Slashdot Log In
Linux On Brazilian Voting Machines, the Video
Posted by
kdawson
on Tue Oct 14, 2008 02:26 PM
from the eat-your-heart-out-diebold dept.
from the eat-your-heart-out-diebold dept.
Augusto writes "Just 10 days ago, 130M Brazilian voters were turned into users of one of the largest Linux deployments worldwide: the 400,000 electoral sections in all of the 5,563 Brazilian municipalities were running electronic voting machines, and the Linux kernel was running in all of them. These voting machines have been used in Brazil since 1996, and are rugged, self-contained, low-spec PCs. We've discussed the technical details of this Linux deployment and implementation elsewhere, but I thought it would be interesting to show some pictures (and a movie) of Linux booting on these voting machines. So I asked for official permission and thus was helped by a technician while I took some quick pictures and made a small movie showing the boot process, where you can actually read the kernel messages."
Related Stories
[+]
Politics: Linux-Based E-Voting In Brazil 302 comments
John Sokol writes "I just heard from a good friend and Linux kernel hacker in Brazil that they have just finished their municipal election with 128 million people using Linux to vote. They voted nationwide for something like 5,000 city mayors. Voting is mandatory in Brazil. The embedded computer they are using once ran VirtuOS (a variant of MS-DOS); it now has its own locally developed, Linux-based distro. These are much nicer, smaller, and cheaper than the systems being deployed here in the US. Here is a Java-required site with a simulated Brazilian voting system. It's very cool; they even show you a picture of the candidate you voted for."
[+]
Your Rights Online: Hackers Fail To Crack Brazilian Voting Machines 143 comments
blueser writes "From Nov 10th to Nov 13th the Brazilian Government hosted a public hacking contest to test the robustness of its voting machines. 38 participants from private and public IT companies (including the Brazilian Federal Police) were divided into 9 teams, which tried several different approaches to try to tamper with the software installed on the machines, and even to physically interfere in other stages of the process. All attempts (aside from a minor one which would not compromise the overall results) failed, and observations from the participants and neutral observers will be taken into account to improve the process even further. Here is the official announcement for the contest (Google translation; Portuguese original). A summary of the results is available in the Brazilian press (original). Brazilian voting machines use Linux." US voting officials ought to be envious of their Brazilian counterparts, or ashamed, or both. Perhaps this MIT-developed cryptographic voting system offers a way forward.
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Linux is great, but... (Score:5, Insightful)
If you can code it, you can hack it. If you have coders or admins, you have potential security threats.
Re: (Score:2, Insightful)
Re:Linux is great, but... (Score:4, Insightful)
It's much easier to destroy or modify 10,000 votes on a flash disk without a trace then destroy or modify 10,000 paper ballots without a trace.
Parent
Re: (Score:2, Funny)
I can't decide if you need to start watching more CSI, or less of it.
Re: (Score:3, Insightful)
Are you kidding? This may be a phyrric argument (either way of doing it is fraud, and a real problem.) But, if you think it's hard to exploit a security hole (hint, they are in every piece of election software ever written) and dramatically change the voting results with little effort and even less evidence, you need to do some research on election systems. Paper voting means a physical paper trail, it absolutely IS harder to hide/destroy something that was once real (paper ballots) than to find something
Re: (Score:3, Interesting)
e-voting is not the problem, it's just another tool to use for the voting process. A good system, either electronic or physical is needed to curb any and all fraud. Personally, I like a combination of the two (ie, e-voting with printed ballots for
Re: (Score:2)
Rigging an election will always be possible, regardless if it is paper or electronic.
It is much harder to rig a paper ballot if you have a lot of individuals monitoring polling stations by videotaping the process and also following where they take the votes! Please go to blackboxvoting.org to find out how to best monitor your election.
The problem with most electronic voting machines is that even when you participate the votes could easily be manipulated at a central tabulating location.
You should never expe
Re:Linux is great, but... (Score:5, Interesting)
Parent
Re: (Score:2)
How will I scrutinize it? How can I prove that the software running the machines is the same that I got to inspect, and that the hardware hasn't been compromised?
The only way to do secure e-voting is to use it for quick results and always do a manual recount afterwards. This obviously requires printing the votes.
Re:Linux is great, but... (Score:4, Informative)
Voter verified paper trail. IIRC, the machines in Brazil have one. In addition random hand recounts of precincts are needed as well.
Parent
Re: (Score:2)
Nonsense.
One security hole, anywhere in that electronic system, allows the entire system to be rigged. The first security hole is that the vast majority of people cannot tell the difference between a technician repairing a broken voting computer, and a technician rigging a voting computer. Second is that the software that is loaded might not match the software that is scrutinized. There are lots of others.
The security that works to prevent pieces of paper from being manipulated is well understood. Ask
Re:Linux is great, but... (Score:5, Insightful)
An election process has to provide the following characteristics (in some countries these are taken serious):
1. Access: Only people allowed for voting may place their vote
2. Equality: Each person may only be counted once and with the same weight of vote.
3. Privacy: Noone can find out for whom a person voted.
4. Secure against forgery:
1. Valid votes can not be changed/forged.
2. Valid votes may not be destroyed.
3. Invalid votes may not be added
5. Checkable: Each voter has the possibility, independent from any other person, to check the correctness of an election including all previous points.
( I didn't find this in the English Wikipedia, this is a quick translation from the German Wikipedia [wikipedia.org] )**.
You cannot ensure these with voting machines without the use of paper*. It is not a matter of code, just a fact of information and physics.
Use paper. Optionally with punchscan [punchscan.org] and the such. Even the cost factor is irrelevant. Democracy is worth it.
____
*Maybe with quantum computers. But can the average person check the setup? With paper, you can.
** I'd be grateful for a link
Parent
Re:Linux is great, but... (Score:5, Interesting)
yea your right, what we need is a bunch of paper, marked in #2 pencil in a box. Yea that is much more secure. not everyone can hack an encrypted voting machine, everyone can steal a box and reprint voting forms.
Parent
Re:Linux is great, but... (Score:4, Funny)
No, you need cards with little holes that get punched out to indicate your selections. Those work much better.
Parent
Re: (Score:2)
Re: (Score:2)
Re:Linux is great, but... (Score:5, Interesting)
Physical security is something we're really good at. Thousands of years of experience. That doesn't mean that there are no failures, but in general you can at least detect that tampering took place and that it was deliberate.
With voting machines, you get a bunch of places where candidates happen to win by a 16384 vote margin -- is that deliberate tampering, machine error, or maybe just plain luck? You'll never know, and therefore you'll probably never catch the criminals.
Parent
Re: (Score:2)
How much damage can one man do by stealing one voting box? How much damage can one man do by subverting the code installed on every voting machine in the state?
Traditional voting systems require a large conspiracy to have a large effect on the outcome. Electronic voting systems can be subverted by one person with access to the source code or even just the compiler.
Everyone can steal a box? (Score:3, Insightful)
I don't think so. Remember that it isn't enough to merely change votes; that just wins you a quick ticket to prison. The criminals' goal is to change votes without being caught by any election observers who are watching the polls. And what system makes that goal easier to achieve? Creating an electronic voting machine that can change digital ballots undetected just requires basic programming skills and access to the machine. Creating a ballot box that can change paper and pencil ballots undetected requ
Re:Linux is great, but... (Score:5, Insightful)
My main question is who can modify the source of the software they're using, and how are they verifying that the binaries are unmodified. Generally, I agree that Linux doesn't belong there, but I don't think it's unreasonable to say that any software used in voting machines must be open source.
Here in the states, state law clearly defines how votes should be cast and counted. Without the source code to the program responsible for counting the votes, these laws will quite literally read something along the lines of:
1.Voters enter votes into machines.
2. ???
3. Voters receive election results.
The procedures for voting are a matter of public law. That must extend to procedures within the voting machines.
If you think that's putting too large a technical burden on the lawmakers, look at building codes, patent law, etc. It's a little too late to call for law that is perfectly accessible to non-technical citizens.
Parent
Re: (Score:2)
If you think that's putting too large a technical burden on the lawmakers, look at building codes, patent law, etc.
Should also note that because voting is mostly a state (non-federal) affair, minimum standards should first be set the federal government. The current mess we're in stemmed from George W. offering up money for the states to revamp their voting systems (after the chad fiasco), and allowing local legislators to spend that money as they saw fit. That, regrettably, amounted to local officials call
Re:Linux is great, but... (Score:5, Informative)
From TFA:
All political parties have access to the source code, and digitally sign the executable code, and thus can confirm, at any individual machine, that the running software is the official one.
Parent
Re: (Score:2, Informative)
Actually it also, obviously, a matter of law in Brazil (but Federal law). Machine's software is owned by the "Electoral Justice" and is digitally signed by all parties, so, any party can check if a machine is running the "correct" software.
Part of machines prints all votes as other way to test the system.
Machines used to run Windows CE, I think. Probably Linux was chosen was a way of driving costs down.
Diebold is the main hardware supplier to the Brazilian government but not the unique or exclusive one.
It's
Re:Linux is great, but... (Score:4, Interesting)
If banks can transfer billions of dollars every day safely and securely (in many cases without even a paper trail), there is no reason why a decent electronic voting system can't be made. Compared to an ATM, a voting machine should be a piece of cake, you don't have to worry about verifying the user's identity. You don't need to check the balances and rights. All you need to do is accept and record the current user's vote, them reset for the next user.
Do give us open source so there are 50,000 coders doing Q&A on it. Do give us a paper trail so that if there is any suspision then the vote can be verified. Do involve election officials in at least the requirements process.
Don't give us a function that clears all votes made on the system so that polling officers can 'adjust' the vote. Don't give us hardware which uses the same exact key to unlock every case. Most important, Don't try to cover it up if you screw the pooch; let us know so the recount can be performed by hand.
Parent
Re:Linux is great, but... (Score:4, Insightful)
If banks can transfer billions of dollars every day safely and securely (in many cases without even a paper trail), there is no reason why a decent electronic voting system can't be made.
Wow, that's a pretty terrible non-sequitur. The requirements for banking and voting are completely different. An ATM does not have to make sure that you cannot prove to anybody what you did when you used it. It does not have to prevent other people from tracing any action back to you. And if something goes wrong or someone tampers with the machine, you will know it sooner or later and can complain to your bank.
Parent
Re: (Score:2)
01110101 01110010 00100000 01100001 00100000 01100111 01100101 01100101 01101011
Hey, I'm not a geek!
(OK, maybe I am one..)
Re: (Score:2, Interesting)
Can't you have both?
You can always use electronic voting that prints out paper votes, which are cast in a real life ballot. The voter then knows that nothing has been tampered with, the press gets ultra-fast draft results and the final results come from manually counting the printouts.
Re: (Score:3, Informative)
What if we did this:
When you go to vote, you take a one-way hash (md5sum or something) of your SSN or SSN+lastname+phone or some other unique identifier, and enter that along with your vote.
An official website lists each person's hashed ID and non-hashed vote. I can always check that my vote was registered correctly (and maybe repeat (before some deadline) until it is what I wanted it to be).
I can download everyone's vote and count them myself.
If there is a discrepancy, the responsible election off
Free vote (Score:5, Interesting)
Free software for free votes, what a great match-up. Plus, it beats the Diebold machines running on Windows CE that kept crashing. [nytimes.com]
Incidentally, I just voted in our Canadian federal election and we're still using the pencil-and-paper and human-counted voting method. Slower, but still the most reliable and secure method IMO.
Re:Free vote (Score:5, Funny)
Yeah, well, there's only like 47 people living in Canada - that makes things easier to do by hand.
Parent
Re: (Score:3, Interesting)
With pen and paper voting in the US, we'd need 10 times as many people to rig the election, thus greatly increasing the chance that someone would talk about it. Whereas with computerized voting machines, we don't have that problem.
Re: (Score:3, Insightful)
We have 30 million people, of which we take some small fraction to count by hand all the votes. I don't see the magical point between 30 million (in Canada) and 300 million (in the US), for example, where this small fraction of people would become necessarily larger.
It's not the population that makes the difference, it's the complexity of the ballot. Because we we vote for national, state and local officials all on the same day and because we vote for individual office holders rather than parties, our ballots tend to be very long, with lots of difference choices expressed. I didn't count in 2006, but in 2004 my ballot had over 60 separate decisions to be made.
Because of that, hand counting US ballots takes much more effort. Not so much that it couldn't be done, of
A geek question (Score:2)
Anybody know what these are running - or at least what it is based on?
From the pics I cannot tell much.
Is this a custom build or a distro hack?
[edit]
Just checked the picture again and saw MINIX - could it be?
[/edit]
Is the voteing software open source? (Score:2)
That is the bigger thing to have even big then the os part.
Still needs a paper trail... (Score:2)
Whoa, that's a Diebold system ... Diebold is that company whose name turns up on almost any news item related to voter fraud (and similar corruption) in the US, which you can see more clearly at sites like Black Box Voting.org [blackboxvoting.org]. I didn't know that there was an option for flashing those systems, already purchased by many municipalities, with a friendlier configuration (Free Software should be mandatory for processes like this which can only function with FULL transparency). This might be a viable out for ma
Re: (Score:2)
"Diebold is that company whose name turns up on almost any news item related to voter fraud (and similar corruption) in the US"
You mean Diebold and ACORN are the same people????
Mod up = it's on the pics (Score:3, Informative)
If only I had the mod points I had 2 days ago...
Linux running on a brazillion voting machines? (Score:4, Funny)
ah, I see now (Score:2)
So I guess this is what Linus had in mind when he was talking about world domination all those years ago...
Re:I spy with my little eye... (Score:5, Informative)
The hardware is publically bought (in recent years, Diebold has been the main provider), but the software is developed in house by the Electoral Justice.
Parent
Re: (Score:2, Insightful)
The party that controls the election software also controls the outcome of the election. And, the next election after that one, forever.
Re: (Score:3, Informative)
Yeah, I find it hilarious that in one story Slashdotters can rant and rave about how terrible Diebold is, and then just gloss over that fact in another which just so happens to also be about Linux.
Re: (Score:3, Insightful)
Luckily Diebold are probably too incompetent to manage a hardware hack. However, the threat model for Brazil really ought to include CIA involvement.
Re: (Score:2)
Talking about drivers - in the one picture you can see the USB fingerprint reader's driver loading. I find that interesting as our local LUG had a discussion a while back about the lack of support for fingerprint readers on some of the newer laptops.
Am I correct in assuming that these drivers are open to share and could be used on a laptop to try and get it's fingerprint scanner to work?
Re: (Score:2)
There have been linux-compatible fingerprint scanners with open-source drivers since 2001. That doesn't mean the scanner in your laptop will work... It's probably a different scanner.
Re: (Score:2)
I kinda figured as much.
Thanks.
I've always wondered about that (Score:2)
Why can't we make a secure, or indeed even a vaguely useful electronic voting system when we can make a perfectly secure electronic system that prints lottery tickets?
Has anyone ever heard of a lottery machine being hacked to print a winning ticket?
There's on on every corner market here in the US. Hundreds of thousands of them. They all link to some computer somewhere that records what was sold and when. You get a ticket with your numbers on it, along with some barcoded looking info to verify it's a
Re: (Score:2)
It appears theses machines are made by Diebold. Why don't we use them in the US elections instead of the terrible versions we seem to get statside.
Are you new on politics or is my sarcasm detector offline?
Re: (Score:3, Insightful)
it's because
Meaning they actually have to make a product worthy enough to get purchased over their competitors... instead of just getting an exclusive contract.
Re: (Score:3, Insightful)
Your entire premise is flawed.
You can't take out things on Windows, thus you can't prove