Mais informações sobre o conteúdo Impressão

Security

The electronic voting process has essential mechanisms to ensure your safety: the digital signature and digital abstract.

The digital signature is a cryptographic technique to ensure a content, in this case a digital file,  can be found primarily in regard to their integrity, so to ensure that the computer program has not been intentionally modified or not lost its original characteristics for failure to read or write. It means that if the digital signature is valid, the file was not modified.

But the digital signature is also used to ensure the authenticity of the program, in other words, confirm that the program comes from official and was generated by the Superior Electoral Court. In this case, only those who can be signed digitally generated that digital signature.

Since the digital abstract, also called cryptographic abstract or hash is a cryptographic technique that resembles a check digit. Given a digital file, we can compute the digest of digital file with a public algorithm (mathematical method known to everyone). In the case of the electronic voting machines system, are calculated the hashes of all files and these summaries are published on the Portal of the TSE.

Audits

Over the 12 years of using the computerized voting system, several audits and surveys have been done. In 2002, the Campinas University (Unicamp), concluded that "the electronic voting system meets the fundamental requirements of the electoral process, in other words, respect for the expression of the voter's choice and ensure your confidentiality."

In 2008, the Federal Police, in a technical report about the 2008 municipal elections in Caxias (MA), dismissed all allegations of fraud in electronic voting machines.

In the same year, the TSE hired the Foundation to Support Training in Information Technology (FACT), with the approval of the Center for Information Technology Renato Archer, for the provision of specialized support services in the specification of programs to be applied to the electronics voting in Brazil, with a focus on improving safety and reducing costs.

The goal of the TSE with the hiring of specialists is to ensure the electronic voting machine, ergonomics characteristics, electromagnetic interference, stability and reliability of hardware and saving on the purchase of more appropriate platforms.

Security in Layeres

The security of electronic voting system is done in layers. Through  safety devices of different types and for different purposes, several barriers are created which, together, do not allow the system to be attacked by a whole. In short, any attack to the system causes a domino effect and the electronic voting machine freezes, so it is not possible to generate valid results.

Safety Tests

Aiming to contribute to the improvement of the software and /or hardware of an electronic voting machine, demonstrating the transparency of the system, the TSE has already held two editions of Electronic Voting System Public Safety Tests, in which registered researchers executed plans to "attack" the external and internal components of the electronic voting machine.

On both occasions, the best “attack strategies” were selected for evaluation by a commission composed by academics and scientists, so that the best attack strategies could contribute to the improvement of safety and reliability of the electronic voting system.

The first edition was held from 10 to 13 November 2009. None of the tests was able to violate the urn and put to the test the programs. However, the ideas presented by experts contributed to the technological improvement of the voting process.

In 2009 tests, the following experts were awarded: 1st place - Sergio Freitas da Silva, 2nd place - Fernando Andrade Martins de Araujo and staff of the Controladoria-Geral da União (CGU), and 3rd place - Antonio Gil Borges de Barros and staff of Cáritas Computing.

Sergio, who was awarded with 5000 reais, attempted to violate the secrecy of the voting machine through the collection of electromagnetic waves emitted by the voting machine keys while typing.

Secondly, the second place was awarded with the value of 3000 reais. The group of technicians of the CGU (Controladoria-Geral da União) examined procedures for the preparation of the election - and made several suggestions to the TSE.

Thirdly, with a prize of 2000 reais, the team from Cáritas IT company, tested both procedures for preparation of elections and the voting machine and voting software.

The second edition of the tests was held from 20 to 22 March 2012, where investigators were able to participate in a preparatory phase, in which they had access to the source code of the electronic voting machine and were able to learn even more about the peculiarities of the system.

The three groups of researchers who presented the three best contributions in the second edition of the tests received certificates.  The first place was the group formed by the servers at the University of Brasilia (UNB), who managed to redo the sequencing of the votes submitted by the Digital Vote Registry (RDV), but without breaking the secrecy of the vote, which failed to relate the name of voters with the votes typed on the voting machine.

The second and third places were not successful in the proposed tests, but showed some contributions to improve the system.  In second place was the group of the Federal University of Uberlândia, who tried to initialize the voting machine with a different operating system developed by the Electoral Court and retrieve data from the memory of voting machine by using a freezing spray.

The third place was the group of the Institute Sapientia. The challenge of this group was to clone a card with voting data of the electronic voting machine.

The parallel vote is a audit that occurs on Election Day and for which are invited political parties fiscal and coalitions, representatives of the Brazilian Chamber of Advocates, as well as representative of society. It is held at a place designated by the regional electoral courts, after the pairing of two to four electronic voting machines on election eve. At the same time the vote is officially presented an audit verification of the functioning of electronic voting machines.

Before the election, at least 500 notes are delivered to the representatives of political parties that will participate in the event and completed by them. Then, the notes are placed in sealed ballot bags. The Parallel Vote Commission, established previously, must be prepared for the possibility that the parties do not deliver the required number of notes for the procedure, prearranging the filling of notes with any school or organization filling, since, in no case, should the notes be filled by servers of Electoral Justice.

Simultaneously with the official election, occurs the parallel voting that works as follows: the participants collect the ballot from a sealed bag, show the candidates chosen to fiscals and those present and then type the corresponding numbers in Support System of parallel Voting and the electronic voting machine. The entire process is monitored and filmed.

In short, anyone can ascertain the correct functioning of the voting machine. Simply register the votes that are typed and then compare the presented results by the ballot result.