Friday, the Supreme Court refused to hear a petition that asked the Election Commission of India (ECI) to conduct an independent audit of the source code of electronic voting machines (EVMs) and to make the report public.
A bench presided over by the Chief Justice of India, D. Y. Chandrachud, stated that “currently, the petitioner has not placed any actionable evidence in the court’s record to indicate that the EC is actually in violation of its constitutional mandate” to conduct elections.
The CJI also stated orally that releasing such sensitive information would pose a security danger. “It shouldn’t be in the public domain because as soon as it is in the public domain, there is a risk that it will be misappropriated,” he said.
The petitioner stated that he had previously filed a PIL before the 2019 general elections, and the Supreme Court, in an order dated April 8, 2019, ruled that it was not possible to examine the issues raised in the PIL due to the announcement of the general elections. Subsequently, he stated that he filed a second PIL, in which the Supreme Court, by order dated February 24, 2020, allowed him to make a representation to the ECI. Even though he followed up on the representation, he is still unaware of what steps have been taken, he claimed.
The bench, which also included Justices J B Pardiwala and Manoj Misra, denied the petition, stating that “the Election Commission of India is constitutionally vested with supervision and control over the conduct of elections.” Presently, the petitioner has not submitted any evidence to the court indicating that the Election Commission is in violation of its constitutional mandate.
The order continued, “Ultimately, the manner in which the source code should be audited and whether the audit should be placed in the public domain bears on sensitive issues pertinent to the integrity of the elections conducted under the Election Commission’s supervision. We are not inclined to issue the petitioner’s requested court order on such a matter of public policy. There is no evidence before this court at this time that indicates the EC is not fulfilling its mandate adequately.”
Initially, the petitioner’s attorney stated that the EC has not followed any particular standard and has not disclosed any standards. For an audit to be meaningful, it must adhere to a recognised standard, he said, adding that the EVM system’s source code is its brain.
The counsel stated, “We are voting on an EVM system whose source code has not been audited.”
The CJI then inquired, “Why should we request ECI to conduct an audit of electronic voting machines?” What evidence do we have to dispute it? You must produce evidence before us that casts doubt on the EVMs’ source code…”
The CJI also noted that “every time we release a new application in SC on our website, a security audit must be conducted. If I notify my registrar that I want to release this next week, they will inform me it is impossible because a security audit must be conducted. These are standard guidelines that are followed not only by the government but also by other authorities… Rest assured that nothing will occur.
The council stated, “In international practice, they are available in the public domain; however, there is no formal audit report available in the public domain in India.”
The CJI then referenced the possibility of infiltration if such information is made public.
Before dismissing the appeal, the CJI stated, “When we conduct security audits of, for instance, e-filing software or when we allow electronic passes, you know who will be able to hack it if I start releasing the source code to the public.”
The order also stated that counsel argued that the hash function signature would be available and should be posted in the public domain if the source code had been audited.