Slashdot Mirror
Hackers Fail To Crack Brazilian Voting Machines
blueser writes "From Nov 10th to Nov 13th the Brazilian Government hosted a public hacking contest to test the robustness of its voting machines. 38 participants from private and public IT companies (including the Brazilian Federal Police) were divided into 9 teams, which tried several different approaches to try to tamper with the software installed on the machines, and even to physically interfere in other stages of the process. All attempts (aside from a minor one which would not compromise the overall results) failed, and observations from the participants and neutral observers will be taken into account to improve the process even further. Here is the official announcement for the contest (Google translation; Portuguese original). A summary of the results is available in the Brazilian press (original). Brazilian voting machines use Linux." US voting officials ought to be envious of their Brazilian counterparts, or ashamed, or both. Perhaps this MIT-developed cryptographic voting system offers a way forward.
Obviously this puts a lot of software produced in the US to shame.
Today it seems like it's all about selling something crappy for money in the US with an EULA where you free yourself of all responsibility.
And when someone points out the flaws the lawyers are called in to hide the fact that there is a gap that can put Grand Canyon to shame.
No wonder that the world has suffered so much malicious software.
Sure - call me a troll, but it's also an observation. Time to market is more important than quality.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
Cracking contests are warning sign number 9 on Bruce Schneier's list of security snake oil warnings.
"linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
1. How do you know that "A paper ballot vote is completely observable and does not require trust"?
2. "Electronic voting is unnecessary and undemocratic." -- There are democratic political systems and undemocratic ones. There are no such thing as "democratic" or "undemocratic" technology. Technology is neutral; it depends on who is using it and how it is used.
Colorless green Cthulhu waits dreaming furiously.
> Failure to find a flaw does not prove absence of a flaw.
And failure to find an unicorn doesn't prove absence of a unicorn. I claim that there is no flaw. It is now your job to find the flaw and prove me wrong.
> A paper ballot vote is completely observable and does not require trust.
So you think that computers can't be trusted, because you don't trust people handling them, but you can trust paper, because you trust people handling them?
If there was a strong incentive or motive, that might have made a big difference. If all you get from success in cracking is the recognition, that won't bring in all the possible methods. OTOH, if there was a genuine and significant prize, like actually taking leadership of the country, or a billion dollars, you might find the machines can be cracked.
now we need to go OSS in diesel cars
"I claim that there is no flaw. It is now your job to find the flaw and prove me wrong."
Not really. It is your job to prove to me that there is no flaw. It's the same thing with a paper ballot. You still have to prove to me that there is not a flaw in the paper ballot. Of course, I can look over the ballot in all of about 15 seconds and see that it's the correct ballot. It's far harder to find a race condition in a voting machine running proprietary software that causes miscounted votes.
-1 disagree is not a modifier for a reason. -1 troll, flaimbait, redundant, overrated are NOT acceptable substitutes.
they were designed under the electoral court's orders by universities and private companies. after the design was ready, the manufacturing was outsorced to several comapnies, one of them was procomp, that later was purchased by diebold.
diebold doesn't own the designs or the copyright to the software. the electoral court does. so if diebold is thinking about selling similar machines in US, they'll have to pay our govt. royalties.
What ? Me, worry ?
How can you, personally, be sure that every vote in every ballot in the country was counted correctly? Paper votes are sensitive to "economic power" frauds. The party which can put more inspectors in the process is the one which controls the counting.
In Brazil there was a big affair in the 1982 Rio de Janeiro state governor elections, when the leftist candidate Brizola denounced an attempt to subvert the vote counting, in what became known as the "Proconsult scandal". According to Brizola's party, this fraud attempt was performed with the collusion of the right-wing media organizations, which presented fake exit polls indicating a victory for the rightist candidate.
In any major election there are many people working together and one must inevitably trust a lot of people involved in the counting. No ordinary citizen has the resources to monitor an election by himself, the support of the party is needed.
In these days, any political party should have lots of people who know and understand computing technology. It's much easier and cheaper to let a trusted team of computer experts do a thorough audit on the software than to get a large team of scrutineers to watch every little detail where a paper ballot can be defrauded.
It's important to note that the prize for the winner is of just R$ 5.000, a little under $ 3.000. This certainly scared most experts away.
On a side note, you guys have just slashdotted our fucking Superior Election Court website. I hope you are happy.