--- India's Electronic Voting Machines are Vulnerable to Fraud Hari Prasad, Rop Gonggrijp J. Alex Halderman IndiaEVM.org --- Indian election authorities have repeatedly claimed that the nation's electronic voting machines are tamper-proof, but in this video, security researchers demonstrate several ways that criminals could tamper with the machines to steal votes and change the outcome of elections. These attacks would be very difficult to detect, but they are actually quite simple. Probably a million people in India have the necessary skills. [title: "The Problem with Electronic Voting"] Imagine going to the polls and being given a ballot. After filling it out, you are shown a brand new "Electronic" Voting Machine that consists of a large box with a curtain. There is a man behind the curtain, and when you approach, he snatches your ballot. He then shreds it into pieces and tells you you have voted. When the polls close and counting time comes, the man behind the curtain hands over a piece of paper on which he has kept an honest count...or so he claims. Electronic voting machines are no more trustworthy than a stranger behind a curtain. We wil show you several ways that they could cheat. India is the world’s largest democracy, and for about a decade, nearly all votes have been cast on electronic voting machines, or E-V-Ms. They consist a "Control Unit" used by poll workers and a "Ballot Unit" inside the polling booth. There is a single race, and the Ballot Unit has one button for each candidate. [title: "Simulated Election"] Let's run a small election using a real EVM. When a voter arrives, poll workers press this button to allow one vote. The voter then presses the button for their candidate, and the vote is cast. Let's give each candidate three votes. [title: "The Count"] Later, the votes are read from the EVMs during a public counting session. When workers press a button, the machine displays the number of votes for each candidate. The display shows that candidate 1 wins with 7 votes. Something is wrong--that number was supposed to be 3. Somehow, one vote has been stolen from each of the other candidates. Now we'll open the machine and show you how we tampered with it. Until now, Indian election officials haven't let voters see inside. The EVM contains a simple computer, with a processor and memory to store votes. [title: "The Dishonest Display"] We made the machine cheat by tampering with the hardware. Before our demo election, we opened the machine and replaced the real display with this dishonest look-alike version, which lies about the election results. As you can see, the two displays looks nearly identical. We built our version in a few weeks from parts costing just a few dollars. Under the displays, we hid a small chip that replaces the real results with dishonest ones, and a Bluetooth radio that lets us wirelessly signal who should win. Criminals could install a dishonest display at any time before the votes are counted, possibly years before the election. [title: "Memory Manipulations"] Here's a second way criminals could cheat. They could also change votes while the machines are stored, between the election and the public counting session. To prove this, we built a small vote stealing tool. It has a dial to select the winning candidate, and it clips directly to the memory chips that store the votes in the EVM. The attacker just attaches it momentarily and it rewrites the votes. This attack leaves no traces and makes sure our favorite candidate wins. [tite: "The Secret Software"] Another alarming problem is that the software that counts the votes is stored in chips that are designed so that the software cannot be read back out. That means not even the Election Commision of India--India's highest election authority--can verify that the correct software is in the EVMs. Yet the software in the chips could be dishonest---or the real chips could be replaced by dishonest lookalikes---and nobody could tell. Meanwhile, experts for the Election Commission of India seem to think that the fact that nobody can verify the software actually makes the EVMs more secure. Prof. P.V. Indiresan, chairman, expert committee: "The program itself is frozen. It cannot be entered, it cannot be read. Even the BEL and ECIL cannot read what is in the code." Remember the man behind the curtain? What if that unreadable code is dishonest? Indian elections employ safeguards against fraud, but this does not prevent our attacks. One safeguard is that poll workers perform a small mock election to test the machine before voting starts. However, it would be easy to program a dishonest machine so that it cheats only after hundreds of votes are cast. Everything would seem normal during the mock election, but the real election results would be dishonest. Another safeguard is that election officials place seals on various parts of the machine. Yet these seals are easy to tamper with---most consist of a sticker, or a piece of string and some red wax. Scientists don't really know how to make seals that cannot be cheaply faked or tampered with, even in applications such as nuclear facilities. Low-tech voting machine seals are an extremely weak defense. People also point out that the order of the candidates is not determined until a few weeks before voting. This is believed to limit the amount of time an attacker has to manipulate the machines. But remember the Bluetooth radio on our dishonest display? Either at the polling stations or at the counting session, a mobile phone with a special application can be used to tell the display which candidate should win. You have witnessed attacks that can change election results on real EVMs in real scenarios. We believe this settles the debate. India's EVMs can be tampered with to steal votes. Paperless electronic voting systems are never transparent and are inherently insecure. The use of paperless EVMs has been discontinued in California, Florida, Ireland, The Netherlands and Germany. India would be wise to follow suit. For more information and uncut video of these attacks, visit IndiaEVM.org India's Electronic Voting Machines are Vulnerable to Fraud For more information, see IndiaEVM.org Made by: Hari K. Prasad, Rop Gonggrijp, and J. Alex Halderman at NetIndia (Hyderabad): Arun Kumar, Vasavya Yagati, Kalyan, Sai Krishna, Varaprasad at University of Michigan (Ann Arbor): Eric Wustrow, Scott Wolchok Camera: Brinda Kumar Comic Art: Koen Hottentot Special Thanks: Nadia Heninger, Rahul Mehta, G.V.L. Narasimha Rao and some very brave anonymous people IndiaEVM.org