The electronic voting device as an instrument to guarantee popular sovereignty and the integrity of suffrage in Brazil
The Brazilian electronic voting machine represents the central pillar of the contemporary electoral system in the country, having been developed to mitigate historical fraud associated with voting by paper ballot. Since its implementation, the technology used by the Superior Electoral Court (TSE) has evolved to constitute a complex ecosystem of hardware and software, designed to ensure that the voter’s will is recorded and verified accurately. Trust in the democratic process, in this context, directly depends on the technical understanding of the defense mechanisms that prevent data manipulation.
Roles of defense mechanisms
The primary function of electronic ballot box security is not just to register the vote, but to ensure the three fundamental principles of information security: confidentiality, integrity and availability. The systems are designed to ensure that the vote is secret (confidentiality), that it is not altered after registration (integrity) and that the equipment functions correctly throughout the voting period (availability).
Furthermore, the security architecture is responsible for allowing process auditability. This means that, although the vote is anonymous, the system must provide mathematical and physical proof that the software running in the ballot box is legitimate and that the results obtained correspond exactly to the votes entered by voters. To achieve this, a combination of physical and logical barriers is used, preventing external attacks and ensuring that only the official TSE software runs on the equipment.
History and evolution of the system
The origins of the electronic ballot box date back to the 1990s, in a scenario where fraud in the paper ballot system — such as the “little vote” and filling in blank ballots during counting — were recurring challenges to the legitimacy of elections. The development of the project began in 1995, under the coordination of researchers from the National Institute for Space Research (INPE) and the Aerospace Technical Center (CTA), meeting a demand from the TSE.
The first official use occurred in the 1996 municipal elections, covering capitals and municipalities with more than 200 thousand voters. The implementation was gradual, reaching 100% of the electorate in the 2000 general elections. Since then, the equipment has undergone several hardware updates, with new models (such as the UE2020) incorporating faster processors and new security features, without changing the fundamental logic of isolated operation that characterizes the Brazilian system.
How encryption works and integrity
To understand how electronic voting machine encryption works and why it is secure, it is necessary to analyze the “Chain of Trust”. The ballot box is an isolated device, without any internet connection mechanism (it does not have network cards, Wi-Fi or Bluetooth). Logical security is based on asymmetric cryptography and digital hashes.
The technical security process operates in the following steps:
- Digital Signing and Sealing Ceremony: Before the elections, the source code of the programs is inspected by supervisory entities (political parties, OAB, Public Ministry, universities). After validation, the software is digitally “signed” by the TSE and the authorities present. This signature creates a unique “fingerprint” of the system;
- Hardware Barrier: The electronic voting machine has proprietary security hardware. When turned on, the equipment verifies that the software’s digital signatures correspond to the official TSE keys. If the software has been modified (even minimally), the signature will not match and the ballot box will not work;
- Data Encryption: Votes are recorded randomly in the Digital Vote Registry (RDV), preventing the voting order from revealing the voter’s identity. These files are protected by robust encryption algorithms, ensuring that only the official TSE system can read and account for the data.
Security lies in the fact that any attempted intrusion or alteration of the software would alter the digital digest (hash) of the file, which would be immediately detected by hardware integrity verification mechanisms and public testing.
Importance of auditability and social impact
The robustness of the electronic voting machine has a direct impact on political and social stability, as it allows votes to be totaled in record time, reducing the period of post-election uncertainty that historically generated tensions. Auditability is guaranteed by several public instruments, such as the Zerésima (report printed before voting proving that the ballot box has zero votes) and the Ballot Ballot (BU), printed at the end of the election, which allows any citizen to check the results of each electoral section.
Furthermore, the Integrity Test, carried out on election day with randomly drawn ballot boxes, simulates a real vote with paper ballots filled out by auditors and compared with the electronic result, proving the correct functioning of the system in a real environment.
The Brazilian electronic voting system is therefore consolidated as a critical State infrastructure, based on overlapping layers of cryptographic and physical security. The combination of auditable code, dedicated hardware, lack of network connectivity and public inspection processes ensures that the voter’s will, expressed in the voting booth, is reliably translated into the official results proclaimed by the Electoral Court.
