EVMs and VVPATs: RTI reveals- micro-controller used is not OTP type as claimed by the Election Commission, BEL and ECIL refuse to reveal software audit reports citing national security and commercial confidence

EVMs and VVPATs: RTI reveals- micro-controller used is not OTP type as claimed by the Election Commission, BEL and ECIL refuse to reveal software audit reports citing national security and commercial confidence


Image courtesy: https://www.news18.com/

May 22, 2019

By: Venkatesh Nayak

All seven phases of voting to elect members of the 17th Lok Sabha have been completed. The votes will be counted on 23rd May, 2019. Soon after the last phase of polling ended, pollsters had a field day with their exit poll findings about the likely performance of political parties and pre-poll/post-poll alliances. So did the bulls in the stock market the next day. Several opposition parties are expressing their misgivings about Electronic Voting Machines (EVMs) and Voter Verified Paper Audit Trail (VVPATs) used in all constituencies, including elections held to the State Legislatures in Andhra Pradesh, Arunachal Pradesh, Odisha and Sikkim. They are demanding 100% verification of VVPAT slips against the votes displayed on the EVM. Once again the reliability of the machine-based voting system has become the subject of widespread debate. However, senior members of the ruling National Democratic Alliance who authored a 200-page long book in 2010, asking if India’s democracy was at risk because of EVMs, are maintaining a studied silence this time.

I too cast my vote in the New Delhi Lok Sabha constituency and yes, the VVPAT window correctly displayed the choice I made by pressing the EVM button for a few seconds. Nevertheless, the “infallibility” claims about EVMs and VVPATs made by their manufacturers and their purchaser and deployer- the Election Commission of India (ECI), continue to be a matter of “trust”. The ECI has repeatedly urged political parties and skeptics to trust the ability of the EVMs to faithfully record all votes cast through them and accurately display the electoral mandate on counting day.

Free and fair elections form the bed rock of our constitutionally guaranteed democracy. As vigilant citizens, it is desirable to adopt the stance- “In God we trust, everything else requires evidence”. Given the heightened anxieties over EVMs and VVPATs, it is time to publicise some information I obtained from the ECI and the EVM+VVPAT manufacturers- Bharat Electronics Ltd. (BEL) and Electronics Corporation of India Ltd. (ECIL), recently under The Right to Information Act, 2005 (RTI Act).

Main findings from documents obtained through the three RTI interventions

  1. The micro-controllers (computer chip) embedded in the BEL-manufactured EVMs and VVPATs used in the current elections, are manufactured by NXP- a reputable multi-billion dollar corporation based in the USA.
  2. ECIL refused to disclose the identity of the manufacturer of the micro-controller used in its EVMs and VVPATs citing commercial confidence under Section 8(1)(d of the RTI Act;
  3. In 2017, some segments of the media reported that Microchip Inc., USA headed by an NRI Billionaire supplied the EVM micro-controllers. Documents released under the RTI Act show, at least BEL has not used this company’s micro-controllers in the EVMs sold to ECI for use in the current elections;
  4. While the ECI continues to claim that the micro-controller used in the EVMs is one-time programmable (OTP), the description of the micro-controller’s features on NXP’s website indicates that it has three kinds of memory – SRAM, FLASH and EEPROM (or E2PROM). Experts who know enough and more about micro-controllers confirm that a computer chip which includes FLASH memory cannot be called OTP;
  5. The ECI has not yet made any decision on the September 2018 recommendation of the Central Information Commission (CIC) to get the competent authorities to examine whether detailed information about the firmware or source code used in the EVMs can be placed in the public domain in order to create public trust in the EVM-based voting system;
  6. Despite the passage of more than five years, the ECI does not appear to have acted on the 2013 recommendation of its own Technical Evaluation Committee (TEC) to make the firmware or source code embedded in the micro-controller used in EVMs transparent in order to ensure that there is no Trojan or other malware in the EVMs;
  7. ECIL replied that the firmware or source code testing was done by a third party, namely, STQC- an agency under the Ministry of Electronics and Information Technology. But the CPIO denied access to the reports on the ground that they were too voluminous. BEL denied access to this information claiming the exemption relating to commercial confidence and intellectual property rights under Section 8(1)(d) of the RTI Act;
  8. BEL bagged a purchase order worth INR 2,678.13 crores to supply EVMs and VVPATs to ECI. ECIL, however refused to disclose this information also stating that despatch data will be supplied after the General Elections are completed; and
  9. While BEL claimed that the battery powering its EVM could last 16 hours of non-stop voting with 4 Ballot Units, ECIL claimed a battery life of 2 years for its EVMs!
  10.  While ECIL claimed that the firmware and source code audit related information was "classified" and could not be disclosed under Section 8(1)(a) of the RTI Act which protects national security interests, BEL claimed commercial confidence and Intellectual Property Rights-related exemption under Section 8(1)(d) to deny access to the same information.

Background to the 1st RTI Intervention with the ECI

In September 2018, the CIC gave its decision on an RTI appeal filed by Adv. Sunil Ahya of Mumbai. He had sought detailed information from the ECI about the source code used in EVMs. The ECI transferred the RTI applications to BEL and ECIL who rejected the information request. The CIC accepted the argument that disclosure of such information was barred under Section 8(1)(d) of the RTI Act because it related to the Intellectual Property Rights of the EVM manufacturers. Disclosure would also harm their competitive position and could lead to introduction of spurious machines in the system, the manufacturers had argued. However, the CIC recommended that the issue of disclosure of the EVM software-related information be placed before the competent authority to make a decision, because, it was a public interest matter and transparency would create greater public confidence in the voting system. The CIC’s order is in the file named- CIC-EVMs-order given below.

Around the same time the ECI published the latest version of its Status Paper explaining the basics of EVMs and VVPATs and the fool proof systems put in place to ensure that they functioned accurately without any possibility of being tampered with. This booklet contained references to reports of successive TECs and also the report of the forensic examination of one set of EVMs undertaken by the Central Forensic Sciences Laboratory (CFSL). This examination was ordered pursuant to an election petition filed in the Bombay High Court in the matter of Shri Abhay Bhakchand Chhajed vs Madhuri Misal & Ors [Election Petition No. 15 of 2014, jjt dated 23/02/2018]

The RTI application filed with ECI

In February 2019, I sought the following information from the ECI under the RTI Act:

“I. Apropos of the advice of the Central Information Commission (CIC) tendered to your Commission in its decision dated 11/09/2018 (copy enclosed), in the matter of Sunil Kishore Ahya vs CPIO, Election Commission of India & Ors., [Second Appeal No. CIC/ECOMM/A/ 2017/171660], I would like to obtain the following information under the RTI Act:

  1. A clear photocopy of all official records and documents and annexures, if any, that contain details of action taken to comply with the said advice of the CIC; and
  2. A clear photocopy of all file notings and annexures, if any, relating to the information described at para #I(a) above.
  3. Apropos of your Commission’s August 2018 publication entitled: Status Paper on Electronic Voting Machine (EVM), Edition-3, I would like to obtain the following information under the RTI Act:
  4. A clear photocopy of all reports of the Technical Evaluation Committees received since 1990 till date regarding EVMs and VVPATs, along with annexures, if any;
  5. A clear photocopy of the report of the forensic examination of EVMs conducted by the Central Forensic Science Laboratory (CFSL) pursuant to the direction of the Bombay High Court in EP No. 15 of 2014 along with annexures, if any; and
  6. The complete list of manufacturers of micro-controllers used in the EVMs along with their postal addresses.

III. As your Commission is not listed as a public authority on the RTI Online Facility (https://rtionline.gov.in/) set up by the Government of India, I would like to obtain the following information under the RTI Act:

  1. The reasons for not joining the aforementioned facility to enable citizens to submit RTI applications to this Commission electronically; and
  2. The details of action taken by your Commission, till date, to join the aforementioned facility to enable citizens to submit RTI applications to this Commission electronically.”

As it is not possible to submit an RTI application to ECI using the RTI Online facility set up by the Government of India, I had asked the information described in Part III of the RTI application.

The ECI CPIO’s reply

The CPIO informed me that ECI has created a facility for citizens to file RTI applications on its own website. So I saw no problem with this part of the reply.

As regards Part I of my RTI application, the CPIO simply stated that the file regarding compliance with the CIC’s recommendation to make the source code related information about EVMs public, was under submission. He neither denied nor furnished the information.

As regards the CFSL report sought in Part II of my RTI application, the CPIO stated that the report of the forensic examination of the EVMs used in the elections to the Assembly constituency of Parvati in Pune, Maharashtra, in 2014 were submitted to the Bombay High Court in sealed cover. Again, he neither denied nor furnished this information.

The ECI’s CPIO claimed that information about suppliers of micro-controllers used in the latest generation (M3) of the EVMs and VVPATs supplied to the ECI were available exclusively available with the manufacturers. The CPIO did not bother to transfer this part of the RTI application as is required under Section 6(3) of the RTI Act.

An appeal has been filed against these replies and the decision of the First Appellate Authority is awaited.

As for the TEC reports, the CPIO supplied the same on payment of additional fees of Rs. 128/-. A scanned copy of the RTI application and reply along with the TEC reports since 1990 are in the file ECI-RTI-docs given below.

Main findings from the ECI’s RTI reply

The TEC reports contain a wealth of information about how successive Committees assessed the working and non-tamperability of the EVMs. I am not an expert to comment on the technical aspects of these reports. To the best of my knowledge, the ECI has not uploaded these reports on its website. However, they are already public documents as they were submitted to the High Courts and the Supreme Court in various cases some of which are listed in the 2018 EVM Status Paper. I am placing them in the public domain once again so that citizens and political parties may approach the issue of the “infallibility” and “non-tamparability” of EVMs and VVPATs in an informed manner.

Evolution of EVMs from OTP to Flash memory type micro-controllers

The TECs constituted in 1990 and 2006 stated clearly that the micro-controller used in the EVMs (M1 and probably M2 generation) were one time programmable (OTP). The firmware or source code written into them was secret and could not be read by anybody including the manufacturers, after it was burnt into the micro-controller. This is one major pillar on which the “infallibility” and non-tamperability” claim about the EVMs has rested. The micro-controllers themselves are imported from abroad as India does not have any facility for manufacturing them.  While the source code was written up by BEL and ECIL, they were burnt into the micro-controllers used in the M1 and M2 generation EVMs by these foreign supplier companies. However, the 2018 EVM Status Paper (see page 14) makes it clear that the firmware in the latest generation of M3 EVMs is burnt into the micro-controllers by BEL and ECIL themselves.

Adv. Sunil Ahya’s RTI application (which was eventually rejected by the CIC) was regarding this very firmware or source code. After losing the battle under RTI, Advocate Ahya took the matter directly to the Supreme Court of India. One of the pleas he put before the Apex Court was for a direction to audit the firmware or the source code by an independent agency. Unfortunately, his petition was swamped by petitions filed by opposition political parties led by Andhra Pradesh’s Chief Minister, Mr. N. Chandra Babu Naidu. The Apex Court clubbed all the petitions and directed that the verification of VVPAT slips be increased from 1 to 5 EVMs per Assembly segment. The Court refused to go into the integrity of the EVMs as the schedule for the Lok Sabha elections had already been announced. So Adv. Ahya’s case was closed for the present ( also see pages 9-10 of the Court’s Order). The Apex Court’s order is in the file named- SCI-EVMs-order given below. According to Adv. Ahya.

An examination of the TEC reports supplied by the ECI to me under the RTI Act, reveals a different story. Nothing in the reports of the TECs appointed in 1990 and 2006 indicate that they audited the source code used in the EVMs.

However, the TEC headed by Prof. D. T. Shahani made an important recommendation in 2013, for ensuring transparency of the firmware or source code used in the EVMs as follows (see pages 68-69 of the file named- ECI-RTI-docs given below):

“v. Transparency of EVM Code: Facility to be provided in EVM units so that Code in the EVM units can be read out by an approved external unit and the code so read may be compared with corresponding reference code to show that code is same as that in reference units. The scope of comparison is only to ensure that there is no Trojan or other malware for EVMs in use. Election Commission may consider the format (binary hex or any other) in which the reference code is made available and modalities of preserving reference code including code revisions This provision be introduced for the first time, may be done in a phased manner with due caution. Thus the Commission may initially consider undertaking this exercise in a limited scale as per mechanisms they deem fit and availability of logistics say at FLC Stage (First Level Checking Stage), and/or third party. Thereafter having gained the experience on modalities and logistics needed, and the time will be required to set up these logistics on larger scale, later extend access to this facility.” (emphasis supplied)

The 2018 EVM Status Paper of ECI states that the TEC headed by Prof. D. T. Shahani is currently in existence but makes no mention of “auditing firmware used in EVMS” in the role assigned to this TEC.

The information supplied by ECI under the RTI Act leads to the following probable conclusions:

  1. As the firmware embedded in the microcontroller is amenable to being read out by an approved external unit, it is no longer secretive as in an OTP memory type chip. Further, as the name, serial number and symbol of each candidate requires to be printed on the VVPAT slip, this data cannot be fed into the micro-controller at the manufacturers’ premises. It has to be done after the final list of candidates is prepared. So a Flash memory type micro-controller instead of the older OTP type is required. This conclusion is confirmed further by the product description found on the micro-controller manufacturer’s website (see BEL’s RTI reply below);
  2. The TEC recommended transparency of the firmware in order to ensure that no Trojan or malware had infected it;
  3. The TEC recommended that an audit of the firmware be carried out in a limited manner initially, but be extended to all EVMs eventually (the very demand made by Adv. Ahya in his petition before the Supreme Court); and
  4. The TEC does not appear to have undertaken such an audit on its own but recommended that the ECI should do it at the FLC stage or with a third party.

If at all the firmware or source code of the EVMs and VVPATs has indeed been undertaken, the ECI has a duty to publicise these reports and the number of machines on which such audit has been conducted in order to strengthen public confidence in the EVMs. Merely commanding the voter to trust their word on the “infallibility” and the “non-tamperability” of these machines is not enough. As will be shown below, at least one manufacturer claims to have conducted such audits through a third party but has refused to make the reports public claiming that they are voluminous.

The RTI Interventions with BEL and ECIL

As the ECI did not disclose the name of the supplier of the micro-controller used in the EVMs and VVPATs, based on my understanding of the 2018 EVM Status Paper, I filed identical RTI applications with BEL and ECIL in March 2019, through the RTI Online Facility, seeking the following information,:

“Apropos of the August 2018 publication of the Election Commission of India bearing the title: Status Paper on Electronic Voting Machine (EVM), Edition-3, I would like to obtain the following information from your public authority under the RTI Act, 2005:

i) A clear photocopy of all reports of the Technical Evaluation Committees received since 1990 till date regarding EVMs and VVPATs, along with annexures, if any;

ii) A clear photocopy of the report of the forensic examination of EVMs conducted by the Central Forensic Science Laboratory (CFSL) pursuant to the direction of the Bombay High Court in EP No. 15 of 2014 along with annexures, if any;

iii) The complete list of manufacturers of micro-controllers used in the latest generation (M3) EVMs along with their postal addresses;

iv) The list of names and designations of engineers who have developed the M3 EVM software in your company;

v) The list of names and designations of members of the independent testing group which carried out testing and evaluation of the so􀅌ware of the M3 EVMs and VVPAT units;

vi) A clear photocopy of the report along with annexures, if any submitted by the independent testing group after testing and evaluating the so􀅌ware of the M3 EVMs and VVPAT units;

vii) A clear photocopy of the software requirement specifications used by the independent testing group which tested and evaluated the software of M3 EVMs and VVPAT units;

viii) A clear photocopy of the Quality plan and document containing performance test procedures for M3 EVMs and VVPAT units;

ix) A clear photocopy of the report of the Quality Assurance Group in your company which has checked the functionality of the M3 EVMs and VVPAT units;

x) The duration of the life of the battery that powers an M3 EVM and the VVPAT unit;

xi) The total number of M3 EVMs and VVPAT units supplied to the Election Commission of India for use in the Lok Sabha and State Legislative Assembly Elections of 2019;

xii) The sale price of an M3 EVM and VVPAT unit supplied to the Election Commission of India; and

xiii) The total payment received from the Election Commission of India towards the purchase of M3 EVM and VVPAT units, as on date.”

BEL’s CPIO sent a reply in the month of April itself. ECIL’s CPIO did not bother to send a reply for 37 days. His reply was uploaded on the RTI Online Facility on the 38th day when I submitted a first appeal through this facility.

An analysis of the CPIOs’ replies

BEL’s CPIO denied access to information sought at 10 of the 13 queries of the RTI application by invoking Section 8(1)(d) of the RTI Act. BEL’s CPIO gave the following information on the remaining three points (the RTI documents are in the file named- BEL-EVMs-RTIdocs given below):

  1. The micro-controller was sourced from NXP and the product identification is MK61FX512VMD12. The CPIO stated that the supplier’s address can be found on its website;
  2. The battery of the EVM BEL manufactures lasts 16 hours of non-stop voting with 4 Ballot Units; and
  3. BEL had supplied 9.25 lakh Ballot Units, 5.58 lakh Control Units and 8.93 lakh VVPATs of M2 and M3 generation to ECI in 2018-19 at a cost of INR 2,678.13 crores.

In December 2017, some segments of the media reported that Microchip Inc., USA headed by an NRI Billionaire supplied the micro-controllers for the EVMs. However, BEL seems to be have imported micro-controllers from NXP- a multi-billion dollar corporation based in the USA. The description of the micro-controller on NXP’s website clearly indicates that it has Flash Memory and not OTP Memory.

ECIL’s CPIO denied access to information sought at 7 of the 13 queries saying they were “classified” and citing the national security exemption under Section 8(1)(a) of the RTI Act without specifying which of the seven public interests protected there was attracted. ECIL’s CPIO gave the following information on the remaining six points (the RTI documents are in the file named ECIL-EVMs-RTIdocs given below):

  1. The EVMs manufactured by ECIL have a battery life of two years;
  2. The software used in the EVMs and VVPATs was tested by a third party, namely the Standardization Testing and Quality Certification (STQC) team;
  3. The reports of the software quality testing conducted by STQC and functionality testing conducted by ECIL’s own Quality Assurances Group were described as too voluminous. I have been invited to the ECIL’s premises to “very” [sic] the information personally (perhaps the CPIO meant “verify”);
  4. The EVM and VVPAT sale data were also not provided on the pretext that elections were going on. The CPIO stated that the data will be provided after the completion of the elections.

It is interesting to note that despite manufacturing machines that essentially perform one and the same task, BEL and ECIL cited different reasons to deny most of the information. While IPR was BEL’s excuse, national security was ECIL’s reasoning. It comes as no surprise that ECIL is a Central Public Sector Undertaking falling under the Department of Atomic Energy (DAE) which often cites national security grounds for denying access to information. Incidentally, DAE is part of the Prime Minister’s portfolio. Further, whether getting the firmware or source code audited by another Government controlled agency satisfies the requirement of independent third party auditing requirements is an issue that all citizens must debate upon.

Conclusion

Except for ECIL whose CPIO replied to the RTI application on the day I submitted a first appeal, ECI and BEL had sent their RTI replies in April 2019 itself. I deliberately waited until the last phase of polling was completed to release this information to avoid accusations of using RTI-sourced information to influence the outcome of the elections. Now that only counting and declaration of results remains to be done, nobody need point a finger about the timing of the release of all this information.

Some EVM-faithfuls might still ask- why now? The answer to that question can be found in the judgements of two Supreme Courts- one German and the other- our own.

While striking down the law permitting the use of EVMs in the elections in Germany, in 2009, the Federal Constitutional Court cited the principle of “public examinability” of all essential steps in the conduct of elections in that country which is guaranteed under the Constitution (except when other constitutional interests justify otherwise).

Although the Indian Constitution does not make a reference to the principle of “public examinability” of steps taken during elections, the Supreme Court of India implied this principle as the basis of the people’s right to know everything that the Government does in a public way almost three and a half decades before the German Constitutional Court. In the matter of State of U.P. vs Raj Narain [AIR 1975 SC 865]. Justice Mathew’s opinion echoed this very principle:

“74. In a government of responsibility like ours, where all the agents of the public must be responsible for their conduct, there can but few secrets. The people of this country have a right to know every public act, everything, that is done in a public way, by their public functionaries. They are entitled to know the particulars of every public transaction in all its bearing.”

These RTI interventions are aimed at placing as much information as possible in the public domain about EVMs, VVPATs and other related matters which the ECI or other public authorities are reluctant to publish voluntarily. In the context of elections, perhaps voter choice- individually and at the community level, are the limited set of matters that deserve confidentiality, legally and legitimately. All other matters must be amenable to “public examination” and facilitate informed public debate.

I would like to thank Shri Kishore Jonnalagadda, Electronics Engineer based in Bengaluru for helping me understand the basics of the micro-controllers and their use in machines like EVMs.

All facts are in the public domain. Views are personal.

 

CHRI trail of enquiry: CIC-EVMs-order | SCI-EVMs-order | ECI-EVMs-RTIdocs | BEL-EVMs-RTIdocs | ECIL-EVMs-RTIdocs

Media coverage: EastMojo | The Wire | HTN | Counterview | MoneyLife | Frontline