#Brazil judge fines #Bolsonaro allies millions after ‘bad faith’ election challenge - https://www.theguardian.com/world/2022/nov/24/brazil-judge-fines-bolsonaro-allies-millions-after-bad-faith-election-challenge well done, judge...
Conversation
Notices
-
Embed this notice
Glyn Moody (glynmoody@mastodon.social)'s status on Friday, 25-Nov-2022 05:01:37 JST 
Glyn Moody
-
Embed this notice
Alexandre Oliva (lxo@gnusocial.net)'s status on Friday, 25-Nov-2022 05:01:28 JST 
Alexandre Oliva
me, I have mixed feelings
while this decision stands on its own (the challenge was groundless), there's an ongoing movement to make brazilians believe that our voting system is unquestionably infallible, while it fails to observe the bare minimum that scientific consensus recommends for a trustworthy voting system. the system has pretty much removed the possibility of detecting or proving fraud, so that any challenge is bound to be lacking in evidence and bound to be regarded as if in bad faith. I think this position, of enabling massive undetectable fraud while convincing nearly everyone that it's impossible, is very dangerous to democracy -
Embed this notice
Glyn Moody (glynmoody@mastodon.social)'s status on Friday, 25-Nov-2022 05:01:29 JST
Glyn Moody
@mrchrisadams I'm delighted - yes, good news
-
Embed this notice
Chris Adams (mrchrisadams@mastodon.social)'s status on Friday, 25-Nov-2022 05:01:36 JST 
Chris Adams
@glynmoody thank you for sharing this - it made my morning ?️
-
Embed this notice
Alexandre Oliva (lxo@gnusocial.net)'s status on Friday, 25-Nov-2022 05:39:56 JST
Alexandre Oliva
I'd rather be able to support something like the current position, as long as it was backed up by a trustworthy and verifiable voting system, rather than by blind faith and propaganda
meanwhile... :-( -
Embed this notice
Glyn Moody (glynmoody@mastodon.social)'s status on Friday, 25-Nov-2022 05:39:57 JST
Glyn Moody
@lxo yes, I agree. a more balanced position would be better
-
Embed this notice
Alexandre Oliva (lxo@gnusocial.net)'s status on Saturday, 26-Nov-2022 00:28:54 JST
Alexandre Oliva
yup. here's a simple attack scenario: internal players get a slightly modified program replicated for deployment on a large number of voting machines. the modified version disables the (software-driven) signature checking, checks the time and, if running on election day (rather than during test sessions), it flips 1 out of 10 votes to a certain candidate. at the end, it overwrites the storage holding the voting system so that it looks like the original version, just in case someone bothered to check. voilà. "surprising results", "not-too-big deviation from polls", "no evidence of fraud". invisible massive-scale fraud with no more than a handful of people involved. good enough? -
Embed this notice
Ricardo B�nffy (rbanffy@mastodon.social)'s status on Saturday, 26-Nov-2022 00:29:00 JST 
Ricardo B�nffy
@lxo @glynmoody I’d like to point out that there are two things being discussed - the machines themselves and the system built around them, which includes processes and controls. I haven’t heard of a viable attack yet that wouldn’t require compromising multiple components of the system. The machines and processes can always be improved, but we should acknowledge when good enough is good enough and, also, without proper threat assessment, security becomes meaningless.
-
Embed this notice
Alexandre Oliva (lxo@gnusocial.net)'s status on Saturday, 26-Nov-2022 03:23:26 JST
Alexandre Oliva
looks like you're disputing the claim that the signature checking is, on most machines, implemented in software recorded in the bootable media. is this so? you got any supporting evidence for that? is that verifiable by the average voter? by the parties? by international observers?
still, your response is quite informative, in that you mention yourself a quite disastrous attack scenario: compromising TSE's signing key. it's odd that you put it this way, because AFAIK the signing keys that should matter are not TSE's, but those of the various public-interest organizations that participate in the ceremonial compilation and anti-tampering signing of the binaries. in either case, compromising the keys would lead to disastrous behavior. how can the average voter verify that the keys have not been compromised? how can the parties? how can international observers? can anyone? or have you just confirmed it is indeed blind faith and propaganda, while trying to deny it? -
Embed this notice
Ricardo B�nffy (rbanffy@mastodon.social)'s status on Saturday, 26-Nov-2022 03:23:27 JST
Ricardo B�nffy
@lxo The voting machine will not run an unsigned binary, so, unless TSE's signing key has been compromised (in which case, it's game over anyway), you'll not get far.
I have discussed this to exhaustion. I have worked on the voting machine project. This is NOT a plausible attack scenario.
-
Embed this notice
Alexandre Oliva (lxo@gnusocial.net)'s status on Saturday, 26-Nov-2022 09:06:18 JST
Alexandre Oliva
I'm rather focused on opaque, unverifiable processes than on the machines, but several of them do indeed take place inside the machines. compromising keys, software chain of custody, accepted keys and processes to validate them are all obscure (to me) processes that don't seem possible for human observers to check enough to trust the system.
one of the issues I notice in this sort of the debate with IT security experts like you is that IT security thinking is applied. let me explain why I find that unsatisfactory.
when a business sets out to protect their IT infrastructure, they set out to keep attackers out, establishing one or more security perimeters, modeling the threats and mitigating them. it's enough for the internal IT-sec experts, the CTO and the CEO to grow convinced that the threats are reasonably mitigated.
when it comes to elections, the bar is much much higher. on top of all that technical stuff, public trust has to be earned. the system must be such that an average voter, party or observer can inquire enough about the internal details of the system as to be satisfied that, even under a suspicion that an adversary party controls the voting process, there is enough transparency and verifiability built into the process that attempted fraud (miscounting or violating secrecy) could be noticed, caught, and either proved or avoided. it's not enough for internal IT experts to see that, if every internal incorruptible angel does their job, it works as designed -
Embed this notice
Ricardo B�nffy (rbanffy@mastodon.social)'s status on Saturday, 26-Nov-2022 09:06:19 JST
Ricardo B�nffy
@lxo I am not sure how the signature checking is done with Linux (2002 was a Windows CE machine) but they all have TPMs now and the BIOS can check the signature of a first stage boot loader since 2002. If you can boot arbitrary code *and not be detected*, then any voting machine is doomed.
You are focusing too much on the machines themselves and ignoring all the precautions around their storage and handling, the multiple tamper-proof seals, the chain of custody controls...
-
Embed this notice
All GNU social JP content and data are available under the