Linux-Based E-Voting In Brazil 302
John Sokol writes "I just heard from a good friend and Linux kernel hacker in Brazil that they have just finished their municipal election with 128 million people using Linux to vote. They voted nationwide for something like 5,000 city mayors. Voting is mandatory in Brazil. The embedded computer they are using once ran VirtuOS (a variant of MS-DOS); it now has its own locally developed, Linux-based distro. These are much nicer, smaller, and cheaper than the systems being deployed here in the US. Here is a Java-required site with a simulated Brazilian voting system. It's very cool; they even show you a picture of the candidate you voted for."
Science Fiction! (Score:5, Funny)
It's very cool; they even show you a picture of the candidate you voted for.
Wow! Incredible! I never thought something like that would be possible with a computer!
Re: (Score:2)
Wow! Incredible! I never thought something like that would be possible without a computer!
There, fixed that for you. Speaking of fixing: Why fix something that ain't broken? Voting with Pen&Paper has worked for centuries, there is no need to fix anything.
Re:Science Fiction! (Score:4, Funny)
Yeah, and I mean typewriters worked for ages without having to use Office software, we could go to the moon with a computer that was slower than a modern calculator, and speaking of voting didn't it work just as well without black people and women interfering?
I tell ya, things used to be just perfect the way they were, progress just ruins society.
Re: (Score:2, Insightful)
Not sure how this is a troll. It might be too sarcastic, but it points out how nonsensical "if it ain't broke don't fix it" comments are. There are plenty of things that aren't technically broken, but that still could be done a whole lot better.
Please define "better" (Score:2, Troll)
still could be done a whole lot better.
Better *for whom*?
The people who need to validate the result of an election, or the people who need to manipulate the result?
Re: (Score:2)
still could be done a whole lot better.
Better *for whom*?
The people who need to validate the result of an election, or the people who need to manipulate the result?
You forgot an important stakeholder: Better for the voters, to be able to quickly and easily cast a ballot for the candidates of their choice.
Of course, electronic voting machines can make the system better for any of the above, depending on how they're designed and implemented.
Re:Science Fiction! (Score:5, Interesting)
Brazilian cities were able to know the election results in the same day of voting, before midnight. That's pretty damn efficient.
Furthermore, as fas as trusting or not trusting goes, voting with pen and paper is not as perfect [wikipedia.org] as one might think.
Re: (Score:2, Funny)
Re: (Score:3, Interesting)
Re:Science Fiction! (Score:5, Funny)
Brazilian cities were able to know the election results in the same day of voting, before midnight. That's pretty damn efficient.
That's nothing, here on Argentina, we're able to know the election results months before voting. God bless democracy!
Re: (Score:3, Insightful)
Brazilian cities were able to know the election results in the same day of voting, before midnight.
You mean:
Brazilian mayors were able to rig the election results in the same day of voting, before midnight.
Re: (Score:2)
So what?
There are lots of countries that know the election results the day before voting!
Beat that for efficiency!
Re: (Score:2)
You can get election results the same day of voting if you want, but why is it so important?
Pen and paper is not perfect, but I've worked in IT security and I KNOW how computers work and I'll tell you this: It's a LOT easier to cheat with computers.
Compare:
How easy is it to print thousands of fake votes and sneak them into the various polling centers, destroy the real votes, ALL without getting detected.
vs:
Tampering with the programs/re
Comment removed (Score:5, Insightful)
Re: (Score:2)
Re: (Score:3, Funny)
an alliance of media groups, former politicians, judges and armed drug dealers and militia.
Sure sounds like government to me.
Re:Science Fiction! (Score:5, Informative)
Totally different from the rest of the world.
Actually, it's pretty similar to the rest of the world. Voters are mostly uninformed on the issues and uninterested in getting informed.
Re:Science Fiction! (Score:5, Interesting)
It has worked? I am not so sure about that, for an election to work it has to be void of frauds and offer some guaranties to the electors, like anonymity. Election are not a simple problem, in fact is a very hard one.
The elections on Brazil seem to work fine, in fact many of the "left" parties (Brazil has many political parties) felt their numbers get better after the electronic voting was installed. But the system, as it is now, gives no warranty on how the votes are counted, you have to trust it is working and has not been tampered and as far as I know the code and designs of the voting machines are not open for review by the population.
I trust that the system work, it has shown consistent numbers with the election day pools and as I said the system has been show to give results that are bad for the current government, that is the one witch could more easily tamper with the election, several times.
Re:Science Fiction! (Score:5, Insightful)
That's fine for you, but one principal of a democracy is that the vote is open and transparent. When there's a vote, I can go to the voting place and control that the process works fine. I can verify almost everything important first hand (at least in Germany, where I live). With voting machines, only a few people in the whole world can control the system. Even if the software is free, there are only few people who understand the source code and can verify it. The vote is _not_ transparent.
Oh, and don't tell me that voting machines are unhackable. Here [youtube.com] you can see a voting machine being hacked in 60 sec.
So, you have vs. .
I agree, that elections are not a simple problem, but pen&paper is a simple solution and at the moment the best.
Re: (Score:3, Informative)
Even though I don't think that "our" (I'm Brazilian) voting machine could be much better, I don't think that paper+pen works better.
In the past, when candidate A was part of the government, there used to be a lot of "accidents" with the vehicles carrying the voting papers from locations on which candidate B was known to have a good number of votes.
Re: (Score:3, Insightful)
With electronic voting, you only need one accident. All you need is for someone to accidentally insert a thumbdrive. Or accidentally press the "demo key sequence".
It's so much easier to cheat with electonic voting.
Printing thousands of fake paper votes and moving them into the right locations can be done, but it is a lot more work than cheating with electronic voting.
Even if the source code is validated, the res
Re: (Score:2)
Proper procedures, proper procedures.
All the ballot boxes are shown to be empty before use and locked. In comparison it is hard to prove that a electronic voting machine has zero votes before _actual_ use. There could be a special signal to "turn it on", e.g. a special vote, or even a radio signal, so before the signal it behaves correctly. Believe me I've worked in IT security I can think of lots of ways to cheat e-voting that are hard to detect.
People are validated and vote (just
Re: (Score:3, Insightful)
While I agree that our election is far from perfect, I don't think that pen & paper is the best solution. It introduces many more places where it can be frauded, the accounting, false ballots and much more. A unified electronic voting has many advantages and can be made more safe by adding cryptographic receipts, for instance.
I know that electronic voting can be hacked, but if you raise the bar too high it start to get impractical hacking. Compromising single units can be easy, but if it can be detected
Re: (Score:2)
Re: (Score:2)
Hmm, the fact that at least one e-voting machine can be broken into in less than 60 seconds is a tell-tale sign that there's something wrong with the system.
Besides, the election could easily be rigged by someone in control of the software, EVEN if your TSE (Portuguese for Supreme Electoral Court, I think) allows parties to check it (who knows what's really being loaded into each machine?)
But there's something quite simple that could be done: printing each ballot and depositing it in a sealed box -- just li
Re: (Score:3, Interesting)
I trust it to work better than the old paper one, but the eletronic system is getting less trustworth on every election. The first version of it used a small embbebed system, with no OS, then it changed to a closed OS, then it changed to Linux (ok, better than the closed OS). It's system was entirely (hardware and softwre) verified by several specialists choosed by a transparent process, then comes the closed OS, that can't be verified, and suddenly the transparent process cha
Re: (Score:2)
The elections on Brazil seem to work fine, in fact many of the "left" parties (Brazil has many political parties) felt their numbers get better after the electronic voting was installed
(...)
as I said the system has been show to give results that are bad for the current government, that is the one witch could more easily tamper with the election, several times..
Huh? The current government is left...
Lula's Worker's Party [wikipedia.org] is partly center-left (regarding the economy) and partly far-left (international relations - befriending Hugo Chavez, Evo Moralez, Fidel Castro and claiming that FARC are not terrorists - and relations with armed groups such as the Landless Rural Workers Movement [wikipedia.org] and the Poor Peasant League, which are currently allowed to impose their ideology by force [wikipedia.org], such as seizing the property of land owners that said movements judge as being too rich, destroy
Re: (Score:2)
Yes the current government is left, but when it was elected the government were from right and we were already using the same electronic voting as today. Also, after the presidential election there were already other election, state elections, that were won by right wing people (mainly after the scandals you cited).
Sure if compared to the US we are very left indeed.
Re: (Score:2)
I'm sorry??? There are a LOT of accusation of frauds *ant* tampering. Maybe you should take a look at http://www.votoseguro.org/ [votoseguro.org] . Whether these are real frauds or not, we'll probably never know.
Re:Science Fiction! (Score:5, Funny)
Problem is it's too complicated for american voters. Punching a hole in next to a name was too complicated. typing in a 2-4 digit code? are you MAD??
Expecting Americans to have that level of ability is ridiculous. It's why Diebold is designing systems that are far easier to use. you go and vote, and it registers the vote they think you should have voted.
It's far more accurate and eliminates problems.
Re: (Score:2)
Re: (Score:2)
Problem is it's too complicated for american voters. Punching a hole in next to a name was too complicated. typing in a 2-4 digit code? are you MAD??
Problem is, such people are allowed to vote. I realize that the right to vote is vital to a nations upkeep, but would you really trust that to people unable to remember and input four digits? I'm not suggesting we disenfranchise people we don't disagree with, just those who take voting lightly enough to 'oops' a candidate into office.
(Incoming downmods in 4...3...2...)
Re: (Score:2)
I'll just go ahead and put a post-it somewhere to remind me not to post before having coffee.
Re: (Score:2)
Do you think this leaves any egg on the faces of the board at Diebold (or whatever name they will be using in November)?
No, they won't bother acting embarrassed about how poorly their machines perform, or the cost for those machines. What they will be busy doing is building plausible denial stories so they won't actually be fingered for fixing the vote. Honestly. I mean come on, how else is W going to get elected again? It would seem that in recent history, every voting scandal ends up electing a Republican
One reason this simulator is so cool... (Score:2)
Great! (Score:2)
Re: (Score:2)
Re:Great! (Score:5, Informative)
Now where is the link to the source code and how can I verify that it is the code that was really running on the machines?
As a matter of fact, contrary to what Wikipedia says, the source code *is* available. The Ministério PÃblico (something like the public prosecutor in US), the OAB - Ordem dos Advogados do Brasil, an organ that congregates all lawyers in the country and any of the political parties can have access not only to the source code but to the compilation, digital signing and installation process. They also can run simulations and test the system for security and fraud and request any ballot to be audited. The whole software and data is also available for 2 years after the election. During the election days, representatives of any party can stay at any polling station to be sure that the election is not being rigged in this point. Personally, I think our system is quite secure and would require a major conspiracy involving basically everyone.
Re: (Score:2)
You forgot to say some things:
1) Diebold is the hardware provider.
2) The source code for VirtuOS is not available. As TFA suggests, it'll be fixed in the future.
3) There's no paper trail. Then, you *have* to trust what the machine says.
4) New *improved* machines were tested in three cities. These improved machines have "biometric recognition" [globo.com] of the voters. Aren't you scared of being identified in the same machine you are using to put your vote?
5) In some remote locations [brasilportais.com.br], a notebook + special hardware poin
Re: (Score:2)
I suggest you check your facts a little more carefully.
1) Yes, Diebold provides the hardware but just because Diebold bought Procomp. The hardware was developed here and also can be audited.
2) The machines are running linux now.
3) There's no paper trail for all the machines but a percentage of them have it and they are randomly distributed.
4) I don't like that either but anyway you have to identify yourself when you are going to vote so you are already identified anyway.
5) Yes, it's a weeker point indeed bu
Re: (Score:2)
I suggest you check your facts a little more carefully. 3) There's no paper trail for all the machines but a percentage of them have it and they are randomly distributed.
AFAIK, every single ballot leaves a paper trail at the end of the election. These are distributed to the parties as soon as printed, and in fact most of them already had a good idea of the results long before the official results come out.
Re: (Score:2)
I was talking about the printing of the individual votes. In this case only a percentage of the machines have it but you are right. The summary of the ballots are done automatically once the closing time is achieved.
Re: (Score:2)
I never said it's impossible to fraud it but it has a lot of advantages over the paper system. For one, there's no doubt if a vote is valid or not and it can be counted very fast and accurately. Actually, in 1 hour after the closing time for voting, we already had the results in several cities.
Re: (Score:2, Informative)
Tampering the elections on a paper based election was really the rule here in small cities. That's pretty easy. One VERY simple method used carbon paper so that the vote for each one would be copied and could be delivered to the candidate as "proof of voting" to retrieve some bucks from him.
Another problem recurrent here in the times of paper: illiterate people vote here. When they had to write down the name of the candidate, it was a nightmare to decipher the vote. It
I'll bite (Score:3, Interesting)
First, mobile phone cameras, or any other, were forbidden in the ballot - though from my experience this was only enforced in areas where there were a reasonable possibility of people selling votes or being coerced to vote, such as in Rio de Janeiro.
Second, no one said the process was unhackable. It is just much harder to hack than a paper and pen election. It is auditable by anyone with sufficient technical expertise, and that is good enough for mosrt people who care.
And finally, shut up and at least do
Re: (Score:2)
I don't see why you think that's my idea. What I said above is exactly the oposite, that the source code (and the whole process, btw) is available to several different organizations that have nothing to do with the government, including oposition political parties but answering your question, I don't think we should fear the government, the government should fear us and should be trusted to a certain point, open to debate and with all the possible auditing tools we can have. Blindly, never :)
Another slow news day? (Score:2)
I mean really , Linux getting used for some large public function might have been news back in 1998 , but whats the big deal in 2008? Some stories about some unusual OS's being used in unusual situations , say CP/M still controlling a nuclear reactor , now THAT would be interesting. Linux gets used in voting system? ZZZzzzz......
Re: (Score:3, Interesting)
Now, of course you could modify a linux machine as well, but with a potential army of hackers the security risks are handled much like the security in Linux: Assuming that for every one hacker that is malicious there is usually one or at least two that spot a problem and bring it to light.
Re: (Score:3, Informative)
say CP/M still controlling a nuclear reactor , now THAT would be interesting.
Why... It is probably more common then you think. In the US Nuclear Plants are aging and the Liberal Hippies will not fund to keep them up to date, as Nuclear is Bad OK. It is actually quite common to see old computers running Nuclear systems. As they have work for decades and there is no reason to risk a new system that may have problems.
When will we have web based voting (Score:5, Interesting)
We have web based banking. Why not web based voting?
If anyone thinks I care more about who I vote for than the money in my bank accounts (and my liability for debt) they're disillusional. The politicians are all just different monkeys screeching different things that suit them. In the last election I voted for (mandatory council elections) I didn't know or care about the candidates who'd only shown their faces 2 weeks beforehand. On the ballot I wrote "Fuck them liars all. This form of democrasy a joke". Am I the only one that thinks it's hilarious that we can bank online but not vote online?
Re:When will we have web based voting (Score:5, Insightful)
Risk of fraud. Under the current system I can't go out and bribe, blackmail or threaten voters, because I have no way of determining whether or not they voted as I asked. 'Vote for X or I break your legs' doesn't work if I cannot find out whether or not any given person actually did vote for X. But while you can take steps to ensure that the polling booth is private, you can't say the same for an internet terminal whose location you do not know and whose configuration you do not control. For all you know the voter's boss is watching him as he votes for the candidate who will restrict workers' rights and remove regulations on abusive bosses.
The moment there's a way a person can prove who they voted for to a third party, the secret ballot is dead.
Re: (Score:3, Informative)
I should bloody well hope not. [bbc.co.uk] Immediately after the rules were changed in the UK, so that postal votes were available to anybody who asked for one, without them having to give a good reason why they couldn't vote in person, a great saga of electoral fraud began. Including intimidation campaigns [birminghammail.net] by thugs - of course, entirely without the knowledge of the candidate in question.
Weaken the secrecy of the ballot, and these crooks w
Re:When will we have web based voting (Score:5, Informative)
Actually, in Estonia, there has been web-based elections a year ago. The national ID card has PKI certificates in it and this cryptographically makes it safe. There's more information on the net, ie
http://en.wikipedia.org/wiki/Electronic_voting_in_Estonia
Re: (Score:2, Interesting)
that means that the vote isn't anonymous right?
Re: (Score:2)
Cryptographically safe, yes, but that's just one of the issues. Another issue is that there has to be a way keep your choice secret for *everyone*, even to lie about who you vote. Otherwise someone can force you to vote for one party, either by paying you money or by threatening to do bad things to you (lose your job, membership in a club, shoot you, whatever).
If you can vote from any computer, your employer could threaten you to make you vote from the office computer, and watch you do it. Cryptographically
Re: (Score:2)
Sure you could also have a law that makes that illegal right? So all you have to do is record the incident and voila employer is in jail for a very long time.
If the country doesn't take that law seriously, I think you're in bigger trouble than the lack of anonymous voting.
In practical terms the lack of anonymous voting is no big deal. By the time it becomes a problem, the other problems are far more serious.
Re:When will we have web based voting (Score:4, Insightful)
If you vote on a third party website, you'll trust it with your votes, and its secrecy but, contrary to banks, you will have no way of checking that your vote is correctly accounted for.
Re: (Score:2)
You trust your bank? You trust bankers? Have you not being paying attention lately?
I think the reason why you use banks is similar to the reason why you use Windows.. you have to swim up stream not to.
Re: (Score:2)
Isn't this just a technological problem, though?
I know proving that your vote actually counted without compromising anonymity isn't trivial, but what if you (for example) are given a randomly generated key after voting? After the election, they can publish the keys assigned for every vote, and you can check that your key matches your vote.
Of course, fraud can occur if they assign the same key to multiple voters, but people can voluntarily compare keys after the election to look for clashes. Or maybe some fo
Re:When will we have web based voting (Score:4, Informative)
1. Anonymity of vote (nobody can tell who I voted for)
2. No third party of trust (I do not need to trust anyone, especially thos organizing the election)
3. Trust of count (The votes are correctly counted and totalled)
There are surprisingly little literature around cryptographic system designed to solve these three problems. All the electronic voting system that I am aware of rely on the revocation of one of these properties.
Re: (Score:2)
I think it's hilarious that you don't seem able to even spell democracy any better than you understand it. If you don't care about the election then stfu about the outcome of it.
If you want to vote online then find a candidate who feels the same way about it as you and vote for them. Or run in the election yourself.
Whatever you do though, don't whine on slashdot about it!
Re: (Score:2)
You are exactly right and a bit wrong.
The difference between online banking and online voting has some bit differences.
First there is FDIC for most online banking so if someone hacks into your bank (If you ever did a netcraft what is that site running on your bank, I am sure you will be mortified) you are covered. As well you have legal recourse you can sue your bank for damages for anything loss due to sloppy IT... Which Banks are famous for. Also there is competition, I know this not popular right now to
Re: (Score:3, Informative)
Because banking and voting are different problems. Banking requires accountability (non-repudiation), voting anonymity. There are solutions for both, but anonymous electronic voting that's verifiable while being untraceable is so far unimplemented.
The flexibility and usefulness of paper voting continues to be underrated in these discussions.
It's not that easy... (Score:2)
Running a fair election is not a simple problem. To make sure the voter is legitimate, we must be able to prove their identity. But when it comes to actually casting the vote, we must not be able to know how they voted.
One solution to this dilemma is to require people to physically show up and prove who they are, and then have them cast a secret ballot while they are sequestered in the same room where they proved their identity.
The reason online banking works is because your transactions never need to be
Re: (Score:2)
Next step is a paper trail (Score:4, Insightful)
This is great
I do really miss a paper trail, that is needed in case there are doubts of "fraud", we do not want such doubts, do we ?
Voting, mandatory?! (Score:3, Insightful)
How un-American. Oh wait...
Re: (Score:2)
I think it'd be better if voting were mandatory. Even if you vote "fuck the world", vote.
The best part.... (Score:2)
You can vote for Carmen Miranda for president!
Hurray for the party of music and fruity hats!
IT is a trap ! (Score:4, Interesting)
This is a step back from paper ballots.
Re: (Score:2, Interesting)
Please don't ask me for a quotation, this is not Wikipedia. Go Google.
How Hypocritical (Score:2)
Smaller,nicer and cheap != more secure.
I fail to see where this is better security wise than the Diebold boxes. I love linux, I prefer linux (though I mostly use OS X these days) but just because it runs linux, does not make it better.
And web based voting? Seriously? You are just BEGGING for fraud with that.
Bias .. (Score:2)
Voting in the US using commercially developed machines: Evil! Unreliable! What is the world coming to! US elections unfair! Dictatorship coming soon!
Voting in Brasil using open source el cheapo machines: Profit!! Democratic wonder! Fantastic solution! US could learn from this!
How do you mean, Slashdot is biased..
Don't care which os (Score:2)
I don't trust electronic voting, no matter what runs on the machine.
Void Vote (Score:3, Interesting)
You can vote blank or null vote with that machine. That's good, but I really
want to write %#%@%$!! in the ballot sometimes.
Hardly a shining example of open source (Score:2)
The hardware apparently doesn't include a printer, so there's no paper ballot. And the voting software itself isn't open. The fact that the underlying OS is Linux is almost irrelevant.
Linux doesn't solve voting system problems (Score:2)
. No voter-verifiable receipt
. No code auditing by the general public (only by the political parties, which is a small step-up from the U.S.)
. Process flow problems allowing voter fraud or deception.
. Recounts not possible.
. Vote-stealing possible by poll-workers.
Diebold is a vendor in this system. Interesting that having the opportunity for a complete system rewrite (moving to Linux) didn't eliminate the same design flaws inherent in their o
Re: (Score:2)
Additionally, it should be mentioned that poll workers are randomly chosen from the population, and each section has at least 3 on duty at a given time. It is unlikely they will have the same political leaning, mostly because our political scenario is far more scattered, with some 5+ relevant parties, as opposed to the US bipartidarism.
Besides, the voting procedure makes it really hard for poll workers to cast phantom votes. The machine has two terminals: the one we saw in the linked simulation and another
Review of the voting machine by a poll worker (Score:5, Interesting)
I work at the polls here in Virginia, and we have an electronic voting machine. Here's my review of the Brazilian device compared to ours:
In any event, I think SL geeks are obvious choices to volunteer to be Officers of Election. We know the vulnerabilities of the technology, and have the necessary attention to detail to appreciate the kinds of auditing checks that need to be done to run a fair and open election.
About the Brazilian voting system... (Score:4, Informative)
Some people who work during the elections are volunteers. while others are drafted by the Superior Electoral Tribunal. You can still not go there and do your job as long as you have a strong justification (like not being in the city you vote on the day of election). There is no voting 'in transit' i.e. voting in another city, or in any other 'electoral college' besides your own.
As a compensation, you get a 'lunch ticket' and a letter which entitles you a 1-day off so you can compensate your day working on the Sunday election (just give the letter to your employer, he cannot refuse you the day off, it's part of the electoral law)
By 5:00 PM, no one else can vote. If there is a line, people are given numbers ad only those with numbers in line can cast their votes.
once the last voters finish, the voting system is set to 'closed', meaning no more votes can be computed. at least three paper trails are generated, for three of the people in charge of the voting table. Any one can go there and ask for an extra paper trail, such as me and you. usually, a few people ask for additional paper trails on behalf of their own parties. You can check the paper trail gainst the voters registered for that college, to see if there are any irregularities.
Potentially, a parallel vote counting can be set up, completely contolled by the population, just using the paper trails generated at the end of the election.
The president of the table then takes the machine to the Electoral Tribunal and there they pick up the internal data and do the vote counting.
IMO it's reasonably resistent to tampering, and allow for parallel counting, which makes it resistent to frauds. Yeah, being open source would help for sure, and setting up a country-wide parallel vote counting would be very hard, but it is possible.
I believe the U.S. should just license our technology and be happy with it ;-)
Speaking from Brazil (Score:2)
No paper trail to allow audits. No source code available (that I know off, at least). No guarantee that the binaries loaded on the machines were built from the source inspectors looked (?) at.
It would be nice if people held this at the same "bashing level" anything from Diebold is held; because, really, it's not that different, the way I see it.
Cheers
PS: not implying that was any fraud here, it seems like there wasn't. I'm just said that the current machinery do not allow you to prove it by auditing the r
it's a black box (Score:2)
you put votes in, out comes sausage. how does the machine turn votes into sausage? i don't know, i can't look inside, its not transparent
voters in the poorest nation in the world, and voters in the richest, should all use paper ballots. end of debate
because its TRANSPARENT
it does a rich society no benefit to advance beyond transparency, and any, ANY electronic voting machine does exactly that. the rich country can use ocr for quicker tallying
what is the reason for electronic voting? what is saved? the nes m
true facts about this system... (Score:2, Interesting)
Re:How it's done (Score:4, Informative)
Is like this.
Oh well, I'm sorry that you Americans will have to put up with your Diebold chosen masters in the next election... hope it doesn't turn out too bad for you.
From the wiki:
In 2004, Diebold-Procomp decided to migrate to Linux as a cost reduction measure.
Did they drop the price of the machines? (Score:2)
Or was the "cost-reduction" going into the CEOs pocket?
Switching to a different OS should be done to improve overall security, not to reduce costs.
Why? (Score:5, Insightful)
I don't see any of the problems resolved.
You can still tamper with the system and there is no verifiable audit.
I don't know that the underlying choice of OS was biggest problem (if I were building it, sure I'd choose Linux) - there are more fundamental process issues that are at fault. Namely, that someone could tamper with the election and no one could (dis)prove it.
Re: Why? (Score:4, Insightful)
At least, here in Brazil, the election results always match the exit polls and no serious allegations of tampering were made. We've been using this system for 10 years without any major problems.
Something that the Americans could learn from the Brazilian system is the simplicity of its use: no touch screen, you just type the number of your candidate in a keyboard that is the same used in telephones and then press a huge green button.
Re: (Score:2)
"Serious" is a bit vague, but you may want to check this: http://www.votoseguro.org/ [votoseguro.org]
In defence of the US (Score:5, Interesting)
Looking at this here:
http://en.wikipedia.org/wiki/Elections_in_Brazil [wikipedia.org]
About half way down it lists the result of the 2006 election : couple of points on that:
(1) There are a lot of parties (~30)
(2) They have low overall control within the parliament (15% max)
(3) The socialists are on top
E-voting or no, if the socialists were to rig the election (a) it would be obvious that they did it, (b) they would have to go all out to make any kind of difference, (c) they are unlikely to have the corporate influence necessary to pull it off and (d) there isn't much you get for it.
In the US, on the other hand, there is effectively two parties each with ca. 50% of the electorate each, so rigging the election is (a) worthwhile and (b) easy to get away with. On top of that the Republicans are very good friends with the people that make the machines, and finally, you get to be 'leader of the free world' and all your buddies get rich.
Means, motive and opportunity - right there. The interface is the least of their worries.
Re:How it's done (Score:5, Insightful)
Crappy software running on linux is just as easy to rig...
the problem with Diebold is political not technical
Re: (Score:2)
not quite. there is one less layer of crappy software in a linux OS/diebold voting software vs windows OS/diebold voting software.
For every layer of crude and useless software you remove from a computer the greater the security will be. Next up replace diebold software with the mostly open source version from Australia, or Brazil. Software that could be vetting by every security specialist around the country faster than diebold can do a single release.
Re: (Score:3, Informative)
Sorry, but mostly machines are built by Diebold who bought Procomp in Brazil.
http://en.wikipedia.org/wiki/Premier_Election_Solutions
http://www.samurai.com.br/urnaeletronica/ue2004/view
Re:How it's done (Score:4, Informative)
All the IP is owned by the Brazilian Government. Diebold is just the assembler with the lowest price.
Not that it makes the machine secure, it is just slightly better than the US situation.
Re: (Score:2)
Sorry, but the machines in brazil are also made by Diebold. :-P The article [ig.com.br] on the "press observatory" shows the design and specifications of the ballots. The article is in potuguese, but it should be translatable.
Re: (Score:2)
The source is available to lawyers or two years after the election? How this makes anyone secure? The source must be available BEFORE the election, for all population, also all the designs of the machines and also the procedures. Everything must be open for examination, otherwise it is not secure.
I do trust the system, because historically it has shown to be able to elect people from the opposition, like Lula, but this is now. The fact that everything is closed is an opportunity for fraud and it should be f
Re: (Score:2)
Maybe I wasn't clear but the source code is available to the Ministerio Publico (judiciary), OAB (lawyers) and all political parties *before* and *after* the elections. They also supervise the compilation and digital signing process to be sure that the final binary came from the source they audited.
The hardware is there for quite some time and, IIRC, is audited independently by the same interested parties and universities.
Re: (Score:2)
I'm sorry but is not enough, the election has to be transparent to all society. How can a bunch of lawyers and judges judge if the code is ok? It is hard even for people in the area, subtle "bugs" can change the result, security from obscurity is no security at all.
As I said before, in other thread, I trust the system as the results have been coherent with pools and what is expected, but it is far from a system that I would trust with my eyes closed.
Re: (Score:2)
The ballots are not connected to the Internet. Voting data is transported on flash cards or floppy disks.
Re: (Score:2)
Some people can't read in Brazil, and they are allowed to vote. It is far easier for them to remember a number (2-digit for mayor, 5-digit for city representative). After you punch the numbers, a picture of the candidate is shown. If it was not the candidate you wanted, you can correct your vote (orange button). If it is right, you confirm it (large green button).
Re: (Score:2)
Well, the name-vote thing is already possible, if you consider that a poll worker has to punch your number in the control terminal before the machine allows you to vote. As I mentioned elsewhere in this discussion, nothing short of the convoluted three-ballot system proposed by a security guru sometime ago can stop this.