[codeN]

Indian EVMs are not as secure as ballot boxes. It is dead simple to "inspect" a ballot box once received for any backdoor that might be there, but not the same for Indian EVMs, in fact there is an attack where the attacker can change a single IC, and make the machine remotely editable, or "distribute" votes, and that can be turned on and off. https://www.youtube.com/watch?v=apkSkb6Ak3I

[msravi]

How would you "inspect" a ballot box from which real votes have been discarded and which has been stuffed with fake votes? Once you have sufficient access to open a voting machine (electronic or otherwise) and change components, all bets are off.

[codeN]

I was talking about inspection once it reaches the election agency. After that, till counting both are same, however the fact that they can be tampered with during manufacturing is what bothers me. Essentially the ballot boxes only require one trustable entity the election agency, the EVM requires two trustable entities the EVM manufacturer and the election agency.

[msravi]

The next generation of EVMs apparently come with an additional printer unit (VVPAT) that doubles up as a ballot box. The voter can verify that what got printed was the vote he/she cast, and the papers collected in the printer unit's "ballot box" can be manually counted and used to cross-verify an EVM's result.

[drdaeman]

Digital signatures and tamper-resistant ICs?

If malicious actor swaps the IC, new one won't have the secret material that original had contained (and which IC will only disclosed upon receiving court-signed audit order, permanently burning a fuse at the same time). And if they try to tamper with the IC, they'll need to spend significant amount of time with it.

This isn't even remotely perfect, but can be used as one of the measures. Throw in some more redundant systems with different approaches, ensure their integrity at the end and you'll have some proof that the results are authentic enough to a certain extent (measured in amount of efforts needed to perform a successful attack).

[simias]

That's security through obscurity. You want any citizen to be able to audit the security of the device, if you have to trust the government or some institution then what's the point?

There are better ways to make sure your vote got registered properly, for instance http://www.nytimes.com/2004/03/02/science/did-your-vote-coun...

After voting, each voter would receive a receipt -- a record of his choices that would be encrypted, or put into code, and could be deciphered only by a collaboration of all the election trustees. After polls closed, all receipts would be posted on the Internet. Each voter could use his serial number to find the image of his receipt, and make sure it matched the one he carried.

Not foolproof but still better than what we have now.