I don't want to get into a political battle about voting technology, but there is a valuable infosec lesson to be learned by some recent conclusions. Basically, the group "Black Box Voting" sued Palm Beach county in FL to get the logs from their voting machines for the 2004 presidential election. They have now obtained said logs. There are numerous anomolies in the logs, which bring into question the validity of the vote.

The lesson here is two-fold. First, it is imperative that one have visibility into the operations of any system performing mission critical work. This is illustrated especially clearly in the case of public systems, but applies to enterprise networks. If your system is being managed by someone else, someone who is getting paid for the operation of that system, then they have no motivation ot advertise potential problems to you.

The second lesson is about understanding error messages. Some of the messages received from these machines ranged were:

SyErr 23: RC/AT Verify
Simulation not sim task
Card encryption bad
EEPROM failure
"Card Stuck" error

Some of these errors are fairly obvious. We can all imagine what "Card Stuck" means, but I'm just not clear what "RC/AT Verify" might be. It's a simple lesson: data is not information. In order to act upon any of these error conditions, you must both know about them, and know what they mean.

Tools cannot replace expertise, especially when something goes wrong.