I have been tinkering with microcontrollers since childhood and I can see the gap in the communication here. Between Rajeev and Musk.
So, here’s the gap that no one is addressing:
1. Any hardware/software is hackable
Anything that is understandable by us, is hackable. In fact, in this context, what we really mean is “cracking”. Legendary hacker ESR has talked about the difference between hacking and cracking in his famous “How To Become A Hacker” guide.[1]
To quote him:
“There is another group of people who loudly call themselves hackers, but aren’t. These are people (mainly adolescent males) who get a kick out of breaking into computers and phreaking the phone system. Real hackers call these people ‘crackers’ and want nothing to do with them. Real hackers mostly think crackers are lazy, irresponsible, and not very bright, and object that being able to break security doesn’t make you a hacker any more than being able to hotwire cars makes you an automotive engineer. Unfortunately, many journalists and writers have been fooled into using the word ‘hacker’ to describe crackers; this irritates real hackers no end.
The basic difference is this: hackers build things, crackers break them.”
(I will continue using the term ‘hack’ while actually I mean ‘crack’.)
So, the question is, is it possible to hack anything? Theoretically, yes.
In that case, this X account, my Credit Cards, my Bank accounts, the aeroplanes.. anything can be hacked.
Then, why aren’t they already?
Why hasn’t Russia hacked Ukraine and the US’s most important defences or vice versa?
2. You need access to hack anything
The traditional iron lock at the front gate of my home is 70 years old and still functions. It is easily hackable.
But you. YOU, the reader, can’t hack it. Because you’re sitting somewhere far away and don’t have access to my lock.
Similarly, if you can’t access EVMs, or my TV remote, you can’t hack them. (That’s the reason, why cutting-edge defence technology is not published. Limiting access, you know.)
There’s a reason why Osama Bin Laden and the terrorist teams had to #hijack the aeroplanes. They HAD TO access them, to make it do what they wanted. Same goes for the rare events where thieves steal whole ATM machine and try to dismantle it.
3. Access alone doesn’t allow hacking
Let’s imagine, you got access to my home lock, an EVM or my TV remote.
How much time would it take you to hack these things?
5 minutes?
10 minutes?
60 minutes?
You can’t be sure.
Because you don’t know the inner workings of these things. You would need a reasonable amount of time to understand the mechanisms, and then modify the workings, if possible.
4. Decentralization is the key
As per the Election Commission of India’s estimate of conducting simultaneous elections, they would require 3 million EVM machines.[2]
Mind you, these are standalone units. So, even if you could seize one of these heavily guarded EVM units for your hacking project, you won’t be able to change the election outcome. (And while you’d be tinkering with the seized EVM machine in your lab, the special forces would be looking for you. A fearful hacker soon becomes a tearful cracker.)
5. Paper trail using VVPAT
Every voter can confirm their vote by seeing a live printout of their vote, which gets sealed along with the EVM unit.[3]
It is like the Advanced Renamer utility that I use on the computer. Once I have renamed my 1000+ files, the software also gives me a detailed changelog, in case I want to track if everything has gone well.[4]
A certain % of VVPAT is also counted for reconciliation.
“Hand over one EVM unit and I will hack it”
These people either don’t understand the whole system in place, or they’re in the business of seeding doubts in the psyche of general population.[5]
Of course, with sufficient knowledge, lab and time, anyone can hack anything, including the EVM. But that’s exactly why the system doesn’t let anyone touch it. [6]
For example, if you had a supercomputer and you wanted to hack in my account using this password (assuming there’s no 2FA), it would take you 109 B years![7] If you’ve got a supercomputer and 109 B years of time, welcome to hack my password.
In summary, the people who jump to resorting to Ballot Box citing the hackability of EVMs are either misinformed or intentional about shaking the processes of democracy. Because we know the history.
References and Foot notes:
[1] How To Become A Hacker: http://catb.org/~esr/faqs/hacker-howto.html
[2]Election Commission will require around 30 lakh EVMs, 1.5-year preparation time for simultaneous polls to LS, assemblies: https://economictimes.indiatimes.com/news/india/election-commission-will-require-around-30-lakh-evms-1-5-year-preparation-time-for-simultaneous-polls-to-ls-assemblies/articleshow/104731346.cms?from=mdr
[3] Voter-verified Paper Audit Trail: https://en.wikipedia.org/wiki/Voter-verified_paper_audit_trail
[4]🪜Rename 100 files for 100 team members under a second: https://get.bhagyeshpathak.com/posts/rename-100-files-for-100-team-members-under-a-second
[5] Archemedes had famously said “Give me a lever long enough and a fulcrum on which to place it, and I shall move the world/Earth.” We know theoretically it is possible to move the Earth if the lever is strong and long enough and a fulcrum to support the lever. But is it practical?
[6] Now, there’s a notion that “the system is not letting us touch the EVMs in our private garage. THAT MEANS they’re rigged”. There is a flaw in this logic. Once a piece of information is declassified, it is no longer secure. Classification is one of the primary security layers.
[7]🪜How strong is your password? Check and generate memorable passwords: https://get.bhagyeshpathak.com/posts/how-strong-is-your-password-check-and-generate-memorable-passwords