Brazil: The South American e-voting constant gardener

Posted on

Brazil online voting security

Brazil is by far one of the most interesting examples of centrally managed e-voting deployments, mainly because of the massive volume of the electorate and the electoral region covered. With an electorate of 140 million (the 5th largest worldwide)  it is a prominent example of e-voting scalability. Initial experimental deployments took place back in 1996 on a municipal level and the result of the following 18 years of constant e-voting events led up to a universal electronic election for the recent 2014 Brazilian General election which combined Presidential, National Congress, state governors’ and state legislatures’ ballots.

Over the years and under the auspices and control of the Superior Electoral Court in Brazil , the country has developed a series of stand-alone non internet enabled electronic voting machines, in some cases resembling standard direct recording machines attached to a land line telephone connection to transmit results, all characterized by the utmost simplicity in terms of usage.  Over 530.000 such machines were in place for the 2014 General election while the Federal District Regional Electoral Court deployed over 900 voting machines to nearly 100 countries around the world in order to provide remote voting to expatriates. Ever since 2008 Brazil has also invested in a biometric voter authentication system based on existing records of voters’ fingerprints. Some 22 million voters were identified via their fingerprints in the last 2014 elections.

On a scalable and functional level, all the above form the basis of a success story. But (and it is “but” worth pursuing in more detail in future posts) there have been recent allegations of the possibility of fraud by Brazilian encryption experts. Apparently no independent tests on the system have been allowed by the Superior Electoral Court for the last two years after a Brazilian university team of encryption specialists were briefly allowed to check the source code and discovered several vulnerabilities with regard to voter secrecy and transmitting the ballots as cast.

Nonetheless, all the above has paved the way for online voting of private ballots in Brazil. In September this year, the Federal Council of Nursing (COFEN) in Brazil, a union of over 680.000 members scattered across the country, successfully ran the election of their counselors entirely online for the first time with the participation rate reaching 55%. A month later, Brazil’s Federal Administration Council (CFA) held the election for their national and regional representatives online with a growing participation of over 13% from the previous election, thus demonstrating an increase in trust for the CFA online electoral process. In both these cases the secure online voting platform was provided by Scytl via their local branch.

Brazil has opted to develop its e-voting system in-house, maintaining control and ownership of the system. They have achieved functional scalability and this has attracted global interest, but no other country has adopted the Brazilian e-voting application. There is a good explanation for that. The Brazilians have not invested in transparency, and area they seem to be afraid of. They allow no form of ballot verification by the stakeholders involved. As a result, they make it a bit difficult for others to trust them, and with Brazil being among the new global leaders, one would expect that some effort should be put into that cause. Always bear in mind that a solid electoral process, whether electronic or not, should be able to stand the pressure of a close electoral result if and when this occurs. At present, Brazil is not quite ready to face this scenario. Bottom line is you can’t have it all. Like in the case of Estonia, if you are developing in-house you are bound to alienate yourself from all that invaluable international experience.