
Election Commission of India throws “open challenge” to hack voting machines - moh_maya
http://www.thehindu.com/news/national/ec-issues-open-challenge-to-hack-evms/article17954709.ece?homepage=true
======
rattray
Shameless plug: the city of San Francisco is trying to build an Open Source
Voting System (officially!). Even the paper ballot scanners/tabulators in the
US are running proprietary, hackable software.

If you live in the Bay Area and are interested in securing elections, now is a
great time to get involved. There's a public meeting next week
(sfgov.org/electionscommission).

I'm also happy to get coffee and catch anyone up on where the effort stands –
email in profile.

EDIT: I should have clarified that the new system will remain a 100% paper
ballot system. The software involved is to organize, print, tabulate, and
tally ballots. There's a strong community that opposes inherently risky
approaches involving things like digital storage and the internet (again,
reach out if you're interested in joining!).

~~~
mcast
Having open source voting systems is a great thing, but electronic voting is
inherehently flawed and is a terrible idea. There's no way to prove the
checksum of your software is real unless you have root access to the voting
machine and are assuming the OS is not compromised.

Decentralized electronic machines that print paper ballots for you (which you
can physically verify), and submitting to a tabulator seem to be the safest
option. But your paper ballot can be compromised in transit by a worker. I
have also heard talks about using a blockchain-esque system for voting and
verifying it online with a hash code.

Here's a great video by Tom Scott:
[https://youtube.com/watch?v=w3_0x6oaDmI](https://youtube.com/watch?v=w3_0x6oaDmI)

~~~
pkd
The problem with that video is that it assumes that that the internet is
involved at some stage. In India, that isn't the case.

EVMs are not internet enabled, neither are they "programmed" by sticking a USB
in them. They come in huge sealed boxes to the centres, and are carried back
the same away. The data never leaves these machines. If my knowledge is
correct, the data can only be accessed by a high ranking election official
called the RO.

Paper ballots were the norm in India for over 40 years before EVMs were
introduced. Election fraud has been non-existent since then.

~~~
roystonvassey
>Election fraud has been non-existent since then.

Can you provide a source for this please?

~~~
pkd
I think it's disingenuous to ask for the proof of non-existence of something
so obvious that if it existed, it would have caused a huge uproar.

There has been no proof of election fraud in Indian elections since EVMs were
introduced, apart from the usual whining of the leaders who expectedly lost.

~~~
roystonvassey
Well, there _is_ currently a huge uproar in India about exactly this so I'm
not sure if it's all that disingenuous.

Moreover, even a cursory search of electoral frauds in India throws up a huge
gamut of complaints, ranging from 'ghost voters' to missing ballot boxes (and
EVMs). Parking aside an another unsubstantiated claim that leaders who lost
are just 'whining', I will still contest the claim that 'there have been no
electoral frauds' since EVMs were introduced, as your original comment
implied.

------
viksit
I'm surprised at the number of people here who think this is a bad idea. To
quote Bruce Schneier,

"Security is a process. For software, that process is iterative. It involves
defenders trying to build a secure system, attackers -- criminals, hackers,
and researchers -- defeating the security, and defenders improving their
system. This is how all mass-market software improves its security .... Smart
security engineers open their systems to public scrutiny, because that’s how
they improve. The truly awful engineers will not only hide their bad designs
behind secrecy, but try to belittle any negative security results."

A couple of things to note here,

\- This is not the first time. It was done before in 2009.

\- It is in a physical location, and will be monitored by people.

\- There are various "stages" involved, and I'm guessing anyone who's invited
will be vetted.

So we have a monitored, time bound, physical access to device hack-day, open
to people to try and break a system to learn it's possible flaws - if
anything, the system is only going to get better not worse.

The likelihood of someone finding a vulnerability and not disclosing it is
much more troublesome when they were the only people doing this. If the system
is opened up to a large number of people, it is more likely that the
vulnerability in question __will__ be found and fixed.

------
badsock
Imagine if you took a vote with paper ballots, and then went to every one of
the tens (if not hundreds) of thousands of people who had a hand in creating a
voting machine (think of the millions of lines of code in the OS and drivers,
and the billions of transistors) and left the unsealed box of votes with each
of them, alone, for several hours. That box would travel to people in many
foreign countries, some working for intelligence agencies. Would you trust the
votes after that?

It's possible to hide exploits in so many places - consider the obfuscated C
contests, or the trojans that have been found in SSDs, or that hack a while
ago where someone compromised a RNG by undetectably tweaked the dopant levels
on a chip.

It takes very little to swing an election if you're strategic, sometimes less
than 1% of the vote, and having the head of a state owe you a favour (not to
mention the blackmail material), is well worth compromising one or more of the
people involved in the production of the machine.

To make a demonstrably exploit-free voting machine, you'd have to design and
manufacture every chip yourself and write every line of software (including
the OS) yourself. Not only that, but everyone involved would have to be
trusted to not be bribed, and to not make any mistakes that could lead to an
external exploit. That's completely unrealistic, so countries are essentially
saying "it's OK if there's a possibility for someone to take control of our
country through fraud, because even though we know for sure that it's
possible, we don't think it will happen to us".

Elections are too important to let the fools and charlatans who say things
like "unhackable" to have influence over anyone with the the power to make
decisions about electronic voting machines. _Everything_ is hackable, given
the resources and the motivations. Gaining control of an entire country is
sufficient to have both.

~~~
trowmeaway
This. You are basing the bedrock of your democracy/country on an illusion.

I have had countless discussions with my colleagues and not one of them
understands the gravity of closed EVM machines instead believe in security by
obscurity. It makes me sad that if the very people who work in technology are
like ostriches with their heads buried in sand, how can you expect the lay
person to understand the argument for implementing a verifiable system. Its an
anathema.

Anyone who argues for this is either a case of sour grapes or anti-
government/anti-democracy.

Also can anyone please clarify how one one can go about taking part in this
process, wasn't clear to me from the article.

~~~
HaoZeke
It's a fluff piece.

The govt will invite some unknown or well paid experts, and get a clean bill
of security. Simple.

------
throw_away_elec
This is _not_ a technical issue. This is pure ly a political issue. Allow me
to explain why I say so.

This purported "open challenge" is an response to the current political drama
staged by the opposition parties crying foul over lost elections.

In UP, the current ruling party sweeped with a thumping majority. (325/403)

But, the same Congress and AAP that were defeated to nil in UP, got
significant and in fact leading number of seats in Punjab - 77/117 and went on
to form the government. AAP got to form the Govt in Delhi in the last
elections.

In Manipur and Goa - Congress got 28 and 17 respectively and was the single
largest party. It is another story that they were not able to muster enough
strength to form the government. [1]

So, basically, they cry foul in UP accusing the machines were rigged. But,
they happily accept the same machines' verdict in Punjab and form the govt and
conveniently ignore the fact that in two other states the same machines gave
them the single largest party status.

What election commission is trying to do is to prove their parity across
parties, which you can see from the above results. Election Commission is an
independent body in India and cannot be influenced or rigged towards one or
other party of which the opposition is accusing them of unfairly.

Having said that, yes, any system is hackable may be, people can try. But,
hey, at least EC is open about it and cannot be accused of favouring any one
entity. It can be thought of as a hackathon and if someone finds a bug, they
will fix it.

[1] [http://www.india.com/assembly-
election-2017/](http://www.india.com/assembly-election-2017/)

~~~
throwaway132
Minor correction: AAP had no candidates in UP, so they did not lose there.
They got 20/117 in Punjab and a NIL in Goa.

Political parties crying after losing elections is nothing new in India. BJP
cried after the 2009 Lok Sabha results. See this speech in the matter by
Subramanian Swamy (a senior BJP leader):
[https://www.youtube.com/watch?v=AXpPRbQx1WI](https://www.youtube.com/watch?v=AXpPRbQx1WI)

~~~
throw_away_elec
Agree on AAP. I was meaning to write they did not cry when they won in Delhi.

For Subramanyan Swamy, if I remember correctly, he did not stop at crying
foul. he went to Supreme court and got the VVPAT installed. It is another
matter if VVPAT makes it foolproof though, but definitely helps.

I am not supporting this party or that party - all I am saying is that - 1. EC
cannot be blamed for partiality as it is made out by the opposition parties
and media 2. This is more of a politically driven issue than a majorly
technical exercise.

------
sanbor
Better than in Argentina where a guy reported to the company that built the
voting machines about some SSL certificates being leaked and they raided his
home and then sued him.

In a national law to introduce voting machines nation-wide the law sets up to
five years IRLC if someone does an unauthorized audit. Luckily the law was
repealed last year but the current government is still pushing voting machines
province by province.

[http://www.argentinaindependent.com/currentaffairs/analysis/...](http://www.argentinaindependent.com/currentaffairs/analysis/the-
debate-over-electronic-voting-in-argentina/)

[https://gist.github.com/sebadoom/f0eedcba2f39e3e07a1c](https://gist.github.com/sebadoom/f0eedcba2f39e3e07a1c)

------
sremani
Booth Capturing and Ballot Stuffing were violent practices esp. in 80s and 90s
in some places during Election. People actually died for every election cycle
either perpetrating or protesting these kind of things.

Given the logistics, introduction of EVMs have reduced these kind of election
day events, even though Election day violence is more clashes between
supporters, the polling booths are much safer now than couple of decades ago.

~~~
srean
I would argue that the methods of electoral fraud have changed. Now a days its
more of "may I have your voter id card, why do you want to go out and vote,
who knows what may happen, may be you will get a broken leg, may be your child
will get one. Let me help you, I will cast the vote for you. You dont even
need to show up....you know the broken leg and all...why take the risk"

~~~
intended
Because it has changed. The EC actually works. If you knew anything about
elections even 3 decades ago, the fact that India has managed to give most
people an election which works, is fucking amazing. It's a fact woefully lost
on the generations born after a certain point.

I won't say voting machines are the magic to it all, but it did help a country
with labor and service delivery issues to manage it better.

EVMs were always hackable, but the critical man power and tech orientation in
political parties to take advantage of this hasn't been there.

This may only recently have changed. Even then I doubt it, there's other ways
to win elections.

~~~
srean
> The EC actually works

Sorry that's absolute bull. Apart from an exception or two ECs have been
sycophantic puppets, ever ready to grovel. It seems you weren't born
yesterday, neither was I, so you would know this.

Even if EC intends to do good, he/she cant do much until there is a formal
complaint raised by the district magistrate (many are simply bought out). So
even if the opposition cries itself hoarse, EC does zilch.

I am not making any claims about the EVMs, just that the electoral process is
no where close to as clean many of its proponents claim it to be. Tech alone
cannot solve this problem. What we have here is the analogue of rubber hose
decryption.

~~~
viksit
> Sorry that's absolute bull. Apart from an exception or two ECs have been
> sycophantic puppets, ever ready to grovel.

I strongly disagree with your assessment. The mechanics of what happens when
polling starts as I remember it,

\- The EC assumes complete control over all civil services, including
transferring people in response to independent assessment and complaints.

\- Courts in India can't interfere with the EC. The government is disallowed
interference as well. The constitution guarantees this and has been upheld by
judgments in the past years.

\- The chief EC commissioner can only be removed by impeachment in Parliament.
The other two election commissioners can only be done so by the CEC's
recommendation.

\- Senior officials from different states are election observers in other
states - and they are liable to be suspended even if phone calls are recorded
between them and a political appointee.

\- All paramilitary and police forces come under the command of the EC. As a
result, they are free of machinations from the home ministry which is usually
responsible for their control.

\- Candidates make multiple reports during the campaign process and the EC
does strict accounting for all this. It bans liquor sales and drafts banks to
report any overt cash transactions.

I don't know where you're getting your information from, when you were born,
why you think the EC is sycophantic, or how that would even help - but the
EC's role in the Indian elections is more like a safe maker trying to hoodwink
the safe cracker - it will never be perfect, but given its many
constitutionally guaranteed rights, it is agile enough to try and stay a few
steps ahead of the curve. It is this very flexibility via which the ECI can
even think about opening something like this up to a challenge.

~~~
srean
> I don't know where you're getting your information from,

Using eyes and ears and just being aware of my surroundings.

Trivial counterpoint. Pickup a state, say West Bengal. Count the number of
egregious incidents of violence and intimidation reported by competing
political parties and the media, including live videos. What action has the EC
taken and what has that changed.

> \- The EC assumes complete control over all civil services, including
> transferring people in response to independent assessment and complaints.

... and then does what ? You are being completely naïve in the open bedfellows
relationship with IAS and politicians. There are exceptions, but rare.

~~~
viksit
> Using eyes and ears and just being aware of my surroundings.

Hmm, not quite the best sources of information then. Have you talked to anyone
on the ground? Have you been an election observer or volunteered in any? Have
you read the independent reviews of the EC? Talked in any detail to senior
officers in any branch of the executive who may offer perspective?

> Trivial counterpoint. Pickup a state, say West Bengal. Count the number of
> egregious incidents of violence and intimidation reported by competing
> political parties and the media, including live videos. What action has the
> EC taken and what has that changed.

Hardly trivial. This is a law and order situation, and is dealt with
appropriately.

> ... and then does what ? You are being completely naïve in the open
> bedfellows relationship with IAS and politicians. There are exceptions, but
> rare.

Naïveté is an easy thing to call upon in cases when information isn't easily
accessible. Your statement, to me, makes it appear that not only could you
have wrong or incomplete information shaped by public media - you're not
willing to even consider that this may be the case!

~~~
srean
> Hmm, not quite the best sources of information then.

Well, when I am standing in a queue to vote, I trust my eyes and ears more
than what some report says about things that happened while I was standing
there.

> This is a law and order situation, and is dealt with appropriately.

All that law and order violations were a means to an end and the end is
tampering with the mandate and that is exactly where the EC has to step in. If
all they can do is pass the buck and let the tampered mandate be counted as
real, well it is not serving its one and only purpose. I am being charitable
here in assuming goodfaith on EC's behalf.

> Have you talked to anyone on the ground?

yes many

> Have you been an election observer or volunteered in any?

volunteered yes, but not formally as an election observer and not as a part of
any political outfit.

> Have you read the independent reviews of the EC? Talked in any detail to
> senior officers in any branch of the executive who may offer perspective?

some of it runs in the family so I do have some insiders perspective plus
volunteerism does give me opportunities to interact with IAS officers in the
field.

And public media especially TV is crap, newspapers are somewhat better. There
are one or two decent ones that I treat with some respect, rest are
tabloid'ish garbage. But to the larger point, no, my opinions have very little
to do with what goes on the popular media.

------
sa1
Their past tactic used to be to arrest researchers who pointed out flaws in
the machines. I'm not sure anything much has changed.

~~~
baali
Reference of this: [http://archive.indianexpress.com/news/researcher-arrested-
ca...](http://archive.indianexpress.com/news/researcher-arrested-cant-name-
official-who-gave-him-evm-police/663654/0) and
[https://www.wired.com/2010/08/researcher-arrested-in-
india/](https://www.wired.com/2010/08/researcher-arrested-in-india/)

~~~
prasadjoglekar
Both articles state that the researchers were arrested for stealing (or taking
possession of) a voting machine. Quote from the Wired article: "Halderman says
the researchers believe the person who gave them the voting machine had legal
access to it and provided it in the interest of transparency and scientific
study."

That's a little different than being arrested for finding bugs in the software
or hardware. Prima-facie, it does seem like stealing government property
without proper written authorization. Arrest still seems excessive, but the
circumstances seem to be a bit more nuanced.

------
taherchhabra
Looks more like a media stunt by the Election commission to save its face. If
they are real serious then they should pay security researchers to find a bug
in the EVMs, Like bug bounties with real money prizes. As a computer
programmer I find it hard to believe that EVMs cannot be hacked.

~~~
geodel
Even better political parties which are claiming about machines fallacy should
show some better evidence than 'Only because of machines we lost' bullshit.

~~~
mannykannot
The burden of proof (or at least of showing good evidence) rests on those
deciding to deploy the equipment. If the best response they can offer is to
assert "that did not happen", the system is not ready for deployment.

------
drewbailey
Ignorant question, do these kinds of challenges open up risk to someone being
able to test the system, find vulnerabilities and then not disclose them so
that they can be exploited when the election actually comes around?

~~~
HaoZeke
Yes and no.

The chances of only one person finding them reduces drastically, so even if
someone wants to hide a flaw another might expose it...

If only to keep their credibility.

------
DarkKomunalec
And how do we know the machines no-one was able to (publicly) hack are the
same ones, running the same code, that are then used in the elections? That no
on-chip memories were re-flashed, that no secret hardware bug/backdoor was
used? No matter how open source/open hardware/open audit you go, in the voting
booth they're still black boxes that could have been tampered with.

~~~
jezclaremurugan
I'm not saying these machines are unhackable, but with the addition of
additional constraints they are _almost_ perfectly secure.

For ex., On election day, mock voting and counting is done in the presence of
all party representatives - the results are then erased before the actual
counting. And representatives of all parties are mostly around when these
machines are moved around and counted. Also, the way party symbols are listed
is not pre-determined etc. and hence cannot be predicted by someone wanting to
add votes to a particular party.

Source - my mom has been a presiding officer during elections a couple of
times, and I've looked at the training manuals..

~~~
nileshtrivedi
Mock voting can only detect malfunctions, not backdoors. Randomization of
candidate ordering is a trivial challenge to overcome for a backdoored EVM.
Don't fall for EC's PR.

Here is an example: Is NOTA ("None of the above") option's location also
randomized? If not, a backdoor would listen for this sequence: NOTA, NOTA,
NOTA, X, NOTA, NOTA, NOTA, X. And then it would start re-assigning votes in
favor of X with say 60% probability. It doesn't matter where X is located. The
backdoor might trigger only after a few 100's or 1000's votes have been given.
How will mock voting or randomization help here?

The sad thing is that all these weaknesses have already been detailed in Hari
Prasad's original paper. But EC continues to dish out the same flawed defense:
[https://indiaevm.org/evm_tr2010-jul29.pdf](https://indiaevm.org/evm_tr2010-jul29.pdf)

------
smdz
Such a challenge could be a huge disaster for the EC of India

Can a single EVM be hacked? when its not connected to internet - With
sophisticated tech (and engineers) - Yes. Its digital electronics after all

Can that be done consistently across machines under different ambient
environments? - Higher than 50% accuracy, but not 100%.

Can it be done at scale? No - that would be too costly even for the political
parties with a higher probability of it becoming a widely known technique

But the answer to the first question is enough for the opposition political
parties to force India into paper ballot voting. And paper ballot in India is
easily hackable for political parties - just spend money, hire bullies and
prevention is ensured not to work at this scale.

------
pksadiq
Can anybody share a complete set of images (from every angle) of electronic
voting machine used in India. How many ports does it have (USB?, UART
(RS232)?, any other?). Its working details, etc?

------
hackuser
Consider what happens if an attack is detected _after_ an election:

As HN readers know, even if you know your systems have been penetrated it can
be very difficult to detect the extent of the damage: Which records have been
changed? Deleted? Added? And what authority decides? We can expect that every
party will produce experts who make claims in their parties' interests.

Probably, we wouldn't know the accurate election results. What then? Rerun the
election?

* Is there a legal provision for that? What authority gets to decide that the democratic will of the people, the ultimate authority, is invalid and should be tested again? That is a very dangerous path to go down.

* If the results change, you can imagine the response from the new losers and their supporters.

* Who is to say the second election is valid? If the same machines are used, will the public trust them? Is there time to create a new national election infrastructure?

Reporting a possible attack to the public could destabilize democracy and have
no real resolution. As has been reported, intelligence agencies such as the
Russian FSB may be more interested in destabilizing things than in a
particular result. They could even purposely leave evidence of an attack,
without carrying through with it (and of course hiding the true perpetrators).

Based on that reasoning, it is absolutely essential that we prevent attacks.
My very strong opinion is that a purely paper election is the only solution.

------
bArray
"The Commission had announced a similar challenge in 2009 and it claimed no
one could hack its EVMs."

No one can hack them, or nobody has had long enough with just "a week or 10
days". Hardware and software reverse engineering can take significantly
longer, depending on the complexity of the machine. It's likely they will also
be limited in what they are allowed to use. If they are so confident, open
source the designs and let researchers take a look.

Another reason for why their claim may be false, is the value of somebody
freely giving their hack away. Sure, a moments national glory as you get a
targeted painted on you for publicly embarrassing your government - or - lots
of bit coin on the black market to the highest bidder.

Ideas:

* Simply place a piece of pink paper over the top to change the details, so the buttons no longer correlate to their correct vote. Enough people in enough provinces would make a serious difference. At the end of the day, have somebody take the paper back off before the poll closes so that the evidence of tampering is gone.

* Large electro magnet to device, making all votes erased. Using statistical data from previous elections, as well as popularity polls from previous elections, predict which machines will be worth taking out to sway the vote. These devices are electronic, therefore likely to use some form of memory that is electromagnetically erasable or corruptible.

* Hack the device that retrieves the data from the machines.

* Social engineering, through bribery or blackmail.

~~~
geodel
It is not some powerless hackers/individuals who claimed machines are
hackable. These claims are made by powerful political parties with resources,
government in various states and large cadre etc.

So your points are not applicable in this case. Hacking machines should be
much easily provable than random generic political charges like
'govt/politicians are corrupt' or officialdom is lazy etc.

------
enugu
The value of keeping a paper trail has got lost in mutual political
accusations. Appearance of correctness is important just like being correct.

~~~
mtgx
In some of the U.S. states they do keep paper ballots, but when they did an
audit and saw some significant discrepancies, they threw their hands up in the
air and said that it's probably nothing nefarious - just machines being
glitchy and all.

So paper ballots are nice, but it's certainly not enough. You need a system
put in place so that when there's an audit and the numbers don't match, a
revote is automatic, and the commission can't just excuse the issue away with
"glitches." Or at the very least, you recount all the paper ballots and go
with _those_ results.

But this process needs to be _guaranteed_ under the law somehow. You can't
leave it up to the those in charge of the elections, who may happen to benefit
from a result, to decide whether there should be a recount or revote. And the
punishments should be drastic otherwise (we are talking about maintaining the
integrity of the democracy after all - slaps on the wrist shouldn't happen
punishments need to be handed).

~~~
eli
There was an election recount that found a significant difference between the
paper count and machine count? I'd like to read more. Do you have a link?

------
jacquesm
Every country that uses voting computers should do this. Instead, the usual
attitude is one of security by obscurity and limited access.

------
scardine
Brazil had some events like this but all of them were façades. They are
designed to validate the decision to deploy electronic voting machines and
nothing else so only a carefully selected group of people will be invited,
there will an impossible time limit and machines should be handled like black
boxes (they were not considering some group stealing a voting machine in order
to study it).

At one particular event[1] an engineer detected RF noise leaking from the
keyboard (Van Eck Phreaking) but the government dismissed it as not being a
practical attack. In a country where politicians literally buy votes in poor
regions, vote secrecy is a big concern.

[1] [http://pcworld.com.br/noticias/2009/11/23/perito-quebra-
sigi...](http://pcworld.com.br/noticias/2009/11/23/perito-quebra-sigilo-em-
urna-eletronica-do-brasil/) (in Portuguese, sorry)

------
YCode
> The Commission had announced a similar challenge in 2009 and it claimed no
> one could hack its EVMs.

That's a bold claim. Makes me wonder about the validity of their tests and how
they evaluate results.

~~~
captn3m0
I couldn't find a single news article referring to any such challenge that
happened in 2009.

------
gregmac
The problem with voting machines is so much deeper than 'hacking the machine'.
It's a matter of trust of the code and perhaps more importantly, all of the
people and process that are involved in the software, hardware, and running
the actual election.

Is the source open, and has it been audited? Has the tool chain been audited
(eg: the attack described in Reflections on Trusting Trust [1])? Are they
using reproducible builds[2]?

This includes not just the software loaded on the machine itself, but the
tallying software used to count all the results.

Even if you can verify the code contains nothing like a "defeat device" [3]
(eg: detect it's actually election day and only then enable vote-stealing
mode), how do you know what's actually being used?

How does a voter verify that the build running on the machine is actually
valid and the expected one? Even if the voter has to trust the people running
the election, how do _those_ people verify it? If all the polling stations
load software onto the machines on election day (to ensure it's the right
software), that opens up the possibility of someone injecting their own bad
software. If they have to rely on a central organization loading the machines,
there's a whole delegation of trust happening and being concentrated in one
place -- easier to verify, in some ways, but also easier to compromise.

So the only way to run a valid contest is to provide access to the entire
process. Can I modify the software used to tabulate? Can I act like I working
at the company providing the software/hardware and have access to the code,
build process and signing keys?

If that's possible, and you can still detect cheating, then that's great, but
I also fear it's an arms race with no end, and it's just a matter of one-
upping the other side.

[1]
[https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thomp...](https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf)

[2] [https://reproducible-builds.org/](https://reproducible-builds.org/)

[3]
[https://en.wikipedia.org/wiki/Defeat_device](https://en.wikipedia.org/wiki/Defeat_device)

------
throw_2017_away
If you believe in democracy and have the skill set to do the deed, please give
this a go. I believe this is a non internet connected device. For the recent
state elections, voting happened months before the results were announced.
Even exit polls were deemed a criminal activity. The machines were sitting
with "officials" in a "lockdown" for months till they were counted. You have
to prove that you could somehow alter the count when you have the machine for
1-2 months while also having any cryptographic keys necessary in your
procession. One current chief minister(The elected leader in state) and 3
former chief ministers suspect the elections were rigged in Uttar Pradesh, a
state with 220 million population with 20% Muslim population and the election
installed a right wing Islamophobic leader who could be the leader when
another Gujarat style riot happens(2000 Muslims and 800 Hindus got killed
while our current prime minister was the chief minister there. He was cleared
of all wrong doing by supreme court as no proof existed of direct collusion.
Some call this a genocide.)

~~~
throw_2017_away
For starters, the newly minted Uttar Pradesh government installed a Anti Romeo
squad to prevent what's called "Love Jihad", roving gangs of young muslim men
trying to get Hindu girls to marry in a sinister plot to increase the Muslim
population. As per Indian constitution, you can have 4 legal wives if you are
Muslim and divorce anyone with three utterances of the word "talaq". Uttar
Pradesh government also has an anti beef squad to prevent killing of holy
cows. Recently 4 men transporting cattle in a vehicle were apprehended and
assaulted. One of them died because of the heavy beating he received. These
"squads" are employed by state in a quasi legal manner. There's also talks of
reviving a demand to build a Hindu temple on Babri Masjid, a 14'th century
mosque that was demolished in 90s by the current constituents of government
causing nation wide riots. The mosque was demolished as vengeance for an
alleged demolition of an early Hindu temple on the same area during the time
of the first Muslim emperor in India in 14th century.

~~~
sremani
Babur is not first Muslim ruler, first battle of panipat was 1527 (or near
that year), he fought against Delhi Sultanate, which is already Muslim.

Babur was king of Fergana Valley, and half-turkic and half-mongol, who lost
his kingdom because of logistic blunder and was invited to India by a Prince
and thus started his campaign in South Asia.

He did destroy a Temple (which already survived about 5 centuries of Islamic
rulers) and built the mosque, the mosque was not being used since 1949 or so,
and Hindus were praying on the grounds since mid-80s.

~~~
tacomonstrous
He was certainly the first Muslim ruler to be termed an 'emperor' by
historians, so I'm not sure what you're arguing.

~~~
sremani
If you want to say, Babur was first Muslim Emperor of India, bring the
argument with references. Tuglak had bigger Empire than Babur, and he was well
into Deccan and even moved the capital there. This was 200 years before Babur.

[https://en.wikipedia.org/wiki/Muhammad_bin_Tughluq](https://en.wikipedia.org/wiki/Muhammad_bin_Tughluq)

I am not arguing here, I am correcting mis-representations made in his
comment.

------
Fej
This won't take long.

Obligatory Computerphile/Tom Scott video on why voting machines are an awful
idea; if you haven't seen it, it's a great watch:
[https://youtu.be/w3_0x6oaDmI](https://youtu.be/w3_0x6oaDmI)

~~~
kefka
In all honesty, I like the implementation Estonia is doing.

In effect, your identity card allows you to vote as many times as you wish.
You cannot see your vote, but the newest vote overwrites the previous vote.

This means, that if you are coerced to vote a certain way, you can simply make
another vote and wipe out the previous one.

The only downside is this would require a national ID program, which many
religious extremists are very much against.

~~~
Karunamon
Many not-religious-extremists are against it too. Given the abysmal security
record of the federal government, putting all the things in one database
instead of having it distributed among 50 just makes it a bigger target.

That, and knowing the federal government, such a system would cost a ton, be
an overwrought mess of spaghetti code created by some Enterprise Software(c)
firm, barely work, and most importantly, be rolled out primarily to benefit
the government, rather than the citizens paying for it.

No thanks.

~~~
icebraining
Having a smartcard and having a single database are two completely orthogonal
issues. In my country, we have the former without the latter - in fact, we
still have different IDs for different services¹. The smartcard serves as a
single authentication device, much like you can have a single SSH key for many
servers.

¹ Using a single ID for each person is forbidden by our constitution, in the
article regarding the usage of IT.

~~~
Karunamon
Fair enough, but that still doesn't obviate the cost and competence concerns.
Knowing the state of fed IT, it would probably wind up being a 5-year-old RSA
dongle variant that uses RC4 or some such.

------
perseusprime11
Why can't people figure out a way to simply vote through their mobile phone?
Either through messaging or a custom app.

------
geodel
For those who are unaware in some recent state level elections in India some
political parties were roundly defeated. So as part of introspection about
campaign and policies they decided to blame it on voting machines.

I am not sure that voting machines are unhackable but when today's losing
parties were winning in past years they seemed pretty sure that win was all
due to overwhelming public support and not some rigged machines.

------
kermittd
"Typing frantically" Im in.

