EAC Exec. Dir. Tom Wilkey Lends CIBER 'Test' Lab a Hand, As 'Confidential' Secrets about Their Failures Continue to Ooze Out...
By Michael Richardson on 2/9/2007, 12:34pm PT  

Guest Blogged By Michael Richardson

The BRAD BLOG has learned that Thomas Wilkey, Executive Director (bio [PDF]) of the U.S. Election Assistance Commission (EAC), has now extended the deadline for CIBER, Inc. to qualify for interim accreditation to test the nation’s voting machines, despite previously reported disastrous testing conditions over several years discovered at the lab.

Wilkey previously kept problems at the CIBER test lab hidden behind a wall of secrecy including the non-accreditation of the controversial “independent testing authority” (ITA) laboratory as discovered and revealed by The New York Times last month.

CIBER, the nation’s most prodigious voting machine test lab, was banned from testing last summer when accreditation responsibilities shifted from the National Association of State Election Directors (NASED) to the EAC. However, the public and election officials relying on CIBER’s testing where not informed of the ban until the Times disclosed the lab shutdown in January 2007, long after the elections in 2006 were allowed to move forward on CIBER's "tested" voting machines.

Even after the Times exposé, the EAC head kept the assessment reports [PDF], which detailed lab problems, secret until a subpoena threat by the New York State Board of Elections forced release of the reports. The assessments that Wilkey kept hidden from the public revealed a shocking history of sloppy, incomplete and non-existent testing.

Only after increasing pressure, including from Senator Diane Feinstein, to come clean about CIBER’s failures, Wilkey wrote to the company on January 26, 2007 [PDF] giving them 30 days to correct the identified deficiencies. Now, as the deadline approaches, Wilkey has itemized the problems in need of correction by CIBER and extended the deadline [PDF] for them until March 5, 2007.

Wilkey, once again as expected, has been very kind to the company that he seems to have spent years protecting.

Meanwhile, in written testimony [PDF] Thursday to the EAC, David Alderman of the National Institute of Standards and Technology (NIST) explained why CIBER thus far has failed to gain a favorable recommendation from the NIST for future accreditation—CIBER actually missed the application deadline...

The subpoena threat from New York State Board of Elections Commissioner Doug Kellner that forced release of the “soiled laundry” secret CIBER assessment reports followed by several months another “confidential” report on CIBER [PDF] as prepared for New York state election officials.

The New York State Technology Enterprise Corporation (NYSTEC) conducted a review of CIBER’s master test plan and CIBER’s security test plan for the state. The confidential report submitted on September 27, 2006, revealed glaring deficiencies in CIBER’s security testing of voting machines.

The NYSTEC report found a number of security requirements in New York law, EAC voting machine guidelines, and state regulations that “were not covered in the Security Test Plan”. Further, “the security test plan did not specify any test methods or procedures for the majority of requirements.”

NYSTEC detailed missing requirements, incorrectly labeled requirements, undefined jargon, outdated matrix tables, and lack of test plan clarification for functionality tests. One particular finding about CIBER’s security testing that drew attention by the independent review team was an incorrect statement passing the buck to NYSTEC for plan deficiencies:

A Security Master Plan should document testing methodologies, procedures and processes that will help to ensure that all testing is being done in a structured and repeatable way. This is even more important given the numbers of voting machines that will be tested in parallel and the number of testers involved.

Selection of Test Methods—although stated as a component of the test plan, the test methods to be used are not indicated throughout the plan. The plan states that the selection of the test method is a joint effort between CIBER and NYSTEC. NYSTEC’s understanding of NYSTEC’s role in the project is that CIBER provides suggested test methods and NYSTEC will review and comment on them.

CIBER technicians will no doubt need the extra time allotted by Wilkey to correct the long list of deficiencies tallied against the lab. If CIBER can gain interim accreditation, the company will be allowed to continue testing voting machines until January 2008 even if it fails to gain actual accreditation or is rejected by NIST reviewers.

As previously reported by The BRAD BLOG, Wilkey has a long history of hiding testing problems behind a wall of secrecy in his earlier role as chair of NASED’s Voting Standards Board where he supposedly served as the public watchdog of the voting machine test labs. According to an email from Chris Thomas [PDF] (see pages 19-20), then NASED president, Wilkey’s group opposed involvement by the NIST in the testing of voting machines and also sought to keep the EAC, which he now heads, out of the lab accreditation process.

While many are angry with Wilkey and the EAC for covering up CIBER’s non-accreditation last summer, at least two people are happy. CIBER founder and director Bobby Stevenson and CIBER’s CEO Mac Slingerlend were able to use the half-year news blackout to do some apparent insider trading. The two top CIBER honchos were able to unload $1.7 million of company stock after last year’s test ban but before public disclosure by the New York Times in January.

Will CIBER be able to regain its lucrative testing business? Stay tuned as we continue to shed the many layers of skin from the increasingly stinking onion...

Share article...