NEW DELHI: The opposition has time and again raised concerns about the Electronic Voting Machines (EVMs) used in polling and suggested a return to paper ballots for the electoral process. After recent defeats in Haryana and Maharashtra assembly elections, the Congress cited ’99 per cent battery level’ in the machines to suggest tampering and manipulation of the machines to favour the Bharatiya Janata Party. Can the EVMs be manipulated or hacked to favour a party in election? Can the number of votes be changed after polling? Here’s your guide to all the EVM-related questions.
Q1: Pre-programmed chips favoring a party
How can we be sure the chip inside isn’t pre-programmed to favor a particular party?
Answer: The microcontroller in EVMs is One Time Programmable (OTP), meaning it can only be programmed once. This programming occurs under strict supervision by the
Technical Experts Committee, and the source code is audited by independent experts. Before each election, mock polls with over 1,000 votes are conducted, allowing political parties to verify that voting patterns are recorded accurately. Hence it is impossible to pre- program it to favor anyone.
Q2: Insider tampering before Election Day
What prevents an insider from tampering with the machine before election day?
Answer: EVMs are stored in secure strong rooms with 24/7 CCTV surveillance and armed security from multiple independent (center and state) agencies. They have tamper-evident seals with unique serial numbers, and a two-stage randomization process ensures that no one knows which EVM will be used where until the last moment. Pre-poll checks are conducted in the presence of representatives from multiple political parties to verify the machines’ integrity.
Q3: Wireless hacking
Can’t the machines be hacked through wireless signals or Bluetooth?
Answer: Indian EVMs do not have any wireless components, including no internet connectivity, Bluetooth, or external ports. They are designed to be “air-gapped,” meaning they are physically isolated from any network, making them immune to remote hacking attempts.
Q4: Tampering in storage
How do we know the votes aren’t being changed when machines are in storage?
Answer: EVMs are stored in secure rooms with:
- Three-tier security, including armed forces
- A double-lock system where keys are held by different officials
- Party representatives can place their own seals
- Continuous logs of any access attempts
Any unauthorized access would trigger alarms and requires the presence of authorized personnel and party representatives.
Q5: Replacement with duplicate machines
What if someone replaces the original EVM with a duplicate machine?
Answer: Each EVM has unique serial numbers, digital signatures, holographic seals, and key codes. During First Level Checking (FLC), these identifiers are verified and documented in the presence of party representatives. These details can be cross-referenced before polling begins to ensure authenticity.
Q6: Magnetic interference
Can strong magnets or electromagnetic pulses manipulate voting data?
Answer: EVMs are designed with electromagnetic shielding, meeting military-grade standards. They are immune to electromagnetic fields up to 6 Tesla, surpassing the strength of MRI machines. This ensures that external magnetic fields cannot alter the stored vote data.
Q7: Accessibility for illiterate voters
How can illiterate voters be sure their vote goes to their chosen candidate?
Answer: EVMs feature large, clear symbols and party names, with audible beep confirmations for each vote. The Voter-Verifiable Paper Audit Trail (VVPAT) provides a visual confirmation of the vote cast. Additionally, braille markings assist visually impaired voters.
Q8: Preventing multiple Votes
How can we prevent multiple votes being registered when no one is watching?
Answer: EVMs are designed to allow only one vote per voter. The control unit enables voting only after the presiding officer presses the “Ballot” button, and there’s a mandatory 5- second wait between votes. This mechanism ensures that each vote is recorded individually and prevents multiple voting without detection.
Q9: Software updates or malicious code insertion
Can malicious code be inserted during maintenance or software updates?
Answer: EVMs do not accept software updates post-manufacturing. The program is burned into the OTP chip, which cannot be modified once set. There are no external input ports, and maintenance is purely physical and mechanical, ensuring that no software alterations can be made.
Q10: Malfunction detection
How do we verify if the machine malfunctions during voting?
Answer: EVMs have continuous self-diagnostic features and provide visual and audio indicators for any errors. If a malfunction is detected, the machine locks down to preserve vote data, and backup machines are immediately available to prevent disruptions.
Q11: Battery failure
What if the battery dies during voting—are the votes lost?
Answer: EVMs have a robust battery system with a 48-hour backup and non-volatile memory that retains data without power. Redundant power systems ensure that even in case of battery failure, vote data remains intact.
Q12: Conditional programming
Can the machine be programmed to transfer votes after a certain number?
Answer: No, the OTP chip cannot be reprogrammed and records each vote exactly as cast without any conditional logic. Security protocols are in place to prevent such alterations, and multiple layers of verification ensure the integrity of the voting process.
Q13: VVPAT integration
How does VVPAT integration ensure voter verifiability?
Answer: VVPAT provides a physical paper trail that voters can see and verify immediately after casting their vote. This paper record is stored securely and can be used for audits or recounts, adding an extra layer of transparency and trust in the electoral process.
Q14: Security protocols
What security protocols are in place to protect EVMs from tampering?
Answer: EVMs are designed with multiple security features, including:
- Tamper-evident seals
- Encryption of vote data
- Regular audits and checks by independent agencies
- Secure supply chain management
These measures ensure that any attempt at tampering would be immediately detectable and void the machine’s validity.
Q15: Display unit security
Can someone hack the machine through the display unit?
Answer: The display unit is purely output-only and has no input capabilities. It is hardwired to display information and cannot be used as an interface for programming or altering the machine’s operations.
Q16: Climate resilience
How are EVMs protected against extreme climate conditions?
Answer: EVMs are designed to operate in a wide range of temperatures (from -10°C to
+55°C) and high humidity levels (up to 95%). They are also tested for resistance to heavy rain, ensuring reliability across diverse Indian climates.
Q17: Direct memory access
What if someone tries to access the machine’s memory chip directly?
Answer: The memory is encrypted using AES-256 and is physically secured within the machine. Tamper-evident seals cover the memory area, and any attempt to access the memory directly would damage the seals and be immediately detected, rendering the machine invalid for use.
Q18: Result transmission security
Can votes be changed during the result transmission process?
Answer: Results are first recorded physically on EVMs and then transmitted through secure channels. Multiple copies of results are maintained, including the VVPAT paper trail, which can be used for cross-verification. This redundancy ensures that any attempt to alter results during transmission would be detected.
Q19: Random sampling in VVPAT verification
How do we know if the random sampling of VVPAT slips is truly random?
Answer: The process uses computerized random number generation, and the selection is conducted in the presence of representatives from all political parties. This ensures transparency and fairness in the sampling method.
Q20: Manufacturer oversight
What prevents the manufacturer from building hidden backdoors in EVMs?
Answer: The manufacturing process is overseen by multiple agencies, including independent security auditors. Components are verified at each stage, and the final assembled units undergo extensive testing by different teams to ensure there are no vulnerabilities or backdoors.
Q21: Battery charge level
Does the varying level of battery capacity (charge level) in EVMs at the time of start of vote count indicate any possibility of hacking?
Answer: From a technical engineering perspective, the allegation fundamentally misunderstands EVM power architecture. The “99%” display is not a battery charge percentage but rather a voltage threshold indicator that shows “99%” whenever the battery voltage remains within the optimal operating range of 7.4V – 8.0V. This is purely an administrative feature to indicate proper functioning voltage levels. The EVMs use non-rechargeable alkaline batteries (7.5V/8V configuration) with vote data stored in non-volatile EEPROM memory, meaning vote storage and counting are completely independent of battery status. The power system is entirely isolated from the vote recording circuit, making it technically impossible for battery status to influence vote patterns or counting sequence. Furthermore, each EVM’s data integrity is verifiable through VVPAT audit trails, regardless of power status. Therefore, any correlation between battery display readings and voting patterns is technically unfeasible given the EVM’s core architecture and security protocols.
Conclusion
Indian EVMs, particularly the M3 model combined with VVPAT, incorporate a multitude of security measures and safeguards to ensure the integrity and transparency of elections. Through rigorous testing, multiple layers of verification, and robust security protocols, these machines provide a reliable and trustworthy voting system.
(by Brijesh Singh, senior IPS officer and cybersecurity expert, views are personal.)