Hackers Fail To Crack Brazilian Voting Machines

blueser writes "From Nov 10th to Nov 13th the Brazilian Government hosted a public hacking contest to test the robustness of its voting machines. 38 participants from private and public IT companies (including the Brazilian Federal Police) were divided into 9 teams, which tried several different approaches to try to tamper with the software installed on the machines, and even to physically interfere in other stages of the process. All attempts (aside from a minor one which would not compromise the overall results) failed, and observations from the participants and neutral observers will be taken into account to improve the process even further. Here is the official announcement for the contest (Google translation; Portuguese original). A summary of the results is available in the Brazilian press (original). Brazilian voting machines use Linux." US voting officials ought to be envious of their Brazilian counterparts, or ashamed, or both. Perhaps this MIT-developed cryptographic voting system offers a way forward.

Anonymous Coward

[Anonymous Coward]

Of course not! There were a brazilian of 'em!

Everyone raise your hand...

[Loopy]

...if you think the person who actually cracked it would admit it before cashing in.

Re:

[KamuZ]

How would you have done it to be sure everything went OK?
No risk to sell the hack to a candidate or tamper data just for the kicks.

Sincerely, i can't think on any.

Doesn't change a thing

[Anonymous Coward]

Failure to find a flaw does not prove absence of a flaw. Even if it did, I still need to trust the people handling the machines that the machines I'm voting on are the ones that were tested, because there is no way for me to verify that in an actual voting situation. A paper ballot vote is completely observable and does not require trust. Electronic voting is unnecessary and undemocratic.

Re:Doesn't change a thing

[gzipped_tar]

1. How do you know that "A paper ballot vote is completely observable and does not require trust"?

2. "Electronic voting is unnecessary and undemocratic." -- There are democratic political systems and undemocratic ones. There are no such thing as "democratic" or "undemocratic" technology. Technology is neutral; it depends on who is using it and how it is used.

Re:

[gzipped_tar]

D'oh, my last sentence was malformed. I wasn't really paying attention to what I was typing. I meant to say "Technology is neutral; its outcome depends on who is using it and how it is used." FTFM.

Re:

[Anonymous Coward]

A paper ballot vote is designed to be observable. You can simply look at all the steps in the design and see that you can observe what's going on.

Electronic inherently relies on trust in an authority of some kind (e.g. the company which built the system, or a certification agency which vouches for the validity of the system). That is a fundamentally undemocratic property, therefore electronic voting is undemocratic.

Paper vote inspection is sampled

[mangu]

You can simply look at all the steps in the design and see that you can observe what's going on.

How can you, personally, be sure that every vote in every ballot in the country was counted correctly? Paper votes are sensitive to "economic power" frauds. The party which can put more inspectors in the process is the one which controls the counting.

In Brazil there was a big affair in the 1982 Rio de Janeiro state governor elections, when the leftist candidate Brizola [wikipedia.org] denounced an attempt to subvert the vote counting, in what became known as the "Proconsult scandal" [google.com]. According to Brizola's party [pdt.org.br], this fraud attempt was performed with the collusion of the right-wing media organizations, which presented fake exit polls indicating a victory for the rightist candidate.

In any major election there are many people working together and one must inevitably trust a lot of people involved in the counting. No ordinary citizen has the resources to monitor an election by himself, the support of the party is needed.

In these days, any political party should have lots of people who know and understand computing technology. It's much easier and cheaper to let a trusted team of computer experts do a thorough audit on the software than to get a large team of scrutineers to watch every little detail where a paper ballot can be defrauded.
 

Re:

[gzipped_tar]

It's much easier and cheaper to let a trusted team of computer experts do a thorough audit on the software than to get a large team of scrutineers to watch every little detail where a paper ballot can be defrauded.

/academic mode on

Actually this point could be pushed a step further.

The verification of the correctness of a computer can even be made automatic. At least in theory. We won't even need a team of human experts. Furthermore, once a particular model of machine pass the verification, it could be expec

Re:

[corrie]

Basically, just because many current implementations of electronic voting are failures, don't blame the concept of electronic voting. As the polulation grows, electronic voting has the potential to make voting more accessible, fair and efficient. Paper voting does not.

You can cheat using either paper voting or electronic voting.

Just because you can cheat in any particular system does not make it undemocratic.

Re:

[lennier]

"There are no such thing as "democratic" or "undemocratic" technology. Technology is neutral;"

That's not actually the case.

The basic architecture of any system is NOT politically neutral, it very deeply influences how that system can be used and whether control is centralised or distributed. If you want a stable democratic system, you really need distributed control - otherwise, you will constantly be fighting the centralisation tendency of the architecture. In a centralised system, even with your best effo

Re:

[corrie]

What is the point of standing next to someone counting the paper? Can you stand next to all of the people counting the papers, right across the country? Were you standing next to all of the ballot boxes at all times?

The paper voting system is exactly as transparent as electronic voting.

Re:

[AndrewRUK]

I beg to differ. Of course it's not possible for one individual to observe the entire election, but with paper ballots anyone can understand how the election works:

1. voter goes to polling centre
2. collect & mark ballot paper
3. place ballot paper into locked ballot box
4. when polling is over the locked boxes are taken to the counting location and opened
5. ballot papers are then counted by hand (machines can be used the speed up the counting, but the option of hand-counting is still there) and the result is announce

Re:Doesn't change a thing

[dvice_null]

> Failure to find a flaw does not prove absence of a flaw.

And failure to find an unicorn doesn't prove absence of a unicorn. I claim that there is no flaw. It is now your job to find the flaw and prove me wrong.

> A paper ballot vote is completely observable and does not require trust.

So you think that computers can't be trusted, because you don't trust people handling them, but you can trust paper, because you trust people handling them?

Re:Doesn't change a thing

[Mr. Freeman]

"I claim that there is no flaw. It is now your job to find the flaw and prove me wrong."

Not really. It is your job to prove to me that there is no flaw. It's the same thing with a paper ballot. You still have to prove to me that there is not a flaw in the paper ballot. Of course, I can look over the ballot in all of about 15 seconds and see that it's the correct ballot. It's far harder to find a race condition in a voting machine running proprietary software that causes miscounted votes.

Re:

[icebraining]

It's far harder to find a race condition in a voting machine running proprietary software that causes miscounted votes.

That's why these voting machines run Linux and an OpenSource counting software.

Re:

[maxwell demon]

And how do I, as voter, verify that at the time I'm casting my vote the machine is indeed running that exact open source software, and not some other software which presents me with the same interface, but skews the results? With paper ballots at least I can know that whatever I vote really ends up in the ballot.

Re:

[Patch86]

Proving the absence of something is impossible, or close to it. No matter how hard he looks and says "it still seems to be flawless", you can ALWAYS claim that there is still the possibility of a hidden flaw.

It's always the job of the person claiming the existence of something to prove it, not the other way around. If you think there is a flaw, show us your proof, or at least your reasoning. If you can't, we wont have reason to believe you.

Is a Lie from Brazilian TSE

[TheDarkMaster]

First, is not the Brazilian goverment but the Tribunal Superior Eleitoral (supreme election jury or something like this in English).

And all the test is a ugly lie.

The... "hackers" are public workers, not really hackers. And they are forbidden to use really "hacker" methods like disassemblers, sniffers and etcetera, only the "approved" methods. Is like you ask to a thief to try to bypass your security system, but allows then to use only a paper clip. Ridiculous, but the TSE do not care.

Re:

[TheDarkMaster]

My point is: If you really need to test if your system is secure, you cannot say to the "thief" what he can try or not try. You say to then "try all you can do", and if he after this is unable to invade, your system passed on test.

Re:

[Mr. Freeman]

There is no way for you to verify that the paper ballot you are using is an actual legitimate ballot. I suppose you could call some city department and have them certify the ballot, but you could do the same thing for the voting machines. Electronic voting is not necessarily undemocratic. It's only undemocratic if it's being used in an undemocratic way. You could abuse paper ballots the exact same way you could abuse electronic machines.

The only real difference here is that no one has tried to sell the

Florida 2000

[mangu]

A paper ballot vote is completely observable and does not require trust

I beg to disagree. Apart from things like hanging chads and butterfly ballots [wikipedia.org], which can be corrected by proper voter instruction, paper ballots are subject from a large number of possible frauds, ranging from relatively unsophisticated methods like ballot stuffing to more advanced methods like ballots numbered with invisible ink.

Besides, as every corrupt politician knows, the best way is not to commit fraud at the ballot itself, but at

Re:

[Anonymous Coward]

I see that your experience with the process is from an environment which has already abandoned the democratic system of using a pen to make a cross in front of the name of the candidate or party of your choice and putting the ballot in a ballot box that is under public supervision. That box is usually opened at the end of the day, also under public supervision, and the votes are counted (again, in public). An electronic voting system may be an improvement on the very flawed system that you associate with pa

Re:

[mangu]

the democratic system of using a pen to make a cross in front of the name of the candidate or party of your choice

Don't you mean after [dccofc.org] the candidate's name?

That box is usually opened at the end of the day, also under public supervision, and the votes are counted (again, in public)

Yes, and being in public means no mistake is possible [wikipedia.org], right?

only where necessary

[reiisi]

Electronic balloting machines should be used only where necessary, for people who physically need help.

And they should simply print a bubble sheet like the ballots everyone else uses.

A ballot recorded only electronically is too hard to observe in a meaningful way.

for what it is worth...

[Sir_Lewk]

Cracking contests are warning sign number 9 on Bruce Schneier's list of security snake oil warnings. [schneier.com]

Warning Sign #9: Cracking contests.

I wrote about this at length last December: . For now, suffice it to say that cracking contests are no guarantee of security, and often mean that the designers don't understand what it means to show that a product is secure.

Re:for what it is worth...

[Narpak]

Yet I find the concept of actively encouraging people to hack your system, through for instance competitions, far more comforting than insisting that the only security is total secrecy. Particularly in the field of electronic voting systems.

Re:

[noidentity]

Yes, inviting attempts to crack the systems, but trumpeting the fact that nobody publicized a successful crack isn't reassuring. Consider the rewards. Win cracking context: $MONEY. Manipulate election: $POWER + $BIG_MONEY.

Re:for what it is worth...

[Narpak]

Particularly in the field of electronic voting systems a cracking contest is snake oil. That is because the real threat for voting system integrity is not hackers but corruption of people that are in some way in control over the voting systems.

I will claim that open and verifiable oversight over any voting process is of the utmost importance. However I can not agree that that simply having a cracking contest is "snake oil"; unless it is presented as absolute proof that the entire process itself is incorruptible. The "corruption of people" is an potential threat in all voting systems regardless of method; electric, paper, mechanical, or what have you.

Re:

[Nathrael]

And in addition - who knows, maybe they actually *did* find something and "just" don't want to disclose their findings, instead preferring to use the exploits themselves. Latin America is a rather less-than-stable political climate, after all.

Re:

[BoppreH]

Given the low prize, it's highly possible.

But Brazil does have a stable political climate. Lot's of claims of corruption, but everything have been on its tracks for so long that is boring.

Re:

[Anonymous Coward]

Latin America is a rather less-than-stable political climate, after all.

You shouldn't generalize. Florida [wikipedia.org] may be part of Latin America by now, but it's certainly not in Brazil.

Re:for what it is worth...

[Yvanhoe]

I would also add that having an uncrackable machine from an exterior attacker says nothing about the ability of a government to tamper an election.

Re:

[Anonymous Coward]

Yeah. On other side, in a famous powerfull contry, To tamper a election you have to only cause problems and delays when couting the papers, so you can have a court to rule at your favor, at some famous state, at a re-election of an beloved guy.
So in this case you don't have to do a risky count.

Re:

[C0vardeAn0nim0]

except that if you read the arcticles, you'll see that it was more an auditing proccess done by several diferent professionals than an actual contest.

Re:

[swillden]

Cracking contests are warning sign number 9 on Bruce Schneier's list of security snake oil warnings. [schneier.com]

Warning Sign #9: Cracking contests.

I wrote about this at length last December: . For now, suffice it to say that cracking contests are no guarantee of security, and often mean that the designers don't understand what it means to show that a product is secure.

It should be pointed out that Schneier was talking about ciphers, not voting machines, and he was talking about companies announcing cracking contests and using the announcement as an indication of security, in lieu of actually providing enough information to allow serious review of security.

It's the combination of secrecy and cracking contests that is the snake oil warning sign. The only way we can determine if something is secure is to have lots of smart, knowledgeable people with full access to the de

Re:

[Xest]

Yes, and to put it into context this is the same Brazilian government that asked it's nations botanists to do an audit of all known plant species in the country to get an idea of how many were endangered for an official report. The botanists used the criteries set by CITES - the international treaty on endangered species, to classify the status of the plants and around 3000 species were endangered.

After delaying and delaying when no one could understand why, the government finally released the compiled list

Nice idea

[quantaman]

Of course this doesn't really guarantee it's secure (nothing does) but it indicates they're taking security seriously. I am curious if they had full access to machines for a while before the competition, 3 days is a lot of time to try out a bunch of exploits you've worked out, but it's not a lot of time to try to find those exploits if it's the first time you've seen the system.

Re:

[quantaman]

It indicates no such thing. The only thing it shows is that they understand public relations. It's a marketing effort.

It's not a great indicator but it is an indicator.

There are a zillion things you can do to improve security, a hacking contest is one of them.

Now this is relying on the fact that the contest was done fairly, which I don't know. That's one of the reasons I questioned if they had access to all the available info before hand.

And voting machines aren't a typical software security situation. For software you can make the software available to anyone who wants a crack at it (har har!). But for voting machines the

Re:

[Anonymous Coward]

There are a zillion things you can do to improve security, a hacking contest is one of them.

No, it's not. A hacking contest is nothing but a marketing instrument. It is meant to distract the public so that they shift their attention from the fundamental, inherent problems of electronic voting to mere problems of implementation. Apparently it's working.

Re:

[Patch86]

Says you.

Assuming you aren't a hopeless caveman with a fear of computers, there is nothing inherently bad about electronic voting. Paper voting has been scammed plenty enough times, of course, so it's not like it's tampering with perfection; improving voting security should be a massive priority.

Assuming this is only the end stage of a long a concerted programme of looking at security, it is a perfectly reasonable (and reasonably effective) way or looking for flaws. If it is all they've done, then yes, it'

What about changes in hardware?

[dredwerker]

Didnt some of the American ones have hardware that changed? Slightly but differed to the original spec. Then someone finds a buffer overflow etc.. Its a minefield but then again finance companies manage to have secure machines. You just have trusted people using them. As a pc support person I couldnt touch the two pcs that made millions of pounds in transfers it was the external company that supported them.
Also:
If you cant trust one person - have technical representatives at each pollling station from

What is the threat model?

[Beryllium Sphere(tm)]

Is this exercise realistic given the need to protect against well hidden back doors, tampering by election officials, and sloppy procedures (like letting a vendor install uncertified patches just before an election)? They tested only a narrow range of dangers.

The right way to do something like this is at design time.

They deserve credit, though, for doing things so much better than the US.

Wrong solution

[bwashed75]

Rather than focusing on the machine itself it is much more important to make sure that the results are verifiable. Here's my take:
1) Give the voter a randomly chosen voter number.
2) Reveal the vote for each voter number in some puclic channel. (Yes I mean print each and every one's vote in the newspaper)
3) Extend voter's obligations to include reading the newspaper the next day.
4) Have volunteers count the number of people entering each voting station.

If everyone is happy with his own entry in t

Re:

[Mr. Freeman]

And then how do you verify the million or so people that misread the paper or just want to cause shit and claim their vote was not counted properly? Not trying to rail on your idea, but this does present one hell of a practical problem that needs to be taken into account.

Re:

[bwashed75]

A receit from the voting machine would take care of that. You get a receit back from the machine stating your voter number and your vote. It does introduce the problem that you have to carry a piece of paper revelaing your vote for a while, but you only need to keep the receit until you have verified that the same voternumber+vote combo is registered in the official records. Alternatively you could hand your receit over to someone you trust. If $yourfavouritetrustworhyorg is present at the voting station, y

Re:

[AndrewRUK]

In addition to Mr. Freeman's points, this would weaken ballot secrecy - at present, if someone wants to find out how you voted, their only method is to ask you, and they have no way to verify your answer. With your system, they can demand your voter number and then check the newspaper.

Re:

[AndrewRUK]

Unless you're relying on people to remember their vote numbers, you need to issue the numbers in a written format. And the person wanting to know how you have voted can demand that you show them this written copy of your vote number.

I agree that your system would work if the mapping from voter to vote number can be kept private, but bear in mind that any crypto system involving people is vulnerable to rubber hosing [wikipedia.org].

Re:

[AndrewRUK]

Depositing the receipts with a trusted third party of the voter's choice is only marginally better than not having the anonymised vote numbers, since it means that your still relying on someone else to verify the counting process, and so the only benefit over having "trusted" audits of the voting machines is for those voters who decide to take the inconvenient option of keeping their receipts and checking in the newspaper themselves.

TBH, if you're introducing receipts into the process, why not have the vo

Re:

[KClaisse]

How could you then verify a person's claim that their vote was changed? How do you prove that they aren't just changing their own mind at the last minute? I mean if every single vote in a voting machine was changed then you could very easily say that there was some tampering involved, but say a person tampered with many many systems across many states. And then say this person tampered with only a small percentage of votes on each machine and only to a randomly selected group of people (no connections to ea

What incentive is there?

[Skapare]

If there was a strong incentive or motive, that might have made a big difference. If all you get from success in cracking is the recognition, that won't bring in all the possible methods. OTOH, if there was a genuine and significant prize, like actually taking leadership of the country, or a billion dollars, you might find the machines can be cracked.

Easy

[lord_rob the only on]

If I were here, I'd have cracked the machine with a hammer

What does this prove?

[KClaisse]

Just because a few people didn't find a flaw in the time the spent there doesn't mean there isn't one. If someone found a hack, someone who actually wanted to exploit it, do you actually think they would divulge that kind of information? I would keep my mouth shut and let them think it was secure. Then it would make it even easier when the time came to mess with election results.

Re:

[cameigons]

It's always possible. But then again just like people think traditional voting system is secure. Very specialized software that run on top of special hardware, as I suppose this voting machines do, are similar to airplanes navigation systems or even engines of cars. What I mean is, they can be much more closely controlled than people. Call me a misanthrope(or a engineer :p) but I trust machines I understand better than people with good references to get things done the way I expect.

Re:

[maxwell demon]

But the problem is that you cannot be sure that you are faced with the machine you understand, even if you analyzed the machine which is supposed to be there up to the last detail. That's because after all, there are still humans who have to put the machine in place, feed it with the candidates to vote on, etc. And how do you know for sure that none of them tampered with the voting machine?
With paper ballots, you only can manipulate on the day of the election (well, in principle you could manipulate the bal

Only three days?

[cameigons]

It usually takes more than three days to hack anything which flaws aren't by any means evident. It sure shows the voting machines are quite secure, but does that really show that they are "unhackable"?

Working link of pics, video of the voting machines

[cameigons]

http://br-linux.org/2009/video-e-fotos-do-boot-do-linux-em-uma-urna-eletronica-brasileira/ [br-linux.org] (scroll down the page a bit)

Hackers Fail to Crack Brazilian Voting Machines

[Dun Kick The Noob]

for now.

The successful atempt wasn't about the system

[joaobranco]

According to the newspapers, the successful attempt was on the carrying bag for the media (which I assume carries the data required). It seems lack of physical security still can happen, but the media is supposedly cryptographically signed, so replacing it would be hard in any case.

Wrong way to look at it.

[PopeRatzo]

It's funny that they'd crow about the fact that "hackers" couldn't break their security in three days. Hacking a voting machine isn't a timed athletic contest. It might take 4 days, or a week, or a year, but once it happens, the damage from a hacked election could be catastrophic for a nation.

The problem with voting machines is that somebody has to make them, usually a private company. Private companies are after profit. Profit + elections can be a disastrous combination. The effects of private money have turned the US political system into a bad joke.

The way to secure and fair elections is not through any proprietary technology, that's for sure.

Formal proof

[Anonymous Coward]

I wonder, with all the universities around, and those news about a 'formally proven' OS kernel, if a team of researchers couldn't attempt to formally prove a modular voting software system (maybe using the OS kernel that's already proven)?

Sure, it may be troublesome, but with government funding, it's a work that can be done, and independently verified by anyone that knows how to read such proofs.

Not the real hackers

[michelcultivo]

Before you do the attempt you have to explain what you're planning to do, and the procedures have to stay with the TSE. The real hackers don't get their hands on that voting machine, only the security companys and universities can do the tests.

Ridiculous prize

[BoppreH]

It's important to note that the prize for the winner is of just R$ 5.000, a little under $ 3.000. This certainly scared most experts away.

On a side note, you guys have just slashdotted our fucking Superior Election Court website. I hope you are happy.

Re:

[BRSloth]

$3000 may be too low for you. It may be too low for my Australian standards. But, as a Brazilian who worked 10 years in the field there, R$ 5000 is about TWICE what a top software engineer is paid in a month.

Re:

[dskoll]

I would not enter such a contest unless the prize were at least a year's salary. The amount of effort required for a real security assessment is worth a lot more than a month's salary.

Shill

[Gothmolly]

Sure, the 'best crackers' couldn't hack it, see? So its secure, see?

Misleading headline

[Legion303]

More accurate: "Successful Brazilian voting machine hackers stay quiet, wait for election day."

Proves nothing

[dskoll]

While cracking the machines would prove that they are insecure, failing to crack them proves nothing. It only proves that one group of people at a particular time couldn't crack them.

obligatory...

[TheSHAD0W]

Hackers Fail To Crack Brazilian Voting Machines

Give them time, a brazilian is a lot of machines!
Ba-doom-boom-tss.

Backdoors done right

[4D6963]

So, the machines' backdoor cannot be used by just about any hacker? Well good to know!

Put in a different way, that's as if you made a contest out of making people try to log through SSH into your machine, to prove that *you* can't log into it.

This statement is BS...

[duwde]

I'm Brazilian and this media statement is full os shit, why ? 1st - To try to hack it you had to submit a paper telling EVERYTHING you would try to hack... Any hacker knows that "hacking" isn't easy, and you must adjust your techniques every time, so it is virtually impossible to design a paper telling what you're going to do. Hacking isn't simply mathematics and scheduled procedures... 2nd - They would allow you very limited access to the voting machine in a controlled everinoment and on a limited time.

Corrected headline

[Minwee]

"Hackers Decline to Reveal That They Cracked Brazilian Voting Machines"

It's almost as if they had some incentive to keep it to themselves.

Re:Hmm...

[Z00L00K]

Obviously this puts a lot of software produced in the US to shame.

Today it seems like it's all about selling something crappy for money in the US with an EULA where you free yourself of all responsibility.

And when someone points out the flaws the lawyers are called in to hide the fact that there is a gap that can put Grand Canyon to shame.

No wonder that the world has suffered so much malicious software.

Sure - call me a troll, but it's also an observation. Time to market is more important than quality.

Re:

[darkpixel2k]

Time to market is more important than quality.

Yeah look at Ubuntu. Every 6 months on the dot no matter what the quality.
And uuh...yeah...Look at Vista. Was that 6 or 7 years to market?

Your statement doesn't hold up. ;)

Re:

[timmarhy]

Yeah look at Debian, many years was it between releases?

Re:

[ThePhilips]

Debian is server-centric. (Though also hihgly-usable as workstation too.) Long release/support cycles there is the feature, because stability is the priority.

On other side, I have used for about two+ years Debian Sid [debian.org] as desktop at home. I had only three major breakages in all the time which required me too boot system in single user mode to repair it. And that is unstable branch which is literally "just compiled software". That easily compares to rate of reinstalls I had to do on my Windows workstation,

Re:

[PopeRatzo]

Look at Vista. Was that 6 or 7 years to market?

You've got it all wrong. Vista was just Win7 beta.

Re:

[Carl.E.Pierre]

Some people are allergic to free.

Translation

[Futurepower(R)]

My translation [explanatory comments in brackets]:

Test of the security of the electronic voting system

From Tuesday to Friday this week, 10 to 13 November, the Supreme Electoral Tribunal (TSE) will hold the first public testing of security in electronic voting machines that will be used in the elections of 2010, and of the other provisions of the electronic voting system. During those days, 38 specialists in computer science and network engineering will try try to find vulnerabilities in the [voting c

NOT USABLE IN USA

[Philip K Dickhead]

For a system to be adopted in the US, it needs to be closed source, proprietary and subject to the anti-tampering and reverse engineering provisions of the DMCA.

Fraud and covert manipulation are essential "checks and balances" in the American system, ensuring that the interests of minorities like banks, insurance, pharmaceutical and petro-chemical industries are protected from the tyranny of the majority.

Re:

[phantomfive]

Sure - call me a troll, but it's also an observation. Time to market is more important than quality.

Customers get what they pay for. If they aren't willing to make security a priority and pay more for it, then they won't get it.

Re:

[Aldenissin]

Customers get what they pay for. If they aren't willing to make security a priority and pay more for it, then they won't get it.

Funny, I didn't pay for Ubuntu, but somehow I feel at least an order of magnitude safer than using Windows, even windows 7. While I haven't got a virus in years (Thank you AVG, which is also free!), I know that
there are thousands viruses and security holes (even if we haven't discovered them yet) in Windows 7.

I say sure, stereotypically you get what you pay for; but what about Windows NT where the server version cost something like $800 but was exactly the same except for setup and how many http con

Re:

[buchner.johannes]

Simplicity --> greater security (I'm not saying the contest measured something).

http://en.wikipedia.org/wiki/Elections_in_Brazil#The_Brazilian_voting_machines [wikipedia.org]

The source is available to the parties.

Re:

[sslayer]

The voting system has been widely accepted, due in great part to the fact that it speeds up the vote count tremendously. In the 1989 presidential election between Fernando Collor de Mello and Luiz Inácio Lula da Silva, the vote count required nine days. In the 2002 general election, the count required less than 12 hours. In some smaller towns the election results are known minutes after the closing of the ballots.

I just don't get it. In Spain we know the results of the election with more than the 90% of votes counted at 21:00, while the election itself ends at 20:00. In an hour more or two, we got the 100% minus the postal votes. And of course our system is just the goold old ballot.

Re:

[Wooky_linuxer]

Yeah, but what is your population? From Wikipedia, about 46M. Check Bras(z)il's: 190M. Your area? 500.000 square km, versus 8 millions and a half. And bear in mind that some of the brazilian population live in areas that only can be acessed by boat or airplane - not a big fraction, of course, but we have much bigger dispersion than Spain or any other European country.

Re:

[sslayer]

I still don't get it.

We don't go all the 40 million people the same place to vote, nor do we count the ballots one by one.

We open up nearly all schools, so every one of us is assigned the nearest from his home, just a few minutes walking. Inside each school, there are several ballot boxes, so in the end, there's no more than a few hundred ballots in each box, maybe a thousand at the most.

Counting that, is just a matter of minutes, and reporting the total count to a central administration is againt a matter

Re:

[stevelinton]

Interesting. Sounds like you count at every polling place. Most countries don't do that. They gather the boxes up some smaller set of places (in the UK it's one per constituency) and count them all there. Obvious advantage -- much easier for parties and the press to scrutinise the count; obvious disadvantage -- it takes longer.

In the US they also have a curious attachment to having huge numbers of elections all at once and putting them all on the same piece of paper. I guess this probably is easier for the

Re:

[sslayer]

Yeah, we do count every box, and there are always at least four people counting each box. One of them is designed by the local administration, and the other three are chosen randomly from the electorate itself.

If you're chosen, you are obliged to stay there during the day, and payed 50€ for the inconvenience. Of course, you aren't punished if you present some medical condition, are travelling or that kind of things.

Also, each party can send as many representatives as they want to each box or school, to

Re:

[Wooky_linuxer]

In 2004 we (in Brazil) had about 406.000 boxes (they were already eletronic voting machines then). That's about 10 times more than Spain at the same year. As stevelington said, we also don't count every box at each polling place (and we didn't do it before switching to eletronic boxes) but take them to a central place. Perhaps your way is faster (as maxwell_demon said below, counting is highly parallelizable, and having more people count makes the results be available faster). But I daresay counting votes i

Re:

[maxwell demon]

Counting is a highly parallelizable process. And the number of people who can count is generally proportional to the total number of people in the country. Therefore if all other things are equal, the size of population in a country should have zero effect on the time required to count the votes.

Re:

[ThePhilips]

Sure - call me a troll, but it's also an observation. Time to market is more important than quality.

If I had mod points, I would have modded you down. In context of Linux, or any software which wants to give you a choice, you point is largely misplaced and wrong.

Personally, I'm tired of the overrated excuse - to shuffle half-baked software on users. "Time to market" is a great metric - if you also cut on features. (E.g. what Debian does by excluding from releases software which cannot be stabilized in timely manner.)

But no commercial company would *ever* do it - because software is sold (or rather

Re:

[Z00L00K]

If you look at the market in general and don't focus on single products the perspective is different.

The number of products through history that haven't made it far outweighs the number of products that have survived.

And this isn't limited to applications, look at cars and a lot of other items.

Re:Hmm...Hmm...

[elkto]

Then again, with nothing to gain in a public competition/venue, the real hackers worth their salt are holding back.
It's worth more to them to crack the devices later, offering the ability to somebody who would pay them substantial sum of money to sway an election.
If you want to wear a tin foil hat, you might come to think the whole hacking competition was rigged for the benefit of the government...... Nah...

Either way you look at it, it makes the whole event suspect.

Re:

[easyTree]

Obviously this puts a lot of software produced in the US to shame.

This seems to imply that Diebold are *trying* to make secure voting machines.

Re:

[jhoegl]

The reason for Microsofts constant failure at security and bugs is that they outsource portions of the code still. Win ME was the first time they did that, look what happened. They still dont learn or care about it and outsource code. Look at recent GPL violations for current proof. That and they focus more on crap that has nothing to do with an Operating System.

Re:

[C0vardeAn0nim0]

brasil isn't latin america, duffus. barsil is brasil. plain and simple.

our democracy is a lot more solid than our neighbor's.

Re:

[Z00L00K]

From a linguistic point of view it is latin america, but you may see latin america as central america.

Try again!

[Anonymous Coward]

Actually, they ARE Diebold machines! When I turned 18 and voted for the first time I was really surprised to see that the voting machines here in Brazil have Diebold logos... and this was around the time when electronic voting was starting to make noise in the US due to insecure Diebold machines. However, I suspect that the Brazilian machines are actually designed by some national organization and only the manufacturing of all the thousands of machines is outsourced to Diebold.

Weve been voting with these ma

Re:Try again!

[C0vardeAn0nim0]

they were designed under the electoral court's orders by universities and private companies. after the design was ready, the manufacturing was outsorced to several comapnies, one of them was procomp, that later was purchased by diebold.

diebold doesn't own the designs or the copyright to the software. the electoral court does. so if diebold is thinking about selling similar machines in US, they'll have to pay our govt. royalties.

Re:

[agoliveira]

The source *is* open. Anyone from any political party or organized entity can request and have access to all source and follow all the procedures. The final binaries are signed by all interested parties as well and the system can be audited at any time. I know no system is fail proof but I believe they covered as much as they can and honestly, the paper system is also week to social pressures and bribing as well. That's the week link: people, not technology.