Defcon review - Trust, But Verify

I have to admit I’ve taken an interest in these new fangled voting machines. At times the session turned into a political debate, but it was still very useful discussion about the problem with the voting machines and the problem with paper ballots. Despite the problems with the machines the speaker, Robert J. Hansen, was in favor of keeping the machines. There was some talk about Australia’s GPL voting machines. The speaker believed that their system would never work here in the United States. I have to admit I didn’t quite follow his reasoning. He was under the impression that a GPL’d voting system mean that anyone would have the ability to change the voting machine code. Just because something is GPL’d doesn’t mean the project has to accept patches from just anybody. Many GPL’d project will not accept changes from anyone at all. That’s perfectly fine under the GPL. For example, just try submitting a patch to the Apache HTTP project or the Linux kernel. It’s note so easy to get bad code included into these projects. Without cooperation from the project leaders its unlikely that your patch will be included in the main distribution.

The speaker did some analysts on the machines audit logs from an election in Texas and found what could be evidence of tampering with one of the machines. The log showed that some one manually clear the machine every hour or so.