As others have pointed out, the new Linux-based Brazilian e-voting machines are a great step forward for Linux, but a small step sideways for the system itself.
Brazilian e-voting boxes embody almost every design mistake that one can think of: from the use of a single machine for voter identification and vote recording, to the absence of an auditable paper trail, a bootable floppy unit, reprogramming at every election by centrally distributed flash cards, and much more. The move to Linux (rather than Windows or VirtuOS) does not fix any of these problems.
Public inspection of the voting software (reportedly over a million lines of code not counting the OS) is limited to a few days when party-appointed representatives can view the source on-line. There is no way to ensure that the software that is running on the machine on election day is the one that was inspected. (Party inspectors can ask for software checksums during the election, but only using the box's own checksum utility --- that is part of that same software.)
Worse than the box itself is the organization behind it. All ballots, even the municipal ones, are centrally managed by a wholly autonomous branch of the Federal government (Justica Eleitoral), which itself has no elected positions. It was the JE that comissioned the design of the e-voting box and "sold" it to the country, some 10 years ago.
The JE "owns" all 400,000+ voting boxes, and is the only contracting and overseeing authority for their mainternance, installation, storage, deployment, and operation. The JE writes the e-voting legislation and lobbies for it in Congress. Since the software is not public, the only expert evaluations that have been performed on it were paid for by the JE. Any claims about voting fraud or error are judged by the JE, and any appeals against JE rulings are judged by the JE itself.
So, not only the box, but the whole system is a textbook example of "how NOT to do e-voting". The system's reliability is wholly dependent on the honesty of the JE officials and staff, and of the thousands of personel who are sub-contracted at each election.
The system has cost Brazilian taxpayers something between U$ 500 million to 1 billion, and this expenditure was ostensibly justified as the magic technological solution for ballot-box-stuffing, voter coercion, and other kinds of fraus that plagued the old paper-ballot system. Given this context, the JE obviously will never admit that they have in fact created the largest, most advanced, and most audit-proof election-frauding system in the world...
All the best,
--stolfi
[[The above opinions are the sole responsibility of the author, and need not coincide with the official position of his employer.]]
Slashdot Mirror
As others have pointed out, the new Linux-based Brazilian e-voting machines are a great step forward for Linux, but a small step sideways for the system itself. Brazilian e-voting boxes embody almost every design mistake that one can think of: from the use of a single machine for voter identification and vote recording, to the absence of an auditable paper trail, a bootable floppy unit, reprogramming at every election by centrally distributed flash cards, and much more. The move to Linux (rather than Windows or VirtuOS) does not fix any of these problems. Public inspection of the voting software (reportedly over a million lines of code not counting the OS) is limited to a few days when party-appointed representatives can view the source on-line. There is no way to ensure that the software that is running on the machine on election day is the one that was inspected. (Party inspectors can ask for software checksums during the election, but only using the box's own checksum utility --- that is part of that same software.) Worse than the box itself is the organization behind it. All ballots, even the municipal ones, are centrally managed by a wholly autonomous branch of the Federal government (Justica Eleitoral), which itself has no elected positions. It was the JE that comissioned the design of the e-voting box and "sold" it to the country, some 10 years ago. The JE "owns" all 400,000+ voting boxes, and is the only contracting and overseeing authority for their mainternance, installation, storage, deployment, and operation. The JE writes the e-voting legislation and lobbies for it in Congress. Since the software is not public, the only expert evaluations that have been performed on it were paid for by the JE. Any claims about voting fraud or error are judged by the JE, and any appeals against JE rulings are judged by the JE itself. So, not only the box, but the whole system is a textbook example of "how NOT to do e-voting". The system's reliability is wholly dependent on the honesty of the JE officials and staff, and of the thousands of personel who are sub-contracted at each election. The system has cost Brazilian taxpayers something between U$ 500 million to 1 billion, and this expenditure was ostensibly justified as the magic technological solution for ballot-box-stuffing, voter coercion, and other kinds of fraus that plagued the old paper-ballot system. Given this context, the JE obviously will never admit that they have in fact created the largest, most advanced, and most audit-proof election-frauding system in the world... All the best, --stolfi [[The above opinions are the sole responsibility of the author, and need not coincide with the official position of his employer.]]