Software intended for public use in a democracy needs to be open source so it’s always reliable and doesn’t demand trust in a single vendor
The 2022 Nobel Prize for physics was unusual because it was awarded not for a scientific discovery or technological innovation. Instead, it went to three physicists who proved that a peculiar natural phenomenon, called quantum entanglement, is real and that it isn’t the result of hitherto unknown physics, meaning whatever physics we already know should be able to explain it. Many physicists still lack an intuitive understanding of how this phenomenon happens physically, but thanks to the Nobel laureates’ work, they know it does.
The Supreme Court’s verdict on the petition brought by the Association for Democratic Reforms and Arun Kumar Agarwal against the processes by which the Election Commission (EC) ascertains the security of its electronic voting machines (EVMs) and the integrity of the voting process could learn something from this Nobel-winning effort. Hearing the matter on April 24, the Bench of Justices Sanjiv Khanna and Dipankar Datta had an eye-opening exchange with the lawyers, particularly in two instances.
In the first instance, advocate Santhosh Paul for the petitioners said EVMs have a “source code” that should be disclosed for independent verification, to which Justice Khanna replied, “The source code should never be disclosed. If it is disclosed, it will be misused.” Second, when asked whether the microcontrollers in the EVM’s three components could be reprogrammed, an EC official said they couldn’t. Advocate Prashant Bhushan, for the petitioners, disputed this claim saying the microcontrollers’ manufacturer’s data suggested they could be. Justice Khanna then said, “He [the official] has clarified the doubt” and that “we have to rely on them [EC] on technical data”. In a final instance, the Bench passed the order on April 26, refusing to revert to paper ballots and said “blind distrust” of the system is bad for progress.
Across these instances, two impressions shine through; that the security of the EVMs depends on some unspecified “source code” and that knowing how something works could compromise its normal operation. Both these notions are inimical to democracy.
Why do we “have to” take the EC’s word on the “technical data”? The petitioners’ prayer to return to paper ballots was patently infeasible. However, while it’s unreasonable to submit to doubts every time they’re expressed if assuaging the doubters is expensive, it wasn’t so here. By only asserting the EVMs are safe, which they may well be, they have declined the opportunity for the machine to be seen to be safe. This is a dubious precedent, but it also matters because the fundamental issue in this matter is trust in the electoral process.
In his concurring judgment, Justice Datta suggested a “critical as well as constructive approach guided by evidence and reason” in place of “blind distrust”, but the EC’s and the court’s approach has championed blind trust instead. Distrust is bad for progress but blindness is bad for accountability.
Second, knowing how some software works doesn’t also compromise it. For example, by the sheer scale of its use on millions of websites, the WordPress content management system faces more (unethical) hacking attempts, yet it continues to remain popular and secure. This may be all the more surprising because WordPress is open source; its “source code” is freely available to download. There are several thousand people who know how WordPress works but that doesn’t mean they also know how to ‘hack’ WordPress websites.
It’s not unreasonable to expect the software operating inside EVMs to meet the same standard. If it did, it would be independently verifiable and be able to benefit from the expertise of ethical testers to become more fail-proof, rather than rely on a secret that’s privy to the EC and whose modes of failure may remain unknown. There are well-established cryptographic techniques to allow outside verification without increasing an EVM’s vulnerability, such as tests that challenge the system’s schematicswithout forcing them to be revealed — the way a website’s server can verify if your password is correct without knowing what it is. It’s not for nothing that the software underlying electronic voting systems in Germany, the U.S., and Venezuela, among other countries, is open source.
However, the EC hadn’t had the source code audited by a public authority as of 2023. The Technical Expert Committee had suggested in 1990 and 2006 that the EC reveal the source code. In 2013, it recommended a test of the software’s security without revealing its specifics. But the poll body has consistently refused to share the “source code” when members of civil society have approached courts asking for it. The trouble here is that courts have examined these claims from a constitutional perspective whereas the systems that execute the “code” are mathematical, and thus less protected by constitutional safeguards alone.
A software program being proprietary doesn’t make it more secure; in fact, it may be less so by virtue of fewer people being able to vet it. Fundamentally, software intended for public use in a democracy needs to be open source so it’s always reliable and doesn’t demand trust in a single vendor. It needs to be trustworthy — bearing a reputation that doesn’t constantly come under question — and trustless — not requiring someone to just take someone else’s word for it as to its integrity. Trustless software in particular eliminates the room not for trust but for distrust.
