Hacking of EVMs is Cyber Terrorism

It is unfortunate that many of the politicians are irresponsibly commenting on hacking of EVMs . If anybody has suggestions to improve the security of EVMs, it should be welcome. But making irresponsible statements and spreading rumours is an attempt to undermine the Indian election mechanism and must be stopped.

As we understand, EVMs are manufactured by public sector organizations, shuffled before being issued for any particular booth, and are always under the physical custody of some officials. They are finally tested before they are committed for use. There are some kinds of checks subsequently on the total votes polled.

Naavi has long time back spoken about the Cyber Law Compliance aspects of EVMs and the EC has now introduced the VVPAT system (Voter Verified Paper Trail System) which will become mandatory by the next set of elections. In this system the voter views the printed slip before the completion of voting. Then the slips are collected in a sealed box. These slips will  be counted if there is an election petition which orders the re-counting of the slips. If a person sees that the slip is different, then he can raise his objection then and there.

There is however a system of procedures designed to make it impossible to tamper with the EVMs under ordinary set of circumstances. Making theoretical claims or assuming that several Election Commission officials will collude etc is a mischievous claim not substantiated by evidence.

However, there are many opposition parties including the Congress party which uses EVM as an excuse to cover its losses.

Even when VVPAT system is used, it is possible that some opposition party supporters may simply claim that the slip is different from what he has voted, and it has fallen into the sealed box and cannot be verified, there are situations where false alarms may be raised by unscrupulous supporters of a political party to disturb the election process.

If this has not happened till now, it can be envisaged that it will happen next time. I will be surprised if such tactics are not used to discredit the system during the next elections in Karnataka since the current CM of Congress is himself opposing the EVM system.

In the light of these attempts to discredit the EVM system by unscrupulous politicians, it is necessary for Election Commission to ensure that no political party member or a member of the public makes a dishonest claim that EVM is hacked or is hackable.

In order to ensure that people are serious about EVMs, Election Commission should declare that EVMs are “Protected Systems under Section 70 of Information Technology Act 2000”. EC has already developed the standard operating procedure (SOP) for accessing the systems and hence a notification accompanied by the SOP as required under the Act can be quickly made.

Once EVMs are considered as “Protected Systems”, any attempt to hack any EVM, even by any employee of EC will be considered as an offence carrying a punishment of 10 years.

Additionally, under Section 66F of ITA 2000/8, any action that could damage or disrupt or adversely affect the EVMs can be considered as an offence under section 66F (1) (A). Additionally, any incitement to commit hacking of an EVM or disruption of the EVM usage can be considered as causing injury to the interests of the state and brought under Section 66(F) (1) (B).

In either case, the offence carries an imprisonment of upto life and would be termed “Cyber Terrorism”.

EC has already given one opportunity to those claiming that EVMs are hackable to demonstrate the possibility. This was not used by any of the political parties such as Congress or AAP. Now the new kid called Hardik Patel has started talking of EVMs about which his knowledge may be suspect.

EC can however make another offer to anybody to seek an appointment to demonstrate their claim if they have any credible doubt. Obviously, they should demonstrate that the system can be hacked under the conditions under which they are used and not expect that the hacker would be able to open the machine and insert any chips into it. Such “Request for Demonstration” should be publicised and the person requesting must be made to deposit a security deposit to cover the expenses and prevent frivolous requests which can be returned only if the charge made is proved.

EC can also invite suggestions for improving the security of the system and honestly try to implement suggestions if they are useful.

I am sure that EC would not be averse to these suggestions which they should announce immediately and shut the mouth of irresponsible politicians.

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.