Slashdot Mirror
Hackers Fail To Crack Brazilian Voting Machines
blueser writes "From Nov 10th to Nov 13th the Brazilian Government hosted a public hacking contest to test the robustness of its voting machines. 38 participants from private and public IT companies (including the Brazilian Federal Police) were divided into 9 teams, which tried several different approaches to try to tamper with the software installed on the machines, and even to physically interfere in other stages of the process. All attempts (aside from a minor one which would not compromise the overall results) failed, and observations from the participants and neutral observers will be taken into account to improve the process even further. Here is the official announcement for the contest (Google translation; Portuguese original). A summary of the results is available in the Brazilian press (original). Brazilian voting machines use Linux." US voting officials ought to be envious of their Brazilian counterparts, or ashamed, or both. Perhaps this MIT-developed cryptographic voting system offers a way forward.
Obviously this puts a lot of software produced in the US to shame.
Today it seems like it's all about selling something crappy for money in the US with an EULA where you free yourself of all responsibility.
And when someone points out the flaws the lawyers are called in to hide the fact that there is a gap that can put Grand Canyon to shame.
No wonder that the world has suffered so much malicious software.
Sure - call me a troll, but it's also an observation. Time to market is more important than quality.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
Yet I find the concept of actively encouraging people to hack your system, through for instance competitions, far more comforting than insisting that the only security is total secrecy. Particularly in the field of electronic voting systems.
The Long Now Foundation
1. How do you know that "A paper ballot vote is completely observable and does not require trust"?
2. "Electronic voting is unnecessary and undemocratic." -- There are democratic political systems and undemocratic ones. There are no such thing as "democratic" or "undemocratic" technology. Technology is neutral; it depends on who is using it and how it is used.
Colorless green Cthulhu waits dreaming furiously.
> Failure to find a flaw does not prove absence of a flaw.
And failure to find an unicorn doesn't prove absence of a unicorn. I claim that there is no flaw. It is now your job to find the flaw and prove me wrong.
> A paper ballot vote is completely observable and does not require trust.
So you think that computers can't be trusted, because you don't trust people handling them, but you can trust paper, because you trust people handling them?
I would also add that having an uncrackable machine from an exterior attacker says nothing about the ability of a government to tamper an election.
The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
Particularly in the field of electronic voting systems a cracking contest is snake oil. That is because the real threat for voting system integrity is not hackers but corruption of people that are in some way in control over the voting systems.
I will claim that open and verifiable oversight over any voting process is of the utmost importance. However I can not agree that that simply having a cracking contest is "snake oil"; unless it is presented as absolute proof that the entire process itself is incorruptible. The "corruption of people" is an potential threat in all voting systems regardless of method; electric, paper, mechanical, or what have you.
The Long Now Foundation