[DBrow]

For one thing, the video is obviously cut-and-pasted. There is nothing in the visuals that unambiguously verifies what the voiceover is saying. You see multiple cuts of button pushing (without seeing the card being used btw), then more cuts, then ta-dah! A tape with printing on it, which the voice tells us is the result of their Magic Software.

This software is absolutely amazing- it has a long list of functions, all undetectable, it can delete itself without a trace (truly magical- ask a geek if Windows CE allows files to autonomously delete themselves without a trace). The malware can propagate over a network (before deciding to delete itself) and take over the operating systems of other machines without a reboot or detection.

Installing the malware via memory card requires leaving the infected card in the slot after breaking the seal, otherwise a reboot would load the correct software. "Merely" replacing the eeprom requires considerable access, and I doubt that the motherboard can reprogram its own eeprom, so tampering would be evident.

They did not demonstrate that their malware works or even exists- they just made assertions backed up with a video James Randi would throw out in a picosecond. Their written report is filled with caveats like "it could be done", "it is possible that", "it may be.." and so forth.

They even claim that getting access to the eeprom boot chip is undetectable!

In reality, the poll worker would notice that the machine was turned on, and that the security seals were breached (and if the poll worker is in on it you are hosed even with paper ballots). In any case, checking the security seal will reveal tampering. Checking the contents of the memory card will show tampering with that, unless the malware can detect being transported to a forensic computer lab and then erases itself.

The Princeton research should be looked at in the same light as that other example of scholarly research, the proven fact that the WTC collapsed because some team of people pre-planted demo charges, then faked plane crashes. In that case, you have a scholarly written report by real college professors and a pasted-together video on YouTube.

The "fact" that a mini-bar key can open a voting machine remains to be proven. I have seen lots of mini-bars, and most open with the electronic card room key. In Albuquerque, there was a key, and it was not stamped Diebold. The mini-bar key is a made up story- he pulls a Diebold key out of his pocket, says it's a hotel mini-bar key, and the reporter goes, Gosh! with no more follow up than Barbara Walters interviewing Hillary Clinton.

That would only work in the few states where the requirement is that all of the voting machines be keyed the same- not the case everywhere.

What the Princeton prof has done is create a fantasy that allows one to take an election that did not turn out correctly and throw it to the courts, since if there is no sign of tampering, then the entire system must have been tampered with because there is no evidence at all of tampering- just what that Princeton guy says.

Remember the college prof who stated that the Pyramids in Egypt were built by flying black people with wings, but the white people destroyed all the evidence? Maybe you'd find it interesting, if all it takes is a prof with a story.

[supercat]

You see multiple cuts of button pushing (without seeing the card being used btw), then more cuts, then ta-dah! A tape with printing on it, which the voice tells us is the result of their Magic Software.

The video itself is not proof of anything; it is merely an illustration of the points made in their white paper.

Some essential facts gleaned from the white paper were that, at least in the version tested...

1. Someone could boot the machine off a memory card, and have that card alter other software contained in the machine.
2. The machine itself ran code from a medium which was rewritable under program control.
3. Physical security for the machines consisted of a relatively generic low-security lock. Many cheap file cabinets, mini-bars, and other such things use simple locks from a number of vendors. Such locks often have less than 100 different keys across all applications and keys are hard neither to get nor to duplicate.
4. While you are correct that a virus' attempt to spread could be detected if someone examined an infected memory card, this does not imply that it would be detected before an election. Further, infected machines could remove all trace of the virus from themselves after the election. If the virus isn't detected until after an election, it may be impossible to tell which machines were infected and whether such infection affected the election.
5. Although Diebold claims these flaws are fixed, that they exist in the first place is evidence IMHO that Diebold was never serious about security.
6. Nothing I have read gives any indication that Diebold has added any security against insider attacks, which are an even more insidious problem than the outsider attacks noted by the observers. Any machine with such clear weaknesses against outsider attacks will almost certainly have worse weaknesses against insider attacks.

A good voting system should be at least as secure as paper ballots against both outsider attacks and insider attacks. Diebold is perhaps clueless about preventing the latter, since ATMs face very different risks from voting machines (among other things, since ATMs log every transaction, any funny business will be detected and tracked down).

[supercat]

That would only work in the few states where the requirement is that all of the voting machines be keyed the same- not the case everywhere.

BTW, why should Diebold supply any sort of lock? Far better to design the machine so it cannot be opened if a padlock is attached to either/any of two or more spaces. That way each party can supply their representative with a padlock that they trust and not have to worry about whether any voting officials have surreptitiously copied the keys.