Independent Review Reveals Flaws In Voting System Testing Process
| Print |
By Howard Stanislevic, VoteTrustUSA
October 23, 2006
Key voting system standards missing from test plans
Download NYSTEC Review of CIBER's Voting System Test Plans
As the EAC's Oct. 26 hearing on its new Voting System Testing and Certification Program approaches, new findings from New York reveal that the certification program in place today is far from adequate, requiring the States to pick up the slack.
NYSTEC, a not for profit spin-off from the US Air Force's Research Laboratory at Rome, NY, was hired by the State Board of Elections to conduct an independent review of the voting system test plans issued by one of the three so-called Independent Testing Authorities that test voting systems on behalf their manufacturers, CIBER, Inc., previously hired by the state.
NYSTEC's report is highly critical of CIBER, stating that the ITA's test plan for the state's new voting systems lacked numerous security and functional testing requirements of the 2006 NY State Election Law, the EAC's 2005 Voluntary Voting System Guidelines Vols. 1 & 2, and NY State's Voting System Standards.
According to the NYSTEC report, some of the items omitted from the ITA's test plans were:
- a requirement for voting systems to not include any device or functionality potentially capable of externally transmitting or receiving data via the Internet, radio waves or other wireless means; Furthermore, CIBER's Security Master Test Plan did not specify any test methods or procedures for the majority of requirements. CIBER has stated that these will be provided in another phase of the project.
- a requirement for the voting system software not to contain any ‘viruses’, ‘worms’, ‘time bombs’, and ‘drop dead’ devices that may cause the voting system to cease functioning properly at a future time;
- a requirement for voting systems to provide a means by which ballot definition code may be positively verified to ensure that it corresponds to the format of the ballot face and the election configuration.
Up until now, the ITAs have claimed that because they only test to the standards, any certification of non-compliant voting systems must be taking place at a higher level, such as the EAC or its predecessor, the National Association of State Election Directors who have ultimate decision making authority in such matters. While the federal guidelines do allow certification of non-compliant systems,the NYSTEC report calls into question whether the ITAs do in fact test to the standards in the first place.
Either way, it seems that the burden of ensuring secure election systems is being placed on the states, and that independent reviews such as those conducted by RABA Technologies for the state of Maryland and NYSTEC for New York are clearly necessary.
Comment on This Article
You must login to leave comments...
Other Visitors Comments
You must login to see comments...