Slashdot Mirror
Contest To Hack Brazilian Voting Machines
An anonymous reader writes "Brazilian elections went electronic many years ago, with very fast results but a few complaints from losers, of course. Next month, 10 teams that accepted the challenge will have access to hardware and software (Google translation; original in Portuguese) for the amount of time they requested (from one hour to four days). Some will try to break the vote's secrecy and some will try to throw in malicious code to change the entered votes without leaving traces."
The simplest way to win this is to hack the judging process so that your team is announced the winner, with a false claim that you hacked one of the machines.
A senior aide goes up to President Bush. "Sir," he begins, "we just heard that two Brazilian men were killed in an attack in Iraq."
Bush is visibly shaken, he hangs his head and covers his mouth with his palm. After a few moments, he asks in a solemn tone, "How many is a Brazilian, again?"
The simplist explanation is that corruption is the problem not the technical aspects of these voting machines. These errors wouldn't be tolerated with ATM machines because the public seems to care a lot more if their bank account is fraked with but not so much their vote for some reason... That's the only real way to clean up the corruption; get the public to put real pressure on the entities involved in the voting process.
Sigs are too short to say anything truly profound so read the above post instead.
Actually the puzzling thing to me is why is electronic voting so "popular". Why do the people in charge keep promoting it?
Most electronic voting systems are bad at a very important requirement:
Convincing the loser (and enough of his supporters) that he lost.
The system doesn't just have to work correctly, it has to be accepted as working correctly (enough).
With various fancy cryptography and systems it is possible to have an electronic system that is anonymous, verifiable and reasonably secure (see: http://www.youtube.com/watch?v=ZDnShu5V99s for ideas on how this could be done), but as far as I can tell, they're not going for such systems.
So why not just stick with paper ballots in a process where almost everything is done in the open? That way the eventual loser's representatives, 3rd party observers, various other people can observe every count of each vote. It's simple enough to understand. While postal votes can still be used to rig stuff, most electronic voting systems are also vulnerable to that same problem.
That paper based system may take a bit more time, but it scales reasonably well - the more voters there are, the more volunteers there should be for counting. I'm assuming that it's not a case where too many of the citizens either can't count or are too lazy to do so.
I like this idea. Voting systems corporations claim their solution is accurate and secure, let them put their money where their mouth is and let people try and crack it. If their machine's security depends on nobody being allowed to even try then it's all theater.
write a simple app that writes the vote to a flat text file,
Thus writing the votes sequentially. If you independently record the order in which people vote (audio recorder in your pocket), then you can pretty easily know how each of them voted. See, you've failed at preserving voter privacy already. Preserving it requires randomizing the order of the votes in some way, which is not very practical with a flat text file.
pretends to then read the recorded result back to the voter for them to confirm,
Fixed that for you. What's written in the file does not have to match what's recorded in the file and the voter will never be able to prove anything. The software you wrote may not be the one that's used during the elections either. And again it's unlikely you'll be able to prove anything.
and store a hash of the result separately. encrypt all the drives, lock down the hardware in each location with steel boxes and armed guards if needed.
All this protects is the result. You need to prevent tampering of the software and yet make it possible to update it to integrate fixes (unless you claim to be able to produce bug-free software in your first attempt). You also need to make it possible to change the ballot definitions obviously (unless you plan on your system being used only once and then thrown away), and yet prevent non authorized parties (including election employees) from hacking them.
encrypt all the drives,
Encryption is to prevent unauthorized parties from reading the disk. What you really want is signing of all the executable code by a trusted authority so you can detect any tampering. The problem is finding a trusted authority: it obviously cannot be the government in place, not the voting computer manufacturer either, a random bloke taken off the streets? (who picks him?)
Yet another problem is that none of this lets the voter verify the voting machine in front of him has not been hacked on election day.
transport the results out of the voting location with the votes and hash separately and count then use the hash to verify that the count wasn't tampered with in transit etc.
All election officials have to do is prepare matching votes and hashes in advance of the election and substitute them for the real ones during transport, or in the secure storage room to which the public does not have access. Lesson: as soon as something leaves the polling place, and thus escapes the surveillance of the public, you can assume it has been corrupted.
These errors wouldn't be tolerated with ATM machines because the public seems to care a lot more if their bank account is fraked with but not so much their vote for some reason...
When an ATM machine makes a mistake they very quickly see the result of it on their bank statement. So yes, they then get upset.
When a voting machine makes a mistake, someone still gets elected with no one the wiser (unless the error was huge like more votes than voters). So since nobody knows the machines made a mistake (or were hacked) nobody cares or is upset.
what boggle my mind that slot machines are constructed to be more secure and more easily auditable(to make sure the settings conform to regulations) than voting machines.
- You OUGHT to vote if you are a Brazilian citizen between 18 and 70, and is not illiterate. You get in a lot of trouble if you don't.
- You don't register for avery election; you have a "voting ID" valid for every public election.
- You have to vote in a specific designated place (noted in your "voting ID"), generally the closest voting section from the address you provided when getting your "voting ID". If you are away, you have to justify the absence (preferably on a mail office, at the election day)
- Election happens in one day, throughout the country (there may be 2-phase elections, for example for mayor, governor or president, when in the 1st phase the winner does not get more than 50% of the votes - oh, yes, we DIRECTLY vote for president - every citizen's vote has the same "weight").
- Although the voting machine is electronic, when you get to the voting section there are PAPER books with all voters for that section listed, and your ID is checked against that. You sign the book and get a "receipt" detached from it (you have to prove you voted, as it is a legal obligation).
Soo, the electoral authority "knows" how many votes should appear in the results. Generally we do not have Disney characters, dead people, etc. voting, nor people voting in several electoral sections.
As far as I can remember, results have matched the pre-election polls (from multiple sources) quite well. Generally people know in advance what the result will be from each city or even city area, and that can be seen in real time as the electronic counting unfolds at election night (yes, we generally get most results in the night of the election day). I can't recall results being seriously contested by the losing parties (we have MANY parties).
Results are manipulated by "social engineering": Sending buses/boats to collect people from remote locations for voting in "exchange" for voting, trading dental treatment promises, money, death threats, etc. Illegal too, but easier and more difficult to trace than manipulating after the votes were cast.
I trust that there are so many crooks in politics in my country that if a party found a way to manipulate the results after elections, there would be so many me-too-or-else-I'll-tell that it would spread like a wildfire and the results would be awkward enough to be laughable. It is a self-regulating system. If a hacker found a way to manipulate the results, he would not stop at selling the method to one single candidate. I believe the same applies for other voting methods (except the ones which allow Mickey Mouse to register, of course) - it is not the system itself that prevents fraud, but the fact that fraud works both ways, and that the result is not a complete surprise.
In recent international elections you can see in the news that if the results do not match what the population though it would be, it is noticed at once, and people get to the streets (sometimes there wasn't even a fraud, it's just that some people won't accept the losing). It hasn't happened here so far, so we still trust the way it's been done.