[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Ciber and NY State Board of Elections

To: "CFVI Attendes" <attendees@xxxxxxx>, cvv-discuss@xxxxxxxxxxxxxxxxx
Subject: Ciber and NY State Board of Elections
From: "Margit Johansson" <margitjo@xxxxxxxxx>
Date: Wed, 24 Jan 2007 21:23:38 -0700
Delivered-to: mailing list cvv-discuss@xxxxxxxxxxxxxxxxx
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=BuZPn4njnHLTG2GXe4y3cMZvDExv+MG+FlDRm6ATOi1aiL6HCj7bU/1tcAVRJte0xruoCG0/EEU9OtFrh4P3g0QPlsTAZGsxzZuQBjLRhoLILQYmOf5fXrKQK8ecc2XbMfCGWZqJCf6AcT6ieolodfBJX5NHx8q6/zj7wga29ls=
List-help: <mailto:cvv-discuss-help@coloradovoter.net>
List-post: <mailto:cvv-discuss@coloradovoter.net>
List-subscribe: <mailto:cvv-discuss-subscribe@coloradovoter.net>
List-unsubscribe: <mailto:cvv-discuss-unsubscribe@coloradovoter.net>
Mailing-list: contact cvv-discuss-help@xxxxxxxxxxxxxxxxx; run by ezmlm

from Bo Lipari <bolipari@xxxxxxxx

At the New York State Board of Elections meeting on January 23, 2007
Commissioners Kellner and Aquila came out strongly for issuing a subpoena to
the EAC and Ciber to force them to give up any information and paper work
they have related to Ciber's failure to be accredited. This has resulted
from Ciber and the EAC's refusal thus far to offer any information to the
State of New York about the problems reported by the New York Times. As I've
reported earlier, the State Board had told Ciber earlier this month to
officially halt New York's certification testing until the situation is
clarified. Unfortunately, Commissioner Helena Donohue would not support
issuing a subpoena this week, asking instead that the Board give Ciber until
the next Commissioner's meeting in two weeks.

Ciber has further shown their indifference to full disclosure - they
recently claimed proprietary confidentiality rights on a four page document
they presented to the State Board concerning their interpretation of the
COTS software testing requirements, another point where New York State is
demanding strict compliance to regulations.

Voting integrity advocates have long called attention to the fact that the
so-called "Independent Testing Authorities" are neither independent, conduct
rigorous tests, or are in any sense of the word authorities. Rather, they
have operated in a closed loop system with the voting machine vendors, and
have used the lack of independent oversight to give us the sham that is our
country's voting machine testing process. But here in New York State, Ciber
is working not for the vendors, but for citizens. And Ciber has consistently
shown that they are incapable of providing the level of competency we
demand. New York State, by requiring compliance with the highest current
standards and through the oversight of a truly independent security review
team, has exposed the dirty little secret of the voting machine vendors and
the testing labs - their shoddy work does not serve the interests of voters
or the public good.

New York State Commissioner Douglas Kellner has issued an email to the
public detailing much of what New York has found out. His outrage at the
failures of Ciber and the EAC to provide essential information to New York
are evident, and at yesterday's meeting he announced that New York must
consider immediately terminating Ciber's contract. I concur with
Commissioner Kellner when he concludes:

"New York should take a stand to end the veil of secrecy that shrouds the
testing process."

The voting machine vendors and testing agencies have had the run of things
too long. It's time for a change.

You may distribute this message.

-Bo Lipari
Executive Director
New Yorkers for Verified Voting


_____

From: Doug Kellner
Sent: Wednesday, January 24, 2007 12:46 AM
Subject: New York, Ciber and the EAC


On January 4, 2007,  the New York State Board of Elections voted to suspend
Ciber from further testing of voting systems submitted to the New York State
board for certification pending a thorough review of Ciber's accreditation
status.  We also addressed requests to both the Election Assistance
Commission and to Ciber for all of the relevant documents and reports
concerning Ciber's application to the EAC for accreditation as a testing
laboratory.

Much to our surprise (well, maybe I'm not really surprised), EAC has still
not provided any of the background documentation that we have requested.
While giving lip service acknowledgement of our request, Tom Wilkey, now
Executive Director of the US EAC and former Executive Director of the New
York State Board of Elections, has completely stonewalled us.  The New York
State board felt compelled to make a formal Freedom of Information Act
request.  Mr. Wilkey's only response so far is that the EAC is reviewing the
issue and is deciding how to respond.

This failure to provide relevant information to a state agency, the first in
the country to require testing to the 2005 standards, is truly outrageous
and scandalous.  Not only does it further delay New York's efforts to come
into compliance with the Help America Vote Act, it seriously prejudices the
five voting system vendors who have made such a substantial investment in
trying to obtain certification to the rigorous standards set by New York.
In addition to requiring compliance with VVSG 2005, New York law requires a
voter verifiable paper audit trail, prohibits devices or functionality
potentially capable of internet, radio or wireless data communication,
requires escrow of all software including source codes and authorizes
disclosure in court proceedings; our regulations require full disclosure of
all political contributions by vendors and their executives and set several
other standards that are more rigorous than the VVSG.

While there is general agreement at the New York State Board that we should
be looking to the EAC to assist and guide us in our investigation,  we also
made a formal request to Ciber for the same information.  After all, they do
hold a $3 million contract from our agency.  There has been nothing but
similar stonewalling from Ciber.  Ciber's last communication regarding our
information request was that they were trying to co-ordinate a response with
the EAC.

What's going on here?  Both the EAC and the unaccredited testing lab are
refusing to open the curtain that hides their soiled laundry. Co-ordination
of the response suggests that we are only going to receive a laundered
version of the facts.

I have also become increasingly annoyed with Ciber's use of the label
"confidential competition-sensitive" on reports that they have prepared for
our agency at our expense.  You may recall that in November I circulated for
comments Ciber's first draft of their report to explain New York's
interpretation of the exceptions to the exemption from testing of Commercial
Off the Shelf (COTS)software that is used in the voting machine itself as
opposed to election management software that does not generate code used in
the actual voting process.  (Yes, "exception to the exemption" is a double
negative that means that the COTS source code must be tested in those
cases.)

Ciber was apparently miffed that I dared to subject the advice that they
furnished to New York to public scrutiny.  They added the "confidential
competition sensitive" label to the second draft.  I objected and requested
that they remove the label. Ciber said they'd think about it, but ignored my
request.  When I received the final document that had been approved by both
Ciber and our independent security review consultants, New York State
Technical Enterprise Corp. (NYSTEC), I insisted that I be allowed to make
the document public.  Ciber balked.  When I renewed what had become demands,
Ciber's attorney-yes their attorney-revised the technical report that the
"experts" at Ciber and NYSTEC had determined to be final and said that he
would not object to release of that report.  (I have distributed that
report, known as COTS Testing Version 4 to many).  I then asked for an
explanation why Version 3, the "final" report was still labeled
confidential.  I also gave formal notice that I would ask the commissioners
to release the report.  Last night Ciber's in-house attorney wrote me that
he agreed that there was nothing in the "final" report that was properly
labeled competition sensitive.  The New York commissioners voted the make
the Version 3 "final" COTS report public today.  I will send copies of
Version 3 to the technical blogs and anyone else who requests it.  I am
still distressed, however, at Ciber's efforts to stiffle discussion of the
issue by improperly claiming confidentiality.

At today's meeting of the New York State elections commissioners, while
everyone deplored the stonewalling by EALC and Ciber, I requested authority
to issue a subpoena to Ciber for all of the documents that we have
requested.  Republican Commissioner Helena Donohue blocked the subpoena by
arguing that we should give Ciber additional time to respond to our request
voluntarily. She said that she would reconsider issuing a subpoena at our
next meeting scheduled for February 7.

In view of the collaboration between the EAC and Ciber, I am determined that
we should not accept partial disclosure.  New York should take a stand to
end the veil of secrecy that shrouds the testing process.

Douglas A. Kellner
Co-Chair
New York State Board of Elections

Prev by Date: Re: Rep. Morgan Carroll's HB07-1074 re: 527 Reform
Next by Date: Re: Ciber and NY State Board of Elections
Previous by thread: Election staff convicted in recount rig
Next by thread: Re: Ciber and NY State Board of Elections
Index(es):
- Date
- Thread