In an editorial today in Roll Call, EAC Commissioner Ray Martinez wrote about the need for all electronic voting software to be filed with the National Software Reference Library at NIST. We have reproduced the opinion piece below. When Mike and I were in Travis County, we watched the county conduct hash code tests, comparing the voting system software they were using with the software on file at NIST. Unfortunately, not all voting systems currently support hash code testing because the software is not on file.
How to Ensure Accurate, Secure Voting Systems
October 25, 2005
By Ray Martinez III,
Special to Roll Call
Preparations are now under way for another busy midterm election. While much has been written since last year’s presidential election about the need for additional election reform, the Help America Vote Act of 2002, passed by Congress with overwhelming bipartisan support, is poised to deliver further improvements in the administration of elections in 2006.
Among the changes spurred by HAVA is the greater prevalence of electronic voting systems throughout the country. In 2004, approximately 30 percent of registered voters were able to record their candidate preference by using a computer-based voting system — a significant increase from only 12 percent in 2000. And yet the change to electronic voting machines has raised concern among some as to the accuracy and security of these systems.
The Election Assistance Commission, created by HAVA, will soon vote on a series of recommendations to improve the voluntary standards by which we assess the overall integrity of electronic voting systems, including the security capabilities of these systems.
One proposal the EAC will consider stands out as a significant step in the right direction toward ensuring greater security of electronic voting machines.
Since 2000, the National Institute on Standards and Technology, a well-respected government agency staffed by scientists, technicians and engineers, has operated the National Software Reference Library. Containing a collection of more than 7,000 software products in a secured room, the NSRL provides law enforcement personnel, including the FBI, with important data used to identify unknown and suspicious files on computer systems and to meet the need for court-admissible evidence in the identification of software files.
Realizing the potential use of this application to the election process, last year the EAC called on all voting systems vendors to voluntarily submit their proprietary voting system software to the NSRL to create a similar repository for state and local election administrators. The voting system vendors agreed.
Today, the NSRL contains proprietary code and software for most types of electronic voting systems used in this country. In the coming weeks, the EAC is expected to vote on a series of proposed final standards which, among other things, would require that all voting system software, including installation programs and third-party software, be deposited with the NSRL upon completion of a national voting system certification process, in which 41 states currently participate.
This means that a local election administrator will be able to verify that the operating software installed in the election management systems used in that local jurisdiction is exactly the same as the software for that particular system that was certified by an independent testing authority and deposited with the NSRL. Additionally, any irregular or suspicious files could be identified when a local election administrator utilizes the NSRL.
To be sure, more work remains to be done to fully utilize the capabilities of the NSRL. For example, critics note that while the NSRL does provide verification means to compare software installed in a voting system with the relevant software contained in the NSRL, such verification is not as effective if it is performed internally by the voting system, and it also can be difficult to manage when last-minute patches are added. The experts at NIST, along with election officials, are working to overcome these concerns.
And yet, despite these obstacles, even the most avid critics of electronic voting systems concede that the use of the NSRL in the election process is a practical step toward providing added security measures for electronic voting machines.
Like election administrators, the EAC will continue to seek innovative solutions to improve the mechanics of our great democracy. The EAC can bring information and resources previously unavailable to state and local election officials so that all Americans can have greater confidence in the fundamental fairness of our election outcomes. The NSRL stands ready to serve as but one example of such success.
Ray Martinez III is one of four members of the Election Assistance Commission.
Copyright 2005 © Roll Call Inc. All rights reserved.