As security consultants, we figured we should comment on today's election news.
If you missed the big allegations today, read one of these (which one will probably depend upon your political perspective).
Here's a video of the "Obama to Romney" vote switching in Ohio (those who claim "Obama to Romney" vote switching is occurring in Colorado haven't yet caught it on video)
Is it election fraud?
As much as everyone is looking for a news story out of this, there just really isn't a way to know until one can look at the code -- and by then the election will be over.
Obviously, there is something wrong with this machine, but whether it happened because of a software update or a touch-screen calibration error cannot be known at this time.
What we know about the Ohio claim (since the Colorado one hasn't been substantiated) and what's fueling the claims that it is electoral fraud:
1. That there was a unauthorized (not approved by the Ohio board of elections) software patch that was added by the company that manages the Ohio election source
2. That Mitt Romney's son funded an investment group that put some of its money into voting machine companies in Ohio source
What we know about the machines themselves (and why it might not be electoral fraud):
1. Touch screen devices can be mis-calibrated and often the first place to experience errors, when the touch screen sensor is about to go is the edge (right where the guy in the video above pressed -- The whistle-blower who posted the video may be intentionally pressing to the edge because it is the only place that is producing the error)
2. Popular science shows just how easy it is to hack an electronic voting machine. source, so even if there is a malicious hack, it may not have been the aforementioned software patch
What we know about people and why that matters
No one can know whether this example of vote switching was a malfunction or an intentional switching of the votes on a grand scale, but I would bet on this instance being just a broken machine.
If you were to commit electoral fraud, the place to do it is on the storage and backup of the database of votes, not the machines which record them. A smart criminal would start there.
If you were to hack voting machines, again hacking a single one makes little sense and would probably accomplish very little -- at best it would be the work of an amateur. The smart criminal would have each machine reproduce the error somewhere between the 2-5% of the time on all machines, rather than a single machine doing it all the time. A single machine can be hacked, but would easily be caught as it would stand out statistically. This might make a great news story, but the smart-money electoral fraud would first and foremost look at changing the database or, should that not be feasible, hack a large number of voting machines in swing states at a randomized interval to making catching the error more difficult.
Nonetheless, having a company manage software that can steal an election is a major risk to our electoral process. The scenarios (limited number of gatekeepers, high stakes, large amount of money available) are fully in place for bribes and fraud to flourish.
Even more importantly, it seems like voting machines bring out the worst in partisans and are just another thing that we can argue about. Can't we just go back to the paper ballot? I'd rather the election be accurate and controversy-free and not known for another 2 hours, than this mess.
Final evidence on how electronic voting machines brings out the worst in partisans
If you're not sick and tired of it yet, don't forget to read the comments. :)