Tiny new agency ill-equipped for e-voting oversight

[R. A. Hettinga]

<http://www.siliconvalley.com/mld/siliconvalley/8580743.htm?template=contentModules/printstory.jsp>

The San Jose Mercury News

Posted on Mon, May. 03, 2004

Tiny new agency ill-equipped for e-voting oversight




SAN JOSE, Calif. (AP) - As alarm mounts over the integrity of the ATM-like
voting machines 50 million Americans will use in the November election, a
new federal agency has begun scrutinizing how to safeguard electronic
polling from fraud, hackers and faulty software.

But the tiny U.S. Election Assistance Commission says it is so woefully
underfunded that it can't be expected to forestall widespread voting
machine problems, which would cast doubt on the election's integrity.

The commission -- which on Wednesday conducts the first federal hearing on
the security and reliability of electronic voting -- laments its
predicament in a new report.

``We've found some deeply troubling concerns, and the country wants to know
the solution,'' said DeForest B. Soaries, Jr., a Republican and former New
Jersey secretary of state named by President Bush in December to lead the
agency.

The Washington, D.C. hearing will focus on the security risks of
touchscreen machines, which computer scientists say cannot be trusted
because they do not produce paper records, making proper recounts
impossible. Despite reassurances from the machines' makers, at least 20
states are considering legislation to require a paper trail.

After hearing from academics, elections officials and voting equipment
company executives, the Soaries commission will issue recommendations --
for example, that poll workers should keep a stack of paper ballots handy
in case machines fail to start. Machines in more than half the precincts in
California's San Diego County malfunctioned during the March 2 presidential
primary, and a lack of paper ballots may have disenfranchised hundreds of
voters.

Created nearly a year after a congressional deadline, the Soaries-led
agency took over the Federal Elections Commission's job of setting
standards for ensuring the voting process is sound.

But the EAC lacks the authority to enforce any such standards and the
agency's first annual report, released Friday, is apt to disappoint anyone
who had high expectations.

Created under the 2002 Help America Vote Act that began funneling $3.9
billion to states to upgrade voting systems after Florida's hanging chad
debacle, the agency's two Republican and two Democratic commissioners
weren't appointed until December. Their first public meeting was in March.
A bare-bones Web site only went live on Friday.

With only $1.2 million of its $10 million budget appropriated, the
commission has so far been able to hire seven full-time staffers, borrowing
some part-timers from other federal agencies.

The lack of funding has forced the EAC to abandon or delay much of its
intended mission. For example, it won't be able to develop a national
system for testing voting machines, according to the report.

Soaries intends to use his bully pulpit as chairman to highlight problems
to state and local elections officials. But he said in a telephone
interview that the EAC will need $2 million more this year and its full $10
million in 2005 to tackle its mission of restoring public faith in
electronic voting.

``If you look at the evolution of voting in America, only in last four
months has there been a federal agency whose exclusive focus is to deal
with voting. It's the foundation of our democratic structure on one hand,
but on the other we've really left it to the states to manage completely,''
Soaries said.

Most states have relied on guidance from the National Association of State
Election Directors, a volunteer organization of retired and active election
officials around the country. NASED, in turn, has certified three
little-known testing companies to verify the integrity of every machine and
every line of code in e-voting equipment nationwide, and it's up to
elections officials in each state to get the equipment tested.

NASED plans to transfer its certification authority to the National
Institute of Standards and Technology, which is supposed to update the
decade-old standards the labs use to make sure voting equipment is secure
and reliable.

But that also is on hold because NIST ``did not receive funding to support
the work,'' the commission report says.

``I wish the EAC luck, but oversight of these systems is illusory,'' said
Kim Alexander, president of the California Voter Foundation. ``As long as
federal voting system standards are voluntary, voters across the country
will not have the peace of mind they need to feel confident in their voting
systems.''

Currently certified by NASED to test all voting hardware for U.S. elections
is a Huntsville, Ala.-based division of Wyle Laboratories Inc. All software
is tested by two other entities -- a Huntsville, Ala., lab operated by
Greenwood Village, Colo.-based Ciber Inc., and Denver-based SysTest Labs
LLC.

The labs may take a year or more to test voting equipment -- a bottleneck
that may tempt manufacturers to install uncertified software in voting
machines, Soaries said. ``The minute I found out about this problem I
started talking about it.''

Shawn Southworth, who directs Ciber's voting software testing practice,
said more labs would only add more confusion.

``You'd have a lot of different companies interpreting standards their own
ways,'' he said. ``It takes years to understand the election process and
how the software is supposed to function.''

The hearing Wednesday could turn contentious.

Executives from Diebold Inc., Hart Intercivic Inc., Election Systems &
Software Inc., and Sequoia Voting Systems Inc. will speak, along with one
of their loudest critics -- Avi Rubin, a Johns Hopkins computer expert who
discovered numerous weaknesses in a version of Diebold's voting software.

Also invited is California's top elections official, Kevin Shelley. On
Friday, Shelley banned a Diebold model touchscreen machine that was to be
used in four counties and called for a criminal investigation. Shelley
alleged that Diebold's use of uncertified software in the state's March 2
primary amounted to ``reprehensible'' fraud.

Diebold responded that it's confident in its systems and will work with
elections officials nationwide to run a smooth election this fall.

----

On the Net:

U.S. Election Assistance Commission: http://www.eac.gov


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com