[ISN] Brazilian National Elections (security in voting)

From: mea culpa (jerichoat_private)
Date: Sat Feb 13 1999 - 02:07:11 PST

  • Next message: mea culpa: "[ISN] Vienna Teen Jailed in Computer Crime"

    Forwarded From: Alvaro Lima <alimaat_private>
    Case Study: Brazilian National Elections
    Providing Security and Integrity to the Largest Electronic Election in the
    Brazil is a world leader in electronic elections, having conducted them
    since 1990. The most recent election, completed in October 1998, was the
    largest electronic election in history, with over sixty million voters
    casting ballots by computer for local and national candidates. Microsoft®
    Windows NT® Server 4.0 and Workstation, played a central role in ensuring
    the security and integrity of the elections. Modulo Security Solutions, a
    member of the Microsoft Security Partners Program, provided the security
    design and implementation for the project, and its He@tseeker Pro and
    CFW98 products enhanced the already robust security of Windows NT 4.0. 
    For any democratic country, the security and integrity of the electoral
    process is a critical issue. However, for Brazil, it assumes perhaps even
    greater importance. Allegations of election fraud in the early 1980s could
    have undermined the confidence of the Brazilian people in the integrity of
    the electoral process. It was vital that the process be improved to
    prevent fraud and to allow election officials to prove that the elections
    had been conducted fairly.  Brazil has solved the problem in a way that
    not only improves the integrity of the election process, but also makes it
    more convenient for voters. Where most countries, including high-tech ones
    like France, Germany, Great Britain and the United States still use paper
    ballots, Brazil has made the decision to apply technology to democracy,
    and has embraced electronic elections. 
    The first use of computers in Brazilian elections was in 1990, in Santa
    Catarina State. Voters used paper ballots to cast their votes, and
    election workers used a computer network to quickly enter the results of
    local voting and send the data to the state voting center for tabulation.
    Since then, the use of computers in Brazilian elections has skyrocketed.
    In 1994, computer-based tabulation was expanded nationwide. 
    In the 1996 elections, voters were able to actually cast their ballots
    electronically for the first time. The Brazilian government dramatically
    improved the performance and security of the network by basing it on the
    Windows NT operating system, and almost a third of Brazil's 100 million
    voters cast their votes electronically.  1998 Elections: Largest
    Electronic Elections
    The most recent elections were held in late 1998, and were the largest
    electronic elections in history. Over sixty million Brazilian voters—57
    percent of the voting population—voted electronically in elections for
    local, state and national offices. In accordance with Brazilian law, an
    initial election involving all candidates was held in October, and a
    run-off election between the top two vote-getters for each office was held
    in November. When the results were tabulated, Brazil had elected its
    President, 27 Senators, 27 Governors, and over 2000 state and local
    The network that made the election possible is the largest IP network in
    Latin America, consisting of over 5000 Windows NT-based workstations and
    500 Windows NT-based servers, linking more than 5000 voting centers in
    2800 cities across Brazil. When a voter arrives at the polling place and
    presents identification, an election official consult a voter information
    database and verify that the person is entitled to vote. The voter then
    uses an electronic voting device that, for each office, displays the
    choices and prompts him for his vote. (If the place uses a traditional
    paper ballot, election officials manually enter his vote into the system).
    Local computers process the vote, and update a running tally that is kept
    by a handful of Unix-based machines at the national election headquarters.
    When the polls close, the results are published via the Internet. 
    "The [Windows NT-based] project was very successful," says Paulo Cesar
    Camarão, Chief Information Officer of Brazil's Supreme Electoral Court,
    which conducts and audits the nation's elections. "Our electronic voting
    system is the only one of its kind in the world." United Nations observers
    agreed, concluding that the election was fairly conducted with no
    incidents of fraud. 
    Convenience and Security
    The Windows NT-based network significantly improves the ease, convenience
    and secuity of voting. Brazilian voters don't need to wait in long lines,
    as voters in other countries often do, because officials can quickly
    verify voters' identities and voters can cast their ballots more quickly
    using the electronic voting devices.  Likewise, publishing the election
    results via the Internet makes the process much more timely. It's no
    longer necessary to wait for days after the polls close. Instead, the
    votes are tabulated as they are cast, and the results can be announced
    almost immediately after the polls close. 
    More importantly, though, the system dramatically improves the security
    and integrity of the electoral process. Access to the network is
    rigorously controlled to ensure that only authorized officials can access
    it. For example, accessing an administrator account requires a password
    from a security officer that is only valid for a single logon. All data
    transmitted through the network—everything from voting results to
    e-mails—is encrypted using strong 128-bit cryptography. Even physical
    access to certain computers is controlled. 
    In addition, the network constantly monitors itself for any indication of
    an attack. It checks every request to access data or system resources, and
    alerts election officials at the first sign of an intrusion. This is
    complemented by a comprehensive auditing system that records every access
    to computers, services, programs, or files, thereby allowing officials to
    conduct a review after the election to prove that the system was secure at
    all times. 
    Microsoft and Modulo Make the System Possible
    Windows NT 4.0 Server and Workstation provided the security architecture
    and the performance and manageability features that were needed to support
    a network of this size, complexity, and importance. Modulo Security
    Solutions made a great solution even better by supplying its He@tseeker
    Pro and CFW98 products, and by providing security expertise to the
    project. Modulo, which has provided security leadership to all of Brazil's
    electronic elections, is the only Brazilian company that is a member of
    the Microsoft Security Partners Program. 
    He@tseeker Pro and CFW98 enabled election officials to establish and
    enforce security policies, and to verify that they were complied with.
    He@tseeker Pro provides Internet and Intranet access control, auditing,
    and data encryption. It extends the idea of a firewall; where traditional
    firewalls protect only the entry and exit points of a network, He@tseeker
    Pro moves the point of protection to every computer in the network and
    every object that needs protection. CFW98 complements He@tseeker Pro by
    providing authentication and centralized security administration in
    accordance with network security policies, as well as robust auditing
    functions. "The two products work hand-in-hand; where He@tseeker Pro
    protects the individual machines in the network, CFW98 provides
    system-wide enforcement of security policies," says Fernando Nery,
    President of Modulo. 
    Modulo also provided comprehensive consulting services, including planning
    and implementing the network's security infrastructure, providing risk
    assessment services, developing comprehensive security guidelines for the
    network, and providing security training to the 550 network administrators
    and technicians who operated the system. "This was a great example of the
    interrelationship between the technology and policy aspects of security," 
    says Nery. "Windows NT, He@tseeker Pro and CFW98 provide the security
    technology—the architecture that makes it possible to protect networks and
    data. Our consulting services provide the security policy, ensuring that
    the network design and the operational procedures will properly implement
    the technology to provide airtight security."  Expanding the Program
    The 1998 election was latest in a nearly decade-long string of successful
    electronic elections. As Mr. Camarao notes, "The Supreme Electoral Court
    is extremely satisfied and proud to have been able to better serve the
    citizens' needs through the improvement and credibility of the country's
    electoral system."  However, Brazil intends to continue expanding
    "electronic democracy." By 2002, Brazilian officials hope to have a 100%
    electronic national election.  In addition, the government is looking into
    ways to further improve the system. But the fundamental
    requirement—rock-solid security—already is being met by Windows NT and
    Modulo's security products. 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:18:56 PDT