Forgot your password?
typodupeerror
Government Security Your Rights Online

Hackers Fail To Crack Brazilian Voting Machines 143

Posted by kdawson
from the voting-envy dept.
blueser writes "From Nov 10th to Nov 13th the Brazilian Government hosted a public hacking contest to test the robustness of its voting machines. 38 participants from private and public IT companies (including the Brazilian Federal Police) were divided into 9 teams, which tried several different approaches to try to tamper with the software installed on the machines, and even to physically interfere in other stages of the process. All attempts (aside from a minor one which would not compromise the overall results) failed, and observations from the participants and neutral observers will be taken into account to improve the process even further. Here is the official announcement for the contest (Google translation; Portuguese original). A summary of the results is available in the Brazilian press (original). Brazilian voting machines use Linux." US voting officials ought to be envious of their Brazilian counterparts, or ashamed, or both. Perhaps this MIT-developed cryptographic voting system offers a way forward.
This discussion has been archived. No new comments can be posted.

Hackers Fail To Crack Brazilian Voting Machines

Comments Filter:
  • by Anonymous Coward on Sunday November 15, 2009 @03:09AM (#30104512)

    Failure to find a flaw does not prove absence of a flaw. Even if it did, I still need to trust the people handling the machines that the machines I'm voting on are the ones that were tested, because there is no way for me to verify that in an actual voting situation. A paper ballot vote is completely observable and does not require trust. Electronic voting is unnecessary and undemocratic.

  • Re:Hmm... (Score:5, Insightful)

    by Z00L00K (682162) on Sunday November 15, 2009 @03:09AM (#30104516) Homepage

    Obviously this puts a lot of software produced in the US to shame.

    Today it seems like it's all about selling something crappy for money in the US with an EULA where you free yourself of all responsibility.

    And when someone points out the flaws the lawyers are called in to hide the fact that there is a gap that can put Grand Canyon to shame.

    No wonder that the world has suffered so much malicious software.

    Sure - call me a troll, but it's also an observation. Time to market is more important than quality.

  • Re:Hmm... (Score:3, Insightful)

    by darkpixel2k (623900) <aaron@heyaaron.com> on Sunday November 15, 2009 @03:39AM (#30104622) Homepage

    Time to market is more important than quality.

    Yeah look at Ubuntu. Every 6 months on the dot no matter what the quality.
    And uuh...yeah...Look at Vista. Was that 6 or 7 years to market?

    Your statement doesn't hold up. ;)

  • by Narpak (961733) on Sunday November 15, 2009 @03:52AM (#30104658)
    Yet I find the concept of actively encouraging people to hack your system, through for instance competitions, far more comforting than insisting that the only security is total secrecy. Particularly in the field of electronic voting systems.
  • by gzipped_tar (1151931) on Sunday November 15, 2009 @04:37AM (#30104792) Journal

    1. How do you know that "A paper ballot vote is completely observable and does not require trust"?

    2. "Electronic voting is unnecessary and undemocratic." -- There are democratic political systems and undemocratic ones. There are no such thing as "democratic" or "undemocratic" technology. Technology is neutral; it depends on who is using it and how it is used.

  • by dvice_null (981029) on Sunday November 15, 2009 @04:57AM (#30104836)

    > Failure to find a flaw does not prove absence of a flaw.

    And failure to find an unicorn doesn't prove absence of a unicorn. I claim that there is no flaw. It is now your job to find the flaw and prove me wrong.

    > A paper ballot vote is completely observable and does not require trust.

    So you think that computers can't be trusted, because you don't trust people handling them, but you can trust paper, because you trust people handling them?

  • by Yvanhoe (564877) on Sunday November 15, 2009 @08:26AM (#30104932) Journal
    I would also add that having an uncrackable machine from an exterior attacker says nothing about the ability of a government to tamper an election.
  • by Anonymous Coward on Sunday November 15, 2009 @08:37AM (#30104970)

    A paper ballot vote is designed to be observable. You can simply look at all the steps in the design and see that you can observe what's going on.

    Electronic inherently relies on trust in an authority of some kind (e.g. the company which built the system, or a certification agency which vouches for the validity of the system). That is a fundamentally undemocratic property, therefore electronic voting is undemocratic.

  • Re:Nice idea (Score:1, Insightful)

    by Anonymous Coward on Sunday November 15, 2009 @08:43AM (#30104994)

    There are a zillion things you can do to improve security, a hacking contest is one of them.

    No, it's not. A hacking contest is nothing but a marketing instrument. It is meant to distract the public so that they shift their attention from the fundamental, inherent problems of electronic voting to mere problems of implementation. Apparently it's working.

  • Re:Wrong solution (Score:2, Insightful)

    by KClaisse (1038258) * on Sunday November 15, 2009 @08:53AM (#30105040)
    How could you then verify a person's claim that their vote was changed? How do you prove that they aren't just changing their own mind at the last minute? I mean if every single vote in a voting machine was changed then you could very easily say that there was some tampering involved, but say a person tampered with many many systems across many states. And then say this person tampered with only a small percentage of votes on each machine and only to a randomly selected group of people (no connections to each other, random number of people). Then it wouldn't be apparent that there was any tampering involved, just a few people who wanted to change their vote after the fact. Just my thoughts....
  • Re:Florida 2000 (Score:1, Insightful)

    by Anonymous Coward on Sunday November 15, 2009 @09:11AM (#30105130)

    I see that your experience with the process is from an environment which has already abandoned the democratic system of using a pen to make a cross in front of the name of the candidate or party of your choice and putting the ballot in a ballot box that is under public supervision. That box is usually opened at the end of the day, also under public supervision, and the votes are counted (again, in public). An electronic voting system may be an improvement on the very flawed system that you associate with paper ballot voting, but it is a huge step back from a proper democratic election.

  • by C0vardeAn0nim0 (232451) on Sunday November 15, 2009 @09:16AM (#30105144) Journal

    except that if you read the arcticles, you'll see that it was more an auditing proccess done by several diferent professionals than an actual contest.

  • by PopeRatzo (965947) * on Sunday November 15, 2009 @09:23AM (#30105202) Homepage Journal

    It's funny that they'd crow about the fact that "hackers" couldn't break their security in three days. Hacking a voting machine isn't a timed athletic contest. It might take 4 days, or a week, or a year, but once it happens, the damage from a hacked election could be catastrophic for a nation.

    The problem with voting machines is that somebody has to make them, usually a private company. Private companies are after profit. Profit + elections can be a disastrous combination. The effects of private money have turned the US political system into a bad joke.

    The way to secure and fair elections is not through any proprietary technology, that's for sure.

  • Formal proof (Score:1, Insightful)

    by Anonymous Coward on Sunday November 15, 2009 @09:34AM (#30105254)

    I wonder, with all the universities around, and those news about a 'formally proven' OS kernel, if a team of researchers couldn't attempt to formally prove a modular voting software system (maybe using the OS kernel that's already proven)?

    Sure, it may be troublesome, but with government funding, it's a work that can be done, and independently verified by anyone that knows how to read such proofs.

  • by Narpak (961733) on Sunday November 15, 2009 @10:16AM (#30105552)

    Particularly in the field of electronic voting systems a cracking contest is snake oil. That is because the real threat for voting system integrity is not hackers but corruption of people that are in some way in control over the voting systems.

    I will claim that open and verifiable oversight over any voting process is of the utmost importance. However I can not agree that that simply having a cracking contest is "snake oil"; unless it is presented as absolute proof that the entire process itself is incorruptible. The "corruption of people" is an potential threat in all voting systems regardless of method; electric, paper, mechanical, or what have you.

  • Re:Hmm... (Score:3, Insightful)

    by Wooky_linuxer (685371) on Sunday November 15, 2009 @10:28AM (#30105634)
    Yeah, but what is your population? From Wikipedia, about 46M. Check Bras(z)il's: 190M. Your area? 500.000 square km, versus 8 millions and a half. And bear in mind that some of the brazilian population live in areas that only can be acessed by boat or airplane - not a big fraction, of course, but we have much bigger dispersion than Spain or any other European country.
  • by AndrewRUK (543993) on Sunday November 15, 2009 @07:49PM (#30110198)
    I beg to differ. Of course it's not possible for one individual to observe the entire election, but with paper ballots anyone can understand how the election works:
    1. voter goes to polling centre
    2. collect & mark ballot paper
    3. place ballot paper into locked ballot box
    4. when polling is over the locked boxes are taken to the counting location and opened
    5. ballot papers are then counted by hand (machines can be used the speed up the counting, but the option of hand-counting is still there) and the result is announced.

    Anyone can understand how this process works, and can observe it in full (except for the actual point when the voter marks their ballot paper, since it's a secret ballot.) And here in the UK, there are observers throughout, not least from the various political parties (each of whom has an interest in ensuring that there isn't any fraud being committed against them) and the media. And if there's a dispute about the result, the counting can be easily verified.

    Compare this to using an electronic voting machine:

    1. voter goes to polling centre
    2. select preferred candidate on screen and click "vote" (or whatever the UI is)
    3. ...
    4. when polling is over, the numbers from the machines are collated and the result is announced.

    (I have deliberately left out how the votes are actually counted, as I'm not familiar with the actual systems in use, and (more importantly) this is how it will appear to most voters - as a magic box that takes their selections as an input and spits out a result as the output, with no understanding of how it does that.)
    In this system the vast majority of the electorate will have no understanding of how it works, and nobody can observe the actual counting, they are reliant on techies checking the machines and saying "yes, this works properly." And if there is a dispute about whether the machines have counted the votes properly, there is no way to do a recount to verify the result. (I am deliberately ignoring electronic voting machines which produce a paper receipt, because in the event of a dispute the receipts can be counted - the machine is there just providing a faster method of counting.)

    The first step to transparency is for people to be able to understand how the system is meant to work, only then can you move on to confirming that the system does work as it is meant to. Do you see now why paper voting is more transparent that electronic voting?

"You tweachewous miscweant!" -- Elmer Fudd

Working...