Back to 18-Feb-04 press release
At Microsoft it's a firing offense to insert "Easter eggs" (secret backdoors) in software, and code is given multiple layers of security reviews. Despite this thousands of MS Easter eggs have been documented, some of staggering proportions (A flight simulator appeared in Excel when the right spreadsheet rows were clicked in the right order.) Recently discovered security holes that let viruses propagate have been in place for almost a decade.
Maryland's SAIC commission on touch screen voting has said in regard to voting system software that its 99.9% certain that maliciously inserted back doors would never be detected via code review.
Virtually all computer experts agree that if you can get unattended physical access to a computer you "own" it.
The Albuquerque Tribune reported that 47 polling machines were destroyed when the truck carrying them crashed. Only because of this serendipity was it learned that the drivers escorting these machines to the polls were 1) drunk, 2) had no driver's licenses, 3) had left the machine unattended in the parking lot of Hooters for hours, and 4) were caught in a part of Albuquerque not on the path to the polls. Despite laws, policies and good intentions our own election officials cannot guard these machines from physical access. Nationally, machines are commonly left protected only by simple locks. Last month it was demonstrated that amateurs could pick the locks on the Diebold system in under ten seconds. The Ohio Secretary of state noted that the same Sequoia systems kiosks New Mexico has approved will go into supervisor mode if an unsecured yellow button on the back is pressed - no lock picking needed.
Of course source code is not what runs on the machines. The complied binary is what is actually loaded. So how do you know that the binary that was loaded corresponds to the human-readeable source that you reviewed? This is a very very tricky technical problem. Source escrow does not address this at all.
Voter data has to be stored and transported somehow; memory cards, disks, or Internet. And it has to be collated on some computer. It has already been proven that the encrypted "tamper-proof" Diebold memory cards are anything but tamper-proof and the votes can be undetectably altered. Not only can vote collation systems modify vote totals, already have they been hacked in actual elections.
In King County (Seattle, Redmond), the election officials found it cumbersome to use Diebold's GEMS database access software due to its security features and limited capabilities. Instead they used an unauthorized tool to directly access the database, bypassing the security system. They had the capability to alter the system logs to erase any record of a change made to vote totals done by this backdoor. Did they make illegal changes and erase the logs? One hopes not, but no one can actually prove it did not happen.
Commonly, a single-use activation card is given to the voter that allows him to go into the "booth" unattended and cast only a single vote. It's been shown already on Diebold systems that these cards can be forged. Worse yet, similar, forgable, cards are commonly used by Election Supervisors to program the machines.
Most "computers" actually contain several embedded slave computers you rarely think about. For example, the graphics card and CD ROMs can contain reprogrammable firmware and would be an excellent place to unobtrusively attack a touch screen system.
Another approach is $50 device, about the size of an olive, that can inserted into any keyboard cable; its called a "key logger" and it's actually an embedded computer that can record and alter any keystrokes or screen presses.