The new requirement of the printed vote on the electronic voting system, which takes effect from 2018, represent an advance for process reliability in terms of traceability, but does not exclude the need to implement the much-delayed biometric system.
This review is the expert in information security Rodrigo Fragola, which for several years has been advocating the improvement of the digital ballot box model in the discussion forums of the security sector.
Rodrigo Fragola recalls that the inclusion of biometrics - announced with fanfare in 2006 by the authorities - has been continually postponed without a clear justification. "After the initial euphoria, the first sign of problems (such as increasing queues and operation failures by poll workers), the prospect of adoption of biometrics suddenly gained the status of an eternal field test without proper scale."
In the executive vision, electoral reliability requires the electronic model offers not only the technical audit, via digital codes stored in the ballot box and transferred to the TSE computer. "There must be physical elements related to the vote, that can be contributed by any ordinary citizen, and that's entering the biometric registration and the printing of the vote," he says.
The opinion of Fragola is shared by other experts, such as the lawyer Adriano Mendes, the Office of Assisi and Mendes, for whom both the adoption of biometrics as the printed vote helps strengthen the vote reliability, although it needs to be examined with the greatest care in light of new risks that adds next to the positives.
"The Brazilian authorities have yet to show how to ensure privacy and legally restricted use of biometric identification of citizens. There are also several technical vulnerabilities to be resolved to ensure the inviolability of such a system, but strengthening the identification of the voter, in theory, brings good benefits, "said the lawyer.
Besides reinforcing the need to establish a clear agenda for discussion and the adoption of biometric identification of all voters, Adriano Mendes draws attention to the risk that still exists in some legal setback related to the printing of the vote. According to him, even after the victory of the new model at the Congress (by 56 votes to five in the Senate and 360-50 in the House), it is possible that may occur actions to reverse the requirement by the Supreme Court, which keeps the issue under thriller.
New Halter Vote is "Urban Legend"
According to the computer teacher at Unicamp, Diego Spider, strong resistance to the printing of the vote is partly due to a low level of public information on the functioning of the system. It feeds, he said, the "urban legend" that printing can represent a return to voting halter.
"This is a discarded hypothesis, since, in the model to be used in Brazil, the voter only gives the paper version of their vote, through a transparent display and this follows by mechanical means to a physical ballot box, without any manual contact "said Spider.
He adds also need to combat the belief - even encouraged by the authorities - the so-called "impregnability" of the current Brazilian electronic ballot box. He mentions, by the way, the various field tests which have already proved possible to identify the link between the voter and his vote, based on the comparison of voting map sequences with the electronic records of the casket.
Indeed, public safety tests performed on the current ballot box - and in which Spidey teacher was directly involved as a representative of UNB in 2012 - this possibility of the electorate vote the link has been amply proven, alongside several other vulnerabilities of the urn electronics. Among these is the use of a unique cryptographic key for encryption of all ballots (which is compared by the report test to the application of a single master key for more than 500 thousand "locks" the ballot would be the TEC).
The report also mentions the use of outdated algorithms - no longer recommended for use for at least six years - and a security focus almost exclusively focused on the protection against external attackers, which leaves the current polls very susceptible to violation by officials of the TSE or outsourced people with direct access to the software or equipment.
If really come to confirm the implementation of printed vote will bring the opportunity for review of all the ballast structure of the voting process, without having to play the technological legacy for obsolescence. Printing will ensure, moreover, an immeasurably greater reliability level for the Brazilian electoral process by extending traceability. Additionally, you can open the possibility of a contingency in the investigation in cases of loss of electronic voting file.
The lawyer Adriano Mendes view, the combination of electronic voting, biometrics and printed record will bring more security to citizens and, ultimately, help improve the current situation of distrust towards the political class. "Undoubtedly, the hybrid form, and with more checking instruments, is the most equitable and better results. It is up to society to discuss vulnerabilities, so they are properly surrounded, and set a regulatory framework compatible with the use of these new models, "he says.
Rodrigo Fragola argues that the biometric identification does not necessarily require the use of electronic biometrics. He cites examples of countries such as Paraguay, Chile and Venezuela, where the mere acquisition of digital by a chemical stamp (which identifies the individual and creates a stain difficult to remove on your finger on Election Day) has been sufficient to ensure greater fidelity to the principle of "one voter, one vote".
"Of course the intelligent biometrics not fit much better with traceability standards of the electronic model + printed, but the priority of the TSE should be to not rely solely on a conventional paper record, such as Voter Registration or identity. After all, this is a document exclusively backed by a photo taken quite easily rigged and almost always far from the current physical reality carrier, "adds Fragola.
Rodrigo Fragola chairs the Aker Security Solutions, one of the first companies in the information security with Brazilian technology, founded in 1997, and participates in various organs of the digital community and is also Executive Vice President for Security Sinfor information (Industry Union of DF information) and Deputy Director Security and Defense of the Brazilian Software Association (Assespro-DF).
Diego Spider's doctor Professor of Computer Science Institute of Unicamp and one of the most critical assets of the voting system in use in Brazil. The lawyer Adriano Mendes specializes in digital rights, and is active in mergers & acquisitions and tax advice. He was professor of Ethics, Law and Law and is currently full member of the Committee on Science and Technology of OAB / SP.