So, you might remember my spirited defense of EVMs. I still stand by it, except that my first election with VVPAT has taken away my trust. VVPAT has created a hole in the EVM armor & made the process amenable to hacking @DrSYQuraishi @AshokLavasa @ECISVEEP
@DrSYQuraishi @AshokLavasa @ECISVEEP Just to state the source, all my references and pics are from the ECI manual on EVMs and VVPAT available for download from the ECI site. eci.gov.in/files/file/923… In case of any doubt one may download it and go through in detail. 2/n
@DrSYQuraishi @AshokLavasa @ECISVEEP On why now & why not while being in the service?

I did raise it on two occasions. During the ECI training of Returning Officers at the IIIDEM, and later at the time of commissioning with ECIL.

So now without attributing any malafide, I would like to put my concerns out. 3/n
@DrSYQuraishi @AshokLavasa @ECISVEEP Unlike before, the Ballot Unit (BU) is not connected to Control Unit (CU - Memory of EVM) directly any more.

It is connected through VVPAT.

Means what you press on that blue button in the BU is not registering the vote in the CU anymore.

But what VVPAT communicates to CU is!
@DrSYQuraishi @AshokLavasa @ECISVEEP That is dangerous!

For VVPAT now controls two things.

1. What is being shown to the public in the form of paper slips. Or the perception & trust factor.

2. What is actually getting registered in the Control Unit as a vote. Or the actual vote factor. 4/n
@DrSYQuraishi @AshokLavasa @ECISVEEP This itself is a serious design flaw.

But I guess this was done to make use of the existing CUs and BUs.

Existing EVMs did not provide for VVPAT ports.

So VVPAT was so designed to mimic as a CU for the BU and as a BU for the CU. I think.
@DrSYQuraishi @AshokLavasa @ECISVEEP With the kind of design, it is clear that the whole process can be vitiated by manipulating the VVPAT.

Question now is whether VVPAT can be manipulated?

If it can be, then how & when in the process.

And if it is, then do we have a fool proof process check.
@DrSYQuraishi @AshokLavasa @ECISVEEP As I understand, VVPAT is a simple processor, a memory and a printer unit.

It has a memory because serial numbers, names & symbols of the candidates need to be loaded on to it before the elections, so that it gets printed in the paper slip.

Note: This pic from internet.
@DrSYQuraishi @AshokLavasa @ECISVEEP So VVPAT has a processor, and has a programmable memory, and it is what registers vote in the control unit.

And if it has a processor and a programmable memory, it can be hacked. Any malware downloaded on to it can cause the entire system to misbehave

But now on to when & how?
@DrSYQuraishi @AshokLavasa @ECISVEEP The strongest defense any election officer has had to the question of

'What if the CU is already programmed/hacked before it comes to you'

was that

'But they wouldn't know the sequence of candidates. So whatever they may program, they wouldn't know who is at what number!'
@DrSYQuraishi @AshokLavasa @ECISVEEP And that fool-proof check is what we have compromised with the introduction of VVPAT.

For symbols are loaded on to the VVPAT by the engineers from their Laptops/Jigs after the candidates are finalized.

VVPATs are connected to external devices after candidate sequence is known!!
@DrSYQuraishi @AshokLavasa @ECISVEEP When one can access the VVPAT after the candidate sequence is known, and can connect a laptop/computer/Symbol Loading Jig, is precisely when one can load a malware also into the VVPAT.

This access should not have been provided.

That answers the when question. Now to the how.
@DrSYQuraishi @AshokLavasa @ECISVEEP I forgot to add the other defense we had. That no-one had physical access to the EVMs once candidates are set.

By allowing external devices to be brought to the commissioning room, and allowing it to be connected to VVPAT, we have foregone this defense too.
@DrSYQuraishi @AshokLavasa @ECISVEEP On to the how part: Since VVPAT controls both the trust factor & the vote factor, a possible method could be,

VVPAT prints what is pressed in the BU. So voter sees that paper trail tallies with his pressing of the button. #TheTrust

Sends something else to the CU. #TheVote
@DrSYQuraishi @AshokLavasa @ECISVEEP While we have a provision for if a voter complaints that the VVPAT paper trail does not match with the button he pressed, there is no way he can know if the VVPAT has send the same input to the CU.

So the wrong printing can be caught, but not right printing and wrong registering
@DrSYQuraishi @AshokLavasa @ECISVEEP For me, that answers the question of how.

Now on to the question of do we have a fool-proof process check against this.

Ideally, since such a new device has been inserted in between two devices, the verification and tallying should be done at both the ends for every vote.
@DrSYQuraishi @AshokLavasa @ECISVEEP While citizen has verified the BU & VVPAT end, that what he saw is what he pressed, the CU & VVPAT verification needs to be done through tallying paper trails with vote count in the CU.

But as it takes time, we only do such verification for a selected few per constituency.
@DrSYQuraishi @AshokLavasa @ECISVEEP Even if we find an inconsistency, current procedure simply says go as per the VVPAT count for that particular EVM.

So if one is to manipulate only a few EVMs & not all through VVPATs,
1. Chances of getting caught are less.
2. Even if caught, it will be seen as a one-off error.
@DrSYQuraishi @AshokLavasa @ECISVEEP Now on to the process checks of randomization & mock-polls.

Randomization is completely ineffective here as the access of VVPAT to external devices is given after it is allotted to the constituency.

So it doesn't matter which EVM is going to which PS after randomization.
@DrSYQuraishi @AshokLavasa @ECISVEEP The other check is of mock-polls. There are two mock-polls after the commissioning of EVMs (When candidates sequence is loaded).

1. Mock-poll of 1000 votes on random 5% of EVM at the time of commissioning.
2. Mock-poll of 50 votes at the polling station (PS) on the day of poll
@DrSYQuraishi @AshokLavasa @ECISVEEP The mock-poll of 1000 votes on 5% random EVMs could act as a check. But not a fool-proof check.

If one is attempting to manipulate only a few EVMs, the chances of it getting caught are less. And even if caught, it is seen as a malfunction and the EVM is set aside.

Nothing else!
@DrSYQuraishi @AshokLavasa @ECISVEEP However, the other mock-poll of 50 votes on the day of poll is not a check at all.

If it is known that in every EVM first 50 votes will be tallied on the spot, you write your code such that it starts manipulating only after say a 100 votes.

No chance of getting caught there.
@DrSYQuraishi @AshokLavasa @ECISVEEP So, by introducing VVPATs, we have created so much vulnerability to an otherwise fool-proof process, while not adding adequate checks, either in the process or during the counting.

I feel there is an urgent need to address this so that the process become more robust.
@DrSYQuraishi @AshokLavasa @ECISVEEP The fact that so many VVPAT slip counting has tallied with EVMs does instill a lot of confidence that such a manipulation wouldn't have happened in the past.

But we cannot & should not leave elections of the largest democracy in the world to even the slightest of the chances.
@DrSYQuraishi @AshokLavasa @ECISVEEP Phew!
A load off the chest.
Wanted to write it before I forget all these details. 😬

Also so that there is an informed discussion on the role of VVPAT in EVMs.

Hope I am wrong about my concerns. n/n

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Kannan Gopinathan

Kannan Gopinathan Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @naukarshah

Jun 11, 2021
Dear PM @narendramodi, after the surprise incursion from China last summer & the Galwan valley incident, I have been trying to understand China, by studying their history, culture, language etc.

I am no China expert. But here is two cents on why they did what they did. 1/n
As with India, China also should be studied based on its current position in its civilisational and historic journey.

And in that journey, there is not a more important theme than this theme of "Unification of China" 2/n
Unification phase and disintegration phase is a repeated pattern in Chinese history.

Hence it becomes important to understand which phase they view themselves to be in, in the present.

And in their collective imagination, this is very clearly a unification phase. 3/n
Read 22 tweets
Jun 5, 2021
@irah777 @OpIndia_com @BefittingFacts A lot of false equivalences. To begin with this one.

1. The VVPAT that sits in the middle is an active device and one which was connected to an external device like SLU or laptop for symbol loading unlike the BU which was an electromechanical device.
@irah777 @OpIndia_com @BefittingFacts Another erroneous assumption on both counts.

1. There is no active verification at the time of voting as irrespective of whether voter has seen the vote or not, the printed slip falls down & gets stored.

2. VVPAT auditing (not verification) during counting is less than 2%.
@irah777 @OpIndia_com @BefittingFacts Another false equivalence of VVPAT as printers.

No computer connects its keyboard to CPU through a printer. If that is done, then having access to printers would be sufficient to raise alarms

Here data from input device (BU) comes to CU through this so called printer (VVPAT)!
Read 8 tweets
Jun 4, 2021
Some of you might be aware of my curiosity driven project : whatchinareads.com.

Today, I added Science related news section to the website and I came to know that a Chinese academician has applied for emergency use of nebulized inhaled covid vaccine. 1/n
Also added another section for academic papers abstracts.

A mine-field of information for those who are interested in the field. Only abstracts though. Those really interested will still have to go to the original site and get the full paper PDFs 2/n
An astonishing thing is the number of papers that are on industrial and manufacturing technology.

One paper is titled

"Practical analysis of 3D printing technology in underwear design." whatchinareads.com/article.php?ar… 3/n
Read 5 tweets
Apr 25, 2021
Dear PM @narendramodi, nothing much to say.

I am sure you must be feeling bad that Govt did not do enough in the past one year to prepare.

But please realize that it is still not late for many districts since they are not yet severely affected.

Do focus there as well. 1/n
Apart from the team that is dealing with the ongoing full-blown crisis in many places, please create another team to focus on the districts that are yet to be as severely affected.

Start preparation in those districts also on war footing. 2/n
I don’t want to burden you with any new suggestions or sermons dear PM @narendramodi.

But would like to share some screenshots of the suggestions/requests that were posted last year during the lockdown. 3/n
Read 9 tweets
Mar 31, 2021
We are connecting an external device to EVM-VVPAT

a) after announcement of election date
b) after publication of candidate list
c) after both stages of randomisation.

No more stand-alone, no more a calculator & none of the process safeguards are effective anymore. @ECISVEEP
For a slightly detailed take, please watch

For a more detailed take, please watch (10' onwards)

Read 5 tweets
Mar 22, 2021
ECI @ECISVEEP, it is a pity that instead of addressing the concerns raised, you are spending huge amount of money to market EVM-VVPAT.

As if it is a product to sell!

No amount of ad can fill the void created by unanswered questions.

Is EVM stand-alone or not? @SpokespersonECI
A 20 minute video on my concerns regarding the vulnerabilities of current EVM-VVPAT design.

On how it surrendered the strengths of pre-VVPAT EVM design & also did not bring in the checks of a true VVPAT design. What we have is a jugaad EVM-VVPAT now.

To all who are watching/reading these concerns, my humble request is to please don't link it to election results one way or the other. These are process concerns. And it will be there irrespective of which party wins.
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(