|
|
|
|
|
|
by _trackno5
1034 days ago
|
|
|
Just because those companies have certifications it doesn’t mean they can’t make a mistake. In addition to that, the source code is closed and not generally auditable by third parties. I was a student under Diego Aranha (a cryptography researcher from Brazil, now based in Denmark) many years ago when he got the chance to participate in the public test/audit of the voting system software. At the time they did find issues with the code that would allow you to de-anonimize the votes cast in a voting machine [1]. EDIT: If anyone wants to take a look at the vulnerabilities found at the time, check the paper [2]. In fairness the paper is from 2013, so a lot may have changed. [1] In portuguese https://thehack.com.br/o-dia-que-o-tse-revelou-o-codigo-da-u...
[2] https://www.researchgate.net/publication/313421477_Vulnerabi... |
|
|
That's not correct. While you can't get it from GitHub, there is a process to audit it and any Brazilian citizen (or resident, I'm not sure) over 21 can request and be part of it. The process extends for many months starting the year prior to the election. Input from the multiple audits and tests are valuable in guiding the evolution of the software and hardware.
In Portuguese: https://www.tse.jus.br/internet/temporarios/urna-seguranca/o...