Such exploits have not gone unnoticed. States rushed to adopt e-voting machines after the contentious 2000 presidential vote recount in Florida, but now they are backpedaling. All but 17 have already mandated a return to paper ballots or paper verification for e-voting, including electronic optical scan or other equipment. Other states, like Florida, have gotten rid of most, but not quite all, paperless voting machines. Yet other battleground states, like Pennsylvania and Virginia, continue to use the vulnerable machines widely.
Some of the security improvements states are taking are obvious. In past years, poll workers were sometimes sent home with voting machines they were to set up the next day. But because access to a machine for even a minute can be enough to modify software, these "sleepover" practices have been largely abandoned, voting machine experts say.
Moreover, machines once sitting unmonitored in school gymnasium closets are today stored in locked rooms with surveillance equipment watching them, say officials in some states. Local officials also conduct pre- and postelection audits to check the accuracy of machines.
Colorado, which still uses paperless e-voting machines in Jefferson County, is among the states stepping up its protocols to make sure all its machines remain secure.
"Our machines are not connected to networks," says Andrew Cole, a spokesman for the Colorado Secretary of State's office. "They're sealed. The logs are sealed. There's a chain of custody requirement. We know when our office or county clerk installed the software, when it was sealed, and these machines are kept in places where they're monitored by video. Without those rules you could say they would be vulnerable. But we have safeguards in place to eliminate those vulnerabilities."
Manufacturers, too, see big security improvements.