California Decertifies Voting Machines, Conditions Applied for Use

Debra Bowen 

After two months of unprecedented analysis of California's voting systems and related security procedures, Secretary of State Debra Bowen Friday announced some of those systems can continue operating in 2008 in California while others are too flawed to be widely used.

Each of the systems that went through the top-to-bottom review has been legally decertified, and then each of them has been recertified with the addition of a number of conditions. The primary reason for taking this step is for clarity, ensuring that everything associated with a particular system is in one single recertification document that is easy for the public, elections officials, and others to follow and understand.
 
The Diebold, Hart InterCivic and Sequoia direct recording electronic (DRE) systems were all decertified. The Diebold and Sequoia DRE systems were recertified solely for the purposes of conducting early voting and to allow counties to have one DRE machine in each polling place on Election Day for the purpose of complying with disability access requirements of the Help America Vote Act (HAVA). Furthermore, these DRE systems will be required to comply with increased security and post-election auditing procedures. The Hart InterCivic DRE system was also recertified but will only be required to comply with increased security and post-election auditing procedures. The Diebold, Hart InterCivic and Sequoia optical scan systems were all decertified and recertified, and will be required to adopt increased security and post-election auditing procedures.
 
"The systems we use to cast and tally votes in this state are the most fundamental tools of our democracy," said Bowen, the state's chief elections officer. "My decisions have a bias towards voting systems that score the highest with two very important measuring sticks: transparency and auditability. Applying proper auditing procedures to optical scan systems that are easier for voters to see and understand gives us the ability to begin rebuilding the voter confidence in the systems we use to conduct elections."

The fourth major voting system vendor with products in California is Election Systems and Software (ES&S). ES&S chose not to submit its AutoMARK 1.0 to the top-to-bottom review because the company said it would not be using that system after 2007, and instead submitted a new system for certification. If ES&S's new system does not receive state approval and ES&S attempts to use the currently certified AutoMARK 1.0 system again in 2008, Secretary Bowen has the right to attach additional conditions to its continued use.

Another ES&S system, InkaVote Plus, is used only by Los Angeles County to comply with the disability access requirements of HAVA. Despite its intention to continue operating the InkaVote Plus system in Los Angeles County, ES&S failed to cooperate with the top-to-bottom review by providing the information, equipment and money in a timely fashion as required by law, so Secretary Bowen decertified the InkaVote Plus. Now that ES&S has submitted all the items necessary for a review, Secretary Bowen will begin that review as soon as possible. Assuming it passes the review, the InkaVote Plus system can be recertified -- potentially with new use conditions added to it -- in time to be used in the February 2008 primary election.

"I'm mindful of the impact these decisions will have on voters, on county local elections officials, poll workers, voting system vendors and on others in California and across the nation," continued Bowen. "However, it's important to remember that in last November's election, at least two-thirds, and probably closer to 75 percent, of the 8.9 million voters who cast ballots did so using a paper absentee ballot or a paper optical scan ballot."

Secretary Bowen's decisions on voting system certifications follow her thorough review of detailed academic findings by teams of nationally respected computer experts, as well as extensive input from voters, voting system vendors, and national, state

and local elections experts.

The independent University of California expert reports for the top-to-bottom review detailed a number of security vulnerabilities in all of the voting systems they tested. Some of those problems can be mitigated if appropriate security and auditing procedures are in place in all 58 counties. As part of her decertification and recertification orders, Bowen announced new statewide conditions that will enhance the security and reliability of the voting systems that were recertified tonight for use in 2008 and beyond including:

• Re-flashing or re-installing the firmware or software in all voting system components;
• Removing, blocking or disabling access to unneeded ports on the machines;
• Hardening the servers to improve security;
• Following vendor recommended or required security protocols;
• Banning all modem or wireless connections, regardless of their purpose, in order to prevent connection to an unauthorized computer or network or to the Internet -- all of which would present significant additional security risks;
• Adding security seal and chain-of-custody provisions, some of which already exist;
• Requiring a 100% manual count of all ballots cast on the Sequoia and Diebold DRE machines; and
• Adopting escalation procedures to require more manual auditing in cases where the results of a particular race are within a certain margin. The specific details of the escalation procedures will be developed by the Secretary of State after consultation with the election jurisdictions.
  

"Democracy, by definition, is about free and fair elections," said Bowen. "As the state's chief election officer, I take my responsibilities very seriously. In many ways, I think voters and counties are the victims of a federal certification process that hasn't done an adequate job of ensuring that the systems made available to them are secure, accurate, reliable and accessible. Congress enacted the Help America Vote Act, which pushed many counties into buying electronic systems that -- as we've seen for some time and we saw again in the independent UC review -- were not properly reviewed or tested to ensure that they protected the integrity of the vote. That's what my decisions are about -- protecting the integrity of the vote."
 
Eight voting systems were initially subject to the top-to-bottom review when it was announced in March because they were certified for use and in operation in one or more California counties. Three systems were submitted by vendors and fully examined in the top-to-bottom review over the past two months. In four other cases, vendors opted not to submit their systems to the top-to-bottom review because they do not intend to have any county use those systems in California elections after January 1, 2008. In the eighth case, which affects only Los Angeles County, the vendor declined to submit its system in time for the top-to-bottom review even though that system will be used in 2008.
 
California law requires the Secretary of State to periodically review voting systems "to determine if they are defective, obsolete or otherwise unacceptable" and withdraw the approval previously granted for all or part of a voting system if it is subsequently found to be unacceptable. The law states that any such withdrawal can only affect elections that are held six months or more after the date of the decision. The next statewide election for California's 15.7 million registered voters will be the presidential primary on February 5, 2008.
 
Certification documents detailing Bowen's decisions are available online, as well as a county-by-county list of voting systems used in the last statewide election.