Brazil's Electronic Voting Booth

by Overall

Hello dear fellows, Brazil speaking here.

Brazil is that big country south of Mexico with Carnival, pretty women, Futebol (not soccer, please!!), and the third biggest democracy in the whole world - the only one I know with full 100 percent digital voting using an "electronic booth."  Recently, we had our seventh free election in our recent history and everything went fine and good.  Right?  No, not right at all.  I don't know what you guys heard - or not - about our elections, but let me give you just a little background information on how things are done here.  I'll get to the hacking part really soon.

We have a presidential type of government with free and direct elections every four years.  It's different from what happens in the United States.  Here we vote directly for our candidate, meaning that each individual vote counts.  So each one of 150 million votes is counted before we know the results of the elections.  Sounds complicated, right?  That's where our Urna Eletronica or electronic booth comes to the scene.  As I'm a lazy man, from now on I'll call the Electronic Booth simply EB.

Brazil has 3038 electing zones in the entire national territory and each and every one of these receives two booths minimum, but most part of them have four or more booths.  We have almost 142 million registered voters and a bonus: obligatory voting!

Yes, guys... in spite of being a democracy, we have a "forced" vote and military service.

Anyway, some 20 years ago, we used to wait a few days, if not weeks, to know the winning candidate, because each vote was manually counted, recounted, computed, checked, validated and finally inserted into a vote database.  I'm not kidding or exaggerating; that was our actual counting system.

Then some smart guy created and managed to sell to the government an electronic system that made everything easier and faster.  It actually worked!  And very well indeed, as now we can know an election's result in a matter of hours.  This year, all votes were processed before midnight of Election Day.  This was like magic, considering that all of the polling places were open until 6 pm.

The Brazilian government launched a big campaign before the elections concerning the safety of our great and famous EB.  It is safe, they said.  It is secure, it is good, and it is "unhackable..."

Yeah, right.

How Does It Work?

Our booth uses a system called Direct Recording Electronic (DRE) made by Diebold that has already been judged as unsafe in the U.S. in 2007, Holland in 2008, Paraguay in 2008 (fer-crying-out-loud!  Paraguay?), and declared unconstitutional by Germany in 2009.  It is based on Windows CE... [deep breath]

You go to the election zone you have been assigned to, handling your elector document, previously registered and authorized.  "They" know who you are.  (This year, you could bring your personal ID or driving license as well - everything is already integrated.)

Anyway, you go to the zone and show your document.  The person gets it, finds you in the list, tells you to sign some ridiculously small paper that you must keep, or you cannot ask for a passport or buy big things, such as a house or car.  After that, some other guy inserts your elector number into a small numeric keyboard attached to the EB to "release it for vote."  O.K...  I guess some of you smart guys already found a "flaw" in the process, but let's keep it going.  There is more.

You go to the EB, chose your candidate by typing his/her number (sometimes "its" number may be valid... there are some really weird, well, things, here in Brazil).  After you press the last candidate number and confirm the vote, you go home happily, knowing that you contributed to our good democracy.

What Happens Next is the Fun Part

Until now, the electronic booth was really hard to hack, as there is really good security surrounding all of the processes of building, configuring, and deploying the booth.  Even if some guy or group manages to hack some of the EBs, it is not possible to make a big difference and change the election itself.  Except that the entire process is run by a contractor, paid by the Brazilian Elections Justice system (separate from "regular" justice), who is paid by the government itself.  In theory, some person with ill intentions working for this company might be able to add some algorithm that changes some votes, giving them to some other candidate before the software is inserted into the booths.

When the election is over, each EB is taken to a regional computing center, previously prepared to transfer the votes to a central processor by Internet.  Here is the second hard-but-possible flaw: All booths carry the very same cryptographic keys.  Yes, all of almost half a million EBs are using the same key pair.  Those who have access to this key will be able to intercept, change, repack, and send the "fixed" package forward to be accounted.

Moving on.

After the transfer, vote counting is broadcast live on open TV and it is quite a show!  But this is another point of weakness.  The votes are transferred to a "black room," controlled by God-knows-who, handling the data while it arrives.  A good DBA or a bad-boy hacker would be able, at this point, to change the data being inserted, as it has already been previously checked, so nobody checks it in the database, meaning that you can add some insert procedure to play with the numbers.  Just to feed your creativity, this guy/group can change one vote in 50 from one candidate to some other during data insertion.  No one will ever know.

In 2012, there was actually a successful hacking in Rio de Janeiro, where this hacker known only by his nick "Rangel" (along with his "friends") was able to intercept and change votes during the transmission process, simply by accessing the unsafe and easily hackable Justice Department regional Intranet in Rio.  They actually made their candidate (or client) a winner.

Another very well known and documented case was when the Justice Ministry hired Brasilia University to run some security tests on the EB.  The guys actually achieved a security break in the system, modifying the source code.  The government said it was not a big concern, as the tests were made in a controlled environment and in "real life" it would not be possible...  Yeah, right.

There are some other points of concern:

*  You can actually know who voted for whom, simply by ordering the votes by date/time and checking who "logged in" at that time.  Remember the guy who inserts your ID into the numeric keyboard?  They know who you are.

*  EB stores your vote directly into a smart card, and it is not possible to know if the stored number is the same as what you typed.

*  As you cannot check what was inserted into memory, 50+ countries have already rejected the EB, some of which I have already mentioned above.

*  In 2012, there were possible fraud cases in 94 cities, 30 in São Paulo State alone.

*  Diebold (the EB manufacturer) was fined $50 million by the U.S. Department of Justice due to corruption accusations in other countries.

Well, all of this is fun, but that's not what concerns me the most.  Brazil does not have a strong democracy just yet.  We had a military government until "yesterday," as our first post war democratic election was in 1989 and our current government is mainly composed of ex-terrorists and rebel warriors who fought against the military government.  It means that there are still some open wounds that must be amended.

As described, any dictatorial government may be able to know who you voted for.  From this to "the wall" or to "the camps" is a quick step.

Bottom line: anyone who has access to the central election database controls its results.