The OS machines are "tabulators" rather than touch-screen ATM-style electronic voting machines; the actual vote is cast by the voter manually filling in a circle on a paper ballot, which is then fed into the machine for counting and tabulating. The paper ballot is the actual vote and serves as the paper trail for the vote. To see the entire procedure, please view this video:
So the Sec. of State's office issued this press release yesterday:
UNIVERSITY OF CONNECTICUT APPROVES STATE’S CHOICE OF OPTICAL SCAN VOTING TECHNOLOGY AS SAFEST AND MOST SECUREThe cover sheet of the UConn report has more sobering observations:
UConn supports additional procedural safeguards issued by the Secretary of the State’s office
In a report released today by the University of Connecticut Voting Technology Research Center (VoTeR Center), UConn commends the Secretary of the State for her choice of optical scan voting technology to replace the state’s lever voting machines. According to the report, optical scan voting technology is safer and more secure than any other electronic voting technology available today.
UConn also emphasized the critical importance of tight physical custody procedures to ensure the reliability and accuracy of elections. The university has reviewed and approved the procedures put in place by the Office of the Secretary of the State to further safeguard the election process. Finally, UConn endorses Secretary Bysiewicz’s decision to conduct a random audit in the twenty-five (25) towns that will be using optical scan voting machines on November 7th to ensure the accuracy and reliability of the machines.
We identify a number of new vulnerabilities of this system which, if exploited maliciously, can invalidate the results of an election process utilizing the terminal. Furthermore, based on our findings an AV-OS can be compromised with off-the-shelf equipment in a matter of minutes even if the machine has its removable memory card sealed in place.Obviously there are important concerns that need to be addressed. Bysiewicz’s office will conduct a random manual audit of 20% of the voting machines to ensure they are properly tabulating the votes. But they still need to resolve the issues of machine security, "chain of custody", and the validity of the machine software.
The basic attack can be applied to effect a variety of results, including entirely neutralizing one candidate so that their votes are not counted, swapping the votes of two candidates, or biasing the results by shifting some votes from one candidate to another. Such vote tabulation corruptions can lay dormant until the election day, thus avoiding detection through pre-election tests.
The entire UConn study is available at this link.