http://www.washingtonpost.com/wp-dyn/content/article/2006/09/29/AR2006092900725.html
washingtonpost.com
By STAN LEHMAN
The Associated Press
Friday, September 29, 2006; 1:47 PM
SAO PAULO, Brazil -- Elections in Brazil used to be a
monumental challenge, with millions of paper ballots to count by hand, many of
them delivered by canoe and horseback from remote Amazon villages. Fraud was
widespread, and it often took a week or more to determine the winners.
Latin America's largest country eliminated many of these
hassles by switching to electronic voting a decade ago, long before the United
States and other countries started abandoning paper ballots. When 125 million
Brazilians vote on Sunday, they will punch computer keyboards, part of a system
Brazil credits for building faith in its democracy.
"The voting machine is so secure that I would say the
only way to tamper with it is to smash it with a hammer," Athayde
Fontoura, general director of Brazil's Supreme Electoral Tribunal, said in an
interview.
But some computer programmers who have closely examined
Brazil's system say such confidence is misguided. Echoing a debate in the
United States over the reliability of electronic voting, they say the tribunal
needs to do more to ensure Brazil's citizens aren't disenfranchised.
Some Brazilians are lobbying the tribunal to switch from
Windows CE to an open-source operating system for the voting machines, since
Microsoft Corp., citing trade secrecy, won't allow independent audits to make
sure malicious programmers haven't inserted commands to "flip" votes
from one candidate to another.
Paper records that citizens can see as they vote to confirm
that their choices were properly recorded are a must as well, said Amilcar
Brunazo, a computer and data safety engineer who founded the Safe Vote Forum to
press for more transparency. Brunazo also is the Democratic Labor Party's
permanent "technical representative" at the tribunal.
"I agree the electronic ballot box makes it more
difficult to defraud the election process," Brunazo said. "But the
system is still not transparent enough and the best way to address this is by
allowing an independent inspection of the operating system used in the machines."
Fontoura confirmed that Brazil is considering a move away
from Microsoft's proprietary code _ "We are studying the possibility of
using an open-source program like Linux in future elections. This would make
the entire process much more transparent and far less expensive," he said.
But the tribunal tried and rejected a voter-verifiable paper
record.
Paper receipts that appeared behind glass _ so voters could
confirm their choices but not walk off with the evidence _ were tried on 23,300
machines in 2002, with plans to install them nationwide two years later. But
the machines' maker was resolutely opposed to this system, and the tribunal
decided to rely instead on "ballot box bulletins."
These bulletins _ printouts of each machine's overall votes,
made after the polls close _ serve as a backup record of the tallies
transmitted electronically over a secure network. But they can't show whether a
programming flaw or malicious hack deleted or changed votes inside the machine
before the printout was made, computer scientists say.
Brazil's machines are made by Diebold Procomp, the Brazilian
subsidiary of Diebold Inc., of North Canton, Ohio, which also makes many of the
voting machines now used in U.S. elections. And Diebold has said that voters
should trust its equipment, more than any paper record, to deliver fraud-free
elections.
"The more you introduce paper into a voting system the
more you introduce the possibility of fraud," said Michael Jacobsen, a
Diebold spokesman. "Electronic voting is the most accurate and secure
voting that is out there."
Such blanket statements disturb critics of electronic
voting. Just because there are vulnerabilities and risks doesn't mean that
anyone has ever exploited them, but without a voter-verifiable paper record,
they say, there's no way to be sure that a vote count is fraud-free or bogus.
"The problem is not that elections have been rigged
necessarily _ it's that you can't say for sure that they weren't, because
rigging is possible on these systems," said Dr. Avi Rubin, who directs the
Information Security Institute at Johns Hopkins University in Baltimore.
"Given the choice of picking a system where wholesale rigging is easy,
versus one where it's impossible, why has Brazil gone with the system where
it's easy?"
Brazil did build in some safeguards during its transition to
electronic voting _ protections that still don't exist in the U.S.
While the code behind Microsoft's operating system remains
secret, independent auditors must approve of the overlying voting software
before it is inserted into the nation's 430,000 machines. The software remains
open to inspections for three months before election day. And hours before the
polls open, randomly chosen voting machines are tested "to verify that the
software inside does what it is supposed to do," Fontoura said.
Each step of the count also is monitored onsite by
representatives of the political parties, the Brazilian Bar Association and the
federal prosecutor's office, Fontoura said. And the entire election process is
overseen by the tribunal _ an independent, nonpartisan agency legally empowered
to combat fraud as it happens and overturn elections if necessary.
That's far different from the U.S., where private voting
software companies refuse to allow independent audits, elections are managed by
partisan politicians with inherent conflicts of interest, federal courts are
reluctant to intervene in state-run elections and the federal agencies involved
have little power to investigate, let alone resolve disputes.
In Brazil, as in the U.S., the leading critics of electronic
voting tend to be people familiar with the risks inherent in computing. They
say that accurate paper records and independent software audits are essential
precisely because no computer system _ or elections official _ can be trusted
to be completely reliable.
"The main flaws are not in the software, hardware or in
the data transmission systems, but in the human links that control the
connections between the three _ connections held together by the myth of
infallibility and incorruptibility of those who run the system," said
Antonio Dourado de Rezende, a computer science professor at the University of
Brasilia.
___
AP Technology Writer Rachel Konrad in San Francisco
contributed to this report.
© 2006 The Associated Press