Having said that the Indian Parliament election is the largest election on the globe, the Election commission of India (hereafter referred to as ECI) is taking several digital steps to ease the process.

The final round of polls are taking place today, and the ECI is all set to prepare for the counting of polls. Maintaining the integrity of polls is a thing. The Electronic voting machines (EVMs) can be tampered with or themselves be defective. The ECI introduced a new device this election called VVPAT - Voter verified paper audit trail. Each EVM is attached to a VVPAT which prints its every poll inside a sealed box. Thus the integrity is achieved by taking a non-digital way. The EVM's poll count can be verified by tallying against the printed slips from its VVPAT. But that is not going to aid, as it's manual work to verify EVM with a paper audit trail. Doing this for an election with 1.035 million polling stations, and more than 3 million EVMs is not something wise. Thus the ECI is relying on statistics to help it find defective or tampered EVMs.

Statistics for the rescue

According to this post by a professor from Indian Statistical Institute (ISI), it's been suggested to tally only 1 EVM per assembly constituency which is only 4,125 EVMs across the country. This works based on the concept of sampling. This was all under the assumption that mismatch might occur only due to manufacturing defects in the machines. The ECI maintains that EVMs are tamper-proof and the analysis of the ISI team is based on that assumption. However, the SC ordered to verify the integrity of 5 EVMs per assembly segment which is still a very less percentage, because of the manual work needed.

A passage from the above-mentioned post, "The apex court ordered 5 EVMs to be VVPAT-audited per assembly segment—again a stratified sampling technique—the inherent message was the same. This would ensure 99% probability of obtaining at least one defective/tampered EVM in a Lok Sabha constituency with 13% defect and/or tampering proportion. If the proportion of defectives/tampered EVMs is as low as 2%, this probability would still be 51%."

Still, an ideal EVM verification ratio is unclear, and 5 EVMs per assembly segment is the current ratio. Automation of the paper audit trail can possibly allow verifying all EVMs.

Possible automation

Disclaimer: From this point, it's my thought idea for the polling workflow. I may be wrong or this may not work for the real scenario. Things can become a little confusing, go slow!

One possible automation for the paper auditing is to have the VVPAT print barcode in its slip. Barcode as we see in packaged items can contain the poll data. Thus, the reading of VVPAT slips can be automated, and can be tallied with the EVM in minutes. But this violates the whole point of VVPAT which is voter verifiable.

Background

The main problem with the EVMs is that they can be faulty or compromised to increment the counter for some other candidate than that of the polled. The ECI designed VVPAT for the voter to verify the integrity of his/her vote. The VVPAT prints the candidate name and his/her party symbol in a slip for the voter to verify. The voter can check the slip to match his vote. The slip then falls into a sealed box after few seconds. Let's consider 2 cases of faulty or compromised EVM, one is that the EVM increments a wrong counter and prints the wrong party symbol in the VVPAT. Then, the voter will be able to find it at the time of polling itself. Second is that the EVM can also increment a wrong counter, but print the correct candidate in the VVPAT. In such a case, the defect can be detected only while tallying on the day of counting. Hence we come to the problem of tallying EVMs with VVPAT.

Now, a barcode cannot be verified by the voter. While looking at the VVPAT printed slip, the voter can verify the candidate name and party symbol but will not be able to verify the barcode. Consider the following scenario, the EVM records a wrong poll, prints the correct party symbol with a barcode corresponding to the wrong one, the point of voter verification fails. The faulty EVM is going to be tallied against faulty barcodes.

Having the VVPAT print barcode, and an independent barcode reader that displays the data from barcode need to be used while polling. The barcode reader should not be digitally connected with the EVM or VVPAT so that it cannot be compromised to display a correct poll while having a wrong barcode.

Going further with cryptography

Programming the EVMs to output a cryptographic hash of the data inside it can help to identify tampering after the poll. At the end of polling day, the hash from every EVM can be made public. While counting polls, our imaginary audit trail machine can be programmed to calculate the same hash from the barcodes. Matching the hashes can verify the integrity of the EVMs in no time.

Once again, all these are my thoughts and no proof that they will work in real cases without loopholes. Considering the vote margin between the candidates, faulty EVMs need not change the result always. Thus, going this far may not be needed. Discussions are welcome. Contact: realramkumar.github.io