Indian voting machine researcher arrested
August 22, 2010 10:30 AM   Subscribe

I guess it's not the world's most populous democracy. It must be Norway, then.
posted by clarknova at 10:49 AM on August 22, 2010 [3 favorites]

Stay classy, corrupt kleptocracy.
posted by leotrotsky at 10:53 AM on August 22, 2010 [6 favorites]

I love that they arrested the security researcher and not the criminals who created the voting machines. I mean, at least pretend not to be completely corrupt!
posted by Pope Guilty at 11:18 AM on August 22, 2010 [7 favorites]

"Academicians" Is a phrase I don't think I've ever seen before/
posted by paisley henosis at 11:24 AM on August 22, 2010

They work with scienticians.
posted by Pope Guilty at 11:24 AM on August 22, 2010 [2 favorites]

My bullshit detector starts pinging anytime an argument is made in favor of voting machines.

Computers are wonderful if you are trying to make something more efficient (and you have vetted the programming). A democratic voting system doesn't have to be efficient, it has to be TRANSPARENT.

Paper, ink, secure and visible ballot boxes, visible counting procedures, and free and open observation. Easy. There is no honest reason to do it any other way.
posted by Benny Andajetz at 11:39 AM on August 22, 2010 [8 favorites]

This story is making me homesick for America.

Paper, ink, secure and visible ballot boxes, visible counting procedures, and free and open observation. Easy. There is no honest reason to do it any other way.

The reason people don't like computerized voting is that they don't trust the government (either because they think it is evil, incompetent, prone to being swayed by private interests or some combination of those). Paper ballots fix none of that.

It is perfectly possible to have any set of properties we might wish in our computerized ballot boxes, including the ability to check if your vote is included in the total. (For instance, you get a prime number receipt and you factor the publicized total to see if your prime number is a factor, modulo a bunch of details.) Can't do that with paper.

But the average American would have to be less uneducated than a sack of hammers for there to be any political will for this.
posted by DU at 11:45 AM on August 22, 2010 [4 favorites]

It is interesting to compare how different countries have dealt with the security questions raised about electronic voting machines. In the Netherlands, Rop Gonggrijp, one of the three main researchers involved in this investigation in India, is founder of the initiative "Wij vertrouwen stemcomputers niet" ("We do not trust voting computers"), which has been remarkably succesful. They succeeded in buying a used machine from a municipality and, in October 2006, demonstrated on TV how easily the electronic voting machines used in the Netherlands (manufactured by Nedap) could be hacked. As a consequence, a commission to evaluate the future of electronic voting was established, which lead to the decertification of the machines and the decision to return to pen and paper voting about a year later.

Meanwhile, in Germany, where most of the votes were cast using pen and paper but several millions of voters voted on Nedap machines, the Nedap hack didn't lead to consequences by the government or much discussion by the big political parties. Challenges to the election and election procedures are handled by the new parliament, discouraging favorable rulings, as they could lead to the annulment of parts of the last election a year or two later. Ultimately, the Constitutional Court decided in 2009 that the use of the Nedap machines was unconstitutional, but lacking evidence that actual tampering had happened, the election result was allowed to stand. Interestingly, they decided that voting machines in general were not banned, but that "it must be possible for the citizen to check the essential steps in the election act and in the ascertainment of the results reliably and without special expert knowledge", which is a high technical hurdle to clear.
posted by ltl at 11:46 AM on August 22, 2010 [1 favorite]

"Academicians" Is a phrase I don't think I've ever seen before

Standard Indian English, also seen in translations from the Russian for some reason.
posted by atrazine at 11:59 AM on August 22, 2010

Pope Guilty, they're not just completely corrupt, they're completely inept - with impunity. While whistleblowers are routinely harassed and sometimes killed.

This administration makes me more and more ill every day. The current political backdrop of this story: jaw-dropping corruption and incompetence in the organization of the upcoming Commonwealth Games in Delhi; after the shameful decision of utterly inadequate, tax-payer funded aid to Bhopal victims 16 years after the tragedy, the latest bill on nuclear liability lets foreign suppliers off the hook; Members of Parliament award themselves a 300% pay hike and perks up the wazoo and are still dissatisfied. Meanwhile, four village children were killed by vaccination drugs administered by doctors in primary health centers in Lukhnow.

And that's just what I remember from today, even though I try to avoid the news for the most part. I hope the Games are an international PR disaster for us.
posted by mondaygreens at 11:59 AM on August 22, 2010 [6 favorites]

Standard Indian English, also seen in translations from the Russian for some reason.

"Academician" is an honorific whereas "academic" simply means one is within academia. It makes more sense in Russian where "academic" translates to "learned individual."
posted by griphus at 12:19 PM on August 22, 2010 [3 favorites]

It is perfectly possible to have any set of properties we might wish in our computerized ballot boxes, including the ability to check if your vote is included in the total.

But you have to have special expert knowledge to know that the mathematical construction does indeed - under certain assumptions - guarantee that. Or you have to rely on experts to certify the procedure. Which they did with the shitty voting machines. Even when they were proven wrong, they had to be dragged to accept that. Then there is the problem with Van Eck phreaking, jeopardizing the secrecy of the ballot.

With paper ballots, you can have a transparent process, were every single step can be verified and understood by a layman. You arrive in the morning and check that in the beginning, the ballot boxes are empty. You verify that every voter is registered and puts just one ballot in the box. At the end, you count the ballots and compare it with your own count of voters. You observe the counting and later compare the result announced in the precinct with the result as reported by the election commission. Sure, there can be monkey business with registrations or there can be disputes about the voters intent if the ballot is not marked correctly, but the voting process itself can be easily verified. In fact, in the last local elections 1989 in former East Germany before the fall of the Berlin wall, these kinds of verifications have been used to demonstrate the systematic election fraud.

Several years ago, I attended a talk by an Estonian engineer who was involved in the development of the national e-voting (via the Internet) system. They spent a lot of effort to demonstrate that they did it right: They used open source Linux as their operating system, standard crypto tools, filmed all the installation steps, published hash sums, had mechanisms for allowing the voter to override their e-vote in person if they were forced to vote a certain way at home, etc. Some time later, it was discovered that Debian - the distro they used - had a fatal crypto flaw (not sufficiently random seeds for OpenSSL). I always meant to find out if that had any impact on their election system.
posted by ltl at 12:31 PM on August 22, 2010 [7 favorites]

There are algorithms for untraceable yet universally verifiable voting systems, which makes voting machines not just safe, but desirable. Voting machines are however the poster boy for applications for which closed source software must be illegal.

Btw, network connectivity layers are another application for which closed sources software should be illegal, both for wired and wireless networks, especially mobile phone networks. Btw2, all closed source software should really be excluded from copyright protection under U.S. law because utilitarian items are not copyrightable, i.e. only the sources code should be copyrightable and binaries should not inherent that as derived works unless the sources code is also distributed.
posted by jeffburdges at 12:33 PM on August 22, 2010 [2 favorites]

In any case, any electronic voting machine should print a human verifiable ballot, which then gets used for the actual counting.
posted by jeffburdges at 12:39 PM on August 22, 2010 [1 favorite]

There is no reason to use computers instead of paper for voting. Zero. Nada.

The reason is because it's virtually impossible to forge millions of pieces of paper with original signatures in different inks. And if it were possible, it would be monumentally expensive, and would involve an enormous amount of people coordinating the effort. To forge electronic documents, all you need is to give a single person about five minutes of access to the database or access to the code. If your government doesn't give you the opportunity for a transparent manual recount, then you're screwed anyway.

Use a computer to print out the ballot choices. Make everyone sign their name and write the date before they drop it in the box. Rescan the votes at another facility, and compare the initial results to the scanned results. If in doubt, you can always go grab the original paper ballots and do a hand recount.

And while we're at it, how about an election holiday in the US? Or is participatory democracy no longer a patriotic enough reason?
posted by atypicalguy at 12:47 PM on August 22, 2010 [5 favorites]

E-voting has the potential to be much cheaper and much faster than paper voting. If it can be done correctly then of course we should do it. And figuring out how to do it correctly is something that needs many years -- decades -- of careful analysis. It's not impossible, it just needs to be done in the open and without rushing.
posted by event at 1:04 PM on August 22, 2010

I didn't see it mentioned in the video but if you read the PDF of the full report it details that the doors of the control unit are closed and sealed with melted red wax and string (!!) and a signature on a paper card, and the screw holes are covered by paper stickers. Yeah, that ought to do it.
posted by Rhomboid at 2:25 PM on August 22, 2010

mondaygreens: I hope the Games are an international PR disaster for us.

I've heard people say that it's unpatriotic to hope for that. Those people deserve to be strung up for treason. If there is anything that can objectively be called patriotic, it's to expect and demand high standards from your own countrymen. Hiding and glossing over failures is to accept that your nation is not capable of anything better.

I think EVMs are a good thing in India, FWIW. There are plenty of voting booths in places that are extremely hard to reach, and the logistics of carrying ballot boxes there and back are far more cumbersome and prone to attack than an EVM in a briefcase. Also, we also pretty much invented booth capturing, and EVMs are easier to defend against that than paper ballots. I recall a case where thugs tried to capture an EVM booth and the EC official was able to escape with the EVM very quickly.

This is a sobering development though, and I like to think that rank-and-file Indians (who are generally quite proud of their right and ability to vote) aren't going to let this one pass. So far the EC has been one of the few parts of the bureaucracy that tends to do its job well under very difficult circumstances, so this is a particularly big deal.
posted by vanar sena at 2:35 PM on August 22, 2010

I'm not familiar with the current state of the art of electronic voting but I was a little surprised that the whole device wasn't potted in epoxy. That's a relatively cheap thing to do and would prevent the two main attacks outlined in this report. However, it's not foolproof as I guess there are solvents that can be used to remove the potting material, and it also means that you could conceivably replace ICs at the assembly stage with counterfeit/tampered ones without the possibility of verification later. But then again, even if you have access to the circuit board it's hard to verify that an IC hasn't been tampered with because aside from the stampings there's not much to go on; you'd presumably engineer the tampered one to act identical to the genuine one under all normal circumstances until triggered somehow. Still, that's a much more sophisticated attack as it requires access to the factory which can be controlled, whereas the attacks demonstrated here could occur in the field.
posted by Rhomboid at 2:56 PM on August 22, 2010 [1 favorite]

atypicalguy: There is no reason to use computers instead of paper for voting. Zero. Nada.

Actually, there is: the outcome will be available much earlier, so the people manning the voting stations can retire to home much earlier. I've made a point of officially complaining about electronic voting machines being used when voting and was met with dismissive laughter each time: the volunteers valued their own time much higher than the possible downsides for democracy. "After all, the machines are safe, aren't they?"


event: E-voting has the potential to be much cheaper and much faster than paper voting.

The city of Amsterdam saved itself about a million euros by going back to voting with paper ballots and red pencils. Democracy does not need to be either cheap or fast. It needs to be verifiably accurate — something that electronic voting machines just cannot guarantee.

Proponents of voting machines that print a so-called voter-verifiable paper trail forget that the paper trail isn't voter-verifiable. A barcode is printed, which humans cannot read. The ballots are only recounted when the election results are in doubt, and given how close elections have been in about all major democracies that recently have had them, only a small nudge would have been necessary to throw the results.

The Estonian system trades secrecy of the vote for better accessibility. I don't think it needs explanation that this is a bad idea.
posted by LanTao at 3:00 PM on August 22, 2010 [1 favorite]

The Election Commission website has a useful FAQ about the EVMs and about electronic voting in general.
posted by vanar sena at 3:37 PM on August 22, 2010

Make everyone sign their name and write the date before they drop it in the box.

I think that undermines the point of a secret ballot.
posted by armage at 3:48 PM on August 22, 2010 [3 favorites]

During the days of paper voting, Indian elections witnessed rampant "booth capturing" - goons of a party would take over a voting booth by force (bullets were often involved) and stuff the boxes with ballots supporting their party. This was done by all parties at as many booths as they could. Election violence was routine. People died. There were places where government officials would refuse to go to conduct polling.

The electronic voting machines, while not perfect, are a huge improvement over the past. And systemic election manipulation is not a cakewalk with these machines. In practical terms, it seems impossible for logistical reasons.

I found this blog post for many informative links and discussion issues.

Nothing excuses an early morning raid to arrest a harmless researcher though.
posted by vidur at 4:02 PM on August 22, 2010

the paper trail isn't voter-verifiable. A barcode is printed, which humans cannot read.

Does any system actually use barcodes? That would be completely idiotic. The machine should print the voter's choices in plain text, which is then scanned and OCRed for counting. OCR accuracy should be perfect if you use an OCR-friendly font, large font size, and laser printers. You can use a large font size because you only need to print one name per race, not the full field like on a ballot. I assume these systems already use laser printers, just for the speed.

It's important that the printed record contain NO data that isn't human-readable. Anytime the computers use info that isn't human-readable, there is increased risk of both mistakes and manipulation.
posted by ryanrs at 5:36 PM on August 22, 2010

The reason people don't like computerized voting is that they don't trust the government (either because they think it is evil, incompetent, prone to being swayed by private interests or some combination of those). Paper ballots fix none of that.

But what paper ballots do mean is that extra work has to be done to rig things, and it's a lot more visible when rigging occurs. vidur's story about poll goons is the evil we know. Using insecure electronic polling machines replaces it with the evil we don't know, which is worse: now elections can be rigged and present themselves as legitimate a lot more easily. People may have died before, but at least in the aftermath people knew how their government got in the mess it's in. By moving the vote rigging behind the curtain, it becomes a lot harder to mount an effective attack on it.
posted by JHarris at 7:12 PM on August 22, 2010

"Democracy does not need to be either cheap or fast."

It would be cool if it was though. I don't know if it's realistic, but couldn't you have "higher resolution" democracy via distributed layers of representatives voting on many issues? Let the politicians chew over the long-term legislative stuff (thinks: Hmmm - is that wise?) while the public has it's say directly on some spectrum of issues. Ok, it's not very realistic. But it would be cool.
posted by sneebler at 7:13 PM on August 22, 2010

sneebler, that is within the realm of possibility. The research just needs time to mature, time for testing, time for scrutiny.

It has been pushed into the real world too fast and if the message people take out of all this is that computers have no place in voting, that is unfortunate. The potential benefits really are huge -- as you say, it opens the door to a whole new form of democracy.
posted by event at 7:43 PM on August 22, 2010

But what paper ballots do mean is that extra work has to be done to rig things, and it's a lot more visible when rigging occurs.

It is not clear that rigging EVM-elections in India would be easy. With only 1500 voters per polling station, India has a lot of polling stations in every constituency (about 550 constituencies, more than 700 million eligible voters). It will take a lot of work to rig that, regardless of how you conduct the election.

With EVMs, rigging appears to have become harder (FAQ). Since the machines were introduced, various parties have won elections (at national and local levels) and there is no evidence, as yet, that any political party has been able to manipulate the EVMs.

I have read a lot about this issue. Those who say that an EVM can be "hacked" are simply stating the obvious. The non-obvious part is - how would you go about rigging the result in even one constituency?

The Election Commission is staffed by India's outdated bureaucracy. Sure, they are idiots for calling EVMs completely secure and tamper-proof. And yes, it is a disgraceful thing to arrest the researcher. But these do not imply that the election results can be manipulated.

EVMs don't have to be "perfect". They just have to be better than the alternative. And Indians have had the horrible alternative (paper voting) for decades.
posted by vidur at 9:42 PM on August 22, 2010 [1 favorite]

Couple of things.

While I firmly believe:
a) Security by obscurity isn't really a defence,
b) It is _extremely_ critical that the election process remains as opaque as possible
c) Completely support poor Mr Prasad in his efforts at generating more attention and debate

... it is important to understand that, like misplacing ballot boxes, misplacing EVM's is a criminal offense. Arresting the well-intentioned researcher is judicially justifiable; this isn't really an Article 19 issue (ie free-speech) as yet. The closest analogy I can think of is arresting that Gizmodo journo for possessing a misplaced iPhone 4 prototype.

Actually, there is: the outcome will be available much earlier, so the people manning the voting stations can retire to home much earlier.

So the reality on the ground is this:
1) Indian national elections are _month_ long affairs
2) Close to 5 million personnel are shunted around the country for policing and administrative duties,
3) 1 billion / 1500 (vidur's number) = (approx) 600,000 voting booths

Optimizing systemic performance is useful. To extend the argument further, I believe the real focus should be on _systemic transparency_, and not just the technological aspects thereof. What's really disappointing is that the international hacker community seems to be discussing this specific arrest without the overall context, on how technology concerns can affect the conduct of elections _as they are_.

During the days of paper voting, Indian elections witnessed rampant "booth capturing" - goons of a party would take over a voting booth by force (bullets were often involved) and stuff the boxes with ballots supporting their party. This was done by all parties at as many booths as they could. Election violence was routine. People died. There were places where government officials would refuse to go to conduct polling.

Been told that it still happens, except that it isn't so much of a booth-'capture', as much as it is an active collusion with select poll officials; parties now identify 'friendly' booths, go en-masse, and fill in the votes. But you don't even have to do that; as any voting Indian would know, if you don't vote fast enough, it's possible that someone else would have identified as you and would have voted for you.

The current safeguard is, as you correctly point out, in statistics; because the voting booths are so small and so wide-spread, corruption if it happens can be localized to specific booths and such.

The Election Commission is staffed by India's outdated bureaucracy. Sure, they are idiots for calling EVMs completely secure and tamper-proof.

One other reason why I'm so hesitant to distrust the EC is because they've actually been very very progressive in technological terms. You have to understand: the EC has one of the largest data-capturing exercises in the world; it lists all of India's billion-odd voters in all of the nation's 22 scheduled languages. The algos / tools have to be different; even sorting algos have to be done from ground-up, as would error-detection routines and so on. EC has open-sourced most, if not all, of these Indic-specific libraries.

(EVM's software is closed-source of course; they are manufactured by other government-linked organizations)

The reason is because it's virtually impossible to forge millions of pieces of paper with original signatures in different inks. And if it were possible, it would be monumentally expensive, and would involve an enormous amount of people coordinating the effort.

One-third of the nation can't sign their own signatures.
posted by the cydonian at 12:51 AM on August 23, 2010

Here is some helpful data:

Number of polling stations (2004) = 687,402
Number of EVMs used (2004) = 1,075,000
i.e. Average EVMs/Polling Station (2004) = 1.56 (approx)

Number of constituencies = 543
i.e. Average number of EVMs/constituency (2004) = 1980 (approx)

Eligible voters (2004) = 670,000,000 (approx)
Polling percentage (2004) = 57.65
i.e. actual number of votes (2004) = 386,000,000 (approx)
i.e. Average number of votes in an EVM (2004) = 360 (approx)
i.e. Average number of votes at a polling station (2004) = 560 (approx)

I'd really like to see how one would go about manipulating the election result (by "hacking" of EVMs) in a single constituency in India without detection*. Plus, how is this better (cheaper? requires less effort?) than just bribing the voters?

Note: The serial numbers on EVMs in a constituency in India are assigned to candidates just one/two days before the polling.

* That's the whole point, isn't it? Election violence and booth capturing seem to have ended in India.
posted by vidur at 4:53 PM on August 23, 2010 [1 favorite]