Slashdot Mirror
Linux On Brazilian Voting Machines, the Video
Augusto writes "Just 10 days ago, 130M Brazilian voters were turned into users of one of the largest Linux deployments worldwide: the 400,000 electoral sections in all of the 5,563 Brazilian municipalities were running electronic voting machines, and the Linux kernel was running in all of them. These voting machines have been used in Brazil since 1996, and are rugged, self-contained, low-spec PCs. We've discussed the technical details of this Linux deployment and implementation elsewhere, but I thought it would be interesting to show some pictures (and a movie) of Linux booting on these voting machines. So I asked for official permission and thus was helped by a technician while I took some quick pictures and made a small movie showing the boot process, where you can actually read the kernel messages."
IT is great... Linux is great, but e-voting doesn't belong anywhere in major, general elections, IMHO.
If you can code it, you can hack it. If you have coders or admins, you have potential security threats.
If you can read this... 01110101 01110010 00100000 01100001 00100000 01100111 01100101 01100101 01101011
Diebold!
Does Diebold make these voting machines? In the video at the bottom right of the voting machine screen is the Diebold logo.
Free software for free votes, what a great match-up. Plus, it beats the Diebold machines running on Windows CE that kept crashing.
Incidentally, I just voted in our Canadian federal election and we're still using the pencil-and-paper and human-counted voting method. Slower, but still the most reliable and secure method IMO.
Anybody know what these are running - or at least what it is based on?
From the pics I cannot tell much.
Is this a custom build or a distro hack?
[edit]
Just checked the picture again and saw MINIX - could it be?
[/edit]
Seven Days with Ubuntu Unity
That is the bigger thing to have even big then the os part.
Talking about drivers - in the one picture you can see the USB fingerprint reader's driver loading. I find that interesting as our local LUG had a discussion a while back about the lack of support for fingerprint readers on some of the newer laptops.
Am I correct in assuming that these drivers are open to share and could be used on a laptop to try and get it's fingerprint scanner to work?
Seven Days with Ubuntu Unity
There have been linux-compatible fingerprint scanners with open-source drivers since 2001. That doesn't mean the scanner in your laptop will work... It's probably a different scanner.
Whoa, that's a Diebold system ... Diebold is that company whose name turns up on almost any news item related to voter fraud (and similar corruption) in the US, which you can see more clearly at sites like Black Box Voting.org. I didn't know that there was an option for flashing those systems, already purchased by many municipalities, with a friendlier configuration (Free Software should be mandatory for processes like this which can only function with FULL transparency). This might be a viable out for many a local government.
However ... the same problem presented by Diebold's bad code is presented to reprogrammable systems like these. Therefore, as Richard Stallman (among many, many others) advocates, you still need a physical paper trail for FULL accountability. You need those in order to provide the transparency needed to investigate allegations of misconduct, and frankly, despite the increased cost, this is necessary for the assurance of freedom and democracy that it gives. We can't afford not to.
Use my userscript to add story images to Slashdot. There's no going back.
Certainly the Year of Linux!
I think the focus should be shifted from how easy it is to hack e-voting machines or print out fake ballots, and get down to the real problem. The real problem is Corrupt people in a system without the proper checks and balances. If we can remove the corruption the system will work, whether its pencil/paper or e-voting. There is no easy way to do this, but I do have a suggestion. At every point in any voting system that can be compromised by a corrupt person place a member from all interested parties there to oversee the operation as a group. It may mean a little more overhead but it will remove the root cause that led to the compromise in the first place.
There goes my $0.02
Why can't we make a secure, or indeed even a vaguely useful electronic voting system when we can make a perfectly secure electronic system that prints lottery tickets?
Has anyone ever heard of a lottery machine being hacked to print a winning ticket?
There's on on every corner market here in the US. Hundreds of thousands of them. They all link to some computer somewhere that records what was sold and when. You get a ticket with your numbers on it, along with some barcoded looking info to verify it's a real ticket.
As much as someone would like to rig a vote, I'm sure there's a much higher incentive to rig the lottery. And I've *never* heard of anyone doing that successfully.
So what gives? Why is a voting machine so damned difficult to make compared to a lottery machine? You'd think the lottery machine would be more difficult. It's certainly the more attractive hacking target.
It's always puzzled me. I'm in embedded design, and it still puzzles me why electronic voting is so damned difficult.
Weaselmancer
rediculous.
I kinda figured as much.
Thanks.
Seven Days with Ubuntu Unity
So I guess this is what Linus had in mind when he was talking about world domination all those years ago...
It appears theses machines are made by Diebold. Why don't we use them in the US elections instead of the terrible versions we seem to get statside.
Are you new on politics or is my sarcasm detector offline?
So say we all
As a Brazilian, born and raised here, I can say this is one of the few things I'm proud of in my country. Ever since they implemented the electronic voting process, things have never been more efficient. It may seem a bit "too open" by using open source code for this type of procedure, but I've seen articles explaining the entire process. Rest assured, the "open-sourceness" of this idea is the least of their concerns. The entire process is controlled and verified by multiple agents and doubled checked for fraud. All political parties are allowed to point representatives that personally follow the whole process of gathering disks, transmitting data and adding up all the votes in one central server. As far as the people are concerned, the whole thing is very transparent and does not rely entirely on computer encryption, but also on human verification and validation. Any data transmitted is done via a secure government Intranet, and never via public Internet (as one may wonder). The source code of the operating system is maintained and updated by the government under strict security policies. As far as I can tell, this beats the hell out of any bag of paper ballots. Any ellection here takes at most a few hours to get the results to the people. We usually know the results of it on the same day we vote, just in time for the evening news.
Julio Henrique Morimoto juliohm@gmail.com
'It's Not the People Who Vote that Count; It's the People Who Count the Votes' (Though, it is actually never proven that he said this). So, it doesn't matter if your vote was hand counted, Diebolded or Linuxed. If the powers that be who are managing the vote counting are biased or corrupt, it is all moot anyway.
Cool that it runs a Linux kernel, but every single pic from TFA clearly shows Diebold written all over (literally) - everything from the chassis/mold, GUI, and even the POST screen are customized to have Diebold on it...
If only I had the mod points I had 2 days ago...
in how it describes the completely opaque methodology by which secures transactions
duh
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
it's because
Meaning they actually have to make a product worthy enough to get purchased over their competitors... instead of just getting an exclusive contract.
Collector's Edition
Linux in embedded applications is not necessarily any more secure than Windows. On both, if you take out things you don't need, so just run the kernel, minimal support applications, plus the custom application for your embedded device, you end up with about the same level of security.
And that level is NOT good enough for voting machines. The right way to do a voting machine is to design a system (hardware and software) specifically for this one task. This system should be subjected to state of the art formal methods, form the specification through the implementation (with all steps open for public review by experts). This would be hard, and might take a few years, but it would be worth it. Voting machine can have a very long service life, on the order of decades or even a century or more, so taking a few years to get it right up front is justified.
It's a distributed system. You would have to bribe a lot of people (and the civil servants who make it all happen are well paid indeed) unless all you wanted to do were to elect someone at the municipal level. If you tried to elect a president by messing with the votes at the center of the system, you'd have to make the numbers agree with the local (state and municipal) tallies. The ballots are audited with overview from all the parties. You are just overly paranoid.
Well, I certainly can't argue with logic like that!
If you can read this... 01110101 01110010 00100000 01100001 00100000 01100111 01100101 01100101 01101011
I don't think so. Remember that it isn't enough to merely change votes; that just wins you a quick ticket to prison. The criminals' goal is to change votes without being caught by any election observers who are watching the polls. And what system makes that goal easier to achieve? Creating an electronic voting machine that can change digital ballots undetected just requires basic programming skills and access to the machine. Creating a ballot box that can change paper and pencil ballots undetected requires magic.
Or to look at honest goals instead: securing a paper ballot box requires that you send someone who you can trust to watch every ballot going into it. Securing an electronic ballot box requires that you send someone who you can trust to watch the voltage on every transistor. Only the former can be accomplished by human eyes.
Comment removed based on user account deletion
So ... exactly how many is a Brazilian? I hope they have an automated install process.
Mod parent up!
While I don't agree with everything said above, that opens up an interesting discussion.
There are many issues here, some have been discussed when Diebolds were on the tip of the gun..
Maybe it's just me, watching too much Alias and similar.. Even though there are extensive checks being implemented in the Brazilian voting process, no process is unhackable, and even the claim of having extensive checks could make people less alert of a potential rigging of the election..
The InkaVote ballot readers that Los Angeles County uses run Linux. Red Hat Enterprise Linux. I know, I'm a pollworker, and I've seen 'em boot. BTW the precinct readers are there to guard against blank ballots and overvotes...the paper ballot is the record of the vote in LA County.
Knowledge is power. Knowledge shared is power multiplied.
Code his own routine to make sure his vote is accounted for
My country -Mexico- has many traits in which it is comparable to Brazil - About half of the population, about the same divide between rural and metropolitan areas. We have stuck with paper-based voting - Many of you will recognize the Mexican fraudocracy as not exactly clean. Still, we do have the electoral results "in time for the evening news" - with a certain error margin, of course. If the election is too close, the result is delayed by a couple of days. That does not require e-voting machines. And greatly enhances confidence - Many of us (polls say ~30% today) still believe the 2006 elections were a scam. The paper trail is there - there are legal locks preventing a recount, but the paper trail is there. It's not just bits inside the computer.
Legitimate voters.
As the increasing fiasco with with the ACORN organization shows (when even CNN and MSNBC are wondering what's going on with ACORN's voter registration policies, something big is up), we may have to clamp down on voter verification procedures to stop or minimize problems such as:
1) Voters registered in more than one precinct.
2) Dead persons still registered to vote.
3) Persons not eligible to vote still being able to vote (convicted felons and non-citizens).
While the Linux-based system for electronic voting is all fine and dandy, until we cure these problems (most likely by requiring strict verification procedures such as showing US passport, US birth certificate or US naturalization certificate plus proof of current residence address before getting voter registration). I know I'll be modded WAY down for saying this, but voter fraud is turning into a serious problem, as the current election cycle shows all too clearly.
Because the current administration found out these cost 200 Brazilian dollars each and thought that meant some big number larger than billion.
They're morons and the planet would be better off without them.
But without religion we wouldn't have founded government and their by making it so we could go away from religion. Which when you think about it, its kinda funny, the religious freaks are driving the majority away from religion. So in theory, the religious freaks will end themselves which is what you want.
~
NoName
Pulling out random shit from a hat since 1995.
Shoot Yourself In the Foot
Without an enduring record of the voter intent, where the chain of trust between the voter and the record of the vote is unbroken, the results of the election cannot be known trustworthy.
The very best we have is paper people.
When a voter, holds the pen or pencil, reads the ballot, makes their mark and can see their mark correctly reflects their intent, that chain of trust is unbroken.
From there, we use that record to then tally the votes.
That can be verified, recounted, you name it.
Changing physical media leaves the media in a less than perfect state. Further changes are extremely difficult to do without also leaving some record of the additional change. Plus it takes a really long time, so it's hard to get the numbers.
Electrons just change! There is no record period. One moment they are one way, the next, they are the other way and there is not a damn thing we can do to change this.
Also, when a voter uses a machine, what gets recorded is what the machine thought the voter intent was, not a trusted record of the voter intent. This is a vote by proxy and is not trustworthy.
If we want to use machines, I suggest we use them to print up a ballot on demand, then have the voter mark the ballot, then use a machine, if we want to, to count the marked ballots, combined with audits and such to verify the machine accuracy is at an acceptable level.
When the election is really close, we count them by hand, in the public eye, verifying each and every vote.
These are the ways that trustworthy elections are done.
Sorry, I like Open Source, believe in it, think it's the shit and all of that.
I don't believe voting with electronic records of any kind is a healthy way to run the democratic process.
We, the people, need to cast and count our votes, watching one another, so that the count is solid, the votes cast are solid and therefore the process as a whole is solid.
There is no cheap and easy democracy. Either we step up and perform our civic duty, or others do it for us! And that's why they keep pushing the damn machines people!
Blogging because I can...
Your post advocates a
:
(X) technical ( ) legislative (X) questionable
approach to voting using a computer. Your idea will not work. Here is why it will not work
(x) Any system can be hacked
( ) Your methods are flawed
(x) Your methods are not understood by the general voting population
(x) Your method uses the internet to vote
(x) Your method removes secrecy from the voting process
(x) The system is corrupt from it's roots
( ) The police will not put up with it
(x) Requires too much cooperation from politicians
( ) Requires immediate total cooperation from everybody at once
( ) Many voting computer companies makes do not want to spend money into research
(x) Voting computer companies don't care about invalid votes in their computers
Specifically, your plan fails to account for
(x) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for voting
( ) Asshats
(x) Jurisdictional problems
(x) Extreme profitability of making voting fail
(x) Joe jobs and/or identity theft
(x) Technically illiterate politicians
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
(x) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(x) Feel-good measures do nothing to solve the problem
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
( ) All of the above
Slashdot: stuff for news, nerds that matter, matter for news, stuff that nerd
FFS I chose my UName after 1MM+ unames had already been chosen. I didn't want to be LinuxDude545 or FlyingSpaghettiMonster844, so I chose a unique name on a whim.
People need to get over it... I swear, I've discovered atheists are a bigger pain in the ass than Christians!
If you can read this... 01110101 01110010 00100000 01100001 00100000 01100111 01100101 01100101 01101011
.. why is Linus Torvalds the new president of Brazil?
This comment was written with the intention to opt out of advertising.
"I thought it would be interesting to show some pictures (and a movie) of Linux booting..."
I think that you are a very sick person.
Then you'll just get campaign ads that appeal to fat people...
Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it.
The biggest challenge of being an atheist these days is dealing with the fact that you're grouped together with these asshats.
I already made a long post about this a few days ago so I won't post it again but, in short:
1) The source is available to any parties interested.
2) There is a paper trail.
3) The software is signed by all parties and can be audited at any time.
4) The hardware is Diebold because this company bought the brazilian one that created and manufactured the machines. The hardware is custom-made not of-the-shelf Diebold stuff.
5) Yes, the wikipedia article is not totally correct.
6) I know the system is not perfect but we believe it's the best we can do and the peer review from several different opposing parties and different segments of the constituted powers provides adequate insurance against fraud.
Scientia est Potentia
Us in Canada just did a national election last night, useing our tried-and-true paper system. I hope it never gets changed.
Frankly I don't see why some people / countries feel the need for an electornic system. COnsider, on the eve of election night, less than an hour after the polls closed all the major networks already called the election within 5% margin of error, and the vast majority of the individual seats were called as well. Paper works fast because it si DISTRIBUTED. Each poll only has a couple thousand votes to go through, and has 3-4 people on staff, so they can count that very quickly. As they get their results they report them to district offices, who report them to the media, who feed them into their big election computers. The whole thing runs very smooth and very fast.
Yes, I know Canada has "only" ~20 million some voters. HOwever, this changes nothing because the problem scales linearly. More voters / more polls / more volunteers. It should not make the overall process any slower or introduce any more chances for error.
Yes, any system can be hacked. But the idea here is that every vote is verifiable, and the count is verifiable, so to hack it every system would need to be hacked.
My methods could easily be explained to anyone. "Verify your vote using your password." "Count the votes yourself." Difficult?
With a password (which I forgot about during my initial post), how exactly is secrecy eliminated?
Your language is corrupt from it's [sic] roots, but I don't understand your comment. How is this corrupt?
Obviously, your objections along the lines of "but we don't have the political will" are valid, but I hardly see that as a reason to ignore the problem and not look for solutions. No change ever happens without political will, so this complaint is irrelevant to the discussion.
As for what I fail to account for: yes, laws mandate the current system, and it's obvious that laws would need to be changed. But that's required for any change.
Identity theft: assuming md5 (or whatever hash you like) is really one-way, how is this worse than the current system? There are easier ways to get social security numbers than cracking encrypted passwords, and it's easy enough not to tie the SSN to any other identifying information--make the hash based on SSN and password and nothing else.
Similar ideas have probably been thought of. Have they been tried? How do they fail? Claiming that something won't work just because nobody has tried it is disingenuous.
Trust me and my servers? The whole point of the idea was to make that unnecessary. Where do you need to trust me? Everyone would have access to all the potentially-verified raw data.
Nothing to solve the problem? Depends what the problem is. Perhaps the real problem is a bunch of shitwits without education being allowed to vote. Their votes are bought by flashy TV ads, not by good ideas, so they will simply vote for whomever spends the most money on them. Or perhaps the real problem is that we need Borda counts, or runoff votes, or something? Maybe you meant global warming, or ocean acidification, etc? Perhaps the problem is that humans are too stupid and petty to live? Or, um, what were you referring to?
Your checklist maybe assumes more familiarity with the issues than I have. Could you slow down and demonstrate specific problems and potential solutions?
Thanks for not burning my house down. Although with the current credit crisis such an event might be highly appreciated by many subprime mortgage holders. :)
"The biggest problem with communication is the illusion that it has taken place."
From the article:
Just some 20 hours after that, every brazilian city - including those few, far deep in the rain forest - knew the name of their new mayor and councilors, who will take office for the 2009-2012 term.
What can justify taking 20 hours to count the votes? Even manual counting is done in an hour or two. Maybe these cities are very isolated but this should not matter since these sound like local elections, and thus should be entirely handled at the local level. And the article spins this as a great achievement because miscreants only had 20 hours to stuff ballots instead of 80?
All political parties have access to the source code, and digitally sign the executable code, and thus can confirm, at any individual machine, that the running software is the official one.
How? By looking at a checksum on the screen? Does the author realize that the machine can show whatever it wants so that this proves nothing? This affirmation sounds like official propaganda taken at face value.
http://augustocampos.net/arquivos/uebrl-04.JPG
In this screenshot we can clearly see what looks like a bog-standard BIOS. Do the political parties have its source too? Did they verify the corresponding binaries? Did they sign them?