[harichinnan]

This is a puff piece to legitimize use of EVMs. India uses EVMs, a closed source device made by a secretive Japanese manufacturer. The government claims the device is "hack" proof. They stubbornly refuse to conduct an open hackathon to find vulnerabilities.

[nerdponx]

Though Indian voters also cast their ballots on electronic voting machines, they are much simpler and arguably more reliable than the ones used by their American counterparts. Unlike the machines in America, which are manufactured by private companies, differ in each state, and need proprietary ballot paper, the ones used in India are made by two government firms, and are battery operated—a key detail in a country that struggles with power supply. (Plug-in machines caused problems in the latest US election, as some workers forgot to plug them in). Each machine holds up to 2,000 votes, so large-scale hacking is highly unlikely.

[throwaway123156]

It's good to see an audit paper trail is generated by these machines.

If EVMs are to be used, an auditable paper trail is necessary.

Hopefully the Election Commission will audit a representative sample of locations to prevent any irregularities.

[kobiguru]

There is nothing to hack to meaningfully affect an election outcome at the national level. Plus Election Commission of India takes no chances around it.

[Arnt]

IAUI the major threats historically were booth takeovers, stolen vote forms and bribed vote counters, and from what I've head the machine has a good record on defeating all three. Is that correct, or have there been developments I've missed?

[pushtheenvelope]

you are correct. The EVMs have definitely helped in this regard.

That said, threat models keep evolving. As EVMs are now used, one needs to incorporate EVM manipulation in the threat model as well.

The way to stay ahead of these threat models is to have an open, transparent process. A simple way to do that is to publish the design spec of the EVMs, and any source code. Invite audit from the world. Hiding it away is just "security by obscurity", which is well-known in the security community as not being good practice.

[_jgdh]

> well-known in the security community as not being good practice

The folks in charge of making decisions don't understand security. I'm not criticising them, it's quite reasonable that a layman would think that security by obscurity works.

[Arnt]

They have a threat model, their threat model is based on reality, and their security is pretty good against the threat model. How can you say they "don't understand security"?

They also (viewed from a distance) seem to ignore people who talk about security without talking about threat models.

Security by obscurity seems to be very nearly irrelevant to the Indian Electoral Commission's security model. Security by obscurity is bad, of course, but in that model it's such a minor factor. If I were the commission I'd file people who disregard the threat model and talk about minor factors under "b" for "bikeshedders".

[pushtheenvelope]

yep, agreed!

I wish that was not the case, though, and its up to us as the tech community to educate our policymakers.

[calvinbhai]

I believe this is the first time VVPATs are being deployed all over, in addition to EVMs. If this cannot be considered secure enough (even if you assume EVMs were hacked, VVPATs negate any effects of cheating).