V Workshop de Tecnologia Eleitoral (WTE)

Palestra curta 1: "A Voting Protocol with Unconditional Privacy"

Resumo: The development of cryptographic electoral protocols gained further traction in the first decades of the twenty-first century, largely due to various advances in science and technology and also motivated by the renewed demands of the various democracies in the context of growing informatization. Central to these protocols is the concept of software independence, which states that an electoral system must produce an evidence trail that allows for integrity checks on the election’s results independently from electronic machinery, all the while preserving voters’ privacy. In such cryptographic systems, however, it seems inevitable that a compromise needs to be made between unconditional integrity of the results and unconditional privacy of the votes, unconditional integrity being the common choice in many of the most prominent protocols. In this sense, this work proposes an electoral protocol that likewise respects the principle of software independence, but that contrasts from many other proposals in its choice of unconditional privacy of the votes under the belief that voters need to be assured eternal secrecy regarding their electoral choices. Furthermore, the proposed protocol enables end-to-end verifiability (E2E-V) of individual votes via a printed receipt issued to each voter, besides providing universal audit features by means of a simple mathematical equation that must hold for a correctly executed election.

Autor: Gabriel Gomes Gaspar (UFMG)

Palestra curta 2: "Esquema de Segurança para Aplicações Desktop Baseado em TPM com Monitoramento"

Resumo: No Teste Público de Segurança de 2019 (TPS 2019), o grupo formado por peritos da Polícia Federal foi capaz de obter uma chave simétrica de cifração, com o consequente controle de uma aplicação e da sua chave privada de assinatura. Assim, houve alteração dos dados de configuração que alimentavam a UE. Apesar de o alcance prático do resultado obtido pelo grupo ser limitado e de fácil identificação, o TSE construiu uma solução robusta baseada em hardware para contrapor esse ataque às aplicações desktop.

Autores: José Monteiro, Lucas Guimarães, Saulo Lima, Marcus Amorim, Rodrigo Coimbra (TSE)

Palestra curta 3: "Aspectos de Segurança da Cadeia de Boot da UE"

Resumo: A existência de um processo de boot seguro é essencial para a execução confiável dos sistemas embarcados. Assim, é preciso executar um código livre de inserções maliciosas (overbuilding) desde o início, para evitar que um atacante possa penetrar posteriormente no sistema. Este trabalho aborda a segurança dos dispositivos pela ordem normal em que são ativados durante o processo de boot. Assim, primeiramente são abordados aspectos de hardware, com os riscos referentes aos ataques invasivos, ou semi-invasivos, e não-invasivos.

Autores: José Monteiro, Lucas Guimarães, Saulo Lima, Marcus Amorim, Rodrigo Coimbra (TSE)

Palestra: "Election Verifiability and Postal Voting"

Resumo: While in-person voting and Internet voting attracted most of the attention in the academic community during the last decades, vote-by-mail may be the voting method with the fastest growing adoption, with 46% of ballots submitted by mail in the last US presidential election for instance, compared to 21% in 2016. In this talk, I will explore how verification options can be added to a vote-by-mail process, in order to offer a voter guarantees that her vote was properly recorded and counted. In particular, I will discuss a specific proposal that is currently under review in Belgium, as a voting option that could be offered to Belgians living abroad during the next federal elections.

Prof. Olivier Pereira, Ph.D. (ICTEAM, IPL, Université catholique de Louvain)
Minibio: Olivier Pereira is a full professor of cryptography in the Crypto Group at UCLouvain, and has held invited positions at MIT, NTT, ENS Cachan, Université catholique de Bukavu, the University of Melbourne, and Rice University. His research interests cover a broad range of subjects related to cryptographic protocols, focusing on fundamental questions about security models and provable security, up to application aspects. Voting systems is a primary application domain for his research: he co-designed the Helios verifiable Internet voting system, which has been used to collect millions of votes during the last 10 years, and the STAR-Vote verifiable in-person voting system. He also reviewed existing voting systems, and his work contributed to the suspension of Internet voting for government elections in Switzerland since 2019.

Palestra: "Enhancing Believability in Elections"

Resumo: In the late 1980's, a small cadre of computer scientists became concerned about the gradual introduction of voting systems whose digital vote tallies could not be independently confirmed for correctness. Following the controversial 2000 U.S. Presidential election, equipment vendors convinced many election officials to replace their problematic punchcards and aging mechanical lever machines with "Black Box" electronic voting systems. But, as reports of systemic failures and evidence of "vote flipping" with these devices continued to increase, the concept of Voter Verified Paper Ballots (VVPB), introduced earlier by the computer scientists, began to gain general acceptance and adoption, in the United States and other democratic countries world-wide. Also in the early 2000's, Brazil wanted the ability to provide checks and balances in their tabulation of election results, and initially commissioned a VVPB system from ProComp (later Diebold) for use in about 3% of the precincts. This deployment swiftly turned problematic, as the designers had not taken into account the nation's diverse climates, resulting in equipment failures and long delays at polling locations. Instead of seeking to adopt safer and more reliable paper mechanisms, they instead removed the audit trail entirely from the electronic urnas. Now, two decades later, the government continues to reject features that would provide essential election tallying assurances. This "once bitten, twice shy" (uma vez mordido, duas vezes timido) attitude has undermined the adoption of methodologies that would enable independent confirmation of the vote totals. This presentation explains the inherent security flaws in fully electronic voting systems, and suggests ways in which VVPB could be reliably implemented in order to enhance believability and confidence in election results.

Rebecca Mercuri, Ph.D. (Notable Software)
Minibio: Dr. Rebecca Mercuri is the founding President of Notable Software, Inc., where she provides digital forensic investigations, expert witness services, and computer security compliance evaluations. Dr. Mercuri's Ph.D. (University of Pennsylvania, School of Engineering and Applied Science) thesis -- "Electronic Vote Tabulation: Checks and Balances" -- has been hailed as a "dissertation that changed the world." Her efforts in behalf of transparent ballot counting include testimony in Bush v. Gore and many federal, state and local hearings, including recent ones on this subject in Brazil. Rebecca has published frequently on election technology, digital forensics, and cybersecurity. Her June 2021 article, with Dr. Peter Neumann, "The Risks of Election Believability (or Lack Thereof)" in the Communications of the ACM, elaborates on and expands many of the topics covered in this lecture.

11:45 - 12:15

Painel: "The Future of Voting Technology"

Mediadores: Paulo Matias (UFSCar) e Jeroen van der Graaf (UFMG)

Resumo: Voting technology is essential in several contexts. From country-wide elections to choosing representatives of local associations, technology can enhance user experience and provide security properties to the voting process. This roundtable discussion will invite researchers from different backgrounds to discuss their perceptions of the future of voting technology.

Olivier Pereira (UCL)

Rebecca Mercuri (Notable Software)

José Roberto Menezes Monteiro (TSE)
Minibio: José Roberto Menezes Monteiro é Engenheiro Eletricista/Eletrônico formado na Universidade de Brasília – UnB em 1976. Mestre em Engenharia Nuclear pelo IPEN da Universidade de São Paulo – USP em 1980. Ex-Doutorando do Instituto de Computação da Universidade Estadual de Campinas – UNICAMP. Atuou por 32 anos no Centro de Pesquisa e Desenvolvimento em Segurança das Comunicações - CEPESC/ABIN/PR, de onde se aposentou em 2012. Ex-Coordenador do Laboratório LATIM-Renasic (Lab.Virtual de Implementações em Criptografia). Atua em SIC na Sevin/TSE desde ago/2015.

Rodrigo Coimbra (TSE)
Minibio: Rodrigo Coimbra é bacharel e mestre em Ciência da Computação pela Universidade de Brasília. É Analista Judiciário – Especialidade Análise de Sistemas no Tribunal Superior Eleitoral desde agosto de 2007. É programador e chefe da Seção de Voto Informatizado, que é a unidade responsável pelo desenvolvimento do conjunto de software do Ecossistema da Urna.