Thursday, May 13, 2004
Indian EVM compared with Diebold
I am writing this while the results are coming out for the Indian Assembly Election of 2004. 8 news channels are showing results updating like stock prices on the screen. Yes a 3 second update. The counting is although very simple and fast because Electronic voting machines were used. But counting from 1.5 Million voting machines is expected to take almost 3 to 4 hours, since, the Electoral Process needs to be followed in all its bureaucratic steps. The numbers tell that the ruling party (BJP) is trailing against its main opposition (INC established by Gandhi). Nobody has doubts about the fairness of the elections. Re-voting is announced in few stations, due to various reasons. But over all the biggest democracy in the world has lived up to its expectations. The ruling party, over-confident of its good economic track record, declared the elections 8 months ahead of schedule, riding on the general “feel-good” factor going on in the country these days. But now it seems, the voters are not that gullible, the opposition INC has got 216 seats out of 539 and will be invited to prove the majority and form a government. Indian democracy is of the Parliamentary type, not the Jeffersonian Model (Presidential type) practiced in America. In the Indian Equation, if a party gets 272 seats out of 539, they can form a government. and guess what, we may see an Italian born woman as Prime minister of India! If this is not democratic then what is?
Last few months have brought very serious discussions on the Net regarding the use of Electronic Voting, and the security of it. In the USA, the saga related to Diebold and its opposition is well known. I do not know the electoral process in the United States, but I attempt here to compare the Technology used by the Indian Election commission and the Diebold AccuVote system. I present here the Information I have about the Indian system, and the information about Diebold got from the web.
Reading this article, some of you might remember that Cold war era joke, about NASA and its multi million dollar experiment with a pen that can write in micro gravity to solve the writing problems of astronauts, and the Russian solution of using a Pencil to solve the same problem. IMHO, the Diebold system is too complex for a simple and straight forward task such as voting. Windows CE, Modems, PCMCIA storage cards, Touch screen GUI, On-screen writing facility, Voice-guidance system, multiple language UI, DES Encryption, centralized voting Server, a step-by-step wizard to cast a vote, Microsoft SQL Server to store votes, Backup servers etc. are all unnecessary. All geeks know that a smaller and simple system is more secure, more code means more cost, more chances for bugs, more threats to security. You cannot make a system that is “guaranteed” as secure. A lot depends on the electoral process and the integrity of election officials.
The Indian Electronic Voting Machines (EVM) are designed and developed by two Government Owned Defense Equipment Manufacturing Units, Bharat Electronics Limited (BEL) and Electronics Corporation of India Limited (ECIL). Both systems are identical, and are developed to the specifications of Election Commission of India.
The System is a set of two devices running on 6V batteries. One device, the Voting Unit is used by the Voter, and another device called the Control Unit is operated by the Electoral Officer. Both units are connected by a 5 meter cable. The Voting unit has a Blue Button for every candidate, the unit can hold 16 candidates, but up to 4 units can be chained, to accommodate 64 candidates. The Control Units has Three buttons on the surface, namely, one button to release a single vote, one button to see the total umber of vote casted till now, and one button to close the election process. The result button is hidden and sealed, It cannot be pressed unless the Close button is already pressed.
The voting unit has a list of candidate's names and their Party Symbols pasted on the surface, and a Blue button to cast a vote faces ever candidate's name. The Party Symbols (like a Lotus, an elephant, a horse etc.) are approved by the election commission to be unique, All political parties use these symbols while campaigning, and illiterate people can identify their candidates by looking at his symbol, and pressing the blue button in front of his symbol.
Here is how the voting process goes,
The Voter is Identified, by his Government Issued Voter Identity Card, or his Public Distribution System's Ration Card, when he enters the polling station.
Voter's finger is marked with a special ink, in such a way that the ink spreads from finger skin to nail in a small dot. One cannot remove this Ink without hurting himself. The Ink washes away in two week's time.
The Electoral Officer then Presses a button on his Control Unit, that releases a single ballot, for the voter to use, this of course is electronic so it just enables the Voting unit to register one Vote.
Now Voter enters the voting Booth, and preses a Button in front of name and Election Symbol of the Candidate. This action blinks an LED in front of the candidate's name and sounds a loud and long Beep, that declares that the vote is casted.
Notes: The System accepts only 5 votes in a minute. The Indian Election process is distributed in such a way that there are never more than 1500 voters for a single polling booth. So, even if armed men capture the polling station, they cannot cast 1500 bogus votes in less than 5 hours, and Indian police is not as slow as the bollywood movies project them to be. No voter has to travel more than 2 Kilometers to cast his vote. Its fairly easy for an election officer or opposition political agents to identify people who attempt to appear twice with different identity. (The Ink on the finger is the main reason).
And here is how the results are obtained from the machines.
After the voting is over, electoral officer presses the Close switch on the Control Unit, after which no votes are registered by the unit. The total number of the Votes registered are noted by all stake holders (political party agents) and then the control units are put into its own special carrying case, and sealed for transport.
Control Units from all Polling stations are transported to the nearest District headquarters.
On the day of counting the seals of the Control Units are opened. The control unit has a Results Button which is physically secured by a protective seal, this button is pressed to obtain the results. The Machine gives the Serial number of the Candidate, and the votes that he has won.
The Election commission takes a decision to ask for a re-election if the machines are found to be tempered with. Or if the count of signatures or thumb impressions (yes, India's illiterate also take part in the democracy) on the voter register do not tally with the number of votes registered by the Voting Machine. In this election, about a 100 polling booths, (I think) were asked to conduct the election again. This number is small, for the size of Indian elections.
In case of disputes, the machines are preserved for the courts to decide upon, other machines are used for next election after reseting the memory.
Diebold system works on Microsoft software, it has no seals on locks and panels to detect a tempering. It has a keyboard interface (!!!) and the server was tested to have “Blaster” virus. One report on Wired says a lady stumbled upon some files from Diebold, and found that the votes were stored in MS Access files. It also has a PCMCIA SanDisk card for local storage. A touchscreen GUI and a network connection to send the results to a server after encrypting it with DES.
The Indian EVM is just plain circuit, with some assembly code. A few LEDs, and two Seven Segment LED displays. One EVM can list 16 candidates, but up to 4 EVMs can be Linked to accommodate 64 candidates. (In a country of a billion people its possible to have 64 candidates for one single constituency.)
Diebold has received its share of criticism from Techies and Paranoids. Techies are Concerned about the vulnerability of the system. Some concerns are right, like having a network to communicate votes to a central server, exposes the system to unimaginable risk. I mean, we all know how safe is a windows box on a network ;-). But, some criticism is just not right, like the keyboard interface, and card reader jamming etc. No, electoral officer in his sane mind would allow a voter to walk into a booth with a keyboard in hand, and would not let him be inside the booth long enough to duplicate a smart card or to open the voting machine to do some EPROM Programming, or to run a forceful algorithm to break DES.
India's leading daily newspaper, carried an article on the eve of the elections, saying that the microchip containing the code of the EVM machines can be copied in minutes. The article was titled, “Winning Elections Made Easy”. The article was written by an Indian Professor living and teaching in America. But I don't think it is possible, as long as the Electoral system and Election officials function to their expectations. Usually Indian elections take place during school Vacations, and Teachers are recruited by the Indian Election Commission to perform duty as election officers.
I guess, The differences in both technologies are as follows.
EVM: Embedded with Assembly code
Diebold: Embedded with Windows CE, and C++ code
EVM: Single LED against each candidate's name
Diebold: Color Touchscreen, with GUI software
Operating System/ Software
EVM: None, the Assembly code to register number of votes is all it has.
Diebold: Windows CE, and C++ code stored on the Internal Memory and PCMCIA cards.
EVM: The Voting unit doesn't store anything, the control unit records the number of votes casted for each candidate against his serial number. No record to link person-to-vote.
Diebold: Internal ribbon printer. And PCMCIA storage for records and audit trials. Additionally the GEMS server also stores the votes and audits.
EVM: Blind people are allowed to bring an escort into the polling booth to help them vote.
Diebold: Optional Audio component to assist the visually impaired. “Magnify” feature to enlarge the text. I guess all Windows CE Accessibility features are available on these systems.
EVM: Control Unit accumulates the votes, it is a device with flash storage and seven segment LED displays. They are connected to voting units with a 5 meter cable, the Unit has a switch to issue a ballot for a voter.
Diebold: Two GEMS servers one primary and a backup, for every polling station, that connects to the voting units to “load the ballots” (!!) and then voting units work independently. They are again connected at the time of results.
Security of Access
EVM: Physical security is ensured by the electoral officers. Unit is sealed during transport.
Diebold: GEMS servers have access through Supervisory Smart cards, and PINs, some users have login and password access.
EVM: Ballot is issued by Electoral officer by pressing a button on the Control Unit. It allows the voter to press one button on the voting unit.
Diebold: Voter access smart card is issued in an envelope for a terminal. Voter can put it in the assigned terminal and cast his/her vote.
Storage of Votes
EVM: In Internal Non removable memory of the Control Units. All control units are transported physically to the counting center.
Diebold: In a PCMCIA card hidden in the Voting Unit. Results are “transmitted” using modems to the counting center.
Cost of the System
EVM: About 10500 Rs. (230$) for 1 control Unit + one voting unit.
Diebold: About 3300$.
EVM: 6V alkaline batteries
EVM: 3840 Votes (the electoral process distributes one polling station for not more than 1500 voters) so its large enough.
Diebold: Over 35000 votes.
EVM: The Voting unit has a Non tear-able printed sticker, which is printed in any of the 18 (yes 18) constitutional languages, spoken in the region. The Election Symbol of the candidate allows people who cannot read that language or cannot read any language at all to vote by pressing the button against the symbol.
Diebold: Supports more than 8 different languages using GEMS software.
EVM: State owned Defense Equipment manufacturing units.
Diebold: Private company.
EVM: Election commission of India buys it and ownes it to conduct elections everywhere in India.
Diebold: Individual states / counties buy the systems, and use it to take part in elections, each state can decide based on its law, which system to adopt.