posted verbatum. barf at your leisure...

The Corpus Callosum:

There is no excuse for this. Thanks to the Open Voting Foundation, we now know that the Diebold TS (paperless touch screen voting machine) can be booted from flash memory, bypassing the BIOS that was tested and approved. This can be done without a trace. There is no way to know after an election has been held, which mode the machine was operating in.

The BIOS is the Basic Input-Output System, which is the first software to load when the machine is booted. It potentially could control anything that happens after the bootup. Most computers have only one BIOS. Some have two. Usually, the second is used as a backup. That way, you can upgrade the BIOS, and if the new one does not work, you can easily go back to using the original one.

Of course, the Help America Vote Act (HAVA) calls for all the software to be tested and approved before it is put into a voting machine. It would make sense, then, to construct the machine in such a way, that unapproved software cannot be installed. At the very least, the machine should be designed in such a way that it always is possible to know what software was used. But the Diebold TS was designed in such a way that it would be simple to use unapproved software, and to do so leaving no telltale evidence.

Presumably, once the machine has passed inspection, the BIOS would be known to be good. If you want to have a backup, fine, but it should be possible to verify that both versions are identical.

The full size photo can be seen here. The two Intel E28F640 chips on the board each hold 64MB of flash memory. I assume that when the machine is booted normally, that memory is ignored. When booted in the alternate mode, there is 128MB of memory that comes into play. That is an awful lot of room to play with. Note that is also is possible to boot from an external flash card, which could have much more memory on board. Flash memory can be erased easily; therefore, any tampering would be easy to conceal.

In point of fact, the EPROM BIOS also could be erased. It is a bit more of a production to do so. In order to do that, you would have to remove the chip from the machine. It would make sense to either solder the chip directly onto the board, or to put some kind of tamper-evident seal over it, so that it could not be removed and reprogrammed without leaving some kind of evidence.

It makes sense to have a machine set up like the Diebold TS when prototyping. If you want to test a new version of a BIOS, for example, it would be very nice to have it set up that way. But there is absolutely no reason to have such a configuration on a machine that is intended for secure electronic voting. It is a huge security flaw hole. I won't call it a flaw, because it is possible that it is a feature, not a bug.

There is no excuse for this.