-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Biju, I found much to be disagreed with in the paper. In a nutshell, most of the attacks described in the paper have no bearing on the 'e'-ness of the Indian EVMs, and would apply to paper ballots as well. Some attacks on paper ballots (ballot-stuffing, most notably) are solved by the Indian EVMs. (Please note, this is not a defence of EVMS, but of the *Indian* EVMS.) Also, please note that I find it inexcusable that the source code is kept a secret (security through obscurity), etc. But I have not seen it demonstrated convincingly enough that a non-complex EVM (which is what the Indian ones are) are generally less reliable / more prone to attacks than paper ballots.
Here is a mail I sent out as part of another conversation: === Here are my 140-character takes, in reverse chronological order: (And to contextualise some of them, you'll need to see what tweets of gkjohn's or sunil_abraham's I was responding to -- you could do that by heading over to my Twitter page: http://www.twitter.com/pranesh_prakash ) @gkjohn: The trusted insider problem's there with paper ballot too, no? The 'Gulaal' technique of faking count comes to mind. 2:22 PM Apr 30th via Gwibber in reply to gkjohn @gkjohn: Indian EVMs (unlike Eur. and American ones) have simplicity in their design. Hmm, for paper trail: wouldn't vote printouts suffice? 12:39 PM Apr 30th via Gwibber in reply to gkjohn @gkjohn: + Their two demonstrated attacks need physical access and hardware tampering after manufacture. 12:37 PM Apr 30th via Gwibber in reply to gkjohn @gkjohn: Not all are harder to spot, frankly. As I noted, many of the same compromises work against paper ballots too. + 12:35 PM Apr 30th via Gwibber in reply to gkjohn @sunil_abraham: The paper itself is also very confused. Derides "such low-tech solutions" as wax seals, as also high-tech. @vrsrini 12:32 PM Apr 30th via Gwibber in reply to sunil_abraham @sunil_abraham: They seem to have less security problems than paper ballots (the suggested alternative), though. 12:31 PM Apr 30th via Gwibber in reply to sunil_abraham Renesas (Japanese) and Microchip (American) which make the CPUs are barely accountable, and the 2 committees haven't seen code. 12:26 PM Apr 30th via Gwibber @gkjohn: a. Yes. Ballot-stuffing, for instance. b. Yes, because paper ballots are less secure. c. I completely agree (even if it be OTP) 12:24 PM Apr 30th via Gwibber in reply to gkjohn EVMs: And quite a few of the compromises ('using total number of candidates') are very far-fetched, and very easy to spot. 12:23 PM Apr 30th via Gwibber Paper shows that EVMs can be compromised, not that paper ballots are better. But security through obscurity is a big problem. 12:18 PM Apr 30th via Gwibber On Indian EVMs: Paper suggests problems with EVMs, but some of the same attacks possible on paper ballots too. 12:16 PM Apr 30th via Gwibber The full technical paper on compromising the Indian electronic voting machines (PDF): http://ur1.ca/y1mk / Comments? 12:15 PM Apr 30th via Gwibber -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkvr30sACgkQ7JoSBR1cXwc4zQCePweHnERQn4cdtJazzForlsrx rUUAoJZEHHZk+huCKCmLQwu5W/bqyh0s =USPs -----END PGP SIGNATURE-----
