Posted on Sun, May. 30, 2004

Politics & Government


Lax controls over e-voting testing labs




By Elise Ackerman

Mercury News


California Secretary of State Kevin Shelley had a simple question: Had a new electronic voting machine been approved by an independent testing lab?


State law requires such approval before the device could be used by California voters. It guaranteed the machines counted votes accurately and would work reliably during an election. As the state's top election official, Shelley figured he could get a quick answer.


He figured wrong.


Wyle Laboratories of El Segundo refused to discuss the status of its testing of the AccuVote-TSx machine made by its client, Diebold Election Systems. The information was proprietary, Wyle said, and could be revealed only to Diebold.


And so the secretary of state was introduced to the looking-glass world of voting-machine regulation. Over the years, repeated references to "federal testing" by election officials have given the impression that the government oversees the certification of touch-screen voting systems. While there are guidelines for the machines, no federal agency has legal authority to enforce them.


Instead, state officials rely on what amounts to a privately operated testing system -- a small group of for-profit companies overseen by a private elections group to ensure the integrity of elections increasingly dependent on electronic voting machines.


No official oversight


Neither the testing procedures nor the testing results are considered to be public information, and these testing laboratories have not traditionally been subject to direct oversight by election officials. For years, the testing system was managed by a private center that also accepted donations from voting-equipment manufacturers.


"I was shocked," Shelley recalled. "Everyone seemed to be in bed with everyone else. You had these so-called independent testing authorities floating out there in an undefined pseudo-public, pseudo-private status whose source of income is the vendors themselves."


Recent testing by states and university scientists has shown that these labs, called independent testing authorities, or ITAs, are signing off on some software with serious flaws.


Last year, a team led by a Johns Hopkins University computer scientist found "significant and wide-reaching security vulnerabilities" in a Diebold system that could have allowed vote tampering.


Subsequent investigations by the states of Ohio and Maryland raised similar security concerns about equipment sold by Diebold and other voting-machine makers.


"We can't trust the ITA process," said David Jefferson, a computer scientist at Lawrence Livermore National Laboratory and a technical adviser to the California secretary of state. "The record shows that these systems have gotten through the ITA testing with embarrassing security vulnerabilities in them."


National standards


Forty-two states, including California, rely on three independent testing labs to safeguard elections. By holding voting-equipment manufacturers accountable to national standards and keeping copies of software programs in escrow, the independent labs are supposed to help stop defective computer code from reaching the polling place.


But critics contend that the labs are too close to the elections industry to serve as effective watchdogs. "The only thing they are independent from is state and federal regulators," Shelley told the U.S. Election Assistance Commission this month.


Dan Reeder, a spokesman for Wyle, which functioned as the nation's sole testing lab from 1994 to 1997, said the company's policy is to provide information to the manufacturers who are its customers.


"We would not even acknowledge who we have done business with because of the proprietary nature of the relationship," Reeder said. "It's much like a lawyer-client relationship."


Until last fall, equipment makers routinely informed the National Association of State Election Directors when the testers' approved their voting systems.


The association, which served as a clearinghouse for information for election professionals, posted a list of approved equipment on its Web site. The group also was supposed to keep the companies honest by verifying approval of their voting systems with the testing labs.


Weaknesses in the testing system came to light last year, when a state audit revealed that Diebold released voting software to three California counties before it had been reviewed by testing laboratories. That led to a broader inquiry of Diebold by Shelley, who ultimately banned some of the company's machines from use in four counties because it lied about their testing status.


Only two independent labs test voting software: CIBER of Greenwood Village, Colo., and SysTest Labs of Denver. And only one, Wyle, tests the physical machinery.


SysTest Labs President Brian Phillips said the security risks identified by the outside scientists were not covered by standards published by the Federal Election Commission. "So long as a system does not violate the requirements of the standards, it is OK," Phillips said.


Standards updated


The FEC standards that SysTest has been using date back to the late 1980s, Phillips said, when $300,000 was allocated to study the security and reliability of the first generation of electronic voting machines. But after the voting system standards went into effect in 1990, the federal government failed to provide money for their implementation. The standards were not updated again until last year.


CIBER declined repeated interview requests.


The private testing system of independent labs was created in 1994 by a group of election officials who were brought together by the National Association of State Election Directors (NASED). But the association lacked the resources to accredit testing laboratories and track equipment approvals. The Election Center, a private training organization for election officials, offered to take on those tasks for free.


In 2002, the Houston-based Election Center operated on a $462,000 budget. Executive Director Doug Lewis said Election Center's budget comes mostly from membership dues and training fees.


But he acknowledges accepting up to $10,000 a year in donations from voting-equipment manufacturers like Sequoia Voting Systems and Election Systems & Software.


That doesn't sit well with California's top election official. "Where I come from, any firm regulatory or approval scheme should be conducted by entities that are entirely independent from any reliance -- financial or otherwise -- from the people that they have to oversee," Shelley said.


Lewis defended the donations. "I don't have a problem with it because neither the Election Center or NASED ever had the right to approve or disapprove a voting system," he said.


Though the Election Center couldn't force manufacturers to send their equipment to testing labs, many states require the labs' approval before the machines can be used in an election. Today, only a handful of states conduct their own examination of a voting system's hardware and software.


Despite its central role in guaranteeing the integrity of elections, the private testing system of independent labs is only loosely monitored. Neither the National Association of State Election Directors nor the Election Center has the resources to conduct follow-up inspection visits after a lab is accredited, Lewis said. The election directors' association also does not review contracts between the testers and manufacturers.


Donations to GOP


According to FEC records, CIBER donated $48,000 to Republicans during the past four years, including $25,000 to the Republican National Committee in 2000, when CIBER was the only company testing voting software in the country. The company made no donations to Democrats.


Said Shelley, a Democrat: "I think it compromises the integrity of the process if you have the testing entities give contributions to one party or another. It's not appropriate."


The Election Center ended its involvement with the independent labs last year. An attempt to transfer the responsibility to a new federal election agency was thwarted after the agency's creation was delayed and Congress did not provide enough funding for an oversight program. Currently, no one appears to be closely watching the labs.


While the testing system remains in limbo, Shelley has requested that voting-equipment makers turn over a copy of their computer code. For the first time, California will be conducting its own line-by-line code review and security analysis.


"Even if the testing labs approve something, if we don't approve it, we won't run with it," Shelley said.


Contact Elise Ackerman at eackerman@mercurynews. com or (408) 271-3774.


Copyright 2003 Knight Ridder. All Rights Reserved