Page 142 - Towards Trustworthy Elections New Directions in Electronic Voting by Ed Gerck (auth.), David Chaum, Markus Jakobsson, Ronald L. Rivest, Peter Y. A. Ryan, Josh Benaloh, Miroslaw Kutylowski, Ben Adida ( (z-lib.org (1)
P. 142
P.A.D.
Rezende
134
the VVPAT Law, but the indications were dismissed. These indications were later
corroborated by source code leaked to the Internet, which turned out to be part of the
software used in voting machines in Brazil's 2000 municipal elections, according to
an analysis done by the author [6], comparing with code later appended to an expert
report filed in a court case, in a lawsuit over a disputed municipal election known as
the Santo Estêvão case [7].
The code analyzed was the part which controls security for the DRE software
(setup.bat file, in Brazil's 2000 voting machine model). The analysis revealed
how ineffective the electoral oversight process was [6]. Despite the importance of
such findings, they raised no interest with mainstream media or the general public.
However, the Santo Estêvão expert report is extremely important because it docu-
ments the only independent technical analysis yet permitted on voting machines used
in official elections in Brazil.
The report reveals, for example, how the physical seals for the DRE machine,
which purportedly guarantee them against tampering after software installation, were
absolutely ineffective in the first sense of security cited above, while absolutely effec-
19
tive in the second sense . Four physical seals were prescribed, in pedantic details as
20
to the positions they should be placed, by an official bylaw which was amended as
soon as the Santo Estêvão expert report was filed. This amending was done with
backward dating, so that corrections appeared to have preceded the independent ex-
pert findings.
This security flaw in Brazil's electronic voting system was acknowledged by au-
thorities only because the obscurantism surrounding the system briefly lapsed, when
the Santo Estêvão's judge allowed an independent expert witness to examine voting
machines. Yet, this cluster of facts does not connect dots in the public mind. Most
people confuse such obscurantism with security, and this lapse of obscurantism with
breach of security (as a breach by the expert witness).
The report also reveals how the language of electoral bylaws, under such obscur-
antism and leveled by official boastings about the security they warrant, can shed
light on the main questions raised here: on the nature of “collateral entanglements” in
fully electronic voting systems, on how inconsistency in system requirements can
entail such entanglements, and how these entanglements can feedback risks. It re-
veals, in other words, how that second sense of security can be disguised to appear as
the first, through a discourse of authority. This episode has, in our view, the value of a
cornerstone in understanding how such deceitful collective perception is build:
weaved of flag-waving vainglory, of collective ignorance and of conceited arrogance,
into a pattern of reductionist beliefs.
Most victims of such reductionism so become by cutting corners in understanding
what is at stake. By mixing up electoral process and electronic voting, or by confusing
vote secrecy with secrecy in the process of collecting and tallying votes. Or, by na-
ively believing in rough conjectures about what transparency means, or how much of
19
The seals, if placed as prescribed, are left intact when the DRE cabinet is open by releasing a
screw hidden behind the DRE's mounted battery. This would give access to the DRE physical
storage (flashcards). On the other hand, any unauthorized access to voting machines, say, to
unmount the battery and inspect the DRE, is a Federal crime.
20
TSE Resolution nº 20.966.
