An open letter to Chief Election Commissioner regarding EC EVM Challenge

To
Dr. Nasim Zaidi, Chief Election Commissioner, New Delhi
24 April 2017
Re: EVM Challenge
Dear Dr. Zaidi

We are a group of well-wishers trained in engineering and the sciences. We understand that the EVM challenge has been initiated by the Election Commission as a response to allegations that the recent elections were rigged. From a technical perspective, such allegations are best addressed by auditing VVPAT records where they exist. The EC could, however, use this challenge as an opportunity to increase electoral process transparency. Additionally, independent of the outcome of the challenge, the EC should check the outcome of each election by creating, maintaining and auditing VVPAT records.

The issue of EVM security is not a political one, but a technical one. From a technical perspective, to understand what kind of tampering is possible, actions that might be performed by an insider in the process, or a criminal, should be allowed during the challenge. In the event that the EC prevents some type of access, (it disallowed physical tampering in 2009) it should explain why an insider or a criminal would not have that kind of access.

Additionally, we believe the following are necessary to fully understand EVM security strengths and weaknesses:

  1. Individuals should be allowed to choose their instruments and to physically tamper with an EVM.
  2. They should be provided design documents and test descriptions and results, as well as information about the security procedures in place, for each generation of EVM currently in use.
  3. The results obtained by each team examining the EVMs should be made public.
  4. Longer term testing by a team with in-depth expertise in computer security and voting system security should be performed, and its results be similarly made public, in the manner of theTop-To-Bottom-Review ordered by the Secretary of State of California, USA, in 2007.
  5. A team of experts should be tasked with preparing recommendations to address each important security vulnerability discovered during the challenge and the longer term testing; their report and the decisions of the EC regarding timeline for addressing each issue should be made public. The process should be open, and comments from external experts should be solicited.

The EC should note that it is virtually impossible, whatever the qualification of the individual examining the EVM, to determine with certainty that EVMs are tamper-proof. Electronic devices can be designed to detect when they are being tested, and it is practically impossible to test for every possible configuration and scenario. Hence, if the EVM challenge does not detect a problem, this does not mean that election outcomes are guaranteed to be secure in the future; regular VVPAT audits can help address this issue.

Our Position on EVM Security

As engineers and scientists, we know that an electronic device, such as the EVM, is not transparent to the human voter. As such, the human voter does not know whether his or her vote was recorded or counted correctly. Further, our experience and education indicates to us that machine errors and human error in the processes of design, testing and deployment can result in an incorrect output.Electronic devices cannot be guaranteed to be immune from tampering when there is a large number of insiders with access and non-insiders with mal-intent, attempting to subvert the device’s functioning. These include everyone who may have access to the EVM over the cycle of design, manufacture, testing, storage, maintenance, calibration and deployment.

The Indian EVM is interesting from a design perspective because it is a single-purpose device, unlike most other voting machines developed elsewhere, and its functionality is achieved through a combination of hardware and firmware. The prescribed process for its use does not require wireless communication and it is not fitted with hardware to enable such communication. Thus, it is not immediately vulnerable to exactly the same attacks that work on other voting machines. However, the design by itself is not sufficient to protect the EVM from tampering or error. A general class of vulnerabilities is common to both the Western machines and the EVM. These vulnerabilities arise because of the difficulty of determining exactly what a given electronic machine will do in every scenario, and because those with physical access can change and probe aspects of the hardware or software (for example, they can fit the machine with a wireless receiver, swap out a ROM, or determine the key used to provide cryptographic security).

While the EC has announced several times that it believes that the EVM is tamper-proof because of certain design aspects, there has been no release of any detailed information about these design features. As a result, there is no clarity regarding EVM security.

The EVM Challenge, beginning on 1 May 2017, should be treated as a means through which voters and the public in the world’s largest democracy may understand the security strengths and weaknesses of their voting technology. It would be a waste of time and energy if the EVM Challenge is executed as a superficial exercise without full access and transparency. Our recommendations for enabling transparency in the process are listed in the main body of this letter.

Independent of the outcome of the EVM Challenge, the EC should enable the creation of VVPAT records, ensure their secure storage separate from the EVMs, and conduct regular VVPAT audits for each election. It is heartening to note that funding for VVPAT capabilities was recently approved by the Cabinet after persistent requests from the EC. The creation of the VVPAT records is not sufficient, however; the records for each election should be audited. Audits involve the examination of a randomly-chosen subset of the VVPAT records and are, generally, much more efficient than a full hand count.

The EC has a well-deserved excellent reputation worldwide. It successfully carries out elections in a very challenging environment: with a large number of voters over diverse geography, climate, literacy and culture, making extraordinary efforts to be inclusive of all voters. We hope that the EC will keep up the positive momentum and conduct a genuinely open and substantial EVM Challenge so that voters may understand better the capabilities and limitations of their voting technology. This can only enhance the trustworthiness of our elections and the vibrant nature of Indian democracy.

Signatories
Note that affiliations below are included for identification purposes only and do not reflect the view of the signatories’ employers or collaborators. Those names marked with an asterisk were added after the letter was sent to the EC.
David D’Lima
Education: B. Tech. (IIT-Bombay); M. S. (North Carolina State University);
Position: Vice President, Integrated Platforms and Solutions
Wipro, Bengaluru
Shripad Dharmadhikary
Education: B. Tech. (IIT-Bombay)
Position: Policy Researcher
Manthan Adhyayan Kendra, Pune
Gautam Doshi
Education: B. Tech. (IIT-Bombay); M. Eng. (University of California, Berkeley);
Position: Senior Principal Engineer
Intel Co., Bengaluru
Bopana Ganapathy
Education: Ph. D. (University of Kentucky)
Position: VP Engineering & Site Leader
CA Technologies, Bengaluru
Manjusha Madabushi
Education: B. Tech. (IIT-Bombay); M. S. (Northwestern University);
Position: Co-founder
Talentica Software, Pune
A M Nagabhushan
Education: M. Tech. (IIT-Bombay);
Position: Professor
Ramaiah Institute of Technology (MSRIT), Bengaluru
Narendra Nande
Education: B. E. (Amravati University); M. E. (Shivaji University);
Position: Senior Director, Software Engineering
Eximius Design Inc., Bengaluru
R Ramanujam*
Education: B.E. (BITS, Pilani); Ph. D. (TIFR Mumbai)
Position: Professor
Institute of Mathematical Sciences, Chennai
Nitin Shimpi
Education: B. Tech. (IIT-Bombay); M. S. (Marquette University)
Position: Co-founder
Talentica Software, Pune
Soumitra Sen
Education: B. E. (Jadavpur University); M. Eng. (IISc.); PGSM-MBA (IIM, Bangalore)
Position:VP & Head of Engineering, Cloud Managed Security
Paladion, Bengaluru
K V Subrahmanyam
Education: B. Tech. (IIT Bombay); Ph. D. (TIFR Mumbai)
Position: Professor
Chennai Mathematical Institute
V. Sundar*
Education: B. Tech (IIT-Bombay); Ph.D. (University of Chicago)
Sanjay Tambwekar
Education: B. Tech. (IIT-Bombay); M. S. (North Carolina State University);
Position: CTO
Qwikcilver Solutions, Bengaluru
Amaldev V.*
Education: B.Tech(Govt. Engg. College Barton Hill, Trivandrum) M. Tech. (IIT-Bombay);
Position: Engineering Lead
ACPAD Instruments, Mumbai
Vibha Apte-Gaitonde
Education: B. Tech. (IIT-Bombay); M. S. (Oregon Health and Science University);
Position: TPM, Technical Infrastructure Deployment Engineering
Google, Mountain View
Hanmant P. Belgal
Education: B. Tech. (IIT-Bombay); M. S. (North Carolina State University);
Position: Principal Engineer
Intel Co., Sacramento
Rema Hariharan
Education: B. Tech. (IIT-Bombay); M. S. (Virginia Polytechnic Institute and State University); Ph. D. (University of North Carolina, Chapel Hill);
Position: Senior Principal Data Scientist
eBay, Austin
Milind Kandlikar
Education: B. Tech (IIT-Bombay); Ph. D. (Carnegie Mellon University);
Position: Professor, Liu Institute for Global Issues and Institute for Resources, Environment and Sustainability
University of British Columbia
Manisha Kher
Education: B. Tech. (IIT-Bombay); M. S. (Syracuse University);
Position: Senior Principal Software Engineer
New York Genome Center
Nasir Memon
Education: B. Eng. and M. S. (BITS-Pilani); Ph. D. (University of Nebraska);
Position: Professor, Computer Science and Engineering,
New York University (Brooklyn)
Varun Nagaraj
Education: B. Tech. (IIT-Bombay); M. S. (North Carolina State University); MBA (Boston University);
Position: President and CEO
Sierra Monitor Corporation, Milpitas
Bhagirath Narahari
Education: B. Tech (BITS-Pilani); M. S and Ph. D. (University of Pennsylvania);
Position: Professor, Computer Science
The George Washington University, Washington, DC
Gurumurthy Ramachandran
Education: B. Tech. (IIT-Bombay); M. S. (Virginia Polytechnic Institute and State University); Ph. D. (University of North Carolina, Chapel Hill);
Position: Professor, Environmental Health and Engineering
Johns Hopkins University, Baltimore
Pankaj Rohatgi
Education: B. Tech (IIT-Delhi); Ph. D. (Cornell University);
Position: Fellow, Security Technology
Rambus Cryptography Research Division, San Francisco Bay Area
Sanjay Sarma
Education: B. Tech (IIT-Kanpur); M. E. (Carnegie Mellon University); Ph. D. (University of California, Berkeley)
Position: Professor, Mechanical Engineering
Massachusetts Institute of Technology (MIT), Boston
Amitabh Shah
Education: M. Sc. (IIT-Kanpur); M. S. and Ph. D. (Cornell University);
Position: Strategic Business Development Consultant to software companies
San Francisco Bay Area
Anil M. Shende
Education: M.Sc. (BITS-Pilani); M. S and Ph. D. (State University on New York at Buffalo);
Position: Professor of Computer Science
Roanoke College
Ramesh Subramonian*
Education: B. Tech (IIT-Bombay); Ph.D. (University of California at Davis)
Position: Distinguished Engineer
NerdWallet Inc, San Francisco
Gitanjali Swamy
Education: B. Tech (IIT-Kanpur); Ph. D. (University of California, Berkeley); MBA (Harvard);
Position: Director of Special Projects, Private Capital Research Institute at Harvard Business School
Poorvi L. Vora
Education: B. Tech. (IIT-Bombay); M. S. (Cornell); M. S. and Ph. D. (North Carolina State University);
Position: Professor, Computer Science
The George Washington University, Washington, DC
Arun Yethiraj
Education: B. Tech. (IIT-Bombay); M. S. (Louisiana State University); Ph. D. (North Carolina State University);
Position: Meloche-Bascom Professor of Chemistry
University of Wisconsin at Madison

Source: Poorvi Vora Homepage

The dark craft of Engineering Managemet – Laura Thomson

I came across this wonderful post by Writer & veteren PHP developer Laura Thomson titled The dark craft of Engineering Management. Completely agree with her. Here are some excerpts that I liked in particular:

“Management is the craft of enabling people to get things done.”

Engineers, in general, know their jobs, to a greater or lesser extent.  My job, as an engineering manager, is to make their jobs easier.

Autonomy is the key to scaling yourself as an engineering manager.  As an engineer, I hate nothing more than being micromanaged.  As an engineering manager, my job is to communicate the goals and where we want to get to, and work with you to determine how we’re going to get there.  Then I’m going to leave you the hell alone to get stuff done.

Don’t become an engineering manager because you want power – that’s the worst possible reason.  A manager is a servant to their team.  Become a manager if you want to serve.

 

Online Privacy & National Security – A statement by Oxblood Ruffin

I had the pleasure to listen to Oxblood Ruffin at All India Privacy Symposium at New Delhi last week & was hugely impressed by the way he put the case for on-line privacy in very simple yet extremely persuasive words. I particularly liked the analogy between our virtual selves and our covered real selves. I have included the complete statement for the readers.

 The online citizenry of any country is part of its national security infrastructure. And the extent to which individual privacy rights are protected will determine whether democracy continues to succeed, or inches towards tyranny. The challenge then is to balance the legitimate needs of the state to secure its sovereignty with protecting its most valuable asset: The citizen.

It has become trite to say that 9/11 changed everything. Yet it is as true for the West as it is for the global South. 9/11 kickstarted the downward spiral of individual privacy rights across the entire Internet. It also ushered in a false dichotomy of choice, that in choosing between security and privacy. It was privacy that had adapt to the new realities, or so we’ve been told.

Lets examine some of the fallacies of this argument.

* The false equation. Many argue that we must give up privacy to ensure security. But no one argues the opposite. We needn’t balance the costs of surveillance over privacy, because rarely banning a security measure protects privacy. Rather, protecting privacy typically means that government surveillance must be subjected to judicial oversight and justification of the need to surveil. In most cases privacy protection will not diminish the state’s effectiveness to secure itself.

* The deference argument. Security advocates insist that the courts should defer to elected officials when evaluating security measures. But when the judiciary weighs privacy against surveillance, privacy almost always loses. Unless the security measures are explored for efficacy they will win every time, especially when the word terrorism is invoked. The courts must take on a more active role to balance the interests of the state and its citizens.

* The war time argument. Security proponents argue that the war on terror requires greater security and less privacy. But this argument is backwards. During times of crisis the temptation is to make unnecessary sacrifices in the name of security. In the United States, for example, we saw that Japanese-American internment and the McCarthy-era witch-hunt for Communists was in vain. The greatest challenge for safeguarding privacy comes during times when we are least inclined to protect it. We must be willing to be coldly rational and not emotional during such times.

We are often told that if you have nothing to hide, you have nothing to fear. This is the most pervasive argument the average person hears. But isn’t privacy a little like being naked? We might not be ashamed of our bodies but we don’t walk around naked. Being online isn’t so different. Our virtual selves should be as covered as our real selves. It’s a form of personal sovereignty. Being seen should require our consent, just as in the real world. The state has no business taking up the role of Peeping Tom.

I firmly believe that the state has a right and a duty to secure itself. And I equally believe that its citizens are entitled to those same rights. Citizens are part of the national security infrastructure. They conduct business; they share information; they are the benefactors of democratic values. Privacy rights are what, amongst others, separate us from the rule of tyrants. To protect them is to protect and preserve democracy. It is a fight worth dying for, as so many have done before us.

Thank you.

Oxblood Ruffin

You can follow Oxblood on Twiitter @Oxbloodruffin

Underdo Your Competition – on building web apps by David Heinemeier Hansson

I am reading one of DHH’s old book “Getting Real“. It is a really nice book explaining nice principles on building a killer web app. He emphasizes on building less rather than more. Building less features but doing them extremely well. I am quoting him here as it is:Getting Real

Conventional wisdom says that to beat your competitors you need to one-up them. If they have four features, you need five (or 15, or 25). If they’re spending x, you need to spend xx. If they have 20, you need 30.

This sort of one-upping Cold War mentality is a dead-end. It’s an expensive, defensive, and paranoid way of building products. Defensive, paranoid companies can’t think ahead, they can only think behind. They don’t lead, they follow.

So what to do then? The answer is less. Do less than your competitors to beat them. Solve the simple problems and leave the hairy, difficult, nasty problems to everyone else. Instead of oneupping, try one-downing. Instead of outdoing, try underdoing.

Facebook for BlackBerry

Facebook web applications are extremely popular but the Facebook desktop app often don’t get enough attention they deserve. Here are some of the apps that I have been using. Facebook app for BlackBerry is very useful in particular. Facebook widget for Netvibes and Facebook for flock are also worth checking.

Hooked on Facebook®? BlackBerry® smartphones can help! Now you can take Facebook with you on your BlackBerry smartphone! The best part is: you stay connected to Facebook the whole time. Download this free application and take communicating with your friends to a whole new level.

The Netvibes Widget allows users to view their Facebook profile and friends from their personalized Netvibes homepage.

Google Pack Adds StarOffice

via Google Operating System

Google Pack, the collection of applications recommended by Google, includes a new software: StarOffice, an office suite developed by Sun. In 2000 Sun released StarOffice’s source code, which became the foundation of OpenOffice.org, an open source project sponsored by Sun.