Slashdot Mirror
Linux-Based E-Voting In Brazil
John Sokol writes "I just heard from a good friend and Linux kernel hacker in Brazil that they have just finished their municipal election with 128 million people using Linux to vote. They voted nationwide for something like 5,000 city mayors. Voting is mandatory in Brazil. The embedded computer they are using once ran VirtuOS (a variant of MS-DOS); it now has its own locally developed, Linux-based distro. These are much nicer, smaller, and cheaper than the systems being deployed here in the US. Here is a Java-required site with a simulated Brazilian voting system. It's very cool; they even show you a picture of the candidate you voted for."
It's very cool; they even show you a picture of the candidate you voted for.
Wow! Incredible! I never thought something like that would be possible with a computer!
Is like this.
Oh well, I'm sorry that you Americans will have to put up with your Diebold chosen masters in the next election... hope it doesn't turn out too bad for you.
Check out my sci-fi book "Lacuna" at http://goo.gl/MVxX8
"It's very cool; they even show you a picture of the candidate you voted for."
Congrats you voted for this jackass! Goodluck surviving after the tax raise
...is that Carmen Miranda is one of the senatorial candidates! Nice pic, too!
Those are my principles, and if you don't like them... well, I have others.
Now where is the link to the source code and how can I verify that it is the code that was really running on the machines?
slashdot troll = you make a compelling argument I do not like the implications of.
I mean really , Linux getting used for some large public function might have been news back in 1998 , but whats the big deal in 2008? Some stories about some unusual OS's being used in unusual situations , say CP/M still controlling a nuclear reactor , now THAT would be interesting. Linux gets used in voting system? ZZZzzzz......
I don't see any of the problems resolved.
You can still tamper with the system and there is no verifiable audit.
I don't know that the underlying choice of OS was biggest problem (if I were building it, sure I'd choose Linux) - there are more fundamental process issues that are at fault. Namely, that someone could tamper with the election and no one could (dis)prove it.
Genesis 1:32 And God typed
We have web based banking. Why not web based voting?
If anyone thinks I care more about who I vote for than the money in my bank accounts (and my liability for debt) they're disillusional. The politicians are all just different monkeys screeching different things that suit them. In the last election I voted for (mandatory council elections) I didn't know or care about the candidates who'd only shown their faces 2 weeks beforehand. On the ballot I wrote "Fuck them liars all. This form of democrasy a joke". Am I the only one that thinks it's hilarious that we can bank online but not vote online?
These posts express my own personal views, not those of my employer
This is great
I do really miss a paper trail, that is needed in case there are doubts of "fraud", we do not want such doubts, do we ?
How un-American. Oh wait...
You can vote for Carmen Miranda for president!
Hurray for the party of music and fruity hats!
----------------------------------- My Other Sig Is Hilarious -----------------------------------
poooooooooooooo
repetition is the soul of velveeta
Open sourcing the software changes nothing to the fact that it is impossible to check how the votes are tallied. It just takes two bytes change in the binary to reverse the results of an election. In a world where the task of counting votes can be done by a machine small enough to fit into a smart card, you'll never be sure that the code published is the code running if you don't want to trust the officials organizing the vote.
This is a step back from paper ballots.
The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
Hmm, they are still made by Diebold-Procomp, don't have a paper trail, the voting software is closed source and Linux was chosen as a cost saving measure when compared to WindowsCE... Somehow doesn't give me much trust in their accuracy. The simple fact that the software used isn't publicly auditable makes me distrust this sort of things.
Linux rocks.. Soon linux rule the computers http://www.samudhai.com/
Smaller,nicer and cheap != more secure.
I fail to see where this is better security wise than the Diebold boxes. I love linux, I prefer linux (though I mostly use OS X these days) but just because it runs linux, does not make it better.
And web based voting? Seriously? You are just BEGGING for fraud with that.
Derek Greene
Voting in the US using commercially developed machines: Evil! Unreliable! What is the world coming to! US elections unfair! Dictatorship coming soon!
Voting in Brasil using open source el cheapo machines: Profit!! Democratic wonder! Fantastic solution! US could learn from this!
How do you mean, Slashdot is biased..
I don't trust electronic voting, no matter what runs on the machine.
Oh, no, it's just the corona of Diebolds blushing red ears I can spot in the distance.
If you quote this signature there'll be 72 copies of Windows ME waiting for you in Heaven.
You can vote blank or null vote with that machine. That's good, but I really
want to write %#%@%$!! in the ballot sometimes.
As a matter of fact, contrary to what Wikipedia says, the source code *is* available. The Ministério PÃblico (something like the public prosecutor in US), the OAB - Ordem dos Advogados do Brasil, an organ that congregates all lawyers in the country and any of the political parties can have access not only to the source code but to the compilation, digital signing and installation process. They also can run simulations and test the system for security and fraud and request any ballot to be audited. The whole software and data is also available for 2 years after the election. During the election days, representatives of any party can stay at any polling station to be sure that the election is not being rigged in this point. Personally, I think our system is quite secure and would require a major conspiracy involving basically everyone.
Scientia est Potentia
I understand the purpose of a Brazilian, but what does that have to do with voting?
Support SETI@home
Let's start hacking !
Let's make Obama the next president of Brazil ! You know, so he still has a job after november. The democrats are not known for providing well for their ex-es.
Or was the "cost-reduction" going into the CEOs pocket?
Switching to a different OS should be done to improve overall security, not to reduce costs.
No sig today...
lol!
Does anyone things this interface is actually usable. Entering a 5 digit number to select your candidate seems a little difficult if you've got shaky hands from Parkinson's or something. Yet again paper shows it's superiority over the computer interface. You can display a larger area and more information on paper than any computer display (Unless you're the Chinese government running the Olympics.)
It all starts at 0
this guy here:
http://www.brunazo.eng.br/voto-e/indice.htm
has a full site (in Portuguese, but some of the collected texts are in English) about the problems with Brazilian e-voting systems.
Basic criticisms are: there's no real way to audit elections outcome without delivering the contents of the votes. His claim is that a simple paper trail would be enough, but the Brazilian electoral committee (TSE) refuses to do so for cost reasons and has successfully lobbied congress for many years into keeping this out electoral laws.
The hardware apparently doesn't include a printer, so there's no paper ballot. And the voting software itself isn't open. The fact that the underlying OS is Linux is almost irrelevant.
. No voter-verifiable receipt
. No code auditing by the general public (only by the political parties, which is a small step-up from the U.S.)
. Process flow problems allowing voter fraud or deception.
. Recounts not possible.
. Vote-stealing possible by poll-workers.
Diebold is a vendor in this system. Interesting that having the opportunity for a complete system rewrite (moving to Linux) didn't eliminate the same design flaws inherent in their other systems.
Diebold may make apparently fine ATMs, but voting is a different beast, requiring different thinking.
Looking at this here:
http://en.wikipedia.org/wiki/Elections_in_Brazil
About half way down it lists the result of the 2006 election : couple of points on that:
(1) There are a lot of parties (~30)
(2) They have low overall control within the parliament (15% max)
(3) The socialists are on top
E-voting or no, if the socialists were to rig the election (a) it would be obvious that they did it, (b) they would have to go all out to make any kind of difference, (c) they are unlikely to have the corporate influence necessary to pull it off and (d) there isn't much you get for it.
In the US, on the other hand, there is effectively two parties each with ca. 50% of the electorate each, so rigging the election is (a) worthwhile and (b) easy to get away with. On top of that the Republicans are very good friends with the people that make the machines, and finally, you get to be 'leader of the free world' and all your buddies get rich.
Means, motive and opportunity - right there. The interface is the least of their worries.
Genesis 1:32 And God typed
Only criminals won't vote... or something.
Anyone else see the insane paradox of mandatory voting ?
I want to delete my account but Slashdot doesn't allow it.
Running a fair election is not a simple problem. To make sure the voter is legitimate, we must be able to prove their identity. But when it comes to actually casting the vote, we must not be able to know how they voted.
One solution to this dilemma is to require people to physically show up and prove who they are, and then have them cast a secret ballot while they are sequestered in the same room where they proved their identity.
The reason online banking works is because your transactions never need to be done in secret, just in private. Totally different situation.
"We receive as friendly that which agrees with, we resist with dislike that which opposes us" - Faraday
I'm changing my name to Fukker and I'll enjoy a long and profitable political career. And then my children too. Just imagine:
That Fukker in Congress!
When kids come by: Those Fukkers in Congress, what are they doing!?
Voting: I guess we have to vote for one of those Fukkers.
Campaigning: Get Fukked! Vote Fuckker!
The name recognition would be incredible!
First, mobile phone cameras, or any other, were forbidden in the ballot - though from my experience this was only enforced in areas where there were a reasonable possibility of people selling votes or being coerced to vote, such as in Rio de Janeiro.
Second, no one said the process was unhackable. It is just much harder to hack than a paper and pen election. It is auditable by anyone with sufficient technical expertise, and that is good enough for mosrt people who care.
And finally, shut up and at least do some research on it before calling others idiots. The voter types a fucking NUMBER, not the candidate's name. A picture appears so even people who can't read can check if they are voting right (I concede tha some elder people do take quite a long time to vote).
Where is that guy who'd die defending what I had to say when I need him?
You can get more info on: http://en.wikipedia.org/wiki/Elections_in_Brazil
These machines are being used since 1996!
Please, tell me how paper ballots can be more effective! Election manipulation and fraud weren't invented for electronic voting machines. Election fraud is a very old topic... It happened many times before in different countries with the super safer paper based ballot !
Why people think counting paper votes is safer ??? After 10 years using these machines, nobody ever claimed any problems them.
I now some people that worked with these machines and it is not as simple as changing few bytes in their memory... you need crypto keys, at least 3 or 4 of them to do something useful with the machine. The machine can be checked before being delivered to the voting place and checked again during the counting process... the generated files are also encrypted with strong keys... not a piece of cake to hack with a lipstrick and chewing gum (unless you are McGiver). Just try before posting.
Besides that, each machine has an identification number. The total number of votes can be checked in the central office... people sign before voting... so what's the big problem ?
The voting site is guarded by police or army officers... each site has a responsible judge + parties representatives...
Do you really think it is easy to overcome all these barriers ?
This is the great brazilian proud, after Pele. This proudness is very ridicule here, where censorship on the internet, TV, radio, newspaper, were the main issue, but only few cared about. Just explainging: no public media could show candidate preference. A newspaper declaring support to a candidate here is impossible, contrary to the US. Only Electoral Justice authorized propaganda was allowed.
But, on the voting machine, as some have pointed out, the system is not 100% trustable. Personally, as an embedded system specialist, I agree with that.
I work at the polls here in Virginia, and we have an electronic voting machine. Here's my review of the Brazilian device compared to ours:
In any event, I think SL geeks are obvious choices to volunteer to be Officers of Election. We know the vulnerabilities of the technology, and have the necessary attention to detail to appreciate the kinds of auditing checks that need to be done to run a fair and open election.
"We receive as friendly that which agrees with, we resist with dislike that which opposes us" - Faraday
Some people who work during the elections are volunteers. while others are drafted by the Superior Electoral Tribunal. You can still not go there and do your job as long as you have a strong justification (like not being in the city you vote on the day of election). There is no voting 'in transit' i.e. voting in another city, or in any other 'electoral college' besides your own.
As a compensation, you get a 'lunch ticket' and a letter which entitles you a 1-day off so you can compensate your day working on the Sunday election (just give the letter to your employer, he cannot refuse you the day off, it's part of the electoral law)
By 5:00 PM, no one else can vote. If there is a line, people are given numbers ad only those with numbers in line can cast their votes.
once the last voters finish, the voting system is set to 'closed', meaning no more votes can be computed. at least three paper trails are generated, for three of the people in charge of the voting table. Any one can go there and ask for an extra paper trail, such as me and you. usually, a few people ask for additional paper trails on behalf of their own parties. You can check the paper trail gainst the voters registered for that college, to see if there are any irregularities.
Potentially, a parallel vote counting can be set up, completely contolled by the population, just using the paper trails generated at the end of the election.
The president of the table then takes the machine to the Electoral Tribunal and there they pick up the internal data and do the vote counting.
IMO it's reasonably resistent to tampering, and allow for parallel counting, which makes it resistent to frauds. Yeah, being open source would help for sure, and setting up a country-wide parallel vote counting would be very hard, but it is possible.
I believe the U.S. should just license our technology and be happy with it ;-)
That's not your first e-voting.
That's the second time i worked in the elections, and i must say that since the elections became electronic, we never have problems with scandals or doubts of the results.
Erevybody forgets to say that befero the elections the polling machine prints the name of every candidate and the number of votes they have, in this case zero.
At the end of the election, the machine prints beteween 5 and 10 lists of results. It depends on how many parties representatives wants copies.
I and the others working with me had to sign every copie that the machine prints.
So you still have some "paper insurance".
Well, its not a perfect system, for sure it can be hacked, but so can the ballot system.
Ballots can be faked as well.
I really can't understand why people still have this felling that the paper system is much more secure.....face it, if a goverment really want to fake an election, the system dont matter...it will.
No paper trail to allow audits. No source code available (that I know off, at least). No guarantee that the binaries loaded on the machines were built from the source inspectors looked (?) at.
It would be nice if people held this at the same "bashing level" anything from Diebold is held; because, really, it's not that different, the way I see it.
Cheers
PS: not implying that was any fraud here, it seems like there wasn't. I'm just said that the current machinery do not allow you to prove it by auditing the results :(
you put votes in, out comes sausage. how does the machine turn votes into sausage? i don't know, i can't look inside, its not transparent
voters in the poorest nation in the world, and voters in the richest, should all use paper ballots. end of debate
because its TRANSPARENT
it does a rich society no benefit to advance beyond transparency, and any, ANY electronic voting machine does exactly that. the rich country can use ocr for quicker tallying
what is the reason for electronic voting? what is saved? the nes media can announce the winner faster? that's more important to then the integrity of the voting process?
electronic voting, including traditional mechanical voting machines, are more ripe for abuse. not because you can't do dirty tricks with paper ballots, but because electronic voting (and to a lesser degree tradtional mechanical voting machines) increases the number of attack vectors by an order of magnitude, and increases the damage a lone operative can do, exponentially
sure a guy can dump all of the paper ballots from a precinct in the river. he can stuff the box with fake ballots. how much damage is this guy doing? and who can see him do this?
compare that to one... ONE guy who can hack into a machine or database and instantly change votes for an entire country, across the board, in mere milliseconds. he can even introduce algorithms to make statistical analysis of the votes "safe", so as to raise no red flags
make a list of what you consider the greatest threat to democracy
whatever is on your list: nope, wrong
it's electronic voting. electronic voting removes transparency and introduces distrust into the voting process. electronic voting will prove to be the biggest mistake and the greatest threat to democracy, ever
democracy's greatest strength is that it creates legitimacy, no other form of government renews legitimacy in the eyes of its people. it gives the people a real voice in their own government. remove that trust with black box voting, make the process lose integrity of the eyes of the common people, and you remove legitimacy and stability and faith in the government. lose that, and you lose everything
democracies of the world, please: paper ballots. there is no way to improve the process with electronic voting that does not also undermine its integrity. its a black box. it can do nothing except remove transparency
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
As a good Brazilian, I don't trust our government and our politicians at all. Some weeks ago, the people that design the voting system published some comments in a technology blog saying the system is unsafe and anyone could boot it using an external device. And I won't even argue about the unavaiable source code.
If you can boot the voting machine with another system, where's the security? Even if there's a low probability that someone uses an external device and installs some trojan app... well, there's a risk. And I miss the paper, where I could write everything I wanted about the politicians and the mandatory voting system. Now the most that I can do is type 99999999, ok, ok.
And it will get worse. Last week, I saw some of the Elections big guys saying that in 2016 we'll have a biometric checking in every voting machine. Without the source code, how can I know some dirty goverment agency, hidden in some obscure basement, will not have an excel spreadsheet with 'name - vote'??? 1984 is getting closer, I thought. And nobody here seems to care.
Any life is made up of a single moment, the moment in which a man finds out, once and for all, who he is.
Some patients of mine work with the elections in Brazil. Being a slashdot guy for a while I am always asking them questions about the voting system. What I have learned: # the code is available in advance for the parties OPEN SOURCE (only not online) # the software/firmware is loaded on the machines in front of the parties # the machine has no open slots for the outside world # it is sealed tamper free with a special seal that solf destroys once openned. # the is a hash code to ensure the validity of the files # only the vote is recorded, there is no way on knowing who voted on who. # the order of the votes on the files is radomly changed every new vote cheers,
I remember waiting in line for about an hour or two in every (paper based) election. Last Sunday I spent five minutes (the whole process). Honestly, since vote is mandatory, I really don't care if my vote will be tampered or not. Try to spend an hour in a line inside a dirty building that has no air conditioning with people you don't know...
If they rigged the elections, they did it to guarantee that their candidates (and themselves, in case of incumbency) lost ?? Because that happened in, like, 60% of the cities?
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
still could be done a whole lot better.
Better *for whom*?
The people who need to validate the result of an election, or the people who need to manipulate the result?
Deleted
Have any of you run across this:
http://www.openvotingconsortium.org/home
Seems to be pretty practical, open and secure. I think they are using it in California this year.
Brazil has those (as many other democratic countries) three powers: Executive, Legislature and Judiciary. But for Elections, there's a fourth one, called "Electoral Justice". They control the elections around here and this entity has no relationship with any parties or the current government, or any of the other entities.
That's why we trust on our electoral system.
More info:
http://en.wikipedia.org/wiki/Supreme_Electoral_Court_(Brazil)
http://www.v-brazil.com/government/judiciary-branch/electoral-justice.html
** Official website (history of elections): http://www.tse.gov.br/internet/ingles/historia_eleicoes/je.htm
** Official website (the begining): http://www.tse.gov.br/internet/ingles/historia_eleicoes/criacao_JE.htm
** in english
PS: No time to create an account...
You know what? Let's try it. I mean, how many people would have to be intimidated for you to swing the vote? That's a lot of home invasions.
Paper receipts are not provided in order to discourage vote buying ("See, I voted for your candidate, now pay me!")
The key codes are especially easy for party voting. You can simply enter in the 2 digit party prefix and know that your candidate will be selected.
It is fast - after witnessing elections in both countries, AZ's paper/scanner system is bottlenecked by the registration process. Brazil's local polls move quick!
Oh - and while voting is mandatory, Brazilians living abroad can be excused for missing elections, but if they fail to vote or provide an excuse, they can lose their social security benefits.
In case anyone wants to see how do we vote on these machines, here's a link to a voting simulation.
Just choose any of the fake candidates on the bottom and enter their number; press the green button to confirm, orange to correct, or white for a blank vote. For a null vote, enter any number not associated with any candidate.
As I was reading some of the comments about electronic voting, several thoughts come to mind.
- If your going to store them/transfer them through some physical means (memory cards), use a public/private key system, which only a select top of the company in charge have the private key.
or
- Just use a web based system, login with your demographics.. social, birthdate.. same thing banks ask you. Youll be able to vote, or see your current/past votes.. and dispute it (just incase someone somehow voted in your name)
Secure web based interfaces have been done to death, voting needs to get with the program!
Now let me explain why. While this is based on linux that is unimportant. What's more important is that the sourcecode is available. However anyone who's tried to read another persons' source or noted that, even if you read it you have to guarantee that what you read is what was compiled, and what was compiled is what you read.
In one of the best Turing award lectures the recipient demonstrates how one can take clean code, run it through a corrupt compiler and end up with code that behaves differently.
My point, these aren't safe. Despite what has been said about fingerprints and voter controls they have not overridden the basic fact that these machines provide no means to audit their behavior that is independent of the machine itself. Thus if the machine is corrupt so is the result pluralities notwithstanding.
With respect to those posters who note with glee the multi-party system I would point out that individual races, say a state governor or parliment race, can be and have been subject to corruption in other locales. As such reliance on the sniff test of the outcome is no assurance of overall correctness.
The bottom lin is that without that auditing the niftyness of linux (also the basis of the AccuPoll system in Texas) versus QNX (basis of ES&S systems ) versus Windows CE is meaningless.
now that's a huge-ass municipality
The electoral system is going to have it. Probably in the next election, every voting maching will have a fingerprint reader.
Related to this, is the National Vehicle Identification System. Cars is going to be required to have RFID. There will be antennas everywhere.
Also, in SP state, people can have one of their national ID in the receipt when buying something. The state government says that X% of the ICMS tax (a sales tax) will be rebated in the car year tax. Adoption if this nationwide is a matter of time.
"Speaking cameras" are coming too.
Brazil is the biggest experiment of citizen surveillance in the world. Big Brother is testing his systems here.
I was a poll worker in the elections and the bigger problem I saw was that the people who were working in the election could vote for absent people and it would only be detected when the list of voting people was checked against people who justified absence elsewhere. The documentation could then be checked and the fraud, investigated.
But there are much easier kinds of fraud that people could get away with, these days, be the elections based on computers or on paper. You just put a gun to someone's head, tell him/her to go vote with a cell phone and film who he/she is voting for. You get the cell phone later and don't kill the voter if he did it right.
(in this last election, voters had to turn their cell phones off before voting, but there was no way of GUARANTEEING that)
Yes I know this is off topic, but I had to check out the tag line on this one.
"I'm making a Low Budget HDV Filipino Horror Movie in NYC [bangamovie.com]"
Interesting, I don't know about your special effects they could be better, but the girl is just beautiful.
http://www.videotechnology.com/ is my site.
I am always doing that which I can not do, in order that I may learn how to do it. - Pablo Picasso
A renowned brazilian computer science professor has posted in his blog (sorry, it is in Portuguese) an in interview with a security consultant hired to assess the voting machines: http://smeira.blog.terra.com.br/2008/09/08/eleicoes-tse-esconde-a-verdade-sobre-as-urnas/ His results are pretty scary, but what is even more scary is what the government has decided to do in response (google translated): "But the fact is that the partial reports indicate so many vulnerabilities in the system, ranging from Generation of Media to writing data to floppy disk, the TSE (brazilian government agency) has decided to: 1) keep the reports secret to completely prevent voters to know that the Brazilian system has vulnerabilities , 2) prevent the penetration tests requested in 2006 by political parties, 3) abandon the current project for electronic ballot boxes after the elections of 2008, 4) to extend the contract with FACTA/CenPRA to try to develop a new project of electronic ballot boxes more reliable for the elections of 2010 and 5) to misinform the voters, in public denying the existence of security holes, saying that tests of penetration will be allowed in 2008." The following website gives more details learn more about the penetration tests performed on the voting machines (again, in Portuguese): http://www.brunazo.eng.br/voto-e/textos/penetracao1.htm
Joana M. F. da Trindade http://joanadatrindade.wikidot.com
You can never know what code is in place on the voting machine,the accumulator machine, or at any point on the chain. This is a false sense of security, this notion that open source will solve the problem. The code posted for you to read is not necessarily the same code on the machines.
Even if the system is pure and shiny, NEXT time someone will slip in the alterations when no one cares to look anymore. A computer based system exists to cheat.
This is a solution to a non-existent problem. Canada does it right - manually.They finish their elections in three hours, by hand count. Florida in 2000 was slow because the Repubs were told to slow it down to a crawl by challenging every damn ballot during the hand count to create the perception that hand counts were impossible. We watched them do it, live on camera for godssake.
Your link is wrong, here's the new link:
http://www.tse.gov.br/internet/eleicoes/urna_eletronica/simulacao_votacao/2008/SimUrnaBR.html
Just because you don't know about it, it doesn't mean there is not audition.
As someone said, there are over 30 parties, and they all want to be sure that no vote is stolen from them.
I'm pretty sure that even if the population can't audit it, they can, and _do_ it.
Also, since there are so many candidates, parties and election polls (before the voting), stealing enough votes to make you win would sound way too obvious.
And, during the day of the voting, members of the parties can go and audit the whole process.
demands recounts.
The only thing new in this world is the history that you don't know.[Harry Truman]