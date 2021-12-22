Almost half of the electronic voting machines will be replaced in the 2022 elections by a new model, which promises more security and speed in voting and accessibility for people with disabilities. But experts say that the most modern device does not remove the main criticism of the Brazilian electoral system: the problems of hacker attacks on the security of voting in the electronic ballot box.

According to the Superior Electoral Court (TSE), 225,000 more modern equipment is being manufactured and distributed to the Regional Electoral Courts (TREs). Each new electronic voting machine cost US$985.50 (R$4,123.00) – a total investment that exceeds R$900 million. In total, 577,000 will be used in next year’s elections.

To present the new model of urn, minister Luís Roberto Barroso, president of the TSE, visited last Monday (13th) the production line of Positivo Tecnologia, winner of the tender, in Manaus (AM), where the motherboards. According to him, the purchase of the most modern model will allow the renovation of Electoral Justice equipment, considering that the useful life of an urn is 10 to 12 years.

Among the advantages highlighted by the TSE of the new ballot box is the faster identification of the electorate. In the new model, called UE2020, the clerk’s terminal will have a graphical touch-sensitive screen (similar to that of a tablet), which will allow one person to be identified by the clerk, while another votes.

In terms of security, they will have technology compatible with the requirements of the Brazilian Public Key Infrastructure (ICP-Brasil), a cryptographic platform officially used by the Brazilian government that guarantees authorship, integrity, authenticity and confidentiality to digital signatures or ciphers. This means that a laboratory certified by the National Institute of Weights and Measures (Inmetro) – in this case, the Laboratory of Technological Applications for the Industrial Productive Sector (Laspi), at the Federal University of Rio de Janeiro (UFRJ) – carried out an evaluation of the program and the source code, attesting that they meet the requirements of the National Institute of Information Technology (ITI), which defines the rules of ICP-Brasil.

According to the TSE, the urn’s cryptographic algorithm has also been switched to one of the most refined currently available. The new model also brings the following advantages, according to the TSE:

18 times faster processor than 2015 model.

Since it does not need to be recharged, the lithium iron-phosphate battery requires less maintenance costs.

Battery life expectancy is for the lifetime of the urn (10 to 12 years).

Pendrive-type application media brings greater logistical flexibility to TREs in media generation.

The board’s terminal now has a fully graphical screen, without a physical keyboard, and a touch-sensitive surface.

Improved keyboard, with keys with double contact factor, which allows the keyboard itself to report an error in case of bad contact or a key with an intermittent short circuit.

More accessibility features: voice synthesis has been improved so that the names of alternates and vices are spoken, and it is also possible to register a phonetic name (for people with visual impairments). In addition, a presentation by an interpreter of Libras will be included on the screen of the ballot box, to indicate which positions are being voted on for voters with hearing impairments.

Barroso highlighted that the electronic voting machine has no connection to the internet, bluetooth or any other network, which makes attacks by external hackers unfeasible. According to the TSE, the equipment uses the most modern in terms of encryption, signature and digital summary, in order to ensure that only the system and programs developed by the agency and certified by the Electoral Court are executed on the equipment. The new model also features the well-known Digital Voting Registry (RDV), which shuffles vote information into a table, ensuring voting secrecy.

What experts say about system security

As much as the electronic voting machine is not in a network, as Barroso pointed out, the electronic voting machine can be the target of an internal attack, commented Carlos Rocha, president of Instituto Voto Legal and an engineer graduated from ITA (Instituto Tecnológico de Aeronáutica) who led the development and the manufacture of the electronic voting machine.

“The TSE system is a good system. Employees are qualified. The new urn has important advances; there are several layers of security, even more advanced technical care has been taken to prevent programs that should not be run in the urn from being installed. But that doesn’t make the system 100% safe”, says Rocha. He mentions that, in the world of information security, almost 70% of intrusions originate within organizations and 95% of breaches of security are caused by human errors.

“The risk of only a strict group having absolute control over all controls, programs and cryptographic keys is that these people have the power to manipulate the election results without leaving a trace”, says Rocha, who also argues that the electoral administration should be a technical entity, independent from a temporary administration of the TSE – as do, for example, the National Telecommunications Agency (Anatel) and the National Health Surveillance Agency (Anvisa).

An improvement, according to experts consulted by People’s Gazette, linked to the movement in favor of the auditable digital vote, would be the implementation of segregation of functions, with certifications and external audits, as provided for in the ISO 27001 international standard for information security management system, to which Brazil adhered .

“An external audit of the TSE as an organization and of its information security management system carried out by an independent entity accredited at the national or international level would increase citizens’ confidence in the Brazilian electoral process”, says Francisco Medeiros, head of the Belgian delegation in European Committee for Standardization (CEN/Cenelec) and member of the advisory group of the European Union cybersecurity agency (Enisa).

According to the TSE, parties, public entities and universities inspect the source codes of the voting system and programs. After that, all content is sealed, digitally signed by authorities, and locked in the courtroom vault. During and after voting, electronic voting machines can also be audited by the parties and oversight institutions that make up the Election Transparency Commission (CTE).

However, Professor Paulo Matias, from the Computing Department at the Federal University of São Carlos, who has already participated in previous tests of the electronic ballot box, said in a recent interview with Gazeta do Povo that the TSE should make the source codes of the ballot box permanently available. on the Internet. “If they opened everything at once now, there would be no harm to the electoral process and it would increase the public’s perception of transparency,” he said. For the 2022 elections, the TSE has extended the source code opening period from six months to one year before the election.

Eduardo Guy Manuel, an engineer who worked for the totalization of votes in the elections in Paraná in the 1980s and 1990s, also stressed that the voting system in Brazil is very robust, but that there will always be vulnerabilities, not only in the ballot box, but also in transmission or totaling of votes. To support his comment, he cited the recent test that was done at the polls, when five flaws were identified that allowed outside attacks. One of them was considered “relevant” for having overcome security barriers in the transmission of voting data to the TSE, but without being able to change the data. The faults will be corrected by the TSE and a new test will be carried out in May.

Manuel, Medeiros and Rocha argue that the auditable electronic vote would be an alternative to paper printing that would guarantee voters that each vote is being stored in the electronic ballot box correctly. This solution involves the creation of an electronic document for each vote, with a digital signature guaranteed by ICP-Brasil. With this instrument, according to Medeiros, it would be possible to guarantee the integrity of each vote.

Currently, the conference is based on the totalization of votes, that is, the number of votes of each candidate in the ballot box, added together, must be the same as the number of votes cast in it. The data from the ballot paper, which are printed at the end of voting, are the same sent to the TSE’s central vote counting system.

The agency also tests some ballot boxes on election day using fictitious candidates. Random votes from these fictitious candidates are cast and the process is filmed. At the end of voting, the ballot box prints the ballot and it is verified that the votes for each fictitious candidate were correctly counted. In the 2020 elections, this test was carried out in 93 ballot boxes.

TCU says electoral system is secure, but makes recommendations

After a new audit stage, the Federal Court of Accounts (TCU) concluded last Wednesday (15) that the electronic voting machines used in the Brazilian electoral process are safe and that there are no imminent risks to the 2022 elections.

At this stage, budget risk management, human risk management and information security assessments were carried out, with a focus on people. The rapporteur was Minister Bruno Dantas.

The audit was carried out at the request of TCU minister Raimundo Carreiro, after questions raised about the safety of the ballot box during the processing of the Printed Vote PEC in Congress – a proposal that would make the printed vote mandatory in elections, but which was ultimately rejected by lawmakers.

The first stage assessed whether the electronic voting system is sufficient to guarantee the auditability of voting, demonstrating, according to Dantas’ vote, that “the Brazilian electoral system has inspection mechanisms that allow the auditing of electronic voting in all of its phases”.

The report, however, points out problems regarding the risk of human resources management. “The team identified that a significant portion of the IT workforce [tecnologia da informação] TSE is outsourced and the risks inherent to staff turnover are not yet fully mitigated,” wrote Dantas.

The TSE was also recommended to draw up an action plan to implement an information security risk management process, including the creation of a responsible unit for strategic advice to the electoral court.