india

Updated: Apr 27, 2017 19:18 IST

A group of computer scientists, engineers and security technologists have asked the Election Commission to allow them to perform actions that “might be performed by an insider in the process, or a criminal,” to be able to get a “technical perspective, to understand what kind of tampering is possible” before it sets out the “open challenge” to hack its electronic voting machines (EVMs).

The poll panel will hold a hacking challenge in May, putting out EVMs that were used in the recent elections and some which will be used in the upcoming ones for the challenge.

The move comes in the wake of the opposition rallying together to demand a scrutiny of the machines, alleging that the voting machines could have been manipulated to favour the ruling BJP.

In a letter to chief election commissioner Nasim Zaidi, the group has asked for design documents, test descriptions and results, as well as information about the security procedures in place, for each generation of EVM currently in use.

It includes a professor from University of British Columbia, a senior principal software engineer at the New York Genome Center and a professor at the New York University (Brooklyn).

“Electronic devices cannot be guaranteed to be immune from tampering when there is a large number of insiders with access and non-insiders with mal-intent, attempting to subvert the device’s functioning. These include everyone who may have access to the EVM over the cycle of design, manufacture, testing, storage, maintenance, calibration and deployment,” the group has written.

Though the commission will lay down a set of rules such as not allowing the machines to be taken out of the premises or physically ripping them apart, the group has insisted that should the EC not allow physical tampering, then it must “explain why an insider or a criminal would not have that kind of access” to tamper the machines.

“A team of experts should be tasked with preparing recommendations to address each important security vulnerability discovered during the challenge and the longer-term testing; their report and the decisions of the EC regarding a timeline for addressing each issue should be made public,” the group has written.

In 2009, when a similar exercise was carried out by the poll panel it had refused to let the challengers take the machines apart.

The group said it was aware that the previous challenge could not show how the machines can be tampered with and pointed out, “electronic devices can be designed to detect when they are being tested, and it is practically impossible to test for every possible configuration and scenario. Hence, if the EVM challenge does not detect a problem, this does not mean that election outcomes are guaranteed to be secure in the future”.

They have also added a rider that “it is virtually impossible, whatever the qualification of the individual examining the EVM, to determine with certainty that EVMs are tamper-proof.”

AAP leader and Delhi chief minister Arvind Kejriwal, an IIT alumnus told a television channel recently that there are 10 ways to hack the machines. Though he clarified that he does not know how to tamper one, he said the manufacturers of the computer chip in the machines could add a code, virus or a bug.

His claims have been dissed by the poll panel.

“An all-party meeting will take place and the commission will announce the do’s and don’ts for the competition, before the hacking challenge. The commission’s guidelines will have to be followed,” an EC source said.

The commission has doggedly denied that the machines that have been in use since the 2004 general elections and in over 30 elections to state assemblies during the last 5 years can be tampered with.

It has, however, agreed to the challenge that will span from seven to 10 days at the EC headquarters in the Capital to put speculation about the efficiency of the machines to rest and assert their imperviousness to manipulation.