CCE report raises concerns about EVM-VVPAT voting

Report examines technical details, engineering design, accuracy and verifiability of the electronic system and comes up with issues that need to be addressed urgently


The Citizens’ Commission on Elections (CCE) has published a report titled An Inquiry into India’s Election System: Is the Indian EVM and VVPAT System Fit for Democratic Elections?

In a press release accompanying the report, CCE raises concerns about the conduct of the 2019 general elections by the Election Commission of India (ECI) saying, “The Association for Democratic Reforms, the Constitutional Conduct Group (CCG) of former civil servants, the Forum for Electoral Integrity, the Delhi Science Forum, the Aman Biradari Trust, People First and the Centre for Financial Accountability were among several groups which were compelled to draw public attention to the lack of integrity of EVM voting and the ECI’s departure from neutrality.”

It added, “Many political parties, mainstream and digital media houses and civil society groups also voiced serious apprehensions at the manner in which the ‘model code of conduct’ was being violated by the ruling party without adequate retribution from the ECI.”

What is CCE?

CCE is a group comprising legal luminaries, former election commissioners, technology experts and scholars. It was set up on March 5, 2020, and comprised the following:  
1.  Mr. Justice Madan Lokur, former Supreme Court Judge, Chair
2.  Mr.  Wajahat Habibullah IAS (Retd), Former CIC, Vice-Chair, [CCG]
3.  Mr. Justice Hari Paranthaman, former Madras High Court Judge
4.  Prof.  Arun Kumar, Eminent Economist
5.  Dr.  John Dayal, Civil Society Activist
6.  Ms. Pamela Philipose, Senior Journalist
7.  Dr. Subhashis Banerjee, Professor, Computer Science, IIT, Delhi
8.  Member-Convener, Mr. Sundar Burra IAS (Retd), [CCG]
M.G. Devasahayam (People-First and CCG) functioned as the Coordinator of the Commission.

The CCE went into specific areas concerning elections.  The findings of its first sectoral report deal with the ‘infallibility’ or ‘vulnerability’ of Electronic Voting Machines (EVMs) and Voter Verifiable Paper Audit Trail (VVPAT). The study was mentored by Dr Sanjiva Prasad, Professor of Computer Science and Engineering, IIT Delhi. 

The CCE went into specific areas/themes concerning elections. These are:

i.                 Electronic Voting [EVM/VVPATs] and its compliance with Democracy Principles.

ii.                Scheduling and processes of elections and compliance of Model Code of Conduct.

iii.               Role of media including social media, fake news, etc.

iv.               Integrity and inclusiveness of the Electoral Rolls.

v.                Criminalization, money power and Electoral bonds.

vi.               Autonomy of the ECI and its functioning before, during and after the election.


Among the domain knowledge holders who submitted deposition before the CCE group were Ronald L. Rivest of the Massachusetts Institute of Technology, Cambridge, USA; Alex Halderman of the University of Michigan, USA; Poorvi L. Vora and Bhagirath Narahari of George Washington University, USA; Alok Choudhary of North-western University, USA Sandeep Shukla, Professor, Computer Science and Engineering, IIT Kanpur; Douglas W. Jones of the University of Iowa, USA; Nasir Memon of New York University (Brooklyn), USA; Philip B. Stark of the University of California, Berkeley, Vanessa Teague, Associate Professor, School of Computing and Information Systems, University of Melbourne, Cyber security, Australia; MG Devasahayam, former civil servant; Bappa Sinha of Free Software Movement of India, Subodh Sharma of Computer Science and Engineering and of the School of Public Policy, IIT, Delhi; S Prasanna, Advocate, Delhi, Venkatesh Nayak, RTI activist, KV Subrahmanyam, Professor, Computer Science, Chennai Mathematical Institute, Chennai, Poonam Agarwal, media-person and Anupam Saraf, Professor and Future Designer.

Key findings:

Security concerns: The ECC says that their report has devoted considerable time and expertise in scrutinising the technical architecture of EVMs and the accompanying VVPATs. They have found:

  • The ECI does not appear to safeguard against the possibilities of ‘side-channel attacks’, i.e. hacking electronic devices through electromagnetic and other methods.
  • Even the ‘software guard extensions’ of sophisticated Intel processors have proved vulnerable to interference and tampering.
  • Just a few EVMs can swing election results for a constituency.
  • That the processor chip in the EVM is only one-time programmable is also in doubt.
  • In fact, latest EVMs use the MK61FX512VMD12 microcontroller supplied by an US based multinational, which has a programmable flash memory.

Accuracy and verifiability concerns: The report says, “In an EVM, where votes are recorded electronically by press of a button, and the voter cannot examine what has been recorded, there is no way to provide a guarantee to a voter that her vote is cast as intended (recorded correctly in the EVM), recorded as cast (what is recorded in the EVM is what is collected in the final tally) and counted as recorded. This casts doubts on a purely EVM- based system.”

However, it gives credit to VVPAT saying, “Voter-verifiable Paper Audit Trail (VVPAT) is one possible to way to make the voting system auditable. Using VVPAT a voter can in principle verify that her vote is cast as intended, and a suitably designed end-of-poll statistical audit can possibly determine that the collection and counting are correct.”

However, the CCE report raises some concerns about VVPAT as well saying, “The ECI’s VVPAT system is not truly voter-verified because it does not provide the necessary agency to a voter to cancel her vote if she thinks it has been recorded incorrectly. Also, in case the voter raises a dispute, there is no way for her to prove that she is not lying. As such, penalizing a voter in such a situation is not correct.”


The CCE report makes the following recommendations:

To ensure independence between software and hardware, end-to-end verifiable systems with provable guarantees of correctness must be introduced and the ECI must declare its publicly-verifiable guarantees against spurious vote injections.

If the correctness of an EVM cannot be established then it is practically impossible to predict whether an EVM can be hacked or not. In particular, that an EVM has not yet been detected to have been hacked provides no guarantee whatsoever that it cannot be hacked. Thus, elections must be conducted assuming that EVMs may possibly be tampered with.

There must be a post-election audit of the EVM counts against manual counting of the VVPAT slips. In fact, it may be sufficient to tamper only a few EVMs to swing an election if a contest is close. Thus, in practice, it may be necessary to test more EVMs than even what the civil society and political party’s demand (30% and 50% respectively) to ensure verification and reliable ascertainment of results.

There must be a stringent audit of the electronic vote count before the results are declared. The audit should not be based on ad hoc methods but by counting a statistically significant sample of the VVPAT slips according to rigorous and well-established statistical audit techniques. The audit may in some cases — depending on the margin of victory — require a full manual counting of VVPAT slips.

The entire CCE Report may be read here: 



The EVM Conundrum: Concerns over EVMs not invalid, must be addressed
How states can ensure transparency in EVM based assembly elections 




Related Articles