U.S. To Certify Labs For Testing E-Voting Machines

← Back to Stories (view on slashdot.org)

U.S. To Certify Labs For Testing E-Voting Machines

Posted by Zonk on Friday January 19, 2007 @03:37AM from the who-certifies-the-certifiers dept.

InternetVoting writes "In a clear counter to the recent criticisms of secrecy involving Ciber labs the National Institute of Standards and Technology (NIST) has issued recommendations (pdf) to the Election Assistance Commission (EAC). NIST recommends the accreditation of two labs, iBeta Quality Assurance and SysTest Labs. The recommendation, emphasizing the need for transparency, includes on-site assessment reports, lab responses, and on-site reviews for each lab. These reports shed much needed light into the process of voting machine certification. Learn more from the Q&As About NIST Evaluation of Laboratories that Test Voting Systems."

10 of 75 comments (clear)

Opaque Audits by P(0)(!P(k)+P(k+1)) · 2007-01-19 03:38 · Score: 5, Insightful

It sounded, prima facie, like progress was being made; but quoth TFA:

Currently, laboratories are using proprietary test methods and test cases to determine that a voting system meets existing federal standards. . . . By law, NIST must protect proprietary information. This includes details of a laboratory's specific testing methods and protocols.

Call me cynical, but auditing opaque processes with equally opaque tests doesn't change much; I foresee a holographic sticker labelled “certified.”

I'd wager, furthermore, they expect us to buy it at face value.
1. Re:Opaque Audits by Rob+T+Firefly · 2007-01-19 03:40 · Score: 4, Insightful
  
  They do have a halfway decent excuse for that, though.
  Why are laboratories using proprietary test methods?
  Currently, no uniform set of tests exists to determine that a voting system meets federal standards. With the support of the EAC, in 2007 NIST will begin to develop a uniform set of non-proprietary tests to be used in conjunction with the next version of the Voluntary Voting System Guidelines (VVSG 2007). The availability and use of these open tests will improve consistency and comparability among testing laboratories.
  Even a baby step in the right direction counts at this point.
  
  --
  Slashdot Burying Stories About Slashdot Media Owned
2. Re:Opaque Audits by P(0)(!P(k)+P(k+1)) · 2007-01-19 03:47 · Score: 5, Insightful
  
  Even a baby step in the right direction counts at this point.
  
  I think you're being too soft on your own government. Government isn't a child in need of coddling: it's a cynical and self-aware machine that studies to persist at your expense.
3. Re:Opaque Audits by Billosaur · 2007-01-19 03:48 · Score: 4, Insightful
  
  When you think about it, the lack of standards is probably what has caused the current crop of voting machines to be such dismal failures. While I'm not sure I trust Diebold anyway, given their political connections, they probably would have done at least a halfway decent job on their machines if there were a set of standards to measure them against. It's not enough for the US Government to send out a Request For Proposals outlining what they are looking for, unless the functionality and security can be defined against some kind of standard. If the standards had existed first, maybe the machines would not have all the loopholes and omissions which make them such trash currently.
  
  --
  GetOuttaMySpace - The Anti-Social Network
4. Re:Opaque Audits by pilgrim23 · 2007-01-19 03:51 · Score: 5, Funny
  
  Wait, I thought the Dems won. Doesn't that mean there was no cheating?
  
  --
  - Minutus cantorum, minutus balorum, minutus carborata descendum pantorum.
5. Re:Opaque Audits by truthsearch · 2007-01-19 03:53 · Score: 5, Insightful
  
  And if standards exist, maybe more companies can compete equally for the contracts.
  
  --
  Developers: We can use your help.
Why is it by gillbates · 2007-01-19 03:51 · Score: 4, Insightful
That politicians can't grasp the immediately obvious? Why do they even bother with electronic voting machines when:
- The voters don't want them, and,
- They cost more and are less reliable than paper ballots, and,
- The technical community thinks they're dangerous to democracy.
How could any politician come to a conclusion that electronic voting machines make sense? There is no compelling reason to use electronic voting machines at all. The only possible explanation I see is that counties which bought electronic voting machines had county officials on the payroll of the voting machine makers.

The fact that they've been purchased seems to suggest that politics is already not quite as transparent as it should be.
--
The society for a thought-free internet welcomes you.
Re:Once that's done.... by smooth+wombat · 2007-01-19 03:57 · Score: 4, Interesting

how about an effort to screen the certifiable morons who keep getting onto the ballot?

I know you're trying to be funny but every state has requirements for people who want to run for office. So long as they meet those requirements, anyone can get on the ballot.
However, some states, such as Pennsylvania, have stacked the odds against third party candidates by requiring those candidates to meet higher standards. In Pennsylvania, if you are third party candidate and want to be on the ballot in November (you can't be on the ballot in May), you would need to gather signatures equal to or greater than 2% of the ballots cast for the largest vote-getter in the last statewide election race.
In the most recent election, third party candidates would have needed 67,070 valid signatures to be on the ballot as the highest vote count in the last statewide election was 3.4 million.
Contrast that with the 2,000 signatures that either a Democratic or Republican candidate must gather.
Obviously the answer is to have the legislature change the reqirement but the vast majority of the unwashed masses don't know about the requirement, don't care about the requirement, and are happy enough simply voting straight ticket.
Besides, can you imagine what would happen if it were easier for third party candidates to get on the ballot? Why, there would be competition and choice during an election! We can't have that, now can we?

--
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
Re:I'm waiting for the day when... by hclyff · 2007-01-19 04:13 · Score: 4, Funny

Well, you elected GWB twice and nobody suspects a thing. Now tell me what makes you think people would pay attention if Mickey Mouse got elected... ?

I thought so.
More crap like NIAP? by bug · 2007-01-19 06:37 · Score: 4, Interesting

Another one of NIST's big security certification schemes is NIAP. It's difficult to see it as anything but a failure. The "protection profiles" that systems are tested against sometimes explicitly assume a benign environment with no hackers. Hello, what's the point then? Also, the most common certifications don't involve source code verification or any other kind of strenuous testing. Just take a look at the list of crap that they have validated, including some products with absurd levels of vulnerabilities. Apparently, Microsoft Windows is very secure, according to NIST's NIAP. Note also that, because this is pay to play, many of the best security tools are completely missing from the list. If I had to bet money, I'd say that well-heeled companies like Diebold will make it through the testing despite a lot of vulnerabilities, and the public will be no better off.