Saturday, August 30, 2008

Cheat a cash register, cheat a voting machine?

The New York Times reports on "zapper" technology which allows business owners to change the records in the cash register to reduce the taxes they owe. This is the modern equivalent of not closing the cash drawer between transactions, and then taking the cash out at the end of the day to cheat the tax man (woman?).

No great surprise there - when you make the incentive big enough, people will find a way to work around the system. And when it's really big, systems will be developed - as the article describes, businesses can buy the software, and don't have to do the dirty work themselves.

David Jefferson wrote in a private email (quoted with permission), if you read this article [and] substitute the word "DRE" for "cash register" and "votes" instead of "money"for what is stolen you will have nearly perfect explanation of the danger of malicious code injection in voting systems, complete with falsification of the audit trail to fool the auditors. If it can happen in cash registers, it can happen in DREs.

I believe there are certification requirements for cash registers, and I'd guess that they're stricter than those for voting machines. [I make that guess not because I think cash registers have strong certification, but because I know that voting system certifications are extremely weak.]

When I talk to elected office holders and election officials, they sometimes doubt the technical ability to modify the software to change votes - this is absolute non-theoretical proof that it can be done in an embedded system where tampering has a real-world impact.


Blogger Steven Molkenboer said...

After reading this article I realize that I need to check my POS system on security level.Because I got big rateil that consists of other chain of markets.How I can make my POS system clean?
If you are professional in this field, please, can you email me at
Also, I got this POS system

5:16 AM  
Blogger Sebastian Paul said...

I read your blog on daily basis. epos This is really great and informative post. Thanks for sharing.

6:32 AM  

Post a Comment

Subscribe to Post Comments [Atom]

<< Home