Brazilian Breaks Secrecy of Brazil's E-Voting Machines With Van Eck Phreaking

After the report last week that Brazil's e-voting machines had withstood the scrutiny of a team of invited hackers, reader ateu writes with news that a hacker has shown that the Linux-based voting machines aren't perfectly safe; he was able to eavesdrop on them (translated from Portuguese) by means of Van Eck phreaking.

Honestly

[pieisgood]

What options do you have to protect your self from Van eck phreaking? Lead casing? Foil voting boxes? Honest replies welcome.

Re:Honestly

Condoms.

Yours in failed democracy.

K. Trout.

Re:Honestly

[sjames]

Copper mesh or metal plating on the case tied to the ground. Chokes on all connections. If touchscreen, you could be screwed since it might not like a copper mesh but if it isn't covered it becomes an emitter.

Re:Honestly

It's simple. just throw out the person with the radar dish, oscilliscope, and notepad.

Re:Honestly

[robbak]

Several ideas. Of course, use LCDs, as the CRT circuitry is the bad one. Shield the data connections so they don't radiate too much. Make the connections that transmit unencrypted data short. Use low-contrast fonts, so the sharp edges do not cause large voltage (and therefore EMI) spikes. Randomise the low bits of data shown on the screen, so you create obfuscating noise.

Maybe you have to go as far as have a white noise transmitter to mask what you cannot elimiate. Plenty of room to move. Good on them for having such a contest - it flushed out all the 'Ooh, I didn't think of that' problems.

Re:Honestly

[Opportunist]

Easy. Take the machine, hollow them out, put a board in and use their shell as a guard from prying eyes for pen&paper voting. The manufacturers of the machines get the money and we get secure and anonymous voting.

Re:Honestly

[mrmeval]

Not much really. While it is possible to effectively protect a device from such snooping it is very expensive due to the testing and handling requirements. I don't see it on the link but I think there is a commercial Tempest standard.

http://www.eskimo.com/~joelm/tempestintro.html

The page has good info and you can try the anti-Tempest fonts for a grin. It's based on the paper also referenced on that page.

Re:Honestly

[jambarama]

Not only that, but no device will ever be "perfectly safe." That phrase doesn't appear in TFA, it shouldn't have been put in the summary. If someone has to resort to Van Eck phreaking just to eavesdrop on polling because an open hacking competition yielded no vulnerabilities, it sounds pretty darn safe. Publicizing the vulnerability is still a good thing, maybe someone will be able to come up with a reasonable defense, but it doesn't sound like a showstopper to me.

Re:Honestly

[mariushm]

LCD screens are also sensitive... so I'd say maybe... Monochrome 640x480 LED Matrix and custom video chips.... or "Split-Flap type display" as seen here http://www.salient.com.au/products-splitflap.htm ... maybe some sort of adapted nixie tubes as seen here : http://www.vintagecalculators.com/html/calculator_displays.html#ColdCathode

Re:Honestly

[biryokumaru]

In addition to a Faraday cage as you suggest, the NSA recommends scrambling the least significant bit of the image to increase the difficulty of descrambling.

Re:Honestly

[biryokumaru]

Of course, use LCDs, as the CRT circuitry is the bad one.

Wikipedia would disagree with an annoying PDF.

Re:Honestly

[blueg3]

The NSA Tempest guidelines are probably sufficient.

Of course, the requirements are potentially made weaker by what you're eavesdropping. Tempest is written assuming that eavesdropping is a problem, but that's not true with voting -- it's only a problem if you are then able to associate votes with individuals.

Re:Honestly

Encryption. Same thing as your web browser. Treat the monitor and the PC like Alice and Bob. From the linked Wikipedia source in the article summary [#4]

In both cases, the video cable used to connect the display panel with the
graphics controller turned out to be the primary source of the leaking signal.

Re:Honestly

[digitalchinky]

The reasonable defense is a simple enclosure with a door - line the enclosure and door with tempest. Each voter closes the door while they vote.

Encrypted link back to head office, jobs done.

Re:Honestly

[Nimey]

Low-contrast fonts are probably right out, since you don't want to disenfranchise old folks and others with vision problems.

Re:Honestly

[AnotherBrian]

Split-flap displays make a little click when they change characters. Given some of the known words sequences that will be displayed, variations in the sound of each click, and variations in the timing due to the addressing of the characters, I'm sure complete displays could be reconstructed.

Re:Honestly

[Z00L00K]

Randomize the image for each voting.

This will make it a lot harder to decide the selection for each individual voter since the image will be different for each voter.

So - yes you may be able to recognize that a voted did make a selection but you won't know what the selection really was unless you have some very expensive equipment.

And as a voter I wouldn't be too worried about that kind of eavesdropping. Who besides the authorities would really be interested in the vote of an individual person bad enough to use the Van Eck phreaking method to see which option that was selected? There are easier methods - like hidden cameras.

And also - the Van Eck phreaking method won't impact the actual vote, so you can't change the outcome of the election using that.

Re:Honestly

[Jafafa+Hots]

Exactly. It's pretty safe. This shows that a random citizen is unlikely to give an election to Mickey Mouse on a whim.

Instead it would take someone with significant knowledge and even serious funding to sway an election. Probably not just a someone, but even an organization.

So the only way this could ever effect elections would be if there were an organization or group of conspiring individuals with significant monetary resources - AND for that group of people to feel that swaying an election would be in their interest - AND for that group of people to then be so immoral as to decide to do so.

Clearly such a confluence of conditions is so wildly improbable that we can effectively rule out its possibility.

Re:Honestly

[hazem]

Actually, the same site that PDF came from says the biggest source from LCDs is the video cable, especially if the signal is all digital. This would be an improvement over a CRT because the CRT will shares the video cable problem.

http://www.cl.cam.ac.uk/~mgk25/emsec/softtempest-faq.html
My experience so far has been that with LCDs, the video cable is the most significant source of radiated information leakage. Where an analogue video cable (with 15-pin VGA connector) is used, low-pass filtered fonts have the same benefits as with CRTs. Where a purely digital video cable is used (DVI-D, laptop-internal displays with FPD/LVDS links, etc.) only the last step, namely randomizing the least-significant bits, should be implemented.

Where the video signal is entirely encoded in digital form, the low-pass filtered step will not have the desired effect. In fact, it can actually increase the differences between the signal generated by individual characters, and thereby make automatic radio character recognition more reliable.

I suspect there is already an encrypted standard for digital monitor signals so implementing that, even if you have a leaky connection, should probably thwart most attempts to intercept. Then considering that the video images during voting are fairly static, you could probably set up extra circuitry where you don't have to continually transmit the entire screen ever x times a second, just what changes, and only when it changes. Or you could even transmit parts of the screen out of order.

But just switching to LCD and focusing on securing the connection would be an improvement over CRT.

Re:Honestly

[StarsAreAlsoFire]

a: Visit your local feed store.

b: Buy 100 meters of chicken wire.

c: Wrap voting booths.

I am of course being somewhat sarcastic. But not much. If you ground a wire cage as described you'd be fine. The question I'm hazy about is what frequencies are being scanned. You may need something with a finer mesh than chicken wire. Now that I actually consider it, this might also just reduce the range of the scan, rather than eliminate the possibility. Any EE's care to enlighten?

Re:Honestly

Low-contrast fonts are probably right out, since you don't want to disenfranchise old folks and others with vision problems.

but do we really want their votes to be counted? when you only go outside to vote and yell at kids (damn kids on the lawn!), deciding who makes public policy should be off the table.

Re:Honestly

[Toonol]

Right. Of course these machines are vulnerable to Van Eck phreaking. Pretty much everything with a CRT and a lot of LCDs are vulnerable. That's barely more of a true security flaw than the fact that the machines are vulnerable to hiding a camera in the poling booth.

Re:Honestly

[icebike]

Exactly so.

The equipment to carry out this snooping is easily spotted, and more easily foiled.

With more than one voting station in the room, said eaves dropper could never distinguish one vote from the other, and could certainly not CHANGE the results.

You would be better able to guess how persons voted by the color of their tie. http://www.tie-necktie-video.com/tie-color.html

Re:Honestly

[fgrieu]

> What options do you have to protect your self from Van eck phreaking?

One option to consider seriously is: paper ballot inserted, in a voting booth protected by opaque curtain, into an opaque paper envelope, which is then publicly dropped into a transparent urn, which is left under public view during the voting, and publicly shaked before the counting process.

That's how 90% of the votes are cast in France for decades [the "transparent" bit was added some 45 years ago]. Not only is it secure against Van Eck phreaking before its invention, it has great resilience against many kinds of fraud, and most voters are able to understand and check the process.

You still have to guard against quite a few things, including
* unsuitably opaque envelopes;
* bulletins printed on paper of different color/size/material [even if the envelope is opaque, it is usually not sealed, and sometime some portion of the bulletin (hopefully the back side, if the bulletin is folded) may be glanced at thru the opening; also the weight/stiffness of the bulletin may be revealing]
* hidden cameras in the voting booth; including those built into cellphones held by the voter [because the voter could be trying to prove what (s)he voted [in order to sell her/his vote or avoid retaliation if s/he did not vote as instructed].

Actually, in some locations much closer to you than half the circumference of planet earth, it may happen that voters are threatened to be beaten/killed is they do not vote as instructed; and maybe, on election day, a few of those who voted could be beaten publicly (often: regardless of what they actually voted, or based on their perceived opinion), in order to make the threat credible to those who did not vote yet. In these circumstances, the voters must be able to really trust the secrecy of their vote.

François Grieu

Re:Honestly

How about using a method of voting that is fraud proof, costs almost nothing, and gives instant results at the end of the voting without any need for manual counting?

The Robinson Voting Method.

http://paul-robinson.us/index.php?blog=5&title=the_robinson_method_a_really_simple_way_&more=1&c=1&tb=1&pb=1

Re:Honestly

Farady cage around the screen if it is fine enough then even if the screen is of the touch veriety it should cause no problem
and decent quality screened leads or you could go one better and purposley radiate hi levels of crap at the right frequencys so that any little ouik trying to listen just gets crap i am sure that with a little bit of thought instead of blind panic it can be solved.

Re:Honestly

There are two pictures in wikipedia. I've been voting on these since I was 16, there's no touchscreen, just a grayscale LCD and a numeric keypad with braille marks and aditional keys to confirm, cancel or choose NOTA (none of the above), aka "votar em branco" (in Brazil voting is mandatory).

Re:Honestly

[vhogemann]

Easy...

If he went to the voting place wearing a tie, chances are that he's voting for himself. :-)

Re:Honestly

Dude, you're posting on Slashdot. Most of us don't even go outside to vote, and don't care if there are kids on our parents' lawn.

Re:Honestly

[ThePhilips]

Reading through the comments, it stroke me the same. Van Eck phreaking can't be a problem because it provides literally the same information as exit polls.

... it's only a problem if you are then able to associate votes with individuals.

What again is not a problem if one votes in densely populated area: emission from many voting machines would mix making it hard to differentiate a vote on a single machine.

It might be the problem with VIPs. But for the case one can really go extra mile and install proper shielding.

Re:Honestly

[ThePhilips]

emission from many voting machines would mix making it hard to differentiate a vote on a single machine.

Stupid idea #523: equip the voting machine with say two extra displays on the back and make them show some obfuscation video sequence so that it would be hard (if feasible at all) to tell what the hell is going on on the first main screen.

Re:Honestly

[RiotingPacifist]

If i read the article correctly he is Van ecking the keyboard, so randomizing the button->candidate mapping should be enough. However for Van ecking you build a Faraday cage around the device (a pita that may not be possible for voting booths you need to get in/out of), or use active electronic countermeasures, this is not 100% safe, as your basically engaging in a race of creating random noise, vs filtering it, but that is a race that the jammers can generally win so 99.999%, in addition as the detectors will have to use antennas of a certain length, it may be possible to use scanners to detect listening devices (that is a race you probably can't win, but it may be enough to scare people away from trying to do this for real.

Re:Honestly

[ThePhilips]

some obfuscation video sequence

Or better yet the voting machine might emulate on the auxiliary displays the process of user voting for a random option.

Even if information can be still gathered, it would be heavily watered down by the fake voting information from the extra displays.

Re:Honestly

[nstlgc]

You mean Republicans?

Re:Honestly

[mspohr]

You could also view votes with a video camera in the ceiling and it would also give you a picture of the top of the person's head to help with identification. This would also work to reveal paper ballots as well as electronic machines. Think of the children! You could also ask people how they voted when they left the polling place and most people would just tell you! Some would lie but only because you were ugly. In other news, most people don't vote; those who do vote are uninformed; and the only votes that really count is the money that comes from corporations. I know it's Sunday but it's raining here and I don't have anything better to do than read this drivel.

(Note to moderators... I'm going for funny here but feel free to mark as 'stupid'.)

Re:Honestly

[sjames]

Good pictures. It looks like a newer version could be made to limit the emissions quite nicely. It might also be possible to retrofit the existing machines with shielding including a false front to extend the keypad buttons (but not the switches) through the shield.

At the busiest polling places it probably wouldn't be as much problem as many people would be using many identical machines at once. It would be hard to know who did what.

A tone generator connected to a transmitter might be able to simply jam the signals as well saving a redesign.

Re:Honestly

[NickFortune]

The equipment to carry out this snooping is easily spotted, and more easily foiled.

mmm... let's not rely on that. More sophisticated and less bulk solutions may arise in the future, and with the potential to tamper with the electoral process, it's possible we might see some serious effort going into creating such solutions.

and could certainly not CHANGE the results.

The concern is that you wouldn't need to change anything. "Vote for me or I break your legs. I will know how you vote."

Re:Honestly

[PopeRatzo]

What options do you have to protect your self from Van eck phreaking?

As far as elections go, the best protection against Van eck phreaking is the paper ballot.

When you have poll-workers from each political party and lots of poll-watchers, it provides fair elections and really scales very well. The only thing that scales well when you have electronic voting is the ability to perpetrate fraud.

Re:Honestly

[greyc]

hidden cameras in the voting booth; including those built into cellphones held by the voter [because the voter could be trying to prove what (s)he voted [in order to sell her/his vote or avoid retaliation if s/he did not vote as instructed].

Trivial to fix: Hand out as many ballots to each voter as they ask for, but only allow them to drop one envelope into the urn. They can make as many fake votes as they want, and photograph them however they like, but there's no way for them to prove they really dropped whatever they photographed into the urn, as opposed to throwing it away and filling out another ballot with their real vote.

Re:Honestly

[robbak]

I did not say that it was not an issue with LCDs: There is obviously the data cable and data handling circuitry to consider. But it is a much greater issue with CRTs: literally, all you need is a VHF arial, feed the signal into a CRT, and tweak until you have a readable image.
With LCDs, if you can catch the digital signal, you can recover the data. But the signal is weaker (10s of volts, not thousands!), and higher frequency, so you need to be closer. The problem can be eliminated if you implement encryption over that digital link.

So, yes, still an issue that needs handling with LCDs, but not as intractable.

Re:Honestly

That is a terrible idea.

Re:Honestly

[CharlieG]

Of course, there is the whole "If someone is going to that point, is it really worth the worry, or do we have more imprtant things to worry about?" (like someone sticking a hidden camera watching the screen)

Re:Honestly

That is about the least interesting link I've had the misfortune of clicking.

Re:Honestly

[plover]

If you take a look at Ross Anderson's work in this area, you'll see that the picture quality on a Van Eck rig can range from almost static to highly legible black and white imagery. I'm sure it's installation dependent among other factors, but it can be very readable. Remember that it doesn't have to be machine readable, either. When you're talking about elections you're talking about a kiloton of money, which can likely buy a whole lot of people to sit there and watch the screens with their eyes.

Remember the reason for secret ballots is fraud prevention, to prevent you from being coerced or bribed into voting a certain way. Eavesdropping isn't about seeing how "J. Random Citizen" voted -- that's an exit poll. Eavesdropping is about the third-party verification of a paid vote, or verification of a vote cast under duress. If I am offering $10 to anyone who votes for Candidate Johnson, you could take the money and still vote for Candidate Olson because I have no way of knowing how you voted. But if I have a Van Eck receiver, I can say "I'll watch how you vote. On the first screen, change back and forth from Johnson to Olson three times. That way I know it's you. Then, if I see you vote for Candidate Johnson, I'll pay you $10 when you get out." An ineffective bribe has become an effective bribe if I can verify how you voted. Similarly, if I belong to Thugs Unlimited, I can threaten you with harm if you fail to vote how I ordered you to vote.

Also, consider that an eavesdropper could be a "part of the system". I could offer my business' conference room as a polling place, and install the Van Eck receivers in the next room over, or in the attic or basement. I could volunteer as an election judge, or just sit in a van in the parking lot.

Re:Honestly

[obdulio1950]

The first time that this machines were used in nationwide in a presidential election, Fernando Cardozo was the president and the election was won by Lula da Silva, who was the opposition candidate. So if the government that put this system in place lost the election, it means that it is pretty safe.

Re:Honestly

[petermgreen]

I suspect there is already an encrypted standard for digital monitor signals
The paper that the GP linked suggests using HDCP.

Re:Honestly

[petermgreen]

someone else linked http://www.cl.cam.ac.uk/~mgk25/pet2004-fpd.pdf which gives some countermeasures.

In summary firsly use a LCD screen, this pretty much eliminates emmisions from the display itself but the link to the display is still be an issue. Countermeasures against link snooping can include messing with foreground and background colours, adding noise or best of all using an encrypted (e.g. HDCP) digital link.

Re:Honestly

[Xest]

I'm not sure if your post was sarcasm and it whooshed over the head of the rest of Slashdot or if you're serious.

The KGB (now FSB) took Russia, the Republicans took the US, Ahmadinejad took Iran, Karzai has taken Afghanistan and so on all without winning the elections through fair process.

Unfortunately election fraud by organised groups happens far too often, even in nations where it really shouldn't because they're supposed to be role models (i.e. the US). I'm hoping then that your post was rather subtle sarcasm!

Re:Honestly

[Jafafa+Hots]

I didn't think it was particularly subtle. ;)

Re:Honestly

[Xest]

Well neither did I until I read everyone elses responses which made me second guess my judgement!

Whew, that was a close one...

[robwgibbons]

"Listening in" and actually breaking the security of the machine are two entirely different things. What's the most someone could do with this exploit? Basically it just allows for a more accurate exit-poll. As far as I see it, the machine's security has still yet to be bested.

Re:Whew, that was a close one...

Cut the power lines to any polling stations that aren't going in favor of your candidate. Or stage a fight outside, forcing police to intervene (and keeping the polling station closed for an hour or two). The line gets longer and longer, people are getting hot and tired, eventually they'll start going home. No fancy super-duper-20-foot-hacking skills needed.

Re:Whew, that was a close one...

[Animaether]

What's the most someone could do with this exploit? Basically it just allows for a more accurate exit-poll.

Basically.. all of the reasons you want voting to be done anonymously apply here.

If you can couple the emissions at the location of the machine with the emissions from a particular user - say, their mobile phone's signature - then you can go back to forcing people to vote for X and make sure that they do, roughing them up as an example to the others you told to vote for X if you detected a vote for Y instead, without a need to plant something on them or leaving any trace.

In theory, anyway.

Re:Whew, that was a close one...

[Vellmont]

What's the most someone could do with this exploit?

Uhh.. find out who someone voted for? All you need is two people, one in the polling place and someone else with one of these devices. If I really have to try to convince you of the value of secret votes, I give up.

Re:Whew, that was a close one...

exactly, this is hardly news and besides shouldn't they point out that ALL e-voting machines are subject to this very same exploit? (unless they have proven they cannot be of course!)

Re:Whew, that was a close one...

[coppro]

The issue is one of anonymity. Someone could (comparatively) easily phreak a machine when a specific person walks into the polling booth so that they could determine that person's vote. The integrity of the results is not compromised, however; there is no threat of vote-stuffing or fraud.

Re:Whew, that was a close one...

1 - The machines have batteries.

2 - In Brazil, voting is mandatory, so no one is going home just because of the line. There is almost always a huge line.

Not saying that there is no scenario to disrupt the election. But not these two.

And also, to do something like you say, one would need to "listen" to many machines and to disrupt several that are not in your favour. It would be pretty difficult to hide.

I guess the most "promising" way of tampering with the elections would be trying to mess with the final counting - when they total all the polling stations.

Re:Whew, that was a close one...

[MichaelSmith]

Use it as feedback to calibrate a separate vote rigging operation. If your guy wins by 20% an investigation may be triggered. If he wins by 2% you may be in the clear. So how do you gauge the real vote, while there is still time to cast face votes?

Re:Whew, that was a close one...

[orkysoft]

Yes there is. Once you can find out what specific people are voting, you can threaten them to vote for your candidate, "or else", and know exactly who gets to have an "unfortunate accident".

Re:Whew, that was a close one...

[acheron12]

You don't need Van Eck phreaking for that. Mugabe reportedly cooked the Zimbabwean election by closing polling stations early in areas known to support his rivals. Seemed to work well enough for him - and that was traditional paper ballot voting fraud, no voting machines required.

Re:Whew, that was a close one...

[hrimhari]

I remain skeptical. There are frequently dozens of people waiting to cast their vote in the room where the machine is and a dozens of rooms in schools that serve as election posts. I can't think of a way to filter one machine from another then match a vote caught with that technique with a person. Worse if you have to record and decode it afterwards.

Re:Whew, that was a close one...

[AK+Marc]

If I really have to try to convince you of the value of secret votes, I give up.

I guess I'm broken. I'd rather have my open vote count, than my private vote lost. Currently, we only get the latter.

Re:Whew, that was a close one...

[Sique]

As someone who grew up in a country, where "Open Voting" was the norm and using the voting cabin was being frowned upon I tell you: You have no clue.

Re:Whew, that was a close one...

I guess you're the one who has no clue. As you never lived in a country where voting for the "wrong" person could get you killed.
And you can't imagine that this is not even the only example of why secret voting is good.

Re:Whew, that was a close one...

[Yvanhoe]

As long as you didn't vote unamericanly I guess you don't have to worry...

Re:Whew, that was a close one...

[Sique]

You are barking up the wrong tree. I am all for secret voting. It was the grand parent who was saying:

I guess I'm broken. I'd rather have my open vote count, than my private vote lost.

There is no point in counting open votes, because they have no value at all. If you run into troubles for not voting publicly, this is equivalent to running into trouble for voting for the wrong person.

Re:Whew, that was a close one...

[vakuona]

Seriously I agree with this fellow. In most countries, secret ballot was/is useful because people could be persecuted by the government for voting for the other fellow. If open voting is the norm, where there is a running total on the screen, and at the end of the day, all we do is total the running scores, then we have security by openness. You would actually have the public checking, millions of time as their votes are cast, that nothing strange was happening with their votes. Of course, this requires that people voting choices be respected, which is something law enforcement can probably guarante nowadays.

Re:Whew, that was a close one...

[johno.ie]

Well, good old fashioned paper ballots can be eavesdropped by using hidden wireless cameras.
I doubt there is any voting system that can't be compromised in some way.

Re:Whew, that was a close one...

[cristianok]

I guess the most "promising" way of tampering with the elections would be trying to mess with the final counting - when they total all the polling stations.

After the last voting, the machine prints a summary with the number of votes of each candidate. The printed list then is fixed outside the voting area to the public. The parties have people to inform the votes of each machine to their central. So, even before the final count is finished, the candidates know how many votes they have.

Re:Whew, that was a close one...

Oops, my bad. Yep, I've replied to the wrong post. :-/

Re:Whew, that was a close one...

[AK+Marc]

I find your comment valueless without the country. The USA had open voting for around 100 years with fewer problems than secret voting. It only ended because of the Civil War and politics of hate that followed (and some still aren't over, but they are considered fringe now). The introduction of secret balloting increased the fraud rate greatly, with the number of voters exceeding the registered voters, whole cemetaries that came out to vote, and such.

Did you move from the country with open ballots? Why? I ask because I'm curious by the wording of "grew up in" indicates you aren't there now, and that you aren't indicates you liked some place better (or were moved against your will). Since I'd guess you moved on your own, probably at great expense and trouble, do you think that the open system caused those problems you left, or was it something that a place with troubles would gravitate towards because of the ease of open abuse of the system? And you think that the country you moved from has a system that is directly equatable to the USA?

Re:Whew, that was a close one...

[AK+Marc]

Wait, your argument is "because it could be bad sometimes, it should never be done, even if it is good in some cases"? Apparently, there is a distinction between the countries where voting for the wrong person gets you killed or not. And that it's bad in one means it's bad in the other, even though the value in the other is never addressed?

Or are you stating that if the USA adopts open ballots, then there will be hits on anyone in Chicago that votes Republican and anyone in San Francisco that votes Democratic?

Honestly, I can't understand how you can take the worst of one and compare it to the best of the other with a clear conscience. We could say the same things about secret ballots, because plenty of places with those just replace the ballots when no one is looking and fix elections. But at least the voters get to pretend to have a say, so it's better than the corrupt open systems where they have their vote stolen before they cast it, not after?

Re:Whew, that was a close one...

[synthespian]

What's the most someone could do with this exploit?

A little context is needed in order to further explore this point. Brazil is a huge country, of continental dimensions. Voting is a mandatory civic duty (except for older citizens). In the remote and impoverished areas, intimidating voters or buying votes was a common, widespread practice, constituting what is termed an "electoral corral", that helped maintain veritable "political dynasties" in these areas for decades. One of the selling points of electronic voting was being tamper-proof, reducing the probability of fraud. There are myriad ways to make the political scale tip to the wrong side, the side that represents not what the people want, but what the-powers-that-be command...Remember the "pregnant chads" issue in Florida?

It's easy to imagine setting up electronic gadgets in these very remote, impoverished and forsaken little towns in Brazil, in order to verify that the voter indeed kept his/her word when he "sold" his/her vote or to enhance intimidation or voter harassment, all under the unknowing eyes of the Electoral Justice officer (in Brazil, there's a branch of the Judiciary specifically to take care of electoral issues, such as enforcing legislation, etc.).

Besides, one of the pillars of democracies is having the right to vote and this right must be protected from prying eyes of the State (and by extension, the ruling political party), lest the voting process becomes thwarted and non-representative of the will of the people, as well as to avoid political persecution of those who dared to vote for an opposing party. This is so in any country that has a serious voting process and now, you, noble tech nerd and Slashdot reader, knows why this is so.

Re:Whew, that was a close one...

one of the pillars of democracies is having the right to vote and this right must be protected from prying eyes of the State (and by extension, the ruling political party),

Nope. Only the latter is a "pillar of democracy." "The State" will always be in power, as long as its operations continue uninterrupted. "The State" does not need elections fraud, because "the State" is made up of millions of non-partisan civil servants with more job security than most college professors.

The problem is with people who would use the power of the State to stay in power.

This might seem like I am picking nits, but it is important. We live in a republic and have the rule of law.

Physical Security

[tetsukaze]

So the cheap devices he used only worked inches away. A more powerful device might work up to 20 meters away. Now, I assume a more powerful antennae is going to mean a bigger one. Isn't this going to stand out? I would hope that there is someone in charge that would notice a foot long antennae being pointed at voting areas. You can secure the machine itself, but if you don't have real people doing their part, it doesn't matter how secure your voting machine is.

Re:Physical Security

[Sarten-X]

If an attacker were able to access the voting location enough to install an unnoticeable antenna, I'd be more concerned with small cameras. Even a large antenna in a nearby building would require somebody watching to see who was using which voting machine, in order to pose any real threat.

Re:Physical Security

Outside Broadcast Van - just pretend to be from the local TV-station.

I'm still not even at this step yet

[Opportunist]

I'm not yet at "how do we get e-voting secure?". I'm still puzzled by the question "why the f. do we need it?"

Re:I'm still not even at this step yet

[AHuxley]

Would you like supporters of 'the major', beef/soy barons and priests 'transporting' your vote over a few days?
In some parts of the world they do learn about democracy after right-wing military dictatorships.
In others they just trust election solutions provided by an ATM maker.
When their boss is exposed on wikipedia, they go back in using the company IP's and try to "Soviet" out the references to the CEO's fund-raising.

Re:I'm still not even at this step yet

[Volante3192]

Easier for the disabled. Easier to support multiple languages. Easier to have duplicate copies so you can't be surprised and "find" a box of ballots in a warehouse later. Less ambiguity in regards to intention (see Minnesota's Senate race.)

Re:I'm still not even at this step yet

[phantomfive]

Because it's more convenient and the count should be more reliable. If it's secure, that should be enough.

Re:I'm still not even at this step yet

[Onymous+Coward]

Among the others, enabling a non-FPTP system.

If anyone isn't aware of how FPTP has hosed democracy, they should start here.

The primary concern I recognize is that FPTP collapses your system into a two-party system and makes third parties non-viable. Just try voting for Nader or Kucinich.

Re:I'm still not even at this step yet

[Sique]

You don't need electronic voting to establish a non-FPTP system. Non-FPTP works fine in european states with paper and pencil voting.

Re:I'm still not even at this step yet

[cristianok]

It saves a lot of time. In Brazil, the election results are known in the evening of the election day.

Re:I'm still not even at this step yet

[Onymous+Coward]

I could be wrong, then. Tell me more about preferential voting and paper ballots that you're familiar with?

Re:I'm still not even at this step yet

[Opportunist]

Easier for the disabled.

There are masks with braille that work pretty well. I have a friend who is blind and can vote just fine.

Easier to support multiple languages.

Last time I checked the US had their official language English. Learn it or don't vote. Also, I can't see what's so difficult about learning the name of your prefered party/candidate well enough if you utterly refuse to learn English and don't use a latin alphabet.

Easier to have duplicate copies so you can't be surprised and "find" a box of ballots in a warehouse later.

Oddly, this problem never occured in my country. Need some election monitors? If not, get your act together!

Less ambiguity in regards to intention (see Minnesota's Senate race.)

Elaborate please, I don't follow local elections in foreign countries.

Re:I'm still not even at this step yet

[Opportunist]

Most European countries I know accomplish the same feat with P&P voting.

Re:I'm still not even at this step yet

[miro+f]

in Australia we number the candidates from 1 to x (where x is the number of candidates). The ballot papers are then counted manually into piles, and then once they've all been counted the smallest pile is broken up and split amongst the remaining piles, until someone has the majority.

Re:I'm still not even at this step yet

[Volante3192]

There are masks with braille that work pretty well. I have a friend who is blind and can vote just fine.

But those have to be specially made, and with ballots ranging from Federal, to State, to County to City elections, that takes time to translate and print. Plus, what if you run out or they get lost?

Note, I simply said easier. I find voting easy to begin with, but there's plenty of people who don't understand "Only fill the circle of the candidate you want elected" (more on this later.)

Last time I checked the US had their official language English.

Officially, federally, the US does NOT have an official language. In fact, it becomes a powderkeg of controversy every time someone in Congress hints at it. It varies at the state-to-state level as well. Some have official languages, others don't.

Oddly, this problem (lost ballot boxes) never occured in my country.

Never occured or was never an issue? These crop up during close races and recounts regularly, but never for sure-thing races.

And here's the infamous Minnesota junk. When ballots get challenged, it's up to the courts to decide how someone intended to vote.

http://minnesota.publicradio.org/features/2008/11/19_challenged_ballots/

On a personal level, I'd say if someone can't be arsed enough to follow instructions and it's ambiguous in the slightest way, trash it. (If the scanner just fails to read an otherwise flawlessly filled out ballot, those are accepted. Arrows, Xs, comments, those result in a destroyed ballot.) That's not how things work though.

Re:I'm still not even at this step yet

[Onymous+Coward]

Thanks for sharing. IRV is actually a pretty good system... in that it's better than plurality. In comparison, it could be better. Maybe there are manual count methods for better systems?

I have to say I'm still not entirely sure on the matter of electronic voting v. manual voting. I think most people who have strong opinions are basing them on too few criteria.

Re:I'm still not even at this step yet

[cynyr]

On a personal level, I'd say if someone can't be arsed enough to follow instructions and it's ambiguous in the slightest way, trash it. (If the scanner just fails to read an otherwise flawlessly filled out ballot, those are accepted. Arrows, Xs, comments, those result in a destroyed ballot.) That's not how things work though.

I am interested in what you say. Do you have a newsletter? :)
I agree, mostly, at the same time there would then need to be lengthy tests with the ballots to make sure they were really easy to follow, and not just by the guy who laid them out.

Re:I'm still not even at this step yet

[Opportunist]

but there's plenty of people who don't understand "Only fill the circle of the candidate you want elected" (more on this later.)

Then they're too stupid to vote. The system works, if you ask me...

E-paper

[MDMurphy]

Besides all the shielding options, perhaps this is a good use for E-paper displays? The persistent nature of the display would minimize the constant refreshing. The slow screen response would be unlikely to be an issue with a ballot.

Re:E-paper

[beej]

mod parent up

Re:E-paper

Yep. My idea as soon as I saw this article. You beat me to it.

Anyone got a technical reason why this wouldn't work? Has anyone looked at Van Eck phreaking on e-Ink?

This happened with the Dutch in 2006

[JoshuaZ]

As discussed here in 2006, the Dutch had to modify their voting machines back in 2006 due to exactly this sort of attack. http://politics.slashdot.org/article.pl?sid=06/10/14/1641239

Re:This happened with the Dutch in 2006

[RAMMS+EIN]

That's only part of the story.

The voting machines were vulnerable to more than just eavesdropping, although eavesdropping was the official story from the government and also what most of the press was about.

However, the voting machines have since been banned. The latest elections were held with paper and pencil. It's good that way.

Now if people would only understand this ...

Re:This happened with the Dutch in 2006

In most countries in the world, paper voting (although not impossible, of course) is troublesome and, consequently, prone to "errors" and rigging during collect and transportation of the votes.

Remember, for instance, that in countries the size of Brazil and India it is much more complicated to count the votes of the population than in a country like The Netherlands or most US states.

For example, India has a population of more then 1.2 billion people. The whole European Union only has little less than 500 million people. Germany, it's biggest country only has about 80 million. In the US, the most populous state (California) only has 36.7 million.

Also, India and Brazil have lots of remote places. In Brazil, its two biggest states (Amazonas and Para) each come close to the size of Alaska (~17% of the US area, which is almost 3 times the size of Texas). Amazonas state (~92% of the area of Alaska) has many places only reachable by boat or helicopter, and it takes days to get there by boat.

Just to illustrate: Alaska has more concentrated population with a lower overall density (about 680k people, density 0.4/km2); while Amazonas has more than 3.5 million people (density 5 times the one of Alaska) with its population more spread through its area. Para is more than twice the size of Texas, and has 7 million people spread on this area.

Another big issue that favours e-voting is language. India alone has 29 languages natively spoken by more than one million people each. Even if only from a logistics point of view, e-voting is fully justified.

Of course these are only two countries, but most of the same rationale applies to Indonesia, or many other nations (specially developing ones).

Re:This happened with the Dutch in 2006

[pv2b]

You seem to think that paper voting systems by neccessity depend on transporting all the ballots to a central location, where they'll be counted.

This is how paper voting works in Sweden.

To summarize and simplify:

• On election night, the ballots are hand-counted by election officials at every polling station. Results are phoned in to the authorities and tallied, and made available to the general public. (Basically an entire database dump of vote tallies in every district is made available as an XML over the Internet. Pretty cool.)
• Afterwards, ballot boxes are sealed and sent to the local county to be counted again.

• It goes without saying that Sweden is not directly comparable to Brazil, but consider this for a moment. It doesn't require all ballots to be hand-delivered to a central location where they will be counted - it's scalable. And no less secure than electronic voting. Probably just as secure technically, and more secure in practice, because it's easier to see when funny stuff happens to ballots in boxes than when bits are flipped.

Cryptonomicon

[MichaelSmith]

What options do you have to protect your self from Van eck phreaking? Lead casing? Foil voting boxes?

Honest replies welcome.

Put rubbish on the screen and send all your actual output through the caps lock LED with xled.

Not very useful outside in the real world, I know.

It could be big...

[JazzyMusicMan]

If we could somehow reach a level where e-voting was secure, think of the possibilities. The people might actually be heard! Now whether you think that is a good thing or not, I leave as an exercise for the reader. But what I'm trying to say is, imagine voting from your home computer on issues that matter to you. No longer will your representatives be able to hand wave about what their constituency wants, heck, you might not even need representatives.

Re:It could be big...

[nietsch]

You just overlooked one small issue: voter turnout is already a problem in most democracies, as it is somewhat boring to vote for things your are not that interested in. If there were more elections, you would have to vote each week. Nobody is going to keep doing that, as most people do not see it as their job, and it is a process with very little positive feedback. So only the zealots and paid shills will remain, thus making your country run by big money and zealots with a nutty agenda. Not unlike the US is run now, actually.

Radiation limitation through verse

At last, an excuse to use "election day" and "Faraday" in a rhyming couplet!

lol

I know a cheaper way. Install a frigging video camera, because then you can at least also see who went into the voting booth to vote against your favorite presidente.

Broken "secrecy"

[doug141]

Perhaps you read too quickly. "Secrecy," not "security." There are plenty of responses explaining the importance of secret ballots.

Van Eck Phreacking will always exist

[cpscotti]

Ok.. this is been around for a while and in fact could even work for paper voting...
I'm sure someone could use strategically disposed microphones to detect the position of the "X" on the paper..
Until someone starts changing the results of elections (which will always be possible given "the right" flapping of a butterfly's wings) I won't be bothered. If your country really is free (something that Brazil is good at) there is no problem telling everybody who you voted on..
Vote's anonymity only makes it easier to fake elections.

Re:Van Eck Phreacking will always exist

[Frankie70]

If your country really is free (something that Brazil is good at) there is no problem telling everybody who you voted on..
Vote's anonymity only makes it easier to fake elections.

Don't be silly.
Secret ballot is one of the cornerstones of democracy.

In a secret ballot, you don't get bribed to vote for a particular person because you can
always say you voted for him while voting for him.
Likewise, about getting pressured about voting for someone.

Re:Van Eck Phreacking will always exist

[Frankie70]

In a secret ballot, you don't get bribed to vote for a particular person because you can
always say you voted for him while voting for him .
Likewise, about getting pressured about voting for someone.

Meant to write - "while voting for someone else".

Re:Van Eck Phreacking will always exist

My father tells a story from WWII (this apparently happened in the quite small town that he grew up in). It seems that a soldier serving overseas had told his wife who to vote for. She apparently wrote back to her husband and assured him that she would vote for the candidate that he had asked/told her to vote for. The only problem was that when the votes were counted at the polling station that she voted at, her husband's candidate received zero votes. Oops!

Re:Van Eck Phreacking will always exist

[Onymous+Coward]

Vote coercion can't happen on effective scales.

How much cost and danger is involved with coercing a single vote?

Re:Van Eck Phreacking will always exist

[s52d]

Don't be silly.
Secret ballot is one of the cornerstones of democracy.

In a secret ballot, you don't get bribed to vote for a particular person because you can
always say you voted for him while voting for him.

That is exactly why mobiles with camera are not allowed while voting.
When bribed, you have to show a picture how you voted, or send MMS, to provide proof of your voting.

While it is possible to make your vote invalid afterwards, for most people this is quite effective.

Re:Van Eck Phreacking will always exist

[cpscotti]

There is no "REAL" anonymous vote since the sums of votes in a voting station is publicly available...
You bribe half city; then check (on the publicly available channels) how many votes you got there... if you got less than expected... someone cheated and you "don't pay".

If your idea is not to bribe a huge amount of persons we don't care.

Bribe is another problem.. and can't really be solved by the voting machine itself.

Re:Van Eck Phreacking will always exist

Being a Brazilian myself (but luckily relocated to Canada) I have to disagree with your "really free country" statement.

Brazil has a long history of abuse of power called voto de cabresto[1] and coronelismo [2] and although history books are willing to dismiss that as something from the past, it's still a common practice [3].

Of course, it's much more common just to give the voter a pair of shoes and a bag of potatoes in exchanges for his/her vote but the ones who may try to resist to such control maybe threatened to obey, since they vote is not really secret.

[1] http://www.tse.jus.br/internet/institucional/glossario-eleitoral/termos/voto_cabresto.htm
[2] http://pt.wikipedia.org/wiki/Coronelismo
[3] http://educacao.uol.com.br/atualidades/voto-de-cabresto.jhtm

Re:Van Eck Phreacking will always exist

you haven't been outside of the west, have you?

Re:Van Eck Phreacking will always exist

In most countries in the world, not much cost and not much danger for the one coercing. For the coerced, a lot of danger.

You can look at some examples in Africa where people got heir hands chopped off for voting for the wrong candidate in many many elections in different countries. More recently, look at Afghanistan.

Regarding cost. When people are starving, practically anything will get them to vote for you. Same for very poor people. I've personally seen people go vote for a candidate because he gave them a pair of sandals.

But, ok, remain in your dream world where everywhere it's an effective democracy with no corruption; and nobody is harassed or even called "un-patriotic" for disagreeing with the ones in power.

Re:Van Eck Phreacking will always exist

I'm living in Brazil now for some 28 years. Even though I agree with you that this kind of crap (both forms) still happens too much. It's nowhere as common as it used to be. Both from what I've read and from what I've seen and heard from people (in the northeast countryside).

At least since the end of the dictatorship in the 80s, yes, Brazil has been a pretty free place. And from what I've witnessed, its democracy has progressed by leaps. Except for big media, that tries to swing voters the way they want - and throw hissy fits when they don't manage to, I don't have major complaints about democratic freedom.

Still a lot of corruption and crime (especially crime; and especially in major cities like Rio de Janeiro, Recife, and Sao Paulo) to get rid off, though.

Re:Van Eck Phreacking will always exist

Hum, buying a vote is quite cheap in Brazil. At least in some areas where 5 bucks or a t-shirt should get you one vote.

Re:Van Eck Phreacking will always exist

[TheLink]

The people who think that secrecy matters so much are the ones living in a dream world.

In many of those countries, the secrecy of your vote hardly matters anyway. After all, they've already done most of the voting for you.

You might even get your hands chopped off for just daring to show up to vote.

In places where you can have voter intimidation without the police stepping in (or the police being the culprits), secrecy of your vote is not much of a concern.

And in some countries the voting system is so fast and efficient that everyone knows the results before they vote.

That's the reality.

As for nonintimidation cases - e.g. selling their votes, if someone wants to sell their vote for USD5, so what? Willing buyer, willing seller.

A far bigger problem is gerrymandering. That's what makes buying and selling of votes and other tricks viable - if you can make 1000 votes count more than 100,000 votes, then it's cost effective to buy those 1000 voters. Make 1000 voters happy instead of the other 100,000 voters.

Then there's the postal votes stuff. In many countries it's probably easier to just cheat via the postal votes.

Re:Van Eck Phreacking will always exist

There's a long history of vote coercion in the US. Business owners would have representatives watching the polling places, back when voting was putting a colored piece of paper in a box, and before the election simply threaten to fire those who voted for the "wrong" party. Secret ballots allowed the rise of worker protections that otherwise would have been voted down (unwillingly) by the very workers they benefited.

Re:Van Eck Phreacking will always exist

[m.ducharme]

So her husband's candidate didn't vote for himself? Was he running against a Bush?

Re:Van Eck Phreacking will always exist

[Onymous+Coward]

Maybe a long and ancient history.

But, yeah, I am referring to the difficulty in the US specifically.

Tell me, how would you, today, go about coercing votes in any practical way?

Re:Van Eck Phreacking will always exist

In my blog I raised this issue two years ago:

http://jeanmartina.blogspot.com/2007/11/how-to-cheat-in-brazilian-elections.html

Coercion is scalable up to an extent, specially on remote isolated cities like Brazil has.

No technology will prevent that

[lwoggardner]

Not to say that secrecy isn't important, but once it requires a certain level of technology to eavesdrop then surely you just pick some random people and rough them up anyway telling the people you are intimidating that you have this "magic" eavesdropping technology.

Re:No technology will prevent that

Let's get serious. In any country where an election is supposed to be fair then intimidation of voters would be immediately reported. In order to significantly change results it would have to be widespread in properly democratic countries (so not the USA, but most other countries). It would be far easier and there would be much less of a chance of detection to brainwash (or intimidate) engineers working at the results tallying centre and those involved with ensuring the results were fair. But there is a far easier method still - you just do some racial/social profiling and remove the people who will vote for your opposition from the electoral role. This has been used successfully in the US on many occasions to win elections, and it doesn't matter whether you use paper or digital voting methods.

Re:No technology will prevent that

[hrimhari]

And you can do that regardless of votes being cast on paper or with a machine.

Re:No technology will prevent that

[miro+f]

in some countries voting is compulsory, so you can't stop people voting.

the preferred solution is to adjust the boundaries of the voting district and move people who typically vote for your opposition from marginal seats to safe seats, and vice versa.

Fonts where?

[argent]

The anti-TEMPEST fonts seem to have been withdrawn:

Q: Where can I download low-pass filtered Soft Tempest fonts

Unfortunately, the existing font display mechanics in operating systems does not make it possible to implement this protection technique simply by installing a new font file.

For this reason, I am not providing any filtered font files.

Re:Fonts where?

[mrmeval]

My bad I'd assumed they were available but it seems they improved the attack enough to render them useless.

It was not the best solution and now that DSP and FPGA solutions have improved so much since I read that article you're left with doing the full Tempest hardening solution. I did not clue into the current state of the art as fast as I should have when I wrote that post.

A Van Eck setup that would have cost millions when that paper was written is now within the reach of some hobbyists and blackhats.

I am so out of touch.

Re:Fonts where?

[argent]

You could run all your text through a CAPTCHA filter. :)

Re:Fonts where?

[mrmeval]

It'd be nice if it could be made to work. The font had two images. One human eyes would see and one the Van Eck freak would see. I read some more and because technology has advanced dramatically and font technology does not allow real time animations that don't bother the user but do bother the Van Eck freak the authors dispensed with that line of protection.

You are all thinking way too hard about this

[Spazed]

Van Eck according to wikipedia: "Van Eck phreaking is the process of eavesdropping on the contents of a CRT and LCD display by detecting its electromagnetic emissions" So basically screen looking on Halo is Van Eck Phreaking. You are all doing it as you read this comment unless you printed it out.

As a person in the infosec field

[seifried]

This is why I love the Canadian method: paper with circles, make an "X" in the circle you want, fold the paper and put it in the ballot box. Good luck hacking that on a large scale (what with scrutineers from multiple parties watching the election and the count and each other, plus the people there as independent scrutineers watching everyone else), and monitoring it (little cardboard voting booth on a table, voila, privacy. The only argument I could imagine is finger prints on the ballots, but you can wear gloves if you want.

Re:As a person in the infosec field

[Urkki]

This is why I love the Canadian method: paper with circles, make an "X" in the circle you want, fold the paper and put it in the ballot box.

Yes, except I personally think that having to write a number is better. If somebody is unable to do that, it's probably for the better... (blind and other disabled people need an assistant anyway).

Re:As a person in the infosec field

[paul08]

Ah just like the Zimbabwean system works fine until you beat up the people counting the bits of paper.

Re:As a person in the infosec field

Sorry to piss on your cereal, but paper ballots can be pretty uniquely identified:

http://www.freedom-to-tinker.com/blog/felten/fingerprinting-blank-paper-using-commodity-scanners

Re:As a person in the infosec field

[bruno.fatia]

You should consider that Brazil has almost 6 times the canadian population (180 million for Brazil and 30 for Canada) and that these voting machines have decreased the time it takes to display results greatly. We have results with 90%+ machines accounted in less than 12 hours. So far this hack has been the most significant issue and it can be prevented now that the information is public.

Dumb question...

[EricX2]

Why does the electronic voting machine have to be a touch screen? Why not a list of the options with buttons with an LED in them that light up when you press the button? The list could be on a separate display next to the buttons but nothing changes therefore the 'van eck phreaker' would only get the data on the screen, not the option picked... but I have no knowledge of this sort of stuff.

Maybe some places do that, but where I live we do vote by mail.

Re:Dumb question...

[StickyWidget]

Because people are stupid.

~Sticky

Re:Dumb question...

[dlgeek]

North Carolina used to use a system like that, a long time ago. (I remember my parents taking me with them when they voted, I got to help my mom submit her ballot, it must have been back in '96). However, the main draw of e-voting is accessibility: the ability to have high contrast and/or large size fonts, computer reading the ballot out loud, etc. This isn't possible with the equipment you describe.

Re:Dumb question...

[C0vardeAn0nim0]

because here in brasil we don't have voting districts, so in state and federal elections, a candidate from santos (a sea-side city in sao paulo state, some 80 km east of the state capital) can receive votes from people in ribeirão preto (a city 400 km west of the capital). this makes the candidate lists for federal and state deputies something in the thousands.

our voting system uses numbers. each party is assigned a number (ex. PP=11, PDT=12, PT=13, etc.) and every candidate have a number prefixed with the party number (we don't have "independant" candidates. to run for anything you need to join a party). so when you go to the voting booth, you just type the candidate numbers, one candidate per screen. usually the screen order is:

- president
- governor
- senator (one screen when only one seat is in dispute, 2 screens otherwise)
- federal deputy
- state deputy

federal and state elections are held every four years and always coincide. municipal elections are held separatelly in between federal/state elections. the screen order is usually:

- mayor
- municipal legislator (vereador in portuguese).

Re:Dumb question...

[devendra_l]

You actually don't need a screen on any type. You need a button and a LED next to it. And a paper sticker next to the button to indicate the party/candidate.

Re:Dumb question...

It could still be a touch screen. When you press the part of the screen corresponding to your candidate, have nothing on the screen change, and have your vote indicated by an LED next to that part of the screen (as you said).

Or you could possibly have an LED array with buttons, to allow for an understandable confirmation dialogue.

LED

[asCii88]

I would suggest using a LED monochrome low-def display, after all, there is not much to be displayed, and make the selection buttons, hard buttons... but that might compromise the machines some other way.

Re:LED

[asCii88]

Damn it, this has just been said. Mod parent "Stupid"

Re:Honestly, Mickey Mouse?

http://confessions.grouphug.us/confessions/129876285

Jealousy all around

You know, it is pretty clear most of comments around Brazil's e-Voting machines are pure jealousy. Believe or not, they DO work and they ARE safe. People complaining about eavesdropping, hacking and manipulation have really no idea about how easy is to replace a bag full of voting papers with another exactly equal bag full of already manipulated voting papers. Yeah, then if you do believe replacing a voting bag is hard, why should replacing a results file, the voting application or the entire machine is that easy?

Truth is, there is NO single bullet-proof, 100% safe system. Anyone can be manipulated, just like machines. And the humans are way more ea$y manipulated than the machines.

To shorten things, e-Voting machines are here obeying computer rule #1: Ease human tasks. Why to hire 1000 people and have them spending 30 hours/each counting votes, if you can update a database and have results done (sometimes) in less than 2 hours?

Again, what Brazil is proving is, computers can be trusted. People, however, will never be.

On a different note,

[sega01]

Isn't Google Translator amazing? The translation was *very* readable. I don't know about accuracy since I don't know Portuguese, but the English output was incredible. I'm really impressed.

It's not a practical approach

[SlappyBastard]

While in principle it is a good method for snooping a single monitor, it would take a ton of disentangling signals to read every monitor consistently at a polling place from any distance. It is not a practical way to screw with an election, considering that any party willing to snoop this aggressively is probably willing to do a lot more than just snoop.

Frankly, it shows just how effective Brazil's security measures are that hackers have to go this deep into the playbook to get even one sort of result.

Paper Ballots fail for ONE reason

[myspace-cn]

First off I want to say, fuck Brazil's elections, it's not the United States!

Paper Ballots fail for one reason, a broken chain of custody.

A chain of custody, doesn't mean officials can seal off a building saying there's a terrorist threat.
A chain of custody, must be made up of the public. e.g. Humans. Not Cops, Corrupt Officials, or Invisible Electronic Signals.
A chain of custody, must be maintained 24/7, until all the votes are counted, and the total is final.
A chain of custody, can not be maintained when officials abuse their authority and the public backs down.
A chain of custody, can not be maintained, when untrained (in electronics, physics, and programming) local law enforcement arrest poll watchers

All electronic vote tabulation devices are, by definition a broken chain of custody. (humans can not see electronic signals)
Electronic registered voter poll books have the same problems electronic vote tabulation devices have

This is why an electronic solution is impossible.

You want honest elections?

Turn the Fucking Power off.
Use paper ballots, with an unbroken public chain of custody.
  (Not this half ass kiddy shit where officials dictate the whole process, using local law enforcement, to bar access!)

Re:Paper Ballots fail for ONE reason

[synthespian]

The "chain of custody" was actually good argument (too bad you have to wrap your argument in foul language - not good job skills, dude...)

Electronic voting in the largest democracy

[devendra_l]

Simple electronic voting machine that is successfully used by the largest democracy in the world :- http://en.wikipedia.org/wiki/Indian_voting_machines btw, these machines are used in all sorts of conditions. In some remote places with no electricity.

Canadian vs. US votying

This is why I love the Canadian method: paper with circles, make an "X" in the circle you want, fold the paper and put it in the ballot box.

I'm in Canada, and am fairly happy with the way things work here, but this method may not work everywhere. Specifically for the US, they tend for almost everything.

First off, when we have an election / voting day, it's generally for one thing only: either municipal, or provincial (like state), or federal. We also have a lot more appointed "bureaucratic" positions: judges and sheriffs are not elected, nor are Crown prosecutors (DAs).

In the US, when you go into an voting booth it's usually on "Election Day", and where you vote for: city, county, state, federal, judges (all of them), sheriff, district attorney, chief dog catcher, etc. At the end of the night you have to count all off those different ballots, whereas in Canada you only have to count the ballot for one election.

There are times when two elections (e.g., city and province) are run at the same time, but it's rare. At most if there's a major political debate there may also be a referendum (like a US proposition), but those are fairly rare (maybe one a decade or so). Usually they involve a Constitutional amendment, or more recently in Ontario and BC (2007, 2005), a change to the way voting is done (from first-past-the-post to proportional representation).

Re:Canadian vs. US votying

^-- what he said.

As an example, the last US presidential election: I got a big card of thick paper - by big I mean closer to newspaper dimensions than notebook paper - full of choices to make. It had the presidential choice, but that was only a small portion of the total. It also had selections for town officers, since this time the national election happened to line up with the local one. It had a town referendum (the final yes/no on constructing the middle school we needed to alleviate the seriously overcrowded old middle/senior high school next door). It had our district's state representative (those are on a two year cycle in all states, so again, it lined up with the national one this time). It had some state bond choices (mainly public works issues, IIRC; things like a hospital funding bill and turning some newly-clear land freed up by moving a section of highway into a park). It pretty much filled the page. And my town/state isn't one of the ones that votes for judges or police chief or fire chief.

The actual mechanical process was about as simple as the Canadian method. In my state we have the big paper and a black marker, and there's a broken horizontal line next to each item; all you do is complete the line for the choice you want. Then you stick it into the slot of a machine on the top of a bin, about chest-high, which beeps as it scans and records the vote, dropping the paper into the bin - or if you screwed up, it spits the paper back out at you and the staff can tear it up and hand you a blank to do over, re-explaining how to draw a line if for some reason you haven't voted in the decade+ since we switched from the big lever machines.

So: pretty much foolproof instant counts with the original paper records maintained if handcounts are required. No hanging chads, no miscalibrated touchscreens, no dodgy internet connections, no unnecessary human handling of the piles of votes, and the scanners are simple enough that I haven't heard of any of them breaking down this decade.

Dumber question...

[Civil_Disobedient]

Why does the electronic voting machine have to be

Why does the voting machine even have to be electronic?

Even one good reason would be nice.

The open skull voting process is not good for you

[synthespian]

... then we have security by openness

And you also have the 500-meter dash away from the polling station, where the thug, army, or police officer was waiting for you with his nice wooden baton to crack your skull open, after you cast your open vote against the ruling party.

You don't watch much news on TV, do you? Remember: 1) all the world is not made of latte; 2) Star Trek ain't real; 3) Pakhistan is actual country; 4) Bin Laden is livin' large.

True Democracy

[mahadiga]

Democracy is sham till Voter can openly disclose without FEAR to which Candidate he voted after coming out of the Polling Booth.