I wish I still had my original copy of the file (rob-georgia.zip) from back in 2000 showing how that election was fixed. I never was able to crack it and I'm sure it's got some juicy stuff in it.
Diebold still hasn't apologized for forcing angelfire to take down my website.
There's a really simple, straightforward, absolutely secure methodology for voting.
Paper ballots cast under the watchful eye(1) of scrutineers from accredited members of political Parties.
If you absolutely insist upon doing it electronically, there's another methodology. (not necessarily in sequence)
1. The software itself is developed in an open-source environment for all to see (eg. on sourceforge). It makes use of industry standard encryption (eg. AES). Once everybody agrees, there's a code lock and an MD5 key generated on the source code. A master copy is posted to a publically available site. The software includes a "dashboard" display confirming it's working correctly(2).
2. A hardware platform is agreed upon, likely intel. Sorry Sun, IBM, etc. - nice chipsets but we need to keep the cost down. Certain caveats are allowed, such as no on-board wireless or cameras (which pretty much eliminates most laptops). Mirrored hard drives are worth a thought. Don't forget a heavy-duty UPS with automatic shutdown capability (so the software can shut down gracefully).
3. A secure, open-source, non-proprietary operating system is agreed upon. Sorry Microsoft. Think OpenSolaris, OpenBSD, some linux variant.
4. A compiler is chosen, likely some version of gcc. The source code is provided at the public site.
5. A database platform is selected (if necessary). Likely MySQL assuming Sun/ORACLE can keep an arms-length away. The source code is provided at the public site.
6. File comparison utilities are agreed upon (eg. diff, cmp) and source code provided etc.
7. Scanning and printing hardware is selected (if necessary). Access is provided (either at a location or by purchase/rent) to developers. Source code for drivers is provided at the public site.
8. A methodology is determined for "hardening" the system by removing all extraneous applications, drivers, code libraries, utilities.
9. A disk-wipe methodology is agreed upon and developed. It will run from cd.
10. Early on election day (eg 4 a.m.), election officials and Party scrutineers gather in the secured voting area (a quorum must always be present) and follow a set procedure:
- equipment is uncrated and inspected to confirm it matches the specifications
- diagnostics is run on the equipment to confirm it is functioning correctly and to specifications
- the operating system of choice is installed from media confirmed to be "official" (checksums etc.)
- the operating system is "hardened" (first pass) to provide only the functionality required below
- the source code for the compiler, file comparers, drivers, database and election software is placed on the machine and confirmed (checksums, diffs to the original, hand-inspection)
- the compiler is compiled and confirmed to be functioning correctly
- the file comparison utilities are compiled and confirmed to be functioning correctly
- the encryption software, hardware drivers, database and election software are compiled and confirmed to match specifications (checksums, file sizes, diffs)
- the system is hardened (second pass eg. disable compilers) to provide only functionality required below
- the various software bits are installed, confirmed to be working both stand-alone and in conjunction with each other
- the hardware is tested to confirm it works with the software and to specification
- the system is hardened (third pass eg. disable installers) to provide only functionality below
- the system is set to a state so that it is ready to be used but not actually active (eg. initialize the databases)
- the system is set to active and voting occurs
- the dashboard is checked during the day for problems
- when voting is finished, final printouts occur
- election results are produced and sent by secure method to central repository
- final diagnostics are run to confirm that nothing changed (checksums, executable sizes)
- paper scan ballots are collected and placed in sealed envelopes (see Canada's system for further details)
- the hard drive(s) are removed from the computer and placed in secure storage along with the installation media and any other materials other than the computer itself
----------------footnotes-----------
1. Except for the actual marking of the ballot - that's done behind an inexpensive cardboard screen. When nobody's actually marking ballots, scrutineers or election officials may go back to check nobody's left campaign materials or grafitti.
2. Yes, this could be faked, but the evidence would show up later.