Yep, and if you dig around the web sites of those raising the issues, you'll see that almost all the 'vulnerabilities' are related to the fact that the machines are reprogrammable. The "Radio Shack component" argument is only true with respect to the ability to purchase the component there, you'd then have to have unsupervised physical access to the machine, and (more importantly) a modified copy of the software, in order to affect the outcome of the election. Using the protester's logic, it would be equally accurate to argue that optical scan ballots have security vulnerabilities because you can buy Whiteout and pens at any office supply store.
All voting tally methods of every kind are vulnerable if you let party operatives have access to them. That's why physical security and non-partisan supervision of the entire process is so important. No amount of hardware is ever going to eliminate the need for that.
The genesis of this whole issue is that Diebold made campaign contributions to Republicans, so the left will find flaws with anything they offer. How we'll get the touch screen voting machines the left demanded without an 'evil corporation' being involved in their manufacturer is an unanswered question.
Exactly.
Security is a *process*, not a piece of hardware or software.
Not at such a low level. Off the top of my head, I'd do something along these lines:
Each state election office is given a cryptographic certificate server off of a central root, every action being audited. The state election office is responsible for tracking their machines and signing all BIOS and software updates, as well as issuing smart cards to election officials with certificates on them.
The hardware of each machine has a cryptographic key and basic loader hard-burned. We use a non-BIOS machine and flash memory to hold the OS.
The OS of the machine has a cryptographic key that must authenticate with the key of the hardware. It won't boot unless the keys authenticate (like a TiVo).
At the local level, the election official uses his smart card certificate to start up the machines that he's allowed to. Everything being authenticated, the machine generates a key for this voting session and puts it on the smart card and the corresponding key in the session database.
When voting is over, the machine encrypts and signs the vote tally, signs the system using its key, and puts its keys and the session keys on the smart card. The smart card and the files are taken to the state voting authority for counting. At counting time, the vote files are authenticated against the key, and the machine keys are verified.
With the above system, we know that:
You can do even better having it networked.