Syed Shuja's grand tale of EVM hack: Unpacking the facts from the fiction
In what is the latest chapter in the tale of EVM hacks, a US-based Indian cybersecurity expert, Syed Shuja, has alleged that political parties, with the help of the Election Commission of India, have been manipulating Lok Sabha and Assembly election results in the country since 2014.
Addressing a room full of journalists in London via a Skype call from an unknown location in the US, Shuja made one startling claim after the other and accused some of the biggest political parties in the country of being part of a conspiracy that involves not just corruption and the subversion of democratic processes, but also murder.
These explosive allegations, which went on to name the BJP as the prime culprit in the efforts to undermine our democracy, were made by Shuja at an event organised by the Indian Journalists' Association (Europe) and attended by senior Congress leader Kapil Sibal.
While extremely political in nature, at the core of it, Shuja's allegations brings to the fore a deep distrust many of us share about technology. By raising questions over the use of EVMs for polling, the allegations tried to exploit our basic fears that often stem from a lack of understanding about the topic.
As such, before we get to passing judgments on Shuja's claims – ones that he has failed to provide any proof to back – let us look at what he said about the hacking of EVMs.
Claim: How the EVMs were hacked
During almost an hour and a half-long interaction, Shuja explained that he was first exposed to the EVMs while working for the Electronics Corporation of India Limited (ECIL) – the firm responsible for the manufacturing of the EVMs used by the Election Commission of India for polls in the country.
He explained how he and his team – comprising of 11 other engineers – were first apparently approached in 2013 to find vulnerabilities in current generation EVMs and to come up with a prototype for a future voting machine that cannot be hacked – an offer that Shuja and his team accepted.
As Shuja explained, soon enough, they were provided with the PCB of the EVMs which housed no Bluetooth or a WiFi chip, making it impossible to hack the EVMs using conventional wireless methods. Following which they allegedly devised a way to bypass the security protocols of the device and access it remotely via radio frequencies through a sophisticated graphite based military grade modulator, operating on spectrum frequencies that are only accessible to the military.
The particular modulator, as Shuja claimed, allowed the team to hack into the kernel of the device and manipulate results – a technique that was then allegedly taken by the BJP to manipulate the results of the 2014 and future elections.
In his yet to be substantiated allegations, Shuja has also accused the BJP of orchestrating the murder of his team members after they helped the party figure out this hack, as well as inciting a riot in Hyderabad in May 2014 to cover up the act. He also claims the party got the former NDA cabinet member, Gopinath Munde, as well as journalist Gauri Lankesh killed to keep news of the EVM hack escaping to the general public.
How seriously should we take the claims?
There were several other allegations – from the Brexit referendum being manipulated to AAP winning the Delhi Assembly polls because of hackers swooping in to save the day – but, at this point, we'd like to get back to the two core questions at hand.
A.) Can the EVMs even be hacked?
B.) If yes, how likely is that they actually were, as Shuja claims.
To begin with, the answer to the first question is yes. As is the case with any piece of technology, with the right tools and enough time, any machine can be manipulated. The level of difficulty may differ, but hacking into any device – in one form or another – is definitely possible.
Which brings us to the more important question – did the BJP really exploit vulnerabilities in the EVMs and change the outlook of the 2014 polls?
Well, we're not sure.
Quite frankly, the scale of the operation that Shuja claims was and is still going on, and the tools required for it, would be virtually impossible for the BJP, or any other private entity, to obtain – that too, in the run-up to an election year when they were not even in power.
Add to that the fact that Shuja has failed to provide any proof to substantiate his claims also works against him.
Even from the technological point of view, the self-proclaimed cybersecurity expert failed to give any tangible proof to back his claims of the EVMs being prone to hacking. All he provided was a theory – one based on the hollow words of what appears to be at best a conspiracy theorist.