2010 Pioneer Award Winner Hari Prasad Defends India's Democracy
It has been some time since EFF blogged about Hari Prasad. Earlier this year, a team of security researchers led by Prasad, Alex Halderman, and Rop Gonggrijp was able to study an electronic voting machine (EVM) in actual use in India. The study was limited, because the researchers had agreed to return the machine intact, thus preventing them (for example) from getting to the software source code that is baked into the CPU. Still, contrary to claims by the Election Commission of India (ECI) that the machines are tamper proof and infallible, the study showed significant vulnerabilities that would not be difficult to execute. For his troubles, Prasad was arrested and jailed in August, held without bail in Mumbai for a week. Though he is now out on bail and in the United States, he still faces criminal prosecution for alleged theft of the EVM and other charges.
Electronic Voting in India
India is the largest democracy in the world. The use of EVMs in Indian elections, which began in national elections in 2004, now is pervasive. The Indian EVMs are DRE (Direct Recording Electronic) machines, in which votes are recorded only to the machine’s internal memory. There is no paper trail for later inspection or recount. Consequently, the use of such machines places full trust in the hardware and software.
There have been widespread allegations of EVM tampering, particularly in and subsequent to the 2009 national elections. In early 2009, Prasad, the Managing Director of NetIndia, (P)Ltd., a technology firm based in Hyderabad, was asked to attempt to demonstrate that the EVMs were not infallible. Quickly, he devised a number of proofs of concept that showed the likelihood of the fallibility of the machines. However, because he did not have access to an actual machine, his work was not conclusive.
The Path to EVM Research and Results
In September 2009, the Election Comission of India invited Prasad to inspect an electronic voting machine at ECI headquarters. Prasad and two other engineers began the inspection, opened up the machine, took notes, and examined the insides with a magnifying glass. However, before Prasad and the others could conclude their work, the inspection was halted. There are conflicting accounts about why it was shut down, but what matters simply is that still there were no independent studies of the EVMs.
But not long after, researchers were offered another opportunity to shed light on the inner workings of India's EVMs. As blogged by Halderman:
Then, in February of this year, an anonymous source approached Hari and offered a machine for him to study. This source requested anonymity, and we have honored this request. We have every reason to believe that the source had lawful access to the machine and made it available for scientific study as a matter of conscience, out of concern over potential security problems.
Halderman and Gonggrijp joined Prasad in Hyderabad for a conference on elections at the invitation of Satya Dosapati of Save Indian Democracy. They studied the machine and determined that a number of vulnerabilities existed that could be exploited fairly easily. In April, they published the results of their study. As one would expect, they took no position on whether any actual tampering had occurred, they demonstrated only that it could occur.
India Reacts to EVM Findings
The release of the study sparked a national debate. Many of India’s political parties called for the use of EVMs to be scrapped. However, on August 14, just days before Prasad was arrested, the new Chief Election Commissioner, SY Quraishi, told reporters that "EVMs are practically totally tamper proof..."
Then, at about 5:30 am on August 21, as blogged by Halderman:
... about ten police officers arrived at Hari's home in Hyderabad. They questioned him about where he got the machine we studied, and at around 8 a.m. they placed him under arrest and proceeded to drive him to Mumbai, a 14 hour journey.
The police did not state a specific charge at the time of the arrest, but it appears to be a politically motivated attempt to uncover our anonymous source. The arresting officers told Hari that they were under "pressure [from] the top," and that he would be left alone if he would reveal the source's identity.
Prasad and Halderman speak by phone as Prasad is being driven to Mumbai by the police.
Prasad remained in jail, held without bail, for a week. When finally he was granted bail, the Judge wrote in the bail order that:
...if the machine was possessed by the accused for demonstrating only that it could be tampered with, then the accused committed no offence. On the contrary, he has done a great service to the democracy.
An Indian news report on Hari being granted bail.
EVM Doubts Spread as Prasad Faces Continued Law Enforcement Pressure
Even after Prasad was released on bail in late August, he was mostly prevented for a significant period of time from returning to his home, family, and work in Hyderabad. The police in Mumbai had the right to question Prasad every day, and in fact did on most days. Because of the substantial distance between the two cities, returning to Hyderabad for more than a few very short trips was a practical impossibility until early October. During that time, the police repeatedly questioned Prasad about the identity of the anonymous source and little else, and told him that he would be discharged if he revealed the name.
Subsequent to Prasad’s release on bail, there have been a number of significant developments. The police have continued their quest to discover the identity of the anonymous source. An engineer and activist from Pune, Mukund Lagoo, was arrested and held without bail. Though not the anonymous source, Lagoo is believed by the police to be the person who made the physical delivery of the machine to Prasad. Dozens of others have been questioned by the police, including a former political leader who was able to get anticipatory bail in advance of being questioned, and many employees of Prasad’s company and their families.
In early October, at a meeting between the Election Comission of India (ECI) and all the political parties, there was a substantial call for a trial use of EVMs with paper trails. However, Congress expressed satisfaction with the EVMs. (Congress is the name of the largest political party in India, it is not an equivalent of the U.S. Congress.) ECI asked its expert committee to study the feasibility of incorporating a voter verifiable paper trail into the EVMs, a significant change for ECI. Later, ECI invited all recognized national and regional political parties to submit suggestions to the committee, and to appoint their own technical experts to interact with the committee.
In an ironic turn of events, two weeks ago, Congress, traditionally the main supporter of EVM use, accused BJP, the largest opposition party, of tampering with recent municipal election results, and demanding that the EVMs be removed from forthcoming elections in certain locales. Congress said that the results of the election were achieved by machine magic and massive EVM tampering. When confronted with earlier similar accusations by BJP against Congress, Congress retorted that it, unlike BJP, had actual evidence of EVM tampering. That evidence has not been made public.
Prasad Presses On Despite Prosecution
Also two weeks ago, Prasad wrote about wide ranging reforms that India needs to undertake if it is to continue to use EVMs with any sense of confidence. Events suggest that India may be taking seriously the calls for reform. Still, Prasad continues to face prosecution. Two months ago, EFF wrote:
Prasad is a respected researcher who helped to discover a critical flaw in India's voting system. He and his fellow researchers would never have been able to document the weaknesses in India's voting machines without the help of their anonymous source. This is precisely why anonymity is important: it allows people to make important contributions to the public dialogue without fear of retribution.
The Election Commission of India should have given researchers access to the voting machines in the first place. Rather than attempting to persecute Prasad and the anonymous source, the government should be focusing its attention and resources on the real problem: electronic voting machines with no mechanism for accountability.
Two months later, those words are even more true. Both for his work exposing flaws in India’s EVMs and for his steadfast refusal to identify the anonymous source, EFF is honoring Prasad as one of this year’s four Pioneer Award winners. The award ceremony, which Prasad will attend, is on Monday night, November 8. Please come and help EFF honor Prasad and the other winners: Steven Aftergood, James Boyle, and Pamela Jones and the Groklaw website.
Recent DeepLinks Posts
Sep 30, 2016
Sep 30, 2016
Sep 29, 2016
Sep 29, 2016
Sep 28, 2016
- Abortion Reporting
- Analog Hole
- Anti-Counterfeiting Trade Agreement
- Artificial Intelligence & Machine Learning
- Bloggers' Rights
- Border Searches
- Broadcast Flag
- Broadcasting Treaty
- Cell Tracking
- Coders' Rights Project
- Computer Fraud And Abuse Act Reform
- Content Blocking
- Copyright Trolls
- Council of Europe
- Cyber Security Legislation
- Defend Your Right to Repair!
- Development Agenda
- Digital Books
- Digital Radio
- Digital Video
- DMCA Rulemaking
- Do Not Track
- E-Voting Rights
- EFF Europe
- Electronic Frontier Alliance
- Encrypting the Web
- Export Controls
- Fair Use and Intellectual Property: Defending the Balance
- FAQs for Lodsys Targets
- File Sharing
- Fixing Copyright? The 2013-2016 Copyright Review Process
- Free Speech
- Genetic Information Privacy
- Government Hacking and Subversion of Digital Security
- Hollywood v. DVD
- How Patents Hinder Innovation (Graphic)
- International Privacy Standards
- Internet Governance Forum
- Know Your Rights
- Law Enforcement Access
- Legislative Solutions for Patent Reform
- Locational Privacy
- Mandatory Data Retention
- Mandatory National IDs and Biometric Databases
- Mass Surveillance Technologies
- Medical Privacy
- Mobile devices
- National Security and Medical Information
- National Security Letters
- Net Neutrality
- No Downtime for Free Speech
- NSA Spying
- Offline : Imprisoned Bloggers and Technologists
- Online Behavioral Tracking
- Open Access
- Open Wireless
- Patent Busting Project
- Patent Trolls
- PATRIOT Act
- Pen Trap
- Policy Analysis
- Public Health Reporting and Hospital Discharge Data
- Reading Accessibility
- Real ID
- Reclaim Invention
- Search Engines
- Search Incident to Arrest
- Section 230 of the Communications Decency Act
- Shadow Regulation
- Social Networks
- SOPA/PIPA: Internet Blacklist Legislation
- State-Sponsored Malware
- Student Privacy
- Stupid Patent of the Month
- Surveillance and Human Rights
- Surveillance Drones
- Terms Of (Ab)Use
- Test Your ISP
- The "Six Strikes" Copyright Surveillance Machine
- The Global Network Initiative
- The Law and Medical Privacy
- TPP's Copyright Trap
- Trade Agreements and Digital Rights
- Trans-Pacific Partnership Agreement
- Travel Screening
- Trusted Computing
- UK Investigatory Powers Bill
- Video Games