[supercat]

You specify that your technique would not stand up to forensic examination- why do you assume that if a voting machine election was contested, the FBI, FEC, or state police forensic computer lab would not get involved? Especially if the wrong party got elected.

I offered two methods. The first technique is easier to understand, and gives the general principle, but would probably be uncovered with forensic examination. The second technique (compress part of the original code so that the altered code takes up the same amount of space as the original) would be more difficult, if not for all practical purposes impossible, to uncover via forensic means.

In particular, if someone used the latter approach, all sectors of data on the storage media would contain the same data as they would without the hack, except for those parts which the hacker explicitly changed (such as the vote counts). The sectors may not get written in the same order as they would in a legitimate election scenario, so if the inner workings of the media allow one to ascertain the order in which data were written, it may be possible to tell that something fishy was going on. Even that sort of analysis, however, could be complicated if someone knew how the storage media worked.

Insider knowledge would probably be required to produce phony software that could withstand the tougher levels of forensic analysis. On the other hand, good election systems should be immune to even insider attacks provided there is at least one honest person monitoring them.

[DBrow]

I suspect that the Princeton hack requires detailed knowledge of the election setup parameters and the GUI in advance.

Otherwise, the "new" software might at least present a different-looking screen- the software really does not "know" a vote for supercat was cast, it just "knows" that a certain spot on the screen was pressed.

They'd need to know all the details of the display in advance, as well as other things.

Like I said before, what they presented as a serious threat is all words, as far as I have seen.

Let them tackle a machine that they have not had in their possession for a month or two (and programmed with their own "election" which they then hack). Let's have them start with a machine that someone else has set up, give them 20 minutes alone with the machine with security seals on it, and then let's see how effective they are at compromising the system. Let's see them swap the op sys eeprom on camera and put the thing back together!

The level of proof of a real threat they offer is very thin, and no real attempt has been made to verify the claims- much like a college student who "designs" a nuke on paper and gets written up in Time or Newsweek, or some country claiming that they can detect stealth planes like F117 or B2. Or a group of professors who claim that 9/11 or OKC were inside jobs. All have pretty low credibility and high publicity, for political effect.

If code was changed on one storage system, comparison with a verified system would reveal discrepancies. A forensic lab would have a good chance at discovering tampering, especially if they hashed all the memory entries and compared sigs from the hashing.

For now, until I see better proof, I'm asserting that the total system of access control, security seals, and forensic examination will reveal fraud or tampering. Electronic voting offers on the whole less chance for fraud, which is why people don't like it.

On a related matter, I recently read on FR that dems are worried that all their chatter about vote fraud may suppress the Black vote! Because, if their vote is not going to be recorded properly, why bother. Now that's propaganda with unintended consequence.