This question has been bothering millions in India and maybe in other countries across the world. India just conducted its general election, where the number of voters who participated was more than twice the population of the United States.
India adapted Electronic Voting Machines (EVMs) decades ago, as did many other countries. However, multiple manufacturers sell EVMs, so not all are the same. In the last ten years, EVMs have been increasingly viewed with suspicion in India, and most of that suspicion has been fueled by baseless rumors.
Elon Musk recently stirred things when he claimed on X that EVMs can be hacked. With India just emerging from an election, this was quickly picked up by many opposition leaders who have been requesting that we switch over to a paper ballot system. In response to someone who tried teaching Elon about technology, stating that the kind of EVM India uses can’t be hacked, Elon responded, “Anything can be hacked.”
And he is right.
Can EVMs be hacked? Yes.
But only by tampering with the hardware.
The type of EVM used in India cannot be hacked wirelessly unless the hardware within has already been tampered with.
I am not an expert on the process, but I can vouch for the statement in the sentence above. EVMs can be hacked only if the hardware within is modified. If it can be ensured that EVMs have never been opened, then you practically ensure that they cannot be tampered with. For those interested, the generic architecture inside the unit looks something like this.
If the units are not tampered with before they get on the field, there is no way that these units can be manipulated during the process, or during counting. So if the units were clean from the hardware perspective, the allegations that someone was able to do something shady using their phone is baseless. Without any tampering, these units cannot be accessed wirelessly. They are specifically designed that way.
But if some of these units can be tweaked at the hardware level, the possibilities of wrongdoing expand. The only way EVMs, specifically those being used in India, can be hacked is by making modifications to the hardware.
Example scenario one: This is where you tweak the system within the unit in a hardwired way by tweaking the main board (shown in the illustration below). If you ignore all the hardware and software capabilities, the machine is a nothing but a counter. And tweaking with the logic of a counter is not something that is rocket science for an expert electronics professional. By adding an additional chip to the board, you can mess with the counter logic.
So if someone presses a button for party A, even if they get a hard copy confirmation that their vote indeed went to A, (through Voter verifiable paper audit trail slip, also known as VVPAT), the unit registers it as going to B. Can be done. But only through a significant hardware modification.
Also important to note here is that such modification requires the same level of expertise that goes into designing these units.
An audit of VVPATs can highlight this, but these audits are random. Remember how Musk mentioned that AI can be used for hacking? An algorithm installed on the hardware can perform the “backdoor assignments” in a way that randomizes the counts so that the final numbers will not look suspicious, but will still benefit a certain party.
Example scenario two: The other option, again at the hardware modification level, is to leverage the power of IoT. This approach does not hardwire any logic in the unit, but it can allow overriding hardcoding of the final counts using the interfacing device. Using a phone for this may still be far-fetched. Not because it is not possible technologically, but because you will have to develop an app for the phone to interface with the unit. If changing the counts is the only objective, why take that much pain?
It is common sense that matching all VVPATs with counts can detect any form of manipulation. But then, it will be akin to manual ballot counting.
Designed Analytics Blog 