For the third time, Indians are voting on their parliament exclusively with voting computers. However, the devices are very easy to manipulate.
The voting computers are being prepared. Experts criticize that they are still insecure. Picture: dpa
A man takes his cell phone out of his breast pocket, selects a candidate, clicks. Then the cell phone disappears again. A scene like experts imagine the manipulation of an election computer. Not fictitious, but very concrete. This is how it looked when a team of researchers from India, the U.S. and the Netherlands proved that Indian voting computers are easy for hackers to attack.
Since the 2004 general election, hundreds of millions of voters have voted only by computer. That has cut the cost of elections, the Election Commission says, because millions of ballots no longer have to be printed and distributed. Instead, polling places have several machines with a list of candidates and a blue button next to it. Voters press their candidate’s button, and at the end, the votes are simply added up.
Hari Prasad, the Indian engineer on the hacking team, says he became aware of the weakness of India’s voting computers back in 2004. At the time, he was working with one of the development companies. "We noticed that the chips were completely outdated," Prasad says. But it wasn’t until 2010 that he was heard. At the time, the opposition BJP party criticized the election results – a defeat for them – and high-ranking party members publicly suspected that the computers must have been hacked.
But the Election Commission of India stood by its position that the computers were "absolutely tamper-proof" and invited Prasad to demonstrate the weaknesses. However, when she reneged on the appointment, Prasad was leaked one of the devices. That it was a genuine device is now beyond doubt: the Election Commission had Prasad detained in 2010 to find out how he had obtained the computer.
Lack of security precautions
The commission repeatedly points out that the computers are secured in many ways. They are tested with sample ballots before the election, randomly distributed to polling stations, and the order of candidates is also random. Between elections and, more importantly, in the often weeks-long period between casting and counting votes, they would be kept in secure rooms, guarded and under video surveillance.
But in 2010, together with two other IT experts, Alex Holderman, a professor at the University of Michigan, and Rop Gongrijp, an activist from the Netherlands, Prasad showed how vulnerable India’s voting computers are. They concluded that not only are the computers easily hackable, but the Commission’s security measures offer little protection. In particular, they showed two possible attacks.
In the first, they switched the counter display in the machine so that it always misrepresented the results in terms of a candidate. To avoid detection during preliminary tests, the display can be turned on and off with a smartphone app.
Trivial manipulation possibilities
In the second attack, a chip is clipped to the memory of the voting computers. A program evaluates the results, calculates how the votes would have to be shuffled and overwrites the memory accordingly. The attack is suitable for people who have access to the voting computers between casting and counting votes, he said. "The security measures that are in place are trivial to circumvent," Rop Gongrijp also says. And millions would also have the foreknowledge for this.
Since the BJP put the issue on the agenda and more and more politicians also referred to the research of the three men, the Election Commission of India has been under pressure. In 20, two of India’s highest courts found that voting computers could indeed be tampered with and called on the Election Commission to improve them. Since then, it has been experimenting with a so-called "paper trail," in which the voting computers also print out a ballot. In case of doubt or challenge, these ballots can be recounted.
We would like to show you an external content here. You decide if you want to see this element as well.
"Whether that will be enough remains to be seen," says Rop Gongrijp. "If the ballots are only collected to be thrown away later, the weaknesses will remain." Except in the case of challenges, spot checks would have to be counted regularly, and if the results were close, recounts would also have to be done at polling stations. "And imagine the pressure that would then be on the tellers: If they keep coming up with the ‘wrong’ result, they’re calling Indian democracy into question," Gongrijp said.
But none of that will matter in this election. Because Indians are voting with all the risks this time as well. Only a few thousand of the total of two million voting computers have a paper trail so far.