However, even New York's standards, if somehow met, would not secure these systems from fraud. Dan Wallach, a Rice University computer security expert, has examined electronic voting systems since 2001, and has testified about voting security issues before governmental bodies in the U.S., Mexico and the European Union. Quoting from a May 2007 interview:
When testifying before the National Institute of Standards and Technology (NIST) and the EAC's Technical Guidelines Development Committee, Wallach stated:
"This is a classic computer security problem. Whoever gets into the machine first wins. So if the Trojan horse software is in there first, you ask it to test itself, it will always lie to you and tell you everything is fine. And no matter what testing code you try to add after the fact, it's too late. It can now create a world where the testing software can't tell that the machine has been compromised, even though it has..."
"[W]hile 'logic-and-accuracy testing' can sometimes detect flaws, it will never be comprehensive; important flaws will always escape any amount of testing."
No amount of software testing will ensure that errors or malware do not exist before, during or after an election. Because of its undetectably mutable and unstable nature, software can never provide us with a rational basis for confidence in reported election results. Running democratic elections on software is the worst possible choice of all technologies available to us.
6. The Sequoia/Dominion BMD May Be a Hybrid DRE-Optical Scan System
During our investigation, we came upon another horrifying discovery. When Dominion showcased its ImageCast system in Florida in 2007, Pam Haengel and Dan McCrea of Florida Voters Coalition (FVC) posted a video of the demonstration. Haengel recently shared her impressions of this all-in-one voting system:
"In thinking about that mini-touchscreen, I distinctly recall them saying you could correct errors on your ballot with the touchscreen OR have the machine reject your ballot and do the whole thing over."
FVC President Dan McCrea concurs:
"It certainly could be a DRE integrated into an optical scanner - i.e. a TABULATING ballot marking device. We were given no assurance that was not the case and of course any isolation between the ballot marking features and the tabulating features would have to be explicitly required by spec and regulation and tested for in certification, in my opinion."
The system set up for New York currently does not use the 4x6" mini touchscreen, but it is troublesome that this BMD has the capacity to operate as a DRE, which activists fought so hard to have banned in New York. Given the hundreds of documentation discrepancies discovered so far, can we trust that the BMD is not a DRE hybrid?
Quis custodiet ipsos custodies?
In SysTest Labs under Fire, we detail an ongoing investigation into this federally accredited voting systems certification lab responsible for certifying the Sequoia/Dominion BMD in New York. The lab is accused of failing to document and validate its test methods, and of using unqualified personnel. Emails from the lab also indicate possible collusion with another voting system vendor, ES&S, whereby SysTest's "test approach takes into consideration" actions that will "ensure certification." The EAC cites a situation where SysTest may be:
'allowing and inviting manufacturers to play an inappropriate role in the development of test plans' which 'would be a significant violation" of ISO and NIST rules, 'and as such could affect SysTest's accreditation status.'
On August 11th, SysTest assured the New York SBOE that all allegations are unfounded. Meanwhile, the EAC and NIST have placed SysTest on administrative oversight and are currently reviewing all future testing plans. These violations, if true, could result in revocation of SysTest's accreditation as a federal voting system certification lab.
But Americans should note that the guidelines being used to certify our nation's voting systems are worthless according to many experts. David Wagner testified in 2007 before the Committee on Oversight and Government Reform, Subcommittee on Information Policy, Census, and National Archives, U.S. House of Representatives:
"In my research into electronic voting, I have come to the conclusion that the federal certification process is not adequate. The testing labs are failing to weed out insecure and unreliable voting systems. The federal certification process has approved systems that have lost thousands of votes, systems with reliability problems, and systems with serious security vulnerabilities. Over the past four years, independent researchers have discovered security vulnerabilities in voting machines used throughout the country-vulnerabilities that were not detected by state and federal certification processes."
This situation certainly begs the question, how can states rely on SysTest's independence and competency in testing voting systems? How can we rely on any of the federal testing labs?