E-Vote: Colorado Tests Voting Equipment, Decertifies Some

"If I'm too lenient in determining what passes then I risk having the state taken to court by activists groups who will ask for an injunction on the use of electronic voting machines for the 2008 election, and if I exceed the requirements of state law and the court order, then I will be sued by the vendors who manufacture and sell the equipment."

Colorado Secretary of State Mike Coffman today issued his findings from a court-mandated retesting of electronic voting equipment. In September 2006, a district court judge had ruled, in Conroy vs. Dennis, that the certification process used by the Secretary of State's office was inadequate and that the voting equipment had to be retested before the 2008 primary election. Under state law, all electronic voting equipment purchased after May 2004 has to be tested and certified by the Secretary of State's office after being federally certified.
 
"My job, as the Secretary of State, is to follow the law and the law requires my office to test the electronic voting equipment used in Colorado to make sure that these systems are secure and can accurately count every vote as set forth by the standards established in state law and mandated by a court order," said Coffman.

Under state law, the clerks and the vendors of decertified equipment will have up to 30 days to formally "request a reconsideration" of Coffman's decisions. The Legislature, when it convenes next month, can also decide to modify the requirements set forth in the state's certification law to allow decertified equipment to be used in the 2008 election. On Wednesday and Thursday, Coffman's staff will meet with the clerks and the vendors who have decertified equipment for a detailed technical briefing of the testing results and the factors leading to decertification.
 
"I had to strictly follow the law along with the court order," said Coffman. "If I'm too lenient in determining what passes then I risk having the state taken to court by activists groups who will ask for an injunction on the use of electronic voting machines for the 2008 election, and if I exceed the requirements of state law and the court order, then I will be sued by the vendors who manufacture and sell the equipment."

Coffman carefully reviewed the process for certifying electronic voting equipment used in 2006 and made dramatic changes, which include three additional layers of technical experts reviewing the tests results. He instituted a testing board composed of four technical experts to decide the passage or failure of individual tests, and an outside audit of technical experts to review the testing process, as well as making sure that the results matched the tests. He also engaged the cyber security experts from state government to also review and comment on the security testing.
 
Coffman's Decisions:

• Premier (formally known as Diebold) All voting equipment submitted for recertification passed.
• Sequoia The optical scan devices, Insight and 400-C, used to count paper ballots both passed, but the electronic voting machines, the Edge II and the Edge II Plus, both failed due to a variety of security risk factors, including that the system is not password protected, has exposed controls potentially giving voters unauthorized access, and lacks an audit trail to detect security violations.
• Hart The optical scan devices, eScan and BallotNow, both failed because test results showed that they could not accurately count ballots. The electronic voting machine, eSlate, passed.
• ES&S The optical scan devices (M 100 and the M650) both failed because of an inability to determine if the devices work correctly and an inability to complete the testing threshold of 10,000 ballots due to vendor programming errors. The electronic voting machine (iVotronic) failed because it is easily disabled by voters activating the device interface, and the system lacks an audit trail to detect security violations.