I received the following information from someone I consider to be a reliable source, who is working on the installation of voting machines for a county that has used paper ballots until now.
The first e-mail I received piqued my interest with the following description of a supposedly tamper-evident seal:
Well, the security on the voting machines is a joke. For the next two to three weeks we'll be doing final software upgrades on the voting machines and 'securing' them with a safety sticker and a zip-tie. The zip-tie -- other than being blue -- is generic. The safety sticker isn't particularly unique. Give me a digital camera and a laserprinter and I could reproduce one. There are no security cameras in the warehouse. There is a samsonite padlock on the cages, except for the back route which is accessible through two locked doors.
On Saturday, they demonstrated the safety sticker to us. After applying a sticker, they opened the voting machine. It was supposed to tear in two or deform. The first time, the sticker came off clean. The second time it came off clean. The third time it bent a bit but didn't tear. They declared the trials a success.
We're supposed to swab down the contact area with alcohol and that's going to make all the difference.
It's murky but my understanding is that the only record kept is internal, a running tally of all votes cast. There is no individual paper record kept separately and compared to the machine tallies. An audit is only as good as the machine's integrity.
With respect to how someone might gain illicit access to the machines, my source had this to say:
For example: the main building, including the offices of the Registrar and the warehouse area is run through by a long corridor, a kind of tunnel. It runs from front parking lot to back parking lot. Mid-way down the corridor, there is a 10-key keypad next to a ladies'/men's room which gives access to the building. Someone remarked to me, as we strolled down the corridor, that 4 of the 10 keys show smudges/heavy wear. That makes it pretty clear that there are 24 combinations (4 factorial) to come up with the proper combination. That corridor is always open and assuming the combination lock works at night (I'd bet my eye teeth on it) and that there is no alarm set at 10 pm (again, I'd bet on it), that gets you to the inside of the building, probably to the gated area, probably to the machines themselves. There is another route through the back which is also secured by two door locks. Neither is especially impressive as locks go. They look like the sort of thing my roommate in graduate school opened with a set of lockpicks, once, for fun, your basic tumbler locks. They are not the magnetic locks I saw in school for labs or rooms with expensive equipment. Either way, at this point you're a skip and a hop from the machines.
According to this source, the good news may be that election officials and contractors are so disorganized:
Ironically, the chaos in the program may be its best security measure. We don't know when the software will be added to the machines and we don't know exactly how much of a gap there is between final loading of software and the sealing the machines and their being rolled onto trucks, taken away, and showing up at precincts. If we load the software this Thursday, then send them out, they're physically *somewhere* and wherever they are, the seals can be broken, the software modified, the seals refashioned. I could tell you by glancing at some pouches we put on a table which machines will go to which precincts. So I know which machines I'd have to track down after they are updated if I want to affect certain precincts (say to change the balance of the House of Representatives). Where those machines will be, back in the warehouse where they are currently or on a truck somewhere, is unclear. Obviously that's important if you want to tamper with them but it's the uncertainty as to where they are that makes it difficult to get to them after this software update, not the machine security and not the building security.
This could be a problem: with no permanent paper record, shoddy software security, and shoddy physical security, it's going to be hard to assure that these elections aren't tampered with.
The picture being painted here is that with a few minutes in a back room somewhere, vote counts on a particular machine could be altered with no evidence of tampering.
It would be so simple to require a permanent paper record that would safeguard every vote, or at least be tamper-evident, in a way that only paper can be. For example, each voting machine could have a spool of tamper-evident paper to record each vote, verified by the voter under glass. These spools would easily show evidence of any tampering, and the spools themselves could be serialized, so you would know if an entire spool went missing. Just an idea -- I know, it'll take millions of dollars and years to implement this advanced technology.