The controversy began in 2004 during the elections in the United States, where it was alleged that electronic voting machines had played role in manipulating election results. In September 2017, the Congolese elections commission (CENI) announced that it was planning to use voting machines for the December 23, 2017 elections. This had triggered controversy and fierce opposition from many in Congolese civil society and opposition. In the first of a series of briefing notes on the Congolese elections, the Congo Research Group published a short analysis of the voting machines.
The use of voting machines could foment chaos on election day due to the potential for breakdowns and glitches, an electorate that has not been educated in how to use the high-tech machines, and the insufficient amount of time allotted per voter;
Together with recent changes in the country’s electoral law, the use of the voting machines could undermine the secrecy of the voting process guaranteed by the Congolese constitution;
The lack of transparency with regards to the procurement process, the lack of public, rigorous testing of the machines, and the absence of an impartial third-party to monitor the use of the machines has further undermined an election commission that is already struggling to gain the public’s trust.
Only one other country in Africa has used similar machines – Namibia, whose electorate is 3 percent that of the Congo, and where the electoral commission invested extensive time in testing the machines and educating the population. Other experiences elsewhere suggest that, in order to prevent controversy and logistical problems, voting machines should be phased in slowly, through low-stake elections, before being used for national polls.
It should be mentioned here that, use of electronic voting machines can always be easily acceptable in those countries where electoral systems are transparent and the election commissions are widely respected as neutral. Otherwise, use of electronic voting machines or any abrupt or hurried decision of using electronic voting machines (EVM) can only generate doubts in the minds of the general voters as well as international observers.
In May 2018, malfunctioning EVMs had again marred elections in India and raised questions about the reliability of the device. Opposition Samajwadi Party (SP), Congress and Rashtriya Lok Dal had raised objections about vote tampering through the use of EVM. However, the Election Commission had called a large number of EVM failures exaggerated and said defective machines did not diminish the credibility of elections.
According to media reports, the EC was also ridiculed after its officials said the EVM machines malfunctioned due to heat waves in the northern region of Uttar Pradesh.
However, the EC assured leaders of the ruling Bharatiya Janata Party (BJP) and leaders of the opposition Samajwadi Party(SP), Congress and Rashtriya Lok Dal that the elections were going well.
The poll panel did release a statement saying the failure of the voting machines were not unusual, according to a Press Trust of India report. It said there were always “sufficient reserves” of EVM and Voter-Verified Paper Audit Trail (VVPAT) machines to replace defective ones at polling stations and kept secured with sector officers who took less than 30 minutes to replace the defective machines.
A paper trail machine shows the voter a slip confirming that his vote has gone to the same candidate he had chosen on the EVM. This cross-verifying procedure, introduced to foolproof the EVMs, was also under scrutiny as reports emerged about VVPAT malfunctions.
While opposition leaders demanded a new vote be held in places where EVMs were not replaced after more than one and a half hours of malfunctioning, the BJP delegation claimed 197 booths across the Lok Sabha seat of Kairana and state assembly constituency of Noorpur in Uttar Pradesh faced long periods of EVM failures.
The BJP had been wary in Uttar Pradesh as it lost two crucial constituencies – Phoolpur and Gorakhpur – to an anti-BJP coalition in by-elections. Earlier, SP head Akhilesh Yadav alleged that hundreds of EVMs were malfunctioning in booths, especially where his party had a dominating support base.
The Congress, Nationalist Congress Party and Shiv Sena in Maharashtra had all alleged the malfunctions were created by the ruling BJP to give the party favorable election results.
India’s Electronic Voting Machines Proven Insecure:
In a collaborative study, a team of Indian and international experts had revealed that the electronic voting machines used in Indian elections are vulnerable to fraud. Even brief access to the machines, known in India as EVMs, could allow criminals to alter election results.
These research findings are at odds with claims made by the Election Commission of India, the country’s highest election authority, which had maintained that weaknesses found in other electronic voting systems around the world do not apply to India’s EVMs. Less than a year ago, it stated: “Today, the Commission once again completely reaffirms its faith in the infallibility of the EVMs. These are fully tamper-proof, as ever.” As recently as two days ago, the Chief Election Commissioner described electronic voting machines as “perfect” and claimed that “till today, no individual could prove that the EVMs used by the EC can be tampered with.”
Almost the entire population of India votes on electronic voting machines. There are around 1.4 million of the machines in use, all of the controversial “Direct Recording Electronic” (DRE) variety. Such machines record the vote only to internal memory and provide no paper records for later inspection or recount. With DREs, absolute trust is placed in the hardware and software of the voting machines. Paperless electronic voting systems have been criticized globally and more and more countries and US states are abandoning such systems altogether.
In a video released, the researchers showed two demonstration attacks against a real Indian EVM. One attack involved replacing a small part of the machine with a look-alike component that could be silently instructed to steal a percentage of the votes in favor of a chosen candidate. These instructions could be sent wirelessly from a mobile phone. Another attack uses a pocket-sized device to change the votes stored in the EVM between the election and the public counting session (which in India can be weeks later).
This study was performed by researchers at NetIndia Private Limited, in Hyderabad, the University of Michigan in the United States, and at a non-profit in the Netherlands that specializes in electronic voting-related issues.
The researchers were also surprised to find that the vote-counting software in the EVM is programmed into so-called “mask programmed microcontrollers,” which do not allow the software to be read out and verified. Because these chips are made in the US and Japan, this has led to a situation in which nobody in India knows for sure what software is in these machines or whether it counts votes accurately.
Hari Prasad is a computer engineer and managing director of NetIndia, a Hyderabad-based technology firm. Prasad organized the study and says the findings are the culmination of a seven-month investigation. “Everywhere I looked there were more security problems. I am glad that with the presentation of this work, the debate over whether India’s EVMs are secure is over. We need to look forward now. India deserves a transparent election process, which these machines simply cannot deliver.”
Rop Gonggrijp, a security researcher from the Netherlands, also took part in the study. Says Gonggrijp: “Never mind what election officials say, this research once again shows that the longstanding scientific consensus holds true—DRE voting machines are fundamentally vulnerable. Such machines have already been abandoned in Ireland, the Netherlands, Germany, Florida and many other places. India should follow suit.”
Gonggrijp continues: “In order to have any transparency in elections, you need to have voted on paper. Computers can be programmed to count votes honestly, but since nobody can watch them, they might just as easily be programmed to count dishonestly. How is the voter supposed to tell the difference?”
Professor J. Alex Halderman of the University of Michigan helped develop the new attacks along with his students. “Almost every component of this system [Electronic Voting Machine] could be attacked to manipulate election results,” said Dr. Halderman. “This proves, once again, that the paperless class of voting systems has intrinsic security problems. It is hard to envision systems like this being used responsibly in elections.”
In December 2017, Electronic voting machines (EVMs) came under fire in the run-up to the Gujarat elections, as opposition parties, particularly Congress, raised doubts over its authenticity. While the debate over the authenticity of EVMs has been on for more than a year, the Election Commission (EC) carried out counting of VVPAT (Voter Verifiable Paper Audit Trail) paper slips in some polling stations in the Gujarat and Himachal Pradesh assembly elections for greater transparency. VVPAT slips were mandatorily counted at one randomly selected polling station in each assembly constituency of the two states. That was the case where counting of VVPAT slips took place for the first time in India.
The VVPAT machine dispenses a paper slip with details of the party for whom the voter casts a vote. The slip has the name, serial number, and symbol of the candidate and is displayed through a screened window for seven seconds. The slip then gets cut and is dropped in a sealed box.
Congress leader Arjun Modhwadhia had on 9 December alleged that EVMs could be connected to a Bluetooth device, raising concerns that they could be hacked.
Days before counting, the Supreme Court on 15 December had refused to entertain a plea of Gujarat Congress which sought counting of at least 20% of audit trails in each constituency. The apex court ruled that it cannot interfere unless the EC’s decision to restrict the EVM-VVPAT paper trail to one booth per constituency is proved “arbitrary”, “illegal” or “malafide”, according to a news report by Press Trust of India.
Is it technically possible to manipulate the EVM?
A look at some frequently raised concerns can EVMs be hacked?
Unlike voting machines in some countries which are connected to a network, Indian EVMs are standalone. Tampering an EVM through the hardware port or through a Wi-Fi connection is not possible as there is no frequency receiver or wireless decoder in the EVM machine.
What if the chip inside the EVM is replaced or a Bluetooth device is inserted within the EVM?
This would mean that the institutional safeguards to protect the EVM (sealing and hardware checks, among others) are breached to fit a device within the EVM and to manipulate it from outside. In M3 machines, this is also technologically ruled out, as they shut down in the event of tampering.
Can EVMs be manipulated by chip manufacturers?
The EVMs are produced indigenously by two PSUs in India – Bharat Electronics Limited and Electronics Corporation of India Limited, – where the software program for the chip are written and converted into machine code before being given to the microchip manufacturer. The chips with digital signatures are subjected to functional tests on the embedded software. EVMs are randomly assigned to polling booths across States in India and candidates are alphabetically listed on ballot sheets (inserted onto the EVMs ballot unit). For EVMs to be manipulated at the manufacturing level, it is assumed that there is some Trojan Horse [a kind of computer virus] present in the EVM already that will lead to votes being transferred to a particular party. This is impossible as there is no prior way in which the order of the candidate can be known besides the location where the EVMs will be used. In addition, VVPAT machines can display the voter’s choice, thereby bringing an extra layer of verification.
Why does India need an EVM over simple ballot paper?
EVMs have had several advantages over ballot paper – the foremost being the elimination of invalid votes. A statistical exercise by The Hindu, leading daily newspaper in India found that in more than 300 of the 36,000-odd seats where elections were held over the years, invalid votes were significant enough to have affected the mandate. The EVM had rendered the invalid vote moot. A paper by Brookings India also found that EVMs reduced electoral fraud and re-polling due to electoral rigging, and made elections a safe affair, thereby enhancing voter turnout.
Stanford University in the United States, commenting on the EVMs said, voting has progressed in technology from traditional days when voters dropped votes marked on a shell, shard of pottery or card into a box to the current days where voting is controlled by electronics and the processes leading to the vote remain unseen to the human eye. Despite the change in method of voting, the basic facets of good voting tactics remain the same: ensuring one vote per voter, maintaining voter anonymity, the accuracy of the vote, security of the system, and prevention of fraud.
This is where the problem lies in many arguments against electronic voting – opponents do not feel that the voting basics can be maintained in an electronic voting system. The arguments have been divided into 3 general categories of complaints: issues with the technology, vast possibilities of fraud, and protection of voters and their votes.
As Bruce Schneier describes it, technology adds more steps to the process and thus increases the possibility of error with each additional step, all of which are largely unseen by the voter. Put Murphy’s Law of ‘whatever can go wrong, will go wrong’ into play, and one can surmise that technology will most likely falter. Not only does the technology create more errors in the electronic workings, but the voters can also commit mistakes due to confusion with the user interface. The terminology is confusing, different machines produce different interfaces, and even the audio guides to help the disabled may prove more confusing than helpful.
With the advent of electronic machine voting also comes the higher possibilities of fraudulent machines and practices. First of all, the technology is “black box software,” meaning that the public is not allowed access to the software that controls the voting machines. Although companies protect their software to protect against fraud (and to beat back competition), this also leaves the public with no idea of how the voting software works. It would be simple for the company to manipulate the software to produce fraudulent results. Also, the vendors who market the machines are in competition with each other, and there is no guarantee that they are producing the machines in the best interest of the voters and the accuracy of the ballots.
Lastly, vote accuracy is also an issue, because voters have no way of confirming there vote, and there is also no way of conducting a recount with direct-recording electronic (DRE) voting. With DRE, there is no paper trail, no verification, and thus no scrutiny of the processes. Voter anonymity is also a problem. Voters have to provide much of their personal information to the systems for voter verification, and with that comes the problem of keeping voter information safe and keeping voters anonymous.
The cons against electronic voting laid out here are only some of the arguments against electronic voting. However, they are a good reflection of the ethical and technical concerns related to the issue of electronic voting.
The US election in November 2018:
U.S. election officials responsible for managing more than a dozen close races this November share a fear: Outdated voting machines in their districts could undermine confidence in election results that will determine which party controls the U.S. Congress.
In 14 of the 40 most competitive races, Americans will cast ballots on voting machines that do not provide a paper trail to audit voters’ intentions if a close election is questioned, according to a Reuters analysis of data from six states and the Verified Voting Foundation, a non-political group concerned about verifiable elections.
These include races in Pennsylvania, New Jersey, Texas, Florida, Kansas, and Kentucky. Nationwide, of 435 congressional seats up for grabs, 144 are in districts where some or all voters will not have access to machines using paper records, the analysis shows. While something could go wrong in any of those districts, it is in the close elections where a miscount or a perception of a miscount matters most.
Most of the dozen-plus state and local election officials interviewed by Reuters said they worry about bad actors hacking the older electronic voting machines to alter ballots, and then being unable to verify the results because there will be no paper trail. But the officials worry most about voters losing trust in elections because officials would not be able to visibly demonstrate that the tally was indeed accurate.
“Voter confidence is a really big thing, and it’s the battle I worry about losing,” said Pennsylvania’s elections commissioner, Jonathan Marks. His state has four of the country’s most hotly contested elections – all of them in counties that use the older machines.
While there is no evidence that any voting machines were hacked in the 2016 presidential election of Donald Trump, there is increased anxiety, in large part because of U.S. intelligence findings that Russia actively sought, mostly through manipulation of social media, to sow distrust.
President Donald Trump himself has been accused by opponents of undermining confidence in the U.S. election system by falsely claiming that Hillary Clinton’s victory in the popular vote was due to massive voter fraud in favor of his Democratic opponent. No evidence of such fraud has been found.
Most election officials interviewed by Reuters said they neither have the time nor the money to install voting machines that have a verifiable paper backup in time for the 2018 election. Officials believe the paper is the best way to verify disputed election results because it can be physically examined and counted.
The Department of Homeland Security declared last year that Russian hackers had probed election-related computer systems in 21 of the 50 states during the 2016 election and that a small number were compromised. U.S. officials said, however, there were no evidence votes were altered in 2016.
Intelligence agencies expect more meddling leading up to the 2018 elections. “The intelligence community has been clear that the threat and desire to undermine confidence in our democratic institutions remains,” said Matt Masterson, senior cybersecurity adviser in the Department of Homeland Security.
Voting machines are generally not connected to the internet and therefore are difficult to hack. But even if hackers don’t get in during the moments they might be linked to the internet, if voters are led to believe that the results are faked or mistallied, the mistrust of the system could undermine faith in elections, said Washington State Secretary of State Kim Wyman.
“If people perceive somebody cheated, then it’s as if somebody cheated,” said Wyman.
Many states switched to electronic voting machines after paper ballot disputes cast a pall over Republican George W. Bush’s victory over Democrat Al Gore in 2000. But with cybersecurity, a nascent concern at the time, securing machines against potential hackers was largely an afterthought.
Last fall, Virginia became the only state since the 2016 election to replace all of its paperless touchscreen machines after its board of elections decertified them.
The state acted after hackers at the annual Def Con hacking conference in Las Vegas demonstrated how they could quickly break into electronic machines, including some of the models used in Virginia. Other states ordered their counties to upgrade, but they were delayed by lack of money and the difficult logistics of procuring new equipment.
For the most part, the Def Con exercise discovered vulnerabilities by physically accessing voting machines, in some cases literally pulling them apart to find security weaknesses.
Earlier this year, Congress appropriated $380 million to upgrade election systems across the country, but state and local officials say the amount is both too little and comes too late for them to buy new machines for the 2018 election.
In Pennsylvania, for instance, the state has ordered local jurisdictions, which are charged with administering elections, to update their systems by 2019. It will cost up to $150 million, said Kathy Boockvar, Pennsylvania’s senior adviser to the governor on election modernization, but the federal government funding provides only $14 million of it.
To help states shore up their systems in the meantime, DHS offers states weekly updates on cyber threats and sends computer experts to check the security of local systems, said Masterson, the cybersecurity adviser at Homeland Security.
Florida hired a cybersecurity firm to analyze its systems.
In Kentucky, the state brought in federal advisers to train county election chiefs on security risks. It plans to train another 15,000 poll workers before November’s election, said Alison Grimes, Kentucky’s secretary of state.
Can EVMs be trusted?
The hard truth is this: a correct voting system is very hard, and electronic systems will NEVER work better than paper and pencil ballots.
Given the requirements for the voting process are these:
Complete anonymity of the vote: it is impossible to tell which vote came from which person, at ANY point in the voting process.
Immutability and Repeatability: votes, once cast, will always show the same thing when examined, and the process of counting votes does not alter the vote count.
Verifiability: a person can validate that their vote actually resulted in the choices they made, and can do so up to the point they give the vote to be counted.
Clarity: a vote is clear about which choice was made.
Security: it is impossible to cheat the system; “phantom” votes cannot be added, existing votes cannot be “lost”, and it is not possible to substitute one set of votes for another.
Transparent: the process is completely obvious to anyone wishing to observe it, and can easily be validated.
Let’s compare voting on a piece of paper (a ballot), and an electronic voting machine (EVM):
Paper ballots are trivial to make complete anonymous, and are impossible to track once very basic precautions are taken (i.e. not doing something stupid like printing a serial number on each ballot). EVMs are much harder to make anonymous, and also much easier to add in tracking which is impossible to detect by the voter.
Paper ballots have some difficulties here (the infamous “hanging chads” being a notable issue) but are also not difficult to design to avoid such problems. EVMs have no ability to do either unless they print a ballot out after the voter has voted, which seriously reduced their advantages over printed ballots. A purely electronic vote cannot be made immutable or repeatable, and there are significant opportunities to alter the votes undetected.
Paper ballots are trivial to make verifiable, and any mistake can be easily corrected. EVMs require that they print out a paper ballot before they can be verifiable; electronic summaries are NOT good enough and are trivial to falsify.
Paper ballots have some issues with clarity, and people frequently make mistakes using them, though the overall incidence of mistakes are low. EVMs have significant advantages in usability and error-checking here.
Paper ballots are subject to the problems of “ballot stuffing” and “lost votes”. However, both are readily apparent when they happen nowadays (as it’s fairly obvious when ballot boxes go missing or mysteriously appear with unusual ballot results). EVMs have virtually no security and are vulnerable to all sorts of electronic manipulation. Moreover, detecting such problems in EVM is incredibly difficult, so it’s very hard to have confidence in the security of the votes.
Paper ballot voting is obvious and clear, and recounts are trivial (if time-consuming). EVMs produce results quickly, but it’s virtually impossible to determine how they arrived at such counts.
EVMs are a horrible, terrible, democracy-destroying idea. That’s not an exaggeration. They very limited advantages they have (better accessibility for the handicapped/disabled, faster count times, lower ballot errors) are more than offset by their hideous weakness: the complete inability to trust that they accurate count the votes being made.
Literally, an EVM is a machine that says “Trust me, I’ll count the votes for you”. There is no way to validate they work correctly (indeed, most EVM makers use Trade Secret protections to PREVENT YOU from seeing how they work), and they are subject to all sorts of hard-to-detect security vulnerabilities, not to mention are far easier to manipulate results in.
If you were looking or a way to steal elections, EVMs are a dream come true. There is exactly ONE situation where an EVM should be used: to fill in a normal paper ballot. That is, an EVM should take a normal ballot, and fill it in according to the voter’s wishes. The voter should then be able to physically inspect the ballot, before handing it to the vote-collector. The paper ballots should then be counted. EVMs should never, ever, ever be used in any other scenario, and it’s hard to justify an EVM’s cost over just having an election assistance person standing by at the voting station.
In short, EVMs are pure evil. Fight them wherever you see them and be very strong about objecting to any local voting authority which is attempting to use them.