Comment by Aimee Schmidt (Voter)

As an experienced software quality assurance engineer I know how easy it would be to program a routine that would alter the vote as cast yet print, either on screen or on paper, the selection as cast. I have not seen a protocol within this document that addresses this fundamental vulnerability. Software errors and system malfunctions certainly shouldn't alter the vote as cast, which is addressed here, but as I read the language there is no "chain of custody" to prevent either a hacker or the code's developer from altering the code AFTER it's audit/inspection and BEFORE its use in voting machines. The voting tally machine must also be off the network so that viruses cannot be introduced that can alter the votes between the time the verification printout is received by the voter and total votes are tallied on a central computer. Encryption may be able to prevent this if the data must be transmitted across the wire.