« Back to articlePrint this article

The real issue with Electronic Voting Machines

Last updated on: September 02, 2010 18:54 IST

Rajeev Srinivasan on how EVM problems are much bigger than technology or politics. The first of a two-part series.

I have been doubtful about electronic voting machines for quite some time, based on what one might call a healthy engineering scepticism. To put it bluntly, I don't trust computers. This comes from, at a point in the past, working with operating system innards and security. Since operating systems are the software that we implicitly trust to run most mission-critical systems, I have noticed that we are basically just one or two bugs away from disaster.

Even though there are rules of thumb and safety factors in software development just as there are in other engineering disciplines, software is still an art, not a science. And even the more mature engineering areas, much closer to science, like civil engineering, are still not perfect -- the occasional bridge does collapse, albeit rarely.

Therefore, the touching faith we repose in computers -- and this is especially true in India -- is misplaced. It would be a really bad idea to not have a backup mechanism that is not computer-based, especially when we are talking about embedded systems, the relatively primitive machines that run all sorts of devices such as refrigerators, microwaves, ATMs, etc. This, of course, was the rationale behind the famous Y2K panic, as people worried about whether planes would fall out of the sky as the result of an obscure software practice -- years were coded in two digits, not four (48, not 1948).

Looked at from first principles, then, Electronic Voting Machines are inherently not the most reliable systems available. Nevertheless, they have indisputable advantages: for one, it is not possible to do physical 'booth-capturing'. Besides, votes are converted into digital impulses that can be manipulated easily, so that all sorts of things can be done with them -- counting can be lightning-fast; and statistical data collection, analysis, data mining, and so on can all be done with great facility.

Unfortunately, that strength is also, ironically, the Achilles heel of the EVMs. Since there is no physical audit trail of the vote, once you have cast your vote, you cannot verify that your choice of candidate has been honoured. It is a relatively minor task for a software-savvy criminal to fix an election, with nobody being the wiser.

I made a primitive demonstration of this sort of activity when I ran an Internet poll on my blog about who India's best prime minister was. 300 people voted, and there was a clear winner, and some others got very few votes. But I found that if I took the real results, and applied a simple algorithm to it: that is, such as diverting 1/3rd of each person's votes to a third candidate, I could at will have anybody 'win', even someone who got just one vote. And the pattern of votes 'gained' did not look particularly suspicious.

Furthermore, in an eerie reminder of the way real electronic voting works, even after the poll 'closed' with 292 votes, it still accepted eight more votes. I have no idea how or why it did that, and since I do not have the source code, there is no way I could figure it out, either. That is another important problem -- unless third parties are able to verify beyond reasonable doubt that the system is trustworthy, in effect the system is completely untrustworthy.

There is one major aspect -- the human factor. Related to it is a process issue -- what are the checks and balances to ensure that human error or malfeasance will not have catastrophic effects? In many critical systems, we have evolved elaborate fail-safe mechanisms that ensure it takes the co-operation of several individuals believed to be highly reliable. There are ways of vetting people to ensure that they deserve the highest level of trust -- this is the theory behind security clearances for access to sensitive information, and so we have people with top secret clearances whom we trust with extremely confidential information and the ability to perform critical acts.

We have seen in innumerable Hollywood films (for instance The Hunt for Red October) how the order to launch American nuclear missiles from a submarine has to be authorised independently by two very competent people, who each carry one of the keys needed. If they do not agree, the missile is not launched. Even in a more mundane setting, the safe deposit box in India, typically a bank manager and the customer each has to insert their keys simultaneously for the locker to open.

Thus, technical systems, human factors, and process issues need to work in perfect synchronicity for a complex system to work in ways that are provably correct.

Now let us move from the abstract to the concrete. How do electronic voting machines work on some basic measures of correctness of technology, human factors and processes? The track record, alas, is not that great. In 2009, I did a survey of the literature: EVMs had been found severely wanting in case after case, and several counties have ceased to use them. I am sure there is more information since about a year ago, but here is an excerpt from my essay which was published in New Perspectives Monthly:

United States (data from and others as indicated):

Germany (2009)

The Netherlands (2006)

Finland (2009)

United Kingdom (2007)

Ireland (2006)

Brazil (2006)

Part II: Shooting the messenger won't help

Rajeev Srinivasan