The image “http://www.votetrustusa.org/images/votetrust-small2.jpg” cannot be displayed, because it contains errors.

 

   
National Issues

Independent Review Reveals Flaws In Voting System Testing Process PDF  | Print |  Email
By Howard Stanislevic, VoteTrustUSA   
October 23, 2006

Key voting system standards missing from test plans

 

Download NYSTEC Review of CIBER's Voting System Test Plans 

 

As the EAC's Oct. 26 hearing on its new Voting System Testing and Certification Program approaches, new findings from New York reveal that the certification program in place today is far from adequate, requiring the States to pick up the slack.

NYSTEC, a not for profit spin-off from the US Air Force's Research Laboratory at Rome, NY, was hired by the State Board of Elections to conduct an independent review of the voting system test plans issued by one of the three so-called Independent Testing Authorities that test voting systems on behalf their manufacturers, CIBER, Inc., previously hired by the state.

NYSTEC's report is highly critical of CIBER, stating that the ITA's test plan for the state's new voting systems lacked numerous security and functional testing requirements of the 2006 NY State Election Law, the EAC's 2005 Voluntary Voting System Guidelines Vols. 1 & 2, and NY State's Voting System Standards.


According to the NYSTEC report, some of the items omitted from the ITA's test plans were:
- a requirement for voting systems to not include any device or functionality potentially capable of externally transmitting or receiving data via the Internet, radio waves or other wireless means;

- a requirement for the voting system software not to contain any ‘viruses’, ‘worms’, ‘time bombs’, and ‘drop dead’ devices that may cause the voting system to cease functioning properly at a future time;

- a requirement for voting systems to provide a means by which ballot definition code may be positively verified to ensure that it corresponds to the format of the ballot face and the election configuration.
Furthermore, CIBER's Security Master Test Plan did not specify any test methods or procedures for the majority of requirements. CIBER has stated that these will be provided in another phase of the project.

Up until now, the ITAs have claimed that because they only test to the standards, any certification of non-compliant voting systems must be taking place at a higher level, such as the EAC or its predecessor, the National Association of State Election Directors who have ultimate decision making authority in such matters. While the federal guidelines do allow certification of non-compliant systems,the NYSTEC report calls into question whether the ITAs do in fact test to the standards in the first place.

Either way, it seems that the burden of ensuring secure election systems is being placed on the states, and that independent reviews such as those conducted by RABA Technologies  for the state of Maryland and NYSTEC for New York are clearly necessary.

 

Comment on This Article
You must login to leave comments...
Other Visitors Comments
You must login to see comments...
< Prev   Next >
National Pages
Federal Government
Federal Legislation
Help America Vote Act (HAVA)
Election Assistance Commission (EAC)
Federal Election Commission
Department of Justice - Voting Section
Non-Government Institutions
NASS
NASED
Independent Testing Authority
The Election Center
Carter Baker Commission
Topics
General
Voting System Standards
Electoral College
Accessibility
Open Source Voting System Software
Proposed Legislation
Voting Rights
Campaign Finance
Overseas/Military Voting
Canada
Electronic Verification
: mosShowVIMenu( $params ); break; } ?>