Cheryl Kagan, a former Maryland Democratic legislator, was shocked when she opened her mail Wednesday morning.
Inside, she discovered three computer discs. With them was an anonymous letter saying the discs contained the secret source code for vote-counting that could be used to alter the votes cast through Maryland's new electronic voting machines.
"My understanding is that with these disks a malicious person could skew the outcome of an election," Kagan said.
Diebold, the company that makes the voting machines, told ABC News, "These discs do not alter the security of the Diebold touch-screen system in any way," because election workers can set their own passwords.
But ABC News has obtained an independent report commissioned by the state of Maryland and conducted by Science Applications International Corporation revealing that the original Diebold factory passwords are still being used on many voting machines.
The SAIC study also shows myriad other security flaws, including administrative over-ride passwords that cannot be changed by local officials but can be used by hackers or those who have seen the discs.
The report further states that one of the high risks to the system comes if operating code discs are lost, stolen or seen by unauthorized parties -- precisely what seems to have occurred with the discs sent to Kagan, who worries that the incident indicates the secret source code is not that difficult to obtain.
"Certainly, just tweaking a few votes in a couple of states could radically change the outcome of our policies for the coming year," she said.
Computer experts and government officials have voiced serious concerns that if these machines malfunction, no paper record will exist for a recount. Even worse is the fear that an election could be hacked.
Princeton University researchers using an Accuvote TS -- a touch screen version of the Diebold machine -- showed how easy it would be to deploy a virus that would, in seconds, flip the vote of any election.
"We're taking the vote-counting process and we're handing it over to these companies -- and we don't know what happens inside these machines," said Edward Felten, a professor and a researcher at Princeton's Center for Information Technology Policy, which ran the study.
Diebold called the Princeton study "unrealistic and inaccurate."
But many computer scientists, including cyber-security expert Stephen Spoonamore, disagree, pointing out that the Accuvote TS was used in the 2004 presidential election and is still used in at least four states -- including all machines in Georgia and Maryland. Spoonamore said the hack attacked the operating system layer of software and would affect any touch screen machine built by Diebold.
Diebold argues that the software from the 2004 elections has been updated to fix any possible security problems. But Spoonamore is not convinced, saying Diebold's "system is utterly unsecured. The entire cyber-security community is begging them to come back to reality and secure our nation's voting."
There is also the matter of computer glitches. In primary elections and test runs this year, there were glitches with electronic voting machines from Diebold and other companies.
Machines malfunctioned in Texas, where 100,000 votes were added.
In California, directions for voters with vision problems came out in Vietnamese.
And in Maryland, screens froze and memory cards went missing.