anticipate this new kind of malicious programming," said Hovav Shacham. Shacham is professor of computer science at UC San Diego's (UC-SD) Jacobs School of Engineering and study co-author. His study demonstrates that return-oriented programming can be used to execute vote-stealing computations by taking control of an EVM designed to prevent code injection. The computer scientists had no access to the machine's source code--or any other proprietary information--when designing the demonstration attack. By using just the information that would be available to anyone who bought or stole a voting machine, the researchers addressed a common criticism made against voting security researchers: that they enjoy unrealistic access to the systems they study. "Based on our understanding of security and computer technology, it looks like paper-based elections are the way to go. Probably the best approach would involve fast optical scanners reading paper ballots. These kinds of paper-based systems are amenable to statistical audits, which is something the election security research community is shifting to," said Shacham. "You can actually run a modern and efficient election on paper," he said. "If you are using electronic voting machines, you need to have a separate paper record at the very least," he added. There findings were presented at the 2009 Electronic Voting Technology Workshop. source : Zee News
The answer is NO No. This particular hack does not apply to Indain EVM's. I came across this post while googling for the paper published by the researchers and just registered only to say this. The Indian EVM's are the simplest of machines and nothing improves security like simplicity. The US evm's are unnecessarily complicated and have a complex closed source operating system and software. The researcher's here used a return oriented approach to bypass the security in that software. You too can read the full paper here: http://www.usenix.org/events/evtwote09/tech/full_papers/checkoway.pdf Basically, the method won't work on Indian evms. This is just the US media echo chamber pretending that the rest of the world does not exist and unfortunately the Indian media echoing it too. Nothing unusual. tldr; No. This method cannot be used on India evm's.