Linux On Brazilian Voting Machines, the Video 252
Augusto writes "Just 10 days ago, 130M Brazilian voters were turned into users of one of the largest Linux deployments worldwide: the 400,000 electoral sections in all of the 5,563 Brazilian municipalities were running electronic voting machines, and the Linux kernel was running in all of them. These voting machines have been used in Brazil since 1996, and are rugged, self-contained, low-spec PCs. We've discussed the technical details of this Linux deployment and implementation elsewhere, but I thought it would be interesting to show some pictures (and a movie) of Linux booting on these voting machines. So I asked for official permission and thus was helped by a technician while I took some quick pictures and made a small movie showing the boot process, where you can actually read the kernel messages."
Linux is great, but... (Score:5, Insightful)
If you can code it, you can hack it. If you have coders or admins, you have potential security threats.
Re: (Score:2, Insightful)
Re:Linux is great, but... (Score:4, Insightful)
It's much easier to destroy or modify 10,000 votes on a flash disk without a trace then destroy or modify 10,000 paper ballots without a trace.
Re: (Score:2, Funny)
I can't decide if you need to start watching more CSI, or less of it.
Re: (Score:3, Insightful)
Are you kidding? This may be a phyrric argument (either way of doing it is fraud, and a real problem.) But, if you think it's hard to exploit a security hole (hint, they are in every piece of election software ever written) and dramatically change the voting results with little effort and even less evidence, you need to do some research on election systems. Paper voting means a physical paper trail, it absolutely IS harder to hide/destroy something that was once real (paper ballots) than to find something
Re: (Score:2, Informative)
Re: (Score:2)
Think so? Watch the video linked here:
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/NEZeWb0ZS-w/article.pl [slashdot.org]
Re: (Score:2)
There are easier ways to fix a ballot, set the boundaries so that seats you lose you lose badly taking opposition votes away from neighboring districts you can win.
make your opponents voters ineligible to vote and or ensure that long delays occur in opposition strongholds.
you don't need to rig or tamper votes cast provided you ensure your oppositions supporters never get to the ballet box where it matters.
Imagine the frustration of being able to vote in a district where your preferred candidate has a majori
Re: (Score:3, Interesting)
Re: (Score:2)
Rigging an election will always be possible, regardless if it is paper or electronic.
It is much harder to rig a paper ballot if you have a lot of individuals monitoring polling stations by videotaping the process and also following where they take the votes! Please go to blackboxvoting.org to find out how to best monitor your election.
The problem with most electronic voting machines is that even when you participate the votes could easily be manipulated at a central tabulating location.
You should never expe
Re:Linux is great, but... (Score:5, Interesting)
Re: (Score:2)
How will I scrutinize it? How can I prove that the software running the machines is the same that I got to inspect, and that the hardware hasn't been compromised?
The only way to do secure e-voting is to use it for quick results and always do a manual recount afterwards. This obviously requires printing the votes.
Re:Linux is great, but... (Score:4, Informative)
Voter verified paper trail. IIRC, the machines in Brazil have one. In addition random hand recounts of precincts are needed as well.
Re: (Score:2)
How will I scrutinize it? How can I prove that the software running the machines is the same that I got to inspect, and that the hardware hasn't been compromised?
The only way to do secure e-voting is to use it for quick results and always do a manual recount afterwards. This obviously requires printing the votes.
How will you scrutinze them? How can you prove that the manual records of the votes you have been provided are the same ones voters actually created? And that they haven't been substituted with forg
Re: (Score:2)
How will you scrutinze them? How can you prove that the manual records of the votes you have been provided are the same ones voters actually created?
I can choose to watch the votes from the time they get put into the boxes to the time they get counted and recounted. I can check that the counts from the voting place I watch match what the newspapers report the following days.
I can't watch the whole nationwide counting myself, but I know that others will watch other areas.
Absentee ballots are a problem.
Each voter should... (Score:2)
Code his own routine to make sure his vote is accounted for
Re: (Score:2)
The bigger the compiler, the bigger the places to hide malicious code. How hard would it be to construct a PERL interpreter (for example) that awaited a very specific set of instructions and manipulated them subtly. If the same person had access to the interpreter and the code, they could accomplish this easily. No amount of skilled inspection of the code would turn up wrongdoing, you would have to inspect every line of the interpreter as well. It's not safe to just assume they will be running a standar
Re: (Score:2)
What's to say the "md5sum" executable on that machine is clean?
Re: (Score:2)
Re: (Score:2)
And what if the hardware is trojaned? How do you prove that it isn't? The only way to be sure is to reverse engineer the chips, and I bet that isn't done. The costs would be horrendous, and in the end I'd still have to just accept the word of a few experts.
Re: (Score:2)
Nonsense.
One security hole, anywhere in that electronic system, allows the entire system to be rigged. The first security hole is that the vast majority of people cannot tell the difference between a technician repairing a broken voting computer, and a technician rigging a voting computer. Second is that the software that is loaded might not match the software that is scrutinized. There are lots of others.
The security that works to prevent pieces of paper from being manipulated is well understood. Ask
Re: (Score:2)
Public key signing makes it trickier to rig the election.
Check the keys before and after the election.
Very difficult to rig it.
You have to go on to security flaws or more difficult ways of doing it.
Re:Linux is great, but... (Score:5, Insightful)
An election process has to provide the following characteristics (in some countries these are taken serious):
1. Access: Only people allowed for voting may place their vote
2. Equality: Each person may only be counted once and with the same weight of vote.
3. Privacy: Noone can find out for whom a person voted.
4. Secure against forgery:
1. Valid votes can not be changed/forged.
2. Valid votes may not be destroyed.
3. Invalid votes may not be added
5. Checkable: Each voter has the possibility, independent from any other person, to check the correctness of an election including all previous points.
( I didn't find this in the English Wikipedia, this is a quick translation from the German Wikipedia [wikipedia.org] )**.
You cannot ensure these with voting machines without the use of paper*. It is not a matter of code, just a fact of information and physics.
Use paper. Optionally with punchscan [punchscan.org] and the such. Even the cost factor is irrelevant. Democracy is worth it.
____
*Maybe with quantum computers. But can the average person check the setup? With paper, you can.
** I'd be grateful for a link
Re: (Score:2)
What's interesting for me is 5. Checkable.
Maybe the machines can print an anonymous vote ID with indicated choices which the voter takes with them. The voter then can double check the choices he made by anonymously logging onto a website and entering the random vote ID.
Now, how do you connect to a website anonymously is another matter (i.e., the web server may still log access IP and connect it to the requested vote id, but that's another matter).
Re: (Score:2)
Public library if your that paranoid about your single vote.
Re: (Score:2)
Without additional checks and balances, this is a bad idea because it facilitates vote-selling and coercion. Admittedly, these are also problems with absentee ballots, but why make the problem worse?
However, with some checks and balances, it's fairly easy to provide a way that an individual voluntarily cooperating with election and law enforcement officials could verify that the
Re: (Score:2)
You would need some cryptographic check that
1. Your vote was taken into account
2. The total were tallied correctly
3. The number of votes matches the number of ballots cast.
All of this without relying on a third party, be it either a hardware vendor or the elections organizer, with anonymousity respected, and with the impossibility to prove w
Re: (Score:2)
E-voting has a huge potential for general issues that make the rigging of a whole national election possible.
Which makes it different from paper voting exactly how? Paper voting has been manipulated in the US for years (cf. Chicago, Florida and Ohio) and has very recently fucked us over egregiously, leading to the catastrophe that is the US government today.
I don't think e-voting is magic by any means, but I also don't see any reason to doubt that it can be made reasonably resilient and trustworthy. Lik
Re: (Score:2)
Receipts and bank statements are precisely what keeps banks honest. They know people can and do independently verify their contents and will catch them if they start stealing money from the accounts. But for an election you do not know what the result will be in advance and you cannot independently verify that it is correct.
I agree that verification is required. What I don't agree with is that it cannot be achieved. It's a hard problem, to be sure. But why not try to solve it, rather than pouting and sta
Re: (Score:2)
Electronic voting is also superior in terms of accessibility to the disabled and reading-impaired. It really is a better way to vote. But as usual, the devil is in the details.
Re:Linux is great, but... (Score:5, Interesting)
yea your right, what we need is a bunch of paper, marked in #2 pencil in a box. Yea that is much more secure. not everyone can hack an encrypted voting machine, everyone can steal a box and reprint voting forms.
Re:Linux is great, but... (Score:4, Funny)
No, you need cards with little holes that get punched out to indicate your selections. Those work much better.
Re: (Score:2)
Re: (Score:2)
Re:Linux is great, but... (Score:5, Interesting)
Physical security is something we're really good at. Thousands of years of experience. That doesn't mean that there are no failures, but in general you can at least detect that tampering took place and that it was deliberate.
With voting machines, you get a bunch of places where candidates happen to win by a 16384 vote margin -- is that deliberate tampering, machine error, or maybe just plain luck? You'll never know, and therefore you'll probably never catch the criminals.
Re: (Score:2)
So, did they find out that the butterfly ballot [wikipedia.org] was deliberate tampering? Or was it just an accident, like a hanging chad [wikipedia.org]?
If you really must use a microscope on a paper ballot [cnn.com] to determine the voter's intent, wouldn't it be better to use the same thoroughness in inspecting the electronic voting process to make sure that no tampering was done?
Re: (Score:2)
I believe the butterfly ballot was an accident. Either way, the problem has been found, and good ballot formats are well known.
Your hanging chad thing is a complete strawman, voting machines are bad whether they look like the analytical engine or something from Star Trek.
Re: (Score:2)
There is no better version. All you can do is add complications, and complications is exactly what you don't want in an election.
An election not only has to be fair, it has to be convincingly fair. Otherwise you get the losing party whining and staging protests and so on. An electronic election can never be convincingly fair.
Re: (Score:2)
How much damage can one man do by stealing one voting box? How much damage can one man do by subverting the code installed on every voting machine in the state?
Traditional voting systems require a large conspiracy to have a large effect on the outcome. Electronic voting systems can be subverted by one person with access to the source code or even just the compiler.
Re: (Score:2)
This is not insightful. Everyone can steal a voting machine just as easily. Since the voting records are stored on memory cards, you can steal a LOT MORE OF THEM... hundreds in your pockets.
As an added multiplier, if you implement your hack in the right place, you can also corrupt A LOT MORE voting machines at once, and therefore a lot more votes at once.
No system will be 100% secure, but paper voting is the easiest TO secure. I didn't RTFA, but anyway, I thought the brazilian machines just printed out a
Everyone can steal a box? (Score:3, Insightful)
I don't think so. Remember that it isn't enough to merely change votes; that just wins you a quick ticket to prison. The criminals' goal is to change votes without being caught by any election observers who are watching the polls. And what system makes that goal easier to achieve? Creating an electronic voting machine that can change digital ballots undetected just requires basic programming skills and access to the machine. Creating a ballot box that can change paper and pencil ballots undetected requ
Re:Linux is great, but... (Score:5, Insightful)
My main question is who can modify the source of the software they're using, and how are they verifying that the binaries are unmodified. Generally, I agree that Linux doesn't belong there, but I don't think it's unreasonable to say that any software used in voting machines must be open source.
Here in the states, state law clearly defines how votes should be cast and counted. Without the source code to the program responsible for counting the votes, these laws will quite literally read something along the lines of:
1.Voters enter votes into machines.
2. ???
3. Voters receive election results.
The procedures for voting are a matter of public law. That must extend to procedures within the voting machines.
If you think that's putting too large a technical burden on the lawmakers, look at building codes, patent law, etc. It's a little too late to call for law that is perfectly accessible to non-technical citizens.
Re: (Score:2)
If you think that's putting too large a technical burden on the lawmakers, look at building codes, patent law, etc.
Should also note that because voting is mostly a state (non-federal) affair, minimum standards should first be set the federal government. The current mess we're in stemmed from George W. offering up money for the states to revamp their voting systems (after the chad fiasco), and allowing local legislators to spend that money as they saw fit. That, regrettably, amounted to local officials call
Re:Linux is great, but... (Score:5, Informative)
From TFA:
All political parties have access to the source code, and digitally sign the executable code, and thus can confirm, at any individual machine, that the running software is the official one.
Re: (Score:2)
Short of removing the boot CF card and BIOS flash from the machine, and dumping them with a known-good machine, how does one verify that the machine was not tampered with? The BIOS could inject system management mode hooks to mess with votes for example - apart from a few microseconds of latency here and there, the OS would be none the wiser.
And if you /do/ dump the BIOS and CF card using some machine known good to one party, how does the other party know you didn't reflash it while you were in possession o
Re: (Score:2, Informative)
Re:Linux is great, but... (Score:4, Interesting)
If banks can transfer billions of dollars every day safely and securely (in many cases without even a paper trail), there is no reason why a decent electronic voting system can't be made. Compared to an ATM, a voting machine should be a piece of cake, you don't have to worry about verifying the user's identity. You don't need to check the balances and rights. All you need to do is accept and record the current user's vote, them reset for the next user.
Do give us open source so there are 50,000 coders doing Q&A on it. Do give us a paper trail so that if there is any suspision then the vote can be verified. Do involve election officials in at least the requirements process.
Don't give us a function that clears all votes made on the system so that polling officers can 'adjust' the vote. Don't give us hardware which uses the same exact key to unlock every case. Most important, Don't try to cover it up if you screw the pooch; let us know so the recount can be performed by hand.
Re:Linux is great, but... (Score:4, Insightful)
If banks can transfer billions of dollars every day safely and securely (in many cases without even a paper trail), there is no reason why a decent electronic voting system can't be made.
Wow, that's a pretty terrible non-sequitur. The requirements for banking and voting are completely different. An ATM does not have to make sure that you cannot prove to anybody what you did when you used it. It does not have to prevent other people from tracing any action back to you. And if something goes wrong or someone tampers with the machine, you will know it sooner or later and can complain to your bank.
Re: (Score:2)
Does a paper ballot verify your identity before you fill in the little circles? It's not the machine's responsibility to verify the voter's right to vote. That is up to the poll workers just as it is now.
Re: (Score:2)
01110101 01110010 00100000 01100001 00100000 01100111 01100101 01100101 01101011
Hey, I'm not a geek!
(OK, maybe I am one..)
Re: (Score:2, Interesting)
Can't you have both?
You can always use electronic voting that prints out paper votes, which are cast in a real life ballot. The voter then knows that nothing has been tampered with, the press gets ultra-fast draft results and the final results come from manually counting the printouts.
Re: (Score:2)
It would insure morons could fill out the ballots properly and we'd still have an audit trail. I'm all for it.
Re: (Score:3, Informative)
What if we did this:
When you go to vote, you take a one-way hash (md5sum or something) of your SSN or SSN+lastname+phone or some other unique identifier, and enter that along with your vote.
An official website lists each person's hashed ID and non-hashed vote. I can always check that my vote was registered correctly (and maybe repeat (before some deadline) until it is what I wanted it to be).
I can download everyone's vote and count them myself.
If there is a discrepancy, the responsible election off
Re: (Score:2)
I like your thinking, but as expressed, this would let everyone check everyone else's vote, if they can get the same information about the other person. You have to have some really private info as part of this.
Wait, what about a password?
Can I get a patent for this?
Re: (Score:2)
Ah, yes, of course--protecting your vote from your neighbour isn't so hard, since your neighbour doesn't generally know your SSN. But the much more important job of protecting your vote from the government is handled, um, shall we just say "poorly", by my proposal. Yes, the addition (as you suggest, we still need something close to uniqueness) of a password ought to solve it, assuming people remember theirs. Of course, one could still at least verify a guessed password, since there are about 2^28 people
Re: (Score:2)
You'd be able to prove your vote to a third party. This means that buying votes becomes very practical. The main defense against vote-buying at the moment is the fact that nobody can determine if the vote seller actually went through with their end of the bargain, and so it's a very iffy investment (I'd gladly take money for voting for McCain if I couldn't be held responsible for not following through, after all)
Re: (Score:2)
I disagree. (Score:2)
The InkaVote ballot readers that Los Angeles County uses run Linux. Red Hat Enterprise Linux. I know, I'm a pollworker, and I've seen 'em boot. BTW the precinct readers are there to guard against blank ballots and overvotes...the paper ballot is the record of the vote in LA County.
Re: (Score:2)
Re: (Score:2)
Free vote (Score:5, Interesting)
Free software for free votes, what a great match-up. Plus, it beats the Diebold machines running on Windows CE that kept crashing. [nytimes.com]
Incidentally, I just voted in our Canadian federal election and we're still using the pencil-and-paper and human-counted voting method. Slower, but still the most reliable and secure method IMO.
Re:Free vote (Score:5, Funny)
Yeah, well, there's only like 47 people living in Canada - that makes things easier to do by hand.
Re: (Score:2)
there's only like 47 people living in Canada
This time of year, true, because all our crotchety seniors are packing every single Dennys and Country Kitchen Buffet in Florida! Ha ha, take that, America's wang!
that makes things easier to do by hand
It's just so cold and lonely... we can't help but "do things by hand" if you know what I mean. I'd say "things... like your mom" but I don't know if we stoop to such things on Slashdot.
Re: (Score:3, Interesting)
With pen and paper voting in the US, we'd need 10 times as many people to rig the election, thus greatly increasing the chance that someone would talk about it. Whereas with computerized voting machines, we don't have that problem.
Re: (Score:3, Insightful)
We have 30 million people, of which we take some small fraction to count by hand all the votes. I don't see the magical point between 30 million (in Canada) and 300 million (in the US), for example, where this small fraction of people would become necessarily larger.
It's not the population that makes the difference, it's the complexity of the ballot. Because we we vote for national, state and local officials all on the same day and because we vote for individual office holders rather than parties, our ballots tend to be very long, with lots of difference choices expressed. I didn't count in 2006, but in 2004 my ballot had over 60 separate decisions to be made.
Because of that, hand counting US ballots takes much more effort. Not so much that it couldn't be done, of
Re: (Score:2)
Re: (Score:2)
I actually prefer pen and paper. There's good reason for this: pencil marks can be erased or smudged, and that causes no end of problems for both machine and hand reading of ballots. (It's the "hanging chad" problem all over again.)
Re: (Score:2)
Interesting point about the pen versus pencil. But I don't think it would make any difference. This morning I used the provided little yellow golf pencil to mark my "X" and then hand in my paper ballot. Each ballot has a unique number which the volunteer receiving my ballot ripped off, and recorded on the voters' list next to my name. Then I shoved my ballot in the cardboard box, and walked out.
The whole time, scrutineers from various political parties sat behind the volunteers, watching, making sure nothi
A geek question (Score:2)
Anybody know what these are running - or at least what it is based on?
From the pics I cannot tell much.
Is this a custom build or a distro hack?
[edit]
Just checked the picture again and saw MINIX - could it be?
[/edit]
Is the voteing software open source? (Score:2)
That is the bigger thing to have even big then the os part.
Still needs a paper trail... (Score:2)
Whoa, that's a Diebold system ... Diebold is that company whose name turns up on almost any news item related to voter fraud (and similar corruption) in the US, which you can see more clearly at sites like Black Box Voting.org [blackboxvoting.org]. I didn't know that there was an option for flashing those systems, already purchased by many municipalities, with a friendlier configuration (Free Software should be mandatory for processes like this which can only function with FULL transparency). This might be a viable out for ma
Re: (Score:2)
"Diebold is that company whose name turns up on almost any news item related to voter fraud (and similar corruption) in the US"
You mean Diebold and ACORN are the same people????
Re: (Score:2)
Whoa, that's a Diebold system ... Diebold is that company whose name turns up on almost any news item related to voter fraud (and similar corruption) in the US, which you can see more clearly at sites like Black Box Voting.org.
Think about this: is Diebold trying to manipulate elections or is it just a hardware/software supplier? They are just supplying what they are ordered for.
Mod up = it's on the pics (Score:3, Informative)
If only I had the mod points I had 2 days ago...
Linux running on a brazillion voting machines? (Score:4, Funny)
ah, I see now (Score:2)
So I guess this is what Linus had in mind when he was talking about world domination all those years ago...
Brazil FTW (Score:2, Interesting)
But that's not because of e-voting! (Score:2)
My country -Mexico- has many traits in which it is comparable to Brazil - About half of the population, about the same divide between rural and metropolitan areas. We have stuck with paper-based voting - Many of you will recognize the Mexican fraudocracy as not exactly clean. Still, we do have the electoral results "in time for the evening news" - with a certain error margin, of course. If the election is too close, the result is delayed by a couple of days. That does not require e-voting machines. And grea
Re: (Score:2)
Except from speaking Spanish which is related to Portuguese, each country has its own problems, its own economic structure (Brazil is not a slave to the U.S. concerning exports, for example) and each has its own political structure. You can consider Brazil as being 5 different countries each with its own mentality, all which happen to speak the same language.
You may love your country, which has its own merits, and I respect that.
But, please, do not try t
This is the wrong way to do a voting machine (Score:2)
Linux in embedded applications is not necessarily any more secure than Windows. On both, if you take out things you don't need, so just run the kernel, minimal support applications, plus the custom application for your embedded device, you end up with about the same level of security.
And that level is NOT good enough for voting machines. The right way to do a voting machine is to design a system (hardware and software) specifically for this one task. This system should be subjected to state of the art fo
Re: (Score:3, Insightful)
Your entire premise is flawed.
You can't take out things on Windows, thus you can't prove
Wow. (Score:2)
There's also a new problem: (Score:2)
Legitimate voters.
As the increasing fiasco with with the ACORN organization shows (when even CNN and MSNBC are wondering what's going on with ACORN's voter registration policies, something big is up), we may have to clamp down on voter verification procedures to stop or minimize problems such as:
1) Voters registered in more than one precinct.
2) Dead persons still registered to vote.
3) Persons not eligible to vote still being able to vote (convicted felons and non-citizens).
While the Linux-based system for e
Re:I spy with my little eye... (Score:5, Informative)
The hardware is publically bought (in recent years, Diebold has been the main provider), but the software is developed in house by the Electoral Justice.
Re: (Score:2, Insightful)
The party that controls the election software also controls the outcome of the election. And, the next election after that one, forever.
Re: (Score:2)
Re: (Score:3, Informative)
Yeah, I find it hilarious that in one story Slashdotters can rant and rave about how terrible Diebold is, and then just gloss over that fact in another which just so happens to also be about Linux.
Re: (Score:3, Insightful)
Luckily Diebold are probably too incompetent to manage a hardware hack. However, the threat model for Brazil really ought to include CIA involvement.
Re: (Score:2)
I'd be more worried that their digital signature chain scheme might not be verified properly, myself.
Also, you wouldn't need a hardware hack - the BIOS can inject System management mode [wikipedia.org] hooks to do all kinds of fun, on x86 platforms.
Re: (Score:2)
Even more hilarious is the fact that this article is "from the eat-your-heart-out-diebold dept." So, um... what exactly is diebold eating their heart out over?
I mean we all know the editors can't be arsed to RTFA but you'd think they'd at least look at the pretty pictures...
Re: (Score:2)
Talking about drivers - in the one picture you can see the USB fingerprint reader's driver loading. I find that interesting as our local LUG had a discussion a while back about the lack of support for fingerprint readers on some of the newer laptops.
Am I correct in assuming that these drivers are open to share and could be used on a laptop to try and get it's fingerprint scanner to work?
Re: (Score:2)
There have been linux-compatible fingerprint scanners with open-source drivers since 2001. That doesn't mean the scanner in your laptop will work... It's probably a different scanner.
Re: (Score:2)
I kinda figured as much.
Thanks.
I've always wondered about that (Score:2)
Why can't we make a secure, or indeed even a vaguely useful electronic voting system when we can make a perfectly secure electronic system that prints lottery tickets?
Has anyone ever heard of a lottery machine being hacked to print a winning ticket?
There's on on every corner market here in the US. Hundreds of thousands of them. They all link to some computer somewhere that records what was sold and when. You get a ticket with your numbers on it, along with some barcoded looking info to verify it's a
Re: (Score:2)
On the other hand, world wide, most corr
Re: (Score:2)
It appears theses machines are made by Diebold. Why don't we use them in the US elections instead of the terrible versions we seem to get statside.
Are you new on politics or is my sarcasm detector offline?
Re: (Score:3, Insightful)
it's because
Meaning they actually have to make a product worthy enough to get purchased over their competitors... instead of just getting an exclusive contract.
Re: (Score:2)
Because the current administration found out these cost 200 Brazilian dollars each and thought that meant some big number larger than billion.
the code can be 100% transparent (Score:2)
in how it describes the completely opaque methodology by which secures transactions
duh
Re: (Score:2)
It's a distributed system. You would have to bribe a lot of people (and the civil servants who make it all happen are well paid indeed) unless all you wanted to do were to elect someone at the municipal level. If you tried to elect a president by messing with the votes at the center of the system, you'd have to make the numbers agree with the local (state and municipal) tallies. The ballots are audited with overview from all the parties. You are just overly paranoid.