Wired on Friday: The California recall starred more than a few newcomers to the state's political scene, but perhaps the most significant was the fresh face that greeted voters in Alameda county, just across the bay from Silicon Valley.
Voters in this and three other counties voted by using new touch-screen voting machines, powered by a modern PC and recording their votes on memory cards. It's a first for California, which joined a nationwide rush to move from punched cards to new voting technology after the recent electoral unpleasantness in Florida.
For a technology-loving state, however, it's notable how many computing experts here have counselled caution on the introduction of these new high-tech solutions to the vote-counting problem. Where others see a more streamlined system, computer security experts see fragile new vulnerabilities.
Many would agree with Mr Bruce Schneier, an expert in the field, that increasing the complexity of a system can often make it more insecure. Mr Schneier writes in his latest book, Beyond Fear: "As a security professional, I think complexity is terrifying... As systems continue to get more complex, they will continue to get less secure."
The leap in complexity heralded with these new voting machines is considerable, skipping over 100 years of technology from punched cards (invented in 1880 to analyse the US census) to the world of smart cards, touch-screens and Microsoft Access databases.
But security professionals can also be absolutist. Current voting systems have their own flaws. I remember the shock that rolled through a computer security mailing list I read when they discovered that British ballots have serial numbers printed on them. Couldn't they be used to track voters, the experts theorised?
Someone with knowledge confirmed that not only could they be used in this way but that was their purpose. The serial numbers were tallied, with voters' names, in ledgers at the voting centre. In the event of fraud, investigators could cross-reference ballots with the ledger, and find out who had voted.
Even the simplest ballots are not perfectly secure. But those serial numbers and any number of less-disturbing features of the older systems, serve a purpose: they preserve a record. Records allow tampering to be detected. If somebody gets up to no good with those serial numbers, they must steal (or laboriously copy) those physical ledgers and ballots. Not easy to do.
In the digital world, copying, stealing and even modifying data is trivial. And no records can be left - or if they can, those records are just as easy to alter or remove. If digital voting machines like the Alameda touch-screen units provide advantages, their single crippling weakness is this lack of auditability. It makes every security weakness much, much worse.
That's why, since electronic voting machines were first suggested, computer security experts have argued for non-digital back-up. When you make your vote, they say, a copy of your decision should be printed onto a good old-fashioned piece of paper, displayed for you to check, and then (with your consent), dropped into a sealed ballot box.
The printed ballots are not counted, but do provide a permanent, inviolable record of your choice. It's like a cash-machine that provides a receipt (although you won't be allowed to walk away with your vote. Experience with less-than-perfect elections shows that vote-buyers and intimidating canvassers appreciate seeing a receipt of your "correct" vote as much as the voter.)
Without a paper trail, recounts and investigation after the fact are effectively impossible. Yet voting machine companies have been strongly lobbying standards groups to drop the paper requirement - or even actively forbid it. It took an outright rebellion by the members of the Institute of Electrical and Electronics Engineers, for instance, to prevent their own standards committees from accepting non-audited voting machines as the recommended model.
The boxes in Alameda lack this feature. They lack other forms of accountability too. The company that makes them, Diebold, is secretive about the security system it uses, and the software that drives the machines.
It's almost an article of faith among IT security types that in order to guarantee security, you need to examine the original source code of the programs running on the voting machines. Diebold argues that point, saying that their security relies on their protected intellectual property.
That discussion proved moot when Diebold, in a security breach of its own, accidentally left its code publicly accessible on the internet.
Security analysts poured over the code and pointed out several flaws that would, among other goofs, allow a single engineer to turn every vote for, say, Arnold Schwarzenegger into one that would be registered for, say, Larry Flynt. Diebold says the software the analysts examined is different from those running on real voting machines.
But Mr Kim Zetter, from website Wired News, found real voting machine supervisors confused about how to operate the machines during the California recall. To protect against tampering, for instance, the Alameda machines were locked with simple bicycle locks. Every lock at every polling station used the same combination.
No-one is suggesting that the votes in California have been rigged, or that Diebold has deliberately introduced weaknesses into their machines for nefarious reasons. Internal memos leaked from the company earlier this year instead confirm what any technologist in the Valley will tell you. When you're getting something as complex as a modern voting machine out of the door and into the marketplace, you sometimes have to compromise - even on security.
But for something as important as an election, those compromises have to be revealed and discussed in public, not thrashed out behind closed standards committees or discussed only in internal emails. The rumours and conspiracy theories over voting machines is growing, and will only get worse if the atmosphere is filled with simple security errors and revelation by leaked emails and files.
It's not that our elections have to be beyond corruption - any system can be broken, given enough malicious intent on behalf of the adversary. We have to depend on the morals of our officials far more than the inviolability of our machines.
But the system's foundations have to be beyond reasonable doubt for more than just preventing real fraud. An election result is like Caesar's wife - it needs to be above suspicion. A stuffed ballot box is still unlikely in California, or anywhere else in the US. But the prospect of endless lawsuits over potentially flawed - and uncheckable - tallies seems a rather more familiar scenario here in this litigious state and in these contentious times.
