[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[leitner@math.fu-berlin.de: [ISN] Brazilian National Elections (security in voting)]

Damit klar ist, welcher Schwachsinn hier folgt, mein Disclaimer
_zusaetzlich_ zu dem von fefe (Felix):

Wer sich auf Windows NT verlaesst, braucht keine Feinde.

Denn ein damit ausgestattetes US-Kriegsschiff musste in den
naechsten Hafen geschleppt werden auch ohne feindlichen Angriff.
Das ist dokumentiert.

Mit derartigem unzuverlaessigen Software-Dreck demokratierelevante
Wahlen durchzufuehren, ist eine Katastrophe.

Clement in NRW ist schlimmer als ein DAU, weil er das nicht
begreift _und_ trotzdem/zudem Entscheidungskompetenzen hat.


----- Forwarded message from Felix von Leitner <leitner@math.fu-berlin.de> -----

Mailing-List: contact news-help@lists.ccc.de; run by ezmlm
X-Reply-To: news@lists.ccc.de
Delivered-To: mailing list news@lists.ccc.de
Date: Mon, 15 Feb 1999 17:00:40 +0100
From: Felix von Leitner <leitner@math.fu-berlin.de>
To: CCC News <news@lists.ccc.de>
Subject: [ISN] Brazilian National Elections (security in voting)

Bwahaha, "already robust security of NT"  Ich lieg hier am Boden, Leute.

Also bevor hier jemand von uns fordert, daß die deutschen POolitiker
mehr Internet savvy werden sollen, schaut euch an, was diese Forderungen
in anderen Ländern anrichten.

----- Forwarded message from mea culpa <jericho@dimensional.com> -----

Date: Sat, 13 Feb 1999 03:07:11 -0700 (MST)
From: mea culpa <jericho@dimensional.com>
To: InfoSec News <isn@repsec.com>
Subject: [ISN] Brazilian National Elections (security in voting) 

Forwarded From: Alvaro Lima <alima@modulo.com.br>

Case Study: Brazilian National Elections

Providing Security and Integrity to the Largest Electronic Election in the

Brazil is a world leader in electronic elections, having conducted them
since 1990. The most recent election, completed in October 1998, was the
largest electronic election in history, with over sixty million voters
casting ballots by computer for local and national candidates. Microsoft?
Windows?NT? Server 4.0 and Workstation, played a central role in ensuring
the security and integrity of the elections. Modulo Security Solutions, a
member of the Microsoft Security Partners Program, provided the security
design and implementation for the project, and its He@tseeker Pro and
CFW98 products enhanced the already robust security of Windows?NT 4.0. 

For any democratic country, the security and integrity of the electoral
process is a critical issue. However, for Brazil, it assumes perhaps even
greater importance. Allegations of election fraud in the early 1980s could
have undermined the confidence of the Brazilian people in the integrity of
the electoral process. It was vital that the process be improved to
prevent fraud and to allow election officials to prove that the elections
had been conducted fairly.  Brazil has solved the problem in a way that
not only improves the integrity of the election process, but also makes it
more convenient for voters. Where most countries, including high-tech ones
like France, Germany, Great Britain and the United States still use paper
ballots, Brazil has made the decision to apply technology to democracy,
and has embraced electronic elections. 

The first use of computers in Brazilian elections was in 1990, in Santa
Catarina State. Voters used paper ballots to cast their votes, and
election workers used a computer network to quickly enter the results of
local voting and send the data to the state voting center for tabulation.
Since then, the use of computers in Brazilian elections has skyrocketed.
In 1994, computer-based tabulation was expanded nationwide. 

In the 1996 elections, voters were able to actually cast their ballots
electronically for the first time. The Brazilian government dramatically
improved the performance and security of the network by basing it on the
Windows?NT operating system, and almost a third of Brazil's 100 million
voters cast their votes electronically.  1998 Elections: Largest
Electronic Elections

The most recent elections were held in late 1998, and were the largest
electronic elections in history. Over sixty million Brazilian voters?57
percent of the voting population?voted electronically in elections for
local, state and national offices. In accordance with Brazilian law, an
initial election involving all candidates was held in October, and a
run-off election between the top two vote-getters for each office was held
in November. When the results were tabulated, Brazil had elected its
President, 27 Senators, 27 Governors, and over 2000 state and local

The network that made the election possible is the largest IP network in
Latin America, consisting of over 5000 Windows?NT-based workstations and
500 Windows?NT-based servers, linking more than 5000 voting centers in
2800 cities across Brazil. When a voter arrives at the polling place and
presents identification, an election official consult a voter information
database and verify that the person is entitled to vote. The voter then
uses an electronic voting device that, for each office, displays the
choices and prompts him for his vote. (If the place uses a traditional
paper ballot, election officials manually enter his vote into the system).
Local computers process the vote, and update a running tally that is kept
by a handful of Unix-based machines at the national election headquarters.
When the polls close, the results are published via the Internet. 

"The [Windows?NT-based] project was very successful," says Paulo Cesar
Camar?o, Chief Information Officer of Brazil's Supreme Electoral Court,
which conducts and audits the nation's elections. "Our electronic voting
system is the only one of its kind in the world." United Nations observers
agreed, concluding that the election was fairly conducted with no
incidents of fraud. 

Convenience and Security

The Windows?NT-based network significantly improves the ease, convenience
and secuity of voting. Brazilian voters don't need to wait in long lines,
as voters in other countries often do, because officials can quickly
verify voters' identities and voters can cast their ballots more quickly
using the electronic voting devices.  Likewise, publishing the election
results via the Internet makes the process much more timely. It's no
longer necessary to wait for days after the polls close. Instead, the
votes are tabulated as they are cast, and the results can be announced
almost immediately after the polls close. 

More importantly, though, the system dramatically improves the security
and integrity of the electoral process. Access to the network is
rigorously controlled to ensure that only authorized officials can access
it. For example, accessing an administrator account requires a password
from a security officer that is only valid for a single logon. All data
transmitted through the network?everything from voting results to
e-mails?is encrypted using strong 128-bit cryptography. Even physical
access to certain computers is controlled. 

In addition, the network constantly monitors itself for any indication of
an attack. It checks every request to access data or system resources, and
alerts election officials at the first sign of an intrusion. This is
complemented by a comprehensive auditing system that records every access
to computers, services, programs, or files, thereby allowing officials to
conduct a review after the election to prove that the system was secure at
all times. 

Microsoft and Modulo Make the System Possible

Windows?NT 4.0 Server and Workstation provided the security architecture
and the performance and manageability features that were needed to support
a network of this size, complexity, and importance. Modulo Security
Solutions made a great solution even better by supplying its He@tseeker
Pro and CFW98 products, and by providing security expertise to the
project. Modulo, which has provided security leadership to all of Brazil's
electronic elections, is the only Brazilian company that is a member of
the Microsoft Security Partners Program. 

He@tseeker Pro and CFW98 enabled election officials to establish and
enforce security policies, and to verify that they were complied with.
He@tseeker Pro provides Internet and Intranet access control, auditing,
and data encryption. It extends the idea of a firewall; where traditional
firewalls protect only the entry and exit points of a network, He@tseeker
Pro moves the point of protection to every computer in the network and
every object that needs protection. CFW98 complements He@tseeker Pro by
providing authentication and centralized security administration in
accordance with network security policies, as well as robust auditing
functions. "The two products work hand-in-hand; where He@tseeker Pro
protects the individual machines in the network, CFW98 provides
system-wide enforcement of security policies," says Fernando Nery,
President of Modulo. 

Modulo also provided comprehensive consulting services, including planning
and implementing the network's security infrastructure, providing risk
assessment services, developing comprehensive security guidelines for the
network, and providing security training to the 550 network administrators
and technicians who operated the system. "This was a great example of the
interrelationship between the technology and policy aspects of security," 
says Nery. "Windows?NT, He@tseeker Pro and CFW98 provide the security
technology?the architecture that makes it possible to protect networks and
data. Our consulting services provide the security policy, ensuring that
the network design and the operational procedures will properly implement
the technology to provide airtight security."  Expanding the Program

The 1998 election was latest in a nearly decade-long string of successful
electronic elections. As Mr. Camarao notes, "The Supreme Electoral Court
is extremely satisfied and proud to have been able to better serve the
citizens' needs through the improvement and credibility of the country's
electoral system."  However, Brazil intends to continue expanding
"electronic democracy." By 2002, Brazilian officials hope to have a 100%
electronic national election.  In addition, the government is looking into
ways to further improve the system. But the fundamental
requirement?rock-solid security?already is being met by Windows?NT and
Modulo's security products. 

Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]

----- End forwarded message -----