Electronic Voting Machine series: the step-by-step of an election day

Electronic Voting Machine series: the step-by-step of an election day

A finger pressing

Check the photo gallery here.

Check the photo gallery here.

Listen to a story on this issue (in Portuguese).

Watch a story on this topic (in Portuguese).

October 5, 2014 is the day of the first round of the 2014 elections. On that day, voters must present to their designated polling station from 8 PM to 5 PM to choose the next President, state governors, senators, federal and state and Federal District representatives in what are the most computerized elections in the planet.

Before clearing the electronic voting machine to cast votes, the chairman of each polling station will connect the machine at 7 AM, in the presence of polling officers and political party inspectors. Once the machine is turned on, it emits the so-called the "zerésima" (zeroeth, or 0th),  a special report containing all identification of that voting machine and proving both that it has all candidates registered and that none of them have computed any vote, i.e. that the voting machine currently has zero votes.

During the voting process, the votes are randomly stored. The electronic voting system has sophisticated computational procedures embedded that prevent reconstruction of the sequence of votes from deducing the information it outputs, which further ensures data security. In summary, the votes entered on the voting machine are encrypted using a computational algorithm.

At the end of voting, at 5 PM election day, the data contained on the memory cards of the voting machine is written to an output media (pen drive) which is then sent to a proper location for transmission of its data to the correspondent Regional Electoral Court. 

All software used in the voting machines and related systems on election day are developed by the Superior Electoral Court. There is one single version of all software used for the elections. This means that wherever the voting machine will be used (from a major capital to an indigenous village), the software versions will be exactly the same, and the auditing possibilities to verify the integrity and authenticity of the equipment are thus the same. 

On election day, no equipment used by the electronic voting system has any connection with the internet, which prevents any external third-parties from having access to any data stored or transiting through the system.

Votes are stored in two media (one internal and one external memory slots). It is noteworthy that the software programs embedded in the voting machine prior to election day are all digitally signed and sealed. This means that, in case there is an attempt to tamper with the vote records, even if the voting machine is turned off, the machine itself will detect the inconsistency (invalid digital signature) and issue an integrity error alert. 

The two-media storage scheme also prevents loss of votes, since in case of failure of one of the medias the voting data can be retrieved from the other. There are also contingency procedures in place in case the voting machines break. There are ballots prepared specially for this possibility, which can replace a faulty voting machine in a few minutes.

Official closure of the voting is performed by the chairman of the polling station, through use of a specific password. The chairman then issues the Voting Machine Bulletin (VMB) for that polling station, which consists of a printed report issued by the Voting Machine in at least five duplicates. The VMB includes identification of the polling station and of the voting machine, the number of voters who attended and voted and the result of votes per candidate and party (in addition to blank and null votes). 

The electronic voting machine contains the records of all voters who vote at that polling station. In other words, the bulletin issued by the voting machine shows both the number of voters who voted in that station as well as the number of absent voters. The VMB also brings the number of voters who presented justification for not voting in that station, among other information recorded (Brazil has mandatory voting for all citizens between 18 and 65).

Public results

TSE Secretary of Information Technology Giuseppe Janino explains that the act of printing the VMB and its fixation to the walls of the polling station (also an official requirement), despite being "a seemingly simple action, has great importance, because public and verifiable results of the poll can be seen at the very moment the voting ends”.

“Everything that happens as of that moment, when the voting machine is closed and the results are printed, can very easily be audited, because the results become public," says the Secretary.

Giuseppe Janino underscores the reliability and security of Brazil's electronic voting system, mentioning also the very low rate of use of so-called contingency ballots (previously reserved for potential replacement of voting machines that present issues on election day). 

“We need to ensure the availability of these services. In other words, the voting machine is providing a service: the right to vote. We have to ensure that it works 100% of the time. It is there for that purpose", says the Secretary.

He recalls that for the first round of the municipal elections of 2012, only two polling stations resorted to manual polling, out of a total of over 400,000 stations in the whole country. In the second round of elections, no manual vote took place at all. 

“Despite all the tests we do to the voting machine, it is still possible that it may go through a scenario that could potentially bring it to crash during its operation. This is why we created the contingency voting machine scheme. Whenever the voting machine crashes or malfunctions, it automatically records the information received up to that point. The flash memory from that machine is then attached to a different voting machine, which is turned on and resumes work exactly from the point where [the vote] had stopped, and the process goes on", Giuseppe informs.