Slashdot Mirror

← Back to Stories (view on slashdot.org)

U.S. Bars Lab From Testing E-Voting Machines

Posted by kdawson on from the watching-the-watchers dept.

joshdick writes to point out a NYTimes story on the decertification of Ciber Inc. from testing electronic voting systems. It will come as a surprise to no-one here on Slashdot that experts say the deficiencies of the laboratory suggest that crucial features like the vote-counting software and security against hacking may not have been thoroughly tested on many machines now in use. From the article: "A laboratory that has tested most of the nation's electronic voting systems has been temporarily barred from approving new machines after federal officials found that it was not following its quality-control procedures and could not document that it was conducting all the required tests... The federal Election Assistance Commission made this decision last summer, but the problem was not disclosed then... Ciber... says it is fixing its problems and expects to gain certification soon."

5 of 123 comments (clear)

  1. Personal experience with Ciber by elrous0 · · Score: 4, Interesting

    Having worked with Ciber before myself, I'm not surprised. They basically leech off government agencies foolish enough to hire them. They charge a lot of money to essentially tell government agencies what they want to hear (which, in this case was "The e-voting machines are fine"). Their actual research methodology is, shall we say, "suspect."

    --
    SJW: Someone who has run out of real oppression, and has to fake it.
  2. Re:WTF? by simm1701 · · Score: 4, Interesting

    Paper print out for voter's records, paper print out on a roll visible behind safety glass screen that the voter can verify which is archived for verification - its not difficult - shop tills (checkouts) have been doing the same thing for years.

    --
    $_="Slashdotter";$syn="OTT";s;..;;;sub _{print shift||$_};s!ash!Perl !;s=$syn=ack=i;tr+LLEd+BLAH+;_"Just Another ";_
  3. You get what you ask for by Anonymous Coward · · Score: 1, Interesting

    There is most likely more information to this article that is not included. My concerns are....

    1. Cyber has been known for a long time as a "body shop". They have never been known as a certified testing lab.
    2. What was to be provided in the Statement of work?
    3. Is the customer looking at Certification and Accreditation with light security testing for the purpose of having an agency signed ATO or ITO or Common Criteria (EAL)ISO standard 15408 certified product. This is a huge difference as the first may just have documentation and light security testing.

    Information on Common Criteria testing
    http://niap.bahialab.com/cc-scheme/testing_labs.cf m

    My guess is that the system owner was just looking for documentation and testing to support their system with the end result of a signed ATO and some issues identified through the process resulted in Cyber being removed.

  4. Canadian Voting System by ChunkyLoverYYZ · · Score: 2, Interesting

    I used to be ashamed of our technology on election day, but in light of news over the past several years, it really does seem to be effective. Paper, golf pencil, large 'X', thousands of volunteers to do the counting. Nothing to explain to voters, no fear of technology. Of course there's always the "people" element... corruption can only be reduced (hopefully) by technology, not prevented. Just my $.02.

    --
    "You can surrender without a prayer, but never really pray without surrender" - NP
  5. What about one-time write ROM's? by Radon360 · · Score: 2, Interesting

    I've heard the debate go both ways about the pros and cons of electronic voting systems vs traditional ballots. Of course, each has their vulnerabilities.

    If electronic voting machine developers are so bent on eliminating the paper trail, what about an electronic log that's designed with a physical limitation, such as one-time write memory? The machine would just burn a log entry after each voter finished voting. When you're done, you have a non-rewriteable memory storage device that reads something like voter 34 voted for W,X, and Y, voter 35 voted for X, Y and Z (think database record fields).

    With something like this, you can go back and to some degree forensically reconstruct the ballots if a bug is suspected or found. Something like this would make it harder to make up a stack of forged ballots (a timestamp) or run the same scan sheet through the ballot scanner multiple times.

    Sure, there's still vulnerabilities (missing log storage devices, perhaps even forged log storage devices), but it's something harder to forge than just using a pen and a ballot...and it isn't just a numerical count, either.

    FWIW, during the last election. The city of Milwaukee ran out of ballots and several polling locations simply copied an unused ballot on a photocopier for additional ballots (!). Yes, they use the pen-marked scan ballots. Now there's an invitation for fraud.