[DBrow]

I suspect that the Princeton hack requires detailed knowledge of the election setup parameters and the GUI in advance.

Otherwise, the "new" software might at least present a different-looking screen- the software really does not "know" a vote for supercat was cast, it just "knows" that a certain spot on the screen was pressed.

They'd need to know all the details of the display in advance, as well as other things.

Like I said before, what they presented as a serious threat is all words, as far as I have seen.

Let them tackle a machine that they have not had in their possession for a month or two (and programmed with their own "election" which they then hack). Let's have them start with a machine that someone else has set up, give them 20 minutes alone with the machine with security seals on it, and then let's see how effective they are at compromising the system. Let's see them swap the op sys eeprom on camera and put the thing back together!

The level of proof of a real threat they offer is very thin, and no real attempt has been made to verify the claims- much like a college student who "designs" a nuke on paper and gets written up in Time or Newsweek, or some country claiming that they can detect stealth planes like F117 or B2. Or a group of professors who claim that 9/11 or OKC were inside jobs. All have pretty low credibility and high publicity, for political effect.

If code was changed on one storage system, comparison with a verified system would reveal discrepancies. A forensic lab would have a good chance at discovering tampering, especially if they hashed all the memory entries and compared sigs from the hashing.

For now, until I see better proof, I'm asserting that the total system of access control, security seals, and forensic examination will reveal fraud or tampering. Electronic voting offers on the whole less chance for fraud, which is why people don't like it.

On a related matter, I recently read on FR that dems are worried that all their chatter about vote fraud may suppress the Black vote! Because, if their vote is not going to be recorded properly, why bother. Now that's propaganda with unintended consequence.

[supercat]

Let's have them start with a machine that someone else has set up, give them 20 minutes alone with the machine with security seals on it, and then let's see how effective they are at compromising the system.

A good election system should be unhackable, even by someone with full insider knowledge, if there is even one honest person monitoring things. I see no good reason why an election system should be constructed that does not satisfy that criterion.

If code was changed on one storage system, comparison with a verified system would reveal discrepancies. A forensic lab would have a good chance at discovering tampering, especially if they hashed all the memory entries and compared sigs from the hashing.

The problem is that after the election the code in the machine would be exactly as it should be. To thwart forensic analysis one needs to know what types of 'residue' are left by writing to the attached storage media, but unless the systems use hardware that's designed to prevent undetectable rewrites (and I've seen no indication that Diebold has attempted to use such) an attacker could make his software undetectable after the fact.

Perhaps you don't view insider attacks as a real threat, but I see no reason to discount them. Slot machines go to great lengths to prevent insider attacks, and elections can be worth more than a few jackpot payouts.