http://www.eweek.com/article2/0,1759,1638537,00.asp By Bill Poovey, Associated Press Writer August 22, 2004 HUNTSVILLE, Ala. (AP) - The three companies that certify the nation's voting technologies operate in secrecy, and refuse to discuss flaws in the ATM-like machines to be used by nearly one in three voters in November. Despite concerns over whether the so-called touchscreen machines can be trusted, the testing companies won't say publicly if they have encountered shoddy workmanship. They say they are committed to secrecy in their contracts with the voting machines' makers—even though tax money ultimately buys or leases the machines. "I find it grotesque that an organization charged with such a heavy responsibility feels no obligation to explain to anyone what it is doing," Michael Shamos, a Carnegie Mellon computer scientist and electronic voting expert, told lawmakers in Washington, D.C. The system for "testing and certifying voting equipment in this country is not only broken, but is virtually nonexistent," Shamos added. Although up to 50 million Americans are expected to vote on touchscreen machines on Nov. 2, federal regulators have virtually no oversight over testing of the technology. The certification process, in part because the voting machine companies pay for it, is described as obsolete by those charged with overseeing it. The testing firms - CIBER and Wyle Laboratories in Huntsville and SysTest Labs in Denver—are also inadequately equipped, some critics contend. Federal regulations specify that every voting system used must be validated by a tester. Yet it has taken more than a year to gain approval for some election software and hardware, leading some states to either do their own testing or order uncertified equipment. That wouldn't be such an issue if not for troubles with touchscreens, which were introduced broadly in a bid to modernize voting technology after the 2000 presidential election ballot-counting fiasco in Florida. Failures involving touchscreens during voting this year in Georgia, Maryland and California and other states have prompted questions about the machines' susceptibility to tampering and software bugs. Also in question is their viability, given the lack of paper records, if recounts are needed in what's shaping up to be a tightly contested presidential race. Paper records of each vote were considered a vital component of the electronic machines used in last week's referendum in Venezuela on whether to recall President Hugo Chavez. Critics of reliance on touchscreen machines want not just paper records - only Nevada among the states expects to have them installed in its touchscreens come November—but also public scrutiny of the software they use. The machine makers have resisted. "Four years after the last presidential election, very little has been done to assure the public of the accuracy and integrity of our voting systems," Rep. Mark Udall, D-Colo., told members of a House subcommittee in June at the same hearing at which Shamos testified. "If there are any problems, we will spend years rebuilding the public's confidence in our voting systems," Udall said. "We need to squarely face the fact that there have been serious problems with voting equipment deployed across the country in the past two years." In Huntsville, the window blinds were closed when a reporter visited the office suite where CIBER Inc. employees test voting machine software. A woman who unlocked the door said no one inside could answer questions about testing. Shawn Southworth, a voting equipment tester at the laboratory, said in a telephone interview that he wouldn't publicly discuss the company's work. He referred questions to a spokeswoman at CIBER headquarters in Greenwood Village, Colo., who never returned telephone messages. CIBER, founded in 1974, is a public company that promotes itself as an international systems integration consultant. Its government and private-sector clients include the Air Force, IBM and AT&T. In 2003, government work generated the largest percentage of the company's total revenue, 26 percent. Also in a sprawl of high-tech businesses that feed off Redstone Arsenal and NASA's Marshall Space Flight Center in Huntsville is the division of Wyle Laboratories Inc. that tests U.S. elections hardware, including touchscreens made by market leaders Diebold Inc., Sequoia Voting Systems Inc. and Election Systems & Software Inc. Wyle spokesman Dan Reeder refused to provide details on how the El Segundo, Calif.-based company, which has been vetting hardware for the space industry since 1949 in Huntsville, tests the voting equipment. "Our work on election machines is off-limits," Reeder said. "We just don't discuss it." He did allow, though, that the testing includes "environmental simulation...shake, rattle and roll." Carolyn Goggins, a spokeswoman for SysTest Labs, the only other federally approved election software and hardware tester, refused to discuss the company's work. More than a decade ago, the Federal Election Commission authorized the National Association of State Election Directors to choose the independent testers. On its Web site, the association says the three testing outfits "have neither the staff nor the time to explain the process to the public, the news media or jurisdictions." It directs inquiries a Houston-based nonprofit organization, the Election Center, that assists election officials. The center's executive director, Doug Lewis, did not return telephone messages seeking comment. The election directors' voting systems board chairman, former New York State elections director Thomas Wilkey, said the testers' secrecy stems from the FEC's refusal to take the lead in choosing them and the government's unwillingness to pay for it. He said that left election officials no choice but to find technology companies willing to pay. "When we first started this program it took us over a year to find a company that was interested, then along came Wyle, then CIBER and then SysTest," Wilkey said of he standards developed over five years and adopted in 1990. "Companies that do testing in this country have not flocked to the prospect of testing voting machines," said U.S. Election Assistance Commission chairman DeForest Soaries Jr., now the top federal overseer of voting technology. A 2002 law, the Help America Vote Act, created the four-member, bipartisan headed by Soaries to oversee a change to easier and more secure voting. Soaries said there should be more testers but the three firms are "doing a fine job with what they have to work with." Wilkey, meanwhile, predicted "big changes" in the testing process after the November election. But critics led by Stanford University computer science professor David Dill say it's an outrage that the world's most powerful democracy doesn't already have an election system so transparent its citizens know it can be trusted. "Suppose you had a situation where ballots were handed to a private company that counted them behind a closed door and burned the results," said Dill, founder of VerifiedVoting.org. "Nobody but an idiot would accept a system like that. We've got something that is almost as bad with electronic voting." _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
This archive was generated by hypermail 2.1.3 : Mon Aug 23 2004 - 02:43:15 PDT