Grounded on the pillars of safety and transparency that drive its work, the Superior Electoral Court (TSE) has held two editions of its Electronic Voting System Public Safety Tests: one in 2009 and another in 2012. On both occasions, the investigators who registered for the tests presented and executed "attack" plans to the external and internal components of the electronic voting machines and related systems. As a result of the tests, the TSE has taken steps to enhance the safety of the equipment and software and to ensure even more reliable elections.
The purpose of the tests is to contribute to the improvement of the software and/or hardware of the electronic voting machine, as well as other election software, ultimately improving the security and reliability of the electronic voting system. “The safety tests are evidence of the transparency commitment made by the Electoral Justice and Technology areas with Brazilians voters", said the Court's Secretary of Information Technology, Giuseppe Janino.
On both occasions the commission, composed of academics and scientists, selected the best proposals of attack attempts for evaluation. “The purpose of the tests is not merely to pose a challenge. It goes much further than that. It is the opportunity to leverage contributions from Brazilian society, especially those with the specific knowledge, in order to drive progress", explains Janino.
The first edition of the tests was held from 10 to 13 November 2009, in the former headquarters of the TSE in Brasilia. None of the tests were able to violate the voting machine and the software being put to the test. However, the ideas presented by the experts contributed to technologically improving the voting process. Sérgio Freitas, an award-winning IT expert, tried to violate the secrecy of voting by capturing the electromagnetic waves emitted by the voting machine keys while they are pressed.
Although the attempt was unsuccessful (since the radio used by the researcher was only able to capture emissions at a 10-centimeter distance from the voting machine, which in practice makes it impossible to use), the TSE has developed new safety barriers. The Secretary explained that the keyboard of the voting machine was fitted with a type of insulation that minimizes radiation from the keys. This measure prevents a simple radio device from capturing the sounds emitted by the voting machine's keyboard.
Another improvement was made to the seals of the envelopes. Since the 2009 tests, the envelopes began to be numerically related to the seals, i.e. the envelopes now have the same number as their seals.
Progress from the 2nd edition
The second edition of the tests was held from 20 to 22 March 2012. First place was awarded to a group of University of Brasilia (UnB) civil servants who managed to reconstruct the vote sequencing presented by the Digital Vote Registry (RDV), albeit without breaking the secrecy of the vote (since the attempt failed to relate the votes with the voter names registered in the voting machine). The RDV is a list issued after the entire voting and counting process is complete to allow political parties and other stakeholders to make any recounts of the vote if required.
The votes entered in the voting machine are randomly recorded based on a computational algorithm, which prevents their chronological sequencing as they are digitally randomized at registration time. The attack managed to re-sequence the votes into the order they were originally entered into the voting machine. However, it would be practically impossible to know the order of voting, since voting is done in order of arrival at the polling station and the list of voters of a particular station is made available to the polling officers in alphabetical order.
In addition, the Secretary says the attack from the UnB group was only possible thanks to the participants receiving the source code of all software executed by the voting machine in advance, something that would not occur in a regular election.
To Janino, the quality of the research has contributed to further improve the security of electronic voting machines. “A few days after the results, our algorithm was already much stronger. The output from the second tests contributed towards strengthening the algorithm and the scrambling features for the RDV. With these adjustments, there is no way to identify the sequence of votes. In addition, the system erases non-votes (when a voter misses) to further complicate the identification of the sequence of voting", he explains.
Learn more about the safety of the voting machine
To learn more about the security features of the Brazilian electronic voting machine, the TSE has prepared a brochure called "Inside the Voting Machine" (PDF, Portuguese) launched in 2010 to address the most frequent questions from voters.