Brazilian government reiterates e-voting security

The electronic system has been in place for over two decades "without a single proven fraud occurrence," said minister.

Brazilian authorities reiterated that the electronic voting machines used in the country's elections are completely fraud-proof prior to the run-off, which took place on yesterday (29).

In a public service announcement run on national television and radio on Saturday night, the minister at the Superior Electoral Tribunal (TSE) Justice Rosa Weber highlighted the security of the electronic polling machines in use in Brazil and the danger of fake news dissemination.

To ensure a smooth election involving nearly 148 million citizens in Brazil, where voting is compulsory, Weber said the electoral justice took "various measures to prevent and correct any possible failures."

She stressed the electronic voting machines currently in use are "safe, reliable, auditable and in use for 22 years without a single proven occurrence of fraud."

Some polling machines that were thought to have yielded inconsistent were audited and no fraud suspicions were confirmed, Weber said. The auditing process was carried out under the watch of several government bodies, including the Federal Police and representatives of the various political parties. Some 4.658 machines were replaced due to technical issues ahead of the run-off on Sunday.

"Be sure that the electoral justice, with a view of accomplishing the mission of carrying out elections with absolute transparency, is adopting all the necessary procedures to investigate and hold those who attack democracy to account," Weber said.

On the fake news front, Weber did not comment on the TSE's struggles in dealing with the spread of election-related fake news, but stressed that freedom of speech is an inalienable right.

"It's up to all of us to building a world where technology is at the service of values that inform our Constitution, rather than misinformation, hate speech, intolerance and violence," Weber said.

Revealing vulnerabilities

A year ago, the TSE and the Brazilian Computer Society (SBC) signed a cooperation agreement to apply best practices to the technology supporting voting processes in the country. The priority was to demonstrate that the devices used were safe.

Also last year, a team of information security professionals led by Diego Aranha, an award-winning computer science academic and encryption expert, scrutinized the machines at a test held by the TSE.

The professor's goal was to develop a prototype of a new electronic voting system that offered not only a printed proof that the vote has been processed, but also a more robust fraud detection and auditing system.

According to Aranha, all manner of technical and time constraints were imposed by the TSE around that particular test, but it was still possible to reveal several vulnerabilities in the machines.

"We were able, for example, to change text messages displayed to the voter in the ballot box to advertise a certain candidate. We have also made progress towards diverting votes from one candidate to another, "said Aranha at a public hearing that followed the test.

This was possible because the team discovered the access key to access the files stored in the equipment, which allowed access to the log and the electoral digital records.

In June, the TSE refused to introduce voter-verified paper trails in this year's elections, on the basis that vote secrecy would be compromised if electoral justice staff at voting locations saw the printed receipt.

"Today marks a sad ending to 6 years of hard work to prove our voting system is insecure. I decided to become a scientist with the firm belief that science can change and improve society and the world around us, but maybe I was too naive to think this was possible in Brazil," Aranha tweeted at the time.

As a result of the decision, Aranha left Brazil to take up a teaching job at Aarhus University in Denmark. When commenting on the decision, the academic claimed to be "generally disillusioned with the completely dysfunctional state" of the country.

A pioneering system

Brazil is one of the only countries in the world where the voting process is entirely electronic. E-voting was introduced in in 1996 as a means to ensure secrecy and accuracy of the election process.

The system underpinned by about 455,000 voting machines currently in place enables results to be processed within a matter of minutes within closing of the ballots.

The main components of the voting machines are two flash memory cards for the operational system -- all machines currently run on Linux -- in addition to applications needed to process the votes, as well as the votes themselves, which are recorded though bespoke security and redundancy mechanisms.

Other physical components include a memory stick, used to record the final result of the votes recorded in the machine, a print module for the final bulletin of the votes processed through the device, as well as a terminal for the voting coordinator at the polling station, who allows the citizen to walk up to the machine and vote.

The citizen then votes using a keypad with numbers and three options: blank (which is effectively a way to annul the vote), correct and confirm. The final choice and confirmation are displayed on a LCD screen.

The Brazilian machines, which are based on the Direct Recording Electronic (DRE) model, do not produce a physical proof that the vote has been recorded. This means there is a constant danger of large-scale software fraud, as well as other non-technical tampering that could be perpetrated by former or current electoral justice staff and go totally undetected.

The TSE states that the electronic voting process has "essential mechanisms to ensure voters' safety" in place, such as digital signature.

In a press conference earlier this month, while reiterating that the machines are fraud-proof, Justice Weber pointed out that the electronic voting systems can be audited by political parties and various institutions.

But the minister said that those who have the prerogative to do so don't usually attend the auditing events promoted by the TSE. "Auditing possibilities are generally open, but no one ever comes by. It seems to me that people trust the system," Weber said.