I am proud to announce the completion of my Post-Graduate Capstone Project, titled "Digital Petitions and the Legal Validity of Popular Will", for my specialization in Digital Security, Governance, and Data Management at PUCRS. This project, with a score of 10/10, provides a technical solution for one of the most powerful democratic tools in Brazil: the Popular Initiative (Projeto de Iniciativa Popular).

The Problem: Digital Signatures Without Legal Weight

In Brazil, citizens have the constitutional power to "force" the National Congress to process a new law if they gather enough verified signatures. This was the engine behind the famous "Lei da Ficha Limpa" (Clean Slate Law), a citizen-led movement that successfully barred corrupt politicians from office.

While many popular online petition platforms exist today, they offer only symbolic pressure rather than true legal validity. Because these services often rely on simple email verification, they lack the technical rigor required to prove authenticity or prevent bot manipulation. Consequently, while they may capture public attention, they do not meet the strict evidentiary standards of the Brazilian Legislative Power to actually trigger a new law process.

My project, "Petição Brasil", bridges this gap by turning digital participation into a legally binding act.

Collecting physical signatures in a country of continental dimensions like Brazil is a logistical nightmare. To be valid, a proposal needs 1.5 million signatures from across the country. Managing paper forms from the Amazon to the southern borders is slow, expensive, and highly vulnerable to fraud.

The Technical Solution: Petição Brasil

I developed a full-stack platform using Python and Django to solve this scalability problem while maintaining maximum security.

How It Ensures Digital Trust

ICP-Brasil Integration: The system utilizes Brazil's federal Public Key Infrastructure (ICP-Brasil). For my Canadian colleagues, this is a Qualified Electronic Signature (QES) that provides a legal presumption of authenticity.

The CIANA Framework: To prevent bot manipulation and "fake" signatures, I implemented the Information Assurance concept using the CIANA Pentagon (Confidentiality, Integrity, Availability, Authenticity, and Non-repudiation).

Custody Chain Certificate: Every signature generates an automated Chain of Custody. This provides a forensic-grade audit trail, ensuring the petition's integrity is never compromised and is admissible in court.

By digitizing this process, we move from months of manual verification to instant, secure, and legally binding civic participation.

5-Layer Verification System

1. PKCS#7 Cryptographic Validation (pyhanko)
- Validates signature structure and integrity
- Confirms PDF hasn't been modified after signing
- Verifies signature was created with certificate's private key

2. ICP-Brasil Certificate Chain Verification
- Traces certificate to trusted Brazilian government roots
- Uses Authority Information Access (AIA) for intermediate certificates
- Validates each cryptographic signature in the chain

3. Real-Time Revocation Check (~10ms with caching)
- Checks cached CRLs (Certificate Revocation Lists)
- Falls back to OCSP when needed
- Automatically rejects revoked/expired certificates

4. Certificate Type Validation
- Accepts only CPF (individual) certificates
- Rejects CNPJ (company) certificates
- Parses ICP-Brasil OID fields (2.16.76.1.3.x)

5. Content Integrity Verification
- Validates petition UUID embedded in signed PDF
- Verifies SHA-256 content hash
- Ensures document matches original petition

The Game-Changer: Popular Initiative Bills

Brazil's Constitution (Art. 61, §2°) requires verified signatures from 1% of the electorate for popular bills. The traditional process takes months/years to collect physical signatures, requires manual verification (expensive and error-prone), and has a high barrier to entry.

Our project provides:
- Instant signature verification (10 seconds)
- Strong cryptographic proof
- Real-time transparency and audit trail
- 100% free
- Sign from anywhere (mobile-friendly)

Each signature generates a Custody Chain Certificate with a complete verification timeline, ICP-Brasil certificate details (serial, issuer, validity), SHA-256 hash of verification evidence, QR code for instant public verification, and legal validity equivalent to notarized documents.

This creates a credible foundation for formal submission to national or state assemblies.

Tech Stack: Python, Django, cryptography, pyhanko, pypdf, PostgreSQL, Celery (async processing)

The Vision: Making constitutional democracy accessible to every Brazilian citizen — not just those who can afford lobbyists.

• View the prototype: Petição Brasil
• The paper is here: Final Paper