Cheat a cash register, cheat a voting machine?
The New York Times reports on "zapper" technology which allows business owners to change the records in the cash register to reduce the taxes they owe. This is the modern equivalent of not closing the cash drawer between transactions, and then taking the cash out at the end of the day to cheat the tax man (woman?).
No great surprise there - when you make the incentive big enough, people will find a way to work around the system. And when it's really big, systems will be developed - as the article describes, businesses can buy the software, and don't have to do the dirty work themselves.
David Jefferson wrote in a private email (quoted with permission), if you read this article [and] substitute the word "DRE" for "cash register" and "votes" instead of "money"for what is stolen you will have nearly perfect explanation of the danger of malicious code injection in voting systems, complete with falsification of the audit trail to fool the auditors. If it can happen in cash registers, it can happen in DREs.
I believe there are certification requirements for cash registers, and I'd guess that they're stricter than those for voting machines. [I make that guess not because I think cash registers have strong certification, but because I know that voting system certifications are extremely weak.]
When I talk to elected office holders and election officials, they sometimes doubt the technical ability to modify the software to change votes - this is absolute non-theoretical proof that it can be done in an embedded system where tampering has a real-world impact.
No great surprise there - when you make the incentive big enough, people will find a way to work around the system. And when it's really big, systems will be developed - as the article describes, businesses can buy the software, and don't have to do the dirty work themselves.
David Jefferson wrote in a private email (quoted with permission), if you read this article [and] substitute the word "DRE" for "cash register" and "votes" instead of "money"for what is stolen you will have nearly perfect explanation of the danger of malicious code injection in voting systems, complete with falsification of the audit trail to fool the auditors. If it can happen in cash registers, it can happen in DREs.
I believe there are certification requirements for cash registers, and I'd guess that they're stricter than those for voting machines. [I make that guess not because I think cash registers have strong certification, but because I know that voting system certifications are extremely weak.]
When I talk to elected office holders and election officials, they sometimes doubt the technical ability to modify the software to change votes - this is absolute non-theoretical proof that it can be done in an embedded system where tampering has a real-world impact.