Facing a steady stream of reports about e-voting machine failures and security vulnerabilities, yesterday Congress tackled the question of whether new federal standards will improve this technology. The short answer from the witness and the Members of Congress seemed to be that the standards, while a good first step, were far short of what we need to ensure accurate, secure, reliable and usable e-voting machines. We will have to wait until the next update of the standards (likely effective in 2010) to see anything more than marginal improvements.
USACM mirrored these concerns in a letter it released to Congress in advance of the hearing; noting that even with improved standards, there are still gaps in the current testing and certification system. USACM made five recommendations to close these gaps:
- Create a formal feedback process that will ensure that lessons learned from independent testing and Election Day incidents are translated into best practices and future standards.
- Make the testing process more transparent by making the testing scope, methodologies and results available to the public.
- Ensure that the guidance for usability and security standards provides performance-based requirements and is clear so as to minimize the variance of human interface designs from jurisdiction to jurisdiction.
- Create a mechanism for interim updates to the standards to reflect emerging threats, such as newly discovered security defects or attacks.
- Require voter verified paper trails and audits to mitigate the risk associated with software and hardware flaws.
USACM also issued a press release on the hearing, which can be found here.
The hearing was a joint effort by the Committee on House Administration and the House Committee on Science to gather comments on the new federal standards for voting equipment adopted by the Election Assistance Commission (EAC). These standards are the first to be developed under a new process created by the Help America Vote Act (HAVA), where a technical committee chaired by the National Institute of Standards and Technology is charged with proposing new standards to the EAC.
The hearing also looked at the testing process for voting machines. Under HAVA the EAC is taking over the certification and decertification process for voting machines from an association of state election officials. This change is new and in many respects still being developed.
The witness for the hearing were (with links to their testimony):
- Ms. Donetta Davidson – Commissioner, Election Assistance Commission.
- Dr. William Jeffrey – Director, National Institute of Standards and Technology.
- Ms. Mary Kiffmeyer – Secretary of State for Minnesota.
- Ms. Linda Lamone – Administrator of Elections, Maryland State Board of Elections.
- Mr. John Groh – Chairman, Election Technology Council, Information Technology Association of America.
- Dr. David Wagner – Professor of Computer Science, University of California at Berkeley.
Because the standards and testing processes are new, the only thing everyone could agree on was that we don’t know enough yet to judge the extent they will make a difference, but they aren’t as rigorous as they should be. Dave Wagner, the technical expert on the panel, felt that the standards fall short. Others on the panel agreed with that sentiment but not to the extent of Dr. Wagner. Witnesses mentioned that the standards for usability and security could be more detailed, but didn’t outline specifics. The only tension with issuing more detailed standards came from the state officials and the vendors asserting that new starts must take into account costs. The Secretary of State for Minnesota urged that improvements be thought of in the context of existing purchases, instead of forcing local jurisdictions to buy all new equipment.
The testing issue was even more unresolved. NIST believes that by taking over the over accreditation of the labs, they would be more independent. Dr. Wagner argued that many serious security defects have been discovered on certified machines that violate the existing federal standards, calling into question the entire testing process. The vendors noted that the process was still in flux and that many of the testing suites are still being phased in and developed.
The key issue of what to do about certified machines already in use when a significant defect is found was only highlighted once. When pressed by one Member, the EAC said that HAVA gave them the power to certify and decertify voting systems (Section 231 of the Act). With new equipment in widespread use, any such decision would likely be highly visible and controversial. It will be very interesting to see whether the EAC would use this authority, given that it considers its role as assistance not regulatory.
While the hearing wasn’t supposed to focus on paper trails, the issue became a persistent theme with Members asking about their value. ACM’s policy statement on e-voting machines was even mentioned by one of the Members. The general consensus from the witnesses was that they should be adopted with a couple of notable comments on the topic. The EAC commissioner said that EAC’s role was to give guidance on how to implement the standards, not necessarily issue mandates. Linda Lamone from Maryland didn’t oppose paper trails outright, but argued that the debate about paper trails is having a chilling effect on other verification technologies.