Slashdot Mirror
Linux On Brazilian Voting Machines, the Video
Augusto writes "Just 10 days ago, 130M Brazilian voters were turned into users of one of the largest Linux deployments worldwide: the 400,000 electoral sections in all of the 5,563 Brazilian municipalities were running electronic voting machines, and the Linux kernel was running in all of them. These voting machines have been used in Brazil since 1996, and are rugged, self-contained, low-spec PCs. We've discussed the technical details of this Linux deployment and implementation elsewhere, but I thought it would be interesting to show some pictures (and a movie) of Linux booting on these voting machines. So I asked for official permission and thus was helped by a technician while I took some quick pictures and made a small movie showing the boot process, where you can actually read the kernel messages."
IT is great... Linux is great, but e-voting doesn't belong anywhere in major, general elections, IMHO.
If you can code it, you can hack it. If you have coders or admins, you have potential security threats.
If you can read this... 01110101 01110010 00100000 01100001 00100000 01100111 01100101 01100101 01101011
They're morons and the planet would be better off without them.
Because of all the high quality Brazilian wax
Diebold!
Does Diebold make these voting machines? In the video at the bottom right of the voting machine screen is the Diebold logo.
It appears theses machines are made by Diebold. Why don't we use them in the US elections instead of the terrible versions we seem to get statside.
Free software for free votes, what a great match-up. Plus, it beats the Diebold machines running on Windows CE that kept crashing.
Incidentally, I just voted in our Canadian federal election and we're still using the pencil-and-paper and human-counted voting method. Slower, but still the most reliable and secure method IMO.
asshat
Anybody know what these are running - or at least what it is based on?
From the pics I cannot tell much.
Is this a custom build or a distro hack?
[edit]
Just checked the picture again and saw MINIX - could it be?
[/edit]
Seven Days with Ubuntu Unity
That is the bigger thing to have even big then the os part.
Talking about drivers - in the one picture you can see the USB fingerprint reader's driver loading. I find that interesting as our local LUG had a discussion a while back about the lack of support for fingerprint readers on some of the newer laptops.
Am I correct in assuming that these drivers are open to share and could be used on a laptop to try and get it's fingerprint scanner to work?
Seven Days with Ubuntu Unity
if you make voting more complex, you increase the number of attack vectors. and where previously, you might need to have a conspiracy of multiple actors to dispose of/ falsify paper votes over a length of time and with grueling effort affecting only a fraction of precincts, now, one well-placed guy, and one fine tuned hack, can in 3 milliseconds massage the votes in such a way that they defy auditing, statistical analysis...
do brazilians really want brazilian democracy to be this vulnerable to a major challenge to its legitimacy?
i find the prospect of electronic voting to the single most greatest threat to democracy i can think of today. because it undermines the legitimacy of the process. you can't make it transparent AND secure at the same time: these two processes are diametrically opposed to each other. either its secure and opaque and therefore untrustworthy (oh, you're going to trsut some underpaid government technicians with the legitimacy of your democracy? "trust us, everythign is fine"), or its transparent and open to more avenues of mischief. and electronics, unlike paper and pencil, are fundamentally opaque. its a black box: you put votes in, a tally comes out. within that black box is too much potential for easy mischief ranging across the entire vote of millions of people in mere milliseconds. of course you can do mischief with paper ballots. its just that the time and effort required is humongous compared to what one little quick hack can do
it is absolutely absurd to me that anyone would entrust the perception of the legitimacy of their government to electronic voting. every democracy, from the poorest, to the richest, should use paper ballots and ocr. that anyone would seriously consider electronic voting, to me, belies a fatal inability to understand what the role of transparency and trust play in the legitimacy of your democratic government, a fatal inability to understand the whole point of what the voting process is: it must be absolutely clear to the people of a democracy that their vote counts, and that their vote is real. you don't get that with electronics
its mindboggling to me. what does it take to convince technofetishists that the voting process must NOT be "improved"? for the sake of the perception of legitimacy of your government?
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
There have been linux-compatible fingerprint scanners with open-source drivers since 2001. That doesn't mean the scanner in your laptop will work... It's probably a different scanner.
Whoa, that's a Diebold system ... Diebold is that company whose name turns up on almost any news item related to voter fraud (and similar corruption) in the US, which you can see more clearly at sites like Black Box Voting.org. I didn't know that there was an option for flashing those systems, already purchased by many municipalities, with a friendlier configuration (Free Software should be mandatory for processes like this which can only function with FULL transparency). This might be a viable out for many a local government.
However ... the same problem presented by Diebold's bad code is presented to reprogrammable systems like these. Therefore, as Richard Stallman (among many, many others) advocates, you still need a physical paper trail for FULL accountability. You need those in order to provide the transparency needed to investigate allegations of misconduct, and frankly, despite the increased cost, this is necessary for the assurance of freedom and democracy that it gives. We can't afford not to.
Use my userscript to add story images to Slashdot. There's no going back.
Certainly the Year of Linux!
I think the focus should be shifted from how easy it is to hack e-voting machines or print out fake ballots, and get down to the real problem. The real problem is Corrupt people in a system without the proper checks and balances. If we can remove the corruption the system will work, whether its pencil/paper or e-voting. There is no easy way to do this, but I do have a suggestion. At every point in any voting system that can be compromised by a corrupt person place a member from all interested parties there to oversee the operation as a group. It may mean a little more overhead but it will remove the root cause that led to the compromise in the first place.
There goes my $0.02
Why can't we make a secure, or indeed even a vaguely useful electronic voting system when we can make a perfectly secure electronic system that prints lottery tickets?
Has anyone ever heard of a lottery machine being hacked to print a winning ticket?
There's on on every corner market here in the US. Hundreds of thousands of them. They all link to some computer somewhere that records what was sold and when. You get a ticket with your numbers on it, along with some barcoded looking info to verify it's a real ticket.
As much as someone would like to rig a vote, I'm sure there's a much higher incentive to rig the lottery. And I've *never* heard of anyone doing that successfully.
So what gives? Why is a voting machine so damned difficult to make compared to a lottery machine? You'd think the lottery machine would be more difficult. It's certainly the more attractive hacking target.
It's always puzzled me. I'm in embedded design, and it still puzzles me why electronic voting is so damned difficult.
Weaselmancer
rediculous.
testing
I kinda figured as much.
Thanks.
Seven Days with Ubuntu Unity
So I guess this is what Linus had in mind when he was talking about world domination all those years ago...
it's junk
As a Brazilian, born and raised here, I can say this is one of the few things I'm proud of in my country. Ever since they implemented the electronic voting process, things have never been more efficient. It may seem a bit "too open" by using open source code for this type of procedure, but I've seen articles explaining the entire process. Rest assured, the "open-sourceness" of this idea is the least of their concerns. The entire process is controlled and verified by multiple agents and doubled checked for fraud. All political parties are allowed to point representatives that personally follow the whole process of gathering disks, transmitting data and adding up all the votes in one central server. As far as the people are concerned, the whole thing is very transparent and does not rely entirely on computer encryption, but also on human verification and validation. Any data transmitted is done via a secure government Intranet, and never via public Internet (as one may wonder). The source code of the operating system is maintained and updated by the government under strict security policies. As far as I can tell, this beats the hell out of any bag of paper ballots. Any ellection here takes at most a few hours to get the results to the people. We usually know the results of it on the same day we vote, just in time for the evening news.
Julio Henrique Morimoto juliohm@gmail.com
'It's Not the People Who Vote that Count; It's the People Who Count the Votes' (Though, it is actually never proven that he said this). So, it doesn't matter if your vote was hand counted, Diebolded or Linuxed. If the powers that be who are managing the vote counting are biased or corrupt, it is all moot anyway.
it is not required of me to defend the american system in order to attack the brazilian system. please, by all means, attack the american system if you want, i am not defending it, i agree it sucks in many ways, most definitely with the disgusting electoral college. if you reflexively attack the american system when i attack the brazilian system, this is just kneejerk tribalism on your part, you completely miss the point: my words of criticism of the brazilian system are not being spoken as an american, or a japanese, or even a brazilian. this is not a soccer match. i am simply, as a human being who wishes democracy to remain as airtight as possible, imploring everyone to stick with paper voting, not just in brazil, but anywhere democracy flourishes
that the system gives a print out means nothing. if i ghost write statistically invisible records across a wide swath of a vote, covering perhaps 1-10% of a vote, i can sway the entire election on close calls. what will the paper printout protect you from then? you are going to call everyone back and compare each and every record to find the discrepancy? good luck
and you point to how the system is robust. robust against what? a script kiddie? say i am a powerful interest: petrol, agriculture, whatever. the vote looks like it is going against my financial interests, i can see $100 million in losses if a new administration comes in with a new policy. so i am willing to put $10 million up to bribe the right government official, or two (as opposed to hundreds of officials with a paper vote to affect the same volume of changes: impossible to remain an airtight conspiracy). then i hire the 1 right top level hacker programmer to plug in at the right moment at the right spot to ghost write and cover all our tracks and in such a pseudorandom way as to defy statistical analysis
i've just bought the brazilian presidency
only with electronic voting is this scenario possible to happen, and remain absolutely silent and unnoticed
this doesn't bother you? you don't see how this scenario is impossible with paper voting, simply because it requires too much effort by too many actors to remain unnoticed and affect that much change?
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Cool that it runs a Linux kernel, but every single pic from TFA clearly shows Diebold written all over (literally) - everything from the chassis/mold, GUI, and even the POST screen are customized to have Diebold on it...
If only I had the mod points I had 2 days ago...
in how it describes the completely opaque methodology by which secures transactions
duh
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Our Brazilian e-voting system is much better than the old pen-and-paper one. In the first days of "democracy" it was common to see people on the very poor cities voting with a gun aimed at their heads to make sure people were voting in the "right" candidate. Our greater problem isn't the voting machines or the voting system, but people who vote in a illiterate candidate who is well-known to be associated with picketing and known alcoholic. Well, can't win 'em all
Thanks for your concern about our elections!
Really, I mean it. We sure can use the support of neighbours to improve our frail but well-intentioned democracy.
Now, just as a guy who has witnessed electronic elections for about 20 (that's twenty, yes, sir/ma'am) years, I can safely say without any fear of being wrong: it's way better with electronic voting.
This might even be more related to a educational higher level of our population, but we have a much more transparent voting now. Things happen so fast it might even not allow much time or opportunity for tampering.
Elections finish at 17 o'clock and results are already known on the same day.
For all the valid votes of the 130 million voters.
Even if something goes wrong, it's a matter of a few hours more.
As an aside, IMHO, we're going for instant public consultation in the [far|not so far] future. We already have TV programs with telephone voting (though nothing serious).
Discussing paper and pen with such an aim, well... it's counterproductive, ain't it?
Linux in embedded applications is not necessarily any more secure than Windows. On both, if you take out things you don't need, so just run the kernel, minimal support applications, plus the custom application for your embedded device, you end up with about the same level of security.
And that level is NOT good enough for voting machines. The right way to do a voting machine is to design a system (hardware and software) specifically for this one task. This system should be subjected to state of the art formal methods, form the specification through the implementation (with all steps open for public review by experts). This would be hard, and might take a few years, but it would be worth it. Voting machine can have a very long service life, on the order of decades or even a century or more, so taking a few years to get it right up front is justified.
You know, those ones where for the last 50 years, only the Quebecer gets a majority.
Speaking as an ex-Canadian, I now see it's obvious who's doing the counting up there.
Well, I certainly can't argue with logic like that!
If you can read this... 01110101 01110010 00100000 01100001 00100000 01100111 01100101 01100101 01101011
I don't think so. Remember that it isn't enough to merely change votes; that just wins you a quick ticket to prison. The criminals' goal is to change votes without being caught by any election observers who are watching the polls. And what system makes that goal easier to achieve? Creating an electronic voting machine that can change digital ballots undetected just requires basic programming skills and access to the machine. Creating a ballot box that can change paper and pencil ballots undetected requires magic.
Or to look at honest goals instead: securing a paper ballot box requires that you send someone who you can trust to watch every ballot going into it. Securing an electronic ballot box requires that you send someone who you can trust to watch the voltage on every transistor. Only the former can be accomplished by human eyes.
Comment removed based on user account deletion
So ... exactly how many is a Brazilian? I hope they have an automated install process.
The InkaVote ballot readers that Los Angeles County uses run Linux. Red Hat Enterprise Linux. I know, I'm a pollworker, and I've seen 'em boot. BTW the precinct readers are there to guard against blank ballots and overvotes...the paper ballot is the record of the vote in LA County.
Knowledge is power. Knowledge shared is power multiplied.
E-voting is not a technical problem (hardware or software) but a political and social problem.
Countless highly secure systems are used throughout the world on a daily basis by governments (think about the systems and processes controlling nuclear arsenals), businesses (trading and banking systems), and John & Susie Q Public (the ATM) alike.
Sadly the extremely poor designs of the e-voting machines to date have stained the image of these machines both in the political and public arenas when a great design could have had the exact opposite effect.
Sounds like an opportunity to me!
Code his own routine to make sure his vote is accounted for
My country -Mexico- has many traits in which it is comparable to Brazil - About half of the population, about the same divide between rural and metropolitan areas. We have stuck with paper-based voting - Many of you will recognize the Mexican fraudocracy as not exactly clean. Still, we do have the electoral results "in time for the evening news" - with a certain error margin, of course. If the election is too close, the result is delayed by a couple of days. That does not require e-voting machines. And greatly enhances confidence - Many of us (polls say ~30% today) still believe the 2006 elections were a scam. The paper trail is there - there are legal locks preventing a recount, but the paper trail is there. It's not just bits inside the computer.
Legitimate voters.
As the increasing fiasco with with the ACORN organization shows (when even CNN and MSNBC are wondering what's going on with ACORN's voter registration policies, something big is up), we may have to clamp down on voter verification procedures to stop or minimize problems such as:
1) Voters registered in more than one precinct.
2) Dead persons still registered to vote.
3) Persons not eligible to vote still being able to vote (convicted felons and non-citizens).
While the Linux-based system for electronic voting is all fine and dandy, until we cure these problems (most likely by requiring strict verification procedures such as showing US passport, US birth certificate or US naturalization certificate plus proof of current residence address before getting voter registration). I know I'll be modded WAY down for saying this, but voter fraud is turning into a serious problem, as the current election cycle shows all too clearly.
They're morons and the planet would be better off without them.
But without religion we wouldn't have founded government and their by making it so we could go away from religion. Which when you think about it, its kinda funny, the religious freaks are driving the majority away from religion. So in theory, the religious freaks will end themselves which is what you want.
~
NoName
Pulling out random shit from a hat since 1995.
Shoot Yourself In the Foot
Well I do think that electronic vote can be as secure as any other form of voting, but an also interesting thing is how fast that machine booted.
Maybe not the fastest thing in the world but definitely faster than may box.
Without an enduring record of the voter intent, where the chain of trust between the voter and the record of the vote is unbroken, the results of the election cannot be known trustworthy.
The very best we have is paper people.
When a voter, holds the pen or pencil, reads the ballot, makes their mark and can see their mark correctly reflects their intent, that chain of trust is unbroken.
From there, we use that record to then tally the votes.
That can be verified, recounted, you name it.
Changing physical media leaves the media in a less than perfect state. Further changes are extremely difficult to do without also leaving some record of the additional change. Plus it takes a really long time, so it's hard to get the numbers.
Electrons just change! There is no record period. One moment they are one way, the next, they are the other way and there is not a damn thing we can do to change this.
Also, when a voter uses a machine, what gets recorded is what the machine thought the voter intent was, not a trusted record of the voter intent. This is a vote by proxy and is not trustworthy.
If we want to use machines, I suggest we use them to print up a ballot on demand, then have the voter mark the ballot, then use a machine, if we want to, to count the marked ballots, combined with audits and such to verify the machine accuracy is at an acceptable level.
When the election is really close, we count them by hand, in the public eye, verifying each and every vote.
These are the ways that trustworthy elections are done.
Sorry, I like Open Source, believe in it, think it's the shit and all of that.
I don't believe voting with electronic records of any kind is a healthy way to run the democratic process.
We, the people, need to cast and count our votes, watching one another, so that the count is solid, the votes cast are solid and therefore the process as a whole is solid.
There is no cheap and easy democracy. Either we step up and perform our civic duty, or others do it for us! And that's why they keep pushing the damn machines people!
Blogging because I can...
Your post advocates a
:
(X) technical ( ) legislative (X) questionable
approach to voting using a computer. Your idea will not work. Here is why it will not work
(x) Any system can be hacked
( ) Your methods are flawed
(x) Your methods are not understood by the general voting population
(x) Your method uses the internet to vote
(x) Your method removes secrecy from the voting process
(x) The system is corrupt from it's roots
( ) The police will not put up with it
(x) Requires too much cooperation from politicians
( ) Requires immediate total cooperation from everybody at once
( ) Many voting computer companies makes do not want to spend money into research
(x) Voting computer companies don't care about invalid votes in their computers
Specifically, your plan fails to account for
(x) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for voting
( ) Asshats
(x) Jurisdictional problems
(x) Extreme profitability of making voting fail
(x) Joe jobs and/or identity theft
(x) Technically illiterate politicians
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
(x) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(x) Feel-good measures do nothing to solve the problem
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
( ) All of the above
Slashdot: stuff for news, nerds that matter, matter for news, stuff that nerd
FFS I chose my UName after 1MM+ unames had already been chosen. I didn't want to be LinuxDude545 or FlyingSpaghettiMonster844, so I chose a unique name on a whim.
People need to get over it... I swear, I've discovered atheists are a bigger pain in the ass than Christians!
If you can read this... 01110101 01110010 00100000 01100001 00100000 01100111 01100101 01100101 01101011
Hmm, thought they used boobie tassles in Brasil for voting. Twirl the left one or the right one, and in front of everyone so there's no fraud.
We should just vote using boats. People vote by boarding a boat that represents a candidate. So there's no confusion, the candidate will also be onboard. First boat to sink wins.
.. why is Linus Torvalds the new president of Brazil?
This comment was written with the intention to opt out of advertising.
"I thought it would be interesting to show some pictures (and a movie) of Linux booting..."
I think that you are a very sick person.
The biggest challenge of being an atheist these days is dealing with the fact that you're grouped together with these asshats.
I already made a long post about this a few days ago so I won't post it again but, in short:
1) The source is available to any parties interested.
2) There is a paper trail.
3) The software is signed by all parties and can be audited at any time.
4) The hardware is Diebold because this company bought the brazilian one that created and manufactured the machines. The hardware is custom-made not of-the-shelf Diebold stuff.
5) Yes, the wikipedia article is not totally correct.
6) I know the system is not perfect but we believe it's the best we can do and the peer review from several different opposing parties and different segments of the constituted powers provides adequate insurance against fraud.
Scientia est Potentia
Us in Canada just did a national election last night, useing our tried-and-true paper system. I hope it never gets changed.
Frankly I don't see why some people / countries feel the need for an electornic system. COnsider, on the eve of election night, less than an hour after the polls closed all the major networks already called the election within 5% margin of error, and the vast majority of the individual seats were called as well. Paper works fast because it si DISTRIBUTED. Each poll only has a couple thousand votes to go through, and has 3-4 people on staff, so they can count that very quickly. As they get their results they report them to district offices, who report them to the media, who feed them into their big election computers. The whole thing runs very smooth and very fast.
Yes, I know Canada has "only" ~20 million some voters. HOwever, this changes nothing because the problem scales linearly. More voters / more polls / more volunteers. It should not make the overall process any slower or introduce any more chances for error.
Yes, any system can be hacked. But the idea here is that every vote is verifiable, and the count is verifiable, so to hack it every system would need to be hacked.
My methods could easily be explained to anyone. "Verify your vote using your password." "Count the votes yourself." Difficult?
With a password (which I forgot about during my initial post), how exactly is secrecy eliminated?
Your language is corrupt from it's [sic] roots, but I don't understand your comment. How is this corrupt?
Obviously, your objections along the lines of "but we don't have the political will" are valid, but I hardly see that as a reason to ignore the problem and not look for solutions. No change ever happens without political will, so this complaint is irrelevant to the discussion.
As for what I fail to account for: yes, laws mandate the current system, and it's obvious that laws would need to be changed. But that's required for any change.
Identity theft: assuming md5 (or whatever hash you like) is really one-way, how is this worse than the current system? There are easier ways to get social security numbers than cracking encrypted passwords, and it's easy enough not to tie the SSN to any other identifying information--make the hash based on SSN and password and nothing else.
Similar ideas have probably been thought of. Have they been tried? How do they fail? Claiming that something won't work just because nobody has tried it is disingenuous.
Trust me and my servers? The whole point of the idea was to make that unnecessary. Where do you need to trust me? Everyone would have access to all the potentially-verified raw data.
Nothing to solve the problem? Depends what the problem is. Perhaps the real problem is a bunch of shitwits without education being allowed to vote. Their votes are bought by flashy TV ads, not by good ideas, so they will simply vote for whomever spends the most money on them. Or perhaps the real problem is that we need Borda counts, or runoff votes, or something? Maybe you meant global warming, or ocean acidification, etc? Perhaps the problem is that humans are too stupid and petty to live? Or, um, what were you referring to?
Your checklist maybe assumes more familiarity with the issues than I have. Could you slow down and demonstrate specific problems and potential solutions?
Thanks for not burning my house down. Although with the current credit crisis such an event might be highly appreciated by many subprime mortgage holders. :)
"The biggest problem with communication is the illusion that it has taken place."
From the article:
Just some 20 hours after that, every brazilian city - including those few, far deep in the rain forest - knew the name of their new mayor and councilors, who will take office for the 2009-2012 term.
What can justify taking 20 hours to count the votes? Even manual counting is done in an hour or two. Maybe these cities are very isolated but this should not matter since these sound like local elections, and thus should be entirely handled at the local level. And the article spins this as a great achievement because miscreants only had 20 hours to stuff ballots instead of 80?
All political parties have access to the source code, and digitally sign the executable code, and thus can confirm, at any individual machine, that the running software is the official one.
How? By looking at a checksum on the screen? Does the author realize that the machine can show whatever it wants so that this proves nothing? This affirmation sounds like official propaganda taken at face value.
http://augustocampos.net/arquivos/uebrl-04.JPG
In this screenshot we can clearly see what looks like a bog-standard BIOS. Do the political parties have its source too? Did they verify the corresponding binaries? Did they sign them?
please check this site for the reason behind my post. Mind that this is the very site that started the movement to get voting computers officially *outlawed* in The Netherlands. They explicitly are against using any form of computer, being open or otherwise, because of the intrinsic risks involved in them.