Voting: April 2010 Archives


April 30, 2010

India, as is often noted, is the world's largest democracy. However, in that democracy, people vote on relatively primitive "electronic voting machines": electronic DREs mated to nonprogrammable control devices. Yesterday, Prasad et al. (together with electronic voting machine scourge Alex Halderman) reported that the electronic machines (EVMs) used in India are no more secure than American DREs. They describe two attacks:
  • They show how to replace the 7-segment LED display on the control device with their own display. The replacement can be remotely controlled to show any result they choose.
  • They show how to rewrite the memory of any voting device to store a result of their choice.

My initial reaction is that these results aren't really that surprising. The machines are computers, after all, and so if you replace components you can get them to do more or less whatever you want. The attacks require a fair amount of physical access, either to replace components which are at least in theory inspectable or to rewrite memory in a substantial fraction of the million-plus deployed machines with every election. Nevertheless, just because the attacks are unsurprising doesn't mean they're not bad.

The demonstration video the authors produced also features one of the Indian government's experts arguing that the fact that the voting machine binaries are stored in unreadable ROM is a feature since nobody can modify it. Of course, as the authors observe, this also precludes any real examination of the software on the chips, which means that an attacker who has physical access could at least in theory replace them. [Note that there are "trusted computing" mechanisms for building systems without this property, but the Indian devices don't employ them.] Even more interesting is the authors report that at least offers to cheat the machines if not actual fraud happen somewhat regularly:

These reports are extensively surveyed by Rao [49]. For instance, in the 2009 parliamentary election, he relates that there were reported EVM malfunctions in more than 15 parliamentary constituencies across the country. Especially troubling are reports that when the voter pressed a button for one candidate, a light would flash for another, which could be explained by a simple attack on the EVM cable [49, p.45] . Rao also relates reports from prominent politicians that engineers approached them in 2009 offering to fix elections through this method [49, pp.60-61].


We have had direct experience with attempted fraud. Hari Prasad, a coauthor of this report, was approached in October 2009 by representatives of a prominent regional party who offered to pay for his technical assistance fixing elections. They were promptly and sternly refused.

The technical paper is: here.