[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

article in Roll Call, on Election Assistance Commission

To: "CFVI Attendes" <attendees@xxxxxxx>, cvv-discuss@xxxxxxxxxxxxxxxxx
Subject: article in Roll Call, on Election Assistance Commission
From: "Margit Johansson" <margitjo@xxxxxxxxx>
Date: Mon, 22 Jan 2007 10:14:28 -0700
Delivered-to: mailing list cvv-discuss@xxxxxxxxxxxxxxxxx
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=G5j4w5P1la5dFxiDKz/RNm37kKFs0PSniCLfIMwnhPGz1BuqfljjdgQ+XXtaqPidFwiZp4nYzHXMAieTGFOw5eGPl9MTLkNDNpVNVdu8bXswHEz5fMArWAKniJ18iPAxnUkVxXlJ7Z2FdVUkOyuZjVocE3uwmTcinLw7JMYipLo=
List-help: <mailto:cvv-discuss-help@coloradovoter.net>
List-post: <mailto:cvv-discuss@coloradovoter.net>
List-subscribe: <mailto:cvv-discuss-subscribe@coloradovoter.net>
List-unsubscribe: <mailto:cvv-discuss-unsubscribe@coloradovoter.net>
Mailing-list: contact cvv-discuss-help@xxxxxxxxxxxxxxxxx; run by ezmlm

http://www.rollcall.com/issues/52_66/guest/16640-1.html

## Unlike Ballots, EAC Shouldn't Be Secretive

*By Aaron Burstein and Joseph Lorenzo Hall, Special to Roll Call*
January 22, 2007

The Election Assistance Commission has some explaining to do. The
secrecy that pervades the EAC, which oversees testing and
certification of voting systems, holds dire consequences for our
electoral system. Both chambers of Congress need to work to dispel
this culture of secrecy.

A recent case illustrates why secrecy is a fundamental problem at the
EAC. Last summer the EAC prohibited a lab run by Ciber Inc. from
testing new voting systems due to inadequate test plans and
documentation. Nonetheless, the voting systems that Ciber previously
has tested remained certified and were used in elections in November.
The EAC has not disclosed which voting systems Ciber tested using
faulty procedures, but according to our calculations, nearly 70
percent of registered voters in the 2006 general elections voted on
equipment qualified by Ciber. This was no small misstep.

While Senate Rules and Administration Chairwoman Dianne Feinstein
(D-Calif.) took a step in the right direction by sending a written
demand for information from the EAC about its handling of Ciber, she
and others must ensure that the commission stops protecting vendors,
test labs and itself from public scrutiny.

To get a sense of the EAC's lack of forthrightness, consider that the
public and voting officials learned of the Ciber de-accreditation not
from the EAC last summer, but from The New York Times two weeks ago.
The EAC kept its action against Ciber secret for many months,
breaching the trust of the public and election officials.

Secrecy is pervasive in voting system development and testing. As one
test lab representative testified before the EAC in October, their
procedures must be kept secret because their clients — voting system
vendors — require confidentiality and "own" the test results. Though
this secrecy might protect some proprietary information, or prevent
embarrassing information from coming to light, it is inimical to
proper oversight of the election system.

Last month, when the EAC adopted its new testing and certification
policy, it left the major elements of voting system testing secrecy in
place. For example, the EAC's new policy will continue to allow voting
system manufacturers to select, pay and communicate confidentially
with test labs, thus diminishing the labs' independence. Under its new
rules, the EAC will not receive manufacturers' technical data
packages, which are documents crucial to understanding a voting
system. It is unclear why this rule exists, aside from the likelihood
that it places these data beyond the reach of the Freedom of
Information Act.

In addition, the EAC failed to ensure that election officials, as well
as the public, can assess the sufficiency of the test labs' work.
Under its new policy, the EAC will publish test labs' reports about
systems that gain certification. The EAC, however, will not publish
the details about what a lab did to test a system, the so-called test
plan. Keeping the test plan secret will make it difficult for anyone
other than the EAC, the labs and the vendors to judge the conclusions
presented in the report. As the experience with Ciber shows, knowing
how a test lab evaluates a voting system is just as important as
knowing what conclusions the lab reaches.

This secrecy works against voting integrity. Test labs, after all, are
charged with determining whether voting systems satisfy standards, all
of which are public. Test plans simply put the rubber to the road, and
the system benefits by having a common understanding of what kinds of
tests are sufficiently rigorous. Keeping this information secret only
protects labs with lax procedures. Greater transparency, on the other
hand, would encourage all test labs to develop more rigorous
procedures.

Where to go from here? The EAC must begin by disclosing to Congress
and the public the information that led it to leave Ciber out of the
testing process. Going forward, Congress should ensure that the EAC
re-examines the parts of its testing and certification policy that
protect sloppy testing practices. Publishing all test plans — whether
approved or not — is a place to start. In addition, the EAC should
publish all test reports, which summarize the labs' findings after
testing. Publishing test reports only for certified systems will leave
everyone other than the manufacturers, the labs and the EAC guessing
about what kinds of defects make a voting system unacceptable for use
in elections.

It is exceedingly important to clear up the past and allow more public
review in the future. Many states rely on federal certification and
need to know what this mark of approval means and that it can be
relied upon. Also, partly in response to a lack of information about
federal testing, some states have established their own testing
programs. A world of multiple certification programs driven by a lack
of trust in the federal system is inefficient and extremely costly to
the states, which already are strapped for funds to run elections. The
EAC controls the information about federal testing and thus bears the
burden of demonstrating it is thorough and rigorous. The EAC shouldn't
make states pay the price for its failure to meet this burden.

It is regrettable that the EAC announced its new testing and
certification policy while keeping secret its refusal to accredit
Ciber. If the de-accreditation of Ciber had been public knowledge,
there would have been pressure on the EAC to strengthen its policy to
prevent a repeat of this event. Instead, the EAC withheld important
information that would have shaped the public's and election
officials' views of the adequacy of its policy. The EAC has the power
to set the record straight and to change its policy. Congress should
ensure that this happens. Secrecy isn't working for the EAC or
democracy — and there is no reason to think it will in the future.

Aaron Burstein is a research fellow in the Samuelson Law, Technology &
Public Policy Clinic and Berkeley Center for Technology at the
University of California at Berkeley School of Law. Joseph Lorenzo
Hall is a Ph.D. candidate in the School of Information at the
University of California at Berkeley. Both authors receive funding
from the National Science Foundation through ACCURATE (A Center for
Correct, Usable, Reliable, Auditable, and Transparent Elections,
funded by the National Science Foundation).

Copyright 2007 (c) Roll Call Inc. All rights reserved.

--
Joseph Lorenzo Hall
PhD Student, UC Berkeley, School of Information
<http://josephhall.org/>

_______________________________________________

Prev by Date: RE: Punchscan, what is it?
Next by Date: Scoop article inaccurate
Previous by thread: RE: Punchscan, what is it?
Next by thread: Scoop article inaccurate
Index(es):
- Date
- Thread