[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Who Tests Voting Machines?

To: "Cvv-Discuss@Coloradovoter. Net" <cvv-discuss@xxxxxxxxxxxxxxxxx>
Subject: Who Tests Voting Machines?
From: "Paul Tiger" <paul.tiger@xxxxxxxxxxxx>
Date: Sun, 30 May 2004 07:18:23 -0600
Delivered-to: mailing list cvv-discuss@coloradovoter.net
Importance: Normal
List-help: <mailto:cvv-discuss-help@coloradovoter.net>
List-post: <mailto:cvv-discuss@coloradovoter.net>
List-subscribe: <mailto:cvv-discuss-subscribe@coloradovoter.net>
List-unsubscribe: <mailto:cvv-discuss-unsubscribe@coloradovoter.net>
Mailing-list: contact cvv-discuss-help@coloradovoter.net; run by ezmlm
Reply-to: <paul.tiger@xxxxxxxxxxxx>

May 30, 2004
MAKING VOTES COUNT (NYT Editorial)
Who Tests Voting Machines?

Whenever questions are raised about the reliability of electronic voting
machines, election officials have a ready response: independent testing.
There is nothing to worry about, they insist, because the software has been
painstakingly reviewed by independent testing authorities to make sure it is
accurate and honest, and then certified by state election officials. But
this process is riddled with problems, including conflicts of interest and a
disturbing lack of transparency. Voters should demand reform, and they
should also keep demanding, as a growing number of Americans are, a
voter-verified paper record of their vote.

Experts have been warning that electronic voting in its current form cannot
be trusted. There is a real danger that elections could be stolen by
nefarious computer code, or that accidental errors could change an
election's outcome. But state officials invariably say that the machines are
tested by federally selected laboratories. The League of Women Voters, in a
paper dismissing calls for voter-verified paper trails, puts its faith in
"the certification and standards process."

But there is, to begin with, a stunning lack of transparency surrounding
this process. Voters have a right to know how voting machine testing is
done. Testing companies disagree, routinely denying government officials and
the public basic information. Kevin Shelley, the California secretary of
state, could not get two companies testing his state's machines to answer
even basic questions. One of them, Wyle Laboratories, refused to tell us
anything about how it tests, or about its testers' credentials. "We don't
discuss our voting machine work," said Dan Reeder, a Wyle spokesman.

Although they are called independent, these labs are selected and paid by
the voting machine companies, not by the government. They can come under
enormous pressure to do reviews quickly, and not to find problems, which
slow things down and create additional costs. Brian Phillips, president of
SysTest Labs, one of three companies that review voting machines, conceded,
"There's going to be the risk of a conflict of interest when you are being
paid by the vendor that you are qualifying product for."

It is difficult to determine what, precisely, the labs do. To ensure there
are no flaws in the software, every line should be scrutinized, but it is
hard to believe this is being done for voting software, which can contain
more than a million lines. Dr. David Dill, a professor of computer science
at Stanford University, calls it "basically an impossible task," and doubts
it is occurring. In any case, he says, "there is no technology that can find
all of the bugs and malicious things in software."

The testing authorities are currently working off 2002 standards that
computer experts say are inadequate. One glaring flaw, notes Rebecca
Mercuri, a Harvard-affiliated computer scientist, is that the standards do
not require examination of any commercial, off-the-shelf software used in
voting machines, even though it can contain flaws that put the integrity of
the whole system in doubt. A study of Maryland's voting machines earlier
this year found that they used Microsoft software that lacked critical
security updates, including one to stop remote attackers from taking over
the machine.

If so-called independent testing were as effective as its supporters claim,
the certified software should work flawlessly. But there have been
disturbing malfunctions. Software that will be used in Miami-Dade County,
Fla., this year was found to have a troubling error: when it performed an
audit of all of the votes cast, it failed to correctly match voting machines
to their corresponding vote totals.

If independent testing were taken seriously, there would be an absolute bar
on using untested and uncertified software. But when it is expedient,
manufacturers and election officials toss aside the rules without telling
the voters. In California, a state audit found that voters in 17 counties
cast votes last fall on machines with uncertified software. When Georgia's
new voting machines were not working weeks before the 2002 election,
uncertified software that was not approved by any laboratory was added to
every machine in the state.

The system requires a complete overhaul. The Election Assistance Commission,
a newly created federal body, has begun a review, but it has been slow to
start, and it is hamstrung by inadequate finances. The commission should
move rapidly to require a system that includes:

Truly independent laboratories. Government, not the voting machine
companies, must pay for the testing and oversee it.

Transparency. Voters should be told how testing is being done, and the
testers' qualifications.

Rigorous standards. These should spell out in detail how software and
hardware are to be tested, and fix deficiencies computer experts have found.

Tough penalties for violations. Voting machine companies and election
officials who try to pass off uncertified software and hardware as certified
should face civil and criminal penalties.

Mandatory backups. Since it is extremely difficult to know that electronic
voting machines will be certified and functional on Election Day, election
officials should be required to have a nonelectronic system available for
use.

None of these are substitutes for the best protection of all: a
voter-verified paper record, either a printed receipt that voters can see
(but not take with them) for touch-screen machines, or the ballot itself for
optical scan machines. These create a hard record of people's votes that can
be compared to the machine totals to make sure the counts are honest. It is
unlikely testing and certification will ever be a complete answer to
concerns about electronic voting, but they certainly are not now.

Follow-Ups:
- Re: Who Tests Voting Machines?
  - From: Lou Puls

Prev by Date: May 27, 2004: New Questions Arise about ES&S Integrity - "audit" loses 162 ballots
Next by Date: FW: LP adds Voter Verified Paper Ballot to the Platform
Previous by thread: May 27, 2004: New Questions Arise about ES&S Integrity - "audit" loses 162 ballots
Next by thread: Re: Who Tests Voting Machines?
Index(es):
- Date
- Thread