India's Votegate? EVM ghotala

					   India’s VoteGate?
“Results” available before voting
  complete in Lok Sabha 2009
 2009 elections were held in 5 phases starting April
16th to May 13th. Counting is not supposed to start
            until all 5 phases complete.
               April 2009 (before polling starts):
             • Dr Anupam Saraph, Prof Madhav Nalapat
               and others decide to track the elections and
KEY EVENTS

               create a wiki for constituencies and
               candidates

             • Constituency and candidate data sourced
               from the ECI website


       Candidate Wiki: http://government.wikia.com/wiki/Lok_sabha_Candidates
       Constituency Wiki: http://government.wikia.com/wiki/Lok_Sabha_Constituencies
              16th April 2009:
             • Election commission website allows
               download of candidate data as an excel
KEY EVENTS

               spreadsheet

             • Spreadsheet contains candidate names,
               gender, address, party names, symbol,
               constituency information etc.

             • Spreadsheet changes in subsequent
               downloads as candidates are added in
               different constituencies
April 20, 2009
Navin Chawla
 "unfit to hold any public office which
demands an attitude of fair play and
consideration for others".              Shah
Commission
For the first time in history in the middle of
an election just after the first phase Navin
Chawla Takes over as CEC (there were
totally 5 phases) from Mr. Gopalswami CEC
who had recommended to the PRESIDENT
that Chawla be fired from CEC but was
rejected.
               6th May 2009 spreadsheet data changed!
               Elections are still 10 days to go (4th and 5th
               phases yet to complete)
             • Spreadsheet downloaded on this day contains
KEY EVENTS

               ‘coded’ candidate names (based on position on
               EVM) instead of candidate name, gender,
               address, party names, symbol, constituency
               information etc. and and ‘votes polled’
               (number of votes candidate got in coded form)
             • ‘Votes polled’ data in the spreadsheet changes
               even as elections are on (it cannot be dummy
               data as ECI later said)
                                          Before polls                  During polls                  After polls no votes
                                         start no votes                 coded votes                      polled data (to
Sample Record                             polled data                   polled data                   avoid comparison)


                Field                      16th April 2009               6th May 2009                    16th May 2009

                STATECODE                  S01                           S01                             S01

                STATENAME                  Andhra Pradesh                Andhra Pradesh                  Andhra Pradesh

                PCNO                       1                             1                               1

                PCNAME                     Adilabad                      Adilabad                        Adilabad

                PHASE                      1                             1                               1

                CANDIDATESERIALNO          1                             1                               1

                NAME                       ADE TUKARAM                   CANDIDATE_S01_1_1               ADE TUKARAM

                GENDER                     M                             M                               M

                AGE                        55                            55                              55

                CATEGORY                   ST                            ST                              ST

                PARTYSHORTNAME             BJP                           BJP                             BJP

                PARTYNAME                  Bharatiya Janata Party        PartyName_569                   Bharatiya Janata Party

                SYMBOLDESC                 Lotus                         Lotus                           Lotus

                VOTESPOLLED                                              122042
                                           H.No. 4-72 (11-115),Utnoor    H.No. 4-72 (11-115),Utnoor      H.No. 4-72 (11-115),Utnoor
                ADDRESS                    Village,Utnoor Mandal         Village,Utnoor Mandal           Village,Utnoor Mandal
                                           Adilabad District (AP)        Adilabad District (AP)          Adilabad District (AP)
                DECODE(FINALISED,'YES'
                ,'FINALISED','')           FINALISED                     FINALISED                       FINALISED


                           Data files accessed from: http://eci.nic.in/candidateinfo/frmcandidate.aspx
                        Data files archived at: http://www.scribd.com/collections/2319591/Candidate-Info
               6th May2009
             • NIC and Elections Commission alerted
               to the election “results” available
KEY EVENTS

               before voting has completed on their
               website

             • NIC responds in one hour confirming
               the observation and alerting the ECI to
               the grave observation

             • No response from the ECI
               16th May 2009
             • Elections are over and results declared
KEY EVENTS


             • Spreadsheet downloaded on this day contains candidate
               names, gender, address, party names, symbol,
               constituency information etc. just like 16th April 2009

        • There is no ‘votes polled’ data for any candidate to avoid
          any comparison!!

        • Harassment of activists including firing from job, tap
          phones, cut off internet, agents following activists,
          including tapping the phones of their drivers
              6th May Onwards for a Few Months
             • The media and political leaders
KEY EVENTS

               informed about the happening amidst
               shock and disbelief
             • EVM controversy broken out by some
               parties in June
             • Parties study data, seek to be
               informed
                   Media report: http://www.mid-day.com/news/2009/jul/160709-Election-
                   Commission-Lok- Sabha-election-S-Y-Quraishi-Pune-Municipal-
                   Corporation.htm
              25th May 2009

             • The spreadsheet is no longer
KEY EVENTS


               accessible on the ECI website

             • Data of winning candidates declared
               on other urls
              7th July 2009

             • The ECI asked again about the results
KEY EVENTS


               on their website before voting

             • ECI does not respond



                                  Copy of letter to ECI posted on:
                   http://government.wikia.com/wiki/Coded_data_on_ECI_website
               7th August 2009

             • Political parties lead representation to
KEY EVENTS


               ECI along with technology experts

             • ECI holds in-camera meeting but fails
               to answer questions about results
               before voting
                            Copy of minutes of meeting mailed to ECI:
                     http://government.wikia.com/wiki/Minutes_mailed_to_ECI
 Media Coverage, Midday, July 16th
http://www.mid-day.com/news/2009/jul/160709-Election-Commission-Lok-Sabha-
            election-S-Y-Quraishi-Pune-Municipal-Corporation.htm
       Date                                 Event
                                            Group decides to create wiki for candidates
       April 2009
                                            and constituencies
                                            No Data available; request made to NIC for
       10th April 2009
                                            data in excel format
                                            Excel file made available at
                                            http://eci.nic.in/candidateinfo/frmcandidate.as
       16th and 24th April 2009             px
                                            Files downloaded in this period have
                                            candidate names, party names
Summary of

                                            All files downloaded in this period have
       6th, 7th, 11th and 15th May 2009     coded candidate names and votes polled
                                            data
                                            Votes Polled data in files downloaded is
       6th, 7th, 11th and 15th May 2009
                                            different for some candidates
                                            Candidate files downloaded in this period are
                                            no longer coded are similar to those before
       16th, 19th, 20th and 22nd May 2009
                                            the 6th of May and have no votes polled data
Events


                                            when it should have been there
       23rd May 2009                        The ECI Site is down
                                            The Site is restored but the Candidate file is
       25th May 2009
                                            made inaccessible
                                            In-camera meeting at ECI, ECI fails to
       7th August 2009
                                            explain events
             • What could have caused “results” to appear
               on the ECI website before voting?
Hypothesis

             • H1: ECI website was hacked

             • H2: Someone was experimenting with
               dummy data in the database on the ECI
               servers

             • H3: Someone uploaded desired results on
               the ECI servers
Hypothesis
             Possibilities            Implications             Questions
                                                                When was the last security
                                                                 audit done?
                                      ECI security seriously    What forensic study was
             H1: ECI Website Hacked
                                      compromised                undertaken?
                                                                Is a new security regime in
                                                                 place?
Hypothesis
             Possibilities            Implications            Questions
                                                               Why was it not removed
                                                                after the NIC and ECI were
                                                                intimated on the 6th May
                                                                2009?
                                                               Why is there no explanation
                                                                from ECI to date?
                                                               Why was the dummy data
                                                                coded?
             H2: ECI Website posted   ECI procedures
                                                               Why did the votes polled data
             dummy data               seriously compromised     change?
                                                               Why does the field
                                                                “DECODE(FINALISED,'Y
                                                                ES','FINALISED','')”
                                                                change over time?
                                                               Why was real data not
                                                                uploaded on the 16th May
                                                                2009?
Hypothesis

             Possibilities              Implications                      Questions
                                                                          • Was the EVMDatabase? of
                                                                             time into ECI
                                                                                           read ahead

                                                                          • Was the ECI Database written
                                                                             to EVMs?
                                        Free and fair elections did not
             H3: ECI website had real
                                        happen, the 2009 Election         • How dodata? transfer or
                                                                                     the EVM’s
             coded data                                                      receive
                                        was hijacked
                                                                          • What audit of possible?
                                                                             by the EVM is
                                                                                           votes recorded

                                                                          • What forensic analysis of the
                                                                              EVMs/servers has been done?
Forensics Needed
                   Possibilities                Data                              Implications
                                                 Changes in the
                                                  CandidateAC file                 Verify the CandidateAC files
                   Firewall and                  IP addresses that
                                                                                   Verify the access to these
                   Application/Webserver logs     downloaded the files              files from various locations
                                                 IP addresses that
                                                  uploaded the files


                                                                                   Demonstrate the versions of
                                                 CandidateAC files
                                                                                    the CandidateAC files
                   Webserver archives            Programs with access to the      List the ways this file could
                                                  CandidateAC files
                                                                                    be viewed or modified



                                                 For each booth the serial no,
                                                  make and version of EVMs         Explore correlation between
                                                  deployed and results read         EVM and surprise results
                   EVM Analysis
                                                  on them                          Establish known capability of
                                                 Features of each version of       EVM
                                                  EVM
             Category     Link



                           http://www.mid-day.com/news/2009/jul/160709-Election-Commission-Lok-
             News
                            Sabha-election-S-Y-Quraishi-Pune-Municipal-Corporation.htm
References
                              http://saveindiandemocracy.wordpress.com/?attachment_id=770
                              (Download excel file here)
                              http://saveindiandemocracy.wordpress.com/?attachment_id=769
             Data             (Download excel file here)
                              http://www.scribd.com/collections/2319591/Candidate-Info


                             Tracking the elections
                             Questions about Indian democracy raised by the data on the ECI website
                             Voting Reforms: Options in an imperfect world
                             Copy of letter sent to the ECI requesting clarifications
                             Researching the coded database
             Wiki Links      Case for Election Reforms
                             Review the 2009 Lok Sabha Election Process: Promises and Reality
                             Results before Voting?
                             EVM Issues
                             Results before voting
                             Requirements form the ECI
                             Minutes of meeting with the ECI mailed to them
Venezuela
Hugo Chavez Won 2004
After the election came to light that
28% of BIZTA EVM manufacturer
owned by Govt.

Newsweek June 1, 2009 Artl by
Evegeny Morazov – In 2006 Ireland
gave up EVMs after investing € 51
Mn
Dutch Public Interest Group Wij
Vertrouwen
( We Do Not Trust Voting Machines)
showed a video how it can be hacked in
less than 5 mins. Netherlands banned all
EVMs in 2006
International Electrical & Electronic
Engineering Journal May-2009 Pp 23. 2
Eminent professors:-
Rewards possible only with adequate
safeguards.
March 2009- German Supreme
court         Ruled           EVMs
unconstitutional. Ulrich Weisner
physicist and initial petitioner said
in Der Spiegel        Dutch Nedap
EVMs used in Germany were less
safe than mobile phones
   “ E Coup-d’ etat”
CAN BECOME REAL WITH
             EVMs

 ELECTION VICTORY MACHINES
Computers can be hacked- Micro
Vs macro effects of hacking must
be kept in view
In 2000 Sanjay Sarma of MIT
& Gitanjali Swamy of
Harvard presented before
M.S Gill     then CEC how
unsafe Chips in EVMs were.
Nominal changes made but no
major improvements
In 2004 on a PIL filed by
Satinath Choudhry, US
based Software Engineer
Bench of CJI, Supreme
Court, directed EC to
consider the technical
flaws in EVMs. Directions
not acted upon
  On September 3, 2009, Thursday
Dr Hariprasad & Dr. V.V Rao
demonstrated before Mr. Naveen
Chawla EC how EVM can be
tampered with but stopped midway
on grounds of violations of copyrights
of ECIL and that it needed special
permission of CEC. Thus the claim of
tamperability     of     EVM       not
demonstrated is a blatant lie.
PIL filed by Dr. Sub
Swamy still pending in
Delhi HC and after much
arm twisting EC has filed a
response that possibility
of generating paper print
out is under experiment.
Congress Policy :-

Do not tamper with elections in states to
reverse results in your favor for 2
reasons:-
1 Issues will be local & assembly
segments too small where in rural India
everyone knows everyone else. Hence
risk of detection through Panchyats is
very high.
2) In our federal set up all power including
‘Purchasing Power’ and money is only with the
center. Why bother who is in power in a remote
state? Make them fight for territory like
Telengana, water like Cauvery. Like the British
Raj - rule in the center controlling defense,
foreign affairs, finances and leave rest to vassal
princely states where some elected CMs do
rule like erstwhile Princes. At the center the
new ‘Double Government’ of Congress
functions better for Sonia than the British one
did for Queen Victoria
Tamper EVMs in states only for
surprise results in select areas to
confuse critics- like a BJP candidate
unexpectedly getting lot of votes in a
minority predominant area, Modi in
Keshubhai Patel area etc. Even
computer experts from opposition will
doubt theory of tampering and
question “ If tampering is easy how
could Jayalalitha, Modi, Patnaik, &
Nitish win..” A good argument to
defend itself in court too.
Reforms Needed
                     Reforms suggested so far :

                 •    Receipts for voters

                 •    Third party audit of elections

                 •    Multiple EVM channels including
                      internet and mobile phones
                 Safeguarding Democracy: http://www.slideshare.net/AnupamSaraph/safeguarding-
                 democracy Election Reforms: http://epw.in/epw/uploads/articles/15844.pdf
Software can be tampered with. CDs are
protected with self annihilating software
to protect unauthorized reproductions.
Soft ware can be inserted for self
generating pre-inserted figures with built
in time lapse or specified dates and
timings and wireless features for
tampering wirelessly!!
See 6.5 Minutes video in the link below in the
internet on how to manipulate real Indian EVM
– Made by Hari Prasad in Hyderabad along with
Rop Gonggripjp (who was instrumental in getting
EVMs banned in Netherlands) and Alex
Halderman (foremost expert on EVMs from USA)
on how to manipulate a real Indian EVM. It is a
child’s play, even high school students can do
this!!!
http://www.youtube.com/watch?v=ZlC
Oj1dElDY
See paper published on various number
of ways to manipulate Indian EVMs
(just some there are lot more) at link:-
  http://saveindiandemocracy.files.word
press.com/2010/04/security-analysis-
of-indian-evms.pdf
ADJUDGED AS No 1 PAPER ONE IN
PRESTIGIOUS        ACM     COMPUTER
SECURITY CONFEERENCE IN CHICAGO
IN 2010!!
Hardware is made in India by Bel & ECIL
Claim of world class machines is bogus.
IPR Rejected by
WORLD       INTELLECTUAL     PROPERTY
ORGANIZATION

Software is Indian All software related to Defense
equipment embedded in India. Software for EVM
is Indian but embedding is deliberately got done
through private companies outside India ! Saving
our democracy is as important as saving the
nation.
EC does not disclose who
manufactures the Chips. It is got
done abroad. Secrecy in election is
a violation of the Constitution.

Since January 2009 there is timer
devise in EVMs which records when
a vote is cast. This violates secrecy
of ballot
Two types of machines, with and
without timer, are used simultaneously
which is a violation of uniformity of
procedures mandated in the RP Act
since it amounts to two separate
procedures being adopted

Thus we should strive to get EVMs
declared unconstitutional
Solutions?
1. EVMs which also generate a paper
   record to be put in a ballot box
 Recently ECI has conducted successful trial of
 VVPAT (EVMs with paper) at Noksen, Nagaland
 Paper record is also useless so long
 as embedding of software is done
 outside India.
But having a paper trail is also useless
– because the ink can fade after
sometime, and paper can show one
thing and the software reflect another
later.
If paper trail is supported our cause may
be lost and truth silenced for a long time.

Let us arrange all party funded tampered
EVMs with & without paper in major
languages for demo before courts and the
public.
Solutions Continued
2   Two machines by different
    manufacturers
3   Expose software of EVMS to
    public scrutiny- Issues of IPR.
    Election Technology Council of
    US says this will help hackers
    more than defenders
4 Computer code be disclosed to an all
  party committee of experts to examine
  the software & make a condition
  contract while placing orders

5   Define rigging parameters- e.g.. ≤ 5 or
    10 votes.

6   Introduce procedures for random
    dispatch of EVMs by all party
    committee of experts
We should push ECI to either embed
software in India overseen by a
committee of experts or use only
paper ballots.

Last resort-
2009 - Telengana MPs won by putting up
dummy candidates raising contestants
above 64 and thus foxed EC into using
paper ballots

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:0
posted:9/17/2013
language:
pages:44