Slashdot Mirror
Hackers Fail To Crack Brazilian Voting Machines
blueser writes "From Nov 10th to Nov 13th the Brazilian Government hosted a public hacking contest to test the robustness of its voting machines. 38 participants from private and public IT companies (including the Brazilian Federal Police) were divided into 9 teams, which tried several different approaches to try to tamper with the software installed on the machines, and even to physically interfere in other stages of the process. All attempts (aside from a minor one which would not compromise the overall results) failed, and observations from the participants and neutral observers will be taken into account to improve the process even further. Here is the official announcement for the contest (Google translation; Portuguese original). A summary of the results is available in the Brazilian press (original). Brazilian voting machines use Linux." US voting officials ought to be envious of their Brazilian counterparts, or ashamed, or both. Perhaps this MIT-developed cryptographic voting system offers a way forward.
Obviously this puts a lot of software produced in the US to shame.
Today it seems like it's all about selling something crappy for money in the US with an EULA where you free yourself of all responsibility.
And when someone points out the flaws the lawyers are called in to hide the fact that there is a gap that can put Grand Canyon to shame.
No wonder that the world has suffered so much malicious software.
Sure - call me a troll, but it's also an observation. Time to market is more important than quality.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
Time to market is more important than quality.
Yeah look at Ubuntu. Every 6 months on the dot no matter what the quality.
;)
And uuh...yeah...Look at Vista. Was that 6 or 7 years to market?
Your statement doesn't hold up.
There's no place like
Yet I find the concept of actively encouraging people to hack your system, through for instance competitions, far more comforting than insisting that the only security is total secrecy. Particularly in the field of electronic voting systems.
The Long Now Foundation
1. How do you know that "A paper ballot vote is completely observable and does not require trust"?
2. "Electronic voting is unnecessary and undemocratic." -- There are democratic political systems and undemocratic ones. There are no such thing as "democratic" or "undemocratic" technology. Technology is neutral; it depends on who is using it and how it is used.
Colorless green Cthulhu waits dreaming furiously.
> Failure to find a flaw does not prove absence of a flaw.
And failure to find an unicorn doesn't prove absence of a unicorn. I claim that there is no flaw. It is now your job to find the flaw and prove me wrong.
> A paper ballot vote is completely observable and does not require trust.
So you think that computers can't be trusted, because you don't trust people handling them, but you can trust paper, because you trust people handling them?
I would also add that having an uncrackable machine from an exterior attacker says nothing about the ability of a government to tamper an election.
The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
How could you then verify a person's claim that their vote was changed? How do you prove that they aren't just changing their own mind at the last minute? I mean if every single vote in a voting machine was changed then you could very easily say that there was some tampering involved, but say a person tampered with many many systems across many states. And then say this person tampered with only a small percentage of votes on each machine and only to a randomly selected group of people (no connections to each other, random number of people). Then it wouldn't be apparent that there was any tampering involved, just a few people who wanted to change their vote after the fact. Just my thoughts....
except that if you read the arcticles, you'll see that it was more an auditing proccess done by several diferent professionals than an actual contest.
What ? Me, worry ?
It's funny that they'd crow about the fact that "hackers" couldn't break their security in three days. Hacking a voting machine isn't a timed athletic contest. It might take 4 days, or a week, or a year, but once it happens, the damage from a hacked election could be catastrophic for a nation.
The problem with voting machines is that somebody has to make them, usually a private company. Private companies are after profit. Profit + elections can be a disastrous combination. The effects of private money have turned the US political system into a bad joke.
The way to secure and fair elections is not through any proprietary technology, that's for sure.
You are welcome on my lawn.
Particularly in the field of electronic voting systems a cracking contest is snake oil. That is because the real threat for voting system integrity is not hackers but corruption of people that are in some way in control over the voting systems.
I will claim that open and verifiable oversight over any voting process is of the utmost importance. However I can not agree that that simply having a cracking contest is "snake oil"; unless it is presented as absolute proof that the entire process itself is incorruptible. The "corruption of people" is an potential threat in all voting systems regardless of method; electric, paper, mechanical, or what have you.
The Long Now Foundation
Yeah, but what is your population? From Wikipedia, about 46M. Check Bras(z)il's: 190M. Your area? 500.000 square km, versus 8 millions and a half. And bear in mind that some of the brazilian population live in areas that only can be acessed by boat or airplane - not a big fraction, of course, but we have much bigger dispersion than Spain or any other European country.
Where is that guy who'd die defending what I had to say when I need him?
Anyone can understand how this process works, and can observe it in full (except for the actual point when the voter marks their ballot paper, since it's a secret ballot.) And here in the UK, there are observers throughout, not least from the various political parties (each of whom has an interest in ensuring that there isn't any fraud being committed against them) and the media. And if there's a dispute about the result, the counting can be easily verified.
Compare this to using an electronic voting machine:
(I have deliberately left out how the votes are actually counted, as I'm not familiar with the actual systems in use, and (more importantly) this is how it will appear to most voters - as a magic box that takes their selections as an input and spits out a result as the output, with no understanding of how it does that.)
In this system the vast majority of the electorate will have no understanding of how it works, and nobody can observe the actual counting, they are reliant on techies checking the machines and saying "yes, this works properly." And if there is a dispute about whether the machines have counted the votes properly, there is no way to do a recount to verify the result. (I am deliberately ignoring electronic voting machines which produce a paper receipt, because in the event of a dispute the receipts can be counted - the machine is there just providing a faster method of counting.)
The first step to transparency is for people to be able to understand how the system is meant to work, only then can you move on to confirming that the system does work as it is meant to. Do you see now why paper voting is more transparent that electronic voting?