[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CO lab Ciber disqualified

To: attendees <attendees@xxxxxxx>, cvv-discuss@xxxxxxxxxxxxxxxxx
Subject: CO lab Ciber disqualified
From: "Margit Johansson" <margitjo@xxxxxxxxx>
Date: Thu, 4 Jan 2007 15:12:30 -0700
Delivered-to: mailing list cvv-discuss@xxxxxxxxxxxxxxxxx
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type; b=ZVY5nWbxAv0LtpEDSudjI3XgU1waPifpP4LY8RQQcue/vB/dSAfzBflqRlrI3BwWRFkd3SGcu2TPpSMeoqoTFMao3Yn0idJJaE/1/D1aHYY3tR5HY4O7wOPy7VjW/dDMr083qvkT3obmMhSw2/tJzk3WxV4aomd+WW5E8avXn5Q=
List-help: <mailto:cvv-discuss-help@coloradovoter.net>
List-post: <mailto:cvv-discuss@coloradovoter.net>
List-subscribe: <mailto:cvv-discuss-subscribe@coloradovoter.net>
List-unsubscribe: <mailto:cvv-discuss-unsubscribe@coloradovoter.net>
Mailing-list: contact cvv-discuss-help@xxxxxxxxxxxxxxxxx; run by ezmlm

http://www.nytimes.com/2007/01/04/washington/04voting.html

The New York Times
January 4, 2007

U.S. Bars Lab From Testing Electronic Voting
By CHRISTOPHER DREW

A laboratory that has tested most of the nation's electronic voting
systems has been temporarily barred from approving new machines after
federal officials found that it was not following its quality-control
procedures and could not document that it was conducting all the
required tests.

The company, Ciber Inc. of Greenwood Village, Colo., has also come
under fire from analysts hired by New York State over its plans to
test new voting machines for the state. New York could eventually
spend $200 million to replace its aging lever devices.

Experts on voting systems say the Ciber problems underscore
longstanding worries about lax inspections in the secretive world of
voting-machine testing. The action by the federal Election Assistance
Commission seems certain to fan growing concerns about the reliability
and security of the devices.

The commission acted last summer, but the problem was not disclosed
then. Officials at the commission and Ciber confirmed the action in
recent interviews.

Ciber, the largest tester of the nation's voting machine software,
says it is fixing its problems and expects to gain certification soon.

Experts say the deficiencies of the laboratory suggest that crucial
features like the vote-counting software and security against hacking
may not have been thoroughly tested on many machines now in use.

"What's scary is that we've been using systems in elections that Ciber
had certified, and this calls into question those systems that they
tested," said Aviel D. Rubin, a computer science professor at Johns
Hopkins.

Professor Rubin said that although some software bugs had shown up
quickly, in other instances "you might have to use the systems for a
while before something happens."

Officials at the commission and other election experts said it was
essential for a laboratory to follow its quality-control procedures
and document all its testing processes to instill confidence in the
results.

Commission officials said that they were evaluating the overall
diligence of the laboratory and that they did not try to determine
whether its weaknesses had contributed to problems with specific
machines.

Computer scientists have shown that some electronic machines now in
use are vulnerable to hacking. Some scientists caution that even a
simple software error could affect thousands of votes.

In various places, elections have been complicated by machines that
did not start, flipped votes from one candidate to another or had
trouble tallying the votes.

Until recently, the laboratories that test voting software and
hardware have operated without federal scrutiny. Even though
Washington and the states have spent billions to install the new
technologies, the machine manufacturers have always paid for the tests
that assess how well they work, and little has been disclosed about
any flaws that were discovered.

As soon as federal officials began a new oversight program in July,
they detected the problems with Ciber. The commission held up its
application for interim accreditation, thus barring Ciber from
approving new voting systems in most states.

Ciber, a large information technology company, also has a $3 million
contract to help New York test proposed systems from six
manufacturers. Nystec, a consulting firm in Rome, N.Y., that the state
hired, filed a report in late September criticizing Ciber for creating
a plan to test the software security that "did not specify any test
methods or procedures for the majority of the requirements." The
report said the plan did not detail how Ciber would look for bugs in
the computer code or check hacking defenses.

A spokeswoman for Ciber, Diane C. Stoner, said that the company
believed that it had addressed all the problems and that it expected
to receive its initial federal accreditation this month. Federal
officials said they were evaluating the changes the company had made.

Ms. Stoner said in a statement that although the Election Assistance
Commission had found deficiencies, they "were not because Ciber
provided incomplete, inaccurate or flawed testing, but because we did
not document to the E.A.C.'s liking all of the testing that we were
performing."

She added that the test plan cited in New York was just a draft and
that Ciber had been working with Nystec to ensure additional security
testing.

The co-chairman of the New York State Board of Elections, Douglas A.
Kellner, said Ciber had tightened its testing. But Mr. Kellner said
yesterday that Nystec and Ciber continued to haggle over the scope of
the security testing.

New York is one of the last states to upgrade its machines, and it
also has created some of the strictest standards for them. Mr. Kellner
said only two of the six bidders, Diebold Election Systems and Liberty
Election Systems, seemed close to meeting all the requirements.

Besides Ciber, two other companies, SysTest Labs of Denver and Wyle
Laboratories, in El Segundo, Calif., test electronic voting machines.
Ciber, which has been testing the machines since 1997, checks just
software. Wyle examines hardware, and SysTest can look at both.

The chairman of the Election Assistance Commission, Paul S.
DeGregorio, said SysTest and Wyle received interim accreditations last
summer. Mr. DeGregorio said two other laboratories had also applied to
enter the field.

Congress required greater federal oversight when it passed the Help
America Vote Act of 2002. Since then, the government also put up more
than $3 billion to help states and localities buy electronic machines,
to avoid a repeat of the hanging punch-card chads that caused such
confusion in the 2000 presidential election.

The commission was never given a substantial budget, and it did not
finish creating the oversight program until last month. Until then,
the laboratories had been at the heart of the system to evaluate
voting machines, a system that seemed oddly cobbled together.

While the federal government created standards for the machines, most
of the states enacted laws to make them binding. The states also
monitored the testing, and much of that work was left to a handful of
current and former state election officials who volunteered their
time.

As a result, voting rights advocates and other critics have long been
concerned about potential conflicts of interest, because the
manufacturers hire the laboratories and largely try to ensure
confidentiality.

Michael I. Shamos, a computer scientist who examines voting machines
for Pennsylvania, said about half had significant defects that the
laboratories should have caught.

Besides certifying the laboratories, the Election Assistance
Commission will have three staff members and eight part-time
technicians to approve test plans for each system and check the
results. The manufacturers will be required to report mechanical
breakdowns and botched tallies, and Mr. DeGregorio said those reports
would be on the agency's Web site.

Dr. Shamos said, "This is not the sea change that was needed."

He said he was disappointed that the commission had hired some of the
same people involved in the states' monitoring program and that it
never announced it had found problems with Ciber operations.

Dr. Rubin of Johns Hopkins said the laboratories should be required to
hire teams of hackers to ferret out software vulnerabilities.

And the laboratories will still be paid by the voting machine
companies, though a bill now in Congress could change that to
government financing.

A recent appearance in Sarasota, Fla., by the SysTest Labs president,
Brian T. Phillips, also raised eyebrows. After a Congressional
election in the Sarasota area ended in a recount last month, the
victorious Republican candidate hired Mr. Phillips as a consultant to
monitor the state's examination of whether there had been a
malfunction in the voting machines.

Several critics questioned whether Mr. Phillips should have taken such
work, either because of its partisan nature or because it represented
such a public defense of the industry.

Mr. Phillips said he did not see any conflict because his laboratory
had not tested the software used in Sarasota. And the project does not
appear to have violated the ethics rules of the election commission.

Ian Urbina contributed reporting.

Prev by Date: Re: Humboldt County plans to make ballot images public
Next by Date: article from "In These Times" on 2004 election and exit polls, etc.
Previous by thread: Holt bill amendments - Black Box Voting "Request by Voters"
Next by thread: Re: CO lab Ciber disqualified
Index(es):
- Date
- Thread