[rbanffy]

> I believe that online voting is a fundamentally bad idea

I (I worked in the Brazilian electronic voting system in 2002) agree. That's why the voting machines can't connect to the internet and voting is completely offline (totalization is entirely based on signed files in flash cards transferred via sneakernet under strict chain-of-custody protocols).

Another aspect of the election that's very important in Brazil is secrecy of the vote - to the point that, if a voting machine records only votes to a single candidate (effectively disclosing the option of all its voters) it's either discarded or merged with another machine in the same polling place.

[Scoring6931]

In the Brazilian electronic voting system, there is no mechanism to check that the counting on each machine was performed correctly. Validation only occurs after that point.

So if the machine somehow subtracts 256 votes from one candidate and transfers them to another, the total remains the same and this discrepancy isn't caught.

It sounds ludicrous, but actually has happened before: https://www.youtube.com/watch?v=AaZ_RSt0KP8

This is just one example of how the Brazilian system isn't ideal. The criticism against it is very well supported by sound arguments, and it's a shame that it got politicised. It's a pure technical matter.

[tmottabr]

this is done by auditions in the code and all the steps from compilation to vote consolidation, the code review start years in advance of the election.

The code is made available to all political parties and several third-party organizations for review and auditing, this including several international auditors.

The parties and auditors also monitor all steps of the process from the compilation process, to the loading of the memory cards that will be inserted in the machines with the code, the joining of card and machine that will be sealed, transpoprt of the machines, transport of the memory cards for vote consolidation and the vote consolidation process.

the machine also print a receipt with that machine results, a copy of that can be requested by any person, this can then be used to validated with the post consolidation to ensure what was consolidate and what was in the machine match.

The election process in Brasil does not rely only in the electronic side, there are several processes in place to ensure fraud does not happen and each step is monitored and audited.

[rbanffy]

> The code is made available to all political parties and several third-party organizations for review and auditing, this including several international auditors.

Anyone can register to audit it.

> process from the compilation process, to the loading of the memory cards

Don't forget the code signing. Unsigned binaries can't be executed.

> the joining of card and machine that will be sealed

With tamper-proof seals.

[Scoring6931]

You didn’t address anything I said.

The receipt only contains the number of votes for each candidate. It does not validate if X people actually have voted in candidate A. So if the machine transfer a certain number of votes between candidates, it does not raise any flags.

Such scenario can be detected by printed vote receipts in addition to the electronic ballot.

Watch the video I posted.