Bring Your own Virus infected Computer and say all computers can be tampered!

The claim of Saurabh Chaudhary that EVMs can be tampered and the demo he ran in the Delhi Assembly is a fraud on the Indian public.

Mr Chaudhary brought his own EVM lookalike which had a self introduced code which could render it to function in a particular way. He used this to demonstrate that EVMs can be tampered with.

If this logic can be applied to any demo, I can bring a Mobile or Computer with pre-inserted virus and say that all computers behaves in a particular manner. If this argument has to be extended then we need to also state how the malicious code can be introduced in Computers or EVMs that are not under our control.

We had a similar situation some time back when a technology expert demonstrated that the Bank’s Internet Banking systems could be tampered with a user side virus which carries out as a “Man in the Browser” attack. It was with the disclosure that it is true only of that virus is present in the computer. Since we know that there are many ways that a computer of the public can be infected, the demo was legitimate and urged the Banks to introduce counter safety measures.

In the EVM issue, the devices are always with the Election Commission and its officers. Changing of the mother boards in say 10000 EVMs require 10000 fraudulent mother boards to be prepared and installed in the EVMs. It requires compromise of the human beings more than the machines themselves. Unless all the EC members are cheats, the allegation is an empty allegation and not a realistic process.

If Mr Chaudhary had shown that an EVM is susceptible to a WiFi signal or some other remote signal system which could alter the embedded code or otherwise tamper with the results, then there would have been some credibility.

The detractors of EVMs are quoting Mr Subramanya Swamy and GVN Rao who are BJP sympathizers. They may aswell quote me also since all of us have made statements about the tamperability of EVMs in different contexts. But EC has taken some counter steps including the VVPAT to address the vulnerabilities pointed out.

Now EC has also given an opportunity to the EVM detractors to prove that the machine can be tampered with in a hackathon invitation. But it is necessary for the detractors to prove that EVM is hackable while it is in the custody of the EC and not when it is taken over unless they also prove that a large number of EVMs can be taken over and manipulated.

It is ofcourse possible as in the days of booth capturing that EVM booths can be captured and machines tampered with. But today CCTVs do watch over such intrusions and representatives of all parties are present in the polling booth. Hence unless it is a security compromised area such as the parts of Kashmir or Naxal infected areas, capturing the EVM booths and changing the mother boards is not possible elsewhere.

Comparisons with some foreign systems are also not valid since the systems used are different from the stand alone machines used in India.

Political parties are raising this issue only to defame the Election Commission which has been hailed world over. They should stop this short term publicity stunts in the interest of the country’s reputation as a large democracy.

As an Information Security observer, I would like to add that the EC need not be complacent and should always be alert to the possibility that new technologies can be used to tamper any electronic device. If so, it should happen at the manufacturing level and hence proper controls there are required. EC may continue to review the security measures and take necessary measures.

I would not like to discuss any other speculative vulnerabilities in the public but express the confidence that EC should have access to proper security advise with which they can take all measures that are required to keep the possibility of frauds or errors within a range of probability within which the risk can be absorbed.

EC should not agree to some suggestions made by AAP that the voter should be asked to testify if the VVPAT coupon now shows what he himself voted. AAP is capable of bribing some voters to say that the VVPAT coupon is showing some thing different from what he swears.

Similarly, EC should not succumb to the pressure and re-introduce paper ballots just to satisfy the critics. It is even more vulnerable to tampering.

I hope that after today’s meeting of all Political parties with the EC, the controversy is laid to rest.

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.