[Shank]

We definitely have seals, but for technical solutions, look at how Apple secures their devices. Signed firmware updates, public key crypto, and a well thought chain of trust solve these issues.

The problem is that the actual poll creation is done on a per county basis. I don't know how you would do this in such a way that every random county an precinct in America could have signing keys, firmware updates, etc., just sitting around ready to roll to build elections with.

[seanwilson]

> The problem is that the actual poll creation is done on a per county basis. I don't know how you would do this in such a way that every random county an precinct in America could have signing keys, firmware updates, etc., just sitting around ready to roll to build elections with.

You mean creating and distributing the keys would be problematic if every county had their own keys? Are there any practical solutions to this?

Couldn't you only have a few keys that are used for many counties and updates should be verified and signed by multiple people? Each county could still verify the contents of the update was correct (e.g. correct names on the ballot).

[erichurkman]

The software/firmware would have its own signing keys. Counties would not have access to it. Counties could only load their specific voting profiles, which would be published similar to certificate transparency logs. The voting machines could display a signature of the ballot data in structured format for public auditing, that way each voter could check the signature (QR code, short generated phrase, etc) against a public record (newspaper, website, fliers printed in advance, etc).

[empath75]

The real problem is that the people buying and making these systems don't really care about security, either out of incompetence or malice.

[TACIXAT]

Sign the firmware and include that data as a configuration file.