Election Commission has said that it is possible for anyone to make any electronic gadget which ‘looks-like’ ECI EVM and demonstrate any Magic or Tampering. Any 'look-alike'' machine is just a different gadget, which is manifestly designed and made to function in a ‘tampered’ manner and has no relevance, incidence or bearing on the Commission's EVMs.
EC says that gadgets other than ECI EVMs can be programmed to perform in a pre-determined way, but it simply cannot be implied that ECI EVMs will behave in the same manner because the ECI EVMs are Technically Secured and function under an elaborate Administrative and Security Protocol.
In the reference of EVM Safety and Security Features, EC says that the machines are non-tamperable, both due to technological measures, and also due to strict administrative and security procedures laid out by ECI, whereby no access to EVM/VVPAT is allowed to any unauthorized person. Hence, these are protected from any tampering / manipulation whether before the polls, or during the polls, or after the polls, in storage or transportation from manufacturer to the State / District or vice versa, or when transported from one state to another.
Technological safeguards that contribute to non-tamperability of EVM are as following…
1. EVM used by the Commission is a stand-alone non-networked, one time- programmable (OTP) machine, which is neither computer controlled, nor connected to the internet or any network; and hence, cannot be ‘Hacked’.
2. The machine is electronically protected to prevent any tampering / manipulation. The programme (software) used in these machines is burnt into a One Time Programmable (OTP) / Masked chip so that it cannot be altered or tampered with.
3. The software of EVMs is developed in-house by a selected group of Engineers in BEL (Defence Ministry PSU) and ECIL (Atomic Energy Ministry’s PSU) independently from each other.
4. After completion of software design, testing and evaluation of the software is carried out by an Independent Testing Group as per the software requirements specifications (SRS). This ensures that the software has really been written as per the requirements laid down for its intended use only.
5. After successful completion of such evaluation, machine code is given to the micro controller manufacturer for writing in the micro controllers. From this machine code, the source code cannot be read. Source code is never handed over to anyone outside the software group of PSUs.
6. Micro controller manufacturer initially provides engineering samples to PSUs for evaluation. These samples are assembled into the EVM, evaluated and verified for functionality at great length. Bulk production clearance by PSU is given to micro controller manufacturer only after successful completion of this verification.
7. The source code for the EVM is stored under controlled conditions at all times. Checks and balances are in place to ensure that it is accessible to authorized personnel only.
8. During production in the factory, functional testing is done by production group as per the laid down Quality plan and performance test procedures.
9. The software is so designed that it allows a voter to cast the vote only once. The vote can be recorded by a voter from the ballot unit only after the Presiding Officer enables the ballot on the Control Unit. The machine does not receive any signal from outside at any time. The next vote can be recorded only after the Presiding Officer enables the ballot on the Control Unit. In between, the machine becomes dead to any signal from outside (except from the Control Unit).
10. Samples of EVMs from production batches are regularly checked for functionality by Quality Assurance Group, which is an independent unit within the PSUs.
11. Certain additional features were introduced in M2 generation of EVMs (Post-2006) such as dynamic coding between Ballot Unit (BU) and Control Unit (CU), installation of real time clock, installation of full display system and date and time stamping of key-pressing in EVM.
12. The Report of the Expert Committee for the Technical Evaluation of the Upgraded EVMs in 2006 has concluded that any tampering of CU by coded signals by wireless or outside or Bluetooth or WiFi is ruled out as CU does not have any radio frequency (RF) receiver and data decoder. CU accepts only specially encrypted and dynamically coded data from BU. Data from any outside source cannot be accepted by CU.