

Fraud possible in Brazil's e-voting system - obvio171
http://www.zdnet.com/fraud-possible-in-brazils-e-voting-system-7000034341/

======
obvio171
Brazil uses an obsolete, inauditable, and closed-source voting machine.

Tomorrow we vote for president, governor, and Congress members, and the fate
of our 200M people democracy depends _exclusively_ on the security of this
machine (it produces no independent physical evidence of the votes).

We know for a fact, though, from respected researcher and cryptographer Diego
F. Aranha, that it is insecure[1].

(For the technically-inclined, let's just say that the ballot's secrecy is
guarded by srand(time(null)). You can imagine the rest.)

It's been like this for 18 years. This year, we're doing something about it.

We've launched a campaign to raise awareness about the very real threat of
large-scale, undetectable fraud, and it has so far been a huge success.

We've raised over twice the amount we asked for in our crowdfunding
campaign[2].

We were featured in every major news outlet in the country[3].

We've built and deployed a mobile app for citizen inspection of poll tapes,
and reached an install base that is estimated to cover a sample of over 20% of
all electoral zones in the country, positively impacting the electoral
transparency of over 40 million people.[4]

But it is not enough. The Brazilian government has had enough time and
resources in its hands to convince the whole country that not only are the
machines secure, but that they are also the envy of the world.

We've made an impact. In the past weeks, they've adapted their rhetoric from
"unpenetrable" to "nothing is 100% secure"[5], but we still have a long way to
go.

We're now faced with the very real possibility that they'll flex their PR
muscles once again, shove this all under the rug, and not change a thing after
elections are over and people have moved on.

You can make sure that doesn't happen.

International pressure and public shaming have done a great deal for citizens
all over the world, proving the Internet's power to unite humans across
borders for the good of one another.

You can do that for 200M Brazilians today. Please, read the article in the
link above and, if you feel it's important, share it and upvote it.

If we can't be heard from the inside, let's be heard from the outside. You can
be our voice.

Thank you so much!

\-- References: [1]: [https://sites.google.com/site/dfaranha/pubs/aranha-
karam-mir...](https://sites.google.com/site/dfaranha/pubs/aranha-karam-
miranda-scarel-12-book) [2]:
[http://catarse.me/VoceFiscal](http://catarse.me/VoceFiscal) [3]:
[https://www.google.com/search?hl=pt-
BR&gl=br&tbm=nws&authuse...](https://www.google.com/search?hl=pt-
BR&gl=br&tbm=nws&authuser=0&q=%22voc%C3%AA+fiscal%22&oq=%22voc%C3%AA+fiscal%22&gs_l=news-
cc.3.0.43j43i53.924.2190.0.3729.14.2.0.12.0.1.162.191.1j1.2.0...0.0...1ac.1j4.dnBNYZwey5U)
[4]:
[https://play.google.com/store/apps/details?id=org.vocefiscal](https://play.google.com/store/apps/details?id=org.vocefiscal)
[5]: [http://eleicoes.uol.com.br/2014/noticias/2014/08/29/tse-
suge...](http://eleicoes.uol.com.br/2014/noticias/2014/08/29/tse-sugere-que-
urna-eletronica-esta-sujeita-a-fraudes.htm)

------
PaulaBR
Brazil uses an obsolete, inauditable, and closed-source voting machine.--
References: [1]: [https://sites.google.com/site/dfaranha/pubs/aranha-karam-
mir...](https://sites.google.com/site/dfaranha/pubs/aranha-karam-mir..). [2]:
[http://catarse.me/VoceFiscal](http://catarse.me/VoceFiscal) [3]:
[https://www.google.com/search?hl=pt-
BR&gl=br&tbm=nws&authuse...](https://www.google.com/search?hl=pt-
BR&gl=br&tbm=nws&authuse..). [4]:
[https://play.google.com/store/apps/details?id=org.vocefiscal](https://play.google.com/store/apps/details?id=org.vocefiscal)
[5]: [http://eleicoes.uol.com.br/2014/noticias/2014/08/29/tse-
suge...](http://eleicoes.uol.com.br/2014/noticias/2014/08/29/tse-suge..).
reply

------
Plaisant
"The Brazilian machines, which are based on the Direct Recording Electronic
(DRE) model, do not produce a physical proof that the vote has been recorded.
This means there is a constant danger of large-scale software fraud, as well
as other non-technical tampering that could be perpetrated by former or
current electoral justice staff and go totally undetected, according to
Aranha."

------
obvio171
Technical paper in English:
[https://sites.google.com/site/dfaranha/pubs/aranha-karam-
mir...](https://sites.google.com/site/dfaranha/pubs/aranha-karam-miranda-
scarel-12-book)

"This work presents a security analysis of the Brazilian voting machine
software based on the the experience of the authors while participating of the
2nd Public Security Tests of the Electronic Voting System organized by the
Superior Electoral Court (SEC), the national electoral authority. During the
event, vulnerabilities in the software were detected and explored to allow
recovery of the ballots in the order they were cast. We present scenarios
where these vulnerabilities allow electoral fraud and suggestions to restore
the security of the affected mechanisms. Additionally, other flaws in the
software and its development process are discussed in detail."

------
ClaraLiz
Voting is still going on but we already have news from several cities in
Brazil, telling of malfunctioning of voting machines: some wouldn't allow
people to choose one or two digits (those related to the main opposing
candidates, what a coincidence!), pople arriving at their voting location and
finding out they had alrady voted (!!)... It's a shame! Our voting system is
insecure, unreliable and the institutions that should intervene to make it
better are completetely dominated by the governing party, so there's no
interest in changing this shameful scenario!

------
ricardgr
"The Brazilian machines, which are based on the Direct Recording Electronic
(DRE) model, do not produce a physical proof that the vote has been recorded.
This means there is a constant danger of large-scale software fraud, as well
as other non-technical tampering that could be perpetrated by former or
current electoral justice staff and go totally undetected, according to
Aranha."

------
brnlng
The original 2012 article about the forum on security:
[http://pdt.org.br/index.php/noticias/voto-eletronico-
hacker-...](http://pdt.org.br/index.php/noticias/voto-eletronico-hacker-
revela-no-rio-como-fraudou-eleicao)

Further on topic:
[http://folhapolitica.jusbrasil.com.br/noticias/112550665/pro...](http://folhapolitica.jusbrasil.com.br/noticias/112550665/professor-
doutor-da-unb-diz-que-fraude-nas-urnas-eletronicas-e-plausivel-e-muito-seria-
veja-entrevista-completa)

(all articles pt-br only)

------
prenato
The Brazilian machines, which are based on the Direct Recording Electronic
(DRE) model, do not produce a physical proof that the vote has been recorded.
This means there is a constant danger of large-scale software fraud, as well
as other non-technical tampering that could be perpetrated by former or
current electoral justice staff and go totally undetected, according to
Aranha.

------
andremendes
Thank you for posting this. Very few brazilians are aware of this possibility
of fraud. When I tell people that our voting machine is insecure I always get
blank stares. It's something that they haven't ever even considered to be
possible.

------
HJJ
It's sad to say but Brazil's politics is far away to be a trustable. People
don't believe in your candidates anymore. There aren't proposes that can catch
attention. We need to reformulate this politics system!

------
GabrielMend
Brazil uses an obsolete, inauditable, and closed-source voting machine. The
government keep civil society away from the machine for testing, and we don't
know if our vote is real or just a phony.

------
rfonseca
Other comments at
[https://news.ycombinator.com/item?id=8411283](https://news.ycombinator.com/item?id=8411283)

~~~
obvio171
Much better discussion going on there :) Thanks for the link!

------
LogCleaner
Tentamos fiscalizar somente o comprovante que a máquina emite mas se a fraude
for na programação, somente tendo acesso à elas com engenharia reversa.

------
maxsteffens
"The Brazilian machines, which are based on the Direct Recording Electronic
(DRE) model, do not produce a physical proof that the vote has been recorded.
This means there is a constant danger of large-scale software fraud, as well
as other non-technical tampering that could be perpetrated by former or
current electoral justice staff and go totally undetected, according to
Aranha."

------
tekinha
The Brazilian machines, which are based on the Direct Recording Electronic
(DRE) model, do not produce a physical proof that the vote has been recorded.
This means there is a constant danger of large-scale software fraud, as well
as other non-technical tampering that could be perpetrated by former or
current electoral justice staff and go totally undetected, according to
Aranha.

------
gledson999
The Brazil governament is fraud, democracy forever, Thanks Diego F. Aranha my
best teacher.

------
thiagomarotta
Brazil uses an obsolete, inauditable, and closed-source voting machine. Help
us!!!

------
cctruc
People can not audit the votes. How can we trust the machine?!

------
anasantos
Evebody knows that the system is fragile and easy to fraud!

------
Amaro14
I don´t trust in brazilian machine >:( Please help us!!!

------
AiSocorro
Hackers of all the world, help us!!!Attack the Govern!!

------
brandondias
We need an open election process! Please, help us!

------
DarkScout
I don´t trust our election system. Help us =]

------
tlsbra
It is a threat against democracy.

------
santana2006
Há anos essa urna é usada e o pior que não sabemos se outras eleições foram
fraldadas, cade a democracia em nosso país???

------
mcmds
I don´t trust in brazilian machine.

------
fknfknbr
Shame!

------
teslapatos
I not beliave in Brazilian Government, they can manipulate machine and nobody
can make a Clain or change law. The Works Party (Pres. Dilma) want change
Brazil from to Comunism. I rate it.

