You've missed the point. Secret ballots protect each voter from reprisal for their vote. Given the heated political environment these days, I'm pretty certain that if your suggestion were followed, there would be post-election reprisals, ranging from discrimination to criminal acts.

The point is not that Diebold sold the division making the Accuvote TS. The point is that thousands of these are deployed and in use, and therefore the vulnerability is real and has an impact on the 2012 elections. Comment fail.

I'm an election judge, and I forwarded this to my county Board of Elections, with a note recommending we need to conduct a machine inspection, along with a review of how the machines are physically secured. Once the machines are fielded to the polls, usually days before the election, we need to find a way to seal them at the poll until they are used. On the subject of DRE versus other methods of vote registration/counting, I agree that DRE is still an inherently un-secure technology, but my county/state made a massive investment, and cannot afford to replace them. The best thing we can do as poll workers is to take whatever steps needed to reassure the voting public their vote is accurately recorded and secure from tampering at the poll. We have no control beyond that.

I had to take some time to consider this. I believe you're correct, and that in the long run, it will come out. Timing and context will affect as well. Thank you for your help.

that SSL was found to be compromised several months back (At least in the case of 128-bit AES). Or is that no longer the case?

I dithered over this one. Seriously. I'm in very bad shape financially. I have spent most of my life helping others. I ultimately selected right a wrong, but I wavered between that and go back a few years and invest in something. I have held the belief that helping others would be repaid in good karma, but it's harder and harder to believe that. It certainly hasn't been financially rewarding. I haven't had a full-time job in 2 years. I'm almost 50, and my age certainly hasn't helped me in the IT job market. I lopped 15 years off of my 30-year career and that hasn't helped. I realize I'm whingeing, but finding myself making a hard choice over a Slashdot survey (for Ghod's sake!) has revealed to me the depth of my emotional turmoil. I don't _want_ to be a selfish asshole, but is that really going to be the only way to survive?

Do want post-industrial punk sheep!

I take your point, but frankly, anyone who connects command & control system to an external network, let alone The Internet is just asking for trouble. I can see remote access out-of-band, using dialback and caller ID screening. Also, we cannot let ourselves get stampeded into more regulation by fearmongering like this. Folks who take the time to think about it will realize that this rapidly becomes a game of diminishing returns. If you think the budget deficit's big now, just wait until we add a new agency, and regulations for them to enforce. I might add that we are going to trust the Fed to get it right, and these are the people who could not get systems implemented for the IRS, the FAA, etc. Need I go on? Ah, but I hear you say, they can hire some of the best and brightest consultants in the business! Sure, but they've done that before as well. How's that new FBI case management system working out for ya, Sparky?

Speak for yourself. I'm a /.er who bitches, moans, and runs two private networks, the one at work, and the one at home. I agree that the government cannot be trusted to be impartial, but I also agree that cooperative action must be taken to forestall a network issue. Perhaps the best way to handle this would be a mutual cooperation agreement between the upstream ISP, and the private network admin. That would be sufficient for most problems. Since the Internet is non-deterministic, anything widespread enough to require a national response is going to have probably brought down the net anyway. Top-tier ISPs, (if they don't already) should have co-op agreements in place. This means that the fed only has to coordinate with the Tier 1 ISPs on national/international issues. I would also point out that the government cannot (and in many cases will not,) act to preserve data that it considers irrelevant to it's current concerns.