 appropriate for any other time of the day or wherever you're joining. Welcome to the masterclass, organized as part of a project which examines the proposal of introduction of blockchain technology and Indian elections. This project is hosted by Karuna, which is a collection of independent critiques of various aspects of digital India. My name is Shankar Shan and I'm a member of this collective. I'm also the curator and promoter of this project. The project is supported by Hasgeek.com, which is a platform for collaborations across practices in technology, design, law, policy systems, data, among others. Hasgeek.com and Hasgeek Media Division provide the underlying infrastructure, tools and services to facilitate these collaborations. The reason we are conducting these masterclasses and webinars is to enable participants to acquire the foundational knowledge and perspectives required to evaluate the intended and unintended consequences of technology through diverse set of perspectives which focus on identity, equity, privacy, security, rights, agency and the socio-economic impact of such proposals. Additionally, I think one of the things that has become very clear to us as we have gone through a few masterclasses is that we need to find a way to understand the inherent issues in existing technology before we get fascinated by new technology. We tend to have some sort of a technology fetishism that allows us to jump from old to new. Without actually realizing what is the problem set that the new one is supposed to solve, what is the problem set that exist in our existing set of technology choices that we have made. But more importantly, to be able to understand how deep the consequences of those problems are in not just our day-to-day life but in the entire concept of democracy as we know it. So we have a fascinating talk lined up today. I say it is fascinating because it kind of mixes up two very interesting streams. One, what we call field notes from elections, how processes and steps are existing in current electoral processes. But more importantly, it also provides a perspective on cyber security and I'm very stoked to have as a host and moderator, Shuman Kaur, who is a cyber security researcher and has been exploring various things around cyber security products and consulting. He runs Bandbridge, a cyber security company based out of Kolkata. He believes in the right to privacy and has worked extensively on data breaches and responsible disclosures. One of his very important and significant contributions have been his analysis of the Bitcoin blockchain transactions provided by one of the earlier, which provided one of the earliest estimates of financial losses due to extortions over the email. With that, before I hand over to Shuman to continue with the session, a few housekeeping notes. This session is on Zoom as well as being streamed on YouTube. You can interject at any point during the conversation by using the raise hand processing Zoom. It should ideally be under the reactions options in Zoom, but if it's not, you probably have to find out exactly what it is in the Zoom build you are using. If you are on YouTube and you can post your questions there and we'll relay them back to our Zoom channel to our speaker and our moderator. On Zoom, if for some reason you prefer not to speak out your questions, it could be in a noisy environment or just not prefer speaking them up. It's absolutely fine. Please paste them in the Zoom chat and we would be able to relate and read it out for you. With that, I'm going to hand it over to Shuman and take it away from here please. Thank you. Thank you, Sankarshan. I'm really, really excited. Actually, I've had a brief chat with Kannan and I have ever since been just thinking about questions. But before that, I wanted to spend five minutes, probably a little less, just introducing Kannan and his work, most importantly. Kannan Gopinathan is a former Indian administrative officer and an activist. He resigned in protest from the service due to the approbation of Article 370, if I understand correctly. And he has since been a hugely impactful activist among everyone who's promoting public policies. In 2017, the Northeast today named him as one of the five bureaucrats who've had a lasting, who've made a huge difference in the Northeast. And part of that probably comes from his work in Mizoram, where he started Curated Project HEMA, an early intervention and awareness program against drug usage among upper primary and high school students. And this was later scaled up across Mizoram. And then as district magistrate of Israel, he oversaw the disaster management framework and developed, and he won a citation as well for his work from the government of India. Then in 2018, he worked extensively to mitigate damage from Kerala floods and he was probably working at the, yeah, he was at the Relief Camps and working from the front lines in Kerala. And then he's, he was Secretary of Multiple Departments in Dharpur and Nagar Harbili as well as Damanandu. And he was instrumental in transforming a loss making government electricity distribution firm into a profit making one. And he completed two decade delay ring road project in Silvasa Israel. Wow, amazing. And he has been one of the key voices raising concerns about current electoral technology and we're going to hear more about that right now. So with that, Kanan, please. Yeah, thank you, Suman. And thank you, Shankarshan and Zainab for this opportunity to have a discussion here. And in fact, I had attended the session, the last last week on the history of Indian elections. It's a very fascinating lecture. The last lecture was I think probably by Professor Subhashish Banerjee on the electronic voting principles and techniques and you know, a theoretical framework on that and I have also been quite influenced by Professor Subhashish Banerjee's lectures and his, his own ideas and theories about electronic voting and so I have met him I had a long discussions with him quite a few times. So I could not attend the previous one because I was traveling today. I kind of mixing what is what actually happens in the field and also what the commission claims to be happening should be happening with respect to the EVM and the PVPAT and why and where did I find certain, you know, dissonance in the theories put forward in the claims put forward and the practices that have done in the field. And since I have been part of the system, I would like to make a few disclaimers upfront questioning the veracity or the questioning the sanctity of the current system with the sanctity in the sense of the processes or even saying that there are certain vulnerabilities that should be addressed is not to say that elections have been had or the previous elections were all, you know, should be declared invalid. No, that is never the case. It is to raise certain concerns with respect to the current process in the hope that we might be able to address them and get on to a better system, you know, a better system which is transparent accountable and which is more importantly, simply enough so that everybody can understand as to what is happening, you know, because elections are as much a sovereign exercise as it is a democratic exercise. It is it is both. And this is election is through which, you know, we transfer power as citizens, we transfer our power as individual sovereigns to the some select elected people saying that okay now you be going on our behalf. That is one of the key aspect of electoral democracy that is not that is not democracy per se, but that is one of the key processes in a democracy, which defines at least that electoral democracy part. So elections that way are a key exercise. Now elections and I would like to correct a bit of introduction that was done. Yeah, I did not resign with respect to the abrogation of 370% but what happened after 370 and that had to do with the fundamental rights that had to do with the individual rights of the citizens. And I can't agree when when a government is going beyond constitution and trying to get into, you know, use executive powers to bypass constitution. And that is what I observed there, the fundamental rights to access communication transport movement all of it was curtailed people are arrested, you know, and that was one of the reason I felt it was not just the government, I felt the institution the civil society, the media all of us collectively failed to stand up and resist and say that is not done at least not in the 21st century democratic India that is not done. I felt I felt that it is not in my interest to continue. As if nothing has happened so that is why I resigned it is not exactly a policy decision with respect to 370 or not. So, coming to elections I'm sure many of you might have voted so I can ask certain questions right either to Suman or Sankarshan or is it okay. You can ask questions to everyone. Absolutely. Yeah, how many of you have voted in the recent elections anything 2019 or 2021, you have voted. Okay, now, did you, you must have seen the VVPAT slip that is coming out. So, you must have seen the name and the symbol on that VVPAT slip. Right. Yes. Yeah. So all of you observed the name and the symbol. You must have also heard the claim from the election commission that EVMs are a standalone device. It is not connected to any external device, right. Right. Then have you ever thought how did the name of the candidates and the symbols got into the machine so that it can print it. No, you have to program it. No, yeah. But if you have to program it, you have to connect it, right. Means you can't program it from air. You have to connect it somehow through something. Yes. And I think we use the same set of EVM machines across different states, right. Yeah. And so yes, it has to be. Yeah, candidates are not only 15 to 20 days before the elections are announced. Elections are in a poll date. So elections are announced 45, 60 days before the election poll date. But candidate is only known after the nomination withdrawal and the scrutiny stage, which is hardly 15 to 20 days before the poll date. So that means a certain information that was only available 15 days prior to the poll date is printed by the EVM on the poll date. How is that possible if the EVMs are a standalone, unconnected device? Yeah, so that is the question that worried me also. So I will be trying to address that question. I wanted to raise this upfront because this particular thing has been what has led me to be, you know, as you said, an active campaigner on EVM, BVPAD based election process reforms and stuff. And because of this particular question and the claim that the commission has been continuously doing that it is a standalone unconnected device and I think I'll be covering a bit of it today. Before I go there till 2017 or so, I was also a part of the EVMs are tamper proof, you know, you can't do anything with it, kind of a brigade and I have openly defended it. I have countered people on Twitter. Till even 2017 you will find one of my Twitter thread was later taken on and made it into an article by Orchindia in 2017 or 18. And so I have been on the mostly on the defending EVM side. But when it came to 2019 elections, and I was a returning officer 2013 and 14, I was also part of elections, but then BVPAD was not being used. So 2019 was the first Luxembourg elections when, you know, across the country, BVPAD was being used. And that so when we went to the training at triple ID, India International Institute for democracy and election management. So there was a training for the all the returning officers there. And I went there and it was casually told to us that BVPAD will print the name and symbol of the candidates and the voter would be able to verify and that is where I asked this question. If it is standalone, then how does it know the name and the symbol of the candidates. So then they said the bell and the ECL might be able to, you know, they enter it, they enter the data into it, you don't need to worry. I'm going to interrupt you one second here. I think we should just take a moment to explain what BHE, you meant BHEL, right? No, no, no, BEL, Bharat Electronics. BEL, right, right, BEL. So they are the only ones for manufacturing the device. No, Bell and DCAL both. So there are two. DCAL both. So Bell and DCAL are two PSUs which are manufacturing the EVMs and the BVPAD and all the manufacturing doesn't mean they make the ICs also. So that is another controversy. That is a very, very, very interesting thing that you just raised. Yeah, so this is mostly that, yeah, in fact, we will come there also a little bit further. So why I used to defend 2017 till 2017 was that commission had drilled in a particular routine to all of us or to the public also and to the bureaucracy also. That is that EVMs, we are claiming it to be tamper proof. It is, you know, cannot be hacked not because it is technically not a, you know, we don't, we are not claiming that machines cannot be, no machine can be hacked or no. That is not what is being claimed. We are claiming that under these circumstances, under the physical process, administrative safeguards and the security arrangements that are there surrounding the EVM, BVPAD that we have. It is not possible for it to hack without getting caught. So that was the, you know, paradigm of security that was put forward. It was more or less a custody chain argument and a trust based argument of conducting elections. A custody chain means it is always with us. So, no, don't worry. And trust based means, you know, we are saying it. And since you trust us, you trust what I am saying also. So kind of these two arguments are what will put forward. I'll explain it as to what are the key components of that. One was the technical simplicity of the EVM. So commission always said that EVMs are rudimentary device, very rudimentary, one-time programmable device, unconnected standalone device. And most, more often than not, it was said it is like a calculator, right? It is like a standalone calculator. And the question used to be, can you hack a calculator? You know, if you can't hack a calculator, it is like a calculator. It is not connecting to the internet. It is not, you can't access the memory of it. So the question doesn't arise. So even though technically, if you go purely into that thing, you can hack a calculator also. But it convinced a lot of population as to yes, it is a very rudimentary device, one-time programmable device, claiming to be JTAG had been fused and stuff. And it is a standalone device. It's a calculator. Second part of that argument was physical security argument, which the commission said that, you know, if you have a calculator, if the calculator is with me for a day, or I have physical access to that calculator, I might be able to hack it. Hack, you need not be just connecting and I can do n number of things, change the chip itself, change the more PCB itself and hack it. So once you get physical access, then you can do whatever you want. So the commission said there is a physical security also. The physical security argument was that the machines, the moment it comes to the district or it has, it will be always transported with the police and magistrate arrangements. The moment it comes to the district in the presence of political party representatives only it will be kept in a strong room and there will be a CCTV 24-7 paramilitary forces or the armed police forces which will be guarding it. And whenever the strong room is opened, it will be sealed whenever the strong room is opened, it will again be done in the presence of multiple political party representatives. So nobody has an access, a physical access, a physical access to the EVM. So forget about all that, you know, what you can do if you get a machine in your hand, that is not going to happen. The physical security argument was that. But more importantly, there are three more arguments that are put. That is called the administrative safeguards or process safeguards that we have had. The process safeguards included the first one being candidate agnostic nature of the EVM. Candidate agnostic nature of the EVM meant that EVMs do not know electronically as an electronic machine. EVMs don't know candidate one is who or which party or candidate two is belongs to which party and who is the candidate. It is not, you know, it is not known to the EVM as an electronic device. If I have to just share, I think share a bit. So if you see here, so is this visible the ballot unit that is there? Yes, yes. Yeah. So if you see like this, this is what is called as, you know, pasting the ballot paper, the pasting the ballot paper on to the ballot unit. So the ballot unit has so many 16 buttons, blue buttons that you can see. And for, so it is like button one, button two, button three, button four, button six. Now, to enable the voter to know that button one is corresponding to X voter or, you know, Y voter or Z voter. What we do is we don't electronically feed anything to the BU. I'm talking about pre-VVPAT machine, okay, right now. So we just paste the candidate sequence, but this is known as Form 7A, the candidate sequence on to the ballot unit. So we just, we just paste it on top of it. That's all. There is nothing electronically uploaded on to the ballot unit. Similarly, at the time of counting also, the control unit, if you see, if you press the result, it will just say candidate one, so many votes, candidate two, so many votes, candidate three, so many votes. It will never, it will never say candidate one, we so on so, and you know, let's say BJP or Congress or whatever, and these many votes. No, machines were candidate agnostic. It had no idea. It was button one, candidate one, button two, candidate two. It was only that, only at the interface wherein the voter had to vote this paper through this paper, which is pasted on to the ballot unit. The voter is facilitated, okay, button one corresponds to voter one, you know, candidate one. Similarly, what we have is a form seven at the time of counting. Again, we have this and we know that candidate one means four is on the first, you know, in the form seven eight, that sheet. So machines as such were what you call candidate agnostic electronically. Second thing was that people can just a second. Sorry. So there are a couple of questions. And yes, so do you want to take them now? Let me just complete this part of TVM and I think probably that would be the. Now, candidate agnostic also meant people could ask this question that, so what we can do it before the machines had arrived in your strong room, right. It came, you start all this political parties, CCTV, all those military, et cetera, these armed forces, et cetera, armed police force, et cetera. At the time, it reaches your district, but it is manufactured elsewhere. The chip is coming from elsewhere. It is coming all this, you know, all these things are happening elsewhere. Then why can't it be done that it can be done at that time. One of the defense towards that was since we don't know who is candidate one, who is candidate two, who is candidate three and intelligent pre-programming was a little difficult unless there is an intervention after the candidates have been finalized. Right. So the EVMs are coming to the district around two months before the poll date. Many of times we reuse the EVMs which are there. Many of times we need additional EVMs or entirely new EVMs come from other districts or from the manufacturers and it is then kept, but it comes around two months before the elections. And at that point of time when it comes, you don't know who are the candidates. And so it is very difficult and also an intelligent way to do it would have been to know if, you know, I can electronically know. Okay, I checked some pattern or something and find out that, okay, one is X and this party to is this, then I may be able to do an intelligent manipulation, but that is also not possible because we are not electronically feeding anything to the ballot unit and the control unit. This was the first process safeguard as and candidates are known when candidates are known once the election is announced, which is around 45 to 50 days or 60 days even. That is when the model code of conduct kicks in, you know, the election commission has that press conference saying that election date is also from that day onwards model code of conduct kicks. And the candidates are not known then around, then they fix at the time of the press conference itself they will issue a schedule of elections. And in the schedule of elections, one of the key part would be the nomination day, nomination period there will be a certain days during which candidates can come and nominate themselves as the candidate from a party or individual or registered party which is independent. And after that there is a day set for scrutiny scrutiny is where the returning officer would say and okay, this candidate is to be disqualified like we had cases where in like in Banaras there are candidates disqualified in other places there are candidates so this disqualification happens during the scrutiny. And after that there is a day that is given for withdrawal, like if you don't doesn't want to many a times what happens parties also field one or two candidates you know, in case one of the candidate there. This gets rejected during scrutiny, they will automatically have a substitute candidate to fight for otherwise what will happen the party will not have any candidate to fight for. So, the one day withdrawal is usually for the people who don't want to their otherwise eligible now scrutiny is done, they can also withdraw and their nomination. After the withdrawal comes a particular step called as symbol allotment, symbol allotment for the national parties, the state recognized parties and many of the registered parties. The symbols are already alloted by the election commission itself, but there are many other parties and which do not have symbols there, and also independence who do not have symbols there, they give symbols as a preference. And there are some 1500 symbols which are there, and from that free symbols and from there they choose one, one, two, three in their three orders and then they give. And there is a process by which we decide as to who should be getting the preference. If there is a conflict between two people on a symbol, the national parties state recognized parties and all are fixed within the state, but for the other, there is a symbol allotment process that is done. And the symbol allotment process is completed and you have what you call as a form 7a or a candidate list form, which is published candidate list again has first category is national parties state recognized parties. Then, you know, other registered parties then independence, etc. And within that, you will have your alphabetically ordered, right, if there are Congress BJP, NCP, etc, etc, the national parties, let us assume, then within them, we will see who is coming alphabetically first, let's say it's an English speaking state. So you will find whether somebody is Abhilash or somebody is Suman. So Abhilash would come first and Suman would come next. So the candidate sequence is also finalized at that point of time after the withdrawal. Now this is the time symbol allotment candidate sequence finalization, and this is usually done 15-20 days before the poll date is done as per the schedule of the elections. And this form 7a is published, it's published in a gazette that these are your candidates to the constituents saying that these are the candidates who are standing for elections, and these are their symbols and this is their sequence. Now, it is up to you to vote for who you want. Now this is done only that time. So this becomes there is an uncertainty involved and as to who can come at what number in a candidate. And hence, it also became as a check towards any pre-programmed manipulation that that was one of the check that was set. Second part of it was during this process of safeguards, initially I said the technical one rudimentary blah, blah, blah, physical one all the CCTV armed police force, etc. Then the third one process safeguards the first one was candidate agnostic nature. Second one is what you call as randomization. We have two stage randomization. One, when the election, the machines have come to the strong room in the districts, you do what you call after sometime you do what you call as first level check, where in you check all these machines. And after certain time you also do a randomization, first randomization. So each district might have multiple assembly constituencies. Some might have 12. I had a nice old 14. So there it in Dhadranagarevili there were no assembly constituencies because there are no legislatures. So it can vary. Now what you do there is you randomly assign a set of ballot unit serial numbers and a set of control unit serial numbers. So EVM has two components before the ballot unit and control unit. A set of ballot unit serial numbers and a set of control unit serial numbers independently to a particular constituency. And so we don't know which constituency it was going. It is, it is now randomized. The second level of randomization happens immediately after what is this form 7A, 7A is completed. That is what you know as this candidate symbol allotment, etc. is done. And then you do a randomization wherein you decide which EVM is going to which booth. So you know there might be 200, 300 booths in a particular constituency. We do earlier randomization fixed in across to the constituencies. The second randomization now decides us to which ones will go to the which booth. Now this is also the time the BU and the CU comes together. One serial number of a BU, one serial number of a CU will come together and become what he called as an EVM together and then it gets assigned to a particular booth, which are polling station it is. So two stages of randomization. This also acted as a check because unless you know which constituency the EVM is going, unless you know which booth the EVM is going, a kind of targeted manipulation becomes difficult in a way because unless you have again access after the election. So this targeted in the sense you don't want manipulation in all the booths. You want manipulations in a certain booths where there is a kind of a variance that you expect and you don't want that to happen. So that was there. Then what is called as a three level mock polls are there, which is again part of this process. This is the most convincing steps of all for the political parties involved. The first one is done before the announcement of elections itself during the time of first level check, FLC. Now, FLC is a stage when all these political party representatives are called at that point that candidates are not there. The recognized political parties are called and in their presence, in their representatives presence, the staff from BELL or ECIL they would come and they would start checking whether these functionings are properly or not. And then they would go ahead and also do a mock poll of 1200 votes, randomly, but on dummy candidates. We'll assume alpha, beta, gamma or something. And then we do 1200 votes on 1% of the machines, another 800 votes if I'm not wrong on 2% of the machines and 500 votes on the another 2% of the machines. So total 5% of machines are taken and 1200, 800, 500 kind of a distribution is done there. And this is not a sampling. This is a search. Okay, because if we find, let's say there are 100 EVMs and we take 5% that is 5. And let's assume that one has malfunction. Then we don't assume that one out of five means 20 out of 100. We don't assume that if it is a sampling, then that is how you will do. But this is not a sampling. This is a search. That means if one is wrong, we will just keep it aside and we'll take another one and then we'll fill that 5% requirement. Okay, so the 5% requires 5% has to be checked. That's all. It is not saying that you have to take, you know, if there is any error in that 5% then you have to check, you know, the checking percentage should accordingly increase statistically. That doesn't happen. We just search that 5% only. And that 5% is done. And that is the first mock poll wherein the political party representatives come and check during the. Now, the second mock poll happens is, as I said, after the, the, the symbol allotment, the second randomization form seven, etc. is published that 15, 20 days before the poll date, what we call as a process called as commissioning. Now he said the BU and CU has come together. And now we have the list of the candidates also. Now what we do right now, what is showing in this presentation, this is a process of commissioning of the EVMs. Wherein that he is pasting that ballot paper. This is a form seven, a sample of a ballot paper, which is pasted on the ballot unit. This is also tied to the connected with that cable to the CU and, you know, seen whether it is working fine or not. At this stage, again, once it is connected, and now it is assigned to each vote. Now after that is done around 5% is again taken and 1000 votes are cast again. 1000 votes are cast in presence of now candidates representatives because now candidates are not their representatives are coming and in their presence it is done and this goes on. Again, it is a search, it is not a sampling. Search, if there is something wrong, it is kept aside and send it to Bell and ECL for repair. Otherwise, we find 5%. Then the third mock poll that is done is on the day of poll. All the other two mock polls were actually now 5%, 5%. On the day of poll, we do 100%. All the booth is supposed to be the machines reach there a day or before the poll is to be done on the day of poll early morning, 7 o'clock, 6 o'clock, depending upon the start of the election. In the presence of polling agents, polling agents are the candidates agents who are assigned to the booths. Many of them come, many of them don't come, but at least major political parties try to keep their polling agents reach on time to the booths. And in their presence, some 50 votes are cast, not 1000 or 1200 or anything. Some 50 votes are passed and in all the booths and in their presence and then after the 50 votes are cast, the result is checked and there to verify whether the count has come correctly or not. And they will give a mock poll certificate and it is reset and the actual election starts. So as the security or whatever the argument from the election commission or the claims that why these are a very, very strong, what do you call, you know, it is tamper proof or it cannot be had. And even if it is had it can be detected. One of the key concern on the security front is, if there is an undetected change in the software. It can lead to an undetectable change in the outcome. Now there has to be steps through which you are able to identify the changes in the outcome. So here through more polls etc etc you're trying to find out whether something has gone wrong and whether it is now trying to do something else. So we did come to certain aspects over but this was the reason this was drilled in not just in public, but it's also drilled into all the bureaucrats so any of you trying to have a conversation with any of the bureaucrats, especially the ones have not worked on the VVPET and at least not be very fresh with the debates around the VVPET they would all give you these arguments. It is not about electronic voting machine and it's what is going on inside. It is, we know that if there is anything wrong we know we'll be able to catch it and that confidence comes from these checks that are there. You know this environment in which the EVMs are to function and that we are so confident of. I think at this stage I'm supposed to come to why I changed my views. But I think this is the stage I can take some questions and if I'm going very slow or I'm taking a lot of time please tell me Suman or Sankarshan please. Sankarshan you want to comment on the speed I think it's fantastic. Let's continue. Let's just look at a few questions that have come in and I think Anand had the first set of queries. Anand I'm reading them out on your behalf if that's okay. I think this was related to the list of candidates there in the EVM and he wanted to know that how is that program going to the EVM. Correct. Now that is actually done through with the BU and the CEO loop. So here if you in this picture, I think it's very interesting that you asked this question. The, it is mass, you know, you, I think you're on the right of everybody, the right most ballot unit if you see on the picture. There are only 123456789, there are only nine, which are there, you know, right. And the rest of the buttons, the blue buttons are supposed to be their mass. So by opening it up and physically closing those, those masks, nothing electronically done there. And then the view on the CEO are connected, and then you do what you call as a candidate set, and candidate set is done by pressing the last button on the ballot unit which is whichever is the last that is to be done. And through that the number of candidates is set, not by connecting any other device any external device it is only connecting these two with these two machines only we are saying that the unwanted buttons are physically and the last button is used to convey to the CEO that this is the, this is the number of candidates or the last candidate that is there. Now this can, there are more than 16 or 48, etc, etc, then the last large number of such ballot units would come I think they here they are using three, or I don't know if it's the same one or not anyway this is just a sample picture. So I hope that I have answered. So can I go ahead with the VVPAT concern now? Sir, I have a couple more questions actually. So someone, Vijay Vithal, Jahagirdar from, and he's watching it on YouTube. He asked that he voted in assembly and after that could not get his name on voter's list after relocating. So do you want to shed some light on how voter's list is constructed? Okay. That is an entirely different topic actually. Can I take that? I'll definitely will take, but maybe after I complete because there's flow on the EVM VVPAT after I complete if that is okay? Yeah, I think that's fine. I think that there is another interesting question. So the EVM programming seems to have a stake is stoked up quite a bit of questions. So Samir has questions. Who programs the EVMs? Who does firmware upgrades? To whom does it go for maintenance? Which company? And it just goes on from there. I think let's kind of address this for a moment before switching to other things. So that is as much a mystery to us also as because what we do is we send it to Bell or ECL. If it's a Bell EVM, we send it to the concerned manufacturer that is Bell. If it is ECL, then we send it to the ECL. So there are two kinds of missions and is there any firmware upgrade? If there is, you know, there are, one thing is clear made to the district is that no repair should happen on the field. In the field, once the machine is there with us in the district, there cannot be no on the field repair. If at all anything has to be done, it has to be sent back to the Bell. Now Bell, ECIL, whether they send it to some other agencies or whether they do it in-house. What the commission claims is that they have a pre-tire security secured area within the Bell and ESI things dedicated for the EVMs itself. But then I found out that in 2018 Bell had actually issued a public tender for PCBs of symbol loading units and EVV pads, etc. So if they are getting the PCBs manufactured through a tender, open tender, then yeah, so these questions, please don't expect the exact answer from me. These are the questions that I am also asking the commission. But in limited understanding, it goes back to the Bell, ECIL, whichever is the manufacturer. And Yogesh Kirikumar had a question. Is the order of candidates fixed across all polling books in the same constituency? Yes. So once in the constituency, as I said, as Form 7A is done. So that Form 7A, or as what you see in this sheet, it's like this sheet only, exactly like the sheet with this ballot sheet that you have seen here. It is a sequence of 1, 2, 3, 4, 5, 6, 7, 8 with the names in English and whichever are the official languages. Later, they added the photographs and also the symbols. So all these would be there in the ballot paper or Form 7A. Your ballot paper comes essentially from Form 7A and that will be a single one for a constituency. So candidate sequence will remain exactly the same for every single vote within a constituency. So that also answers Yogesh's next question where he asks that are the names alphabetized and then randomized? I don't think they're randomized at all. No, they are not randomized. They're alphabetized. In fact, they're just ordered in the... And it is a very tricky affair because it has to be done in the language of the state. So it cannot be if it is in Bengal. So it has to be first written in the official name in the Bangla. And then you have to find out what is the correct sequence. And so that is like a little bit of a nightmare for a lot of people. Because any mistake there becomes a reason for later the election to be countermandered. Any mistake forming in Form 7A becomes a very serious issue later. So yeah, it is a sequence. There is no randomization involved. It is just there are three categories mentioned, national state registered and independent. And national state recognized together, registered and then independent. And then between that, each of that you will find... I could have probably shown a Form 7A, but you can find it. You just search Form 7A for any constituency. You'll just find it the exact three categories and their sequences mentioned. All right, so we'll take one question more and then we'll move on to the VVPAT era. And that last question would be, so does the BLO, I believe this is the Booth level officer. Does the Booth level officer have to enable voting before each individual presses a button? This is a question from Yogesh again. Okay, that is not BLO. BLO is a completely different line. It's involved in what you call as the electoral role and voter list management. What you are mentioning here is a presiding officer. In every Booth, there are three or four people who man the election. There is a presiding officer. There is a PO1, PO2, PO3, polling officer 1, polling officer 2, polling like that. And presiding officer, there is an exact list of what will the presiding officer do? What will the PO1 do? Somebody would be verifying your name in the sheet. Another person would be marking the ink on your finger. Another person would be sitting there with the control unit. Whereas the ballot unit will be there in that compartment. And every time that person would say that after the vote has been registered, the control unit is pressed to say that, okay, now it is again open for voting. So that the voter who goes there can do it. Yes, so yes, presiding officer has to enable the ballot unit for a vote by enabling the control unit after every vote. Is that clear? I think that's good. Let's move to the VVPAT section and we'll see if there are more questions later. Okay, so this is very interesting actually. And so what happens after the VVPATs were introduced is that, so our entire argument, we never mentioned in this argument, whether what is there inside the VVPAT? What are the chips? What kind of microcontroller is used or is there any kind of a connectivity? None of it. We base these arguments around the construct, which is not exactly inside of the EVM, but what is outside of the EVM. And that is how commission has convinced and convinced bureaucrats, convinced official, political parties, everybody to trust this. This is something that you all can verify. You don't have to just rely on some technocrat to say that this is not. Now, there comes the VVPAT and I'm sure this is visible. You see a VVPAT slip here. Can you see a VVPAT slip? Yes, yes. This is like a VVPAT slip, right? So can you tell what are the things that you see in this? There's a session information. Yes, there's a session information. Okay, I'm worried there's a serial number. There is a serial number. And this is a candidate name in the language of the state, right? Yes, there is a candidate name. There is sequence of the candidate, serial number of the candidate. And there is a symbol of the candidate. And there is more information. I can actually show this. Is this visible? Yes. So now this is actually that is an actual VVPAT slip. This is from Bell's PDF document publicly available. I have also featured about the link and everything on Twitter. It's not publicly available in the sense Bell has not published it. Some election commission official officer had somewhere uploaded this inadvertently. And so I archived it and then sort of put it here. So this is from the official documents only. So there is a serial number, serial number of VVPAT. There is a whole session number. There is a candidate name. So here ideally the two languages should come. Then there is a candidate symbol. There is a candidate serial number. So these are the information that is available in the VVPAT. Now this is where the question should come as to how does the VVPAT know all this? And this was exactly my question also that how did the VVPAT know all this information? So what happened was that we had this concern as to where is the, you know, what happens to the vote when the vote is going from a ballot unit to the control unit. Ballot unit to the control unit. I am pressing one, button one. I know also some light is showing, but I don't know what is getting registered or recorded or stored inside the control unit. And this was one of the key concerns like cast as intended, recorded as passed and counted as recorded. So in that principle, there is something I missed because I don't know whether it has got, you know, I'm showing it is cast as intended, but I don't know whether it is recorded as passed. And I also don't know whether it is counted as recorded. So this essential principle of a fair voting process is somewhere, you know, our free VVPAT EVM machine was found to be inadequate. And there are a lot of concerns, a lot of questions being raised, books being written, petition being filed in the court for improvement in the process. And that has always been the case. We started our election process with in 1951 or something like every candidate having their own ballot box. So if there are 16 candidates, there used to be 16 ballot boxes. And, you know, you put a paper in any of any one of that from there we changed to one ballot box and, you know, and ballot paper was for the candidate multiple candidates. Then we introduced the EVM, then from into EVM questions were raised, and then we came to EVM plus VVPAT in around 2013-14 period. So this concern, how do I know as a voter, what I pressed is what is stored in the control unit. How do I know this and this is where the answer as a VVPAT or a voter verifiable paper audit trail came in. And this has been under discussions in many of the computer science papers and electronic voting machines in the 90s, if I'm not wrong, in the 90s and early 2000s also. That VVPAT is the way forward because you don't need an independent, verifiable mechanism to ensure that the electronic voting is correct, you know, it's correct accurate. So for that we need an independent verifiable mechanism. And one way to do it, probably the only way to do it is to go for a paper trail, which can accompany. And that is how VVPAT had come in. Now, but when we introduced VVPAT, we did some very interesting to guard, because as you know we had these, you know, ballot unit and control unit already with us. And this would only connect, you know, there is only one cable, if you look at this ballot unit, you will see there is only one cable coming out from here. And that cable is a nine pin serial connector, it will go to the control unit, it's supposed to go to the control unit. Now, we have a concern as to we have to introduce a new device into this, that is a VVPAT. Now, where do we keep and we can't make new CUs and BUs. We can't keep make new BUs and CUs and if we have to add another device, we need to add another port, right? If control unit is to connect to ballot unit and to the VVPAT, our control unit needs to be now redesigned so that it is able to communicate with VVPAT also and also to the ballot unit at the same time. But our existing ballot units and control units were not like that. So then I'm assuming that is the reason. So what we came up with a solution look like this. You see the ballot unit on the right most side, the A, B, C, D what is written there. And then you see the VVPAT in the middle. And then you see on the left side, you have what we called as your control unit. So why we did it because now the same wire which went from ballot unit to the control unit can be taken out from the control unit and connected to the VVPAT. So BU connects to the VVPAT and VVPAT now acts as a ballot unit sort, you know, for a for a control unit. And then from here, another wire goes to the control unit. So what was done. So in the next picture goes to makes it clear ballot unit goes to the VVPAT and VVPAT from VVPAT it goes to the control unit. So this was our design solution for introduction of VVPAT. I'm sorry for smiling because it is unbelievable for me that we came out with a solution which cannot be called anything other than a jugard. This is this is the pure jugard, you know, so that we can use the existing BU and CU by keeping something in between. So now the VVPAT mimics a CU behavior for BU because this is a previous BU which is only supposed to be connected to the CU and VVPAT mimics as a BU to the control unit. The vote flow, the vote, which is flowing now is from ballot unit to the VVPAT and from the VVPAT to the control unit. And this picture is also from election commission on Tamil Nadu CU previous. So all the pictures that I'm showing is none of it is I have not made all of these are from commissions on previous that are there from various states or Bell or ECL documents. So this is our design architecture solution that we did. So, so now the original question was, we don't know what is getting recorded in the control unit. That was our original question. The way we introduced our VVPAT even right now we don't know what is getting recorded in the control unit because ballot unit vote is sent from ballot unit to the VVPAT. And from the VVPAT it goes to the control unit. So we know what is going from the BU to CU VVPAT because VVPAT prints the slip. But we don't know what is going from VVPAT to the control unit because it just remains the same. That is not what was supposed to be. Even in the Supreme Court direction it was that what is getting registered in the control unit should be printed. It was not that what is getting printed should be get registered. This the sequence was something else. But the way we brought in because we wanted to use existing BU's and CU's as it is, I assume that is, I am not in an authority position to say that that is the reason why we went ahead with this. But I can't think of any other reason to come out with such a design. So in between that is what our position is. So VVPAT is right now sitting in between. Now this itself has a lot of concern. There are multiple diagram which shows how the connection is. Ballot unit to VVPAT and from VVPAT to CU. So CU is with the polling officer kept control unit and the VVPAT and BU are usually kept in the compartment in the cabinet. So the question now is what is casting the vote to the control unit? Is it ballot unit or is it VVPAT? If you take these as black boxes, we don't know what is inside and commission has not revealed what is inside. If you take these as black boxes, VVPAT as a black box, BU as a black box and CU as a black box, now the vote is getting cast by the VVPAT, not by the ballot unit. If you take away the ballot unit also, technically it is possible to cast a vote to the control unit without any intervention. Now this is our technological solution that we have come. Now the question further that arises is that when is this symbol, you say this K or something name, etc. details that are shown in this VVPAT. When is this getting uploaded onto the VVPAT? Somebody has to upload it at some level, some stage and these are not physically uploadable. You can't type in, there is no place for you to type in and there are symbols. You can't type in this symbol and so these information has to be uploaded and these information has also to be mapped because it has to say that first number, the button 1 is corresponding to this. That is why when you are pressing 1, the candidate corresponding to one's name and the symbol will be printed, nothing else. So it has to be uploaded and just be mapped. Now when is this done? That was one of the key questions that I was doing during the introduction of VVPAT. This can be only done after the candidates are known, before that it is not possible. And candidates are known and Form 7A is published and that is the stage when it is actually done and that is the stage of commissioning. Now before commissioning as we discussed earlier, certain steps were already done. That FLC was done, first level check in front of the political party representatives. The mock poll associated with the FLC was done. First level randomization was done as to which constituency these EVMs are going to. Second level randomization is done as to which booth these EVMs are going to. And now the Form 7A or the sequence of the candidates is also known and at this stage you also know when is the election date. So all this information is already available or is in the past. And it is at that time during the commissioning that we upload these names and the symbols onto VVPAT. How we do it? We use a laptop. So the bell or the ECIL staff they bring. So these are not secured laptops or anything kept in the strong room. They bring it from whenever they come a day or two before the commissioning day. They come on the day of commissioning. So earlier we were under strict direction not to allow any electronic device anywhere near commissioning room and you know first, second, third level security blah blah blah. Right now, but it is said that they should be allowed to bring in certain devices. One is laptop in the other is symbol loading units. So I'll come to that. So the laptops are brought in and then in our case internet it had to be connected to the internet. The laptop had to be connected to the internet to the election commission server to download what is known as a symbol loading application. Now that is here, you know, creation of symbols. You're able to see this right? Yes. Okay. So this is that symbol loading application. So they use the download whatever is this symbol loading application either from some device, but normally because since they have to format their laptops, it isn't there at this thing. They downloaded from the commission server and onto the laptop by connecting it to the internet. Now once they download this symbol loading application, they create a VV patch sheet. And these are all from Bell documents. Bell documents says that they create a VV patch sheet and they have to enter the constituency number, constituency name, total number of candidates, etc. And the details of the candidates also and create that replica of form seven a this this sheet that we said, then electronic replica of that the same VV patch sheet has to be created. And once that is created on to the created on the laptop. Now, from the laptop, this particular presentation is on that from the laptop, it is taken to the symbol loading unit. It says open the symbol loading unit for M3 VV pattern PC laptop select load VV patch sheet and select the constituency name, etc, etc. And connect symbol loading unit to PC through the PC port mark on SLU with a nine pins here. So you connect a nine pin serial cable from the laptop. It's like, I remember doing a lot of microcontroller programming and for robotics and stuff during our college days using, you know, these these cables so it is like that kind of a thing from laptop they connected and to the to the VV patch to the symbol loading unit first and then the load symbols from PC is collected and then it is all downloaded on to the symbol. Now, once it is downloaded on to the symbol loading unit, the next step is uploading these symbols from the symbol loading unit to the VV patch. Now, why do we do that because we don't have those many laptops. Otherwise, you know, we could have removed with this symbol loading this but making so many laptops would have been very costly. So we again did a jugard and said that okay, let me laptop and let there be another device called symbol loading which is a very minimal USB. It's not a USB it is an active device so something of that sort in between which which is cheaper and mass produce that you know so laptop one laptop 20 symbol loading units and from those 20 load symbol loading units again connected to the VV patch using a nine pin serial cable to all the VV patch 100 or 200 VV patch which are there. Now this is done at the time of commissioning. Now this is where now an external connection is done to the VV patch and this is for me it is concerning because VV patch is the one which is casting the vote to the control. VV patch is casting the vote to the control unit. And it is to the VV patch that now you're connecting an external device, which is not stored secured or anything it is brought in and it is taken out external device and it is connected on around 1520 days before the commissioning. But at the time, when both the stages of randomization is now irrelevant. Why because first randomization is done second randomization also already done. So both the randomization is, you know, prior to this external connection. So both becomes irrelevant. At least, if I know I have to do something, you know, at this point. Similarly, first more cold becomes irrelevant during the PLC because that is also done previously. It's like doing a computer scan and then connecting it to an internet. So the previous scan is almost, you know, you can't relate entirely on that. So this is done that is done. Now what we have is the candidate agnostic nature part that is also not there. Why because now the electronic the machine knows when the vote is going from button one to this VV that that it is so and so candidate. If I know the symbol, I can even tell which party it is. If this is the symbol, let's say this is a hand or a or a lot of something else. I can very well know party name is not important. But the symbols are there. So once you know the symbol, it's as much as as good as they're knowing which party the vote is going to. So the machine is now candidate aware, very well aware as to candidate one is so and so and two is so and so. And we can technically know who has got the, you know, which party has got the maximum vote at the time of voting itself, because it is printing each of these, each of these sheets, and it is also accessing a particular memory location to do that. So candidate agnostic nature gone both stages of randomization gone physical access that security that we said that we don't allow anybody to connect anything to the machine is gone because now we are actually physically connected cable. The aspects of first mobile and the PLC that was done that is gone. The other argument of even being an unconnected standalone rudimentary device, as far as I understand he's also gone. Why because first, if you look, this is the VVPAT machine, so see this. You see that there is an IO, of course a nine pin serial whatever is there it is something is getting input something is getting output. It has a programmable memory, at least where I am able to I'm not saying the program part of the firmware part, but it has a memory wherein I am able to load the names and symbols and etc etc of the candidate is a memory that is to manage. It has a printer so there has to be a printer driver etc etc for it to print this information it also has a light driver it also has a timer it also has an IR sensor, all this in this particular machine. So if you have a consider this as a screen this is pretty much like a well, you know, good computer as good as a, you know, it is not just a counter that it adding plus one plus one plus one and keeping it there. No, it is far more beyond that this is also not unconnected because it is getting connected to an external device. So that argument of being a one time or a rudimentary or unconnected all those arguments are also. So now the whole commission arguments only two things are left technical security arguments are out physical security arguments are out from the process safeguards the randomization is done prior to the connection external connection. The candidate agnostic nature is gone because the machine is now candidate aware. The first mock poll is also out because it is done prior to the connection. Now what we have two more mock polls. The first one that is done is immediately after this commissioning is done you know when commissioning is when you make all these things things connect together. We upload the symbols onto the VVPAD we paste this paper onto the ballot unit, we set the candidate and we said okay everything is now working fine this EVM is fine to just be placed to the booth. Now at that time we do a we do a mock poll and when we do that more for here as I said we take 5% of the EVM and then we do a random thousand poll to be done, which should have been a good check, provided these two things which I found to be a little scary. One is the session information with the VVPAD. So it says here itself. This is again from Bell document. It says poll session information to look down the session number starts from 0 to 99 with each power on it gets incremented by one. It is reset to zero after uploading ballot paper symbols to VVPAD and three or after session number 99 so it is able to incrementally remember if you switch it on switch it off that this is number session one session two and you can check it if you're going to vote tomorrow in a constituency. There is a button that is accessible to every voter just behind the VVPAD go and just switch it off and switch it on okay then the next time the machine would run it will say session two session three you know it will keep saying that and you can also do a very interesting experiment to say that how this connection is correct or not whether this is correct what I'm saying when a ballot you know when you press a button when you press a button in the ballot unit and it comes to the it gets shown in this VVPAD as this what is called as K or whatever name symbol. It is supposed to hang there for seven seconds and after seven seconds it you know there's a cutter and then it cuts and then it falls down. The way it is programmed is that the program isn't this from my I tried at least 20 30 times and every time consistently behave the exact same way. If it is at the time of it falling down this particular paper if you switch off that button which is behind this VVPAD machine is accessible to everybody does not cover it. If you switch it off what will happen is this particular paper will get inserted inside this machine this VVPAD box but what will not get registered in the control unit. So your ballot unit you have pressed something your VVPAD has printed the slate but your control unit has not registered it till now. Why because the way it is designed is it has it is supposed to completely fall down there is an IR sensor or something that I suppose only after it completely falls down it sends the symbol to the control unit to say that yes now go ahead you know this is the vote that it can you hear that sound that comes up. But the moment it is falling down if you switch it off it goes into a failsafe or whatever it just starts down and very interestingly afterwards if you switch it on the VVPAD it will say a separate sleep will come a small slip would come saying that do not count this vote. Why because machine machine knows that it has not sent that vote to the VVPAD. So it will send a separate slip saying that do not count this vote. Now why is it foolish because you do not know which vote to be not counted. This is a separate slip which is coming in there might be 500 slips already inside that and in that you're adding one small strip of paper coming down and saying do not count this vote. And so this I had asked the engineers there and they once stated and also shown them and saying how am I supposed to know which vote not to come. This is just a random paper that is coming in but it also shows the dependency or the vote flow from ballot unit to the VVPAD and from the VVPAD to the control unit and how the VVPAD actually cast the vote after everything the VVPAD has done and then it is sent. Now this is all black box analysis whatever is inside unless the commission comes out and says this is what goes on inside you know you can't counter you can't agree or disagree. Now comes the here what you know as a session information that I said this particular here also should be able to see that it's a little tight to see that. So here what you call as a session information and there is also this after M2 version of the commission this must be anybody was born to the election commission PDF this is one of the standard format that they have. They have something called if you look at the right side, they have something known as real time or time and date stamping of the key process so idea you know the machine actually is time and date stamping each key press. That's what the commission also claims and in fact you can take out a sequential print out also from a from a control unit, you know, the sequential printouts can be taken and during a policy it can be shown to tell them that okay the first word had gone to, you know, so on so second vote had gone to so on so third vote had gone to so on so that level is also done it is not just an aggregate candidate 100 votes candidate to 300. No, you can actually go and take out a sequential print out saying that candidate one gave this vote to so on so that is also possible in the medium and the sequential vote picture is also there. But here it's also says that there is a real time flow for time and date stamping the key process. This is slightly problematic for me as far as the second mobile is concerned, because if you know the current date, today's date and time, or either through VB patch session information or through the date and time information. And you also know the date of fall, you know that today is not data. So all that you need to do is that if not, if not date of fall, don't do anything. So it becomes that whole more fall becomes kind of a, you know, it can be, it can be overcome it can be bypassed. So this is a question that I'm asking myself also that, you know, it is not possible for me to say that that is full through, because the machine has information as today. And the person who is connecting or the person who is it need not be even the person who's aware and knowingly connecting it when the, when the person is connecting into the election commission server it can be managed the middle or it can be anything which is there on his laptop he might also be not aware. So who is trying to influence at the time of commissioning. At that point of time he has three key information already with him, which both this is going with what is the sequence of the candidates in that constituency that candidate 123 who are these people. And three, when is the full date. So all three information is available at the time of connecting VB patch even to an external device. So if I know the full date and if I know today's date it is. Of course everybody here I'm assuming that they are much more than expert in cyber security and even computer science programming that it is nothing of a concern at all to overcome that then. The only thing that we left with is the last mobile that we do on a on a full day that is also, you know, that is the most weak link or the weakest link even in the free VVPAT EVM process because it pre decided that it is going to be 50 words or 60 words around 50 words. Once you know that it is 50 what it is so very easy to overcome that anything. We just need to ignore that, you know, when count more than 50 start to that is it. So you don't have to do anything else. Kind of surrender. Whatever the commission itself claimed were to be the security features of our EVM, the introduction and the baby introduced in the end surrendered all not not one. All the processes and you will not find a single argument for EVM security other than the ones that I mentioned. It covers the entire thing. And all of it has been surrendered by the introduction of the way we introduced I will I'm not against VVPAT. I would like to call it that. But the way we introduced it it surrendered now VVPAT the way it was supposed to come had two key aspects I'm sure process by energy must have said about it, that is the variability of the vote at the time the individual variability at the time of voting and public auditability at the time of counting, you know, the water verifiable paper audit trade. There also we did to God. Our variability is not an active variability. The water does not have any agency to verify whether what I pressed is what is getting printed. He or she is supposed to you know, I pressed here and I looked somewhere for I did not know where to look. It must have gone down or let's say I programmed the VVPAT in a way that hypothetically that it does not even wait for seven seconds. It just falls down. Okay. Or the light doesn't work and whatever whatever whatever thing that happened in said these are all, you know, assuming it can be programmed. Let's assume one of it happens and I failed to notice the paper that went inside. I have not verified it. So the current process that's not ensure that the voter has verified the vote. That is again a concern. It is like you verify. Okay. You don't verify that also. We will take whatever you know is getting printed. We assume that you verified it. It is your job. You don't. So that paradigm also is is one compromising from a VVPAT point of view because we are not verifying it. Second thing, let's assume. Okay. Now I have a concern about this is not I saw that it is going to somebody else or I can say that I did not see just fell down. It did not wait for that much time or I, you know, I'm not sure whether I saw it correctly. So you can go the legal framework right now says I can go to the presiding officer file a complaint and then go and get a test vote. A test vote is a transparent vote, where in the presence of everybody, I'm allowed to vote and show, you know, whether it is seen whether it has come correctly or not. Now, if it is correct, if it has come correctly, then the person can be prosecuted and find and jail, you know, it can be prosecuted and find to find is definitely there, you know, in the rule itself. So, here comes the where the election process is punishing the voter for doubting the machine. You know, the whole exercise is supposed to be the, you know, an exercise, sovereign exercise of the voter, but our election legal primer, not only our technological framework is enabling or ensuring variability. But legal framework is actively discouraging variability and says that that is not done, you know, if you if you unnecessarily come and here make a sort of a thing, then you can be prosecuted you can be fine whatever so nobody bothers to do all that. Most of the time they just press and then they look here and then many of them just just walk out and here again variability comes out and the thing is other thing is here we assume our this test vote paradigm assumes that any manipulation will be a consecutive one, you know, it will be a continuous one that if something is done on this vote, it will be done necessarily it will be done on the next one also, which again I find to be what you call a name assumption. I don't think that is, that is a correct assumption, because nobody is going to do such a thing, you know, they might randomly take one in whichever number to take seven to nine and 11 something like that. That is not random attention to an odd sequence but something like that, if you want to do and if the consecutive one is not, then 100% the person will be proved to be wrong, and he can be prosecuted for that. So the current variability paradigm, not technologically does not ensure variability, it only allows for passive variability. Legal primary discourages variability and the whole thing, even if we allow, you know, we go ahead with that argument also. Then also only thing that allows for is that consecutive, you know, what is the next vote that it cannot possible for the voter to verify what he voted actually, and the test vote is actually discarded at the time of one vote is reduced because it is taken down as test vote cast of course also candidate one. So when it is counted that test vote is reduced from the count of the candidates at that point. Same thing comes with the auditability or auditing part I'm sure this again I'm repeating, but every election to a constituency is an independent even. And if at all statistically you have to find out a sample the right sample to go ahead with it, you should take the population of that particular constituency to decide upon the sample size. The population size cannot be the 10 lakh votes that we have across the country, the elections can happen in a bipolar in a particular constituency, election can happen in a locks up a constituency election can happen in an entire state election can happen to the entire country. So, but every level and every election is important and every election should meet the, you know, characteristic of the, somebody's drawing something. Yeah, sorry. So, at every election also these these sample sampling requirements statistically significant something has to be matched which is again unfortunately not the case that we have like we had that example in Bengal where in a few people came out and said we voted for them it went for somebody else. Now, they could have been saying truth, they could have been saying live, but the fact is we have no way to verify, we have no way to tell whether they were lying or whether they're saying the truth, and that is the limitation of our current regime, when it comes to the event. We don't ensure variability, and we don't do adequate auditing also statistically what is the hypergeometric distribution etc etc I think you know some man, somebody else would be the best person to comment on it. So, while we surrendered all the arguments that we had for the pre-VVPAT, we also did not benefit from a true VVPAT truly verifiable VVPAT design. That is, that has been my concern with respect to the, the shift to the VVPAT and that is why post 2019 or during those 2019 elections I started raising these questions, and we just been continuing for a while now. I have raised these, written these questions to the election commission also. Unfortunately, our framework is such that the same technical expert committee who has designed the EVM are the ones who will also review or you know, any questions raised, everything is the same. And there are not even two experts from the same field in that, like one expert from each field. So, nobody can counter on a view, I think in a basic tester, in a two person company also there would be a developer and a tester. So, but we don't have that kind of framework where an independent body where I can raise these questions and expect to get an answer. So, that is from me, from EVM, VVPAT and my concerns with respect to the process point of view. This is again to say, not to say elections are hacked, that will be very irresponsible to say that elections are hacked, this election was hacked, this was not hacked, that was hacked. It will be very responsible to say X or Y elections are hacked. No, it is to say that certain, you know, a window is open, you know, and you are saying that the window is open, you are not saying somebody has stolen something. If you are seeing that window is open, it is a duty to say that the window is open, please close it, or find out why is it open, or is there a different way to do it. There are two things. As I said, the change that can come in due to this changes in the software is undetectable. You can't detect. And if you can't detect, there is no way you can say whether it was hacked or not hacked. Two, at any point of time, if there is a change that might come in, that change would be an irreparable change, you know, loss. It is not that you can go back after that, let's assume it sometime in the future because of this non-vulnerability something happens. And this is not a question of BJP or Congress or that is the least of the worry. I think we should assume that our political parties are integral enough not to do such things. But at the same time, there are also national security arguments involved. Why are we assuming that other nations are not involved in influencing our elections? Why do we think so? Do we consider ourselves as not important enough that our elections, even small countries elections are attempted to be influenced? Why do we consider that ours is not an important election enough to be important enough to be influenced? I think that is the case. Again, those questions, the national security arguments would again come to the way forward. That is whether it is a blockchain or a public blockchain or our own blockchain, whatever is the way forward with it. And that is from my side only. I think some of the questions with respect to any of this I can take. I think I took a long time. Sorry for that. No, I think this has been quite illuminating in terms of raising questions and showing where to raise questions, because that's the key, right? It is important for us to strive to find independent forums in which to find answers to the question, do the process and all of that. But having the questions out and having this conversation is open. I think there are questions from YouTube, which have been queued up and there are questions over here in the chat as well. Suman, would you like to just go through the questions as you have them? Yes, I will, but I will be a bit selfish and put a question of mine first. Let's assume a very simple voting machine. All we have is this button and when you press a button, one bit gets turned on and then there is this infinite strip of bits. So I go in, cast a vote and the bit changes to one. Then you go in and you vote for the other candidate assuming there are only two candidates. You vote for the other candidate and the bit goes to zero and the voting process goes so on and so forth. Now my question is, even with such a simple machine, if I know the order in which voters went into the voting booth, I will be able to figure out who voted for which candidate. Yeah, in fact, that's what I said, if you go to the documents of FLC and try to search FLC and SQL to print out. You will find that EVM can actually give you a sequential printout that which first vote went to whom, second vote went to whom, third vote went to him. So that is there in the machine and you also have a 17A that is in register of voters wherein you write down as to vote number one was so and so. You don't write the vote went to whom but you write who was the first voter. So you have the second voter, you have the third, so you have a list of registers and you also have a sequence of votes and that if you have then of course there is nothing. But the thing is, you don't, this form 17A and even the sequential printouts are only supposed to be taken out of EVM or the form 17A out of a strong room only on an election petition and upon the direction of a high court. That is the direction so it will be false statements will say that it is not possible, it is possible, very much possible. But the safeguard is more administrative in this regard that form 17A is kept in. So you can argue that from 17A before submitting it to the strong room somebody else can keep another copy in the both itself or the polling agent can have their own copy. Not just the person who is presiding officer or the polling officer who is doing somebody, the polling agent can also keep that who came one, first, second, third, etc. So the 17A copies can be done but the sequential printout is only supposed to be done upon a direction on an election petition from the high court. Now I understand that the votes are stored in the control unit, not the ballot unit, right? And I think this was a question that Yogesh had probably. So now if the ballot unit, let's say you voted and the ballot unit goes and you know in the middle of voting process, a ballot unit malfunctions, it will probably be taken to Bell, right? And there the engineers can figure out the memory layout, right? So until and unless the ordering which? Once the EVMs are combined in Bell, you know in BU and CU, ballot unit is controlled in it, if there is any malfunction in any of it, either of it, you don't replace one, okay? You replace both. What you do is you save, let's say it happens after 200 votes, okay? Happening after 200 votes, you secure that 200 votes because it is already there, you close the control unit or whatever the position it is and you bring in a new BU and a CU and continue with the voting from 201 onwards. And what happens if the control unit goes bust? If the control unit goes bust, if that is the case then, you know, if it goes beyond any like if it gets fired or something like that or pushed or something, then it has to be, the votes have to be recast, you know, it has to be done again. Otherwise, if it is any other malfunction, it is just closed and it is kept. So there are Bell ECIL staff who are associated with section officers in this thing. So whenever such instances come, they go and see, okay, this is now not possible to continue, keep it aside and go ahead with the next. But whereas if there is a replacement for VVPAT, here you don't replace all three. Here, you only replace, if there is a malfunction with a VVPAT, you replace that VVPAT and add the other VVPAT. That is because VVPATs were known for a lot of malfunctions. There had a very high malfunction rate initially, it was 10% or something. Okay, Taha Ali has a fantastic question. He's asking, is there any encryption or crypto being used in this machine at any stage? From what little I've read, it seems they introduced encryption in the EVMs in the last two, three years, but I can't seem to find any literature on what it's being used for, how and why? Yeah, see, this is what the, I don't know, I may not share in one second. So yeah, this is what the secure design features the commission claims. But this is all, right? So commission does not claim anything else. It's the dynamic coding of keepers, this is not possible, real-time stamping. And it also says there are certain fail-safe communication mechanism that if you connect it to something else, then it will not. And again, because I'm not an expert from the inside of a bell, I'm not a bell engineer or design engineer who can say that, okay, this is the cryptographic element that is there involved in this or which is not there. I don't, in my understanding, limited. I don't have any cryptography involved at this stage in any of the EVMs. So Sabir HH has a very interesting question. He's asking, how is the data saved? I saw one video that all the votes are stored on Excel sheets on Windows computers with the operators in the strong room where they collect the data from each EVM computer. Is this correct? No, absolutely not. This is stored in the control unit itself, you know, whatever is the number that is there in the control unit that is in the electronic form. And as paper slips inside the VVPAT, okay, that is there inside the VVPAT those papers. So in paper form, it is there in the VVPAT box. And in electronic form, it is in the memory of the control unit. Now here actually comes a very interesting question. What is a vote? Is it the paper? Or is it the vote that is registered in the control unit? There are now two representations of your one expression. Your expression of vote of passing to X or Y candidate is now stored in two different forms. One in the form of paper and the other in the form of electronic data. Now what constitutes legally a vote is not settled there yet. We don't know. Commission has given that if there is a discrepancy between the control unit, the vote that is registered in the control unit, and the vote that is in the paper that is kept in the VVPAT, then the VVPAT is the one which should take precedence. So let's say it says 100 and we could count 101, then in the result sheet, we are supposed to update it as 101. That means VVPAT sheet paper slips have the preference or the priority. Now that creates another issue because if that is the case, then VVPAT slip becomes your vote. And if VVPAT slip is your vote, then you have to count every vote. You can't count a representative of the vote, you have to count all the votes. And then again, this question comes. No, it is not saved in any Excel sheet. It is kept on that counting day in front of every political parties, etc. It is open. The strong rooms are open. One by one in there are some 15 counting tables 15, 16 depending upon the thing that is kept. And one by one it is kept. It is opened from that box. The serial number is supposed to be shown to the counting agents. And then it is, you know, total number of results candidates, etc. And then from there, you take it down to a paper. Okay. On the paper, then you have a blackboard also on the blackboard also it is written. Okay. So every constituency it is done in a single place. So the candidates that are sitting there. So the blackboard it is written candidate one these many votes candidate to every round after every round. On a paper also it is written and also on the computer. So as you said, when Excel sheet the computer, it is formed. Now that is just for data piling purpose. The data is stored in the control unit. The data is actually shown in terms of blackboard right now there itself on the paper and taken. You know, you take the signature of the agents also there who are there that it has been there that it is to their satisfaction. And then it is kept in the kept and finally along with the signature of the observer. It is compiled into a result sheet and certificate of election is made and certificate of election and result sheet is transferred to the send physical papers and also electronically it is sent to the election commission. So at no state it is stored as Excel. Right one follow up question. So even on the ballot unit. The votes are probably stored in an eProm, right? It is a programmable read only memory. I don't think so. I don't think so. The ballot unit is just a press. No, sorry. I'm in the control unit. I'm in the control unit. Sorry. Now on the control unit that eProm. Yeah. Memory layout will not be randomized. Right. So what will be recorded as they arrive. I don't think there is any inside randomization that is happening within a control unit. It is it is just okay. So that is a potential vulnerability because that would allow an adversary to figure out one sequence. No, that's what I'm saying you can act. Okay, you're, you're assuming from once you get access to it then you might be able to find out as to how but otherwise a sequential print out itself is possible. You can just take it. Yes. No, I was thinking about pre-VVPAT days. No, even this time talking about pre-VVPAT only. Okay. Okay. So there was this. Yes. Even before the VVPAT itself, if you find out the documents, you'll find that a simple print out is possible to be done of a sequential in a sequential. Okay. All right. So there are very technical number of questions. Number of questions actually. Oh my God. I don't even know where to start. Okay. Let's go. I don't know if Shankarishan or Zainab Devol agree because some of them are also equally knowledgeable in the, in the, in the discussion group. At least they can also pitch in and give their views for their own zoom. No. Yeah. Yeah, absolutely. I mean, it doesn't necessarily need to be questions directed at you. I think you have firsthand insights, but they're obviously are others who are equally. There's the conversation happening on the Zoom chat. So that's one thing, but the thing is that the conversation is moving fast and it's the questions are coming hot and heavy at this point. So it's very interesting. Yeah. Yeah, I'm also unable to actually I'm supposed to answer then I'm unable to catch up with the discussion that is going on on the chat. Okay. Fine. So I'll just close the chat. Okay. No, it's okay. I think we are trying to answer some of the questions. Okay, sorry. I'm talking to go in the chat. Google, please. The chat for that. Hey, Kiran. Hi. Hi. So Kiran, I was saying, this is quite an alarming situation. Right. So, you know, this is getting us to an arcade system where the entire the voting becomes a farce. Right. This is something people like people like David Chrome has anticipated this kind of a mockery of election systems. If we use primitive technology stack. This is really a concern for example, we are getting into an era where massive computers, big data systems can over through the the kind of information information systems because the moment you have all this data. The electronic data coming from the VP pad machines using software defined radios. Nowadays we are seeing we can hijack a much 370 you can hijack a plane. Then what how is it difficult to hijack an electronic voting machine. It's not a big deal. But in this case, I think actually that modern technology is more vulnerable, not less. Exactly. That surface has not been sufficiently studied. Exactly. Whereas primitive technology. Like Karnan said correctly, we need to randomize it using differential privacy. Scrambling has to be done. Differential privacy is not yet in production use in any significant system, you know, because nobody. It was proposed to the US. No, but different. Sorry, I'm butting through. But differential privacy in this particular case would be very problematic given that both have elections have been decided by a margin of a single vote. Number one. Number two, I think the more appropriate, the more appropriate, the more appropriate solution would be to look at homomorphic encryption. But the problem is, we're still about a few five to 10 years away from that kind of technology. Right now it's kind of slow. And homomorphic encryption with multi-party computation system would be good. Because if you trust a single, what I was saying is homomorphic encryption with a multi-party computation would be beneficial than a single machine computing the final outcome. Because you know, when you have a central system, a central machine deciding the outcome, there is always a risk that somebody can do a man in the middle attack. Or civil attack or any bison in attack. That's the fact of the matter. And I mean, I would say yes. And the interesting bit is we are still and you know, all these attacks that you're talking about, they're totally, I mean, it's totally doable. And on traditional. It has already happened in US elections. It has been done multiple times. Now I'm talking about things that cryptographers these days are working on and that's trying to build a post quantum secure e voting system. So essentially, you know, people can hack it for election bonds. That is the funny part. Tomorrow, when elections will get monetized in India, you're now seeing election bonds coming in the market. Just for profiteering in the election bond market, people would trade with your votes. So the entire vote will become a mockery. That's what going to happen. You know what, when this Indian election will be the largest election bond in the world, just imagine what will happen if our election bond market will be open to international hedge funds. What will happen is it will be floated on future trading and then when then the stakes are high. This will be funny scenario. You know what? All right. So I'm going to suggest that we come back to this topic, but we'll walk through some of the questions that are there. Sorry, yeah. Probably we can try to hijack the conversation. Sorry, Karan. It is interesting to know, but at the same time, we have to be a little cautious in the sense that elections are not just a technocratic exercise that are to be satisfactory to people who have privilege or knowledge or understanding of various techniques. Exactly. Yeah, that's for the common man. Yes. The last of the men. Last of the men. I mean the people. Sorry for being gender sensitive. Yeah, no. That is the last, you know, it is very, very, very much important that the elections remain what it is. It is actually the transfer of sovereignty from an individual to a government saying that yes you are and that has to be a fully aware exercise for that person who is exercising that, you know, vote, he's doing that, and he should know, I think that was what the, I think the human constitutional court also commented when it came out with that judgment, saying that for that person should know and she should be verifiable to him or her that that, you know, this is what I voted and this is where it went and that is how it got countered and this is that is how this, you know, she got elected to go on on my behalf. So that is something, again, that should be kept because we cannot take away the whole election process to a project mode, you know, how to find a solution to it, which is technically acceptable. No, we have to find a process that is technically acceptable and at the same time, democratically acceptable, it is democratically accountable, and it is also transparent to everyone. Exactly. Exactly. Thank you for bringing up the point because this transparency is very much required at the end of the day, the audit trail, without disclosing the privacy of the individuals, instead of like, you don't need to disclose, there should be a differential disclosure of the summary of the vote from each, each polling booth, so that at the end of it, you know, it is just like we give a now we are letting people to do predictions right predictions of exit polls, and then pre exit poll right before the event before the poll. Why don't we have the summary of the elections data selective disclosure through using again like we were saying differential privacy and multi party computation cannot be used for counting the result. But at least we can give the aggregate using, you know, there are protocols like multi party computation which can be used so that if in a particular country or in when we have a panchayat election or election happening in a state, the aggregate of all the stations. For example, if there are 10 polling booths in a particular panchayat, the outcome of the summary of that could be disclosed that day itself so that there is no scope for tracking later, you can change the number of votes, you can so the summary, once it is out there in the public, that's how we get the accountability right. What do you say about this suggestion. Again, I have myself here and in all the talks reprimand from giving any suggestion as a solution for one reason that I don't agree with the way we have come so far. Right. I'm so far in elections because it was always a closed process, you know, it was not a peer reviewed process. It was not a peer reviewed process, let's say that this is how the EVM should be and nobody commented on it, nobody, there was no, you know, the same set of people designed same set of people. It is now in the hand of a selective few in IAT the professors, that's really dangerous. I mean, I'm not saying that it is with the IAT professors, but it has to be in any science, there is an established process by now. And if we are looking for a scientific or a technological solution to this problem, then also we should, I think at this point of time we should not. I just wanted to point out a couple of things over here. One, today's session has been designed to raise the questions. But this is also tied into the project that we have where we gather the evidence and submissions and just like what you're suggesting that there are alternatives that need to be explored, there are scientific approaches that need to be taken and they need to be assessed with the aim of making it more explainable and more transparent. Is there a meeting where we can continue this conversation? Absolutely. I'll post the link or Kiran can post a link on the chat and then separately and we can continue this because this eventually will go down the path of where it becomes fascinating, netting enough and we'll just miss out on a few other questions. So I'm going to queue up the questions that have happened. Please let me, I'll be happy to continue the conversation in the mailing list. Absolutely. Thank you so much. So, Samid, thank you for your patience. I'll queue you up and you can have a go at your question. Okay. So. All right. Before I, I mean, I, okay. You know, I was trying to find your question actually. Okay, like, all of us are here and we are going to come up with a solution at some point, I hope, because there's going to be a lot of discussion but the discussions can keep on going. At some point, if when we are thinking about solution, we should not just think about that, that it has to be transparent. Yes, I understand, but it has to also be agreeable and understandable by the last person. So any technological solution, whether it is EVMs or any other solution that we might come up which is like super hack proof and, and all of that would eventually how the question is that how are we how are we going to explain that this is how it works. I think the last man in India, who's there voting in a village would understand. So, does easy have this thing in mind, do they believe that everyone should agree to such a system. What is your thought. And that that is my question. And that has been one of the key key issue that it has been a top driven process when it and administratively driven process that certain things like ballot papers had certain issues ballot papers were the most transparent. If I'm not wrong, ballot papers, voting through ballot papers have been there since like some hundred BC or something. And, you know, this kind of voting so it has like a 2000 years people are reading on that kind of whatever. But it had certain issues like ballot stuffing, both capturing etc, which came in and at the same time, the, the issue about, it was not just that it was about the managing the whole thing was also becoming a huge exercise in itself the paper, the ballot boxes, all those stuff. The electronic voting machine in a way came out as a administrative solution to me, ideally electronic voting machine should have come as a correctness solution. Whereas, I believe it came to our process as a, as an efficient solution as a speedy solution you know the way is a more simplified solution. That is why it has always been take a decision and then convince the public that it is done and it is also trust based. It is not verifiable. Commission is not saying when the VVPAT was not there, commission was not saying that every voter can verify. No. Commission is saying your district magistrate or the SDM or some of the political party representatives, they are the key stakeholders, it's not the voter. They can verify and they can verify not at the time of voting but they can verify during a pre-voting scenarios mock votes and since they verified you trust them and since the machine has since then been only with the administration and since you trust the process ultimately. So it is a custody chain. It is a trust based process. It was not a verification based or whether you agree with this or not. And that has been, that is also what you call reflective of our administration style and all, which has been a talk to Dr. and we say you do kind of an administration process. But this has caused a bit of big concerns because in every election you will find there will be a lot of people who are convinced that the election has been hacked because there is no way to prove to them that it has not been hacked. I think there was a wonderful paper and it is always said also election is not about finding the winning candidate. It is about convincing the losing candidates. It is about convincing the losing candidates that the person who won the election has won through a fair and free and fair means. That is the whole process. That is where we all agree. It is like a game. There is a referee that we agree to. So this process then becomes a little confusing when we introduce more and more such technology and whether it becomes agreeable or not. A lot of people are now concerned with the blockchain because a lot of people don't understand. And when something as fundamental in a democracy as voting becomes a mystery, when it becomes not an understanding aspect, it becomes incomprehensible for a voter. And that is the only time in Indian democracy where a voter is actually participating in democracy. Every other time he is just a recipient of something. Whether it is a Lathi or it is a Russian rice, but he is a recipient either way. But it is the only time when he actively participates in the democratic process and now that process is also slowly getting out of the comprehension of a person. That definitely needs to be concerned to the election commission. And I am sure these discussions will also help because, see, these questions when I raise are of certain relevance. When the technical experts, you know, you have worked in cybersecurity and all those, when you raise these questions, it has a slightly more acceptability. When a random person is just seeing elections are hacked, it goes to the realm of conspiracy theory. So it depends on the amount of information and justification which you are saying, the same thing. It all could be the same thing. You know, you know, you can hack. Anybody can say that. And then it is just a wild theory. Somebody said, this is how it can be hacked. Then it becomes, oh, yes, that is it. Then you say of the computer theory, etc., this, you know, this is the issue. Okay, then that becomes another level of concern. So we need to guide this discussion into what it is and what it is not. What are the vulnerable points? How it is vulnerable, rather than making it into a wild hack, hogeya type of a theory? Because even if it doesn't change, I think it is not a question of electronic voting machine itself, right? The thing is, if you don't trust the process, then you don't trust the machine or the institution. If you don't trust the institution, then you don't trust elections itself. When you don't trust elections, then it is chaos. You know, then it is anarchy. Then it becomes very difficult to be in the function of democracy. So how to guide these discussions to the process oriented rather than result oriented concerns? That is, I think, more, more important. Nya pe ye jeet gya, ee pe ye evm has been hacked. There, they lost. That is, the evm has not been hacked from there. To say these are the issues with the current process. How do we address it? How do we move forward? Right, so I'll take a couple more questions. One is from Yogesh and he asks that do not count slips. Do they have the serial number of the cancelled vote? What do they mean? What do you mean by cancelled votes? So for example, let's say you say that if a paper doesn't shift the VV path, paper slip does not fall properly, then the machine comes up with another slip that says don't count the vote, right? Yeah, but there are no serial numbers. Okay, it's just a piece of paper that says don't count the vote. Yeah, it's just a piece of paper that says do not count this vote. We have no idea what vote is not to be counted. I don't know who comes up with such a solution. I mean, it could have just put in the serial number, right? No, you can't, right? Because then whenever you're counting, you know who's going to. So VV path has a, the serial number on the VV path slip is not of the vote. It is of the VV path machine, okay? You see that serial number, right? That serial number is not of the vote. That serial number is the serial number of the machine. The session is every time you on it and off, otherwise it is just, you know, just the vote name, serial, you know, the candidate. Absolutely, one is to one mapping happens, right? So the slip that comes after if you do this is just a random slip. Ideally, the scenario in which I think that design would have happened is it gets stuck or something. It does not come. And in that time, along with it itself, the next thing will come along with that only do not count this vote. So it is hanging together, right? Do not count this. But if you are smart enough to stitch it off them after it comes down, then a separate just come down saying that do not count this vote without any attachment to which vote is not to be counted. It is just a random slip that comes out. For me, that was not important. For me, the important thing was that there is a stop of vote flow at VVPAC. You know, it is stopped, it is stored and then it is sent to the control unit. That was actually a little alarming for me. So that violates your recorded as caste assumption. Yeah, yeah, yeah. That brings us back to the exact same question as before. Right. So one more question from Akshir Dinesh and he says, can we get rid of the control unit altogether? That's an interesting question actually. I was also curious to answer that. There are many ways to, these people are saying that in US, you print, you know, so they use the machines to get something printed and then you cast it inside both, then there are other options which are saying that instead of, you know, showing, right now we have a VVPAC. So instead of just it being there and falling down, can we print and give it to in the hand of a voter. So, you know, instead of it going inside that box itself, let it come out and take it out and then put it in a ballot box. That is, and then you can see you also and you can audit it with, you know, this kind of account. And in fact, if you look at VVPAC sheet, it already has an OMR counting enabled kind of a thing. You see that, do you see on the left, right? Those dot, dot, dot kind of things on the serial thing. So that is supposed to be for a OMR enabler, you know, account enabling thing. So it is not that that was not planned for. So if it is taken out and it is given, then the issue is about, his concern is also about this exact thing, verifiability. And verifiability can be ensured through this. Then people would ask, can't then there be the exact same? Somebody can print it from somewhere else, why only from here and then put it inside, you know. So then another set of questions will start coming from there. So another way to look at it is, let the EVM be there, let the control unit be there, let it be recording it as it is right now. But let the VVPAC give the vote printed to the voter so that he can take it out and then passed in a ballot box. So that it becomes both the things are there. The voter, what is there electronically stored in the control unit and also printed paper is stored in the ballot paper and also now with the full verifiability asset. So there are multiple ways. Why I'm slightly hesitating to discuss various options including, you know, blockchain, etc. is that, yes, there definitely has to be. But it cannot be as a governmental recommendation that let it be done. If at all it has to come, it has to be written by somebody as this is my solution. In a peer review journal, it has to be countered, it has to be criticized, you know, across and then we should come to a, okay. Nothing will be a perfect solution. We all understand that nothing will be a perfect solution. But understanding the vulnerabilities and saying that, okay, this is where we need to keep a watch. Okay, here we have issues. Here we will have our administrative and process safeguards because this is a concern for us. That is something we can do other than that. Yeah, otherwise we can all discuss, give so many solutions that a lot of people in every discussion we and we all are innovative people. So we all have our own solutions to them. This is actually something what actually has suggested is actually something that that is being used in many states. And in fact, one of the senior politician in India also suggested the exact thing. Why can't we do this in India? So maybe that is that might be the way that will be going forward. We don't know. It's six o'clock. Yeah, I think it's, it's interesting because. Is it six o'clock. I think it's the zoom setting. It keeps on every hour on the other keeps on reminding, which is very handy actually when you're having a session that you get to know that you have been having this for quite a while. I think the important thing is to realize that quite a bit of the problems that we often get into is also originating in from an anxiety to solve things. There's a solution is a thing that goes on, especially when you're in a room full of technology savvy people. And I think we started off this project with the idea that the solution should arise from a good understanding of the problem space first. What are we trying to address and then try and do proper assessment of available solutions and parts rather than just picking arbitrarily one and then sticking to it. Without allowing a general public consultation. But since we are kind of wrapping up to perhaps what is going to be the end of the session I have a few interesting comments that I noticed on chat that I'm going to pick up. And let's see how that goes and some of them are directed to you come in so you might be actually very interesting. There are two comments from Bijaka. One is obviously that there's a larger discussion around and the long history of critique around the faith place on instrumental systems in the classic liberal conception of I agree with this. I think this has been a driving force in a whole bunch of things. But the question that I found very interesting is slightly up there and I have to since I scroll down. Yeah, there it is. As a visible critic, how long do you think that you'll be resist you'll be able to resist the wrath of a particular state and it's an interesting question in many ways it kind of resonates across a whole bunch of us as participating in conversations so let's hear what how you respond to this. State is not the country I am speaking in my country. So if I don't speak up in my country where do I speak. If I don't feel free in my own country. And I'm not, you know, the whole point of having your own free independent country is that you should be able to speak up your mind. And I just so I'm not bothered there are fars have been arrested detained whatever so that that is that goes. So I have I was the IG presents also at a time, and I was very much looking at being inside of prison also. So, and in fact, even now there are two affairs going on. So but that is okay I think I'm not particularly sorry. No, that's unbelievable. And we didn't know that. No, yeah, so that is that that is what there is of course a consequence. Decisions and who you are. But yeah, the question is whether whether you, you act upon, you know, on consequences or you act upon your conscience. So, I think, I can't speak up in I can't go on. Conscience precedes consequence. It's all about conscience. Yeah, yeah, yeah, so. Yeah, conscience and consciousness. Yeah. So I think that is so are you prepared for what has happened with Professor Anand. Tell to me. See, I think they all might might have also been equally convinced about what they are saying. You know it is not that they were not bothered. It is not that they expected everything to be go the way they wanted it. No, they are raising questions because they believe in what they're saying. And that is all I believe. But things would change, you know, many a time what happens is we try to assess everything from a very narrow historical framework of two years, five years, six years, 10 years, and then try to see our position vis a vis that five 10 years time. That is not if that was the way people about independence we wouldn't have got our independence. That that that is not, you know, there was a there was a whole dandy mark that happened that everyone remembers, but everybody forgets that salt flow was never repeat because of that dandy mark. Right. So, so we remember the struggle. So low was never repeat, which continue, but independence came. So, so, so that is also I think we need to analyze and assess things in a larger time frame. Not to be, you know, I think that's, I think that's, that's a very pertinent way of putting it because there is like I said there is always this anxiety and tension and dynamic tension to be able to address situations at hand. But more often than not situations take their own time and it requires constant presence, participation, and being able to engage effectively so I think I'll ask Suman if there are any other questions that he wants to queue up or else we are going to sort of gently land this down to a close stop the live stream and all of that and do our housekeeping stuff. Suman do you have questions that you wanted to bring up. Right. So one question I personally have had for a while is. So during the designer review phase for before we started the VV pads. Were there any cryptographers that you consulted with or do you think there were, there was this discussion around secure protocol to be used. No, actually I don't know. You know, I remember 2014 elections, there were eight parliamentary constituencies and it's wrong to say parliamentary constituencies eight assembly constituencies within eight, you know, one assembly constituency within eight parliamentary constituencies. So, I mean there are five six in each parliamentary constituency one AC that is the first time there was a newly I remember this pilot being done, but that was all like a design VVPAT had to be introduced. Somebody proposed it in a political party meeting I think it was a committee led by Chandra Babu Naidu or somebody from a few political parties and then election commission agreed to review it and then some came up this technical expert committee by that time and that technical expert committee looked into it came up with a solution, probably with a help of I don't know who and then that's it. We since then we have been doing, doing it with VVPAT so that is another main concern you know this the institutional framework at coming, you know, coming up with solutions that is equally important as a solution because otherwise we get stuck and we get overly defensive about it, you know it's like right now it's difficult to question EVM because for a lot of people EVM is their candidate, it is not the candidate. EVM is the candidate who will defend that, nobody can question EVM. So it becomes very difficult, I asked this question boss this EVM your candidate, it's just a process, try to understand the process ask the question but we become overly defensive about that process assuming that somebody who's questioning EVM is trying to question the existing government or the previous election that kind of that we wouldn't even come here you know that way in 2014 when VVPAT was introduced by that we would have, we should have said that 2009 and 2004 elections with respect to EVM were actually passed you know that is why we came to a VVPAT because it was an introduction to addition to something else which existed right so that should have mean there was something flawed. That is not how progress happens, that is not how improvements happen so this being overly defensive about whatever is today there is also hampering our progress when it comes to election. To not having a proper institutional framework in seeking responses, coming out with solutions, you know, and not even having a, my biggest concern is it's a technological solution, and we don't even have one paper to study and say that this is what it is. And that shows a lot about the trust based processes that we rely on. I don't think that is a sustainable thing, so but I don't know to just cut your answer short that is that I don't know whether any cryptographer was consulted. I think we are going to sort of wrap this one up we had like a whole bunch of questions and I know if we had time and we do have we keep this bridge open, we're going to have a lot of discussions but somehow or the other that we need to sort of space out these conversations, and take time to review the conversations we have had today, and then think through, and then to be able to frame our responses to oncoming issues, as well as existing issues and the I think what you pointed out and then is right that the EVM is a technology and and it represents a set of processes getting fascinated and attached to the EVM and thinking that critique and examination is somehow questioning the sanctity of the EVM is harmful in many ways to democracy and and how we deal with future innovations or introductions and the idea that it needs to have better examination, and far more public consultations is important and that's the key at something we are trying to achieve. I'd like to thank you of course coming for making time today. It's been absolutely fascinating and I've been juggling quite a few message streams just to catch up with questions comments and remarks it's it's it's one of those sessions you know how it happens. I also like to thank Shuman because I think we never kind of were able to figure out how best to approach the topic of EVM and and Shuman provided a very interesting insight that to be able to use a framework of cybersecurity and security, and then have the conversation helps. So it's good that he could make time today. And also those who have been participating on YouTube. There's been a whole bunch of questions, and those who have joined us and zoom. Thank you again. Remember, our call for evidence continues to be open. I think today's session should be able to provide you with as to how we seek responses to it. We are planning to sum up the month long activity that we have done through the month of May, produce a post to do all those who have been following our project so that you get to know where we are how we are going to take this forward. I just posted the link to the telegram channel for Karuna. Should you be interested in having the conversation we can have there. If you have any specific questions, comments, remarks for this session from Karuna, you can obviously leave them at the session page on the Haskell site. And those would be emailed to him and I just once he gets time he'll be able to respond so with that, we're going to close the live stream, thanking all of you again, and see you around a few of us are going to hang back to discuss further stuff off the record of the live stream so if you have time you think you want to hang back, you're more than welcome to do that. So I am leaving. Bye. Thank you so much. Thanks a ton. I mean this was amazing.