Brazil: Security
Last updated on December 17, 2013
The Brazilian electronic voting system has several software-based and design-based security safeguards. The EVM is designed to check whether or not the loaded software on each machine has a digital signature (hash) matching the signature provided by the TSE, and only continue to operate if the software verification is successful. Critics have pointed out that this verification process depends on the integrity of the verification software itself and, if this verification code is somehow compromised, then altered code could be loaded onto the machines.
To prevent access to the software and data of the EVMs, the contents of electronic voting machine are encrypted using an AES specification of 256 bits and the same key is used on all electronic voting machines. Critics in the computer science community argue that use of single key is risky because dissemination of the key would compromise all voting machines. The TSE defends the use of a single key because it makes the system less susceptible to a brute force attack. This risk is exacerbated by the fact that the encryption key is recorded in the source code. Since the source code is subject to audits by parties and the OAB prior to each election, the possibility exists that the key could be leaked and thus compromise the machines.
Another feature designed to safeguard the integrity of the vote count is the procedure by which machine vote totals are distributed. At the end of Election Day, the head poll worker ends the voting session and prints out six copies of the machine bulletin (Boletim de Urna). Five of these copies are distributed to the parties and one is posted at the precinct for the public. Theoretically, the parties or candidates could tabulate the totals from the printed machine bulletins and check the vote totals reported by the election authorities. Starting in the mid-2000s, electronic copies of machine bulletins were posted online and available to the public.
NEXT:
Brazil: Voter Education