[IP] Who Tests Voting Machines?

From: Joseph Lorenzo Hall <jhall_at_sims_dot_berkeley_dot_edu>
Date: Sun May 30 2004 - 15:46:38 CDT

---------- Forwarded message ----------
Date: Sun, 30 May 2004 16:29:48 -0400
From: David Farber <dave_at_farber_dot_net>
To: Ip <ip@v2.listbox.com>
Subject: [IP] Who Tests Voting Machines?

Begin forwarded message:

From: "R. A. Hettinga" <rah@shipwright.com>
Date: May 30, 2004 10:19:12 AM EDT
To: cryptography@metzdowd.com
Subject: Who Tests Voting Machines?


The New York Times

May 30, 2004

Who Tests Voting Machines?

Whenever questions are raised about the reliability of electronic
voting machines, election officials have a ready response: independent
testing. There is nothing to worry about, they insist, because the
software has been painstakingly reviewed by independent testing
authorities to make sure it is accurate and honest, and then certified
by state election officials. But this process is riddled with
problems, including conflicts of interest and a disturbing lack of
transparency. Voters should demand reform, and they should also keep
demanding, as a growing number of Americans are, a voter-verified
paper record of their vote.

Experts have been warning that electronic voting in its current form
cannot be trusted. There is a real danger that elections could be
stolen by nefarious computer code, or that accidental errors could
change an election's outcome. But state officials invariably say that
the machines are tested by federally selected laboratories. The League
of Women Voters, in a paper dismissing calls for voter-verified paper
trails, puts its faith in "the certification and standards process."

But there is, to begin with, a stunning lack of transparency
surrounding this process. Voters have a right to know how voting
machine testing is done. Testing companies disagree, routinely denying
government officials and the public basic information. Kevin Shelley,
the California secretary of state, could not get two companies testing
his state's machines to answer even basic questions. One of them, Wyle
Laboratories, refused to tell us anything about how it tests, or about
its testers' credentials. "We don't discuss our voting machine work,"
said Dan Reeder, a Wyle spokesman.

Although they are called independent, these labs are selected and paid
by the voting machine companies, not by the government. They can come
under enormous pressure to do reviews quickly, and not to find
problems, which slow things down and create additional costs. Brian
Phillips, president of SysTest Labs, one of three companies that
review voting machines, conceded, "There's going to be the risk of a
conflict of interest when you are being paid by the vendor that you
are qualifying product for."

It is difficult to determine what, precisely, the labs do. To ensure
there are no flaws in the software, every line should be scrutinized,
but it is hard to believe this is being done for voting software,
which can contain more than a million lines. Dr. David Dill, a
professor of computer science at Stanford University, calls it
"basically an impossible task," and doubts it is occurring. In any
case, he says, "there is no technology that can find all of the bugs
and malicious things in software."

The testing authorities are currently working off 2002 standards that
computer experts say are inadequate. One glaring flaw, notes Rebecca
Mercuri, a Harvard-affiliated computer scientist, is that the
standards do not require examination of any commercial, off-the-shelf
software used in voting machines, even though it can contain flaws
that put the integrity of the whole system in doubt. A study of
Maryland's voting machines earlier this year found that they used
Microsoft software that lacked critical security updates, including
one to stop remote attackers from taking over the machine.

If so-called independent testing were as effective as its supporters
claim, the certified software should work flawlessly. But there have
been disturbing malfunctions. Software that will be used in Miami-Dade
County, Fla., this year was found to have a troubling error: when it
performed an audit of all of the votes cast, it failed to correctly
match voting machines to their corresponding vote totals.

If independent testing were taken seriously, there would be an
absolute bar on using untested and uncertified software. But when it
is expedient, manufacturers and election officials toss aside the
rules without telling the voters. In California, a state audit found
that voters in 17 counties cast votes last fall on machines with
uncertified software. When Georgia's new voting machines were not
working weeks before the 2002 election, uncertified software that was
not approved by any laboratory was added to every machine in the

The system requires a complete overhaul. The Election Assistance
Commission, a newly created federal body, has begun a review, but it
has been slow to start, and it is hamstrung by inadequate finances.
The commission should move rapidly to require a system that includes:

Truly independent laboratories. Government, not the voting machine
companies, must pay for the testing and oversee it.

Transparency. Voters should be told how testing is being done, and the
testers' qualifications.

Rigorous standards. These should spell out in detail how software and
hardware are to be tested, and fix deficiencies computer experts have

Tough penalties for violations. Voting machine companies and election
officials who try to pass off uncertified software and hardware as
certified should face civil and criminal penalties.

Mandatory backups. Since it is extremely difficult to know that
electronic voting machines will be certified and functional on
Election Day, election officials should be required to have a
nonelectronic system available for use.

None of these are substitutes for the best protection of all: a
voter-verified paper record, either a printed receipt that voters can
see (but not take with them) for touch-screen machines, or the ballot
itself for optical scan machines. These create a hard record of
people's votes that can be compared to the machine totals to make sure
the counts are honest. It is unlikely testing and certification will
ever be a complete answer to concerns about electronic voting, but
they certainly are not now.
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Mon May 31 23:18:14 2004

This archive was generated by hypermail 2.1.8 : Mon May 31 2004 - 23:18:17 CDT