Slashdot Mirror
Linux-Based E-Voting In Brazil
John Sokol writes "I just heard from a good friend and Linux kernel hacker in Brazil that they have just finished their municipal election with 128 million people using Linux to vote. They voted nationwide for something like 5,000 city mayors. Voting is mandatory in Brazil. The embedded computer they are using once ran VirtuOS (a variant of MS-DOS); it now has its own locally developed, Linux-based distro. These are much nicer, smaller, and cheaper than the systems being deployed here in the US. Here is a Java-required site with a simulated Brazilian voting system. It's very cool; they even show you a picture of the candidate you voted for."
It's very cool; they even show you a picture of the candidate you voted for.
Wow! Incredible! I never thought something like that would be possible with a computer!
Is like this.
Oh well, I'm sorry that you Americans will have to put up with your Diebold chosen masters in the next election... hope it doesn't turn out too bad for you.
From the wiki:
In 2004, Diebold-Procomp decided to migrate to Linux as a cost reduction measure.
...is that Carmen Miranda is one of the senatorial candidates! Nice pic, too!
Those are my principles, and if you don't like them... well, I have others.
Now where is the link to the source code and how can I verify that it is the code that was really running on the machines?
slashdot troll = you make a compelling argument I do not like the implications of.
I mean really , Linux getting used for some large public function might have been news back in 1998 , but whats the big deal in 2008? Some stories about some unusual OS's being used in unusual situations , say CP/M still controlling a nuclear reactor , now THAT would be interesting. Linux gets used in voting system? ZZZzzzz......
I don't see any of the problems resolved.
You can still tamper with the system and there is no verifiable audit.
I don't know that the underlying choice of OS was biggest problem (if I were building it, sure I'd choose Linux) - there are more fundamental process issues that are at fault. Namely, that someone could tamper with the election and no one could (dis)prove it.
Genesis 1:32 And God typed
We have web based banking. Why not web based voting?
If anyone thinks I care more about who I vote for than the money in my bank accounts (and my liability for debt) they're disillusional. The politicians are all just different monkeys screeching different things that suit them. In the last election I voted for (mandatory council elections) I didn't know or care about the candidates who'd only shown their faces 2 weeks beforehand. On the ballot I wrote "Fuck them liars all. This form of democrasy a joke". Am I the only one that thinks it's hilarious that we can bank online but not vote online?
These posts express my own personal views, not those of my employer
This is great
I do really miss a paper trail, that is needed in case there are doubts of "fraud", we do not want such doubts, do we ?
Crappy software running on linux is just as easy to rig...
the problem with Diebold is political not technical
93rd rule of Slashdot: No matter how obvious my sarcasm is, my comment will be taken seriously by someone.
How un-American. Oh wait...
Sorry, but mostly machines are built by Diebold who bought Procomp in Brazil.
http://en.wikipedia.org/wiki/Premier_Election_Solutions
http://www.samurai.com.br/urnaeletronica/ue2004/view
You can vote for Carmen Miranda for president!
Hurray for the party of music and fruity hats!
----------------------------------- My Other Sig Is Hilarious -----------------------------------
Open sourcing the software changes nothing to the fact that it is impossible to check how the votes are tallied. It just takes two bytes change in the binary to reverse the results of an election. In a world where the task of counting votes can be done by a machine small enough to fit into a smart card, you'll never be sure that the code published is the code running if you don't want to trust the officials organizing the vote.
This is a step back from paper ballots.
The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
Hmm, they are still made by Diebold-Procomp, don't have a paper trail, the voting software is closed source and Linux was chosen as a cost saving measure when compared to WindowsCE... Somehow doesn't give me much trust in their accuracy. The simple fact that the software used isn't publicly auditable makes me distrust this sort of things.
Smaller,nicer and cheap != more secure.
I fail to see where this is better security wise than the Diebold boxes. I love linux, I prefer linux (though I mostly use OS X these days) but just because it runs linux, does not make it better.
And web based voting? Seriously? You are just BEGGING for fraud with that.
Derek Greene
Voting in the US using commercially developed machines: Evil! Unreliable! What is the world coming to! US elections unfair! Dictatorship coming soon!
Voting in Brasil using open source el cheapo machines: Profit!! Democratic wonder! Fantastic solution! US could learn from this!
How do you mean, Slashdot is biased..
I don't trust electronic voting, no matter what runs on the machine.
Oh, no, it's just the corona of Diebolds blushing red ears I can spot in the distance.
If you quote this signature there'll be 72 copies of Windows ME waiting for you in Heaven.
You can vote blank or null vote with that machine. That's good, but I really
want to write %#%@%$!! in the ballot sometimes.
not quite. there is one less layer of crappy software in a linux OS/diebold voting software vs windows OS/diebold voting software.
For every layer of crude and useless software you remove from a computer the greater the security will be. Next up replace diebold software with the mostly open source version from Australia, or Brazil. Software that could be vetting by every security specialist around the country faster than diebold can do a single release.
i thought once I was found, but it was only a dream.
Sorry, but the machines in brazil are also made by Diebold. :-P The article on the "press observatory" shows the design and specifications of the ballots. The article is in potuguese, but it should be translatable.
[]'s Victor Bogado da Silva Lins
^[:wq
Or was the "cost-reduction" going into the CEOs pocket?
Switching to a different OS should be done to improve overall security, not to reduce costs.
No sig today...
Does anyone things this interface is actually usable. Entering a 5 digit number to select your candidate seems a little difficult if you've got shaky hands from Parkinson's or something. Yet again paper shows it's superiority over the computer interface. You can display a larger area and more information on paper than any computer display (Unless you're the Chinese government running the Olympics.)
It all starts at 0
this guy here:
http://www.brunazo.eng.br/voto-e/indice.htm
has a full site (in Portuguese, but some of the collected texts are in English) about the problems with Brazilian e-voting systems.
Basic criticisms are: there's no real way to audit elections outcome without delivering the contents of the votes. His claim is that a simple paper trail would be enough, but the Brazilian electoral committee (TSE) refuses to do so for cost reasons and has successfully lobbied congress for many years into keeping this out electoral laws.
The hardware apparently doesn't include a printer, so there's no paper ballot. And the voting software itself isn't open. The fact that the underlying OS is Linux is almost irrelevant.
. No voter-verifiable receipt
. No code auditing by the general public (only by the political parties, which is a small step-up from the U.S.)
. Process flow problems allowing voter fraud or deception.
. Recounts not possible.
. Vote-stealing possible by poll-workers.
Diebold is a vendor in this system. Interesting that having the opportunity for a complete system rewrite (moving to Linux) didn't eliminate the same design flaws inherent in their other systems.
Diebold may make apparently fine ATMs, but voting is a different beast, requiring different thinking.
The source is available to lawyers or two years after the election? How this makes anyone secure? The source must be available BEFORE the election, for all population, also all the designs of the machines and also the procedures. Everything must be open for examination, otherwise it is not secure.
I do trust the system, because historically it has shown to be able to elect people from the opposition, like Lula, but this is now. The fact that everything is closed is an opportunity for fraud and it should be fixed.
[]'s Victor Bogado da Silva Lins
^[:wq
Maybe I wasn't clear but the source code is available to the Ministerio Publico (judiciary), OAB (lawyers) and all political parties *before* and *after* the elections. They also supervise the compilation and digital signing process to be sure that the final binary came from the source they audited.
The hardware is there for quite some time and, IIRC, is audited independently by the same interested parties and universities.
Scientia est Potentia
Looking at this here:
http://en.wikipedia.org/wiki/Elections_in_Brazil
About half way down it lists the result of the 2006 election : couple of points on that:
(1) There are a lot of parties (~30)
(2) They have low overall control within the parliament (15% max)
(3) The socialists are on top
E-voting or no, if the socialists were to rig the election (a) it would be obvious that they did it, (b) they would have to go all out to make any kind of difference, (c) they are unlikely to have the corporate influence necessary to pull it off and (d) there isn't much you get for it.
In the US, on the other hand, there is effectively two parties each with ca. 50% of the electorate each, so rigging the election is (a) worthwhile and (b) easy to get away with. On top of that the Republicans are very good friends with the people that make the machines, and finally, you get to be 'leader of the free world' and all your buddies get rich.
Means, motive and opportunity - right there. The interface is the least of their worries.
Genesis 1:32 And God typed
Only criminals won't vote... or something.
Anyone else see the insane paradox of mandatory voting ?
I want to delete my account but Slashdot doesn't allow it.
Running a fair election is not a simple problem. To make sure the voter is legitimate, we must be able to prove their identity. But when it comes to actually casting the vote, we must not be able to know how they voted.
One solution to this dilemma is to require people to physically show up and prove who they are, and then have them cast a secret ballot while they are sequestered in the same room where they proved their identity.
The reason online banking works is because your transactions never need to be done in secret, just in private. Totally different situation.
"We receive as friendly that which agrees with, we resist with dislike that which opposes us" - Faraday
First, mobile phone cameras, or any other, were forbidden in the ballot - though from my experience this was only enforced in areas where there were a reasonable possibility of people selling votes or being coerced to vote, such as in Rio de Janeiro.
Second, no one said the process was unhackable. It is just much harder to hack than a paper and pen election. It is auditable by anyone with sufficient technical expertise, and that is good enough for mosrt people who care.
And finally, shut up and at least do some research on it before calling others idiots. The voter types a fucking NUMBER, not the candidate's name. A picture appears so even people who can't read can check if they are voting right (I concede tha some elder people do take quite a long time to vote).
Where is that guy who'd die defending what I had to say when I need him?
I work at the polls here in Virginia, and we have an electronic voting machine. Here's my review of the Brazilian device compared to ours:
In any event, I think SL geeks are obvious choices to volunteer to be Officers of Election. We know the vulnerabilities of the technology, and have the necessary attention to detail to appreciate the kinds of auditing checks that need to be done to run a fair and open election.
"We receive as friendly that which agrees with, we resist with dislike that which opposes us" - Faraday
All the IP is owned by the Brazilian Government. Diebold is just the assembler with the lowest price.
Not that it makes the machine secure, it is just slightly better than the US situation.
Rethinking email
Some people who work during the elections are volunteers. while others are drafted by the Superior Electoral Tribunal. You can still not go there and do your job as long as you have a strong justification (like not being in the city you vote on the day of election). There is no voting 'in transit' i.e. voting in another city, or in any other 'electoral college' besides your own.
As a compensation, you get a 'lunch ticket' and a letter which entitles you a 1-day off so you can compensate your day working on the Sunday election (just give the letter to your employer, he cannot refuse you the day off, it's part of the electoral law)
By 5:00 PM, no one else can vote. If there is a line, people are given numbers ad only those with numbers in line can cast their votes.
once the last voters finish, the voting system is set to 'closed', meaning no more votes can be computed. at least three paper trails are generated, for three of the people in charge of the voting table. Any one can go there and ask for an extra paper trail, such as me and you. usually, a few people ask for additional paper trails on behalf of their own parties. You can check the paper trail gainst the voters registered for that college, to see if there are any irregularities.
Potentially, a parallel vote counting can be set up, completely contolled by the population, just using the paper trails generated at the end of the election.
The president of the table then takes the machine to the Electoral Tribunal and there they pick up the internal data and do the vote counting.
IMO it's reasonably resistent to tampering, and allow for parallel counting, which makes it resistent to frauds. Yeah, being open source would help for sure, and setting up a country-wide parallel vote counting would be very hard, but it is possible.
I believe the U.S. should just license our technology and be happy with it ;-)
That's not your first e-voting.
That's the second time i worked in the elections, and i must say that since the elections became electronic, we never have problems with scandals or doubts of the results.
Erevybody forgets to say that befero the elections the polling machine prints the name of every candidate and the number of votes they have, in this case zero.
At the end of the election, the machine prints beteween 5 and 10 lists of results. It depends on how many parties representatives wants copies.
I and the others working with me had to sign every copie that the machine prints.
So you still have some "paper insurance".
Well, its not a perfect system, for sure it can be hacked, but so can the ballot system.
Ballots can be faked as well.
I really can't understand why people still have this felling that the paper system is much more secure.....face it, if a goverment really want to fake an election, the system dont matter...it will.
No paper trail to allow audits. No source code available (that I know off, at least). No guarantee that the binaries loaded on the machines were built from the source inspectors looked (?) at.
It would be nice if people held this at the same "bashing level" anything from Diebold is held; because, really, it's not that different, the way I see it.
Cheers
PS: not implying that was any fraud here, it seems like there wasn't. I'm just said that the current machinery do not allow you to prove it by auditing the results :(
you put votes in, out comes sausage. how does the machine turn votes into sausage? i don't know, i can't look inside, its not transparent
voters in the poorest nation in the world, and voters in the richest, should all use paper ballots. end of debate
because its TRANSPARENT
it does a rich society no benefit to advance beyond transparency, and any, ANY electronic voting machine does exactly that. the rich country can use ocr for quicker tallying
what is the reason for electronic voting? what is saved? the nes media can announce the winner faster? that's more important to then the integrity of the voting process?
electronic voting, including traditional mechanical voting machines, are more ripe for abuse. not because you can't do dirty tricks with paper ballots, but because electronic voting (and to a lesser degree tradtional mechanical voting machines) increases the number of attack vectors by an order of magnitude, and increases the damage a lone operative can do, exponentially
sure a guy can dump all of the paper ballots from a precinct in the river. he can stuff the box with fake ballots. how much damage is this guy doing? and who can see him do this?
compare that to one... ONE guy who can hack into a machine or database and instantly change votes for an entire country, across the board, in mere milliseconds. he can even introduce algorithms to make statistical analysis of the votes "safe", so as to raise no red flags
make a list of what you consider the greatest threat to democracy
whatever is on your list: nope, wrong
it's electronic voting. electronic voting removes transparency and introduces distrust into the voting process. electronic voting will prove to be the biggest mistake and the greatest threat to democracy, ever
democracy's greatest strength is that it creates legitimacy, no other form of government renews legitimacy in the eyes of its people. it gives the people a real voice in their own government. remove that trust with black box voting, make the process lose integrity of the eyes of the common people, and you remove legitimacy and stability and faith in the government. lose that, and you lose everything
democracies of the world, please: paper ballots. there is no way to improve the process with electronic voting that does not also undermine its integrity. its a black box. it can do nothing except remove transparency
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Some patients of mine work with the elections in Brazil. Being a slashdot guy for a while I am always asking them questions about the voting system. What I have learned: # the code is available in advance for the parties OPEN SOURCE (only not online) # the software/firmware is loaded on the machines in front of the parties # the machine has no open slots for the outside world # it is sealed tamper free with a special seal that solf destroys once openned. # the is a hash code to ensure the validity of the files # only the vote is recorded, there is no way on knowing who voted on who. # the order of the votes on the files is radomly changed every new vote cheers,
I'm sorry but is not enough, the election has to be transparent to all society. How can a bunch of lawyers and judges judge if the code is ok? It is hard even for people in the area, subtle "bugs" can change the result, security from obscurity is no security at all.
As I said before, in other thread, I trust the system as the results have been coherent with pools and what is expected, but it is far from a system that I would trust with my eyes closed.
[]'s Victor Bogado da Silva Lins
^[:wq
I remember waiting in line for about an hour or two in every (paper based) election. Last Sunday I spent five minutes (the whole process). Honestly, since vote is mandatory, I really don't care if my vote will be tampered or not. Try to spend an hour in a line inside a dirty building that has no air conditioning with people you don't know...
If they rigged the elections, they did it to guarantee that their candidates (and themselves, in case of incumbency) lost ?? Because that happened in, like, 60% of the cities?
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
still could be done a whole lot better.
Better *for whom*?
The people who need to validate the result of an election, or the people who need to manipulate the result?
Deleted
The ballots are not connected to the Internet. Voting data is transported on flash cards or floppy disks.
Australians must use paper ballots by law, but we don't get any fraud problems.
Well, the name-vote thing is already possible, if you consider that a poll worker has to punch your number in the control terminal before the machine allows you to vote. As I mentioned elsewhere in this discussion, nothing short of the convoluted three-ballot system proposed by a security guru sometime ago can stop this.
the software can be audited by the parties too...
As I said before any interested political party can check the source code, compilation, signing, etc. If *you* want to do it as an individual, you can't but you can do it as a party representative. In this terms, I think the general society is well served in this matter.
Scientia est Potentia
The problem is that the system is not open. The more people have access to the source sode more secure it will be. The way it is today very few people have access to it and many if not all the people who have access to it have a direct interest in the result and by consequence in defrauding it.
If the code is secure why can't we look at it?
[]'s Victor Bogado da Silva Lins
^[:wq
As a good Brazilian, I don't trust our government and our politicians at all. Some weeks ago, the people that design the voting system published some comments in a technology blog saying the system is unsafe and anyone could boot it using an external device. And I won't even argue about the unavaiable source code.
The source code is available, but not to general public. The parties have access to it and to the machines for testing prior to the election
And it will get worse. Last week, I saw some of the Elections big guys saying that in 2016 we'll have a biometric checking in every voting machine. Without the source code, how can I know some dirty goverment agency, hidden in some obscure basement, will not have an excel spreadsheet with 'name - vote'??? 1984 is getting closer, I thought. And nobody here seems to care.
I don't mean to scary you, but nowadays this could happen too. The staff at the elections type in you voter id at the machine. It shouldn't be saving it, but who knows... To save the id or the fingerprint is just the same. At this point you have to thrust the parties that can audit the software
-- dnl
I agree that more openness will be great but it's a great improvement from what it used to be and I think it's much better than anything else available.
Scientia est Potentia
You know what? Let's try it. I mean, how many people would have to be intimidated for you to swing the vote? That's a lot of home invasions.
269 in the US. 2000 election
Others have posted evidence that intimidation has happened recently
Interesting,
In my article I had the link:
http://www.tse.gov.br/eleicoes/urna_eletronica/simulacao_votacao/UrnaApplet.htm
You just pointed to another link on the same site:
http://www.tse.gov.br/internet/eleicoes/urna_eletronica/simulacao_votacao/2008/SimUrnaBR.html
I wonder what the difference is?
I am always doing that which I can not do, in order that I may learn how to do it. - Pablo Picasso
Yes I know this is off topic, but I had to check out the tag line on this one.
"I'm making a Low Budget HDV Filipino Horror Movie in NYC [bangamovie.com]"
Interesting, I don't know about your special effects they could be better, but the girl is just beautiful.
http://www.videotechnology.com/ is my site.
I am always doing that which I can not do, in order that I may learn how to do it. - Pablo Picasso
A renowned brazilian computer science professor has posted in his blog (sorry, it is in Portuguese) an in interview with a security consultant hired to assess the voting machines: http://smeira.blog.terra.com.br/2008/09/08/eleicoes-tse-esconde-a-verdade-sobre-as-urnas/ His results are pretty scary, but what is even more scary is what the government has decided to do in response (google translated): "But the fact is that the partial reports indicate so many vulnerabilities in the system, ranging from Generation of Media to writing data to floppy disk, the TSE (brazilian government agency) has decided to: 1) keep the reports secret to completely prevent voters to know that the Brazilian system has vulnerabilities , 2) prevent the penetration tests requested in 2006 by political parties, 3) abandon the current project for electronic ballot boxes after the elections of 2008, 4) to extend the contract with FACTA/CenPRA to try to develop a new project of electronic ballot boxes more reliable for the elections of 2010 and 5) to misinform the voters, in public denying the existence of security holes, saying that tests of penetration will be allowed in 2008." The following website gives more details learn more about the penetration tests performed on the voting machines (again, in Portuguese): http://www.brunazo.eng.br/voto-e/textos/penetracao1.htm
Joana M. F. da Trindade http://joanadatrindade.wikidot.com
You can never know what code is in place on the voting machine,the accumulator machine, or at any point on the chain. This is a false sense of security, this notion that open source will solve the problem. The code posted for you to read is not necessarily the same code on the machines.
Even if the system is pure and shiny, NEXT time someone will slip in the alterations when no one cares to look anymore. A computer based system exists to cheat.
This is a solution to a non-existent problem. Canada does it right - manually.They finish their elections in three hours, by hand count. Florida in 2000 was slow because the Repubs were told to slow it down to a crawl by challenging every damn ballot during the hand count to create the perception that hand counts were impossible. We watched them do it, live on camera for godssake.
demands recounts.
The only thing new in this world is the history that you don't know.[Harry Truman]