Log in ....Tribune

Dot.ComLatest in ITFree DownloadsOn hardware

Monday, February 11, 2002
Lead Article

Ballot box is past, EVM present and e-voting could be the future
Raman Mohan

ILLUSTRATION BY SANDEEP JOSHIIN a few years, voters in democracies around the world may be casting their votes in their pyjamas from their homes. Polling stations and booths, as we may know them now will become extinct. Electronic Voting Machines (EVMs) connected to the Internet will record votes and declare results moments after voting closes. Information about parties, issues and candidates will be available online to help voters decide. Computer scientists all over the world are developing newer technologies to make this dream a reality. The new technology promises to make voting more convenient and less prone to fraud. Experts feel the realisation of this dream will make elections more legitimate through higher voter turnout and increased faith in the democratic system of government. However, the transition from EVMs to remote electronic voting, now called e-voting, raises several technological issues that needs to be addressed before the dream turns into reality.

In the computer world, votaries of e-voting argue that the success of e-commerce should pave the way for e-voting. But the extent of abuse of e-commerce can never be tolerated in an e-voting system and as such e-voting technology has to be much more trustworthy than existing e-commerce solutions. The success of any democratic system depends upon the faith of the voters in the system itself. Thus any e-voting technology must address five main concerns. Firstly, the system has to be accurate. This means that it is not possible for a vote to be altered, it is not possible for a validated vote to be eliminated from the final tally and that it is not possible for an invalid vote to be counted in the final tally. Secondly, the system has to be fully democratic in the sense that it permits only eligible voters to vote and that it ensures that each eligible voter can vote only once. The next is privacy. The new system must be capable of ensuring that neither election authorities nor anyone else can link any ballot to the voter who cast it and that no voter can prove that he or she voted in a particular way to prevent voters from selling their votes. Next comes verifiability. The e-voting system must also be able to independently verify that all votes have been counted correctly. Then comes convenience. A convenient system allows voters to cast their votes quickly and with minimal equipment or special skills. Finally the new system must be flexible. Experts define a flexible e-voting system as one which allows a variety of ballot formats.


Security concerns

In the USA, the feasibility of remote electronic voting in public elections is currently being studied by the National Science Foundation. Experts there are grappling with some primary concerns. These include:

Coercibility (the danger that outside of a public polling place, a voter could be coerced into voting for a particular candidate), vote selling (the opportunity for voters to sell their vote), vote solicitation (the danger that outside of a public polling place, it is much more difficult to control vote solicitation by political parties at the time of voting) and registration (the issue of whether or not to allow online registration, and if so, how to control the level of fraud). Internet security experts point out that at present the vulnerability of the Internet to denial of service attacks, and the unreliability of the Domain Name Service is proving to be a major hindrance in the development of e-voting technology. They say one reason why remote electronic voting presents such a security challenge is that any successful attack would be high profile, a factor that motivates much of the hacking activity to date. Even more frightening aspect is that the most serious attacks would come from someone motivated by the ability to change the outcome of the poll without anyone noticing. The adversaries to an election system are not teenagers with PCs in garages but foreign governments and powerful interests at home and abroad.

The first requirement for any future e-voting system working on the Net is the voting platform which means the host systems as we know them now. These hosts can be easily attacked through malicious payloads. Though there are thousands of malicious programs doing the rounds of the Net, just one example is enough to illustrate what these could do to an e-election as of today. The freely available Backorifice 2000 (BO2K) is packaged and distributed as a legitimate network administration tool. It is useful as a tool for enhancing security. It runs in stealth mode. The open source nature of the program means that an attacker can modify the code and recompile it in such a way that it can evade detection by security defence software. It has a remote control system that when installed on a machine, enables a remote administrator (or attacker) to view and control every aspect of that machine, as if the person were actually sitting at the console. Experts say it is too much to expect that an average Internet user participating in an online election from home can detect the presence of BO2K on his or her system. Since it can be installed remotely on a user's computer without his knowledge this program will enable an attacker to control every aspect of the voting. The hacker can intercept any action of the user, modify it without his knowledge, and install any other program of the attackers choice on the voting user's machine. The program also monitors every keystroke typed on the machine and has an option to remotely lock the keyboard and mouse. Any hacker can thus influence the outcome of the election by installing such programs on a Net user's while he or she is online.

Viruses and Trojans

E-voting technology developers also cite Chernobyl virus as an example of the security concerns they must address in the e-voting technology. This virus created panic in Asia in 1999 when millions of machines were rendered useless by the virus. Chernobyl can modify BIOS (part of the computer that initialises and manages the relationships and data flow between the system devices, including the hard drive, serial and parallel ports, and the keyboard) of a computer in such a way that it cannot boot. They point out that widespread activation of such a virus on the day of an election could disenfranchise thousands of voters, as their hosts would not be usable. This threat is made more serious by the possibility that the spread of the virus could be designed to target a particular group, thus having a direct impact on the outcome of the election. Malicious codes can be delivered by e-mail automated delivery. Melissa and ILOVEYOU e-mail viruses are by now well known. These when unleashed disrupted Internet temporarily. Should that happen on a polling day, it could ruin the whole election. Avi Rupin, an expert in software security systems says, "Perhaps the most likely candidate for delivering a widespread attack against an election is an ActiveX control, downloaded automatically and unknowingly from a Web server, which installs a Trojan horse (hidden program) that later interferes with voting. Several documented attacks against Windows systems operated exactly this way. In fact, any application that users are lured into downloading can do the same. This includes browser plug-ins, screen savers, calendars, and any other program that is obtained over the Internet. Another danger is that the application itself may be clean, but the installer might install a dynamically linked library (DLL) or other malicious module, or overwrite operating system modules. The number of ways is legion, and most users are not aware of the dangers when they add software to their computers. As long as there are people out there who download and install software over the Internet onto today's personal computers running today's operating systems, it will be easy for attackers to deliver code that changes their votes, to peoples' computers".

Despite the obvious odds, votaries of e-voting are devoting great amounts of energy to the development of defences against such attacks. They also face the problem of making software that will satisfy the law of the nations in which such a system is used. Most countries till now have no law relating to remote e-voting. In the USA some progress has been made in this regard. E-voting technology developers obviously have a long and arduous journey ahead of them. It is one thing to cast your vote on the Net for instant opinion polls, but when it comes to voting to elect governments, the stakes are the highest. Yet, industry experts predict, such a system could be in before the end of the decade in the USA.

However, India could take much longer than that because of low literacy as well as low computer literacy levels. But, Indian voters have shown remarkable adaptability to new technology as is evident from the widespread use of EVMs within four years of their introduction. Perhaps to begin with, once an e-voting system is in place in the developed world, India could experiment by allowing at least voters in the four metros to cast their votes for their respective local bodies through the Net. Who knows e-voting may repeat the history of EVMs in the next few years.


History of voting machines

Lever Voting Machine

Voting machine history goes back to 1892 when lever voting machines were first used in Lockport, New York, and were slowly adopted across the country. By the 1930's, essentially all of the country's larger urban centres had adopted lever voting machines. These machines have been out of production since 1982. A lever voting machine completely eliminates all questions of ballot interpretation. At the time the voter opens the machine's curtain to leave the voting machine, it adds one to the counter behind each lever that was pulled down by the voter, and then it resets all the levers. The lever voting machines of the mid 20th century included interlocks to prevent a voter from voting for more than one candidate in a race.

Votomatic machine

This was first used in Fulton and DeKalb Counties, Georgia, USA in the 1964 primary. By the general elections that fall, several counties in Oregon and California had moved to this new technology. IBM got out of the Votomatic business in 1969, after problems with punch card technology began coming to light. Later, Votomatic machines were made by Computer Election Services Inc. and several IBM licencees. Problems with Votomatic technology have been known since the late 1960's! It was not until the US general election of November 2000 that problems with the Votomatic voting technology became the subject of widespread public discussion.

Direct Recording Voting Machines

Electrovote 2000 (Fidlar)

The Electrovote 2000 voting machine sold by Fidlar-Doubleday (formerly Fidlar and Chambers) is a wedge-shaped affair, basically an IBM PC compatible with a touch screen, packaged for voting, with a secure case that prevents keyboard or mouse from being plugged in while it is in the polling place. The Global Election Systems Model 100 Electronic Ballot Station is quite similar.


The Microvote Electronic Voting Computer represents an older generation of direct recording electronic voting machines. This uses push buttons adjacent to each ballot item to cast votes, with a light by each button giving positive feedback that the vote has been registered. The ballot issues are printed on a paper ballot label that is protected behind a window between the rows of buttons, and the machine itself opens up and assembles into a voting booth, just as the classic lever machines did. The Microvote machine has only 64 buttons and many elections would require significantly more than this if the full ballot were to be displayed at once. Microvote has a patented "ballot paging system" that allows a ballot with up to 512 candidates or positions on issues to be divided into 8 pages for presentation.

Indian EVM

EVMs manufactured in 1989-90 were used on experimental basis for the first time in 16 Assembly constituencies in the States of Madhya Pradesh (5), Rajasthan (5) and NCT of Delhi (6) at the General Elections to the respective Legislative Assemblies held in November, 1998. The EVM consists of two components. An interface or the ballot unit and a main storage device or the control unit. The interface at the voters' end is connected to the main storage device, which is placed with the presiding officer in the polling booth. Once a voter has pressed the button corresponding to his choice of candidate, the presiding officer has to just press the 'ballot' button on his storage device to complete the transaction. The mark of indelible ink on the finger is the proof. A shrill beep is the confirmation of vote cast. At the end of voting, the control unit can display the total number of votes polled in that particular polling station by pressing the 'Total' switch located inside the control unit. It has an extremely sensitive circuit that takes care of errors or malpractices like vote duplication. For instance, if one were to press two or more buttons simultaneously or even one button twice, then no vote would be cast. Even if there was a microsecond difference in the pressing of the switches, the EVM is sensitive enough to trace and identify the switch that was pressed first. Once polling is completed, the election results can be known instantly at the counting station by pressing the "Result" switch. This switch is located in a sealed compartment of the control unit.