A team of researchers has produced a video demonstrating how to hack into a Diebold electronic voting machine. The short video is worth watching, and provides the public with a close-up look at how vulnerable the machines are to tampering. (One of my favorite parts shows how one member of the research team is able to pick the lock on the memory card door in a few seconds).
The machine hacked by the Princeton team is Diebold's AccuVote TS model, which is no longer used in California. It is, however, used statewide in Maryland and Georgia, as well as in a number of other states. The Princeton team wrote a paper explaining their work in greater detail, which also features several mitigation strategies. They write:
"The most important strategy for mitigating vote-stealing attacks is to use a voter-verifiable paper audit trail (VVPAT) coupled with random audits. The VVPAT creates a record, verified visually by the voter, of how each vote is cast. This record can be either a paper ballot that is deposited by the voter in a traditional ballot box, or a ballot-under-glass system that keeps the paper record within the voting machine but lets the voter see it. A VVPAT makes our vote-stealing attack detectable."
California has a voter-verified paper audit trail law, as well as a law requiring random audits. However, California's "manual count" law, which mandates a public recount of the ballots from one percent of each county's precincts, may not be sufficient to detect fraud or error. The one percent level was set back in 1965, when voting systems were still largely paper-based. In light of the physical and technical insecurities we now know of in Diebold's electronic voting systems, the percentage of ballots to be recounted in California needs to be increased to mitigate the new risks. Another and perhaps better way to avoid these risks is to rely primarily on paper ballot voting systems in the first place.