Guest Blogged by Michael Richardson
Hours after our report last week on threatened subpoenas against the U.S. Election Assistance Commission (EAC) and its banned voting machine test laboratory, CIBER, Inc., by the New York State Board of Elections, the company supplied information concerning its lack of accreditation to New York officials. Enraged NY State Election Commissioner Doug Kellner called the secret reports “soiled laundry” that both the company and EAC had been trying to hide.
Friday, the EAC reacted to the disclosure by CIBER of confidential EAC documents by releasing the assessment reports upon which last summer’s decision for non-accreditation of CIBER was based. The documents, kept secret by the EAC for half a year, reveal a shocking level of incompetence and negligence by the “independent testing authority” (ITA) lab which tested electronic voting machines used by 68.5% of the registered voters in the November 2006 election.
By way of reminder, CIBER is one of three labs that had been testing all American voting machines as part of the ITA structure; the group of labs selected and paid for by the voting machine companies themselves to test their hardware and software --- in secret --- for Federal "authorities."
The EAC assessment report from July 2006 of the CIBER test lab in Huntsville, Alabama --- also kept secret until the matter was reported by the NY Times last month --- found “critical processes were not implemented nor procedures followed.”
The finally-released EAC documents reveal a mess at the lab which federal, state and local officials around the country had been relying on for assurance that voting machines actually worked for many years...
As the EAC inspector wrote in the now disclosed report, “CIBER is unable to follow their own defined processes and procedures to ensure the quality of their work.” As previously reported, CIBER merged with Wyle Laboratories, another test lab in Huntsville, in a bid to shore up its deficient operation and save lucrative testing contracts. Both companies were examined for quality assurance compliance. “CIBER’s reports provide limited or no descriptions of the testing performed so a reader or reviewer can not tell if all the testing was completed. Cross checking between CIBER and Wyle reports has revealed at times that neither ITA has performed certain tests, expecting that the test was done by the other.”
In addition, during the review, the ITA Practice Director indicated that the testing for a product tends to either use vendor developed tests or new tests developed specifically for the product—they have no standard test methods defined. This makes their testing dependent on vendor input and vulnerable to unique vendor interpretations rather than a core validated set of internal references for training and testing.
The ITA Practice Director in charge of CIBER’s sloppy work is Shawn Southworth. Southworth is no newcomer to electronic voting machines. Prior to federal oversight of the test labs, certification was conducted by the National Association of State Election Directors (NASED), where Southworth participated as an ”ex officio” member of the Voting Standards Board. Chairing the NASED certification board was Thomas Wilkey, now the EAC's executive director. Also serving on the qualifying panel with Wilkey and Southworth was Donetta Davidson, current chair of the EAC.
On January 3, 2007, the day before the New York Times revealed CIBER's non-accreditation and the months of EAC secrecy about the lab failures, CIBER officially responded to the EAC with Southworth providing the excuses to his old NASED colleague Tom Wilkey.
In regard to its failure to have scheduled quality assurance reviews, CIBER explained, “This comment was due to the ITA’s relatively loose handling of meetings. Since we are a small group we often just call each other down the hall for a meeting….”
For gaps in the CIBER-Wyle merger that caused the lack of testing, CIBER explained, “We were not aware this was an issue or that our scope of testing would change.” Further, “At this moment Shawn is working with Wyle to outline the relationship between the two companies.”
For lack of standardized testing, CIBER explained, “At the moment, we have not had an opportunity to test the new methods on actual projects. Until this time comes, we will not know for sure how our standardized test methods will perform. The cause of this comment seems to be that we did not know what was missing until it was pointed out.”
For failure to use National Institute of Standards and Technology (NIST) technical testing checklists, CIBER explained, “At the time of writing our process and procedures documents we were unaware of these requirements.”
The secret reports do not reveal which election jurisdictions received untested voting machines and are in sharp contrast to public statements by CIBER about its testing program. The longstanding relationship between Shawn Southworth at CIBER and EAC’s leadership team of Wilkey and Davidson raise questions about the secrecy of the accreditation process. Such questions --- and secrecy --- however, are par for the course when it comes to the entire process and "oversight" (such as there is any) by the EAC for voting machines and American voting machine companies.
Senator Diane Feinstein has written to EAC chair Davidson demanding answers. Stay tuned...