×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Contest To Hack Brazilian Voting Machines

Soulskill posted more than 4 years ago | from the hack-the-vote dept.

Hardware Hacking 101

An anonymous reader writes "Brazilian elections went electronic many years ago, with very fast results but a few complaints from losers, of course. Next month, 10 teams that accepted the challenge will have access to hardware and software (Google translation; original in Portuguese) for the amount of time they requested (from one hour to four days). Some will try to break the vote's secrecy and some will try to throw in malicious code to change the entered votes without leaving traces."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

101 comments

First prize (0)

Anonymous Coward | more than 4 years ago | (#29932097)

winners will be elected

Re:First prize (1)

calmofthestorm (1344385) | more than 4 years ago | (#29932103)

winners will be executed

Re:First prize (2, Insightful)

Anonymous Coward | more than 4 years ago | (#29932215)

winners will be executed

We are in Brazil not in the USA.

Re:First prize (0)

Anonymous Coward | more than 4 years ago | (#29932323)

USA doesn't kill people... criminals are given cabinet posts.

you're thinking Venezuela

Re:First prize (0)

Anonymous Coward | more than 4 years ago | (#29932353)

USA doesn't kill people...

Right, first declare them enemy combatants.

Re:First prize (2, Funny)

bytta (904762) | more than 4 years ago | (#29932945)

USA doesn't kill people...

Right, first declare them enemy combatants.

Or at the very least, afterwards...

Little bit more info... (2, Informative)

Tellarin (444097) | more than 4 years ago | (#29932115)

for those who do not RTFA.

The teams can bring any software or equipment they want to try and break the machines' security.

And there is even a bounty of a little more than USD$2000,00 paid by the government to the team that gets closer to the goal.

Re:Little bit more info... (0)

Anonymous Coward | more than 4 years ago | (#29932197)

A little over US$2000? When your approximation is off by over 40%, something is wrong.

Re:Little bit more info... (1)

korogorov (1074979) | more than 4 years ago | (#29932281)

And there is even a bounty of a little more than USD$2000,00 paid by the government to the team that gets closer to the goal.

$800 is barely a little

Re:Little bit more info... (1)

Tellarin (444097) | more than 4 years ago | (#29932321)

Oops, there was a 5 missing. I was supposed to have typed 2500.

This is what one gets for not paying attention to preview...

Re:Little bit more info... (0)

Anonymous Coward | more than 4 years ago | (#29932849)

There are plenty of programmers in the U.S. who know how to write secure code. The "security faults" of U.S. voting machines are apparently there to hide the fact that elections are being manipulated.

Hack the judges (5, Insightful)

noidentity (188756) | more than 4 years ago | (#29932177)

The simplest way to win this is to hack the judging process so that your team is announced the winner, with a false claim that you hacked one of the machines.

Re:Hack the judges (1)

gzipped_tar (1151931) | more than 4 years ago | (#29932199)

The simplest way to win this is to hack the judging process so that your team is voted the winner

T, FTFY.

Re:Hack the judges (2, Insightful)

noidentity (188756) | more than 4 years ago | (#29932497)

No, my point was that you don't have to hack any voting machines (the apparent activity involved in this contest). You just need to hack the people managing it so that they announce you as the winner, and describe how you (fictitiously) hacked a voting machine.

Re:Hack the judges (1)

gzipped_tar (1151931) | more than 4 years ago | (#29932617)

And I knew your point. I was just joking. If you didn't like the joke, just say you didn't.

By the way, I don't like it, either ;)

Re:Hack the judges (1)

noidentity (188756) | more than 4 years ago | (#29933363)

And I knew your point. I was just joking. If you didn't like the joke, just say you didn't.

OK. I kind of got the joke, that you'd hack the voting machines the judges use, rather than the machines you were given. And your username is cute. Maybe there's someone named tarred_gzip (which would be an odd thing to do).

Re:Hack the judges (1)

cheftw (996831) | more than 4 years ago | (#29941953)

I tar up everything on my system, you insensitive clod.

It may not have the best compression ratio but damn is it fast to decompress.

Re:Hack the judges (1)

ais523 (1172701) | more than 4 years ago | (#29934827)

You could hack a real election the same way. Don't hack the voting system, just the people who announce the results.

Re:Hack the judges (2, Insightful)

T Murphy (1054674) | more than 4 years ago | (#29932463)

Any voting system will have risk due to human judges- this test will hopefully prove that electronic voting (on Brazilian machines) has no additional openings. If this works for Brazil, American companies have no excuse not to let us do the same to their machines (not that it will likely happen anyways). In any case this sounds great and I wish more governments would do things like this to prove trustworthiness rather than expect everyone to trust the government baselessly.

A brazilian? (2, Funny)

Flyer434 (581876) | more than 4 years ago | (#29932195)

That is a lot of voting machines...

Re:A brazilian? (5, Funny)

Asmor (775910) | more than 4 years ago | (#29932305)

A senior aide goes up to President Bush. "Sir," he begins, "we just heard that two Brazilian men were killed in an attack in Iraq."

Bush is visibly shaken, he hangs his head and covers his mouth with his palm. After a few moments, he asks in a solemn tone, "How many is a Brazilian, again?"

Re:A brazilian? (0)

Anonymous Coward | more than 4 years ago | (#29934659)

answer: about 10 north americans.

Re:A brazilian? (0)

Anonymous Coward | more than 4 years ago | (#29935739)

A senior aide goes up to President Bush. "Sir," he begins, "we just heard that two Brazilian men were killed in an attack in Iraq."

Bush is visibly shaken, he hangs his head and covers his mouth with his palm. After a few moments, he asks in a solemn tone, "How many is a Brazilian, again?"

I don't get this joke... Sincerely yours, George W. Bush

This makes sense (0)

Anonymous Coward | more than 4 years ago | (#29932259)

Why can't something like this happen in the States?

Really quite an accomplishment (1, Insightful)

Anonymous Coward | more than 4 years ago | (#29932265)

Seriously one of the ten teams who figured they could hack a 'brazilian' voting machines in 'one hour', kudos.

why is electronic voting so hard? (2, Interesting)

timmarhy (659436) | more than 4 years ago | (#29932285)

I've never understood how, on a technical level, electronic voting has failed so hard in many countries. write a simple app that writes the vote to a flat text file, then reads the recorded result back to the voter for them to confirm, and store a hash of the result seperately. encrypt all the drives, lock down the hardware in each location with steel boxes and armed gaurds if needed.

transport the results out of the voting location with the votes and hashs seperately and count then use the hash to verify that the count wasn't tampered with in transit etc.

Re:why is electronic voting so hard? (2, Insightful)

Ihmhi (1206036) | more than 4 years ago | (#29932315)

If it was that foolproof, it would be difficult for the people in power to tamper with it if they ever wanted to.

Re:why is electronic voting so hard? (3, Insightful)

wizardforce (1005805) | more than 4 years ago | (#29932329)

The simplist explanation is that corruption is the problem not the technical aspects of these voting machines. These errors wouldn't be tolerated with ATM machines because the public seems to care a lot more if their bank account is fraked with but not so much their vote for some reason... That's the only real way to clean up the corruption; get the public to put real pressure on the entities involved in the voting process.

Re:why is electronic voting so hard? (2, Insightful)

TubeSteak (669689) | more than 4 years ago | (#29932519)

These errors wouldn't be tolerated with ATM machines because the public seems to care a lot more if their bank account is fraked with but not so much their vote for some reason...

[Citation Needed]

Are you thinking of the same ATMs that I am?
Many ATMs are Windows running on commodity hardware.
I've seen a few whose entire functionality is a java applet sitting on the desktop.

I can't dispute your assertion that "the public seems to care,"
but I will dispute your claim that "these errors wouldn't be tolerated".
I dispute the claim because we don't know.
ATM mfgs & banks don't report to anyone.

There are no statistics to prove or disprove the security of ATMs.
There are no standards for coding ATM software (like there is for airlines).
But, from the SNAFUs that have become public, a good working theory should assume that the code is crap.

Feel free to replace "ATM" with "Voting Machine" and almost everything I've said still applies.
Except for the standards part, but IIRC there was recent news showing that the mfgs violate that anyways.

P.S. Lol @ ATM machine

Re:why is electronic voting so hard? (2, Insightful)

wizardforce (1005805) | more than 4 years ago | (#29932595)

Most of the problems with ATMs that I've heard of involve hacking into the system, and utilising social engineering attacks. Electronic voting machines have had problems that go far beyong those:
*social engineering attacks
*weak physical security to the point of being able to access the machines' innards with a hotel key
*federally illegal code used on sequoia voting machines leaked to the public
*errors in tabulating votes sometimes in the thousands
There are more but I think I've already made my point. The string of failures and bafflingly simple errors in basic security of these voting machines leads one to wonder just how much corruption has overridden technical prowess in the making of these machines. They can do it right, there is just a huge incentive not to.

Re:why is electronic voting so hard? (3, Insightful)

HungryHobo (1314109) | more than 4 years ago | (#29933269)

what boggle my mind that slot machines are constructed to be more secure and more easily auditable(to make sure the settings conform to regulations) than voting machines.

Re:why is electronic voting so hard? (1)

keeboo (724305) | more than 4 years ago | (#29938159)

These errors wouldn't be tolerated with ATM machines because the public seems to care a lot more if their bank account is fraked with but not so much their vote for some reason...

[Citation Needed]

Are you thinking of the same ATMs that I am? Many ATMs are Windows running on commodity hardware. I've seen a few whose entire functionality is a java applet sitting on the desktop.

I can't dispute your assertion that "the public seems to care," but I will dispute your claim that "these errors wouldn't be tolerated". I dispute the claim because we don't know. ATM mfgs & banks don't report to anyone.

There are no statistics to prove or disprove the security of ATMs.

I don't know how it works in other countries, but if you consider the Banco do Brasil [bb.com.br] , the biggest bank in Latin America:
The ATMs currently run a custom (in-house-compiled) version of OS/2.
The bank is switching to a custom version of Linux (the userland code, naturally, is developed by themselves aswell).

About the banking system, in Brazil all the financial transactions from all banks are reported to the Banco Central do Brasil [bcb.gov.br] (Central Bank of Brazil) and the data is cross-checked.

Re:why is electronic voting so hard? (3, Insightful)

fgouget (925644) | more than 4 years ago | (#29933097)

These errors wouldn't be tolerated with ATM machines because the public seems to care a lot more if their bank account is fraked with but not so much their vote for some reason...

When an ATM machine makes a mistake they very quickly see the result of it on their bank statement. So yes, they then get upset.

When a voting machine makes a mistake, someone still gets elected with no one the wiser (unless the error was huge like more votes than voters). So since nobody knows the machines made a mistake (or were hacked) nobody cares or is upset.

Re:why is electronic voting so hard? (1)

drsquare (530038) | more than 4 years ago | (#29938325)

ATMs aren't secret ballots. You know what money comes out, and you see your bank statement afterwards. With any electronic device, you have no idea what happens to your vote. Even a small alteration in the chip or a couple of characters in the code could change everything, and no-one would know about it.

Paper ballots placed into clear boxes is the simplest and best way.

Re:why is electronic voting so hard? (1)

pengin9 (1595865) | more than 4 years ago | (#29932339)

The problem is of course that people don't trust that the code will work. I get asked all the time, "how do you know it will work" because I freaking wrote it to work. Humans may have issues counting, but computers got that down pretty well. I think we can trust them to do a simple calculation.

Re:why is electronic voting so hard? (1)

tqk (413719) | more than 4 years ago | (#29932875)

That sounds like something Diebold/Sequoia would say. "Trust me. I know what I'm doing!"

Re:why is electronic voting so hard? (1)

cameigons (1617181) | more than 4 years ago | (#29932957)

Whatever the potential problems I still believe it works better than the traditional voting system. If not, people should be questioning the widespread use of web banking or software in airplanes too. I'm not saying I don't think those are as secure as it gets(more than humans anyway), but the interesting point is that it seems to interest some of those with power that voting machines keep being unreasonably untrusted while some other more complex systems not.

Re:why is electronic voting so hard? (2, Insightful)

buchner.johannes (1139593) | more than 4 years ago | (#29932401)

Verifiability. And that is almost impossible if you don't provide a printout. All the solutions that provide a printout could succeed though, for example Bingo voting [bingovoting.de] or Punchscan [punchscan.org] .
So far companies such as Diebold sell "we know this is 100% secure, trust us" and that seems to be what sufficed for the people choosing a product. Cost, loss of democracy and provable security haven't been a criterion it seems.

Re:why is electronic voting so hard? (1)

pwilli (1102893) | more than 4 years ago | (#29932449)

Exactly. With paper votes, you can be sure that whatever you've written on the ballot doesn't change in the time between putting it in the voting box and the opening of said box by the people who count the votes and record the results at the end of the day.

This timespan is the most critical, because manipulation can be done without leaving traces. And this is where you would have to trust a black box more than a piece of paper. Tough call.

Re:why is electronic voting so hard? (1)

mpe (36238) | more than 4 years ago | (#29933115)

With paper votes, you can be sure that whatever you've written on the ballot doesn't change in the time between putting it in the voting box and the opening of said box by the people who count the votes and record the results at the end of the day.

Assuming that the appropriate security is in place. If this isn't the case then putting them in place is likely to be a far better idea compared with buying lots of expensive machines.

Re:why is electronic voting so hard? (1)

timmarhy (659436) | more than 4 years ago | (#29932549)

i don't think you need a print out to take with you - after all what exactly is it achieving? it won't be used in a recount. if it's deposited like a normal ballot you've achieved nothing. you certainly won't keep it and check that your vote has been recorded later on, since it's supposed to be a secret ballot remmeber, you don't want your name against how you voted.

Re:why is electronic voting so hard? (1)

buchner.johannes (1139593) | more than 4 years ago | (#29935565)

Without a printout you can never verify if the system counted you correctly. Read up on the links I gave on how this still keeps your vote secret.

Re:why is electronic voting so hard? (0)

Anonymous Coward | more than 4 years ago | (#29933037)

This argument gets trotted out every time electronic voting comes up. However, it's a straw man. You have no verfiability with paper ballots, so why do you expect it with electronic voting? As they say "Voting decides nothing, those who count the votes decide everything".
 
I invite you to educate yourself. Take a look at the election results for any election in the last 10 years that included a recount. Why are the numbers different? What verification do you have that your vote was counted correctly, or for that matter, at all? NONE. At least with an electronic system, if the machine checks out, then you know the results are perfect. Period. Any decent programmer can write the recording/tabulating software to be simple and secure, add in a bit of disk security and read only access from anything other than the TCP mainboard and Bingo, 100% accurate results every time.
 
In fact, it's so simple it's downright trivial. Which begs the question, WTF is wrong with you?

Re:why is electronic voting so hard? (1)

kdemetter (965669) | more than 4 years ago | (#29933251)

What you mean with 'you have no verifiability with paper ballots' ?

Just count them. If the results are the same as the machine's then you have verified that the machine works correctly , and that the paper ballots are counted correctly.
Sure , it can still be manipulated , but than they would have to manipulate both the counting ,and the machines.

So , it's still a good additional check.

Why is electronic voting so "popular"? (3, Insightful)

TheLink (130905) | more than 4 years ago | (#29932471)

Actually the puzzling thing to me is why is electronic voting so "popular". Why do the people in charge keep promoting it?

Most electronic voting systems are bad at a very important requirement:

Convincing the loser (and enough of his supporters) that he lost.

The system doesn't just have to work correctly, it has to be accepted as working correctly (enough).

With various fancy cryptography and systems it is possible to have an electronic system that is anonymous, verifiable and reasonably secure (see: http://www.youtube.com/watch?v=ZDnShu5V99s [youtube.com] for ideas on how this could be done), but as far as I can tell, they're not going for such systems.

So why not just stick with paper ballots in a process where almost everything is done in the open? That way the eventual loser's representatives, 3rd party observers, various other people can observe every count of each vote. It's simple enough to understand. While postal votes can still be used to rig stuff, most electronic voting systems are also vulnerable to that same problem.

That paper based system may take a bit more time, but it scales reasonably well - the more voters there are, the more volunteers there should be for counting. I'm assuming that it's not a case where too many of the citizens either can't count or are too lazy to do so.

Re:Why is electronic voting so "popular"? (2, Insightful)

TubeSteak (669689) | more than 4 years ago | (#29932529)

Actually the puzzling thing to me is why is electronic voting so "popular". Why do the people in charge keep promoting it?

Here are the problems that e-voting solves:
Handicap accessibility
ballot complexity
hanging chads/questionable pencil marks

Electronic voting in its current form resolves these problems.
Unfortunately, in its current form, it introduces serious problems in verifying the vote.

Re:Why is electronic voting so "popular"? (1)

amorsen (7485) | more than 4 years ago | (#29932779)

Electronic voting only solves the first of those problems. For the other two it turns detectable failures into (probably fewer) undetectable failures.

Re:Why is electronic voting so "popular"? (1, Interesting)

Anonymous Coward | more than 4 years ago | (#29933017)

I have a solution for all those problems. If you can't operate a ballot, punch out a chad, or understand a touch screen, FUCK OFF. I don't want to know what you voted for, because you are an incompetent moron. The best argument against democracy is a 5 minute conversation with the average voter.
 
The bottom line is simple. Creating a perfect electronic voting system is TRIVIAL. The only reason it hasn't been done is because it doesn't benefit any of the people who could make it happen. In a world where trillions of dollars are traded around electronically every day, there is no logical excuse to not be able to build an electronic voting machine that is both simple and secure. For that matter, it could be done with phone/internet systems too. The only limitation is political. Not technical.

Re:Why is electronic voting so "popular"? (1)

mpe (36238) | more than 4 years ago | (#29933061)

Here are the problems that e-voting solves: Handicap accessibility

Handicap is a generic term covering many things. If someone has difficulty getting to the polling station (because they are in a wheelchair, agrophobic, etc.) what they may find there isn't really the issue. Someone who cannot use their hands may well find a touchscreen just as unusable as pencil and paper. The simple alternative is for the handicapped voter to appoint someone (they trust) to either help them or at as their proxy/attorney in matters of voting.

ballot complexity

Assuming the ballot needs to be that complex in the first place. On the other hand an electronic system may prevent a voter abstaining from part of the ballot, spoiling their "paper" or even filling out the ballot in a way which is within the rules but not thought of by whoever designed the form.

Re:Why is electronic voting so "popular"? (1)

kvezach (1199717) | more than 4 years ago | (#29933141)

So, turn the electronic machine into an Expensive Pencil (i.e. touchscreen plus printer). The printout is the ballot, and the voter can manually inspect it before putting it in the ballot box.

Re:Why is electronic voting so "popular"? (2, Informative)

value_added (719364) | more than 4 years ago | (#29932619)

Actually the puzzling thing to me is why is electronic voting so "popular". Why do the people in charge keep promoting it?

Seriously?

Can't speak to Brazil specifically, but the "popularity" of electronic voting, or more correctly, the push to use electronic voting systems to deal with the problems of manual methods, can be summed in two words: hanging chad [wikipedia.org] .

Those two words, in turn, gave rise to another infamous two words: Bush v. Gore [wikipedia.org] .

The aftermath, described here [wikipedia.org] , included the passage of the Help America Vote Act [wikipedia.org] which, among other things, funded the purchase of electronic voting systems.

The rest happened in your state capitol.

If you don't reside in the US, you can be sure that your own elected representatives took note of what happened.

Re:Why is electronic voting so "popular"? (2, Insightful)

mpe (36238) | more than 4 years ago | (#29933095)

Can't speak to Brazil specifically, but the "popularity" of electronic voting, or more correctly, the push to use electronic voting systems to deal with the problems of manual methods, can be summed in two words: hanging chad.

Thing is that the "hanging chad" issue is related to a mechanical, quite possibly in parts electronic, system anyway. Using Hollerith cards as ballot papers can only be described as a "hack" in the first place. If anything the underlaying problem is too much (inappropriate) technology being used to vote.

Those two words, in turn, gave rise to another infamous two words: Bush v. Gore.

How would electronic voting machines have dealt with the conflict of interests issue of Jeb Bush not reclusing himself?

Re:Why is electronic voting so "popular"? (1)

Velex (120469) | more than 4 years ago | (#29938981)

the push to use electronic voting systems to deal with the problems of manual methods, can be summed in two words: hanging chad.

I can't stand this false dilemma. I rather prefer a certain optical scanner method. There are several pairs of triangles, one pair for each candidate. You take a black, permanent marker (not a No. 2 pencil, mind you) and connect the pair of triangles next to the candidate you want. It doesn't get simpler. The optical scanner provides a real-time tally, and the votes are trivially recounted.

Now, granted, there will always be people who screw it up. If you figured out how to solve PEBKAC, let me know.

But I can't verify the system... so it's useless (2, Insightful)

seifried (12921) | more than 4 years ago | (#29932989)

I don't care if you have a provably correct system (in the sense of a formal mathematical proof AND a code audit AND a hardware audit) because I cannot verify that that is the system I am indeed interacting with! On the other hand with paper and pencil I can easily verify that my vote was recorded correctly (did I make an X in the circle I wanted? .. yup.) and I can also EASILY verify that the vote is counted correctly (anyone is legally allowed to watch the count including people not affiliated with political parties, referred to as Electoral observation [elections.ca] ).

Re:Electoral Observation (0)

Anonymous Coward | more than 4 years ago | (#29933457)

One of the nice things about living in Canada. Too bad the US doesn't do this.

Re:But I can't verify the system... so it's useles (2, Insightful)

TheRaven64 (641858) | more than 4 years ago | (#29934115)

Exactly. I have a PhD in computer science and a lot of experience debugging other peoples' code. If you gave me the source code to an electronic voting system, I could not be more than 50% sure that I had found all of the potential ways of exploiting it. Even if I do manage to convince myself that it is bug free, which might be possible if it were developed using formal methods, then I still have no way of verifying that the software that I audited is the software I am using to vote. More than 99% of the population is likely to be less able to audit the code.

We don't use electronic (or mechanical) voting here, we use a pen and paper. I can look at the paper and validate that it has the mark next to the candidate that I wanted. I can then put it in a box. If I want, I can volunteer to watch the box and see that no one removes ballots from it before it is counted. I can then watch, or even participate in, the counting. The number of votes counted is then published and I can check the totals match for the constituency. Anyone with basic numeracy can validate this mechanism. Most people don't choose to, but each of the candidates will nominate people that they trust to do so and they can select these people from the entire population, not just from some technical priesthood.

Re:Why is electronic voting so "popular"? (1)

cameigons (1617181) | more than 4 years ago | (#29933003)

But applying the same logic, we should go back to manual in a whole lot of other areas where things are nowadays totally automated.

Re:Why is electronic voting so "popular"? (2, Insightful)

mpe (36238) | more than 4 years ago | (#29933021)

Actually the puzzling thing to me is why is electronic voting so "popular". Why do the people in charge keep promoting it?

Most likely it's simply an issue of "follow the money".

So whyion not just stick with paper ballots in a process where almost everything is done in the open? That way the eventual loser's representatives, 3rd party observers, various other people can observe every count of each vote. It's simple enough to understand. While postal votes can still be used to rig stuff, most electronic voting systems are also vulnerable to that same problem.

One thing to also remember is that changing the mechanics of the polling process does nothing to address voter intimidation, gerrymandering, conflicts of interests between people running the election and candidates, differing nomination/campaigning rules for different candidates, etc. Many of which are actually far bigger problems...

That paper based system may take a bit more time,

Such systems are generally quick enough for political systems where the results of the election take effect within hours/days. In places such as the USA elected people may not actually start for weeks/months after the election. What is the situation in Brazil?

Re:Why is electronic voting so "popular"? (0)

Anonymous Coward | more than 4 years ago | (#29934579)

"What is the situation in Brazil?"

Elections are usually held in October or mid-November, with elected people starting office in January 1st (roughly three/two and a half months later).

Re:Why is electronic voting so "popular"? (1)

NeoStrider_BZK (1485751) | more than 4 years ago | (#29933715)

I belive its much more a matter of logistics than security.
I work in the election system here in Brasil (ok, "Brazil"). It happens that Im a computer science student, but they take anyone "at random" and make them work that day or I would have to pay a fine. OTOH, I could, theoricly , take 2 days off. (ha! we live in capitalism. Of course I work as if I never had this 2 days off)

Now, getting to the point:
Working in the elections is a real hard work becouse you have to deal with a real big crowd , with lots of iliterate ( I live in Rio, so its not in my zone, but I know that in the big country, in north there are lots - In my zone, I actually get lots of judges and other pendantic important authorities , as I live in a sprawl). With paper voting, it would be a colossal work.
You guys must keep in mind that voting in Brazil is mandatory and you can lose a lot of granted rights if you dont vote.

I remember some 20 years ago, when I was just a kid playing my NES , when it was all paper and we had our first "trully democratic" election in 35 years after the military dictatiorship. My father and my aunt would have to drop their work for days only to work on counting the votes and everything was much more corruption and error prone. In fact, my father was once offered a bribe, but refused , as (--)pendatic as he is. With electronic voting, ,the results come by the end of the election day and while it can happen, fraud is harder.

There a brazillian adage that says: "it might be easier to take out the couch to get rid of termites, but its much better to Do The Right Thing (tm)" (or something along those lines...). Its not a matter of scrapping elec voting becouse its unsafe, but rather a matter of improving it. Otherwise, the rest of the world will stll belive we live in rain forrests ,side by side with indians and monkeys and we have carnaval the whole year ;-)

Belive us. We are hard working people (with a huge tax charge to pay)

Re:Why is electronic voting so "popular"? (1)

keeboo (724305) | more than 4 years ago | (#29937973)

I work in the election system here in Brasil (ok, "Brazil"). It happens that Im a computer science student, but they take anyone "at random" and make them work that day or I would have to pay a fine. OTOH, I could, theoricly , take 2 days off. (ha! we live in capitalism. Of course I work as if I never had this 2 days off)

If your employer doesn't give you the days off, he's violating a Federal Law:
Art. 98 Law 9.504/1997.

Re:Why is electronic voting so "popular"? (1)

NeoStrider_BZK (1485751) | more than 4 years ago | (#29938483)

Do you want to take the risks? I dont even expose it to my exployer.

To be fair, Im new at my current job (intern game developer) and I still didnt got to work on any election this far, so I dont know their reaction - but I dont want to bother them. My position was very hard to earn (I know, Im just a intern and I already worked as a full blown professional programmer) and I dont want to jeopardize it.

In the end, I actually like to work on elections, in that it gives me the chance to meet my old school mates again.

Re:Why is electronic voting so "popular"? (1)

TheLink (130905) | more than 4 years ago | (#29941359)

> In fact, my father was once offered a bribe, but refused , as (--)pendatic as he is. With electronic voting, ,the results come by the end of the election day and while it can happen, fraud is harder.

But where's your proof that fraud is harder? All I see is they have to bribe fewer people.

So far a number of Brazilians keep claiming that fraud is harder, but provide no proof at all. Just because reports of fraud are down does not mean fraud is harder or rarer - it could mean that fraud is harder to detect (which is normal for most electronic voting systems out there).

If there is no _effective_ penalty for offering bribes to counters like your father (e.g. nothing good happens even if your dad reports it, and maybe even bad stuff could happen), I don't see why an electronic system would make things better.

Unless perhaps the Brazilian election system is as verifiable as the system mentioned in the video I linked to ( http://www.youtube.com/watch?v=ZDnShu5V99s [youtube.com] ). However even in that case, the voters could be bribed to lie and say stuff has been tampered with when they haven't.

In the Canadian and other systems, the counters count the paper votes in the _open_ in front of observers. In my country (Malaysia) the vote counters lift up the paper ballot to show it to observers. So far I think in my country the cheating probably comes mainly from postal votes. So there's a limit to the amount of rigging they can do (the ruling party actually lost control of a few states in the last election - they sure pissed off enough people). Of course there's gerrymandering too.

Re:Why is electronic voting so "popular"? (1)

XCondE (615309) | more than 4 years ago | (#29937199)

Just add a paper trail to the electronic system.

Once the results are disclosed the sore losers can count the vote themselves (just don't leave them alone in the room with the print-outs)

Re:why is electronic voting so hard? (1)

geantvert (996616) | more than 4 years ago | (#29932551)

A huge problems with the flat log file is that it breaks the secrecy. If you know the order of the voters you can easily figure out who voted what.

A better solution could be to print or select a ballot paper and have it sent into a ballot box after visual verification by the voter.

Re:why is electronic voting so hard? (3, Insightful)

fgouget (925644) | more than 4 years ago | (#29933073)

write a simple app that writes the vote to a flat text file,

Thus writing the votes sequentially. If you independently record the order in which people vote (audio recorder in your pocket), then you can pretty easily know how each of them voted. See, you've failed at preserving voter privacy already. Preserving it requires randomizing the order of the votes in some way, which is not very practical with a flat text file.

pretends to then read the recorded result back to the voter for them to confirm,

Fixed that for you. What's written in the file does not have to match what's recorded in the file and the voter will never be able to prove anything. The software you wrote may not be the one that's used during the elections either. And again it's unlikely you'll be able to prove anything.

and store a hash of the result separately. encrypt all the drives, lock down the hardware in each location with steel boxes and armed guards if needed.

All this protects is the result. You need to prevent tampering of the software and yet make it possible to update it to integrate fixes (unless you claim to be able to produce bug-free software in your first attempt). You also need to make it possible to change the ballot definitions obviously (unless you plan on your system being used only once and then thrown away), and yet prevent non authorized parties (including election employees) from hacking them.

encrypt all the drives,

Encryption is to prevent unauthorized parties from reading the disk. What you really want is signing of all the executable code by a trusted authority so you can detect any tampering. The problem is finding a trusted authority: it obviously cannot be the government in place, not the voting computer manufacturer either, a random bloke taken off the streets? (who picks him?)

Yet another problem is that none of this lets the voter verify the voting machine in front of him has not been hacked on election day.

transport the results out of the voting location with the votes and hash separately and count then use the hash to verify that the count wasn't tampered with in transit etc.

All election officials have to do is prepare matching votes and hashes in advance of the election and substitute them for the real ones during transport, or in the secure storage room to which the public does not have access. Lesson: as soon as something leaves the polling place, and thus escapes the surveillance of the public, you can assume it has been corrupted.

Re:why is electronic voting so hard? (0)

Anonymous Coward | more than 4 years ago | (#29933177)

This isn't the first civilization which is a sucker for shiny new things. Electronic voting is a fundamentally flawed concept. Its fault is not a discrepancy between specification and implementation of the technology, but a discrepancy between the required properties and the specification. But it's shiny and new, so people will eventually fall for it, and go down with it.

Wikipedia vaguely confirms (0)

Anonymous Coward | more than 4 years ago | (#29932431)

it runs Linux btw.

Possible false sense of security (1, Insightful)

Beryllium Sphere(tm) (193358) | more than 4 years ago | (#29932559)

What if the machines "pass" this contest?

A real attack would likely involve more than a few days of effort, and might well have access to inside information not available to the red teams in the contest.

If nobody breaks in, that will prove very little about the security of the machines.

Re:Possible false sense of security (1)

cameigons (1617181) | more than 4 years ago | (#29932919)

The outcome of this contest doesn't prove much really. But as I heard their development is solid, just like bank websites or airplane softwares.

Re:Possible false sense of security (1, Insightful)

Anonymous Coward | more than 4 years ago | (#29932997)

Shush. Making the system appear secure is the point of the contest. Not finding a flaw does not mean there is no flaw, or we would all ship flawless systems. The purpose of hacking contests is therefore marketing and marketing alone.

Lets do it here, too. (3, Insightful)

SeaFox (739806) | more than 4 years ago | (#29932581)

I like this idea. Voting systems corporations claim their solution is accurate and secure, let them put their money where their mouth is and let people try and crack it. If their machine's security depends on nobody being allowed to even try then it's all theater.

Re:Lets do it here, too. (2, Insightful)

Ceriel Nosforit (682174) | more than 4 years ago | (#29932925)

And you couldn't say that there is a much more worthy target for both white and grey hats. From crashing computer networks, hacking goes on to secure the logical foundation of democracy; voting.

With some luck they will devestate the voting machines and companies, and create public uproar in the process. Civilization progresses when people care.

Re:Lets do it here, too. (2, Insightful)

fgouget (925644) | more than 4 years ago | (#29932979)

I like this idea. Voting systems corporations claim their solution is accurate and secure, let them put their money where their mouth is and let people try and crack it.

All it will prove is that these machines are hard to hack for outsiders. But the number one threat is that of insiders; mainly the government in place (who has most to lose in an election) and corrupt programmers at the company making the voting computers.

Re:Lets do it here, too. (1)

seifried (12921) | more than 4 years ago | (#29932993)

How do I verify that what I am auditing is actually what is used on election day? Oh yeah, I can't really. Oops.

Re:Lets do it here, too. (1)

marcobat (1178909) | more than 4 years ago | (#29971986)

to verify it, you successfully hack it but don't claim the prize ... Then you try again at election time :-)

A lesson taught to other countries (0, Insightful)

Anonymous Coward | more than 4 years ago | (#29932883)

It's interesting to see that true care for democracy can rise in some developing countries while it keeps fading in other, richer ones where the political model tends to oligarchy backed by pre-orwellian laws.

Re:A lesson taught to other countries (1)

JaredOfEuropa (526365) | more than 4 years ago | (#29933577)

Or... it's a smokescreen. If I were a government intent on rigging an electronic election, or a manufacturer of voting machines intent on drawing attention away from the real issues with my machines, this is exactly the sort of sham I'd stage.

Hacking by outsiders is a concern, of course, but the real worry is hacking by insiders. It is incredibly hard if not impossible to devise a system of electronic voting that can be verified. More importantly, any random Joe Blow needs to be able to verify the results.

Paper ballots have many advantages when it comes to verifying the results, and I consider those advantages to be actual requirements:
- The voting and tallying process can be described, in its entirety, on one or a few sheets of paper. And anyone with half a brain can understand that process.
- Because of that, most citizens posess enough smarts to sit in a voting station and keep an eye on the proceedings, making sure nothing untoward happens.
- Because of such impartial and effective observers, all of us can rely that the tally will be correct, and that if there is any fraud, it will be limited to a small area at least. And in many cases it will be detectable by a followup investigation.

The spectre of electronic voting is one of massive, undetected fraud. The mostly IT-savvy /. crowd might be able to state with certainty that a particular machine works as intended, and that the code it runs on contains no fraudulent capabilities. But are we able to verify that the machines we vote on actually runs the same software come election day? And more importantly... why would the general public have to trust these machines and our judgment, instead of their own? I think that is a key question for a working democracy.

Re:A lesson taught to other countries (0)

Anonymous Coward | more than 4 years ago | (#29933663)

I would rather agree with you. Really. But rigging a paper ballot voting is, alas, quite easy too --- and quoting your own terms, can be done by people with half a brain --- as, for instance, is often demonstrated in my home country (France). One person was caught last year with ballots hidden in his sockets, ready for stuffing. The election was expected to be so disputed that a few hundred votes could tip the outcome. For one such exposed fraud, how many do go unnoticed?

Re:A lesson taught to other countries (0)

Anonymous Coward | more than 4 years ago | (#29933803)

The thing is this: use both methods.

I'm Brazillian, and live in Curitiba on the state of Paraná. There were around here two contested elections. A mayor one, where the current mayor got re-elected with a very large margin, one that was clearly off the results research institutes made on that election day (it was a technical tie accounting error margins), this in 2000. Other was the last state governor run in 2006, which was VERY close (around 10000 votes of difference) and while the expected person won (the governor got re-elected too) it were prediced a 53-44 win (plus 3% null and white votes) but the actual result was very iff, with a HUGE number of null votes (around 8%). Also, the most iffy results in this election were also from Curitiba (the fastest capital in the country to process the voting, by the way, due to logistic reasons).

Anyway, it's VERY hard to hack or fraud a Brazillian election, talking from a IT specialist standpoint, but it's not impossible. Also, the integrity of a machine must be accepted as trusty without any external audition (only TSE does that before the election day). Luckly, TSE officials are one of the most well paid public officers in Brazil, making them hard to bribe or convince to participate of frauds. Also, they are many and frauding a reasonable number of voting machines would take thousands of officials, if not more.

Election day is the most difficult day to do anything about frauds and whatnot, even if it would look like the most obvious time. The only way a fraud could happen is if you could hack into TSE systems, decrypt the vote day personnel data and know the names of everyone out of the john does that will work on election day with the machines and the voting process, then bribe a HUGE number of them and give them equipment to hardhack the machine the morning of election day or prefab floppies and make them change them after the voting day. Difficult, but not impossible.

The thing is. After voting on the machine the voter must make a paper vote, a physical confirmation of voting, one that would also be collected and if there were ANY suspect of fraud, the physical votes would be also verified. This would still keep the elections fast (here we know who got elected President before going to sleep on election day) but any suspected fraud could be verified by physical outside of voting machines data.

Re:A lesson taught to other countries (1)

marcobat (1178909) | more than 4 years ago | (#29972000)

This has always been the biggest problem with democracy, people don't always vote the way they are "supposed" to.

Missing the point (0)

Anonymous Coward | more than 4 years ago | (#29933675)

This is complete missing the point. Sure, if they are cracked, there is a problem. But if they aren't, they will be labelled as some kind of secure system. Which they aren't.

Why? Because the team that poses the largest risk won't be participating. That is, the team that has the CEO of the company making the machines, and at least one of the developers. Can they change the results? Definitely. Without their work, the results would be zero. Do we trust them? Absolutely not. People are susceptible to at least one major attack. It's called "money".

That's the biggest risk.

Meh (0)

Anonymous Coward | more than 4 years ago | (#29934219)

I'm surprised nobody has implemented something that spits out a receipt that you can use to check online later that your vote is what you originally intended it to be. E.G. if the machines assign a random number to every voter card. Then a receipt is tied to that vote and given to the voter and if he/she fears of voting manipulation, they can go online and check their vote in a database that isn't tied to anything but the random number and what the person voted on.

Why we generally trust the electronic voting (3, Insightful)

jsveiga (465473) | more than 4 years ago | (#29934661)

- You OUGHT to vote if you are a Brazilian citizen between 18 and 70, and is not illiterate. You get in a lot of trouble if you don't.
- You don't register for avery election; you have a "voting ID" valid for every public election.
- You have to vote in a specific designated place (noted in your "voting ID"), generally the closest voting section from the address you provided when getting your "voting ID". If you are away, you have to justify the absence (preferably on a mail office, at the election day)
- Election happens in one day, throughout the country (there may be 2-phase elections, for example for mayor, governor or president, when in the 1st phase the winner does not get more than 50% of the votes - oh, yes, we DIRECTLY vote for president - every citizen's vote has the same "weight").
- Although the voting machine is electronic, when you get to the voting section there are PAPER books with all voters for that section listed, and your ID is checked against that. You sign the book and get a "receipt" detached from it (you have to prove you voted, as it is a legal obligation).

Soo, the electoral authority "knows" how many votes should appear in the results. Generally we do not have Disney characters, dead people, etc. voting, nor people voting in several electoral sections.

As far as I can remember, results have matched the pre-election polls (from multiple sources) quite well. Generally people know in advance what the result will be from each city or even city area, and that can be seen in real time as the electronic counting unfolds at election night (yes, we generally get most results in the night of the election day). I can't recall results being seriously contested by the losing parties (we have MANY parties).

Results are manipulated by "social engineering": Sending buses/boats to collect people from remote locations for voting in "exchange" for voting, trading dental treatment promises, money, death threats, etc. Illegal too, but easier and more difficult to trace than manipulating after the votes were cast.

I trust that there are so many crooks in politics in my country that if a party found a way to manipulate the results after elections, there would be so many me-too-or-else-I'll-tell that it would spread like a wildfire and the results would be awkward enough to be laughable. It is a self-regulating system. If a hacker found a way to manipulate the results, he would not stop at selling the method to one single candidate. I believe the same applies for other voting methods (except the ones which allow Mickey Mouse to register, of course) - it is not the system itself that prevents fraud, but the fact that fraud works both ways, and that the result is not a complete surprise.

In recent international elections you can see in the news that if the results do not match what the population though it would be, it is noticed at once, and people get to the streets (sometimes there wasn't even a fraud, it's just that some people won't accept the losing). It hasn't happened here so far, so we still trust the way it's been done.

Re:Why we generally trust the electronic voting (1)

alberion (1086629) | more than 4 years ago | (#29947048)

- You OUGHT to vote if you are a Brazilian citizen between 18 and 70, and is not illiterate. You get in a lot of trouble if you don't.

No You don't. You have to pay about R$4 (USD 2) per election you miss, with a maximum of three elections. So you would have to pay about R$12 if you never go to vote, but need your voter id normalized (in case you decide to vote or get a public job). That is it. The only inconvenience is that you have to go to the voting registry place to do this, and it usually only opens in business hours.

Re:Why we generally trust the electronic voting (1)

jsveiga (465473) | more than 4 years ago | (#29949142)

"in case you decide to vote or get a public job"

that's not the whole trouble,

1 - you cannot even apply for a public job selection exam
2 - you do not receive your salary for the 2nd month after the election if you have a public or somehow government-related job
3 - if you represent your own business, you cannot participate in government bids
4 - you cannot renew or get a passport or ID document
5 - you cannot renew your registration to go on studying for free on public schools
6 - you cannot get loans from financial entities ran by the government

(4) is already a lot of trouble to me, as although my job is not government-related (we do sell for the army, but I do not represent the company legally), I really need my passport to be able to work.

And as I pointed out, you CAN justify your absence, which is even easier than to pay the fine at the electoral justice. The law says you OUGHT to vote, and there is a lot of trouble if you don't. But yes, you can justify the absence or pay the fine (I didn't know it was so cheap though!).

Either voting, justifying, or paying the fine, there's accountability, or you get in trouble.

The point is that the electoral justice knows with some precision how many (and from where) votes are expected, which makes frauds a bit harder - at least one tiny advantage of the (otherwise stupid) obligatory voting over methods which allow dead people, outsiders, and Disney characters to register and vote.

Hacking an election: easier than it sounds (2, Interesting)

fgouget (925644) | more than 4 years ago | (#29934677)

A lot of people seem to believe that hacking an election that uses electronic voting machines is so hard it's the stuff of science fiction.

However some time ago I came across an article [ieee.org] describing how an unknown group hacked the Vodafone-Panafon cell-phone system. To me this hack conclusively proves that these groups have the technical and financial resources necessary to steal an electronic voting election.

Consider:

  • They tapped the cellphones of Greece's prime minister and over 100 high-ranking dignitaries. All people for whom security is important and who would have noticed if something was amiss.
  • They hacked into Vodafone's switches: equipment that's rarer and more expensive than voting machines.
  • They had to hot-patch the software in memory since these switches are almost never rebooted. No such trickery is needed for voting machines.
  • They also had to ensure their hacks would evade detection and survive the regular software upgrades. In particular these upgrades perform checksums on the running software to ensure the starting point is as expected. But hey had countermeasures to avoid detection by these checksums. Not an issue you have if you hack the voting machines at the right time before the election.
  • To evade detection they also had to make sure none of their activity would be visible in any of the audit logs.
  • Yet, they remained undetected for over 6 months and where only detected by chance. In an election your hack only has to remain undetected for one day, then it can wipe itself clean and you've won.
  • The group who performed this hack was never identified.

I'm a brazilian and i work at elections. (1)

bircho (559727) | more than 4 years ago | (#29935539)

Paper ballot is far from perfect. I think we are better this way. People will not hack a voting machine to win, just buy votes. It's easier. Brazil is a very big country and counting votes was always problematic. Now we have a official result in the same day. Elections for legislative branch was a problem too. People wrote the name or a nickname of a candidate, or just swear. A monkey (or another animal from a zoo, can't remember) was elected years ago as a prostest. Buying votes is harder too. They just took people who cant read and gave a paper already marked.

They have a way to corrupt elections (1)

leopinheiro (1668409) | more than 4 years ago | (#29936921)

I have also worked at elections in Brazil. Governors in Brazil almost always do every kind of trick to take "advantages": take money from the taxes (steal), put their relatives and friends in government jobs, put people in government jobs in exchange to receiving comission on the person's salary. And most of the governors have what is called "parliamentary immunity", which in most cases is applied to common crimes (not only crimes regarding the public administration). Very rarely any member of the parliament is convicted for crimes in the public administration or crimes in common life. See Sarney, the president of the Senate, he had a butler in his home, which was registered as a worker in the Senate (Sarney's home is many thousands mile away from the Senate), the butler's salary was about R$12.000 (about 6,800 dollars), quite a big money. But for this and for many other corruption proved facts, Sarney was considered innocent, and he still is the president of the Senate. The butler left Sarney's house and was admitted in the Senate as a worker, because he has the "public worker" status and so can't be fired. What a shame. Corruption is installed in every milimeter of public administration in Brazil. They always come up with innovative ways to do whatever they want. Therefore, some people in Brazil are convinced that the electronic elections are corrupted. If the elections are not being corrupted, this is going to be the first case in the Brazilian history in which corruption has not won.

Re:They have a way to corrupt elections (1)

alberion (1086629) | more than 4 years ago | (#29947082)

Actually, I don't think the election numbers are manipulated in any way in Brazil. Simply because there is no need... People keep voting on these guys and these guys keep the people dumb enough to elect them. If democracy worked, companies would use it. Companies strive to always use the most effective and cost efficient system to manage themselves. It is the law of capitalism, if there is a better way and you don't adapt, you are going out of business. The fact that companies do not use ask the employees to vote on their board of directors should speak enough about how much democracy works.

Re:I'm a brazilian and i work at elections. (0)

Anonymous Coward | more than 4 years ago | (#29939893)

It was a hippo from Rio's zoo. Cacareco was his name, IIRC.

Re:I'm a brazilian and i work at elections. (0)

Anonymous Coward | more than 4 years ago | (#29944994)

There was an animal in Rio and another in Sao Paulo. One of them was a hippo. Both were elected.

Pehaps it's worse in America (0)

Anonymous Coward | more than 4 years ago | (#29935799)

Electronic voting seems to be a success in India (simple electronic box) in Brazil and in other places.

I suspect the machines are popular and corrupt because of the people in power when they were implemented.

I can't say much more because this site does not allow politics.

thanks

Inner enemy / Stalin (0)

Anonymous Coward | more than 4 years ago | (#29938079)

The major point is that the hackers dont know the inner details, so the worst enemy is someone from inside that could sell this kind of information. If all the source and hardware specs are public in the internet, ok. But it isnt, so....
Another point. Stalin said: "t is enough that the people know there was an election. The people who cast the votes decide nothing. The people who count the votes decide everything". Go after the counting software. The software that receives all the information and consolidate maybe more crucial.

Contest Reason (0)

Anonymous Coward | more than 4 years ago | (#29996922)

This process is the result of a group asking that the code of the voting machines be released for public inspection. We all know how bad can security by obscurity be, and instead of releasing the source code for validation by all Brazilians they put this contest on as a show for marketing that the electronic voting is secure. This group that wants the souce code has met candidates that voted for themselves and ended up with no votes on the elections. So we can assume with a good probability that this voting machines has malicious or bugged software in them.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...