SÃO PAULO, SP (FOLHAPRESS) – The electronic voting machines and Brazilian electoral systems used in the country since 1996 have undergone constant improvements, election after election. Part of them guided by the contribution and criticism of the technical community.
The ballot box system, developed by the TSE (High Electoral Court) and undergoing external inspection, is responsible for giving instructions for vote registration.
On the other hand, the ballot box, which everyone prints out at the end of the vote, makes it possible to check whether the registered votes were correctly forwarded to the TSE, where they are tallied.
No system is completely secure or immune to attack. However, the better the security procedures, the harder it is for a would-be attacker to succeed – until there comes a point where the cost is so high that it’s not worth it.
WHAT ENABLES THE WORK OF THE BALL AND RECORDING OF VOTES?
The ballot box system, developed by the TSE specifically for this function, is responsible for secretly recording and storing, in a coded manner, the votes entered into the device, while generating media (a type of pen drive) with data that will later be transmitted to the TSE.
WHAT CAN ENSURE THAT THE BOX PROGRAM RECORDS THE VOTE THAT THE VOTER ENTERED?
A vote could be misregistered only if applications within the voting system were tampered with, but there are numerous barriers to prevent this from happening.
The source code (the instructions that make up this system) are analyzed by inspectors and experts to ensure that this record works without tampering.
Procedures such as printing zeros guarantee that there were no registered votes in the ballot box before the election.
CAN THE URN SYSTEM BE THE TARGET OF A HACKER ATTACK?
Electronic voting device is not connected to the Internet, defense against remote attacks.
In the case of an attack with physical access to the equipment, there are a number of obstacles. All access openings to the ballot box (USB ports, for example) are sealed with Casa da Moeda devices. If violated, one of the several inspectors the equipment passes through could detect an attempted fraud.
Only systems digitally signed by the TSE work on the ballot box. That is, it is included only if the programs inserted into it are generated by the court.
The risk of unnecessary changes before the system is digitally signed, inserted into the ballot box and sealed is prevented by various stages of inspection and revision of the source code.
CAN HACKERS ACCESS SUBMITTED VOTES OR SUBMIT FAKE DATA TO COLLECT?
Encryption occurs at various times during the election, such as when saving and transmitting votes, and is one of the mechanisms used to protect the process.
It is one of the most important aspects when it comes to information security and refers to the techniques of encoding information (such as passwords or, in the case of the ballot box, votes) so that only those who have the correct key can decrypt it.
This creates an additional lock in case someone overcomes other obstacles imposed by the TSE and improperly obtains this information, they will need an unlock key to decrypt everything.
The data collected at the polling stations, which are sent to the TSE, go through a process of digital signature, information that is verified with the recipient. This way, the system verifies that the supplied data is legitimate, generated in the optional equipment – and not a third party trying to send fake data, for example.
HOW IS THE VOICE REGISTERED ON COLORS?
Votes are archived individually, in a mixed, encrypted form, without the time when they voted, so as not to violate the secrecy of the vote, that is, so that it would not be possible to determine who voted for whom. The RDV (Digital Vote Record) is digitally signed, has encryption and a hash (a type of fingerprint to avoid tampering). It is therefore not possible to change it.
Voices are stored on two media: internal memory and external memory (like a flash drive). Thus, it is possible to recover voices and other data in the event of an error in one of the memories.
In addition, when the voting is closed, the ballot box is issued on paper. It brings, among other things, the total votes recorded in the equipment by candidates and parties.
HOW IS DATA SENT TO TSE?
Voting data can be transferred for tallying to the TSE from the polling station itself or to another transfer center – which can be the voter register or the headquarters of regional electoral courts (TRE). These options allow quick calculation of results.
Sending takes place on a private network on the Internet, which gives greater security to the process by preventing remote attacks. In hard-to-reach places, transmission is done via satellite.
To make sure there is no doubt: the data is extracted from the ballot box and transferred to computers near the polling stations, from where it is transferred to the TSE for tallying. It is not the urn that connects to the Internet.
To guarantee the integrity of the data sent, in addition to the network being private, the information leaving the urn is encrypted, providing a layer of protection not only against tampering, but also against unauthorized access.
All data is digitally signed, indicating that the data received by the TSE is the same as that generated in the Electoral Justice ballot box. That is, even if an attacker got past the previous barriers and connected to the private network to send fake votes, the system would detect that it was not information coming from an official device.
IS THERE A GUARANTEE AGAINST VOTE COUNTING MANIPULATIONS?
Comparing the totals of printed ballots with the results calculated by the TSE allows for an audit of whether the transmission and tallying of votes were correct.
WHAT ARE URN NEWSLETTERS FOR?
These are printed vouchers issued by the ballot box at the end of voting with a summary of what is registered there, such as the total of votes for different candidates, blank and invalid. It allows people (and parties) to check the result immediately after the election.
The ballot box must be printed in five copies, signed by the president of the section and representatives of the parties present. After that, the tape is placed on the door of the compartment; three are entered in the minutes and sent to the corresponding voter list; and the last one is given to party inspectors.
WHAT IS TSE SAFE ROOM?
The safe room is a fire and earthquake protected area in the TSE, with computers where data related to the election process is stored and where the counting of votes for the whole country is centralized. The room is monitored and very few people inside the courtroom have access to it.
There are 20 court employees working in the room for counting the votes and announcing the results, who develop and monitor the systems. Totalization is done automatically by computer, there is no human intervention.
In the hypothetical scenario that at this moment it is about some kind of manipulation, the data collected by the TSE would not correspond to the ballots issued at the polling stations – which are in the hands of party inspectors and are entered in the voter lists with the signatures of those present.
WHO HAS ACCESS TO ASSESSMENT DATA?
This year, while receiving the files, on election day, the TSE has committed to making the ballots available in real time online. Before they were available three days later.
Poll logs, which record all events (such as inclusion, a record of a possible failure, or a vote received, without identifying the author) during voting, will also be available online.
In the last elections, all these data, including the RDV (Digital Vote Record), could already be requested by inspection entities.
WOULD THE AUDIT OF VOTING BE DIFFERENT THAN PAPER VOTING?
There are information security experts who defend the adoption of printed proof of voting, because they understand that it would allow the verification of votes registered by the ballot box independently of the software, that is, without the need to analyze whether the source code has been compromised.
The topic, however, is not a consensus. Other experts have a position similar to that defended by the TSE: that the printing of votes would bring a number of other challenges, given the possibilities of manipulation of vouchers, facilitating the narrative of evidence of fraud, when, for example, someone manages to withdraw or insert printed votes from the polling station .