The image “” cannot be displayed, because it contains errors.


National Issues

Gaping Hole in HAVA Voting System Standards Widened in 2005 PDF  | Print |  Email
By Howard Stanislevic, VoteTrustUSA E-Voting Education Project   
May 21, 2006
What's all this talk about banned interpreted code, high hardware failure rates, Hursti Hacks, RABA Revelations and typos in our Voting System Standards?

Critics of electronic voting may want to take a break from their hacking chores, remove their white hats, kick back with a cup of java and read the current version of the EAC's Voting System Standards/Guidelines (VSS/G) just one more time to see what's really been going on since HAVA became the law of the land. If they do so, they'll find that not only does the current (2002) VSS/G adopted under Section 222 (e) of the Help America Vote Act:
· allow an unacceptably high failure rate of one in every 11 electronic voting systems in the country on every Election Day;

· not require any means of independent verification of voting system tallies such as a voter-verified paper audit trail (VVPAT);

· exempt from inspection any commercial off-the-shelf software used in e-voting systems (such as Microsoft's operating systems and Access database);
it also contains a loophole big enough to shove a lever machine through.

According to Volume II, Appendix B.5, Qualification Test Results and Recommendation,

"[A]ny uncorrected deficiency that does not involve the loss or corruption of voting data shall not necessarily be cause for rejection. Deficiencies of this type may include failure to fully achieve the levels of performance specified in Volume I, Sections 3 and 4 of the Standards [those are the Hardware and Software Performance specs], or failure to fully implement formal programs for qualify [sic] assurance and configuration management described in Volume I, Sections 7 and 8."

In other words, vendors don't even have to meet the standards in the VSS/G if the testing authority labs (which they fund) or the EAC says they don't have to. So much for banning things such as interpreted code or trying to achieve an acceptable hardware failure rate or improved e-voting security. If the EAC gives a vendor a pass, there are almost no voting system hardware or software performance requirements that actually have to be met. Nearly all are subject to re-interpretation by the EAC.

(And yes, the authors of the above loophole spelled the word “quality” incorrectly too – you can’t make this stuff up!)

This brings us to the latest version of the standards approved by the EAC in Dec. 2005. Volume II, Appendix B.5 is still there and still contains the loophole, but there are two notable changes:

1. Instead of allowing non-compliance only with certain sections of Volume I, the 2005 version, which takes effect in 2007, allows a blanket exemption from compliance with ALL of Volume I. This even includes the new or updated sections on Usability and Accessibility, Security and Independent Verification.

Here is the 2005 Volume I table of contents:
Volume I Voting System Performance Guidelines

Overview Voluntary Voting System Guidelines Overview
Section 1 Introduction
Section 2 Functional Requirements
Section 3 Usability and Accessibility Requirements
Section 4 Hardware Requirements
Section 5 Software Requirements
Section 6 Telecommunications Requirements
Section 7 Security Requirements
Section 8 Quality Assurance Requirements
Section 9 Configuration Management Requirements
Appendix A Glossary
Appendix B References
Appendix C Independent Verification Systems
Appendix D Technical Guidance for Color, Contrast, and Text Size"
The new loophole makes these standards moot if the EAC decides to allow a vendor to violate any or all of them, except the Accuracy requirement referred to in HAVA Section 301.

2. The other change in the 2005 version of the loophole which some may consider worth noting is that the authors actually spelled the word “quality” correctly this time.

Dr. Daniel Schutzer who serves on the EAC's Technical Guidelines Development Committee (TGDC), apparently noticed this glaring contradiction in the 2002 standards last year, while the 2005 standards were being developed, and put forth the following resolution in an attempt to resolve the paradox of non-compliant voting systems obtaining EAC certification:

U.S. Election Assistance Commission
Technical Guidelines Development Committee

Resolution adopted by the TGDC at their plenary meeting, January 18 and 19, 2005

Resolution # 27-05, Offered by: Dr. Schutzer

Title: Non-Conformant Voting Systems
A provision in the 2002 VSS allows qualification of voting systems that do not conform to the requirements. [“Any uncorrected deficiency that does not involve the loss or corruption of voting data shall not necessarily be cause for rejection.”] If there are requirements that are frequently unmet by qualified systems, these requirements should be reviewed for possible elimination. The TGDC requests that NIST review the text of the 2002 VSS to determine if the provision for qualification of voting systems that do not conform to the requirements should be deleted."
In other words, Dr. Schutzer and the TGDC are saying to either drop the requirements that aren't being met by the vendors, or close the loophole.

It's clear from the 2005 'standards' that the powers that be at the EAC have decided instead to widen the 2002 loophole, and perhaps even weaken other portions of the standards at the same time. The changes to Volume I in the 2005 standards, which involve usability, accessibility, software distribution, reference information and validation during voting system setup, as well as guidelines for VVPATs, may therefore have little or no effect on current or future voting systems since the EAC, at their discretion, are free to disregard all these requirements and approve systems that do not comply.

If vendors and the EAC would devote as much time to improving voting systems as they appear to have devoted to devising new and wider loopholes in the voting systems standards, critics of e-voting might have less to complain about.

On second thought, maybe the authors of the 2002 loophole really did mean, qualify assurance.” After all, qualification of almost any system can be assured via this loophole.
Comment on This Article
You must login to leave comments...
Other Visitors Comments
You must login to see comments...
< Prev   Next >
National Pages
Federal Government
Federal Legislation
Help America Vote Act (HAVA)
Election Assistance Commission (EAC)
Federal Election Commission
Department of Justice - Voting Section
Non-Government Institutions
Independent Testing Authority
The Election Center
Carter Baker Commission
Voting System Standards
Electoral College
Open Source Voting System Software
Proposed Legislation
Voting Rights
Campaign Finance
Overseas/Military Voting
Electronic Verification
: mosShowVIMenu( $params ); break; } ?>