Spotted on my votingtech mailing list today:
Md. Democrats Want Outside Voting Machine Audit
[Maryland legislators] asked that the agency [Md's Department of Legislative Services] examine a report issued in September by Science Application International Corp. on security weaknesses in a new computerized voting system the state is prepared to purchase for $55.6 million.
The SAIC report on the system, developed by Diebold Elections Systems Inc., found serious flaws that could allow tampering with election results. The study was a response to a July report by Johns Hopkins University computer scientist Aviel Rubin and colleagues who said the voting system was vulnerable to manipulation.
Electronic Voting: What You Need To Know -- This one's a great intro into the complexity of software, voting and otherwise.
Without a careful security analysis, you can't know what kind of outsider attacks may be possible. Except in the case of the Johns Hopkins paper from last week, where they managed to get their hands on the code through Diebold's carelessness and lack of security. Two graduate students noticed what turned out to be severe security blunders. I don't think it is important to emphasize whether people can hack these particular machines in these particular ways, although I find the problems these grad students found to be worrying. I think the most important thing about that is that it disproves any claim that the manufacturers or the independent testing authorities are actually carefully scrutinizing this code, or for that matter, know anything about computer security. I think we have conclusively disproven that there is anything in this process that guarantees these things are secure.
http://www.wheresthepaper.org/ -- demo on paperless machines producing inaccurate voting results while testing out correct.
Voter Suppression: It Can't Happen To Me -- Includes an overview of fishy election practices from 1982 onwards, and touches on the Republican Party's co-option by the religious right in America.