(Note:  I'm updating these as I think if new ones - Feel free to blatantly steal and ask your own elected officials any or all of them.  Go for it!)

What is the dollar value of a vote?

Who told you that electronic voting was a good idea?

What advantage does e-voting give that is more important than vote integrity?

Whom do you feel the burden of proof rests upon - elections officials to prove that a system is secure or voters to prove that a system is insecure?  Do your actions mirror this?  If not, why?

Since secret vote-counting is illegal, can you please explain why computer-counted vote tabulation is allowed?

If the mechanism used to perform vote-counting is invisible or done via a computer, please explain how this does not meet the definition of "secret".

Please explain how plugging a tape into a tabulation machine qualifies as a "transparent" or "open" tabulation of votes, when neither the vote numbers or data is visible to the observer.

Please define "encryption" and explain how it aids in the open counting of my vote.

Do you know how to run a cryptographic checksum or hash against system files to verify that the software used is the software that was certified?  If not, how do you propose to prove to the voters that the certified software is what is actually run?

Given that in 17 out of 17 precincts audited in California uncertified versions of software was installed on Diebold DRE machines, why should voters trust that the certified versions of e-voting software is installed?

Since the MIT/CalTech study concluded that DREs are the worst performing solution in every category, please explain their rapid adoption.

How much taxpayer money will HAVA potentially provide to your state to subsidize the adoption of these "blackbox" machines?

What happens when voting machines or tabulation computers get a virus?  What would be the estimated cost to re-perform the election if the vote data were corrupted by malicious software?

Who is more credible on security matters, salespeople or Information Security professionals? Compare and contrast what each party (security people vs salespeople) had to gain by stating their opinions of the security of these systems.

What did every information security professional who has ever looked at these systems say, with the possible exception of those on the payroll of the companies in question who were being paid for a certification? Did they use a meaningful industry standard certification, such as the Common Criteria?

Are you an Information Security expert?  Why do you feel that every Information Security expert who has examined these systems is wrong about the security of these systems?

Do you want our voting system to be resistant to fraud?  Is corruption a problem in our electoral process?

How much money have e-voting companies spent to lobby you in the last five years?

How much time and money has been spent in sales presentations, rollouts, training, and investigations of the resulting problems from e-voting, including today's meeting?

What is the best guess as to how much time and effort a hand-counted paper ballot election would have taken? Compare and contrast with the previous answer.

Given that Canada hand-counted their last parliamentary election in four hours, do you feel that we are saving time by using e-voting systems?

How much faith would your voters place in the results of a hand-counted paper ballot election versus the current results, where according to a recent poll 25% of the American public feels that the 2004 election results are not credible and do not reflect the will of the American people?

From above, is 25% a significant constituency?

How many votes would normally be lost during a hand-counted paper ballot election? Compare that to how many votes were lost in this last election.

Multiply the dollar value of a vote (above) times the number of votes lost - did we save taxpayer money by rolling out these machines?

Given the fact that a recent MIT/CalTech study showed hand-counted paper ballots have the lowest average incidence of spoiled, uncounted, and unmarked ballots, what is the rationale for moving away from this system?

How many people working in concert would it take to "hack" a statewide or national election using paper ballots?

Can paper ballots be manipulated remotely when computers are not used for tabulation?

Can paper ballots be manipulated remotely when computers ARE used for tabulation? (www.chuckherrin.com/hackthevote.htm)

Why don't e-voting manufacturers hold themselves to the same standards that the rest of the IT industry does and use the industry-standard Common Criteria for systems security?

What is more important to the voting process than vote integrity and auditing capability?

Why do the same companies make ATMs and vote machines, yet only ATMs provide a paper trail?

Where we use the Internet for reporting, what happens when the next Code Red, Slammer, Nimda, or other worm takes down Internet service during an election?

What happens when the WINvote system, using 802.11B wireless, is knocked out by someone turning on a microwave oven or a cordless phone, or any other type of Denial of Service attack? When information security professionals recommend against the use of wireless on ANY system that is business or mission-critical, please justify its use in e-voting.

What happens during a power outage where electronic voting is used? If the voting terminals have battery backups, do the vote tabulation machines or the network infrastructure used for reporting?

What is the reason for not returning to hand-counted paper ballots, and why would that not be the right thing to do?

Are politics more important than representation? Is saving face because of a bad decision (adoption of e-voting) more important than restoring integrity to the voting system?

Would voters support a system where they walked into a closet, whispered their vote through a curtain, and walked away, hoping for the best? Please compare and contrast this with e-voting using DREs.

Can you tell me three ways that electronic voting is more secure than hand-counted paper ballots? Please answer keeping in mind that arguments re: human tampering and malfeasance are constants regardless of the voting mechanism used.

Please compare the problems introduced by electronic voting, such as software bugs, vulnerability to remote hacking, intentional backdoors, increased complexity, susceptibility to viruses and worms, hardware failures, increased cost and training requirements, and other problems to the benefits gained by its use and/or problems that e-voting remedies.

Is using the newest technology better than using a proven technology, if it means an increase in cost, complexity, and susceptibility to abuse, while introducing the ability to compromise the system remotely and eliminating audit capability?

What would be the result in the business world if a bank's system were repeatedly demonstrated to be easy to hack, but the officers of the bank continued to rely on these systems, even after the problems were widely known?

What if the bank refused to provide receipts for their transactions? Would their customers have faith that their money is being handled correctly?

What if several of the bank's developers and managers were convicted felons? Would that affect the public's confidence in the bank's code of ethics?

What would happen during the resulting shareholder lawsuits if it were discovered that the bank's officers and board of directors had repeatedly gone directly against the advice of their Information Security experts in adopting these systems, even after serious vulnerabilities were discovered?

Whose priorities do you represent when you go against the advice of security experts and adopt systems whose security defects are well known and have been described as "stunning" and "blinding" by computer scientists who have examined them? Are they the priorities of the voters?

What would be the problem with selling our voting machines to another state and announcing to the public that you are being proactive in protecting the integrity of their vote by going back to paper ballots until a voting machine company meets the normal security standards that are being used by the rest of the IT industry? That's what Missouri is attempting to do (go back to paper ballots), and I'm sure their voters appreciate it.

As a voter, I know I would.

Chuck Herrin, CISSP, CISA, MCSE, CEH