Government Technology

E-Vote: Colorado Tests Voting Equipment, Decertifies Some



December 18, 2007 By

"If I'm too lenient in determining what passes then I risk having the state taken to court by activists groups who will ask for an injunction on the use of electronic voting machines for the 2008 election, and if I exceed the requirements of state law and the court order, then I will be sued by the vendors who manufacture and sell the equipment."

Colorado Secretary of State Mike Coffman today issued his findings from a court-mandated retesting of electronic voting equipment. In September 2006, a district court judge had ruled, in Conroy vs. Dennis, that the certification process used by the Secretary of State's office was inadequate and that the voting equipment had to be retested before the 2008 primary election. Under state law, all electronic voting equipment purchased after May 2004 has to be tested and certified by the Secretary of State's office after being federally certified.
 
"My job, as the Secretary of State, is to follow the law and the law requires my office to test the electronic voting equipment used in Colorado to make sure that these systems are secure and can accurately count every vote as set forth by the standards established in state law and mandated by a court order," said Coffman.

Under state law, the clerks and the vendors of decertified equipment will have up to 30 days to formally "request a reconsideration" of Coffman's decisions. The Legislature, when it convenes next month, can also decide to modify the requirements set forth in the state's certification law to allow decertified equipment to be used in the 2008 election. On Wednesday and Thursday, Coffman's staff will meet with the clerks and the vendors who have decertified equipment for a detailed technical briefing of the testing results and the factors leading to decertification.
 
"I had to strictly follow the law along with the court order," said Coffman. "If I'm too lenient in determining what passes then I risk having the state taken to court by activists groups who will ask for an injunction on the use of electronic voting machines for the 2008 election, and if I exceed the requirements of state law and the court order, then I will be sued by the vendors who manufacture and sell the equipment."

Coffman carefully reviewed the process for certifying electronic voting equipment used in 2006 and made dramatic changes, which include three additional layers of technical experts reviewing the tests results. He instituted a testing board composed of four technical experts to decide the passage or failure of individual tests, and an outside audit of technical experts to review the testing process, as well as making sure that the results matched the tests. He also engaged the cyber security experts from state government to also review and comment on the security testing.
 
Coffman's Decisions:

  • Premier (formally known as Diebold) All voting equipment submitted for recertification passed.
  • Sequoia The optical scan devices, Insight and 400-C, used to count paper ballots both passed, but the electronic voting machines, the Edge II and the Edge II Plus, both failed due to a variety of security risk factors, including that the system is not password protected, has exposed controls potentially giving voters unauthorized access, and lacks an audit trail to detect security violations.
  • Hart The optical scan devices, eScan and BallotNow, both failed because test results showed that they could not accurately count ballots. The electronic voting machine, eSlate, passed.
  • ES&S The optical scan devices (M 100 and the M650) both failed because of an inability to determine if the devices work correctly and an inability to complete the testing threshold of 10,000 ballots due to vendor programming errors. The electronic voting machine (iVotronic) failed because it is easily disabled by voters activating the device interface, and the system lacks an audit trail to detect security violations.



| More

Comments

Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies
Better security. Better government.
Powering security at all levels of government with simpler, more connected IT.
Cybersecurity in an "All-IP World" Are You Prepared?
In a recent survey conducted by Public CIO, over 125 respondents shared how they protect their environments from cyber threats and the challenges they see in an all-IP world. Read how your cybersecurity strategies and attitudes compare with your peers.
Maintain Your IT Budget with Consistent Compliance Practices
Between the demands of meeting federal IT compliance mandates, increasing cybersecurity threats, and ever-shrinking budgets, it’s not uncommon for routine maintenance tasks to slip among state and local government IT departments. If it’s been months, or even only days, since you have maintained your systems, your agency may not be prepared for a compliance audit—and that could have severe financial consequences. Regardless of your mission, consistent systems keep your data secure, your age
View All

Featured Papers