E-voting certification company faulted for lax procedures

The federal government has temporarily banned Ciber Inc. - the lab that has tested most electronic voting machines - from testing more machines after it learned the company hasn't been following proper procedures, The New York Times reports.

“What’s scary is that we’ve been using systems in elections that Ciber had certified, and this calls into question those systems that they tested,” said Aviel D. Rubin, a computer science professor at Johns Hopkins.

Professor Rubin said that although some software bugs had shown up quickly, in other instances “you might have to use the systems for a while before something happens.”

Proper testing of the machines requires adherence to the government's quality control procedures, officials at the Federal Election Assistance Commission said.

Until recently, the laboratories that test voting software and hardware have operated without federal scrutiny. Even though Washington and the states have spent billions to install the new technologies, the machine manufacturers have always paid for the tests that assess how well they work, and little has been disclosed about any flaws that were discovered.

The problems cropped up in July 2006, when for the first time the government starting overseeing the certification process, but the problems were only recently disclosed.

In addition to the federal problem, a consulting firm hired by New York state, criticized Ciber - which has a $3 million contract with the state to test machines - for creating a plan to test the software security that “did not specify any test methods or procedures for the majority of the requirements.” The report said the plan did not detail how Ciber would look for bugs in the computer code or check hacking defenses. The problems highlight the weakness of government oversight. While $3 billion was provided to states to buy new machines, the commission was never adequately funded and only finished its oversight program last month.

Until then, the laboratories had been at the heart of the system to evaluate voting machines, a system that seemed oddly cobbled together. While the federal government created standards for the machines, most of the states enacted laws to make them binding. The states also monitored the testing, and much of that work was left to a handful of current and former state election officials who volunteered their time.

As it stands now, the manufacturers are still paying the certification companies directly - a clear conflict of interest.

Michael I. Shamos, a computer scientist who examines voting machines for Pennsylvania, said about half had significant defects that the laboratories should have caught. He said he was disappointed that the commission had hired some of the same people involved in the states’ monitoring program and that it never announced it had found problems with Ciber operations.

And speaking of conflict of interest, Brian T. Phillips, president of SysTest Labs, another machine certification company, recently was hired by the victorious Republican candidate in Sarasota County, FL, to monitor the state’s examination of whether there had been a malfunction in the voting machines. Taking work from a candidate in an election contest being challenged on the accuracy of e-voting machines hardly speaks well for the independent integrity of the for-profit certification system.