Linux-Based E-Voting In Brazil

John Sokol writes "I just heard from a good friend and Linux kernel hacker in Brazil that they have just finished their municipal election with 128 million people using Linux to vote. They voted nationwide for something like 5,000 city mayors. Voting is mandatory in Brazil. The embedded computer they are using once ran VirtuOS (a variant of MS-DOS); it now has its own locally developed, Linux-based distro. These are much nicer, smaller, and cheaper than the systems being deployed here in the US. Here is a Java-required site with a simulated Brazilian voting system. It's very cool; they even show you a picture of the candidate you voted for."

When will we have web based voting

[syousef]

We have web based banking. Why not web based voting?

If anyone thinks I care more about who I vote for than the money in my bank accounts (and my liability for debt) they're disillusional. The politicians are all just different monkeys screeching different things that suit them. In the last election I voted for (mandatory council elections) I didn't know or care about the candidates who'd only shown their faces 2 weeks beforehand. On the ballot I wrote "Fuck them liars all. This form of democrasy a joke". Am I the only one that thinks it's hilarious that we can bank online but not vote online?

Re:When will we have web based voting

[the_one(2)]

that means that the vote isn't anonymous right?

Re:Another slow news day?

[Exanon]

I believe it is of interest due to the US election coming up soon, the use of voting machines with closed source on those machines and the tampering discussion.

Now, of course you could modify a linux machine as well, but with a potential army of hackers the security risks are handled much like the security in Linux: Assuming that for every one hacker that is malicious there is usually one or at least two that spot a problem and bring it to light.

IT is a trap !

[Yvanhoe]

Open sourcing the software changes nothing to the fact that it is impossible to check how the votes are tallied. It just takes two bytes change in the binary to reverse the results of an election. In a world where the task of counting votes can be done by a machine small enough to fit into a smart card, you'll never be sure that the code published is the code running if you don't want to trust the officials organizing the vote.

This is a step back from paper ballots.

Re:IT is a trap !

[arielCo]

That (the issue of trust) is exactly what happened in Venezuela not long ago - besides the government refusing to make the code available for inspection, when the opposition cried foul and insisted in auditing random machines+boxes, the government was adamant about using the random sample generator provided by... ahem... the government. I really won't say that there was a fraud, but trust was seriously undermined from there on.
Please don't ask me for a quotation, this is not Wikipedia. Go Google.

Void Vote

[Tuqui]

You can vote blank or null vote with that machine. That's good, but I really
want to write %#%@%$!! in the ballot sometimes.

Re:Science Fiction!

[Keyper7]

Brazilian cities were able to know the election results in the same day of voting, before midnight. That's pretty damn efficient.

Furthermore, as fas as trusting or not trusting goes, voting with pen and paper is not as perfect as one might think.

Re:Science Fiction!

[bogado]

It has worked? I am not so sure about that, for an election to work it has to be void of frauds and offer some guaranties to the electors, like anonymity. Election are not a simple problem, in fact is a very hard one.

The elections on Brazil seem to work fine, in fact many of the "left" parties (Brazil has many political parties) felt their numbers get better after the electronic voting was installed. But the system, as it is now, gives no warranty on how the votes are counted, you have to trust it is working and has not been tampered and as far as I know the code and designs of the voting machines are not open for review by the population.

I trust that the system work, it has shown consistent numbers with the election day pools and as I said the system has been show to give results that are bad for the current government, that is the one witch could more easily tamper with the election, several times.

In defence of the US

[PinkyDead]

Looking at this here:
http://en.wikipedia.org/wiki/Elections_in_Brazil

About half way down it lists the result of the 2006 election : couple of points on that:
(1) There are a lot of parties (~30)
(2) They have low overall control within the parliament (15% max)
(3) The socialists are on top
E-voting or no, if the socialists were to rig the election (a) it would be obvious that they did it, (b) they would have to go all out to make any kind of difference, (c) they are unlikely to have the corporate influence necessary to pull it off and (d) there isn't much you get for it.

In the US, on the other hand, there is effectively two parties each with ca. 50% of the electorate each, so rigging the election is (a) worthwhile and (b) easy to get away with. On top of that the Republicans are very good friends with the people that make the machines, and finally, you get to be 'leader of the free world' and all your buddies get rich.

Means, motive and opportunity - right there. The interface is the least of their worries.

I'll bite

[Wooky_linuxer]

First, mobile phone cameras, or any other, were forbidden in the ballot - though from my experience this was only enforced in areas where there were a reasonable possibility of people selling votes or being coerced to vote, such as in Rio de Janeiro.

Second, no one said the process was unhackable. It is just much harder to hack than a paper and pen election. It is auditable by anyone with sufficient technical expertise, and that is good enough for mosrt people who care.

And finally, shut up and at least do some research on it before calling others idiots. The voter types a fucking NUMBER, not the candidate's name. A picture appears so even people who can't read can check if they are voting right (I concede tha some elder people do take quite a long time to vote).

Re:Science Fiction!

[marcosdumay]

"I trust that the system work"

I trust it to work better than the old paper one, but the eletronic system is getting less trustworth on every election. The first version of it used a small embbebed system, with no OS, then it changed to a closed OS, then it changed to Linux (ok, better than the closed OS). It's system was entirely (hardware and softwre) verified by several specialists choosed by a transparent process, then comes the closed OS, that can't be verified, and suddenly the transparent process changes to the government just choosing someone from ABIN (brazilian inteligence agency - a known problematic body).

And just to add to the process, when the government finaly agreed to make printers pluggable to the voting machine, and plug some printers randomly, several of them were destroyed and the governemnt refused to count some votes.

Review of the voting machine by a poll worker

[davide+marney]

I work at the polls here in Virginia, and we have an electronic voting machine. Here's my review of the Brazilian device compared to ours:

• No touch screen on the Brazilian box, just a key pad. This is a great feature. Touch screens are not that easy for elderly people to use. They are unfamiliar with the concept, and, worse, tend to lean on the screen for support, causing the mouse pointer to jump all over the place. Simpler would be better, and a keypad is much more universally recognized.
   
• 20 hour battery life on the Brazilian box. Having a battery that can last for the entire voting period means that even in the event of a complete power failure, the vote can go on. A great feature. We have battery back-up on our machines, but they last only 2-3 hours.
   
• The Brazilian box looks much more rugged that our machines. I bet they could take a drop onto the floor. Our machines are not bad for PCs, but there's no way they would survive a fall.
   
• Lower cost. The Brazilian box costs $1000; ours cost $5000. Lower cost means more machines.
   
• I couldn't tell how the ballot is entered on the machine, but it doesn't look like they use a PC Card to load the ballot each time, the ballot is loaded just once, and then voters vote. I've never liked using the card readers; if they get misaligned, you have to swipe the cards "just so". If a swipe fails, the vote has to be voided. If the swipe failure causes a hardware lock, the machine has to be rebooted. If the machine gets rebooted too many times, we have to take it out of circulation. A lot of potential trouble caused by a simple I/O device! Better to be without it.
   
• Neither the Brazilian box nor mine is truly auditable. Ours at least has a paper tally report that gets printed at the end, so one could trace the tally on the flash drives to a tape. But there's no way to do a human recount on either machine. I have some heartburn over this, but with good voter registration controls, there are cross-checks that can be done to lower the security profile considerably. For example, we keep a paper tally of the number of voters, and each hour we cross-check the paper tally against the machines. If the machines show a different headcount than the paper, we investigate immediately. In my experience, the fault has so far always been on the human, paper side (but I'm relatively new at this.)

In any event, I think SL geeks are obvious choices to volunteer to be Officers of Election. We know the vulnerabilities of the technology, and have the necessary attention to detail to appreciate the kinds of auditing checks that need to be done to run a fair and open election.

Re:Science Fiction!

[digitalchinky]

I remember signing on to the electoral roll in Canberra somewhere back in the very early 90's. A few weeks later I received a letter from the commission saying after an investigation I no longer lived where I said I did so they have removed me from their list. I'm thinking I live on a Navy base, I have no hope of being posted anywhere for a few years, so, er, WTF? What investigation?

I wrote back and asked WTF? They replied to the same Canberra address I enrolled with and said you don't live there any longer, you are no longer enrolled to vote, please update your electoral status at your new address. Thank you. Good day, and we are done here. Do not write back to us.

Meh. So I never voted for as long as I lived in Canberra.

A few years later I was posted elsewhere and received yet another letter from Canberra saying I never voted in one of the elections, tut tut tut, and that I would have to choose between a fine ($90 AUD I think) or tick a box that says "I did vote" - I think you can guess which option I chose.

true facts about this system...

[drpaulo]

Some patients of mine work with the elections in Brazil. Being a slashdot guy for a while I am always asking them questions about the voting system. What I have learned: # the code is available in advance for the parties OPEN SOURCE (only not online) # the software/firmware is loaded on the machines in front of the parties # the machine has no open slots for the outside world # it is sealed tamper free with a special seal that solf destroys once openned. # the is a hash code to ensure the validity of the files # only the vote is recorded, there is no way on knowing who voted on who. # the order of the votes on the files is radomly changed every new vote cheers,