How to improve Indian EVMs?

| Comments (0) | Voting
As I mentioned earlier, Prasad et al.'s research clearly demonstrates that there are attacks on the election machines used in India. On the other hand, during the panel at EVT/WOTE the Indian election officials argued that there were serious fraud problems (especially ballot box stuffing) with the paper ballot-based system they used before the introduction of the EVMs, so there's going to be a huge amount of resistance to just going back to paper ballots. Without taking a position on paper versus machines, it's worth asking whether it's possible to build a better version of the existing EVMs (bearing in mind that there are something like a million of these machines out there, so change isn't going to be easy.)

Prasad et al. have three major complaints about the EVMs:

  • It's possible to replace the display, causing it to show any vote totals the attacker chooses.
  • It's possible to rewrite the memory chip that stores the vote totals.
  • The firmware on the devices is secret and the the devices are designed so that the firmware cannot be read off. This makes it difficult to determine whether the devices have malware (either installed at manufacture time or later.)

These are obviously real problems, though how serious they are of course depends on whatever procedural controls are used with the machines. Obviously, it would be better to have a machine without those problems. In DC I asked the panel to assume that they were stuck with something like the existing DREs (this isn't hard for Indiresan and Shukla, of course) and consider how they would improve them. I didn't get much of an answer, but I still think it's worth considering.

Over the next few days, I'll be talking a bit about how to address some of these issues.

Leave a comment