For democracy’s sake, EVMs must have proper VVPAT-based audit

The bizarre claim made in London recently about the alleged hacking of Electronic Voting Machines (EVMs) in previous elections has done more harm than good by diverting public attention from genuine concerns about EVMs and the Election Commission of India’s (ECI) lack of transparency in the matter.

The controversy over the security of EVMs dates back to the early 2000s, and is not confined to India. A consensus has emerged that voters can’t verify whether their votes have been recorded and counted correctly, and that miscounts due to EVM malfunction or fraud are undetectable and unchallengeable. Hence, an additional verifiable physical record of every vote cast in the form of voter verified paper audit trail (VVPAT) is required. In 2013, the Supreme Court mandated the use of EVMs with VVPAT units, and ECI has been deploying these in assembly elections from 2017 onwards.

But if a VVPAT-based audit is to have any real security value, it is essential to tally the electronic vote count with the manual one as per the VVPAT slips for a statistically significant sample size of EVMs chosen at random from a suitably defined population of EVMs. Equally important is a clear decision rule about what should be done in the event of a defective EVM turning up in the sample.

But the audit plan that ECI has put in place suffers from serious shortcomings. First, ECI has prescribed a statistically incorrect sample size of just “one polling station (i.e. one EVM) per Assembly Constituency” for all assembly constituencies and all states, even though the number of EVMs in an assembly constituency in different states differs.

Second, ECI has not declared the criteria for arriving at its sample size nor has it specified the population to which this sample size relates. The latter is important because if we assume that 1% of the EVMs are defective, the probability that ECI’s present sample size will fail to detect at least one defective EVM is 99% if “EVMs deployed in an Assembly Constituency” are defined as the “population”. Similarly, the corresponding number is 94% if “EVMs deployed in a Parliamentary Constituency” are defined as the “population”, and varies from about 2% (UP) to 71% (Sikkim) if “EVMs deployed in a state as a whole” are defined as the “population”.

Third, ECI has been vague about its decision rule in the event of one or more defective EVMs turning up in the chosen sample. Fourth, the sample of EVMs is not chosen randomly. The tendency has been to ignore the EVMs and VVPATs, which failed midway on polling day (and were replaced) and select the sample from the rest, thereby making it a biased sample. Fifth, ECI has not been forthcoming about the results of its VVPAT-based audit of EVMs for the various assembly elections held in 2017 and 2018.

Any electronic equipment can malfunction, and ECI keeps about 20-25% of EVMs and VVPAT units in reserve to replace in case it happens on the polling day. Also, there is the likelihood that a few may again malfunction between the polling and the counting days. This may explain the commonly noticed discrepancies between the polling station-wise figures of voter turnout and the votes counted in EVMs.

However, tampering an EVM is not impossible. It’s highly improbable, though, and can go up with insider collusion. Potential attackers need to target only a few EVMs to tip the balance in closely fought constituencies, and without a credible VVPAT-based audit of EVMs, it would go undetected.

So, for calculating statistically correct sample sizes, ECI should: (1) adopt the Hypergeometric Probability Distribution model; (2) assume the percentage of defective EVMs to be 1%; (3) define “EVMs deployed in a state as whole” as the “population”; and (4) aim at 99.9% reliability that the sample will detect at least one defective EVM.

Then, ECI should conduct 100% manual counting of VVPAT slips: (1) for all the remaining EVMs of the defined population (state) if the sample throws up one or more defective EVMs; (2) for closely contested constituencies where the margin of victory is below 2% of the total votes cast or 1000 votes, whichever is less, even if no defective EVM turns up in the sample; and (3) for those polling stations where the discrepancy between the votes polled and votes as counted in EVMs is more than 2%.

To conclude, ECI’s faulty audit plan has led to an avoidable controversy. But the real controversy today is not about “EVMs versus paper ballots”; rather it is about “EVMs with perfunctory VVPAT audit versus EVMs with proper VVPAT audit”. It is, therefore, important that ECI implement the Supreme Court’s order of 2013 in letter and spirit and set the controversy at rest.

V Ramani is a former IAS officer of Maharashtra cadre, K Ashok Vardhan Shetty is a former IAS officer of Tamil Nadu cadre. The authors have extensive experience of conducting and monitoring elections from the local to the national level

The views expressed are personal