Last week Christopher Drew of the New York Times informed a shocked nation that the leading "independent testing authority" of electronic voting machines, Ciber, Inc. of Greenwood Village, Colorado had not been following its own quality-control procedures and could not document that it completed required tests for reliability and security.
The federal Election Assistance Commission, which accredited the Ciber testing lab, secretly pulled its interim accreditation last year, without informing the public or election officials relying on Ciber's results. Independent testing centers, including Ciber, are not really independent at all and are funded by voting machine vendors to whom they issue their testing reports and only recently have come under federal scrutiny.
The EAC has yet to explain why it withheld the accreditation of Ciber from the voting public and the omission has entangled the controversial election oversight panel in the growing national distrust of electronic voting machines and may threaten its continued existence.
How many voting machines might be affected by the lax security inspections of Ciber?
Respected electronic voting machine authority and self-described "politechnologist" Joseph Hall did some digging. "The answer was not something I would have predicted...I knew Ciber did a good deal of software ITA testing, but it looks like, in terms of voting system deployment, that Ciber qualified the voting systems used by 68.5% of the registered voters (67.9% of precincts) in the 2006 election."
Hall explained the difficulty he encountered to acquire his data. "Since the test reports are not public, it is difficult to find information about who tested what when."
Undeterred by the veil of secrecy surrounding the testing of electronic voting machines, Hall used old testing identifiers, called NASED numbers, to track the deployment of voting machines around the nation. Ciber tested any machine that had a NASED number beginning with the digit "1".
"With this key piece of information, we can use published lists of qualified voting systems to determine which models were qualified by Ciber." explains Hall. Discovering that Ciber tested the vast majority of machines in the country Hall says, "In fact, it is much more simple to list which systems were not qualified by Ciber."
Hall concludes, "I suppose it would have been completely impractical to decertify all these systems. Even decertifying those systems in which the qualification testing Ciber performed was specifically lacking would likely be a significant double-digit percentage of voting systems used by registered voters."
One thing the ITA laboratories, or any other testing agency, cannot determine is if an electronic voting machine has been rigged with malicious self-deleting software code. All voting machines and optical scan vote-counters are subject to being hacked with self-deleting code that cannot be detected with any test. Self-deleting software code does its dirty deeds, including flipping or erasing votes, and then deletes itself erasing any sign of tampering.
A growing number of election integrity advocates are realizing that software technology has no place in the election systems of our country because of the inability to even detect mischief. The solution that is emerging is both simple and obvious, a return to time-tested hand-counting of paper ballots.
[Permission granted to reprint]
Michael Richardson is a freelance writer based in Boston. Richardson writes about politics, law, nutrition, ethics, and music. Richardson is also a political consultant.
The views expressed in this article are the sole responsibility of the author and do not necessarily reflect those of this website or its editors.
Michael,
Great job as always. However, Ciber was NOT decertified. That confusion began with the NYTimes article and has persisted for some reason. In fact, Ciber was denied interim accreditation by the EAC.
Previous to July 2006 all voting systems testing and qualification was done through the National Association of State Elections Directors. The EAC has divorced themselves from that process completely even though they had someone overseeing it (Brian Hancock). Since July 2006 and up to present day, the EAC has an interim program for certification. Accreditation to do the testing under this interim program was denied Ciber due to sloppy work practices and lack of doing required tests.
Does this bring all previous work done by Ciber into question? Yes, it should. Is it? No. The EAC has stated that they have no power to do anything about the previous NASED qualifications. I have emails that state that.
So, while it is semantics, Ciber was never decertified because they were never certified. They were just never given interim accreditation.
by
JGideon (1090 articles, 49 quicklinks, 0 diaries, 11 comments) on Saturday, Jan 13, 2007 at 11:43:42 AM
Thanks for the clarification. I think the confusion between certification and accreditation comes from the generic use of the word "certify" when it has actual precise meaning. I suspect the media will be talking about Ciber's decertification for a long time when lack of accreditation would be technically more accurate.
Michael Richardson
by
Michael Richardson (107 articles, 22 quicklinks, 0 diaries, 78 comments) on Saturday, Jan 13, 2007 at 12:49:50 PM
(0+)
Want to post your own comment on this Article?
How would you rate this?
You must be logged in (if signed up) to do ratings.
It's free to signup! And easy. And takes just a minute or two....
Contact Author
View Authors' Articles
(0+)
Must Read (0) 
Well Said (0) 
News (0) 
Touching (0) 
Funny (0) 
Supported (0) 
Interesting (0) 
Inspiring (0) 
Valuable (0) 
