• United States



by Dave Gradijan

E-voting Machines Approved for Testing by EAC

Dec 08, 20063 mins
CSO and CISOData and Information Security

The U.S. Election Assistance Commission (EAC), the federal board that oversees elections technology, has approved a testing and certification program for electronic-voting systems.

The three-member EAC voted unanimously to approve a manual for testing and certification of e-voting machines, the first testing program conducted by the U.S. government. The program, which allows the federal government to decertify voting machines that fail to meet security standards, will hold e-voting machine vendors accountable and help ensure accurate election results, said Brian Hancock, director of voting systems certification at the EAC.

Although the testing program is voluntary, more than 35 states have passed laws requiring federal certification of voting machines. “We would hope that all states would realize the benefits of this,” said Commissioner Gracia Hillman, during an EAC meeting Thursday.

The testing and certification program includes a quality-monitoring program to review voting machine manufacturing plants and testing in the field. Security requirements in the program will be outlined in voting system guidelines, with a new version to be delivered to the EAC by its Technical Guidelines Development Committee (TGDC) in July.

EAC Chairman Paul DeGregorio called the adoption of the testing program guidelines a “landmark step in federal oversight of elections.”

Critics of e-voting machines have blasted them as “black boxes” that depend on internal software functioning correctly for accurate election results. Without independent audit mechanisms, direct record electronic (DRE) machines have no way of double-checking election results, critics say.

But the testing program will help improve the quality of e-voting machines, Hancock said. “It’s going to improve transparency” in the voting process, he said.

Also on Thursday, the EAC heard a report from TGDC Chairman William Jeffrey, director of the National Institute of Standards and Technology (NIST), on the first steps it has taken toward the new voting system guidelines. The TGDC on Tuesday approved a proposal requiring future e-voting machines to include independent audit mechanisms, such as voter-verified paper trail printouts.

The TGDC will also encourage new audit technologies that could replace printouts as independent audit mechanisms, Jeffrey said. Critics of paper trail audits say printers can jam or break, slowing the voting process.

Much of the EAC discussion about the TGDC report centered on press reports that NIST had advocated independent audits in a November paper, saying DREs without audit mechanisms “cannot be made secure or highly reliable.” NIST as a whole did not agree on the draft paper, but staff members wrote it to stimulate discussion at the TGDC meeting earlier this week, Jeffrey said.

DeGregorio questioned where the authors of the NIST paper got their information when there were relatively few reports of e-voting problems in November’s general election. At last count, 102 of more than 6,700 U.S. voting jurisdictions experienced some kind of voting problem in the Nov. 7 election, according to the EAC.

NIST gathered its information from a variety of sources, including local election officials, TGDC members and media reports, Jeffrey said. “Clearly, there were issues that popped up,” he said.

This week, e-voting machine vendors said they have no problem with the TGDC’s proposal for independent audit mechanisms, said Michael Kerr, director of the Election Technology Council at the Information Technology Association of America, a trade group representing e-voting machine vendors. E-voting machine vendors “will build voting machines that comply” with the wishes of their customers, Kerr said.

The new version of the voluntary voting system guidelines being developed by the TGDC will not likely go into effect until 2010 or later.By Grant Gross, IDG News Service (Washington Bureau)Keep checking in at our Security Feed for updated news coverage.