Is This My Vote?

Anupam Saraph

Anupam Saraph

anupamsaraph@gmail.com

Electronic voting machines (EVMs) are magic machines that convert candidates into representatives. This magic depends on the number of votes counted on the EVM as having been cast in favour of a candidate. Candidates and people accepting the EVM count as a representation of the people’s mandate depends on their trust in EVMs.

 

The trust in the EVM’s ability to capture votes and count them correctly comes from the conviction that the polling agents of various political parties participate in a mock election conducted by the presiding officer in each voting booth. The mock election is meant to demonstrate that the tally of votes cast in favour of the candidates by each polling agent is reflected correctly on counting. This voting test, in other words, declares a machine to be capable of capturing votes correctly if it is impossible to distinguish between results declared after a manual counting of votes recorded on paper and after a counting by the machine.

 

The voting test is eerily similar to the test of machine intelligence devised by Alan Turing, the founding father of computer science. According to the Turing test, a machine will be declared intelligent if an interrogator cannot distinguish between the responses of a machine and a human challenged with similar questions. [1]

 

John Searle, Professor Emeritus of Philosophy at the University of California Berkeley, challenged the Turing test [2], asserting that imitating instructions was not a sufficient condition to conclude that machines were intelligent or that they could think. He required ones that are challenged with questions to have the ability to establish meaning in order to declare that they could think. Searle devised a test called the Chinese Room Test to demonstrate the ability of a machine to respond to questions in Chinese on the basis of a script and rules and thereby illustrate that the machine still had no means to establish the meaning of the questions or answers.

 

While Searle may not have provided a test for intelligence, he undisputedly demonstrated that the inability to distinguish between the responses of a machine and a human was insufficient to establish intelligence.

 

What would undisputedly establish the ability of a machine to capture votes and count them correctly?

 

The meaning of a vote

 

The meaning of a vote lies in it being cast by a real voter and then being counted for the candidate it was intended for. The meaning of a vote is altered by allowing it to be cast by a non-existent voter or by counting it as a vote for an unintended candidate. To demonstrate that an EVM can capture votes and count them correctly, it will have to allow the voter to verify that his/her vote has not only been counted but counted for his/her candidate. It will have to allow candidates and voters to verify that the votes polled by a candidate were all cast by real and legitimate voters and were all meant for the candidate.

 

Currently no EVM can establish that the meaning in votes is unaltered and that every vote cast is genuine and counted in favour of the candidate it was meant for.

 

Like the voting test, neither the Turing test nor the Searle test can recognise different responses at different times or non-deterministic responses. At most, such seeming randomness, if recognised at all, may be taken for intelligence. The assumption is that there is nothing that can alter the response from time to time.

 

Joseph Weizenbaum, Professor at the Massachusetts Institute of Technology and one of the fathers of modern artificial intelligence, created ELIZA3, an early natural language processing computer program, to demonstrate the superficiality of communication between humans and machines. The response of ELIZA to human interaction varied to the same question, giving it the appearance of being human. Weizenbaum established how a simple set of instructions can allow the machine to respond differently to the same question.

 

Auditing the code

 

Without auditing the code of a computer program, it is foolhardy to assess the behaviour of a computer program. The program embedded in the chips of the EVM is not available in the public domain. It is therefore impossible for anyone to inspect it and certify its behaviour. There is no third-party audit of the program supplied for embedding into the chips and the one that is embedded into the chips. Unsurprisingly, there is a petition seeking an audit of the source code pending before the Supreme Court. To complicate matters even more, this program is embedded into the chips by vendors outside India [4], and Electronics Corporation of India Limited and Bharat Electronics Limited only assemble the EVMs. In a meeting I had in August 2009 with the then Chairman of the Technical Committee of the Election Commission of India and the then Election Commissioners, they confirmed that they had not used any mechanism besides the voting test to verify that the EVM was running the program supplied by them.

 

In March 2017, WikiLeaks disclosed that “the CIA [Central Intelligence Agency] lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponised ‘zero day’ exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former US government hackers and contractors in an unauthorised manner, one of whom has provided WikiLeaks with portions of the archive. The malware includes ‘software that enables hackers to remotely control a compromised device—are “very, very complex”’.”[5] The malware also includes code that can be implanted in devices not connected to the Internet by using thumb drives or other devices.

 

It is also widely known that chip makers build backdoors[6] for future exploitation of hardware. Unfortunately, there is no way of guaranteeing that chips have not been tampered with. Experts note that as few as 1,000 transistors in a chip could cause them to do a lot of “very interesting” things with the extra transistors. If the rogue transistors, or transistors that are not part of the original design, are programmed to respond to a specific 512-bit sequence of numbers, you might have to cycle through every possible numerical combination of 512-bit sequences to discover the rogue code, using software testing. Surveillance cameras[7] across the world have been recognised as easy targets for hackers.[8] These can also work in tandem with other devices in their proximity to regulate rogue chips. Security experts say maintenance, repair businesses, and subcontractors may also pose a greater danger to hacking hardware.[9] Even missile systems have been hacked remotely due to such vulnerabilities.[10]

 

“Even if most voting machines aren’t connected to the Internet,” says the cybersecurity expert Jeremy Epstein[11], “they are connected to something that’s connected to something that’s connected to the Internet.” Adds Alex Halderman, a computer scientist at the University of Michigan: “Before every election, the voting machines have to be programmed with the design of the ballots—what are the races, who are the candidates.”[12] The programming is usually done on a computer in a central election office or by an outside vendor.

 

VVPATs

 

In 2009, I reported to the Election Commission of India the presence of coded results of the entire Lok Sabha election on its website a good 10 days before voting was over.[13] This led Subramanian Swamy to petition the courts for EVMs that had Voter Verified Paper Audit Trails (VVPATs). Hundreds of candidates across India have cried foul over EVMs when the machines appear to have favoured their opponents. Even political parties have not demonstrated trust when they have suffered and have forgotten the unfairness once they are in power. Behind closed doors, they are familiar with the technical details of hacking EVMs in a block where their opponents have more support. It is little surprise, therefore, that a 2011 Report of the National Institute of Standards and Technology found that voter-marked paper ballots are the only way to securely record and preserve voter intent.[14]

 

By now it should be obvious that like any machine subjected to the Turing or Searle test, an EVM subject to the voting test can be programmed to work differently at different times, either triggered by a stimulus, internal programming or simply by randomness. The machine passing the voting test is no evidence of its inability to generate votes on its own or to not count votes in favour of one candidate over votes for another.

 

Consider the likelihood that you will deposit money in a machine that is demonstrated to accept money to a particular bank account in a test, but it does not issue any receipt of the transaction and neither does it have the possibility of an audit to verify that the deposits not only went to the correct account but also that they did not get altered. Why should you do any differently with your vote that is a blank cheque to not just your tax money but also to your rights?

 

EVMs do not provide voters with a receipt of the vote they cast. It is a huge leap of faith that the machine not only allocated the vote to the candidate intended by the voter but also allowed the same vote to be counted for the same candidate. Given the stakes, electoral malpractices are rampant. The Election Commission has not simplified voting; it has made the simple process of making a choice extremely complex, drawing attention away from the ability of the vote to be counted to the paraphernalia of elections. This is almost like the magician or thief who distracts the attention of people from what they are really doing in order to perform magic and trickery.

 

Auditability test

 

There is no certainty unless the EVM passes the “Auditability” test. The Auditability test will need the EVM to allow voters to verify that their vote has not only been counted but counted for their candidate even after it is cast. It will have to allow the voter or candidate to verify that the votes polled by a candidate were all cast by real and legitimate voters and were all meant for the candidate. This will necessitate providing voters either a receipt or a vote “account”, like a bank account, whose “balance” they can verify. This will also require the ability to audit the votes deposited in each candidate’s account and verify them as having been generated by a genuine voter, and not spontaneously by the program itself, and having been meant for the candidate.

 

Subramanian Swamy’s petition to the courts resulted in EVMs that were called EVMs with VVPAT. The VVPAT was introduced to create an audit trail of votes cast on an EVM. The VVPAT is an audit trail assuming each voter has verified the vote printed by the VVPAT EVM. If the printouts are voter-verified votes, they can be counted to verify the votes counted from the control units of EVMs. The control units would have counted correctly if the VVPAT votes match.

 

To confirm that the votes counted across EVMs by the control unit are the same as those counted by the VVPAT, the votes polled for each candidate on the control unit and in the paper trail should not be statistically different. To determine this, statisticians compare the votes counted from a sample of the EVMs using both the methods. The question is, how many comparisons will establish confidence that their choice of EVM was not biased or just a fortuitous one?

 

A good deal about choosing the number of EVMs to count depends on the variability expected between the EVMs. Each EVM or booth has demographically high variation or could be homogeneous. For example, because of their demographic make-up, some polling booths could be expected to be favouring one candidate over another. In case of high variability, a larger number of booths will need to be compared for VVPAT and control unit counts. There was an average of 1,708 EVMs in every parliamentary constituency in 2014. While each EVM can store 3,840 votes, an average of 904 voters were assigned to cast votes on every EVM during the 2014 election. This means a greater variability was introduced between booths than necessary. Typically for constituencies that have 1,708 EVMs and high variability in booth voting, a choice of less than 200 booth VVPATs for counting would be poor to certify that the control units have counted the correct votes.

 

That said, the VVPAT itself does not satisfy the Auditability test.

 

The Auditability test requires the EVM to allow voters to verify that their vote has not only been counted but counted for their candidate even after it is cast. Voters have no means to confirm verification of the printout shown to them. The printout is merely a paper vote, it is not a voter-verified vote. The voter has no recourse to cancel or object to an incorrect printout without facing disproportionate penalties and no means to demonstrate the stealing of votes. The term VVPAT is therefore incorrect. There is no means to establish that voter verification happened.

 

The Auditability test also requires that voters or candidates can verify that the votes polled by a candidate were all cast by real and legitimate voters and were all meant for the candidate. The printout of the VVPAT does not have any means of authenticating itself as a voter-verified or genuine vote. It is quite possible that the counted printouts from VVPAT were not the ones printed during the voting. The printouts can neither establish that they were cast by legitimate voters nor that they were cast for the candidate they indicate. The printouts from the VVPAT are not counted by any third-party auditor. The same entity that has counted the votes on the control unit counts the VVPAT. This is bad auditing practice.

 

For the Auditability test to work, voters will need a receipt or a passbook entry that their vote has been deposited to the account of the candidate. They will need the ability to verify, any time, that the Election Commission records still have the same entry as in their passbook.

 

Hacking elections to steal them is unfortunately widespread across the world. The use of electronics has made it easier, not more difficult, to hack into elections as such hacks are difficult to detect. The 2006 Robin Williams starrer Man of the Year is the story of the United States presidential elections being fixed by EVMs. While we have focussed only on EVMs, it is important to recognise that strategies to steal an election combine the use of electronics not just for the casting of votes but also for deciding who can cast votes, which votes get counted, who gets to be a candidate, who gets to reach out to voters and also what messages get seen by whom. The Election Commission of India has demonstrated naivete if not ignorance in asserting that electronics makes elections unhackable.[15]

 

Undermining people’s voices

 

The multiple ways in which electronics undermines people’s voices in elections was evidenced in the 2016 US presidential election.

 

According to the Federal Bureau of Investigation (FBI), Russia allegedly took advantage of the many online vulnerabilities in US’ voting network to control the 2016 presidential election.[16] The voting network that was allegedly compromised includes software companies, online registration sites and vital information that election officials willingly send to each other over email. The hack reportedly affected 39 States, twice as many as were originally reported. According to the CIA, the FBI and the National Security Agency, they had evidence of Russian efforts to undermine confidence in the US electoral system and affect the outcome of the US presidential election.[17]

 

Elizabeth Warren told CNN that the 2016 Democratic Party primary was rigged.[18] Interestingly, an analysis of US Democratic Party primaries with or without paper trails shows a voter preference for Bernie Sanders over Hillary Clinton wherever the paper trail was used, casting a shadow on the lack of transparency of electronic voting.[19] According to the Electronic Privacy Information Centre, “investigations undertaken by private security firms, apart from the FBI, indicate that the attacks on the 2016 US presidential election also threaten democratic institutions in other countries”.[20]

 

Channel 4 secretly filmed the managing director of Cambridge Analytica’s political division Mark Turnbull and the chief executive Alexander Nix boasting about tampering with over 200 elections around the world, in places like Sri Lanka, Nigeria, India and Argentina.[21]

 

Gloomy future

 

The future of trusting the vote in the machine is dull, dark and gloomy. Machine readable ballots are a possible way that provide auditability.

 

By defending the EVMs needlessly, the Election Commission has neglected its mission of protecting the representation of people. Democracy has apparently given way to majoritarianism of representative politics. Representation cannot be about majoritarianism but about delivering the constitutional promise of justice, equality, liberty and fraternity. This defines public interest. It is about delivering the constitutional promise of protecting sovereignty, democracy and the republic. This defines national interest. Representative politics has evidently become more concerned with majoritarianism and winning elections rather than protecting public and national interests.

 

As pointed out by Prof. Lawrence Lessig of Harvard Law School, our choice of representatives has already been hijacked by those, like political parties and their anonymous donors, who choose and restrict the candidates we can vote for.[22] In the process we have forgotten that democracy is not about voting or winning an election but about participation in decision-making to protect public interest and national interest. We urgently need better ways to provide equity in decision-making than to simply leave it to “elected” representatives. Counting votes on EVMs or fighting to save EVMs certainly does not help us to accomplish that.

 

(Anupam Saraph is Future Designer and Professor, Symbiosis Institute of Computer Studies and Research, Pune.)

 

References

 

  1. Turing, Alan (1950): Mind, Volume LIX, Issue 236, pp 433–460, October 1, https://doi.org/10.1093/mind/LIX.236.433

 

  1. Searle, John. R. (1980): “Minds, Brains, and Programs”, Behavioral and Brain Sciences, 3 (3): 417–457, https://www.law.upenn.edu.

 

  1. Weizenbaum, Joseph (1966): “ELIZA—A Computer Program for the Study of Natural Language Communication Between Man and Machine”, Commun. ACM 9 (1), pp 36-45, January1966, http://dx.doi.org.

 

  1. http://eci.nic.in/eci_main1/current/FAQ-English14012017.pdf

 

  1. https://wikileaks.org/ciav7p1/?

 

  1. “The Hunt for the Kill Switch”, May 1, 2008, https://spectrum.ieee.org.

 

  1. “Surveillance Cameras Made by China Are Hanging All Over the U.S.”, November 12, 2017, https://www.wsj.com

 

  1. Ibid.

 

  1. “Counterfeit Chips Raise Big Hacking, Terror Threats, Experts Say”, October 1, 2009, https://www.popularmechanics.com.

 

  1. “German Missiles ‘hacked By Foreign Source’”, July 8, 2015, http://www.newsweek.com.

 

  1. “If Voting Machines Were Hacked, Would Anyone Know?”, June 14, 2017, https://www.npr.org.

 

  1. Ibid.

 

  1. “How Secure Are India’s Elections?”, May 14, 2014, https://www.huffingtonpost.com.

 

  1. https://www.elections.virginia.gov/Files/Media/Agendas/2017/20170908BWP.pdf.

 

  1. http://eci.nic.in/eci_main1/current/FAQ-English14012017.pdf

 

  1. “Russia Hacked Voting Systems in 39 States Before the 2016 Presidential Election”, June 13, 2017, https://www.vox.com.

 

  1. “Russia Election Hacking: Everything We Know About US Investigations into Alleged Interference”, May 18, 2017, https://www.independent.co.uk.

 

  1. “Elizabeth Warren Agrees Democratic Race ‘Rigged’ for Clinton”, November 3, 2017, https://www.bbc.com.

 

  1. https://drive.google.com/file/d/0B6mLpCEIGEYGYl9RZWFRcmpsZk0/view?pref=2&pli=1

 

Read more