...When I feed my marked ballot into an optical scanner, I do not want the optical scanner to have the ability to fill in more bubbles on my ballot! The whole purpose of the paper ballots, and the human-inspection random audits, and the human-inspection recounts, is to guard against the possibility that a hacker installed cheating software into the voting machine. If the cheating software can mark my ballot, after the last time I can inspect it, then the ballot seen by the recount team is not the same as I marked it.
This appears to be an elementary security-design mistake. Security design isn’t easy! A good security designer has to be able to think adversarially, to understand the threat model, to understand how the software could subvert the hardware. In this case, the threat is:
- Hacker exploits a security vulnerability of the ImageCast voting machine or on the election-administration laptop computer that prepares ballot files. For example, the ImageCast has several USB ports, and USB is notoriously insecure.
- Hacker uses this vulnerability to install additional software on the ImageCast, that fills in additional ovals on the op-scan ballot, after the voter has inserted it for scanning. For extra credit, don’t perfectly fill in the ovals like a BMD normally would; instead, mimic the style that the voter has used with a pen. For double-extra-credit, do this only when the scanner detects that the voter has used a similar color pen to the ink-jet cartridge in the BMD’s printer. For triple-extra-credit, only fill in ovals in races where the voter hasn’t already marked a vote, this avoids overvotes that would draw attention to the paper ballot during an audit or recount....
(Italics in original)
Note added on March 5, 2019: This machine has a “permission to cheat” mode just like the ES&S ExpressVote.
(bold in original)
Dominion systems were rejected by the State of Texas for their security problems, and Sidney Powell's team has sworn testimony from I.T. people and poll workers questioning not only USB usage but the internet-connection of those machines.
Notable: it appears that Dominion machines do NOT create a clear audit trail.
For purposes of stealing elections, these are features, not bugs.