Professor Ed Felten passes along the best summary I’ve seen of this week’s report of serious Diebold Voting Machine Flaws:
The attacks described in Hursti’s report would allow anyone who had physical access to a voting machine for a few minutes to install malicious software code on that machine, using simple, widely available tools. The malicious code, once installed, would control all of the functions of the voting machine, including the counting of votes.
Hursti’s findings suggest the possibililty of other attacks, not described in his report, that are even more worrisome.
In addition, compromised machines would be very difficult to detect or to repair. The normal procedure for installing software updates on the machines could not be trusted, because malicious code could cause that procedure to report success, without actually installing any updates. A technician who tried to update the machine’s software would be misled into thinking the update had been installed, when it actually had not.
On election day, malicious software could refuse to function, or it could silently miscount votes.
A voting machine is just another computer. And those of us who study computer security know that there are some immutable rules. Like, for instance:
Law #1: If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore
Law #2: If a bad guy can alter the operating system on your computer, it’s not your computer anymore
Law #3: If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore
And when your computer is a voting machine, that last rule needs to be edited just a little bit: If a bad guy has unrestricted physical access to your computer, it’s not your government anymore.
Scary stuff.
Ed Bott 
Maryland is one of the places where the Diebold systems are in use, I used one in the last election. The systems were put out on stand-up pedestals with a small cardboard privacy shield propped up on the top of the table around the system so nobody could peek at your screen. The voting was pretty straightforward, but when I finished there was absolutely no physical record of the votes I had just made. Anybody who works with computers knows this is a really terrible way to run a mission-critical application. There is much
better security on slot machines than voting machines.
In November of 2008, we’re all going to wish we’d stayed with punch cards and hanging chads.
I’m not so sure what it would take to convince me that my voting machine is untampered, but I have a hard time seeing us using paper ballots as we move further away from an agragarian, and industrial market based society and through the age of information. Maybe Las Vegas should be making our voting machines – you can bet on an election can’t you?