Forgot your password?
typodupeerror
Linux Software Government Politics

Linux On Brazilian Voting Machines, the Video 252

Posted by kdawson
from the eat-your-heart-out-diebold dept.
Augusto writes "Just 10 days ago, 130M Brazilian voters were turned into users of one of the largest Linux deployments worldwide: the 400,000 electoral sections in all of the 5,563 Brazilian municipalities were running electronic voting machines, and the Linux kernel was running in all of them. These voting machines have been used in Brazil since 1996, and are rugged, self-contained, low-spec PCs. We've discussed the technical details of this Linux deployment and implementation elsewhere, but I thought it would be interesting to show some pictures (and a movie) of Linux booting on these voting machines. So I asked for official permission and thus was helped by a technician while I took some quick pictures and made a small movie showing the boot process, where you can actually read the kernel messages."
This discussion has been archived. No new comments can be posted.

Linux On Brazilian Voting Machines, the Video

Comments Filter:
  • by religious freak (1005821) on Tuesday October 14, 2008 @03:29PM (#25373141)
    IT is great... Linux is great, but e-voting doesn't belong anywhere in major, general elections, IMHO.

    If you can code it, you can hack it. If you have coders or admins, you have potential security threats.
    • Re: (Score:2, Insightful)

      by m3j00 (606453)
      If you can hold it in your hand, you can destroy it. Vote tampering isn't exclusive to electronic voting, but it seems the widespread paranoia is.
      • by Constantine XVI (880691) <trash.eighty+sla ... om minus math_go> on Tuesday October 14, 2008 @03:45PM (#25373395)

        It's much easier to destroy or modify 10,000 votes on a flash disk without a trace then destroy or modify 10,000 paper ballots without a trace.

      • Rigging an election will always be possible, regardless if it is paper or electronic.

        It is much harder to rig a paper ballot if you have a lot of individuals monitoring polling stations by videotaping the process and also following where they take the votes! Please go to blackboxvoting.org to find out how to best monitor your election.

        The problem with most electronic voting machines is that even when you participate the votes could easily be manipulated at a central tabulating location.

        You should never expe

    • by moderatorrater (1095745) on Tuesday October 14, 2008 @03:36PM (#25373267)
      If it's coded properly, open sourced and widely scrutinized, electronic voting would be more resilient than pen and paper voting.
      • by amorsen (7485)

        How will I scrutinize it? How can I prove that the software running the machines is the same that I got to inspect, and that the hardware hasn't been compromised?

        The only way to do secure e-voting is to use it for quick results and always do a manual recount afterwards. This obviously requires printing the votes.

        • by Misch (158807) on Tuesday October 14, 2008 @04:25PM (#25373943) Homepage

          Voter verified paper trail. IIRC, the machines in Brazil have one. In addition random hand recounts of precincts are needed as well.

        • by vux984 (928602)

          How will I scrutinize it? How can I prove that the software running the machines is the same that I got to inspect, and that the hardware hasn't been compromised?

          The only way to do secure e-voting is to use it for quick results and always do a manual recount afterwards. This obviously requires printing the votes.

          How will you scrutinze them? How can you prove that the manual records of the votes you have been provided are the same ones voters actually created? And that they haven't been substituted with forg

          • by amorsen (7485)

            How will you scrutinze them? How can you prove that the manual records of the votes you have been provided are the same ones voters actually created?

            I can choose to watch the votes from the time they get put into the boxes to the time they get counted and recounted. I can check that the counts from the voting place I watch match what the newspapers report the following days.

            I can't watch the whole nationwide counting myself, but I know that others will watch other areas.

            Absentee ballots are a problem.

        • Code his own routine to make sure his vote is accounted for

      • Nonsense.

        One security hole, anywhere in that electronic system, allows the entire system to be rigged. The first security hole is that the vast majority of people cannot tell the difference between a technician repairing a broken voting computer, and a technician rigging a voting computer. Second is that the software that is loaded might not match the software that is scrutinized. There are lots of others.

        The security that works to prevent pieces of paper from being manipulated is well understood. Ask

        • Public key signing makes it trickier to rig the election.
          Check the keys before and after the election.

          Very difficult to rig it.
          You have to go on to security flaws or more difficult ways of doing it.

      • by buchner.johannes (1139593) on Tuesday October 14, 2008 @04:19PM (#25373859) Homepage Journal

        An election process has to provide the following characteristics (in some countries these are taken serious):

              1. Access: Only people allowed for voting may place their vote
              2. Equality: Each person may only be counted once and with the same weight of vote.
              3. Privacy: Noone can find out for whom a person voted.
              4. Secure against forgery:
                          1. Valid votes can not be changed/forged.
                          2. Valid votes may not be destroyed.
                          3. Invalid votes may not be added
              5. Checkable: Each voter has the possibility, independent from any other person, to check the correctness of an election including all previous points.
        ( I didn't find this in the English Wikipedia, this is a quick translation from the German Wikipedia [wikipedia.org] )**.

        You cannot ensure these with voting machines without the use of paper*. It is not a matter of code, just a fact of information and physics.

        Use paper. Optionally with punchscan [punchscan.org] and the such. Even the cost factor is irrelevant. Democracy is worth it.

        ____
        *Maybe with quantum computers. But can the average person check the setup? With paper, you can.
        ** I'd be grateful for a link

        • by aaandre (526056)

          What's interesting for me is 5. Checkable.

          Maybe the machines can print an anonymous vote ID with indicated choices which the voter takes with them. The voter then can double check the choices he made by anonymously logging onto a website and entering the random vote ID.

          Now, how do you connect to a website anonymously is another matter (i.e., the web server may still log access IP and connect it to the requested vote id, but that's another matter).

      • by Yvanhoe (564877)
        No. You need a way to check that the code you scrutinize is really the code running. Switching the score of two candidates probably only requires a 8 bytes swap.
        You would need some cryptographic check that :
        1. Your vote was taken into account
        2. The total were tallied correctly
        3. The number of votes matches the number of ballots cast.
        All of this without relying on a third party, be it either a hardware vendor or the elections organizer, with anonymousity respected, and with the impossibility to prove w
        • E-voting has a huge potential for general issues that make the rigging of a whole national election possible.

          Which makes it different from paper voting exactly how? Paper voting has been manipulated in the US for years (cf. Chicago, Florida and Ohio) and has very recently fucked us over egregiously, leading to the catastrophe that is the US government today.

          I don't think e-voting is magic by any means, but I also don't see any reason to doubt that it can be made reasonably resilient and trustworthy. Lik

      • by eh2o (471262)

        Electronic voting is also superior in terms of accessibility to the disabled and reading-impaired. It really is a better way to vote. But as usual, the devil is in the details.

    • by Brigadier (12956) on Tuesday October 14, 2008 @03:38PM (#25373291)

      yea your right, what we need is a bunch of paper, marked in #2 pencil in a box. Yea that is much more secure. not everyone can hack an encrypted voting machine, everyone can steal a box and reprint voting forms.

      • by barzok (26681) on Tuesday October 14, 2008 @03:43PM (#25373379)

        No, you need cards with little holes that get punched out to indicate your selections. Those work much better.

      • by amorsen (7485) <benny+slashdot@amorsen.dk> on Tuesday October 14, 2008 @03:55PM (#25373531)

        Physical security is something we're really good at. Thousands of years of experience. That doesn't mean that there are no failures, but in general you can at least detect that tampering took place and that it was deliberate.

        With voting machines, you get a bunch of places where candidates happen to win by a 16384 vote margin -- is that deliberate tampering, machine error, or maybe just plain luck? You'll never know, and therefore you'll probably never catch the criminals.

        • by mangu (126918)

          That doesn't mean that there are no failures, but in general you can at least detect that tampering took place and that it was deliberate.

          So, did they find out that the butterfly ballot [wikipedia.org] was deliberate tampering? Or was it just an accident, like a hanging chad [wikipedia.org]?

          If you really must use a microscope on a paper ballot [cnn.com] to determine the voter's intent, wouldn't it be better to use the same thoroughness in inspecting the electronic voting process to make sure that no tampering was done?

          • by amorsen (7485)

            I believe the butterfly ballot was an accident. Either way, the problem has been found, and good ballot formats are well known.

            Your hanging chad thing is a complete strawman, voting machines are bad whether they look like the analytical engine or something from Star Trek.

      • by Hatta (162192)

        How much damage can one man do by stealing one voting box? How much damage can one man do by subverting the code installed on every voting machine in the state?

        Traditional voting systems require a large conspiracy to have a large effect on the outcome. Electronic voting systems can be subverted by one person with access to the source code or even just the compiler.

      • by xant (99438)

        This is not insightful. Everyone can steal a voting machine just as easily. Since the voting records are stored on memory cards, you can steal a LOT MORE OF THEM... hundreds in your pockets.

        As an added multiplier, if you implement your hack in the right place, you can also corrupt A LOT MORE voting machines at once, and therefore a lot more votes at once.

        No system will be 100% secure, but paper voting is the easiest TO secure. I didn't RTFA, but anyway, I thought the brazilian machines just printed out a

      • I don't think so. Remember that it isn't enough to merely change votes; that just wins you a quick ticket to prison. The criminals' goal is to change votes without being caught by any election observers who are watching the polls. And what system makes that goal easier to achieve? Creating an electronic voting machine that can change digital ballots undetected just requires basic programming skills and access to the machine. Creating a ballot box that can change paper and pencil ballots undetected requ

    • by FlyingBishop (1293238) on Tuesday October 14, 2008 @03:41PM (#25373337)

      My main question is who can modify the source of the software they're using, and how are they verifying that the binaries are unmodified. Generally, I agree that Linux doesn't belong there, but I don't think it's unreasonable to say that any software used in voting machines must be open source.

      Here in the states, state law clearly defines how votes should be cast and counted. Without the source code to the program responsible for counting the votes, these laws will quite literally read something along the lines of:

      1.Voters enter votes into machines.
      2. ???
      3. Voters receive election results.

      The procedures for voting are a matter of public law. That must extend to procedures within the voting machines.

      If you think that's putting too large a technical burden on the lawmakers, look at building codes, patent law, etc. It's a little too late to call for law that is perfectly accessible to non-technical citizens.

      • If you think that's putting too large a technical burden on the lawmakers, look at building codes, patent law, etc.

        Should also note that because voting is mostly a state (non-federal) affair, minimum standards should first be set the federal government. The current mess we're in stemmed from George W. offering up money for the states to revamp their voting systems (after the chad fiasco), and allowing local legislators to spend that money as they saw fit. That, regrettably, amounted to local officials call

      • by brazilian brain (12673) on Tuesday October 14, 2008 @04:02PM (#25373629) Homepage

        From TFA:

        All political parties have access to the source code, and digitally sign the executable code, and thus can confirm, at any individual machine, that the running software is the official one.

        • Short of removing the boot CF card and BIOS flash from the machine, and dumping them with a known-good machine, how does one verify that the machine was not tampered with? The BIOS could inject system management mode hooks to mess with votes for example - apart from a few microseconds of latency here and there, the OS would be none the wiser.

          And if you /do/ dump the BIOS and CF card using some machine known good to one party, how does the other party know you didn't reflash it while you were in possession o

      • Re: (Score:2, Informative)

        by vbraga (228124)

        Actually it also, obviously, a matter of law in Brazil (but Federal law). Machine's software is owned by the "Electoral Justice" and is digitally signed by all parties, so, any party can check if a machine is running the "correct" software.

        Part of machines prints all votes as other way to test the system.

        Machines used to run Windows CE, I think. Probably Linux was chosen was a way of driving costs down.

        Diebold is the main hardware supplier to the Brazilian government but not the unique or exclusive one.

        It's

    • by MozeeToby (1163751) on Tuesday October 14, 2008 @03:59PM (#25373583)

      If banks can transfer billions of dollars every day safely and securely (in many cases without even a paper trail), there is no reason why a decent electronic voting system can't be made. Compared to an ATM, a voting machine should be a piece of cake, you don't have to worry about verifying the user's identity. You don't need to check the balances and rights. All you need to do is accept and record the current user's vote, them reset for the next user.

      Do give us open source so there are 50,000 coders doing Q&A on it. Do give us a paper trail so that if there is any suspision then the vote can be verified. Do involve election officials in at least the requirements process.

      Don't give us a function that clears all votes made on the system so that polling officers can 'adjust' the vote. Don't give us hardware which uses the same exact key to unlock every case. Most important, Don't try to cover it up if you screw the pooch; let us know so the recount can be performed by hand.

      • by neuromanc3r (1119631) on Tuesday October 14, 2008 @04:36PM (#25374095)

        If banks can transfer billions of dollars every day safely and securely (in many cases without even a paper trail), there is no reason why a decent electronic voting system can't be made.

        Wow, that's a pretty terrible non-sequitur. The requirements for banking and voting are completely different. An ATM does not have to make sure that you cannot prove to anybody what you did when you used it. It does not have to prevent other people from tracing any action back to you. And if something goes wrong or someone tampers with the machine, you will know it sooner or later and can complain to your bank.

    • by databank (165049)

      01110101 01110010 00100000 01100001 00100000 01100111 01100101 01100101 01101011

      Hey, I'm not a geek!

      (OK, maybe I am one..)

    • Re: (Score:2, Interesting)

      Why do people think that the operator between electronic and traditional voting is "XOR"?
      Can't you have both?
      You can always use electronic voting that prints out paper votes, which are cast in a real life ballot. The voter then knows that nothing has been tampered with, the press gets ultra-fast draft results and the final results come from manually counting the printouts.
      • Good point. That is exactly the type of system I think we should have, but I still wouldn't necessarily call a system like that "electronic voting", because the paper ballots would truly determine the outcome.

        It would insure morons could fill out the ballots properly and we'd still have an audit trail. I'm all for it.
    • Re: (Score:3, Informative)

      by fugue (4373)

      What if we did this:

      When you go to vote, you take a one-way hash (md5sum or something) of your SSN or SSN+lastname+phone or some other unique identifier, and enter that along with your vote.

      An official website lists each person's hashed ID and non-hashed vote. I can always check that my vote was registered correctly (and maybe repeat (before some deadline) until it is what I wanted it to be).

      I can download everyone's vote and count them myself.

      If there is a discrepancy, the responsible election off

      • I like your thinking, but as expressed, this would let everyone check everyone else's vote, if they can get the same information about the other person. You have to have some really private info as part of this.

        Wait, what about a password?

        Can I get a patent for this?

        • by fugue (4373)

          Ah, yes, of course--protecting your vote from your neighbour isn't so hard, since your neighbour doesn't generally know your SSN. But the much more important job of protecting your vote from the government is handled, um, shall we just say "poorly", by my proposal. Yes, the addition (as you suggest, we still need something close to uniqueness) of a password ought to solve it, assuming people remember theirs. Of course, one could still at least verify a guessed password, since there are about 2^28 people

      • You'd be able to prove your vote to a third party. This means that buying votes becomes very practical. The main defense against vote-buying at the moment is the fact that nobody can determine if the vote seller actually went through with their end of the bargain, and so it's a very iffy investment (I'd gladly take money for voting for McCain if I couldn't be held responsible for not following through, after all)

        • by fugue (4373)
          I'm not a cryptographer, but my hunch is that it's impossible to construct a system in which you can verify that your vote was counted correctly but can't prove that to a third person...?
    • The InkaVote ballot readers that Los Angeles County uses run Linux. Red Hat Enterprise Linux. I know, I'm a pollworker, and I've seen 'em boot. BTW the precinct readers are there to guard against blank ballots and overvotes...the paper ballot is the record of the vote in LA County.

  • Free vote (Score:5, Interesting)

    by Jabbrwokk (1015725) <grant DOT j DOT ... AT gmail DOT com> on Tuesday October 14, 2008 @03:33PM (#25373221) Homepage Journal

    Free software for free votes, what a great match-up. Plus, it beats the Diebold machines running on Windows CE that kept crashing. [nytimes.com]

    Incidentally, I just voted in our Canadian federal election and we're still using the pencil-and-paper and human-counted voting method. Slower, but still the most reliable and secure method IMO.

    • by glwtta (532858) on Tuesday October 14, 2008 @04:01PM (#25373611) Homepage
      I just voted in our Canadian federal election and we're still using the pencil-and-paper and human-counted voting method.

      Yeah, well, there's only like 47 people living in Canada - that makes things easier to do by hand.
      • there's only like 47 people living in Canada

        This time of year, true, because all our crotchety seniors are packing every single Dennys and Country Kitchen Buffet in Florida! Ha ha, take that, America's wang!

        that makes things easier to do by hand

        It's just so cold and lonely... we can't help but "do things by hand" if you know what I mean. I'd say "things... like your mom" but I don't know if we stoop to such things on Slashdot.

    • by MtViewGuy (197597)

      I actually prefer pen and paper. There's good reason for this: pencil marks can be erased or smudged, and that causes no end of problems for both machine and hand reading of ballots. (It's the "hanging chad" problem all over again.)

      • Interesting point about the pen versus pencil. But I don't think it would make any difference. This morning I used the provided little yellow golf pencil to mark my "X" and then hand in my paper ballot. Each ballot has a unique number which the volunteer receiving my ballot ripped off, and recorded on the voters' list next to my name. Then I shoved my ballot in the cardboard box, and walked out.

        The whole time, scrutineers from various political parties sat behind the volunteers, watching, making sure nothi

  • Anybody know what these are running - or at least what it is based on?

    From the pics I cannot tell much.

    Is this a custom build or a distro hack?

    [edit]

    Just checked the picture again and saw MINIX - could it be?

    [/edit]

  • That is the bigger thing to have even big then the os part.

  • Whoa, that's a Diebold system ... Diebold is that company whose name turns up on almost any news item related to voter fraud (and similar corruption) in the US, which you can see more clearly at sites like Black Box Voting.org [blackboxvoting.org]. I didn't know that there was an option for flashing those systems, already purchased by many municipalities, with a friendlier configuration (Free Software should be mandatory for processes like this which can only function with FULL transparency). This might be a viable out for ma

    • "Diebold is that company whose name turns up on almost any news item related to voter fraud (and similar corruption) in the US"

      You mean Diebold and ACORN are the same people????

    • by Zaatxe (939368)

      Whoa, that's a Diebold system ... Diebold is that company whose name turns up on almost any news item related to voter fraud (and similar corruption) in the US, which you can see more clearly at sites like Black Box Voting.org.

      Think about this: is Diebold trying to manipulate elections or is it just a hardware/software supplier? They are just supplying what they are ordered for.

    • Cool that it runs a Linux kernel, but every single pic from TFA clearly shows Diebold written all over (literally) - everything from the chassis/mold, GUI, and even the POST screen are customized to have Diebold on it...

      If only I had the mod points I had 2 days ago...
  • by DirtySouthAfrican (984664) on Tuesday October 14, 2008 @03:57PM (#25373557) Homepage
    Certainly the Year of Linux!
  • So I guess this is what Linus had in mind when he was talking about world domination all those years ago...

  • Brazil FTW (Score:2, Interesting)

    by juliohm (665784)
    As a Brazilian, born and raised here, I can say this is one of the few things I'm proud of in my country. Ever since they implemented the electronic voting process, things have never been more efficient. It may seem a bit "too open" by using open source code for this type of procedure, but I've seen articles explaining the entire process. Rest assured, the "open-sourceness" of this idea is the least of their concerns. The entire process is controlled and verified by multiple agents and doubled checked for
    • My country -Mexico- has many traits in which it is comparable to Brazil - About half of the population, about the same divide between rural and metropolitan areas. We have stuck with paper-based voting - Many of you will recognize the Mexican fraudocracy as not exactly clean. Still, we do have the electoral results "in time for the evening news" - with a certain error margin, of course. If the election is too close, the result is delayed by a couple of days. That does not require e-voting machines. And grea

      • by keeboo (724305)
        Sorry but no. You cannot compare Mexico to Brazil.
        Except from speaking Spanish which is related to Portuguese, each country has its own problems, its own economic structure (Brazil is not a slave to the U.S. concerning exports, for example) and each has its own political structure. You can consider Brazil as being 5 different countries each with its own mentality, all which happen to speak the same language.

        You may love your country, which has its own merits, and I respect that.
        But, please, do not try t
  • Linux in embedded applications is not necessarily any more secure than Windows. On both, if you take out things you don't need, so just run the kernel, minimal support applications, plus the custom application for your embedded device, you end up with about the same level of security.

    And that level is NOT good enough for voting machines. The right way to do a voting machine is to design a system (hardware and software) specifically for this one task. This system should be subjected to state of the art fo

    • Re: (Score:3, Insightful)

      by blazerw11 (68928)

      Linux in embedded applications is not necessarily any more secure than Windows. On both, if you take out things you don't need

      Your entire premise is flawed.

      if you take out things you don't need

      You can't take out things on Windows, thus you can't prove

      you end up with about the same level of security

  • by Nerdfest (867930)
    So ... exactly how many is a Brazilian? I hope they have an automated install process.
  • Legitimate voters.

    As the increasing fiasco with with the ACORN organization shows (when even CNN and MSNBC are wondering what's going on with ACORN's voter registration policies, something big is up), we may have to clamp down on voter verification procedures to stop or minimize problems such as:

    1) Voters registered in more than one precinct.
    2) Dead persons still registered to vote.
    3) Persons not eligible to vote still being able to vote (convicted felons and non-citizens).

    While the Linux-based system for e

At the source of every error which is blamed on the computer you will find at least two human errors, including the error of blaming it on the computer.

Working...