Anyone expecting an ‘election audit’ from Brazil’s Ministry of Defense (DOD) report released today, as private groups have done recently ( here , here and here ), was sorely disappointed.
Contrary to what has been described and believed, the purpose of this 60-page DOD technical report of analysis, conducted by From 2 to 19 August 2022.
Nothing more, nothing less.
Whether there was electoral fraud, as feared by millions of protesting Brazilians, remains in the dark.
The report does not include a post-election evaluation of the ballot boxes, an audit of the ballots, or a full election audit.
But it says the ballot box can be tampered with because it is not exempt from malicious code posing security problems.
It also noted that access to the source code and several other requests had been denied.
The Brazilian DOD describes the objective of the report as follows:
It is not the purpose of this document to assess the security level of the FSPA. Therefore, the sole purpose of describing the findings resulting from the inspection process is to provide the election tribunal with suggestions for possible improvements from the perspective of an independent and impartial inspection agency.
And even this analysis should be taken seriously since the High Electoral Court of Tirana Stock Exchange had defined restrictions for access to the system and the analysis of the source code, as listed below:
- Only static analysis was allowed, that is, it was impossible to execute the source codes, which resulted in not understanding the order of execution of individual parts of the system and the operation of the system as a whole.
- Each unit had a copy of the source code. The code was accessed through the computers of the Tirana Stock Exchange. The Tirana Stock Exchange allowed technicians to enter the inspection room with only paper and pencil.
- No access was given to the version control system of the Tirana Stock Exchange, so it was not possible to compare the compiled version with the version being inspected, nor was it possible to verify that the source codes matched.
- This means that there is no certainty that the code in the ballot boxes is the same as the one that has been verified.
- Access is not granted to software libraries developed by third parties and referenced in the source code, limiting the understanding of the audited system; AND
- Testing limitations in the analysis environment made it difficult to test a complex system with more than 17 million lines of source code.
In light of the above, “it was impossible to prove that the system was working properly,” the Ministry of Defense concluded, leaving the country stranded in no man’s land.
