[GUFSC] Voto eletronico

Terça Julho 29 07:47:00 GMT+3 2003

Falando em voto eletronico... Vejam esta noticia que vem da India:

http://sify.com/news/politics/fullstory.php?id=13201701

Fabio Rodrigues de la Rocha said:
>
>  Ola,
>
>   Encontrei um artigo na Communications da ACM de agosto sobre voto
> eletronico e lembrei das discussoes na lista sobre este assunto.
>
> http://portal.acm.org/toc.cfm?
id=859670&idx=J79&type=issue&coll=portal&dl=ACM&part=magazine&WantType=Magaz
ines&title=CACM&CFID=4389858&CFTOKEN=67060785
>
>
> Para o pessoal que nao esta na UFSC e nao pode acessar os artigos da
> ACM,
> abaixo esta uma versao em HTML.
>
>  Ate mais,
>        Fabio
>
>
> Communications of the ACM
> Volume 46, Number 8 (2003), Pages 29-31
> Viewpoint: Voting and technology: who gets to count your vote?
> David L. Dill, Bruce Schneier, Barbara Simons
>
> Table of Contents
>
>    * Lead-in
>    * Article
>    * Authors
>    * Footnotes
>
>
>
>
>
> Paperless voting machines threaten the integrity of democratic process
> by  what they don't do.
>
>
>
> Voting problems associated with the 2000 U.S. Presidential election
> have  spurred calls for more accurate voting systems. Unfortunately,
> many of the  new computerized voting systems purchased today have major
> security and  reliability problems.
>
> The ideal voting technology would have five attributes: anonymity,
> scalability, speed, audit, and accuracy (direct mapping from intent to
> counted vote). In the rush to improve the first four, accuracy is being
>  sacrificed. Accuracy is not how well the ballots are counted; it's how
>  well the process maps voter intent into counted votes and the final
> tally.  People misread ballots, punch cards don't tabulate properly,
> machines  break down, ballots get lost. Mistakes, even fraud, happen.
>
> When the election is close, we demand a recount. It involves going back
> to  the original votes and counting them a second time. Presumably more
> care  is taken, and the recount is more accurate.
>
> But recounts will become history if paperless Direct Recording
> Electronic  (DRE) voting machinestypically touch-screen machinesbecome
> prevalent.  Approximately one in five Americans vote on such machines,
> as do citizens  in several countries.1 In the U.S. the "Help America
> Vote Act" will  subsidize more DREs.
>
> DREs have some attractive features. The human interface can be greatly
> improved. People with disabilities can vote unassisted. Ballots can be
> changed at the last minute and quickly personalized for local
> elections.
>
> However, all of the internal mechanics of voting are hidden from the
> voter. A computer can easily display one set of votes on the screen for
>  confirmation by the voter while recording entirely different votes in
> electronic memory, either because of a programming error or a malicious
>  design. Almost all the DREs currently certified by state and local
> agencies have an "audit gap" between the voter's finger and the
> electronic  or magnetic medium on which the votes are recorded. Because
> the ballot  must remain secret, there's no way to check whether the
> votes were  accurately recorded once the voter leaves the booth;
> neither the recorded  vote nor the process of recording it can be
> directly observed.
> Consequently, the integrity of elections rests on blind faith in the
> vendors, their employees, inspection laboratories, and people who may
> have  accesslegitimate or illegitimateto the machine software.
>
> With traditional voting machines, election officers are present to
> ensure  integrity. But with DREs, election officers are powerless to
> prevent  accidental or deliberate errors in the recording of votes. If
> there is  tampering, it is likely present in the DRE's code, to which
> election  officers have no access. In fact, DRE code is usually
> protected by code  secrecy agreements, so that no one but the
> manufacturer has access to it.  In recent cases the complainants have
> not been allowed to review the code,  even when DRE-based elections
> have been contested in court.
>
> Anyone who doubts the result of an election is now obliged to prove
> those  results are inaccurate. But paper ballotsthe main evidence
> providing that  proofare being eliminated. Vendors and election
> officials are free to  claim that elections have gone "smoothly," when
> there is, in fact, no  evidence the votes counted had anything to do
> with the intent of the  voters.
>
> This is an unacceptable way to run a democracy. The voters and
> candidates  are entitled to strong, affirmative proof that elections
> are accurate and  honest. Paper-based elections with good election
> administration practices  show the losers in an election that they lost
> fair and square. DREs do  not.
>
> Many voters and election officials are under the impression that
> computerized voting machines are infallible. DRE manufacturers insist
> that  care goes into the design and programming of the machines. They
> and some  election officials reassure us the machines meet rigorous
> standards set by  the Federal Elections Commission; that the designs
> are reviewed and the  machines thoroughly tested by independent testing
> labs; and that further  review and testing occurs at the state and
> local levels.
>
>    Voters and candidates are entitled to strong, affirmative proof that
>
> elections are accurate and honest. Paper-based elections with good
> election administration practices show the losers in an election that
> they  lost fair and square. DREs do not.
>
> The problem with these arguments is that it's impossible without some
> very  special hardware (and maybe even with it) to make computers
> sufficiently  reliable and secure for paperless electronic voting. The
> manufacturers  attempt to hide this fact by keeping the designs of
> their machines a  closely held secret, and then challenging critics to
> find flaws in those  designs. Ironically, reverse engineering the code
> used for voting machines  to check for bugs or voting fraud is likely
> to be a violation of the  Digital Millennium Copyright Act.2
>
> Even if adequate reliability and security were achievable, current
> practices are grossly inadequate. There is no indication that the major
>  vendors or testing laboratories have computer security professionals
> to  design and evaluate voting equipment. Manufacturers make basic
> computer  security errors, such as failing to use cryptography
> appropriately, or  designing their own home-brew cryptographic
> algorithms. Moreover,  regulations and tests of greater rigor than
> those used for DREs routinely  miss accidental flaws in software for
> other applications, and have  virtually no chance of discovering
> tampering with software.
>
> Problems are routine.3 For example, a March 2002 runoff election in
> Wellington, FL, was decided by five votes, but 78 ballots had no
> recorded  vote. Elections Supervisor Theresa LePore claimed those 78
> people chose  not to vote for the only office on the ballot! In 2000, a
> Sequoia DRE  machine was taken out of service in an election in
> Middlesex County, NJ,  after 65 votes had been cast. When the results
> were checked after the  election, it was discovered that none of the 65
> vote were recorded for the  Democrat and Republican candidates for one
> office, even though 27 votes  each were recorded for their running
> mates. A representative of Sequoia  insisted that no votes were lost,
> and that voters had simply failed to  cast votes for the two top
> candidates. Since there was no paper trail, it  was impossible to
> resolve either question.
>
> While accidental design flaws are likely to cause election disasters in
>  the immediate future, deliberate tampering is an even more serious
> concern. In older voting systems, election fraud typically is a
> labor-intensive process of altering or forging individual ballots. With
>  large numbers of DREs in use, a small group or even a single
> individual at  a voting machine manufacturer could alter software later
> installed on tens  or hundreds of thousands of machines. If modified
> software switched a  small percentage of votes between political
> parties, the tamperer could  change the outcome of close races around
> the country.
>
> There is nothing fundamental to DRE machines that requires an audit
> gap.  The DRE machine simply needs to record the vote on paper when the
> voter  has finished voting.4 The voter reviews the paper ballot to
> verify it is  marked in accordance with his or her intentions, after
> which the paper  ballot is deposited into a ballot box. Discrepancies
> can be brought to the  attention of an election official. The official
> vote count would be based  on the DRE-produced paper ballots, with the
> DRE machine providing a  preliminary total to be checked against the
> paper ballots in a recount.  There is one such machine that is already
> certified in many states, and  several of the major DRE vendors have
> agreed to provide voter-verifiable  printers in contracts already in
> place.
>
> Amazingly, the elimination of paper ballots is considered a major
> advantage by some, since the lack of paper simplifies the election
> process. The accompanying security risks are ignored, or even denied,
> by  people who don't understand the underlying technology or simply
> want to  believe the reassurances they receive from the vendors.
>
> Maybe we will be extremely lucky, and every vote cast on DRE machines
> in  the future will be accurately recorded. But there will always be
> surprising election results, and people who question the results. Even
> if  voting machines are accurate, it's important that voters trust the
> machines and know they are accurate. Democracy should not depend on
> blind  faith.
>
> The anonymity requirement of elections makes voting machines difficult
> to  design and implement. You can't rely on a conventional audit, as we
> do  with large-value financial computer systems.5 Election machines
> must be  treated like safety- and mission-critical systems: fault
> tolerant,  redundant, carefully analyzed code. And they need to close
> the audit gap  with paper ballots.
>
> Over 900 computing professionals, including many of the top experts in
> computer security and electronic voting, have endorsed the "Resolution
> on  Electronic Voting" petition,6 urging that all DRE voting machines
> include  a voter-verifiable audit trail.
>
> Fortunately, some policymakers understand the security issues relating
> to  voting. Rep. Rush Holt recently introduced the "Voter Confidence
> and  Increased Accessibility Act of 2003" (H.R. 2239)7 that calls for
> voter-verification and audit capacity in e-voting machines.
>
> In 1871 William Marcy ("Boss") Tweed said: "As long as I get to count
> the  votes, what are you going to do about it?" Paperless DRE machines
> ensure  that only the company that built them gets to count the votes,
> and that no  one else can ever recount them.
>
>  Authors
>
> David L. Dill (dill em cs.stanford.edu) is a professor of computer science
>  and, by courtesy, electrical engineering at Stanford University,
> Stanford,  CA.
>
> Bruce Schneier (schneier em counterpane.com) is CTO of Counterpane
> Internet  Security, Cupertino, CA.
>
> Barbara Simons (simons em acm.org) is a former ACM president and current
> co-chair of ACM's U.S. Public Policy Committee.
>
>  Footnotes
>
> 1For example, the U.K. recently conducted several local elections on
> the  Internet. Internet voting raises additional security issues that
> space  limitations preclude discussing in greater detail in this
> column.
>
> 2See www.acm.org/usacm/Issues/DMCA.htm for information about ACM and
> USACM  activities and statements relating to the DMCA.
>
> 3See the Q/A Web page at verify.stanford.edu/evote.html and the wealth
> of  information at www.notablesoftware.com/evote.html.
>
> 4www.counterpane.com./crypto-gram-0012.html#1 is an early essay with
> this  idea.
>
> 5See www.counterpane.com./crypto-gram-0102.html#10 for more
> information.
>
> 6See verify.stanford.edu/EVOTE/statement.html to read and endorse the
> petition.
>
> 7See www.acm.org/usacm/PDF/HR2239_Holt_Bill.pdf
>
>
>
> ©2003 ACM  0002-0782/03/0800  $5.00
>
> Permission to make digital or hard copies of all or part of this work
> for  personal or classroom use is granted without fee provided that
> copies are  not made or distributed for profit or commercial advantage
> and that copies  bear this notice and the full citation on the first
> page. To copy  otherwise, to republish, to post on servers or to
> redistribute to lists,  requires prior specific permission and/or a
> fee.
>
> The Digital Library is published by the Association for Computing
> Machinery. Copyright © 2003 ACM, Inc.
>
> _______________________________________________
> GUFSC mailing list
> GUFSC em das.ufsc.br
> http://www.das.ufsc.br/mailman/listinfo/gufsc

-- 
+----------------------------------------------------------------------+
|   Eng. Luciano Rottava da Silva   |          LCMI/DAS/UFSC           |
|  http://www.das.ufsc.br/~rottava  | Grupo de Usuarios de SL da UFSC  |
|        rottava em das.ufsc.br        | http://www.softwarelivre.ufsc.br |
+----------------------------------------------------------------------+

Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)