International observers find fault with 2006 United States election and call for Congressional reform By Michael Richardson The Office for Democratic Institutions and Human Rights, based in Warsaw, Poland, is the election monitoring unit of International Organization for Security and Co-operation in Europe. The world's foremost election observation group sent a 18-member mission to the United States to assess the November 2006 election which has now filed its report. This was the third U.S. election observed by OSCE. Although no systematic observation of polling and counting procedures were conducted compliance with the Help America Vote Act [HAVA] was a central concern of the mission based on media criticism over the implementation of new voting technologies. The observers also noted that negative advertising was predominant throughout the campaign. Campaign finance was also a focus of the review with the monitors commenting that alternative funding schemes have circumvented legal spending limits. The ODIHR report highlighted a lack of public confidence in new HAVA funded voting equipment. "Further transparency measures, such as access to software codes, independent testing, provision of voter verified paper train (VVPAT) or multiple audit mechanisms would enhance public confidence in the integrity of the new voting technologies." One potential shortcoming of the new HAVA equipment drew a cautionary comment. "In specific relation to the introduction of new voting technologies, however, the sharing of responsibilities between election officials, certification agencies and vendors could, at times, create difficulties in the effective management of the electoral process." Restrictions on the right to vote drew specific attention. "Only citizens of a state may elect members to Congress. This results in the denial of suffrage for full congressional representation to some citizens residing in U.S. territories and Washington, D.C. Furthermore, there is a broad range of practices with regard to enfranchisement of citizens who have been convicted of a felony. While in two states prisoners are allowed to vote, in most states incarcerated felons cannot vote and in some states ex-felons are barred for life." The practice of gerrymandering congressional districts was criticized. "With a view to ensuring genuine electoral competition in congressional districts, consideration could be given to introduce procedures for drawing district boundaries that will be based on information other than voter's voting histories and perceived future voting intentions." Commenting on the lack of uniform nomination requirements for Congress because of varying state laws the monitors suggest the states adopt model legislation. "Consideration should be given to decrease the number of required signatures for nomination of candidates to up to one per cent of the number of registered voters in a given electoral district, in line with existing best practices." The report also cites the "challenging aspect" of petition deadlines for new political parties in various states and says any deadline more than 75 days before an election are excessive and may be unconstitutional. Uneven "write-in" requirements were also noted. The number of unopposed candidates for Congress that didn't even have to worry about their name on the ballot got attention. "The election laws of several states allow for an unopposed candidate to be elected as a member of Congress without having the candidate's name placed on the ballot. With regard to the 7 November mid-term elections, it was reported that 34 unopposed candidates in 15 states became members of the U.S. House of Representatives by default. Six of those were in Florida which is approximately a quarter of Florida's representation in the House." Campaign funding had its own section in the report. "The high level of campaign expenditure is a striking feature of U.S. elections, with spending essentially unlimited by law, as freedom to spend on campaigning is equated with freedom of speech." "The FEC's [Federal Election Commission] complaint process could be strengthened so that cases are completed more expeditiously and prior to the next elections for federal office. Further, consideration could be given to enhancing federal legislation, by empowering the FEC to regulate such organizations["527"], should existing legislation be perceived as needing more clarity, and by applying federal campaign limits regardless of tax status." The OSCE monitors want to open up primary elections. "A review of the requirements of political party declaration for voter registration could be undertaken with a view to identifying other possibilities to facilitate voting in primaries and avoid registrants being asked to disclose their political affiliation." Although the report supports a nationwide voter registration database it warns of problems posed by technology. "Future implementation would benefit from developing common standards with regard to testing, certification, data usage and protection, and proprietary ownership of voter registration data and equipment." The observers noted the partisan nature of the voter ID controversy and made some recommendations. "Although there are no indications of impersonation or voter fraud occurring in anything other an isolated cases over recent years, it is a concern of some stakeholders….Voter identification requirements should be established well in advance of election day so that voters are correctly informed and polling staff fully trained….Establishment of uniform voter identification requirements could be considered. If voters are required to produce identification documents, such documents should be readily available without any administrative or considerable financial burden to the voter." Voting restrictions on ex-felons was highlighted for attention in the report. "Restriction of voting rights for felons and ex-felons should be reviewed to ensure that any restriction is proportionate to the crime committed. Restriction should be for a limited period and voting rights should be restored automatically after the expiration of an established period of time. Financial debt or administrative barriers should not be obstacles to voter registration." The disenfranchisement of citizens residing in Washington, D.C. or the U.S. territories from a representative in Congress was addressed. "U.S. authorities should consider all possibilities to provide full representation rights for all U.S. citizens." Provisional ballots need uniform requirements and assurance that they will be properly counted. "In order that the public is accurately informed about electoral developments in a timely manner, relevant state authorities could usefully consider the introduction of requirements that the numbers of provisional ballots cast are recorded and announced simultaneously with the remaining results of the counting of the votes at all levels of the election administration." Electronic voting machines were also called into question by the OSCE monitors. "Vendors of voting systems are not subject to the same legal obligations applicable to government officials administering elections. Further, vendors have insisted on retaining proprietary control of computer software, which impacted negatively on transparency and fueled issues of public confidence. This left election officials in a vulnerable position, as they were responsible for election delivery but might be unable to thoroughly check their systems or open them to public scrutiny." Although the polite diplomatic language of the report is almost a model of understatement it still, in total, amounts to a sharp critique of U.S. election practices. Using the phrasing of the report, Congress and the state legislatures could benefit from conducting hearings on the report findings and recommendations. Authors Bio: Michael Richardson is a freelance writer based in Boston. Richardson writes about politics, election law, human nutrition, ethics, and music. In 2004 Richardson was Ralph Nader's national ballot access coordinator Banned Voting Machine Test Lab Given More Time to Fix Problems by Friendly Director of U.S. Election Assistance Commission EAC Exec. Dir. Tom Wilkey Lends CIBER 'Test' Lab a Hand, As [A New York state report] detailed missing requirements, incorrectly labeled requirements, undefined jargon, outdated matrix tables, and lack of test plan clarification for functionality tests at CIBER "test" labs. The BRAD BLOG has learned that Thomas Wilkey, Executive Director (bio [PDF]) of the U.S. Election Assistance Commission (EAC), has now extended the deadline for CIBER, Inc. to qualify for interim accreditation to test the nation's voting machines, despite previously reported disastrous testing conditions over several years discovered at the lab. Wilkey previously kept problems at the CIBER test lab hidden behind a wall of secrecy including the non-accreditation of the controversial "independent testing authority" (ITA) laboratory as discovered and revealed by The New York Times last month. CIBER, the nation's most prodigious voting machine test lab, was banned from testing last summer when accreditation responsibilities shifted from the National Association of State Election Directors (NASED) to the EAC. However, the public and election officials relying on CIBER's testing where not informed of the ban until the Times disclosed the lab shutdown in January 2007, long after the elections in 2006 were allowed to move forward on CIBER's "tested" voting machines. Even after the Times exposé, the EAC head kept the assessment reports [PDF], which detailed lab problems, secret until a subpoena threat by the New York State Board of Elections forced release of the reports. The assessments that Wilkey kept hidden from the public revealed a shocking history of sloppy, incomplete and non-existent testing. Only after increasing pressure, including from Senator Diane Feinstein, to come clean about CIBER's failures, Wilkey wrote to the company on January 26, 2007 [PDF] giving them 30 days to correct the identified deficiencies. Now, as the deadline approaches, Wilkey has itemized the problems in need of correction by CIBER and extended the deadline [PDF] for them until March 5, 2007. Wilkey, once again as expected, has been very kind to the company that he seems to have spent years protecting. Meanwhile, in written testimony [PDF] Thursday to the EAC, David Alderman of the National Institute of Standards and Technology (NIST) explained why CIBER thus far has failed to gain a favorable recommendation from the NIST for future accreditation--CIBER actually missed the application deadline... The subpoena threat from New York State Board of Elections Commissioner Doug Kellner that forced release of the "soiled laundry" secret CIBER assessment reports followed by several months another "confidential" report on CIBER [PDF] as prepared for New York state election officials. The New York State Technology Enterprise Corporation (NYSTEC) conducted a review of CIBER's master test plan and CIBER's security test plan for the state. The confidential report submitted on September 27, 2006, revealed glaring deficiencies in CIBER's security testing of voting machines. The NYSTEC report found a number of security requirements in New York law, EAC voting machine guidelines, and state regulations that "were not covered in the Security Test Plan". Further, "the security test plan did not specify any test methods or procedures for the majority of requirements." NYSTEC detailed missing requirements, incorrectly labeled requirements, undefined jargon, outdated matrix tables, and lack of test plan clarification for functionality tests. One particular finding about CIBER's security testing that drew attention by the independent review team was an incorrect statement passing the buck to NYSTEC for plan deficiencies: A Security Master Plan should document testing methodologies, procedures and processes that will help to ensure that all testing is being done in a structured and repeatable way. This is even more important given the numbers of voting machines that will be tested in parallel and the number of testers involved. CIBER technicians will no doubt need the extra time allotted by Wilkey to correct the long list of deficiencies tallied against the lab. If CIBER can gain interim accreditation, the company will be allowed to continue testing voting machines until January 2008 even if it fails to gain actual accreditation or is rejected by NIST reviewers. As previously reported by The BRAD BLOG, Wilkey has a long history of hiding testing problems behind a wall of secrecy in his earlier role as chair of NASED's Voting Standards Board where he supposedly served as the public watchdog of the voting machine test labs. According to an email from Chris Thomas [PDF] (see pages 19-20), then NASED president, Wilkey's group opposed involvement by the NIST in the testing of voting machines and also sought to keep the EAC, which he now heads, out of the lab accreditation process. While many are angry with Wilkey and the EAC for covering up CIBER's non-accreditation last summer, at least two people are happy. CIBER founder and director Bobby Stevenson and CIBER's CEO Mac Slingerlend were able to use the half-year news blackout to do some apparent insider trading. The two top CIBER honchos were able to unload $1.7 million of company stock after last year's test ban but before public disclosure by the New York Times in January. Will CIBER be able to regain its lucrative testing business? Stay tuned as we continue to shed the many layers of skin from the increasingly stinking onion... CIBER Voting Machine Test Lab Failures is 'Old News' Known by Top Election Officials for Years CIBER Has Absolutely No Idea What It's Talking About' Testing Secrecy Has Allowed CIBER to Profit From Sloppy Work Michael Richardson (appeared originally here) 02 Feb 2007 CIBER, Inc., the nation's largest so-called "independent test authority" (ITA) of electronic voting machines, is at the center of a growing scandal about lax testing of voting equipment. The recent release of a long-kept secret assessment of the company by the Election Assistance Commission (EAC) detailing a shocking record of sloppy, incomplete or non-existent testing by CIBER led the test lab's CEO, Mac Slingerlend, to call the report "old news" in an interview with the Rocky Mountain News. While CIBER's shortcomings may be "old news" to Slingerlend, unaware election officials around the nation are angered at not being informed by the EAC prior to the November 2006 elections about voting machine models "tested" by CIBER in use by 68.5% of the registered voters in the country. Last year the EAC took over testing responsibilities for electronic voting machines from the National Association of State Election Directors (NASED) and refused to grant CIBER interim accreditation because of numerous deficiencies at the test lab located in Huntsville, Alabama. Slingerlend and CIBER founder Bobby Stevenson both took advantage of the "old news" to unload thousands of shares of stock between the non-accreditation and its public disclosure by the New York Times in January. Stevenson sold $1.6 million worth of CIBER stock during the half-year of silence by the EAC about the non-accreditation. Slingerlend sold 7,500 shares in August 2006, two weeks into the EAC blackout after CIBER lost its authorization to test voting machines. In December, Slingerlend unloaded another 10,000 shares fetching him a total of $116,569 before the secret report became public information. Although CIBER's failures are news to the public and many election officials around the nation, they are indeed "old news" to those in the know. CIBER's chief voting machine technician is Shawn Southworth and he has been doing questionable work for years. In 2002, Georgia's 22,000 Diebold touch-screen voting machines all had to be "patched" in the weeks before the November election following CIBER testing of the software used to operate the machines. Although Southworth had certified the machines as good to go, they froze up instead. Kara Sinkule of the Georgia Secretary of State's office would later explain: "The patch repaired a communication issue between the TS units operating software (WIN CE 3.0) and the voting software. From time to time communication between these two elements would be interrupted and a screen freeze would occur on the voting unit. The patch ensured the two elements remained in constant communication, thus eliminating screen freezes during voting." In 2003, Ohio Secretary of State Ken Blackwell had independent studies conducted of the state's ITA certified voting machines. Compuware Corporation reviewed both software and hardware of the state's four voting machine vendors, after CIBER had approved vendor software, and discovered 57 security risks in the four systems including high risk flaws. BlackBoxVoting.org was able to obtain copies of CIBER's test reports to NASED from 2003 for Diebold and VoteHere voting machines, which admit, "Penetration Analysis not reviewed by software ITA." Despite the blatant admission of security non-testing of the software, the machines were certified for use by voters. Of course, the CIBER report was marked "Proprietary" and not released to the general public in a timely manner. In 2005, a computer-savvy voter, John Washburn, studied the Wisconsin voting machine certification process and presented his findings to the Wisconsin State Board of Elections. Washburn found, "Neither Ciber nor Wyle [another ITA] provided in any of the reports the system identification….This means it is impossible to tell which system the reports apply to." Further, "The Ciber report was so short and incomplete it is impossible to tell what if any testing was done or more importantly how such testing was done. The NASED number, N-1-06-22-22-001, for the systems was issued on June 27, 2005 but the ITA reports were not completed until August 4, 2005. This means the NASED number was issued before the NASED Voting Systems Board had received the test results." "In conclusion, the failure of the NASED ITA system in general and the particular failures of Ciber Labs (in all of its prior incarnations) to perform adequate testing of voting machines is a problem stretching back for more than a decade. This means that voting systems have been approved by "ITA" labs and state election officials have relied upon those approvals. Because of this elections have been held using voting equipment which has never been adequately tested." In 2006, Colorado's use of CIBER testing reports drew fire from Dan Wallach of Rice University who conducted a review of Colorado's electronic voting machines as an expert witness in litigation over use of the machines. Wallach found, "The Ciber report contains absolutely no evidence that they performed a meaningful security analysis of the Hart InterCivic system." In discussing CIBER's test report of ES&S voting machines Wallach cites a CIBER claim that has been redacted from the public record by the Colorado Attorney General, "This statement [redacted] is entirely false!...A statement like Ciber's directly indicates that Ciber has absolutely no idea what it's talking about." Stay tuned... EAC secret reports reveal sloppy, incomplete and non-existent testing by Ciber test lab By Michael Richardson 30 Jan 2007 Hours after our earlier report on threatened subpoenas against the Election Assistance Commission (EAC) and its banned voting machine test laboratory, Ciber, Inc. by the New York State Board of Elections, the company supplied information concerning its lack of accreditation to New York officials. Commissioner Doug Kellner called the secret reports "soiled laundry" that both the company and EAC were trying to hide. Yesterday, the EAC reacted to the disclosure by Ciber of confidential EAC documents by releasing the assessment reports upon which last summer's non-accreditation decision was based. The documents, kept secret by the EAC for half a year, reveal a shocking level of incompetence and negligence by the "independent testing authority" (ITA) which tested electronic voting machines used by 68.5% of the registered voters in the November 2006 election. The EAC assessment report from July 2006 of the Ciber test lab in Huntsville, Alabama found, "critical processes were not implemented nor procedures followed." The EAC inspector wrote, "CIBER is unable to follow their own defined processes and procedures to ensure the quality of their work." As previously reported, Ciber made a merger with Wyle Laboratories, another test lab in Huntsville, in a bid to shore up its deficient operation and save lucrative testing contracts. Both companies were examined for quality assurance compliance. "CIBER's reports provide limited or no descriptions of the testing performed so a reader or reviewer can not tell if all the testing was completed. Cross checking between CIBER and Wyle reports has revealed at times that neither ITA has performed certain tests, expecting that the test was done by the other." "CIBER has not shown the resources to provide a reliable product. The current quality management plan requires more time to spend on managing the process than they appear to have available and it was clear during the assessment visit that they had not accepted that they have a responsibility to provide quality reviewed reports that show what was done in testing." "In addition, during the review, ITA Practice Director, indicated that the testing for a product tends to either use vendor developed tests or new tests developed specifically for the product--they have no standard test methods defined. This makes their testing dependent on the vendor input and vulnerable to unique vendor interpretations." The ITA Practice Director in charge of Ciber's sloppy work is Shawn Southworth. Southworth is no newcomer to electronic voting machines. Prior to federal oversight of the test labs, certification was conducted by the National Association of State Election Directors (NASED) where Southworth participated as an "ex officio" member of the Voting Standards Board. Chairing the NASED board was Thomas Wilkey, now EAC executive director. Also serving on the qualifying panel with Wilkey and Southworth was Donetta Davidson, current chair of the EAC. On January 3, 2007, the day before the New York Times revealed Ciber's non-accreditation and the months of EAC secrecy about the lab failures, Ciber officially responded to the EAC with Southworth providing the excuses to his old NASED colleague Tom Wilkey. For failure to have scheduled quality assurance reviews, Ciber explained, "This comment was due to the ITA's relatively loose handling of meetings. Since we are a small group we often just call each other down the hall for a meeting…." For gaps in the Ciber-Wyle merger that caused lack of testing, Ciber explained, "We were not aware this was an issue or that our scope of testing would change." Further, "At this moment Shawn is working with Wyle to outline the relationship between the two companies." For lack of standardized testing, Ciber explained, "At the moment, we have not had an opportunity to test the new methods on actual projects. Until this time comes, we will not know for sure how our standardized test methods will perform. The cause of this comment seems to be that we did not know what was missing until it was pointed out." For failure to use National Institute of Standards and Technology (NIST) technical testing checklists, Ciber explained, "At the time of writing our process and procedures documents we were unaware of these requirements." The secret reports do not reveal which election jurisdictions received untested voting machines and are in sharp contrast to public statements by Ciber about its testing program. The longstanding relationship between Shawn Southworth at Ciber and EAC's leadership team of Wilkey and Davidson raise questions about the secrecy of the accreditation process. Senator Diane Feinstein has written to EAC chair Davidson demanding answers. EAC's "New York Brother" and "Sis" responsible for NASED's certification of banned test lab Ciber, Inc. By Michael Richardson Election Assistance Commission Executive Director Thomas Wilkey moved to the EAC after serving on the National Association of State Election Directors Voting System Board, which he chaired. Wilkey's current boss at the EAC is Donetta Davidson, Chair of the federal commission. Davidson is a former president of NASED and served with Wilkey on the Voting System Board, which was tasked with certifying "independent testing authorities" to perform tests on electronic voting machines used throughout America. In 2002, the Help America Vote Act transferred testing responsibility from NASED to the EAC, which took over the duties in July 2006. When it came time to issue interim accreditation to the test labs, EAC technical specialists found that Ciber, Inc. had failed to adequately document security testing while under NASED's certification. Serving "ex officio" on the Voting Systems Board, headed by Wilkey, was Shawn Southworth of Ciber. The National Institute of Standards and Technology has since recommended to the EAC that two other test labs perform the work formerly done by Ciber. Davidson, who twice testified before Congressional hearings last year on voting machine certification failed to disclose the problems with the Ciber test labs to members of Congress. Senator Diane Feinstein has since asked Wilkey to explain why Ciber was not issued interim accreditation and why the public and election officials around the country were not notified before the November 2006 elections. During the six months of secrecy from the EAC about the test lab ban, Ciber founder Bobby Stevenson sold $1.6 million worth of stock in the company. Ciber CEO Mac Slinglend also did some insider trading unloading $115,000 worth of the stock while the public was unaware of the EAC action against the company. The failures of Ciber testing that led to the denial of interim accreditation were not under the EAC watch but instead arose under certification by Wilkey's NASED's Voting Systems Board. Can EAC Chair Davidson be counted on to properly supervise her new subordinate? Maybe not, according to emails obtained by BlackBoxVoting from 2004 when both served on the NASED certification panel. Email traffic between the pair raise questions about their relationship. On July 15, 2004 at 2:21 pm, Wilkey emailed Davidson: "You are actually reading your emails…WOW!!! Yes I will see you on Saturday. I get in about 9 pm so we will have a nightcap if you are not out partying on Bourbon Street. Love, Your New York Brother." Two weeks later on July 29, 2004, after the nightcaps in New Orleans, Davidson sent Wilkey an email: "My Dearest Brother, Life has not slowed down, but I am staying out of trouble. Hope to talk to you soon, on the PHONE. That way I get to hear your voice. Love your Sis." Now the cozy relationship between the two former NASED regulators can blossom at EAC where Wilkey reports to Davidson. Wilkey's role in certifying electronic voting machines goes back a long way. According to his official agency biography, Wilkey helped draft the first voting system standards in country back in 1983 while working with the Federal Elections Commission. "An early proponent of the creation of the National Association of State Election Directors, Wilkey has served as secretary, treasurer, vice-president and was elected president for 1996-1997. In January, Wilkey was named chair of NASED's Independent Test Authority Accreditation Board, which reviews and approves laboratories and technical groups for the testing of voting systems under NASED's national accreditation program. He was reappointed chair in 2000." Wilkey's watchdog role over voting system security also gained him appointment to an advisory board of the Department of Defense's Federal Voting Assistance Program, which assists six million military and overseas voters. Ciber, one of Wilkey's NASED approved test labs, since banned, conducted the security testing of the FVAP computer system. Now "New York Brother" and "Sis" are tasked with protecting the voting machine security for the entire nation. The earlier role of the two EAC leaders in oversight of Ciber's lax work that led to non-accreditation may well be the subject of Congressional hearings before the year is out. [Permission granted to reprint] Insider trading stock sell-off by Ciber execs during EAC secrecy over voting machine test lab ban By Michael Richardson 23 Jan. 2007 Although the public was not informed by the Election Assistance Commission about its decision to not issue interim accreditation to Ciber, Inc., one of the nation's three previously certified test laboratories for electronic voting machines, the company executives were very aware they had lost a hold on the lucrative testing business. While unknowing election officials around America continued to incorrectly claim their voting machines were properly tested and certified in the months leading up to the November 2006 elections several Ciber honchos quietly began a stock sell-off. The EAC took over testing responsibilities for electronic voting machines from the National Association of State Election Directors in July 2006 and issued interim accreditation to two of the NASED certified test labs on August 15, 2006. The Ciber laboratory was left off the approved list for inadequate quality assurance testing and failure to document tests were performed. For reasons the election agency still has not explained, the non-accreditation of Ciber was kept from public knowledge until a January 2007 article in the New York Times. Senator Diane Feinstein has written to the EAC demanding answers about the non-accreditation and subsequent secrecy about the test lab ban. Meanwhile, Ciber director and founder Bobby G. Stevenson began a quiet stock sell-off on August 2, 2006, of 25,000 shares every two weeks. During the EAC news blackout on Ciber's non-accreditation until the New York Times article was published, Stevenson was able to unload 262,500 shares of Ciber stock for a tidy $1,609,384 according to reports filed with the Securities and Exchange Commission. In December, three weeks before the Times expose, Ciber executive vice-president David Girard, picked up some holiday spending money selling $5,056 worth of Ciber stock. Ciber's CEO, Mac J. Slingerlend, also did some insider trading during the EAC blackout unloading 7,500 shares on August 30, 2006 for $49,620 and 10,000 shares in December for an additional $66,949. Ciber is one of the nation's top 100 government contractors and in 2005 was reported to have won $80,000,000 in federal contracts. The non-accreditation of Ciber for inadequate testing and documentation by the EAC and subsequent failure to obtain a favorable recommendation by the National Institute of Standards and Technology for future accreditation casts a large shadow on Ciber's government contracts. One of Ciber's federal contracts that has voting rights advocates concerned is the work Ciber did for the Department of Defense's Federal Voting Assistance Program that assists military and overseas voters with registration and absentee voting. Ciber's work on the FVAP network of computers included, "testing and validation of both the system's functionality and security." Ciber also tested the military voting assistance program for "security penetration assessments" and purportedly documented "system exposures and vulnerabilities." Until the EAC answers Senator Feinstein's query it is unknown how many of the voting machines used in the November 2006 elections were not properly certified. Ciber's market share of the testing business was huge with Ciber certifying electronic voting machines used by 68.5% of the registered voters in the recent election. [Permission granted to reprint] Two NASED approved voting machine test labs fail to gain a NIST recommendation to EAC By Michael Richardson 19 Jan 2007 Two of the three electronic voting machine test labs certified by the National Association of State Election Directors, Ciber and Wyle, have failed to gain a favorable recommendation from the National Institute of Standards and Technology for accreditation by the Election Assistance Commission. When the EAC took over accreditation of the test laboratories from NASED last year under terms of the Help America Vote Act, the EAC did not grant interim accreditation to the nation's largest voting machine test lab, Ciber, because of poor quality assurance and failure to document testing. Ciber certified electronic voting machines used by 68.5% of the registered voters in 2006. Failure of the EAC to alert election officials around the nation that the Ciber lab had not been accredited has been sharply criticized and Senator Diane Feinstein has asked the beleaguered commission to explain why Ciber was not accredited and why there was not timely notice of the action to election officials. In an apparent bid to shore up confidence in the banned test lab, Ciber has announced a merger with Wyle, another NASED approved lab, creating a "best of breed" inspection team. So far, the ploy has failed and may have cost Wyle its lucrative contracts as well. NIST inspectors have recommended to the EAC that SysTest Labs and iBeta Quality Assurance get the testing business leaving the new Ciber-Wyle team looking for work. Both Ciber and Wyle have many government contracts with other agencies but it is unknown at this time if the NIST recommendations will have any impact on the other contracts. One Ciber contract, with the Department of Defense, needs review in light of the EAC decision to deny interim accreditation. Ciber did the security testing of the computer system used by the Federal Voting Assistance Program, which serves military voters. As many as six million uniformed and overseas voters depend on the FVAP to help them with registration and balloting. Now the NIST report adds a new level of federal lack of confidence Ciber's work. SysTest, the only remaining NASED approved test lab still on track for EAC accreditation, has found itself in the center of controversy resulting in a recent directive from the EAC about partisan political activity. Brian Phillips, president of SysTest, took on a consultation role with one of the law firms involved in ongoing litigation over the infamous 18,000 "undervotes" in Sarasota's 2006 election. Phillips told the Denver Post it was no big deal and that he only observed a test and conferred with members of a law firm. The certification of the iVotronic paperless voting machines in Sarasota that Phillips went to confer about has been a subject of concern in Florida. The Sunshine State does not use federal certification of its voting machines. Ciber was the prime federal testing lab for iVotronic machines yet Florida claims to have had Wyle conduct the tests instead. Now, with the announced Ciber-Wyle merger the actual independence of the two firms, both conducting their tests in Huntsville, Alabama, calls into question Ciber's real role in the certification of Sarasota's machines. Florida election officials have admitted to the Sarasota Herald Tribune that Ciber did test the county's election management tabulators and the Florida Division of Elections has used Ciber reports to prepare its technical advisories to local election officials. Information on actual testing of electronic voting machines is secret. It is nearly impossible for the public to know who tested what when. The two excuses made for the secrecy are a need to maintain security and the protection of proprietary software. Meanwhile, the 18,000 "undervotes" in Sarasota go unexplained. [Permission to reprint granted By Michael Richardson 18 Jan 2007 The efforts of the Election Assistance Commission to accredit test laboratories for the nation's electronic voting machines have left the country with only two labs, SysTest and Wyle, operating on interim approval; and one laboratory, Ciber, left unaccredited since the National Association of State Election Directors got out of the certification business last year. Published reports indicate the Ciber lab was denied interim accreditation last summer for a history of inadequate quality assurance and inability to document that critical tests were performed. The EAC is saying little about the matter to the media and has now been requested by Senator Diane Feinstein to explain why Ciber was not accredited and why disclosure of that fact was kept from election officials around the nation. EAC regulatory staff might just want to peek at Ciber's website where they will discover that the banned Ciber lab has merged its testing division with EAC approved Wyle lab. Ciber boasts, "The CIBER-Wyle team is your single source for independent voting machine testing." "With the growing demand for premier independent software/hardware testing of Voting Machines, CIBER and Wyle have joined forces are now offering the quality independent testing solutions needed for voting machine systems supporting the Election Assistance Commission standards." "Our teams, co-located in Huntsville, Alabama, have now integrated best of breed testing solutions, CIBER for software testing and Wyle for their hardware testing capabilities. By teaming we now offer complete independent voting system testing solutions for voting system vendors and for state governments." "We combined the two most experienced labs and staffs in the country into one efficient organization. We provide a co-located testing facility on one campus for all your testing needs. Successfully tested and recommended for certification the industry leaders in voting systems. Specialized support for prequalification testing and anomaly resolution/verification." The Ciber website also has a pitch for state business as well as electronic voting machines vendors but they should have used a grammar check. "The CIBER-Wyle team will help you to make sure that your election is run with little or no room for criticism. They will assist in areas such as assuring that you have the current certified copy of your voting vendor's hardware and software and that you will have implemented a set of state voting standards that will meet the [sic] with the majority of the voters' approval, taking into consideration the usability and accessibility of the voting system." Ciber's role in testing of voting technology was more than issuing reports to vendors and states, like Florida, which rely upon Ciber reports for their technology advice to local election officials. Despite the growing number of reports about inadequate testing, now leaking out about Ciber's failures, which reveal long-standing problems of deficiency, the test lab also serviced the Department of Defense. Ciber's self-promotional web page about the Federal Voting Assistance Program provides Senator Feinstein with new areas needing review for sloppy work on the voting system that assists military voters. "The scope of the work included testing and validation of both the system's functionality and security….based on our certification as an Independent Test Authority, CIBER was awarded this work….Ciber performed system security penetration assessments….Based on this work, CIBER documented system exposures and vulnerabilities. Periodic penetration assessment continued during system operation." The merger of the two "independent" test labs into one team raises red flags about Wyle's interim EAC accreditation status; while Ciber's voting security testing for the Defense Department, based on its earlier NASED certification, may soon be getting review by Congress. [Permission granted to reprint] Banned testing lab certified voting machines used by 68.5% of nation's registered voters in 2006 elections By Michael Richardson 15 Jan 2007
Last week Christopher Drew of the New York Times informed a shocked nation that the leading independent testing authority of electronic voting machines, Ciber, Inc. of
The federal Election Assistance Commission, which certified the Ciber testing lab, secretly pulled its certification last year, without informing the public or election officials relying on Ciber's results. Independent testing centers, including Ciber, are not really independent at all and are funded by voting machine vendors to whom they issue their testing reports and only recently have come under federal scrutiny.
The EAC has yet to explain why it withheld the decertification of Ciber from the voting public and the omission has entangled the controversial election oversight panel in the growing national distrust of electronic voting machines and may threaten its continued existence.
How many voting machines might be affected by the lax security inspections of Ciber?
Respected electronic voting machine authority and self-described politechnologist Joseph Hall did some digging. "The answer was not something I would have predicted? I knew Ciber did a good deal of software ITA testing, but it looks like, in terms of voting system deployment, that Ciber qualified the voting systems used by 68.5% of the registered voters (67.9% of precincts) in the 2006 election."
Hall explained the difficulty he encountered to acquire his data. Since the test reports are not public, it is difficult to find information about who tested what when.
Undeterred by the veil of secrecy surrounding the testing of electronic voting machines, Hall used old testing identifiers, called NASED numbers, to track the deployment of voting machines around the nation. Ciber tested any machine that had a NASED number beginning with the digit 1.
" With this key piece of information, we can use published lists of qualified voting systems to determine which models were qualified by Ciber"explains Hall. Discovering that Ciber tested the vast majority of machines in the country Hall says, "In fact, it is much more simple to list which systems were not qualified by Ciber."
Hall concludes, "I suppose it would have been completely impractical to decertify all these systems. Even decertifying those systems in which the qualification testing Ciber performed was specifically lacking would likely be a significant double-digit percentage of voting systems used by registered voters." One thing the ITA laboratories, or any other testing agency, cannot determine is if an electronic voting machine has been rigged with malicious self-deleting software code. All voting machines and optical scan vote-counters are subject to being hacked with self-deleting code that cannot be detected with any test. Self-deleting software code does its dirty deeds, including flipping or erasing votes, and then deletes itself erasing any sign of tampering.
A growing number of election integrity advocates are realizing that software technology has no place in the election systems of our country because of the inability to even detect mischief. The solution that is emerging is both simple and obvious, a return to time-tested hand-counting of paper ballots.
[Permission granted to reprint]
U.S. Election Assistance Commission Chair, Donetta Davidson, Knew About Problems of Voting Machine Test Labs But Kept Quiet The more we peel away the layers of the onion, the more we find that it seems to stink to to high heaven. The latest chapter in our continuing series on the hidden world exposed by the recent failures of voting machine test lab CIBER to receive "interim accreditation" from the U.S. Elections Assistance Commission (EAC), is no exception. The EAC's current Chair, Donetta Davidson, seems to have a long, storied and increasingly well-documented history of silence concerning electronic voting machine test laboratory problems and has been an active partner with EAC Executive Director Tom Wilkey --- whose roll in this mess we've examined in detail in previous articles (here, here and here to link to just a few of our reports in this continuing series) --- in keeping the public uninformed about failures in the secret test labs. Wilkey is at the center of the controversy surrounding a failure to disclose to both the public and election officials around the nation that CIBER, Inc.,, the country's largest so-called "Independent Test Authority" (ITA), was banned last summer from further testing of voting machines. As previously reported by The BRAD BLOG, Wilkey kept test lab problems hidden from public scrutiny for years in his earlier duties at the National Association of State Election Directors (NASED) where he was in charge of monitoring and qualifying the labs. Davidson is now Wilkey's boss at the EAC where she landed after serving as Colorado's Secretary of State since 1999 where she was later tied to significant failures by that state in properly certifying electronic voting systems. A judge last year condemned the state's practices and ordered the state, effectively, to start over from scratch after the debacle. Over the years, the paths of Davidson and Wilkey have crossed many times because of their mutual roles in the hidden world of voting machine testing. Davidson and Wilkey both have served together on the board of The Election Center, a non-profit group of mysterious background headed by R. Doug Lewis, which provided technical assistance, training, and lobbying support to NASED members. Lewis, a key player in test lab secrecy, mentored Davidson and Wilkey as they gained control of the ITA testing infrastructure. Davidson has also served on NASED's Voting Standards Board, as chaired by Tom Wilkey, which qualified the test labs. The two kept in touch, Davidson in Colorado, Wilkey in New York, at conferences, via email, and over the phone. The conferences, often held in tourist destinations, were a special time for the two to get together... BlackBoxVoting.org was able to obtain under Freedom of Information requests copies of some of the email traffic between Davidson and Wilkey [PDF] (see page 1) as they went about their official business. On July 15, 2004, Wilkey emailed Davidson arranging a late-night rendezvous: You are actually reading your emails…WOW!!! Yes I will see you on Saturday. I get in about 9pm so we will have a nightcap if you are not out partying on Bourbon Street. Love, Your New York Brother. Two weeks later, after the nightcaps in New Orleans, Davidson sent Wilkey an email on July 29, 2004, that shows a deepening relationship between the two voting machine regulators. Davidson gushed: My Dearest Brother, Life has not slowed down, but I am staying out of trouble. Hope to talk to you soon, on the PHONE. That way I get to hear your voice. Love your Sis. A month after "Sis" pined to hear Wilkey's voice she forwarded to a staffer an email she and Wilkey received from Doug Lewis PDF (p.70) warning about the "crazies" who were critical of the Election Center's acceptance of conference support funds from the very same electronic voting machine manufacturers whose voting machines were being tested. Davidson and Wilkey closed ranks around the Election Center against the voting integrity "crazies". When Lewis took several weeks off from work for elective surgery Davidson and Wilkey [PDF] (p.28) dipped into their own flower fund for Lewis and shipped him a houseplant as a get-well gift with other Election Center board members. When Lewis returned to work he fired off a "HEADS UP" notice [PDF] (p.35) to Davidson and Wilkey and others warning, "[T]he attacks are likely to escalate." This time the"crazie" was John Gideon, a respected voting integrity advocate, of VotersUnite.org as well as a frequent Guest Blogger here at The BRAD BLOG. Gideon had written to the EAC cautioning about the Davidson-Wilkey-Lewis controlled Election Center. Gideon warned, "In accepting funds from the voting machine industry and putting on a program that is strongly sponsored by the same industry, Mr. Lewis and the Election Center are violating their own principles and standards of conduct." That same summer, the U.S. House Science Environment Technology and Standards Subcommittee conducted a hearing on the Help America Vote Act (HAVA) and "the role of testing and standards." Wilkey, who had battled to keep the ITA certification process out of federal control during debate on passage of HAVA, was a star witness. To help Wilkey promote their mutual self-interest, Davidson had an advance chat with U.S. Representative Mark Udall (D-UT) [PDF] (p.62) who served on the subcommittee to soften him up. "Sis" and "New York Brother" made an effective team to protect their true role in monitoring the test labs. Now Wilkey was suddenly championing NASED's purported efforts in bringing NIST into the process. Davidson, as Colorado's Secretary of State, had her own pipeline into the hidden test lab world and cannot deny her own personal longstanding knowledge of failures within the secret labs. In late 2003, J. Kenneth Blackwell, then-Secretary of State in Ohio, issued a report disclosing that an independent review of ITA approved voting machines by Compuware, had discovered 57 security flaws--after the test labs qualified the machines. Drew Durham, Davidson's HAVA compliance officer, sent her a pointed email memo [PDF] (pages 4-6): This is yet another report which raises an important issue. How come the ITA's did not catch these problems? As I have suggested in the past, the structure of the current ITA review process needs to be revisited. First, the ITAs have an improper contractual obligation to the vendors rather than NIST or the EAC or even NASED. The ITAs have to sign a confidentiality agreement with the vendors and have privity of contract with the vendors. The public perception is that they work for the vendor and not the election administrators/certifiers. Legally, they are contractually bound to the vendors. Now, over three years later, Davidson is being asked similar questions by Senator Diane Feinstein as shocking details about the glaring errors and failures of the CIBER test lab continue to emerge from behind the wall of secrecy after a recent, scathing front page exposé by the New York Times. This stinking onion may well be rotten to the core. Stay tuned as we continue to peel back each of its malodorous layers...
|