Linux On Brazilian Voting Machines, the Video 252
Augusto writes "Just 10 days ago, 130M Brazilian voters were turned into users of one of the largest Linux deployments worldwide: the 400,000 electoral sections in all of the 5,563 Brazilian municipalities were running electronic voting machines, and the Linux kernel was running in all of them. These voting machines have been used in Brazil since 1996, and are rugged, self-contained, low-spec PCs. We've discussed the technical details of this Linux deployment and implementation elsewhere, but I thought it would be interesting to show some pictures (and a movie) of Linux booting on these voting machines. So I asked for official permission and thus was helped by a technician while I took some quick pictures and made a small movie showing the boot process, where you can actually read the kernel messages."
Linux is great, but... (Score:5, Insightful)
If you can code it, you can hack it. If you have coders or admins, you have potential security threats.
Re:Linux is great, but... (Score:2, Insightful)
Re:Linux is great, but... (Score:5, Insightful)
My main question is who can modify the source of the software they're using, and how are they verifying that the binaries are unmodified. Generally, I agree that Linux doesn't belong there, but I don't think it's unreasonable to say that any software used in voting machines must be open source.
Here in the states, state law clearly defines how votes should be cast and counted. Without the source code to the program responsible for counting the votes, these laws will quite literally read something along the lines of:
1.Voters enter votes into machines.
2. ???
3. Voters receive election results.
The procedures for voting are a matter of public law. That must extend to procedures within the voting machines.
If you think that's putting too large a technical burden on the lawmakers, look at building codes, patent law, etc. It's a little too late to call for law that is perfectly accessible to non-technical citizens.
Re:Linux is great, but... (Score:4, Insightful)
It's much easier to destroy or modify 10,000 votes on a flash disk without a trace then destroy or modify 10,000 paper ballots without a trace.
Re:I spy with my little eye... (Score:2, Insightful)
The party that controls the election software also controls the outcome of the election. And, the next election after that one, forever.
Re:I spy with my little eye... (Score:3, Insightful)
Luckily Diebold are probably too incompetent to manage a hardware hack. However, the threat model for Brazil really ought to include CIA involvement.
Re:Linux is great, but... (Score:5, Insightful)
An election process has to provide the following characteristics (in some countries these are taken serious):
1. Access: Only people allowed for voting may place their vote
2. Equality: Each person may only be counted once and with the same weight of vote.
3. Privacy: Noone can find out for whom a person voted.
4. Secure against forgery:
1. Valid votes can not be changed/forged.
2. Valid votes may not be destroyed.
3. Invalid votes may not be added
5. Checkable: Each voter has the possibility, independent from any other person, to check the correctness of an election including all previous points.
( I didn't find this in the English Wikipedia, this is a quick translation from the German Wikipedia [wikipedia.org] )**.
You cannot ensure these with voting machines without the use of paper*. It is not a matter of code, just a fact of information and physics.
Use paper. Optionally with punchscan [punchscan.org] and the such. Even the cost factor is irrelevant. Democracy is worth it.
____
*Maybe with quantum computers. But can the average person check the setup? With paper, you can.
** I'd be grateful for a link
Re:Linux is great, but... (Score:3, Insightful)
Are you kidding? This may be a phyrric argument (either way of doing it is fraud, and a real problem.) But, if you think it's hard to exploit a security hole (hint, they are in every piece of election software ever written) and dramatically change the voting results with little effort and even less evidence, you need to do some research on election systems. Paper voting means a physical paper trail, it absolutely IS harder to hide/destroy something that was once real (paper ballots) than to find something that you don't know is there (security holes in election software.)
Re:Linux is great, but... (Score:4, Insightful)
If banks can transfer billions of dollars every day safely and securely (in many cases without even a paper trail), there is no reason why a decent electronic voting system can't be made.
Wow, that's a pretty terrible non-sequitur. The requirements for banking and voting are completely different. An ATM does not have to make sure that you cannot prove to anybody what you did when you used it. It does not have to prevent other people from tracing any action back to you. And if something goes wrong or someone tampers with the machine, you will know it sooner or later and can complain to your bank.
Re:Diebold (Score:3, Insightful)
it's because
Meaning they actually have to make a product worthy enough to get purchased over their competitors... instead of just getting an exclusive contract.
Everyone can steal a box? (Score:3, Insightful)
I don't think so. Remember that it isn't enough to merely change votes; that just wins you a quick ticket to prison. The criminals' goal is to change votes without being caught by any election observers who are watching the polls. And what system makes that goal easier to achieve? Creating an electronic voting machine that can change digital ballots undetected just requires basic programming skills and access to the machine. Creating a ballot box that can change paper and pencil ballots undetected requires magic.
Or to look at honest goals instead: securing a paper ballot box requires that you send someone who you can trust to watch every ballot going into it. Securing an electronic ballot box requires that you send someone who you can trust to watch the voltage on every transistor. Only the former can be accomplished by human eyes.
Re:This is the wrong way to do a voting machine (Score:3, Insightful)
Your entire premise is flawed.
You can't take out things on Windows, thus you can't prove
Re:Free vote (Score:3, Insightful)
We have 30 million people, of which we take some small fraction to count by hand all the votes. I don't see the magical point between 30 million (in Canada) and 300 million (in the US), for example, where this small fraction of people would become necessarily larger.
It's not the population that makes the difference, it's the complexity of the ballot. Because we we vote for national, state and local officials all on the same day and because we vote for individual office holders rather than parties, our ballots tend to be very long, with lots of difference choices expressed. I didn't count in 2006, but in 2004 my ballot had over 60 separate decisions to be made.
Because of that, hand counting US ballots takes much more effort. Not so much that it couldn't be done, of course -- it was done that way for many years. Enough so that it takes a while, though, and we're impatient.