Coalition for Voting Integrity, the home of the Voice of the Voters

GAO Reports

Home
SaveOurVote.com
Voice of the Voters! Internet/Radio
Voting News
Banfield v. CortÚs
2009 Holt Bill
Editorials
Letters
Videos
Voting Machine Allocation
Reports
*GAO Reports*
Take Action!
Legislative Efforts
Voting Principles
Vision and Principles
Pollwatching Kit
Facts & FAQs
Rebuttal re Danaher
Danaher Reexamination Request
Redistricting
Blogs, Groups
Cost Comparisons
2008 Municipal Resolutions
2005 Municipal Resolutions
Lou Dobbs
Slideshow
Lehigh and Northampton Counties
Facts about HAVA
Vote-PAD
New York Times
Join Us!
Contact Us
Contact Your PA Legislators
Donate
Links
Supportive Candidates
Songs
Voting Forum October 2005
Voting Integrity Forum, June 2005

Sept. 2008: Elections: Federal Programs for Accrediting Laboratories That Test Voting Systems Need to Be Better Defined and Implemented

"Standards for accreditation of labs that test voting machines inconsistent," Jill R. Aitoro, nextgov.com, Sept. 10, 2008

 

2007: Evidence Indicates EAC’s On-Going Failure Will Continue
Testimony to the Subcommittee on Financial Services and General Government,
Committee on Appropriations, House of Representatives

by Ellen Theisen, March 13, 2007

2007: Government Accountability Office (GAO) Report: "Elections: All Levels of Government Are Needed to Address Electronic Voting System Challenges," March 7, 2007

2005: Nonpartisan Government Accountability Office (GAO) Report Raises, Confirms Serious Questions about Security of Electronic Voting Machines

"[C]oncerns about electronic voting machines have been realized and have caused problems with recent elections, resulting in the loss and miscount of votes."

Report Accompanied by BI-PARTISAN Press Release Issued by U.S. House Members.
Congressmen: "A Wake Up Call," "Foundation of Democracy Rests Upon Security, Integrity of our Voting System"

The September 2005 GAO Report (download complete report here [PDF]) was in response to a request by several members of the U.S. House Judiciary Committee. [Click here to download the free Adobe Reader that will allow you to open the PDF file.]

 

Highlights of GAO Report:

 

GAO found that "significant concerns about the security and reliability of electronic voting systems" have been raised (p. 22). GAO indicated that "some of these concerns have been realized and have caused problems with recent elections, resulting in the loss and miscount of votes" (p. 23). According to GAO, "election officials, computer security experts, citizen advocacy groups, and others have raised significant concerns about the security and reliability of electronic voting systems, citing instances of weak security controls, system design flaws, inadequate system version control, inadequate security testing, incorrect system configuration, poor security management, and vague or incomplete standards, among other issues. … The security and reliability concerns raised in recent reports merit the focused attention of federal, state, and local authorities responsible for election administration" (p. 22-23).

 

Specific Problems Identified by GAO

Based on reports from election experts, GAO compiled numerous examples of problems with electronic voting systems including:

 

Flaws in System Security Controls

GAO concluded that "these weaknesses could damage the integrity of ballots, votes, and voting system software by allowing unauthorized modifications (p. 25).

 

Flaws in Access Controls

According to GAO, "in the event of lax supervision, the … flaws could allow unauthorized personnel to disrupt operations or modify data and programs that are crucial to the accuracy and integrity of the voting process" (p. 26).

 

Flaws in Physical Hardware Controls

GAO identified basic problems with the physical hardware of electronic voting machines. Example of problems reported by GAO included locks that could be easily picked or were all controlled by the same keys, and unprotected switches used to turn machines on and off that could easily be used to disrupt the voting process (p. 27).

 

Weak Security Management Practices by Voting Machine Vendors

GAO reported a number of concerns about the practices of voting machine vendors, including the failure to conduct background checks on programmers and system developers, the lack of internal security protocols during software development, and the failure to establish clear chain of custody procedures for handling and transporting software (p. 29).

 

Page 39 GAO-05-956 Electronic Voting Systems
Elections experts, including state and local jurisdictions.82 This
compendium, among many suggested practices, includes activities to help
ensure a secure and reliable voting process throughout a voting systems'
life cycle. As another example, in July 2004, the California Institute of
Technology and the Massachusetts Institute of Technology issued a report
recommending immediate steps to avoid lost votes in the 2004 election,
including suggestions for testing equipment, retaining audit logs, and
physically securing voting systems.83

TGDC's initial priorities have been to correct errors and fill gaps in the 2002
standards and to supplement them with provisions that address HAVA
requirements
. In May 2005, TGDC approved a first set of recommended
changes and delivered them to EAC. Subsequently, EAC published these
changes as proposed voluntary voting system guidelines and requested
public comment by
September 30, 2005. EAC plans to review and address
the comments it receives from the public and its standards and advisory
boards during October 2005, and to issue the 2005 Voluntary Voting System
Guidelines shortly thereafter, depending on the nature and volume of
comments. EAC is proposing that the 2005 voluntary voting system
guidelines will become effective 24 months after they are adopted by the
EAC, although individual states will be free to adopt the standards at any
time during the 24 month period
. According to the EAC, the 24 month
period is intended to give vendors the time to design and develop systems
that comply with the new guidelines; to give testing laboratories the
opportunity to develop testing protocols, train laboratory staff, and be
prepared to test the systems against the new guidelines; and to allow states
time to adopt the standards, adjust their certification and acceptance
testing processes, and acquire systems in plenty of time for future election
cycles.

However, NIST reported that several of the topics listed in the proposed
guidelines (including software distribution, validation of system setup, and
wireless communications) will not be fully addressed in the 2005 update,
and will need to be updated in a future version of the guidelines
.

 

Furthermore, key security and reliability improvements to the existing
standards (including guidance for the security of COTS software; ensuring
the correctness of software, testing, and documentation for system
security; enhancements to the precision and testability of the standards;
and the usability of error messages) have been deferred until the
subsequent set of guidelines is developed
. EAC officials acknowledged that
these changes will not be made in the initial set of guidelines, and
reiterated that they are focusing on what can be done in time to meet the
HAVA-mandated delivery date for the initial set of guidelines

 

.