The New York Times

January 4, 2007


U.S. Bars Lab From Testing Electronic Voting



Amy Sancetta/Associated Press  --  Electronic voting machines in use on Nov. 7 in Cleveland. The Election Assistance Commission certifies laboratories to test the systems.


A laboratory that has tested most of the nation’s electronic voting systems has been temporarily barred from approving new machines after federal officials found that it was not following its quality-control procedures and could not document that it was conducting all the required tests.


The company, Ciber Inc. of Greenwood Village, Colo., has also come under fire from analysts hired by New York State over its plans to test new voting machines for the state. New York could eventually spend $200 million to replace its aging lever devices.


Experts on voting systems say the Ciber problems underscore longstanding worries about lax inspections in the secretive world of voting-machine testing. The action by the federal Election Assistance Commission seems certain to fan growing concerns about the reliability and security of the devices.


The commission acted last summer, but the problem was not disclosed then. Officials at the commission and Ciber confirmed the action in recent interviews.


Ciber, the largest tester of the nation’s voting machine software, says it is fixing its problems and expects to gain certification soon.


Experts say the deficiencies of the laboratory suggest that crucial features like the vote-counting software and security against hacking may not have been thoroughly tested on many machines now in use.


“What’s scary is that we’ve been using systems in elections that Ciber had certified, and this calls into question those systems that they tested,” said Aviel D. Rubin, a computer science professor at Johns Hopkins.


Professor Rubin said that although some software bugs had shown up quickly, in other instances “you might have to use the systems for a while before something happens.”


Officials at the commission and other election experts said it was essential for a laboratory to follow its quality-control procedures and document all its testing processes to instill confidence in the results.


Commission officials said that they were evaluating the overall diligence of the laboratory and that they did not try to determine whether its weaknesses had contributed to problems with specific machines.


Computer scientists have shown that some electronic machines now in use are vulnerable to hacking. Some scientists caution that even a simple software error could affect thousands of votes.


In various places, elections have been complicated by machines that did not start, flipped votes from one candidate to another or had trouble tallying the votes.


Until recently, the laboratories that test voting software and hardware have operated without federal scrutiny. Even though Washington and the states have spent billions to install the new technologies, the machine manufacturers have always paid for the tests that assess how well they work, and little has been disclosed about any flaws that were discovered.


As soon as federal officials began a new oversight program in July, they detected the problems with Ciber. The commission held up its application for interim accreditation, thus barring Ciber from approving new voting systems in most states.


Ciber, a large information technology company, also has a $3 million contract to help New York test proposed systems from six manufacturers. Nystec, a consulting firm in Rome, N.Y., that the state hired, filed a report in late September criticizing Ciber for creating a plan to test the software security that “did not specify any test methods or procedures for the majority of the requirements.” The report said the plan did not detail how Ciber would look for bugs in the computer code or check hacking defenses.


A spokeswoman for Ciber, Diane C. Stoner, said that the company believed that it had addressed all the problems and that it expected to receive its initial federal accreditation this month. Federal officials said they were evaluating the changes the company had made.


Ms. Stoner said in a statement that although the Election Assistance Commission had found deficiencies, they “were not because Ciber provided incomplete, inaccurate or flawed testing, but because we did not document to the E.A.C.’s liking all of the testing that we were performing.”


She added that the test plan cited in New York was just a draft and that Ciber had been working with Nystec to ensure additional security testing.


The co-chairman of the New York State Board of Elections, Douglas A. Kellner, said Ciber had tightened its testing. But Mr. Kellner said yesterday that Nystec and Ciber continued to haggle over the scope of the security testing.


New York is one of the last states to upgrade its machines, and it also has created some of the strictest standards for them. Mr. Kellner said only two of the six bidders, Diebold Election Systems and Liberty Election Systems, seemed close to meeting all the requirements.


Besides Ciber, two other companies, SysTest Labs of Denver and Wyle Laboratories, in El Segundo, Calif., test electronic voting machines. Ciber, which has been testing the machines since 1997, checks just software. Wyle examines hardware, and SysTest can look at both.


The chairman of the Election Assistance Commission, Paul S. DeGregorio, said SysTest and Wyle received interim accreditations last summer. Mr. DeGregorio said two other laboratories had also applied to enter the field.


Congress required greater federal oversight when it passed the Help America Vote Act of 2002. Since then, the government also put up more than $3 billion to help states and localities buy electronic machines, to avoid a repeat of the hanging punch-card chads that caused such confusion in the 2000 presidential election.


The commission was never given a substantial budget, and it did not finish creating the oversight program until last month. Until then, the laboratories had been at the heart of the system to evaluate voting machines, a system that seemed oddly cobbled together.


While the federal government created standards for the machines, most of the states enacted laws to make them binding. The states also monitored the testing, and much of that work was left to a handful of current and former state election officials who volunteered their time.


As a result, voting rights advocates and other critics have long been concerned about potential conflicts of interest, because the manufacturers hire the laboratories and largely try to ensure confidentiality.


Michael I. Shamos, a computer scientist who examines voting machines for Pennsylvania, said about half had significant defects that the laboratories should have caught.


Besides certifying the laboratories, the Election Assistance Commission will have three staff members and eight part-time technicians to approve test plans for each system and check the results. The manufacturers will be required to report mechanical breakdowns and botched tallies, and Mr. DeGregorio said those reports would be on the agency’s Web site.


Dr. Shamos said, “This is not the sea change that was needed.”


He said he was disappointed that the commission had hired some of the same people involved in the states’ monitoring program and that it never announced it had found problems with Ciber operations.


Dr. Rubin of Johns Hopkins said the laboratories should be required to hire teams of hackers to ferret out software vulnerabilities.


And the laboratories will still be paid by the voting machine companies, though a bill now in Congress could change that to government financing.


A recent appearance in Sarasota, Fla., by the SysTest Labs president, Brian T. Phillips, also raised eyebrows. After a Congressional election in the Sarasota area ended in a recount last month, the victorious Republican candidate hired Mr. Phillips as a consultant to monitor the state’s examination of whether there had been a malfunction in the voting machines.


Several critics questioned whether Mr. Phillips should have taken such work, either because of its partisan nature or because it represented such a public defense of the industry.


Mr. Phillips said he did not see any conflict because his laboratory had not tested the software used in Sarasota. And the project does not appear to have violated the ethics rules of the election commission.


Ian Urbina contributed reporting.


Copyright 2007 The New York Times Company