Linux On Brazilian Voting Machines, the Video

← Back to Stories (view on slashdot.org)

Linux On Brazilian Voting Machines, the Video

Posted by kdawson on Tuesday October 14, 2008 @07:26AM from the eat-your-heart-out-diebold dept.

Augusto writes "Just 10 days ago, 130M Brazilian voters were turned into users of one of the largest Linux deployments worldwide: the 400,000 electoral sections in all of the 5,563 Brazilian municipalities were running electronic voting machines, and the Linux kernel was running in all of them. These voting machines have been used in Brazil since 1996, and are rugged, self-contained, low-spec PCs. We've discussed the technical details of this Linux deployment and implementation elsewhere, but I thought it would be interesting to show some pictures (and a movie) of Linux booting on these voting machines. So I asked for official permission and thus was helped by a technician while I took some quick pictures and made a small movie showing the boot process, where you can actually read the kernel messages."

33 of 252 comments (clear)

Min score:

Reason:

Sort:

Linux is great, but... by religious+freak · 2008-10-14 07:29 · Score: 5, Insightful

IT is great... Linux is great, but e-voting doesn't belong anywhere in major, general elections, IMHO.

If you can code it, you can hack it. If you have coders or admins, you have potential security threats.

--
If you can read this... 01110101 01110010 00100000 01100001 00100000 01100111 01100101 01100101 01101011
1. Re:Linux is great, but... by m3j00 · 2008-10-14 07:31 · Score: 2, Insightful
  
  If you can hold it in your hand, you can destroy it. Vote tampering isn't exclusive to electronic voting, but it seems the widespread paranoia is.
2. Re:Linux is great, but... by moderatorrater · 2008-10-14 07:36 · Score: 5, Interesting
  
  If it's coded properly, open sourced and widely scrutinized, electronic voting would be more resilient than pen and paper voting.
3. Re:Linux is great, but... by Brigadier · 2008-10-14 07:38 · Score: 4, Interesting
  
  yea your right, what we need is a bunch of paper, marked in #2 pencil in a box. Yea that is much more secure. not everyone can hack an encrypted voting machine, everyone can steal a box and reprint voting forms.
4. Re:Linux is great, but... by FlyingBishop · 2008-10-14 07:41 · Score: 5, Insightful
  
  My main question is who can modify the source of the software they're using, and how are they verifying that the binaries are unmodified. Generally, I agree that Linux doesn't belong there, but I don't think it's unreasonable to say that any software used in voting machines must be open source.
  Here in the states, state law clearly defines how votes should be cast and counted. Without the source code to the program responsible for counting the votes, these laws will quite literally read something along the lines of:
  1.Voters enter votes into machines.
  2. ???
  3. Voters receive election results.
  The procedures for voting are a matter of public law. That must extend to procedures within the voting machines.
  If you think that's putting too large a technical burden on the lawmakers, look at building codes, patent law, etc. It's a little too late to call for law that is perfectly accessible to non-technical citizens.
5. Re:Linux is great, but... by barzok · 2008-10-14 07:43 · Score: 3, Funny
  
  No, you need cards with little holes that get punched out to indicate your selections. Those work much better.
6. Re:Linux is great, but... by Constantine+XVI · 2008-10-14 07:45 · Score: 3, Insightful
  
  It's much easier to destroy or modify 10,000 votes on a flash disk without a trace then destroy or modify 10,000 paper ballots without a trace.
  
  --
  "I think an etch-a-sketch with an ethernet port would beat IE7 in web standards compliance."
7. Re:Linux is great, but... by amorsen · 2008-10-14 07:55 · Score: 5, Interesting
  
  Physical security is something we're really good at. Thousands of years of experience. That doesn't mean that there are no failures, but in general you can at least detect that tampering took place and that it was deliberate.
  With voting machines, you get a bunch of places where candidates happen to win by a 16384 vote margin -- is that deliberate tampering, machine error, or maybe just plain luck? You'll never know, and therefore you'll probably never catch the criminals.
  
  --
  Finally! A year of moderation! Ready for 2019?
8. Re:Linux is great, but... by MozeeToby · 2008-10-14 07:59 · Score: 3, Interesting
  
  If banks can transfer billions of dollars every day safely and securely (in many cases without even a paper trail), there is no reason why a decent electronic voting system can't be made. Compared to an ATM, a voting machine should be a piece of cake, you don't have to worry about verifying the user's identity. You don't need to check the balances and rights. All you need to do is accept and record the current user's vote, them reset for the next user.
  Do give us open source so there are 50,000 coders doing Q&A on it. Do give us a paper trail so that if there is any suspision then the vote can be verified. Do involve election officials in at least the requirements process.
  Don't give us a function that clears all votes made on the system so that polling officers can 'adjust' the vote. Don't give us hardware which uses the same exact key to unlock every case. Most important, Don't try to cover it up if you screw the pooch; let us know so the recount can be performed by hand.
9. Re:Linux is great, but... by brazilian+brain · 2008-10-14 08:02 · Score: 5, Informative
  
  From TFA:
  All political parties have access to the source code, and digitally sign the executable code, and thus can confirm, at any individual machine, that the running software is the official one.
10. Re:Linux is great, but... by vbraga · 2008-10-14 08:03 · Score: 2, Informative
  
  Actually it also, obviously, a matter of law in Brazil (but Federal law). Machine's software is owned by the "Electoral Justice" and is digitally signed by all parties, so, any party can check if a machine is running the "correct" software.
  Part of machines prints all votes as other way to test the system.
  Machines used to run Windows CE, I think. Probably Linux was chosen was a way of driving costs down.
  Diebold is the main hardware supplier to the Brazilian government but not the unique or exclusive one.
  It's not a perfect system, but a pretty good one. Most Brazilian likes it (well, I'm Brazilian too).
  
  --
  English is not my first language. Corrections and suggestions are welcome.
11. Re:Linux is great, but... by Anonymous Coward · 2008-10-14 08:16 · Score: 2, Funny
  
  I can't decide if you need to start watching more CSI, or less of it.
12. Re:Linux is great, but... by buchner.johannes · 2008-10-14 08:19 · Score: 5, Insightful
  
  An election process has to provide the following characteristics (in some countries these are taken serious):
  1. Access: Only people allowed for voting may place their vote
  2. Equality: Each person may only be counted once and with the same weight of vote.
  3. Privacy: Noone can find out for whom a person voted.
  4. Secure against forgery:
  1. Valid votes can not be changed/forged.
  2. Valid votes may not be destroyed.
  3. Invalid votes may not be added
  5. Checkable: Each voter has the possibility, independent from any other person, to check the correctness of an election including all previous points.
  ( I didn't find this in the English Wikipedia, this is a quick translation from the German Wikipedia )**.
  You cannot ensure these with voting machines without the use of paper*. It is not a matter of code, just a fact of information and physics.
  Use paper. Optionally with punchscan and the such. Even the cost factor is irrelevant. Democracy is worth it.
  ____
  *Maybe with quantum computers. But can the average person check the setup? With paper, you can.
  ** I'd be grateful for a link
  
  --
  NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
13. Re:Linux is great, but... by pm_rat_poison · 2008-10-14 08:20 · Score: 2, Interesting
  
  Why do people think that the operator between electronic and traditional voting is "XOR"?
  Can't you have both?
  You can always use electronic voting that prints out paper votes, which are cast in a real life ballot. The voter then knows that nothing has been tampered with, the press gets ultra-fast draft results and the final results come from manually counting the printouts.
14. Re:Linux is great, but... by jeffmeden · 2008-10-14 08:22 · Score: 2, Insightful
  
  Are you kidding? This may be a phyrric argument (either way of doing it is fraud, and a real problem.) But, if you think it's hard to exploit a security hole (hint, they are in every piece of election software ever written) and dramatically change the voting results with little effort and even less evidence, you need to do some research on election systems. Paper voting means a physical paper trail, it absolutely IS harder to hide/destroy something that was once real (paper ballots) than to find something that you don't know is there (security holes in election software.)
15. Re:Linux is great, but... by Misch · 2008-10-14 08:25 · Score: 3, Informative
  
  Voter verified paper trail. IIRC, the machines in Brazil have one. In addition random hand recounts of precincts are needed as well.
  
  --
  
  --You will rephrase your request for me to go to hell. Goto statements are not acceptable programming constructs
16. Re:Linux is great, but... by neuromanc3r · 2008-10-14 08:36 · Score: 3, Insightful
  
  If banks can transfer billions of dollars every day safely and securely (in many cases without even a paper trail), there is no reason why a decent electronic voting system can't be made.
  
  Wow, that's a pretty terrible non-sequitur. The requirements for banking and voting are completely different. An ATM does not have to make sure that you cannot prove to anybody what you did when you used it. It does not have to prevent other people from tracing any action back to you. And if something goes wrong or someone tampers with the machine, you will know it sooner or later and can complain to your bank.
17. Re:Linux is great, but... by MikeDirnt69 · 2008-10-14 08:37 · Score: 2, Informative
  
  These machines logs everything into a paper roll. Even if you clean up the data, you still have it on paper.
  
  --
  Am I eval()? - http://www.monst3r.com.br
18. Re:Linux is great, but... by fugue · 2008-10-14 10:22 · Score: 2, Informative
  
  What if we did this:
  When you go to vote, you take a one-way hash (md5sum or something) of your SSN or SSN+lastname+phone or some other unique identifier, and enter that along with your vote.
  An official website lists each person's hashed ID and non-hashed vote. I can always check that my vote was registered correctly (and maybe repeat (before some deadline) until it is what I wanted it to be).
  I can download everyone's vote and count them myself.
  If there is a discrepancy, the responsible election officials will be flayed alive, and their heads impaled on stakes placed around the town walls for such occasions.
  What's the risk here? If voter profiling reveals that someone is probably not computer-literate then they can "safely" change that person's vote, as it's unlikely that that person will confirm? Still more countable than we have now. Of course, maybe computer-illiterate people don't, on average, have the education or news access to vote responsibly and shouldn't be allowed to vote anyway?
  What am I not considering?
  
  --
  "The biggest problem with communication is the illusion that it has taken place."
Free vote by Jabbrwokk · 2008-10-14 07:33 · Score: 4, Interesting

Free software for free votes, what a great match-up. Plus, it beats the Diebold machines running on Windows CE that kept crashing.
Incidentally, I just voted in our Canadian federal election and we're still using the pencil-and-paper and human-counted voting method. Slower, but still the most reliable and secure method IMO.
1. Re:Free vote by glwtta · 2008-10-14 08:01 · Score: 4, Funny
  
  I just voted in our Canadian federal election and we're still using the pencil-and-paper and human-counted voting method.
  
  Yeah, well, there's only like 47 people living in Canada - that makes things easier to do by hand.
  
  --
  sic transit gloria mundi
2. Re:Free vote by Nathanbp · 2008-10-14 08:22 · Score: 2, Interesting
  
  With pen and paper voting in the US, we'd need 10 times as many people to rig the election, thus greatly increasing the chance that someone would talk about it. Whereas with computerized voting machines, we don't have that problem.
3. Re:Free vote by swillden · 2008-10-14 10:02 · Score: 2, Insightful
  
  We have 30 million people, of which we take some small fraction to count by hand all the votes. I don't see the magical point between 30 million (in Canada) and 300 million (in the US), for example, where this small fraction of people would become necessarily larger.
  It's not the population that makes the difference, it's the complexity of the ballot. Because we we vote for national, state and local officials all on the same day and because we vote for individual office holders rather than parties, our ballots tend to be very long, with lots of difference choices expressed. I didn't count in 2006, but in 2004 my ballot had over 60 separate decisions to be made.
  Because of that, hand counting US ballots takes much more effort. Not so much that it couldn't be done, of course -- it was done that way for many years. Enough so that it takes a while, though, and we're impatient.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Re:I spy with my little eye... by socsoc · 2008-10-14 07:39 · Score: 4, Informative

from TFA:

The hardware is publically bought (in recent years, Diebold has been the main provider), but the software is developed in house by the Electoral Justice.
Re:I spy with my little eye... by scott_karana · 2008-10-14 07:40 · Score: 2, Informative

Yeah, I find it hilarious that in one story Slashdotters can rant and rave about how terrible Diebold is, and then just gloss over that fact in another which just so happens to also be about Linux.
Linux running on a brazillion voting machines? by DirtySouthAfrican · 2008-10-14 07:57 · Score: 4, Funny

Certainly the Year of Linux!
Re:I spy with my little eye... by amorsen · 2008-10-14 08:01 · Score: 2, Insightful

Luckily Diebold are probably too incompetent to manage a hardware hack. However, the threat model for Brazil really ought to include CIA involvement.

--
Finally! A year of moderation! Ready for 2019?
Brazil FTW by juliohm · 2008-10-14 08:25 · Score: 2, Interesting

As a Brazilian, born and raised here, I can say this is one of the few things I'm proud of in my country. Ever since they implemented the electronic voting process, things have never been more efficient. It may seem a bit "too open" by using open source code for this type of procedure, but I've seen articles explaining the entire process. Rest assured, the "open-sourceness" of this idea is the least of their concerns. The entire process is controlled and verified by multiple agents and doubled checked for fraud. All political parties are allowed to point representatives that personally follow the whole process of gathering disks, transmitting data and adding up all the votes in one central server. As far as the people are concerned, the whole thing is very transparent and does not rely entirely on computer encryption, but also on human verification and validation. Any data transmitted is done via a secure government Intranet, and never via public Internet (as one may wonder). The source code of the operating system is maintained and updated by the government under strict security policies. As far as I can tell, this beats the hell out of any bag of paper ballots. Any ellection here takes at most a few hours to get the results to the people. We usually know the results of it on the same day we vote, just in time for the evening news.

--
Julio Henrique Morimoto juliohm@gmail.com
Mod up = it's on the pics by Zantetsuken · 2008-10-14 08:38 · Score: 2, Informative

Cool that it runs a Linux kernel, but every single pic from TFA clearly shows Diebold written all over (literally) - everything from the chassis/mold, GUI, and even the POST screen are customized to have Diebold on it...

If only I had the mod points I had 2 days ago...
Re:Diebold by twistedsymphony · 2008-10-14 08:53 · Score: 2, Insightful

It appears theses machines are made by Diebold. Why don't we use them in the US elections instead of the terrible versions we seem to get statside
it's because

Diebold is the main hardware supplier to the Brazilian government but not the unique or exclusive one.
Meaning they actually have to make a product worthy enough to get purchased over their competitors... instead of just getting an exclusive contract.

--
Collector's Edition
Everyone can steal a box? by roystgnr · 2008-10-14 09:24 · Score: 2, Insightful

I don't think so. Remember that it isn't enough to merely change votes; that just wins you a quick ticket to prison. The criminals' goal is to change votes without being caught by any election observers who are watching the polls. And what system makes that goal easier to achieve? Creating an electronic voting machine that can change digital ballots undetected just requires basic programming skills and access to the machine. Creating a ballot box that can change paper and pencil ballots undetected requires magic.
Or to look at honest goals instead: securing a paper ballot box requires that you send someone who you can trust to watch every ballot going into it. Securing an electronic ballot box requires that you send someone who you can trust to watch the voltage on every transistor. Only the former can be accomplished by human eyes.
Comment removed by account_deleted · 2008-10-14 09:34 · Score: 2, Interesting

Comment removed based on user account deletion
Re:This is the wrong way to do a voting machine by blazerw11 · 2008-10-14 09:35 · Score: 2, Insightful

Linux in embedded applications is not necessarily any more secure than Windows. On both, if you take out things you don't need
Your entire premise is flawed.

if you take out things you don't need
You can't take out things on Windows, thus you can't prove

you end up with about the same level of security

--
A great many people think they are thinking when they are merely rearranging their prejudices. -- William James