WingNews logo WingNews
top | item 37223763

(no title)

gjvnq | 2 years ago

Brazilian computer science student here.

Electronic voting is a good idea here because it raises the "barrier to commit fraud".

Basically, back when we ran our elections on paper, there was a lot of fraud as it's pretty easy to pull off fraud schemes.

With electronic voting, the system is so complex that almost no one can pull off a fraud scheme with two major expectations: voter intimidation and voter impersonation.

Although even that last one is getting tougher as we now scan peoples' fingerprints. The poll worker can manually override the system but this will be recorded and they will be in hot waters of they override too much.

Yes, in theory non-electronic elections are more secure, but in practice it's more complicated as we are dealing with a country with a horrible history at implementing rule of law and we have a significant amount of local authoritarian leaders (e.g. drug lords) that would definitely make it near impossible to run paper elections fairly.

discuss

order

teddyh|2 years ago

> because it raises the "barrier to commit fraud".

It raises the cost and technical competence barrier, but lowers the “number of people required” barrier. So good luck having all your future elections controlled by the CIA, or whatever.

matheusmoreira|2 years ago

Funny you mention the CIA. Biden's CIA people are literally on record telling Bolsonaro to stop doubting the voting machines. That's what ultimately convinced me they are compromised.

https://www.theguardian.com/world/2022/may/05/cia-director-b...

When the software is compiled, it downloads libraries off the network and links them against the final binary before it is signed. Says so in the brazilian military's report. As far as I know, those libraries have not been audited. No one who has ever argued with me on this matter has ever provided evidence refuting this beyond shadow of doubt.

I thought everyone on this site would be able to spot the supply chain vulnerability in there. After all, not rarely people post stories here of people getting hit by those very same vulnerabilities when some malicious actor hijacks some npm package or something.

But no. The top comment is someone using authority as an argument. Just literally "these are very serious companies and people here". They got all these certificates, so all is well and we should just accept it. I can't even reply to the comment either for some reason. Sigh.

The saddest part of all this is all the brazilians asking for source code on social media. Most of them don't know what source code even is. They don't know that source code doesn't matter if you can get malicious code linked into the binary. They don't know that only publication of the signed binary that actually ran on election day could prove anything.