All Voting Systems by ES&S Completely Decertified; DRE Touch-Screens from Sequoia Banned; Optical-Scan Paper Systems by Hart InterCivic Banned; All Systems by Diebold/Premier Conditionally ALLOWED for Use!
SoS Admits Federal Certification Process, Now Overseen by Former CO SoS on Behalf of EAC, 'Has Been Very Weak to Date'...
By Brad Friedman on 12/17/2007, 3:37pm PT  

Colorado's Republican Secretary of State, Mike Coffman, has announced that a number of Colorado's e-voting machines have failed state certification testings, and will not be allowed for use in the 2008 election cycle. The announcements came at a news conference in Denver which completely just minutes ago.

Describing the state's testing of four major voting machine companies previously certified in the state, Coffman explained to reporters at the presser that there were "over 3000 tests on each vendor['s systems], and over 40,000 pages documenting the tests."

"This has been an extensive process," he said, after detailing several remarkable findings from each of the systems testing. For example, test results showed that paper-based optical-scan systems made by Hart InterCivic "could not accurately count ballots." While Direct Recording Electronic (DRE, usually touch-screen) systems made by ES&S, the world's largest supplier of voting systems, could be disabled by "denial of service" attacks at the polling place with a device as simple as a magnet.

"If you were to put a magnet in close proximity or inside the port," Coffman said at the press conference today, "that would, in fact, disable that particular voting machines and it would have to be literally reprogrammed...to bring in back into circulation for that election."

While virtually all of the systems tested were found to have major vulnerabilities, a number of them were "conditionally certified" for use as long as new security mitigation requirements are met. Notably, both op-scan systems and DREs made by Diebold (now known as Premier) were given conditional certification for use, despite Diebold systems having been banned in several states previously, including California, Ohio and Florida, due to a long list of critical vulnerabilities.

A summary of the decertified and conditionally certified systems follow (links to more information on each, at the end of this article):

  • All voting systems made by Election Systems & Software, Inc. (ES&S), both paper-based optical-scan and DREs, were completely decertified. Their op-scan systems tested, according to Coffman, "both failed because of an inability to determine if the devices work correctly and an inability to complete the testing threshold of 10,000 ballots due to vendor programming errors." Their ubiqutous, and fatally flawed iVotronic DRE system "failed because it is easily disabled by voters activating the device interface, and the system lacks an audit trail to detect security violations."
  • Paper-based optical-scan systems made by Sequoia Voting Systems were conditionally certified, while their DRE systems were completely decertified for use, as they "failed due to a variety of security risk factors, including that the system is not password protected, has exposed controls potentially giving voters unauthorized access, and lacks an audit trail to detect security violations."
  • Paper-based optical-scan systems made by Hart Intercivic were decertified "because test results showed that they could not accurately count ballots"(!), while their DRE voting system was conditionally certified.
  • And finally, both optical-scan and DRE voting systems made by Diebold/Premier were conditionally certified for use in Colorado.

Coffman's announcement comes today, months after the state had hoped to have the results available, due to sluggish participation by the voting machine companies, many of whom delayed supplying required information, such as voting system source code, as requested by the Secretary of State's office.

All of Colorado's electronic voting systems were decertified just prior to the November 2006 election when a state judge ruled, in a lawsuit brought by state voters, that testing and certification procedures for e-voting systems in the Centennial State were inadequate, largely non-existent, and in violation of state law. As the judge's decertification order came just prior to that years' elections, the systems were allowed for use, but decertified immediately thereafter. The state was forced to begin the certification process from scratch thereafter...

"I had to strictly follow the law along with the court order," Coffman said in a statement [PDF] released this afternoon summarizing the findings. "If I’m too lenient in determining what passes then I risk having the state taken to court by activists groups who will ask for an injunction on the use of electronic voting machines for the 2008 election, and if I exceed the requirements of state law and the court order, then I will be sued by the vendors who manufacture and sell the equipment."

The vendors will have 30 days to appeal Coffman's decisions.

During the 2006 trial, brought against Coffman's predecessor, Gigi Dennis, it was revealed that the man overseeing the process of certification for the state, John Gardner, had no formal computer science training, in violation of state law. His testing procedure at the time amounted largely to opening the boxes, making certain documentation was present, turning the machines on and off, and stamping them as "certified." Incredibly, as detailed recently [PDF] by the Colorado Stateman's Chris Bragg, Gardner still remains in place, overseeing the state's certification procedures.

Most of the systems decertified today were originally brought into the state by Colorado's former Republican Sec. of State Donetta Davidson, who left the post when appointed by George W. Bush to the U.S. Elections Assistance Commission (EAC). She now chairs the EAC, the Executive Branch agency responsible for overseeing federal voting system certification for the entire country.

In reply to a question from a reporter at this afternoon's presser, Coffman admitted that "the federal certification process has been very weak to date."

Coffman is the latest Secretary of State to announce decertification of e-voting systems after extensive testing. He's also one of the rare Republicans to do so.

Last Friday, Ohio's Democratic SoS, Jennifer Brunner announced the results of a major bi-partisan, independent study of the state's e-voting systems, by both corporate and academic teams of computer scientists and security experts. The results included a recommended ban on all DRE voting systems in the Buckeye State after each of the tested systems was found to be easily vulnerable to manipulation. Brunner was subsequently attacked by the Ohio Republican Party, with claims unsubstantiated claims that she "cooked up" the report with "left-wing activist academics".

In late August, the Democratic SoS in California, Debra Bowen, announced that DRE voting systems made by Sequoia and Diebold would be banned for use, other than one per polling place to marginally meet federal disability voting standards. She also mandated that 100% of the so-called "paper trails" from those DRE systems would have to be hand-counted after any election in which they were used.

Earlier in the year, after prodding by Florida's new Republican governor, Charlie Crist and Election Integrity advocates in the state, the Republican-majority legislature agreed to ban DRE voting systems in the Sunshine State. Their Republican SoS, Kurt Browning, an ardent DRE supporter, reluctantly agreed to support the state's DRE ban.

Audio, appx. 24 minutes, from Coffman's press conference follows, though we missed the first few minutes in our recording (we'll replace this with a better one if we can get one)...

Summary documents from the Colorado Sec. of State's office, on the results of their certification testing, follow below. All links PDF...