The row over EVM hacking has arisen after the tweet of Elon Musk (@elonmusk) which says “We should eliminate electronic voting machines. The risk of being hacked by humans or AI, while small, is still too high.” (June 15 2022). This has come at the wake of the tweet of Robert F. Kennedy Jr (@RobertKennedyJr), an independent candidate for President of the United States. In his tweet Kennedy says “Puerto Rico’s primary elections just experienced hundreds of voting irregularities related to electronic voting machines, according to the Associated Press. Luckily, there was a paper trail so the problem was identified and vote tallies corrected….”.
Although the post of Elon Musk was not at all about the Indian EVMs, it seems the Indian political battlefield is on boil again on EVMs. Opposition is upholding the comment of Musk, whereas, as usual, ruling party is denouncing the claim. Rajeev Chandrasekhar, Former IT Minister of GoI and a techy has reposted the tweet of Musk commenting, “@elonmusk‘s view may apply to US n other places – where they use regular compute platforms to build Internet connected Voting machines. But Indian EVMs are custom designed, secure and isolated from any network or media – No connectivity, no bluetooth, wifi, Internet. ie there is no way in. Factory programmed controllers that cannot be reprogrammed.” To this tweet, Elon Musk again commented reiterating “Anything can be hacked.” To this comment of Musk, Rajeev replied, “Technically ur right – anything is possible E.g..wth quantum compute, i can decrypt any level of encryption, with lab level tech n plenty of resources, i can hack any digital hardware/system including flight controls of a glass cockpit of a jet etc etc. But that’s a different type of a conversation from EVMs being secure n reliable vis a vis paper voting. And we can agree to disagree.” With 389K lines, 90K reposts and 32K comments, Musk has reopened the age-old debate in India on EVM hacking or tampering.
Few months back, in January 2024, in an interview with The Wire, Madhav Deshpande, a former CEO of Tulip Software and a former consultant to the Obama administration in the United States, elaborated that EVMs can be manipulated. Deshpande pointed out the limitations of the three units of EVM (voting unit, control unit & VVPAT) and suggested some upgradation.
With the post of Elon Musk claiming the possibility of hacking electronic system of voting, question has again arisen whether actually Indian EVMs are hackable? In fact, EVMs are isolated voting units with no internet connectivity (no wifi or LAN facility), no Bluetooth or USB port. So, it is having no wireless communication capability. It is also said that the chips of EVMs are non-programmable to the level of unwanted re-programming. What is evident, thus, is that to hack EVMs a physical hardware tampering is required which requires physical access to the individual machine for considerable time by the `hackers’. Remote tampering is not possible with EVMs.
On the tampering issue, ECI has come out clean so far, as political parties, getting offer from ECI, have failed to prove that EVMs can be manipulated. So, Indians EVMs should be considered as safe and reliable.
Regarding, other isolated electronic devices the question of hacking veers round the level of isolation. Without having any connectivity whatsoever, if the chips involved therein (which runs ROM BIOS) are reprogrammable or can be programmed with specific timer circuit, it can always be hacked at some point of time. There are many other possibilities, given the advances in technology including emerging horizon of AI. In that regard, integration of GPS chip can play a crucial role in providing timing and synchronization references for electronic systems, it may lead to exploitation of vulnerabilities.
It is said that the security of any electronic system can never be guaranteed with absolute certainty. There lies the hair-crack and certainly Musk’s comment relies upon that tunnel. When he says, anything can be hacked, he perhaps, relied upon the limitations of any electronic device and on its evolution possibilities. After all, no device is cent-percent absolute. As any device is always subjected to upgradation, in that, it is always vulnerable to tampering, and hence to hacking.