Feds Failed to Warn on Flawed E-Vote Lab

The Election Assistance Commission (EAC), which is responsible for
accrediting testing labs that inspect electronic voting machines, failed to
notify local officials that it has refused to accredit Ciber, which tests
the software for most of the electronic voting systems currently in use.

Ciber was allowed to certify software patches, such as the ones that fix problems
that surfaced in the run-up to November’s mid-term elections, notably in
Maryland, where e-poll book devices caused havoc during the 2006 primaries.

Officials in California and other states also relied on a report from Ciber that dismissed concerns raised by computer
experts who demonstrated security flaws in electronic voting machines.

Local election officials were not made aware of Ciber’s status, however,
reinforcing claims by election integrity activists that the EAC is more
concerned with protecting voting machine vendors than the rights of the
electorate.

In testimony given to the House of Representatives on July 19, 2006, EAC
Commissioner Donetta Davidson noted that her agency had enacted “a
certifying process for the first time,” but made no mention of Ciber at the
hearing.

The initial assessment of Ciber was completed on July 20.

Davidson also testified that the EAC will “maintain a register of accredited
labs and post this information on its Web site to fully inform the public
about this important process.”

But the relevant Web page has
no information or working links under such headings as “EAC Fully Accredited
Laboratories,” “EAC Denials of Certification” or “EAC Decertification
Actions.”

The fact that the EAC has not re-certified Ciber was not disclosed until an
article published by
the New York Times brought the issue to light on Thursday.

Warren Stewart, policy director of Vote Trust
USA
, a non-profit election integrity group, said he was “stunned” by the
revelation. “I’m almost speechless about it.”

He said that the fact that the EAC chose not to reveal this information
“underlines the whole problem with having voting machines certified as a
private-sector transaction. This makes it clear that we need a fully independent testing authority funded by the federal government,” he told internetnews.com.

EAC spokeswoman Jeannie Layson said the fact that Ciber has not been
re-certified demonstrates that the oversight process is working.

“I don’t think it’s correct to say we ‘decertified’
Ciber,” she continued. “They applied for interim certification and have not received it due to the [flawed processes] cited in the [New York Times] article.”

Layson said the EAC has not made any public announcement about Ciber because
the certification process is not yet completed.

“We are still in the process of making the determination whether they will
receive interim accreditation, and when that determination is made we will
certainly make that info public, just as we did with the other two labs,”
she wrote in an e-mail.

Ciber, which is based in Greenwood Village, Colo., was re-assessed on
Dec. 5 and Dec. 6 and has still not received interim certification.

Stewart said this attitude demonstrates that “the EAC is being too
deferential to the interests of the voting-machine industry and is not
concerned enough with the primary stakeholder in elections, which is the
American voters.”

Officials from Ciber did not return a call requesting comment.

According to this page on the EAC Web site, the interim
accreditation is valid until Jan. 1, 2008. The page also lists the two
labs that have been accredited so far: SysTest Labs of Denver, Colo., and
Wyle Laboratories of Huntsville, Ala. (which is accredited for hardware
testing only).

According to Jan Kosko of the National Institute of Standards and Technology
(NIST), five labs are seeking accreditation as potential voting system
testing laboratories through the NIST’s National Voluntary Laboratory
Accreditation Process.

News Around the Web