Slashdot Mirror
Linux-Based E-Voting In Brazil
John Sokol writes "I just heard from a good friend and Linux kernel hacker in Brazil that they have just finished their municipal election with 128 million people using Linux to vote. They voted nationwide for something like 5,000 city mayors. Voting is mandatory in Brazil. The embedded computer they are using once ran VirtuOS (a variant of MS-DOS); it now has its own locally developed, Linux-based distro. These are much nicer, smaller, and cheaper than the systems being deployed here in the US. Here is a Java-required site with a simulated Brazilian voting system. It's very cool; they even show you a picture of the candidate you voted for."
Actually, in Estonia, there has been web-based elections a year ago. The national ID card has PKI certificates in it and this cryptographically makes it safe. There's more information on the net, ie
http://en.wikipedia.org/wiki/Electronic_voting_in_Estonia
Now where is the link to the source code and how can I verify that it is the code that was really running on the machines?
As a matter of fact, contrary to what Wikipedia says, the source code *is* available. The Ministério PÃblico (something like the public prosecutor in US), the OAB - Ordem dos Advogados do Brasil, an organ that congregates all lawyers in the country and any of the political parties can have access not only to the source code but to the compilation, digital signing and installation process. They also can run simulations and test the system for security and fraud and request any ballot to be audited. The whole software and data is also available for 2 years after the election. During the election days, representatives of any party can stay at any polling station to be sure that the election is not being rigged in this point. Personally, I think our system is quite secure and would require a major conspiracy involving basically everyone.
Scientia est Potentia
Some people who work during the elections are volunteers. while others are drafted by the Superior Electoral Tribunal. You can still not go there and do your job as long as you have a strong justification (like not being in the city you vote on the day of election). There is no voting 'in transit' i.e. voting in another city, or in any other 'electoral college' besides your own.
As a compensation, you get a 'lunch ticket' and a letter which entitles you a 1-day off so you can compensate your day working on the Sunday election (just give the letter to your employer, he cannot refuse you the day off, it's part of the electoral law)
By 5:00 PM, no one else can vote. If there is a line, people are given numbers ad only those with numbers in line can cast their votes.
once the last voters finish, the voting system is set to 'closed', meaning no more votes can be computed. at least three paper trails are generated, for three of the people in charge of the voting table. Any one can go there and ask for an extra paper trail, such as me and you. usually, a few people ask for additional paper trails on behalf of their own parties. You can check the paper trail gainst the voters registered for that college, to see if there are any irregularities.
Potentially, a parallel vote counting can be set up, completely contolled by the population, just using the paper trails generated at the end of the election.
The president of the table then takes the machine to the Electoral Tribunal and there they pick up the internal data and do the vote counting.
IMO it's reasonably resistent to tampering, and allow for parallel counting, which makes it resistent to frauds. Yeah, being open source would help for sure, and setting up a country-wide parallel vote counting would be very hard, but it is possible.
I believe the U.S. should just license our technology and be happy with it ;-)
Totally different from the rest of the world.
Actually, it's pretty similar to the rest of the world. Voters are mostly uninformed on the issues and uninterested in getting informed.