Forwarded From: Alvaro Lima <alimaat_private> Case Study: Brazilian National Elections Providing Security and Integrity to the Largest Electronic Election in the World Brazil is a world leader in electronic elections, having conducted them since 1990. The most recent election, completed in October 1998, was the largest electronic election in history, with over sixty million voters casting ballots by computer for local and national candidates. Microsoft® Windows NT® Server 4.0 and Workstation, played a central role in ensuring the security and integrity of the elections. Modulo Security Solutions, a member of the Microsoft Security Partners Program, provided the security design and implementation for the project, and its He@tseeker Pro and CFW98 products enhanced the already robust security of Windows NT 4.0. For any democratic country, the security and integrity of the electoral process is a critical issue. However, for Brazil, it assumes perhaps even greater importance. Allegations of election fraud in the early 1980s could have undermined the confidence of the Brazilian people in the integrity of the electoral process. It was vital that the process be improved to prevent fraud and to allow election officials to prove that the elections had been conducted fairly. Brazil has solved the problem in a way that not only improves the integrity of the election process, but also makes it more convenient for voters. Where most countries, including high-tech ones like France, Germany, Great Britain and the United States still use paper ballots, Brazil has made the decision to apply technology to democracy, and has embraced electronic elections. The first use of computers in Brazilian elections was in 1990, in Santa Catarina State. Voters used paper ballots to cast their votes, and election workers used a computer network to quickly enter the results of local voting and send the data to the state voting center for tabulation. Since then, the use of computers in Brazilian elections has skyrocketed. In 1994, computer-based tabulation was expanded nationwide. In the 1996 elections, voters were able to actually cast their ballots electronically for the first time. The Brazilian government dramatically improved the performance and security of the network by basing it on the Windows NT operating system, and almost a third of Brazil's 100 million voters cast their votes electronically. 1998 Elections: Largest Electronic Elections The most recent elections were held in late 1998, and were the largest electronic elections in history. Over sixty million Brazilian voters—57 percent of the voting population—voted electronically in elections for local, state and national offices. In accordance with Brazilian law, an initial election involving all candidates was held in October, and a run-off election between the top two vote-getters for each office was held in November. When the results were tabulated, Brazil had elected its President, 27 Senators, 27 Governors, and over 2000 state and local officials. The network that made the election possible is the largest IP network in Latin America, consisting of over 5000 Windows NT-based workstations and 500 Windows NT-based servers, linking more than 5000 voting centers in 2800 cities across Brazil. When a voter arrives at the polling place and presents identification, an election official consult a voter information database and verify that the person is entitled to vote. The voter then uses an electronic voting device that, for each office, displays the choices and prompts him for his vote. (If the place uses a traditional paper ballot, election officials manually enter his vote into the system). Local computers process the vote, and update a running tally that is kept by a handful of Unix-based machines at the national election headquarters. When the polls close, the results are published via the Internet. "The [Windows NT-based] project was very successful," says Paulo Cesar Camarão, Chief Information Officer of Brazil's Supreme Electoral Court, which conducts and audits the nation's elections. "Our electronic voting system is the only one of its kind in the world." United Nations observers agreed, concluding that the election was fairly conducted with no incidents of fraud. Convenience and Security The Windows NT-based network significantly improves the ease, convenience and secuity of voting. Brazilian voters don't need to wait in long lines, as voters in other countries often do, because officials can quickly verify voters' identities and voters can cast their ballots more quickly using the electronic voting devices. Likewise, publishing the election results via the Internet makes the process much more timely. It's no longer necessary to wait for days after the polls close. Instead, the votes are tabulated as they are cast, and the results can be announced almost immediately after the polls close. More importantly, though, the system dramatically improves the security and integrity of the electoral process. Access to the network is rigorously controlled to ensure that only authorized officials can access it. For example, accessing an administrator account requires a password from a security officer that is only valid for a single logon. All data transmitted through the network—everything from voting results to e-mails—is encrypted using strong 128-bit cryptography. Even physical access to certain computers is controlled. In addition, the network constantly monitors itself for any indication of an attack. It checks every request to access data or system resources, and alerts election officials at the first sign of an intrusion. This is complemented by a comprehensive auditing system that records every access to computers, services, programs, or files, thereby allowing officials to conduct a review after the election to prove that the system was secure at all times. Microsoft and Modulo Make the System Possible Windows NT 4.0 Server and Workstation provided the security architecture and the performance and manageability features that were needed to support a network of this size, complexity, and importance. Modulo Security Solutions made a great solution even better by supplying its He@tseeker Pro and CFW98 products, and by providing security expertise to the project. Modulo, which has provided security leadership to all of Brazil's electronic elections, is the only Brazilian company that is a member of the Microsoft Security Partners Program. He@tseeker Pro and CFW98 enabled election officials to establish and enforce security policies, and to verify that they were complied with. He@tseeker Pro provides Internet and Intranet access control, auditing, and data encryption. It extends the idea of a firewall; where traditional firewalls protect only the entry and exit points of a network, He@tseeker Pro moves the point of protection to every computer in the network and every object that needs protection. CFW98 complements He@tseeker Pro by providing authentication and centralized security administration in accordance with network security policies, as well as robust auditing functions. "The two products work hand-in-hand; where He@tseeker Pro protects the individual machines in the network, CFW98 provides system-wide enforcement of security policies," says Fernando Nery, President of Modulo. Modulo also provided comprehensive consulting services, including planning and implementing the network's security infrastructure, providing risk assessment services, developing comprehensive security guidelines for the network, and providing security training to the 550 network administrators and technicians who operated the system. "This was a great example of the interrelationship between the technology and policy aspects of security," says Nery. "Windows NT, He@tseeker Pro and CFW98 provide the security technology—the architecture that makes it possible to protect networks and data. Our consulting services provide the security policy, ensuring that the network design and the operational procedures will properly implement the technology to provide airtight security." Expanding the Program The 1998 election was latest in a nearly decade-long string of successful electronic elections. As Mr. Camarao notes, "The Supreme Electoral Court is extremely satisfied and proud to have been able to better serve the citizens' needs through the improvement and credibility of the country's electoral system." However, Brazil intends to continue expanding "electronic democracy." By 2002, Brazilian officials hope to have a 100% electronic national election. In addition, the government is looking into ways to further improve the system. But the fundamental requirement—rock-solid security—already is being met by Windows NT and Modulo's security products. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:18:56 PDT