Guest Blogged By Michael Richardson

Sometimes facts seem like fiction and sometimes fiction seems like fact. San Francisco voting machines have now provided both fodder for a new detective novel and a novel new lawsuit.

San Francisco City Attorney Dennis Herrera is the author of the lawsuit filed in San Francisco Superior Court against Election Systems & Software (ES&S) alleging fraud and breach of contract. Herrera charges that ES&S intentionally sold uncertified machines to the city and is seeking to recover $300,000 in damages.

The city lawsuit closely follows another lawsuit against ES&S earlier in the week by Secretary of State Debra Bowen. The state lawsuit seeks nearly $15 million in damages for the sale of uncertified machines in a number of counties.

Mark Coggins is the author of RUNOFF, the fourth novel in a series, about gritty private detective and professional smartass, August Riordan, who is hired to solve a rigged city election. In a special author's note, Coggins explains the characters are "complete figments of my imagination." Coggins also notes that the scenario in the book could not occur in San Francisco because of a law change in 2003.

"Residents of San Francisco will know--and perhaps now appreciate that the city does not use touch screen voting machines. They should also be aware that San Francisco is one of the few American cities to adopt ranked choice voting, which eliminates the need for runoffs. This was done after the 2003 mayoral election, but in my fictional version of the city runoffs are still possible, and, as it happens, very useful to the plot."

Riordan gets hired by the "Dragon Lady" of Chinatown to crack the case of the rigged voting machine. Before the detective is done investigating, the plot twists and turns leaving dead bodies all over the place. The first murder is nobody less than the city election director himself, killed in his basement elections division office at City Hall.

Seeking out technical assistance, the sleuth visits Professor Ballou at Stanford University, an echo of real life Stanford computer science professor, e-voting activist and expert, VerifiedVoting.org founder David Dill, who is thanked by the author in the book's acknowledgements.

Ballou gives Riordan the short course on voting machine security. "A touch-screen voting machine is just a computer --- a specialized kind of computer, but a computer nonetheless. Erroneous outcomes could happen for a variety of reasons, including software and hardware errors, procedural errors, security holes or hacks installed into the voting machines."

The modern day fictional noir detective, straight out the proud and gritty Sam Spade tradition, probes the fictional professor more about vote machine rigging, as the fiction ends and the facts begin. Riordan asks Ballou about ways to hack a voting machine.

"I'm afraid there are many, many different ways, but I'll try to focus on a few of the most likely. First, starting at the polling place, when the memory is removed from the computer, a corrupt pollworker could alter the results for the precinct before turning them in. It's much easier than ballot box stuffing because you only need to change one number and there is no need to steal or forge ballots."

But there is more, as the Professor's ominous instruction to Riordan is at least as terrifying in reality as it is under the guise of fiction...

By Michael Richardson and Brad Friedman

While revelations surrounding the mysterious 18,000 "undervotes" in the November 2006 U.S. House election between Christine Jennings and Vern Buchanan in Florida's 13th Congressional district continue to inform the nation about the dangers of electronic voting machines, new information has recently come to light exposing a shocking lack of responsible oversight by those entrusted with overseeing the certification of electronic voting systems at the federal level.

An investigation into what may have gone wrong in that election has revealed a serious security vulnerability on some, and possibly all, versions of the iVotronic touch-screen voting system widely used across the country. The iVotronic is a Direct Recording Electronic (DRE) touch-screen voting machine manufactured by Elections Systems & Software, Inc. (ES&S), the nation's largest distributor of such systems.

The vulnerability is said to allow for a single malicious user to introduce a virus into the system which "could potentially steal all the votes in that county, without being detected," according to a noted computer scientist and voting system expert who has reviewed the findings.

And yet, despite their federal mandate to serve as a "clearinghouse" to the nation for such information, a series of email exchanges between an Election Integrity advocate and officials at the U.S. Elections Assistance Commission (EAC) has revealed that the federal oversight body is refusing to notify states of the alarming security issue.

The recent email conversation shows that even in light of the EAC's review of the warning from the computer scientist who characterized the "security hole" as severe, needing to be "taken very seriously," and among the most serious ever discovered in a voting system, the EAC is unwilling to take action.

Recent reports by the Government Accountability Office (GAO) have taken the EAC to task for a failure to meet their legislated mandate for informing the public and elections officials about such matters. However, a review of the email communications to and from the EAC's Jeannie Layson shows that the federal body is steadfast in their refusal to take action to alert either elections officials or the public about the security risk recently discovered by a team of eight noted computer scientists.

The EAC's current Chairwoman, Executive Director, Director of Voting System Certification, and other top officials at both the National Association of State Election Directors (NASED), and even the GAO, were included in the series of email communications, The BRAD BLOG has learned.

The vulnerability was initially discovered by a panel of scientists convened by the State of Florida to study the possible causes for the FL-13 election debacle. The team's discovery revealed that a design issue in the widely used iVotronic system could allow for a viral attack, by a single individual, which could then spread unnoticed throughout the electronic election infrastructure of an entire county.

A similar vulnerability was found in DRE touch-screen system made by Diebold last Summer by a team of computer scientists at Princeton University.

Attempts to seek information about EAC plans to notify other states and local jurisdictions that use the same vulnerable voting systems as the ones in FL-13 have been met with an astounding refusal, troubling denial, buck-passing, and a lack of accountability by the federal commission of Presidential-appointees. The agency has also come under fire in recent weeks for a number of questionably partisan decisions and other failures to perform as mandated by the Help America Vote Act (HAVA) of 2002.

Of late, the EAC has been forced to respond to a great deal of controversy, on a number of different operational matters and policies, as revealed by a series of articles on this site and in mainstream outlets such as the New York Times and USA Today. Several of those matters have drawn Congressional notice, questioning of EAC officials, and letters of inquiry. Thus, this latest revelation is likely to add to the rising concern of Congress members as new federal legislation introduced by Rep. Rush Holt (D-NJ), currently facing mark-up by a Congressional committee, would permanently fund the now-embattled EAC. Funding for the agency was originally mandated by HAVA only through 2005.

The new ES&S iVotronic vulnerability first emerged on February 23, 2007, when the Florida Dept. of State released a report detailing their findings from the investigation into what happened in Sarasota's still-contested Jennings/Buchanan race. That election was ultimately decided by just 369 votes. The state's official findings included a report [PDF] conducted by an eight-member computer science and technology team under the auspices of Florida State University (FSU). The report sought, unsuccessfully, to determine the cause of the unexplained "undervotes" reported by the iVotronic touch-screen voting systems used in Sarasota's portion of the FL-13 race on Election Day and in early voting.

Although the reason thousands of votes turned up missing from those systems remained unknown, the study team did discover a serious security flaw in the iVotronic system that is used in Sarasota and many other jurisdictions across the country (and even the world, as France is set to use the same systems in their upcoming Presidential Election.)

Election integrity watchdog John Gideon, a frequent BRAD BLOG contributer and the Co-Director and Information Manager for VotersUnite.org, says that the security flaw may pertain to "every ES&S iVotronic voting machine used in the US and overseas." A total of eight separate versions of the system --- without and without so-called "voter verified paper audit trail" (VVPAT)" printers --- are currently approved as qualified at the federal level, he explained. Three of those are definitely affected and it is likely that the others are as well.

The details, the dangers, and the denials are all described below...

Guest Blogged By Michael Richardson

The 18,000 "undervotes" in Sarasota and other questionable elections in November 2006 election were not the only problems faced by Florida voters last year. Most of them, in fact, likely have no idea just how bad it really was.

Florida's statewide voter registration database, and election management systems designed to work with it, were plagued in early 2006 with a host of problems. Some of the details are now revealed by a raft of email messages sent recently by a source to the non-partisan election integrity watchdog group BlackBoxVoting.org which posted them quietly on their site for public scrutiny.

Sixty-four email messages to election officials, spanning a four-month period from January to April 2006, from VR Systems, a Florida corporation, document a staggering series of serious problems with Florida's new computerized voter registration database during the early months of its implementation. The emails, from Jane Watson, a manager at VR Systems, provide a disturbing picture vis a vis a nearly day-by-day report from inside the software test lab.

The Florida Voter Registration System (FVRS) is statewide voter registration database described by Watson in the emails as a "home grown system" built by IBM to Florida specifications and maintained by Department of State staff. Voter Focus is a software system, unique to Florida, which provides election management functions to 60 Florida counties.

The emails tell the tale of software failures which began in January 2006 as programmers furiously work to solve program glitches and failures prior to the state's upcoming elections. The system went online before development was complete, in order to meet the January 1st deadline imposed by the Help America Vote Act (HAVA). The source of the Florida emails, an insider familiar with the development and implementation of the database who has requested anonymity, tells The BRAD BLOG that, "The system should never have seen the light of day until the bugs were worked out. They used the voters and county election officials as guinea pigs to experiment on and test the program."

Documented failures include the software somehow, without apparent reason, switching the party registration for voters. As one of the emails describes: "We are seeing instances of voters being changed to a different party when there was no user activity. This is our top priority now." And the next day: "We worked this weekend on diagnosing voters whom we suspected as having had their party changed by Voter Focus...There were 3 counties with high numbers of suspected cases of this kind of inadvertent party change."

The emails remain unclear on whether the problems were completely found and fixed, and whether or not all voter files had been correctly restored. Later emails suggest that various related problems still existed months later when voters, whose registration should have been recorded in the system, were nowhere to be found. Votingindustry.com, a website which tracks the progress of the implementation of statewide registration databases, currently describes Florida's system as "Still working out kinks."

Jane Watson, the author of the memos, spoke with The BRAD BLOG and confirmed the authenticity of the emails. She explained that the federal government with its HAVA mandates "didn't understand the time it takes to develop programs."

While Watson stressed her confidence that no voter was disenfranchised in 2006 because of bugs in the statewide voter registration system, she admits that "party changes never have worked as well as they should" and that "there are still some things to work out..."

Guest Blogged By Michael Richardson

BOSTON - Diebold Election Systems, Inc., the controversial voting machine supplier, won't be supplying Massachusetts with its machines in 2008 and the company is not happy about it. So they are suing the state over the lost contract bid. But the solemn tone of Diebold's lawyer, William Weisberg, speaking in a hushed voice almost swallowed up by the stately, high-ceilinged courtroom of the Massachusetts Supreme Judicial Court this week, drew laughter from the jovial judge with a Cheshire cat grin and raised chuckles from the courtroom audience.

In a real upside-down, topsy-turvy presentation, Diebold was arguing on behalf of the state's taxpayers and kept talking about the "public interest" --- all while pitching to get its lucrative contract approved. In February, after a year-and-a half selection process, Secretary of State William Galvin picked rival company ES&S to supply the state with AutoMARK, accessible electronic voting equipment, as mandated by the Help America Vote Act.

As reported by the Boston Globe...

The hearing in the recently filed lawsuit was over Diebold's three emergency motions for a temporary injunction to stop delivery of the ES&S equipment, an expedited discovery order, and a confidentiality order. The judge later ruled, after the hearing, against all three motions although he allowed the lawsuit to proceed on a regular schedule.

While laughing, the judge wondered aloud about admissions made by Weisberg in the news paper that seemed to wholly contradict his failed court room strategy...

Guest Blogged By Michael Richardson

The more we peel away the layers of the onion, the more we find that it seems to stink to to high heaven. The latest chapter in our continuing series on the hidden world exposed by the recent failures of voting machine test lab CIBER to receive "interim accreditation" from the U.S. Elections Assistance Commission (EAC), is no exception.

The EAC's current Chair, Donetta Davidson, seems to have a long, storied and increasingly well-documented history of silence concerning electronic voting machine test laboratory problems and has been an active partner with EAC Executive Director Tom Wilkey --- whose roll in this mess we've examined in detail in previous articles (here, here and here to link to just a few of our reports in this continuing series) --- in keeping the public uninformed about failures in the secret test labs.

Wilkey is at the center of the controversy surrounding a failure to disclose to both the public and election officials around the nation that CIBER, Inc.,, the country's largest so-called "Independent Test Authority" (ITA), was banned last summer from further testing of voting machines. As previously reported by The BRAD BLOG, Wilkey kept test lab problems hidden from public scrutiny for years in his earlier duties at the National Association of State Election Directors (NASED) where he was in charge of monitoring and qualifying the labs.

Davidson is now Wilkey's boss at the EAC where she landed after serving as Colorado's Secretary of State since 1999 where she was later tied to significant failures by that state in properly certifying electronic voting systems. A judge last year condemned the state's practices and ordered the state, effectively, to start over from scratch after the debacle. Over the years, the paths of Davidson and Wilkey have crossed many times because of their mutual roles in the hidden world of voting machine testing.

Davidson and Wilkey both have served together on the board of The Election Center, a non-profit group of mysterious background headed by R. Doug Lewis, which provided technical assistance, training, and lobbying support to NASED members. Lewis, a key player in test lab secrecy, mentored Davidson and Wilkey as they gained control of the ITA testing infrastructure.

Davidson has also served on NASED's Voting Standards Board, as chaired by Tom Wilkey, which qualified the test labs. The two kept in touch, Davidson in Colorado, Wilkey in New York, at conferences, via email, and over the phone. The conferences, often held in tourist destinations, were a special time for the two to get together...

Guest Blogged By Michael Richardson

The BRAD BLOG has learned that Thomas Wilkey, Executive Director (bio [PDF]) of the U.S. Election Assistance Commission (EAC), has now extended the deadline for CIBER, Inc. to qualify for interim accreditation to test the nation's voting machines, despite previously reported disastrous testing conditions over several years discovered at the lab.

Wilkey previously kept problems at the CIBER test lab hidden behind a wall of secrecy including the non-accreditation of the controversial "independent testing authority" (ITA) laboratory as discovered and revealed by The New York Times last month.

CIBER, the nation's most prodigious voting machine test lab, was banned from testing last summer when accreditation responsibilities shifted from the National Association of State Election Directors (NASED) to the EAC. However, the public and election officials relying on CIBER's testing where not informed of the ban until the Times disclosed the lab shutdown in January 2007, long after the elections in 2006 were allowed to move forward on CIBER's "tested" voting machines.

Even after the Times exposé, the EAC head kept the assessment reports [PDF], which detailed lab problems, secret until a subpoena threat by the New York State Board of Elections forced release of the reports. The assessments that Wilkey kept hidden from the public revealed a shocking history of sloppy, incomplete and non-existent testing.

Only after increasing pressure, including from Senator Diane Feinstein, to come clean about CIBER's failures, Wilkey wrote to the company on January 26, 2007 [PDF] giving them 30 days to correct the identified deficiencies. Now, as the deadline approaches, Wilkey has itemized the problems in need of correction by CIBER and extended the deadline [PDF] for them until March 5, 2007.

Wilkey, once again as expected, has been very kind to the company that he seems to have spent years protecting.

Meanwhile, in written testimony [PDF] Thursday to the EAC, David Alderman of the National Institute of Standards and Technology (NIST) explained why CIBER thus far has failed to gain a favorable recommendation from the NIST for future accreditation"”CIBER actually missed the application deadline...

Guest Blogged By Michael Richardson

Thomas Wilkey, Executive Director of the U.S. Election Assistance Commission (EAC), seems to bear more direct responsibility for the growing voting machine test lab scandal than any other person. Let's connect a few dots and sift through a bit of murky alphabet soup.

For nearly a decade, Wilkey has overseen the testing process of electronic voting machines, keeping recently revealed problems with the so-called "Independent Testing Authorities" (ITA) a secret from public and elections officials alike. Wilkey also tried to prevent federal oversight of the testing process during the development of the Help America Vote Act (HAVA), and worked to keep the National Institute of Standards and Technology (NIST) out of his hidden world.

The EAC inherited the responsibility of qualifying voting machine test laboratories from the National Association of State Election Directors (NASED), where Wilkey strategically positioned himself to control the test laboratories. When HAVA eventually assumed responsibility for the test laboratories from NASED and handed it to the EAC, Wilkey worked behind the scenes to try to keep control over the labs for himself.

Wilkey, formerly the director of the New York State Board of Elections, was appointed to his present position at the helm of the EAC on June 20, 2005. At the time of his appointment, Wilkey chaired the NASED Voting Standards Board, which oversaw the testing labs for voting machine qualification. Wilkey, a founder and past-president of NASED, also chaired the organization's ITA Committee from 1998 until his departure to the EAC.

As well, Wilkey also served several tours of duty on the board of directors of The Election Center, a non-profit group of dubious (or at least mysterious) background headed by R. Doug Lewis, who is also one of the founders of NASED. The Election Center acted as technical consultants to NASED on voting machine testing. From 1998 until his move to the EAC then, Wilkey was in charge of every aspect of control, selection, and oversight of the voting machine test labs.

His involvement, therefore, in the entire process and the recently revealed failed accreditation of one of the previously-approved labs, CIBER, Inc., deserves close scrutiny --- particularly as one reads Wilkey's bio [PDF] as posted over at the EAC website which describes him as...

Guest Blogged By Michael Richardson

CIBER, Inc., the nation's largest so-called "independent test authority" (ITA) of electronic voting machines, is at the center of a growing scandal about lax testing of voting equipment. The recent release of a long-kept secret assessment of the company by the Election Assistance Commission (EAC) detailing a shocking record of sloppy, incomplete or non-existent testing by CIBER led the test lab's CEO, Mac Slingerlend, to call the report "old news" in an interview with the Rocky Mountain News.

While CIBER's shortcomings may be "old news" to Slingerlend, unaware election officials around the nation are angered at not being informed by the EAC prior to the November 2006 elections about voting machine models "tested" by CIBER in use by 68.5% of the registered voters in the country.

Last year the EAC took over testing responsibilities for electronic voting machines from the National Association of State Election Directors (NASED) and refused to grant CIBER interim accreditation because of numerous deficiencies at the test lab located in Huntsville, Alabama.

Slingerlend and CIBER founder Bobby Stevenson both took advantage of the "old news" to unload thousands of shares of stock

Guest Blogged by Michael Richardson

Hours after our report last week on threatened subpoenas against the U.S. Election Assistance Commission (EAC) and its banned voting machine test laboratory, CIBER, Inc., by the New York State Board of Elections, the company supplied information concerning its lack of accreditation to New York officials. Enraged NY State Election Commissioner Doug Kellner called the secret reports "soiled laundry" that both the company and EAC had been trying to hide.

Friday, the EAC reacted to the disclosure by CIBER of confidential EAC documents by releasing the assessment reports upon which last summer's decision for non-accreditation of CIBER was based. The documents, kept secret by the EAC for half a year, reveal a shocking level of incompetence and negligence by the "independent testing authority" (ITA) lab which tested electronic voting machines used by 68.5% of the registered voters in the November 2006 election.

By way of reminder, CIBER is one of three labs that had been testing all American voting machines as part of the ITA structure; the group of labs selected and paid for by the voting machine companies themselves to test their hardware and software --- in secret --- for Federal "authorities."

The EAC assessment report from July 2006 of the CIBER test lab in Huntsville, Alabama --- also kept secret until the matter was reported by the NY Times last month --- found "critical processes were not implemented nor procedures followed."

The finally-released EAC documents reveal a mess at the lab which federal, state and local officials around the country had been relying on for assurance that voting machines actually worked for many years...

Guest Blogged by Michael Richardson

Tom Wilkey, former executive director of the New York State Board of Elections, and now the executive director of the Election Assistance Commission, has refused to answer questions from New York election officials about the non-accreditation of voting machine test lab Ciber, Inc. A letter from a state election official describes the lack of response for requested information as "truly outrageous and scandalous." That refusal "to open the curtain that hides their soiled laundry," may lead to subpoenas by the State Board.

The ongoing secrecy, and apparent duplicity, of the U.S. Elections Assistance Commission (EAC) surrounding the failure of Ciber to be given federal accreditation to testing voting machines began last summer causing an unknown number of voters around the country to vote on improperly tested electronic voting machines in last November's election. The EAC failed to notify elections officials or the public about what they had already discovered concerning the poor state of testing conditions and procedures by the lab.

The EAC secrecy has been particularly troublesome in New York where Ciber has been testing equipment specifically under contract with the state. The EAC was created by the Help America Vote Act (HAVA) in 2002 and is charged with accrediting "independent testing authorities" to examine and certify electronic voting machines. Ciber failed to gain interim accreditation when the testing duties shifted from the National Association of State Election Directors (NASED) to the EAC last July.

As discussed in a report yesterday --- which included a series of 'very friendly' notes between Wilkey and the current chair of the EAC, Donetta Davidson --- Wilkey's silence may stem from his role as chair of the Voting Systems Board at NASED prior to his position at the EAC. The failures of Ciber to properly conduct and document security testing of voting machines that led to the denial of interim accreditation occurred during Wilkey's watch at NASED where he served with his "Sis", Davidson, as he referred to her in the emails between the two.

Davidson was on Wilkey's NASED certification board along with "ex officio" member Shawn Southworth of Ciber, Inc. Wilkey and Davidson's silence about the failures of Ciber has angered election officials around the nation who had relied on Ciber's certification of their voting machines in the November 2006 election.

As also recently reported, the delay in the public disclosure of the problems at Ciber, conveniently allowed both the firm's founder and its CEO the time needed to unload $1.7 million of company stock before the news would eventually be reported by the New York Times earlier this month.

New York, unlike the rest of the states, did not rush into purchase of new, expensive voting machines without public hearings and more thorough testing and ended up being sued by the U.S. Justice Department for HAVA non-compliance. Commissioner Doug Kellner of the New York State Board of Elections has reacted to the EAC stonewalling about Ciber with a call for a subpoena in hopes of getting some answers.

In an email announcement on Wednesday, Kellner expressed his outrage in no uncertain terms...

Guest Blogged by Michael Richardson

Election Assistance Commission Executive Director Thomas Wilkey moved to the EAC after serving on the National Association of State Election Directors Voting System Board, which he chaired.

Wilkey's current boss at the EAC is Donetta Davidson, Chair of the federal commission. Davidson is a former president of NASED and served with Wilkey on the Voting System Board, which was tasked with certifying "independent testing authorities" to perform tests on electronic voting machines used throughout America.

In 2002, the Help America Vote Act transferred testing responsibility from NASED to the EAC, which took over the duties in July 2006. When it came time to issue interim accreditation to the test labs, EAC technical specialists found that Ciber, Inc. had failed to adequately document security testing while under NASED's certification. Serving "ex officio" on the Voting Systems Board, headed by Wilkey, was Shawn Southworth of Ciber.

The National Institute of Standards and Technology has since recommended to the EAC that two other test labs perform the work formerly done by Ciber. Davidson, who twice testified before Congressional hearings last year on voting machine certification, failed to disclose the problems with the Ciber test lab to members of Congress. Senator Diane Feinstein has since asked Wilkey to explain why Ciber was not issued interim accreditation and why the public and election officials around the country were not notified before the November 2006 elections.

During the six months of secrecy from the EAC about the test lab ban, Ciber founder Bobby Stevenson sold $1.6 million worth of stock in the company. Ciber CEO Mac Slinglend also did some insider trading unloading $115,000 worth of the stock while the public was unaware of the EAC action against the company.

The failures of Ciber testing that led to the denial of interim accreditation were not under the EAC watch but instead arose under certification by Wilkey's NASED's Voting Systems Board.

Can EAC Chair Davidson be counted on to properly supervise her new subordinate? Maybe not, according to emails obtained by BlackBoxVoting from 2004 when both served on the NASED certification panel. Email traffic between the pair raise questions about their relationship.

On July 15, 2004 at 2:21 pm, Wilkey emailed Davidson: "You are actually reading your emails...WOW!!! Yes I will see you on Saturday. I get in about 9 pm so we will have a nightcap if you are not out partying on Bourbon Street. Love, Your New York Brother."

Two weeks later on July 29, 2004, after the nightcaps in New Orleans, Davidson sent Wilkey an email: "My Dearest Brother, Life has not slowed down, but I am staying out of trouble. Hope to talk to you soon, on the PHONE. That way I get to hear your voice. Love your Sis."

Now the cozy relationship between the two former NASED regulators can blossom at EAC where Wilkey reports to Davidson.

Wilkey's role in certifying electronic voting machines goes back a long way. According to his official agency biography, Wilkey helped draft the first voting system standards in country back in 1983 while working with the Federal Elections Commission.

"An early proponent of the creation of the National Association of State Election Directors, Wilkey has served as secretary, treasurer, vice-president and was elected president for 1996-1997. In January, Wilkey was named chair of NASED's Independent Test Authority Accreditation Board, which reviews and approves laboratories and technical groups for the testing of voting systems under NASED's national accreditation program. He was reappointed chair in 2000."

Wilkey's watchdog role over voting system security also gained him appointment to an advisory board of the Department of Defense's Federal Voting Assistance Program, which assists six million military and overseas voters. Ciber, one of Wilkey's NASED approved test labs, since banned, conducted the security testing of the FVAP computer system.

Now "New York Brother" and "Sis" are tasked with protecting the voting machine security for the entire nation. The earlier role of the two EAC leaders in oversight of Ciber's lax work that led to non-accreditation may well be the subject of Congressional hearings before the year is out.

Guest Blogged by Michael Richardson

The efforts of the Election Assistance Commission to accredit test laboratories for the nation's electronic voting machines have left the country with only two labs, SysTest and Wyle, operating on interim approval; and one laboratory, Ciber, left unaccredited since the National Association of State Election Directors got out of the certification business last year.

Published reports indicate the Ciber lab was denied interim accreditation last summer for a history of inadequate quality assurance and inability to document that critical tests were performed. The EAC is saying little about the matter to the media and has now been requested by Senator Diane Feinstein to explain why Ciber was not accredited and why disclosure of that fact was kept from election officials around the nation.

EAC regulatory staff might just want to peek at Ciber's website where they will discover that the banned Ciber lab has merged its testing division with EAC approved Wyle lab. Ciber boasts, "The CIBER-Wyle team is your single source for independent voting machine testing."

"With the growing demand for premier independent software/hardware testing of Voting Machines, CIBER and Wyle have joined forces are now offering the quality independent testing solutions needed for voting machine systems supporting the Election Assistance Commission standards."

"Our teams, co-located in Huntsville, Alabama, have now integrated best of breed testing solutions, CIBER for software testing and Wyle for their hardware testing capabilities. By teaming we now offer complete independent voting system testing solutions for voting system vendors and for state governments."

"We combined the two most experienced labs and staffs in the country into one efficient organization. We provide a co-located testing facility on one campus for all your testing needs. Successfully tested and recommended for certification the industry leaders in voting systems. Specialized support for prequalification testing and anomaly resolution/verification."

The Ciber website also has a pitch for state business as well as electronic voting machines vendors but they should have used a grammar check. "The CIBER-Wyle team will help you to make sure that your election is run with little or no room for criticism. They will assist in areas such as assuring that you have the current certified copy of your voting vendor's hardware and software and that you will have implemented a set of state voting standards that will meet the [sic] with the majority of the voters' approval, taking into consideration the usability and accessibility of the voting system."

Ciber's role in testing of voting technology was more than issuing reports to vendors and states, like Florida, which rely upon Ciber reports for their technology advice to local election officials. Despite the growing number of reports about inadequate testing, now leaking out about Ciber's failures, which reveal long-standing problems of deficiency, the test lab also serviced the Department of Defense.

Ciber's self-promotional web page about the Federal Voting Assistance Program provides Senator Feinstein with new areas needing review for sloppy work on the voting system that assists military voters.

"The scope of the work included testing and validation of both the system's functionality and security....based on our certification as an Independent Test Authority, CIBER was awarded this work....Ciber performed system security penetration assessments....Based on this work, CIBER documented system exposures and vulnerabilities. Periodic penetration assessment continued during system operation."

The merger of the two "independent" test labs into one team raises red flags about Wyle's interim EAC accreditation status; while Ciber's voting security testing for the Defense Department, based on its earlier NASED certification, may soon be getting review by Congress.

Guest Logged By Michael Richardson

Last week Christopher Drew of the New York Times informed a shocked nation that the leading "independent testing authority" of electronic voting machines, Ciber, Inc. of Greenwood Village, Colorado had not been following its own quality-control procedures and could not document that it completed required tests for reliability and security.

The federal Election Assistance Commission, which accredited the Ciber testing lab, secretly pulled its interim accreditation last year, without informing the public or election officials relying on Ciber's results. Independent testing centers, including Ciber, are not really independent at all and are funded by voting machine vendors to whom they issue their testing reports and only recently have come under federal scrutiny.

The EAC has yet to explain why it withheld the accreditation of Ciber from the voting public and the omission has entangled the controversial election oversight panel in the growing national distrust of electronic voting machines and may threaten its continued existence.

How many voting machines might be affected by the lax security inspections of Ciber?

Respected electronic voting machine authority and self-described "politechnologist" Joseph Hall did some digging. "The answer was not something I would have predicted...I knew Ciber did a good deal of software ITA testing, but it looks like, in terms of voting system deployment, that Ciber qualified the voting systems used by 68.5% of the registered voters (67.9% of precincts) in the 2006 election."

Hall explained the difficulty he encountered to acquire his data. "Since the test reports are not public, it is difficult to find information about who tested what when."

Undeterred by the veil of secrecy surrounding the testing of electronic voting machines, Hall used old testing identifiers, called NASED numbers, to track the deployment of voting machines around the nation. Ciber tested any machine that had a NASED number beginning with the digit "1".

"With this key piece of information, we can use published lists of qualified voting systems to determine which models were qualified by Ciber." explains Hall. Discovering that Ciber tested the vast majority of machines in the country Hall says, "In fact, it is much more simple to list which systems were not qualified by Ciber."

Hall concludes, "I suppose it would have been completely impractical to decertify all these systems. Even decertifying those systems in which the qualification testing Ciber performed was specifically lacking would likely be a significant double-digit percentage of voting systems used by registered voters."

One thing the ITA laboratories, or any other testing agency, cannot determine is if an electronic voting machine has been rigged with malicious self-deleting software code. All voting machines and optical scan vote-counters are subject to being hacked with self-deleting code that cannot be detected with any test. Self-deleting software code does its dirty deeds, including flipping or erasing votes, and then deletes itself erasing any sign of tampering.

A growing number of election integrity advocates are realizing that software technology has no place in the election systems of our country because of the inability to even detect mischief. The solution that is emerging is both simple and obvious, a return to time-tested hand-counting of paper ballots.