Contest To Hack Brazilian Voting Machines 101
An anonymous reader writes "Brazilian elections went electronic many years ago, with very fast results but a few complaints from losers, of course. Next month, 10 teams that accepted the challenge will have access to hardware and software (Google translation; original in Portuguese) for the amount of time they requested (from one hour to four days). Some will try to break the vote's secrecy and some will try to throw in malicious code to change the entered votes without leaving traces."
Hack the judges (Score:5, Insightful)
Re:First prize (Score:2, Insightful)
winners will be executed
We are in Brazil not in the USA.
Really quite an accomplishment (Score:1, Insightful)
Seriously one of the ten teams who figured they could hack a 'brazilian' voting machines in 'one hour', kudos.
Re:why is electronic voting so hard? (Score:3, Insightful)
If it was that foolproof, it would be difficult for the people in power to tamper with it if they ever wanted to.
Re:why is electronic voting so hard? (Score:4, Insightful)
The simplist explanation is that corruption is the problem not the technical aspects of these voting machines. These errors wouldn't be tolerated with ATM machines because the public seems to care a lot more if their bank account is fraked with but not so much their vote for some reason... That's the only real way to clean up the corruption; get the public to put real pressure on the entities involved in the voting process.
Re:why is electronic voting so hard? (Score:3, Insightful)
Verifiability. And that is almost impossible if you don't provide a printout. All the solutions that provide a printout could succeed though, for example Bingo voting [bingovoting.de] or Punchscan [punchscan.org].
So far companies such as Diebold sell "we know this is 100% secure, trust us" and that seems to be what sufficed for the people choosing a product. Cost, loss of democracy and provable security haven't been a criterion it seems.
Re:Hack the judges (Score:3, Insightful)
Why is electronic voting so "popular"? (Score:4, Insightful)
Actually the puzzling thing to me is why is electronic voting so "popular". Why do the people in charge keep promoting it?
Most electronic voting systems are bad at a very important requirement:
Convincing the loser (and enough of his supporters) that he lost.
The system doesn't just have to work correctly, it has to be accepted as working correctly (enough).
With various fancy cryptography and systems it is possible to have an electronic system that is anonymous, verifiable and reasonably secure (see: http://www.youtube.com/watch?v=ZDnShu5V99s [youtube.com] for ideas on how this could be done), but as far as I can tell, they're not going for such systems.
So why not just stick with paper ballots in a process where almost everything is done in the open? That way the eventual loser's representatives, 3rd party observers, various other people can observe every count of each vote. It's simple enough to understand. While postal votes can still be used to rig stuff, most electronic voting systems are also vulnerable to that same problem.
That paper based system may take a bit more time, but it scales reasonably well - the more voters there are, the more volunteers there should be for counting. I'm assuming that it's not a case where too many of the citizens either can't count or are too lazy to do so.
Re:Hack the judges (Score:2, Insightful)
Re:why is electronic voting so hard? (Score:3, Insightful)
These errors wouldn't be tolerated with ATM machines because the public seems to care a lot more if their bank account is fraked with but not so much their vote for some reason...
[Citation Needed]
Are you thinking of the same ATMs that I am?
Many ATMs are Windows running on commodity hardware.
I've seen a few whose entire functionality is a java applet sitting on the desktop.
I can't dispute your assertion that "the public seems to care,"
but I will dispute your claim that "these errors wouldn't be tolerated".
I dispute the claim because we don't know.
ATM mfgs & banks don't report to anyone.
There are no statistics to prove or disprove the security of ATMs.
There are no standards for coding ATM software (like there is for airlines).
But, from the SNAFUs that have become public, a good working theory should assume that the code is crap.
Feel free to replace "ATM" with "Voting Machine" and almost everything I've said still applies.
Except for the standards part, but IIRC there was recent news showing that the mfgs violate that anyways.
P.S. Lol @ ATM machine
Re:Why is electronic voting so "popular"? (Score:3, Insightful)
Actually the puzzling thing to me is why is electronic voting so "popular". Why do the people in charge keep promoting it?
Here are the problems that e-voting solves:
Handicap accessibility
ballot complexity
hanging chads/questionable pencil marks
Electronic voting in its current form resolves these problems.
Unfortunately, in its current form, it introduces serious problems in verifying the vote.
Possible false sense of security (Score:2, Insightful)
What if the machines "pass" this contest?
A real attack would likely involve more than a few days of effort, and might well have access to inside information not available to the red teams in the contest.
If nobody breaks in, that will prove very little about the security of the machines.
Lets do it here, too. (Score:4, Insightful)
I like this idea. Voting systems corporations claim their solution is accurate and secure, let them put their money where their mouth is and let people try and crack it. If their machine's security depends on nobody being allowed to even try then it's all theater.
Re:why is electronic voting so hard? (Score:3, Insightful)
Most of the problems with ATMs that I've heard of involve hacking into the system, and utilising social engineering attacks. Electronic voting machines have had problems that go far beyong those:
*social engineering attacks
*weak physical security to the point of being able to access the machines' innards with a hotel key
*federally illegal code used on sequoia voting machines leaked to the public
*errors in tabulating votes sometimes in the thousands
There are more but I think I've already made my point. The string of failures and bafflingly simple errors in basic security of these voting machines leads one to wonder just how much corruption has overridden technical prowess in the making of these machines. They can do it right, there is just a huge incentive not to.
A lesson taught to other countries (Score:0, Insightful)
It's interesting to see that true care for democracy can rise in some developing countries while it keeps fading in other, richer ones where the political model tends to oligarchy backed by pre-orwellian laws.
Re:Lets do it here, too. (Score:3, Insightful)
And you couldn't say that there is a much more worthy target for both white and grey hats. From crashing computer networks, hacking goes on to secure the logical foundation of democracy; voting.
With some luck they will devestate the voting machines and companies, and create public uproar in the process. Civilization progresses when people care.
Re:Lets do it here, too. (Score:2, Insightful)
I like this idea. Voting systems corporations claim their solution is accurate and secure, let them put their money where their mouth is and let people try and crack it.
All it will prove is that these machines are hard to hack for outsiders. But the number one threat is that of insiders; mainly the government in place (who has most to lose in an election) and corrupt programmers at the company making the voting computers.
But I can't verify the system... so it's useless (Score:3, Insightful)
Re:Possible false sense of security (Score:1, Insightful)
Shush. Making the system appear secure is the point of the contest. Not finding a flaw does not mean there is no flaw, or we would all ship flawless systems. The purpose of hacking contests is therefore marketing and marketing alone.
Re:Why is electronic voting so "popular"? (Score:3, Insightful)
Most likely it's simply an issue of "follow the money".
So whyion not just stick with paper ballots in a process where almost everything is done in the open? That way the eventual loser's representatives, 3rd party observers, various other people can observe every count of each vote. It's simple enough to understand. While postal votes can still be used to rig stuff, most electronic voting systems are also vulnerable to that same problem.
One thing to also remember is that changing the mechanics of the polling process does nothing to address voter intimidation, gerrymandering, conflicts of interests between people running the election and candidates, differing nomination/campaigning rules for different candidates, etc. Many of which are actually far bigger problems...
That paper based system may take a bit more time,
Such systems are generally quick enough for political systems where the results of the election take effect within hours/days. In places such as the USA elected people may not actually start for weeks/months after the election. What is the situation in Brazil?
Re:why is electronic voting so hard? (Score:3, Insightful)
write a simple app that writes the vote to a flat text file,
Thus writing the votes sequentially. If you independently record the order in which people vote (audio recorder in your pocket), then you can pretty easily know how each of them voted. See, you've failed at preserving voter privacy already. Preserving it requires randomizing the order of the votes in some way, which is not very practical with a flat text file.
pretends to then read the recorded result back to the voter for them to confirm,
Fixed that for you. What's written in the file does not have to match what's recorded in the file and the voter will never be able to prove anything. The software you wrote may not be the one that's used during the elections either. And again it's unlikely you'll be able to prove anything.
and store a hash of the result separately. encrypt all the drives, lock down the hardware in each location with steel boxes and armed guards if needed.
All this protects is the result. You need to prevent tampering of the software and yet make it possible to update it to integrate fixes (unless you claim to be able to produce bug-free software in your first attempt). You also need to make it possible to change the ballot definitions obviously (unless you plan on your system being used only once and then thrown away), and yet prevent non authorized parties (including election employees) from hacking them.
encrypt all the drives,
Encryption is to prevent unauthorized parties from reading the disk. What you really want is signing of all the executable code by a trusted authority so you can detect any tampering. The problem is finding a trusted authority: it obviously cannot be the government in place, not the voting computer manufacturer either, a random bloke taken off the streets? (who picks him?)
Yet another problem is that none of this lets the voter verify the voting machine in front of him has not been hacked on election day.
transport the results out of the voting location with the votes and hash separately and count then use the hash to verify that the count wasn't tampered with in transit etc.
All election officials have to do is prepare matching votes and hashes in advance of the election and substitute them for the real ones during transport, or in the secure storage room to which the public does not have access. Lesson: as soon as something leaves the polling place, and thus escapes the surveillance of the public, you can assume it has been corrupted.
Re:Why is electronic voting so "popular"? (Score:3, Insightful)
Thing is that the "hanging chad" issue is related to a mechanical, quite possibly in parts electronic, system anyway. Using Hollerith cards as ballot papers can only be described as a "hack" in the first place. If anything the underlaying problem is too much (inappropriate) technology being used to vote.
Those two words, in turn, gave rise to another infamous two words: Bush v. Gore.
How would electronic voting machines have dealt with the conflict of interests issue of Jeb Bush not reclusing himself?
Re:why is electronic voting so hard? (Score:3, Insightful)
These errors wouldn't be tolerated with ATM machines because the public seems to care a lot more if their bank account is fraked with but not so much their vote for some reason...
When an ATM machine makes a mistake they very quickly see the result of it on their bank statement. So yes, they then get upset.
When a voting machine makes a mistake, someone still gets elected with no one the wiser (unless the error was huge like more votes than voters). So since nobody knows the machines made a mistake (or were hacked) nobody cares or is upset.
Re:why is electronic voting so hard? (Score:4, Insightful)
what boggle my mind that slot machines are constructed to be more secure and more easily auditable(to make sure the settings conform to regulations) than voting machines.
Re:But I can't verify the system... so it's useles (Score:3, Insightful)
Exactly. I have a PhD in computer science and a lot of experience debugging other peoples' code. If you gave me the source code to an electronic voting system, I could not be more than 50% sure that I had found all of the potential ways of exploiting it. Even if I do manage to convince myself that it is bug free, which might be possible if it were developed using formal methods, then I still have no way of verifying that the software that I audited is the software I am using to vote. More than 99% of the population is likely to be less able to audit the code.
We don't use electronic (or mechanical) voting here, we use a pen and paper. I can look at the paper and validate that it has the mark next to the candidate that I wanted. I can then put it in a box. If I want, I can volunteer to watch the box and see that no one removes ballots from it before it is counted. I can then watch, or even participate in, the counting. The number of votes counted is then published and I can check the totals match for the constituency. Anyone with basic numeracy can validate this mechanism. Most people don't choose to, but each of the candidates will nominate people that they trust to do so and they can select these people from the entire population, not just from some technical priesthood.
Why we generally trust the electronic voting (Score:4, Insightful)
- You OUGHT to vote if you are a Brazilian citizen between 18 and 70, and is not illiterate. You get in a lot of trouble if you don't.
- You don't register for avery election; you have a "voting ID" valid for every public election.
- You have to vote in a specific designated place (noted in your "voting ID"), generally the closest voting section from the address you provided when getting your "voting ID". If you are away, you have to justify the absence (preferably on a mail office, at the election day)
- Election happens in one day, throughout the country (there may be 2-phase elections, for example for mayor, governor or president, when in the 1st phase the winner does not get more than 50% of the votes - oh, yes, we DIRECTLY vote for president - every citizen's vote has the same "weight").
- Although the voting machine is electronic, when you get to the voting section there are PAPER books with all voters for that section listed, and your ID is checked against that. You sign the book and get a "receipt" detached from it (you have to prove you voted, as it is a legal obligation).
Soo, the electoral authority "knows" how many votes should appear in the results. Generally we do not have Disney characters, dead people, etc. voting, nor people voting in several electoral sections.
As far as I can remember, results have matched the pre-election polls (from multiple sources) quite well. Generally people know in advance what the result will be from each city or even city area, and that can be seen in real time as the electronic counting unfolds at election night (yes, we generally get most results in the night of the election day). I can't recall results being seriously contested by the losing parties (we have MANY parties).
Results are manipulated by "social engineering": Sending buses/boats to collect people from remote locations for voting in "exchange" for voting, trading dental treatment promises, money, death threats, etc. Illegal too, but easier and more difficult to trace than manipulating after the votes were cast.
I trust that there are so many crooks in politics in my country that if a party found a way to manipulate the results after elections, there would be so many me-too-or-else-I'll-tell that it would spread like a wildfire and the results would be awkward enough to be laughable. It is a self-regulating system. If a hacker found a way to manipulate the results, he would not stop at selling the method to one single candidate. I believe the same applies for other voting methods (except the ones which allow Mickey Mouse to register, of course) - it is not the system itself that prevents fraud, but the fact that fraud works both ways, and that the result is not a complete surprise.
In recent international elections you can see in the news that if the results do not match what the population though it would be, it is noticed at once, and people get to the streets (sometimes there wasn't even a fraud, it's just that some people won't accept the losing). It hasn't happened here so far, so we still trust the way it's been done.