EAC halts certification of e-voting system

A manufacturer of electronic voting systems and a pair of certification laboratories have landed in hot water with the Election Assistance Commission for breaking the rules of the certification process.

EAC yesterday sent a notice of noncompliance to Sequoia Voting Systems because the company had contracted with two voting system test laboratories, which 'violates the requirements and procedures of the EAC Testing and Certification Program.'

Letters also were sent to iBeta Software Quality Assurance, the lead laboratory in the process, and to SysTest Labs, with which Sequoia also had contracted for testing, advising them of the problem and ordering a halt to the certification process.

Sequoia has 30 days to correct the problem by providing EAC with a detailed description of its contracts, developing a plan to ensure that the company will comply with EAC certification requirements and to authorize the release of all testing information for review.

If Sequoia does not comply, it would be dropped from the certification process.

That would not necessarily be a fatal blow to the company's voting systems, since EAC certification is voluntary and there are several standards under which a voting system can be certified. Many states do require certification, however, and failure to certify could put the company's systems at a disadvantage at a time when electronic voting is undergoing a great deal of public scrutiny.

EAC was formed in the wake of the disputed 2000 presidential election to help avoid a repetition of those problems. One of its responsibilities was to take over the certification of voting systems, electronic and otherwise, which until that time had been managed by state election officials.

Currently, voting systems can be certified under a set of standards developed in 2002 by the Federal Election Commission or under voluntary guidelines adopted by EAC in 2005. The FEC standards will be dropped at the end of this year, although systems certified under them will retain their certifications. EAC is updating its 2005 guidelines and expects to soon release a draft version for public review.

EAC, with the assistance of the National Institute of Standards and Technology, accredits independent laboratories to do certification testing.

Sequoia applied in August to have its WinEDS v.4.0.34 system certified by iBeta, but also listed SysTest Labs and Wyle Labs as subcontractors. But EAC rules require that a manufacturer select only one lab for testing and stick with that lab. Manufacturers with systems undergoing evaluation may not change labs in midstream.

'The purpose behind these requirements is to protect the independence of EAC' labs, wrote Brian Hancock, director of testing and certification, in a letter to Sequoia. 'Even the appearance of manufacturer influence over the testing process is unacceptable. A situation where a manufacturer is contracting directly with multiple laboratories to perform various parts of the certification process creates the appearance that the manufacturer is influencing the certification of its own product.'

The commission also chided SysTest, which had argued that the practice had been acceptable when the program was under state control and that the issue was not addressed in EAC regulations.

'The situation is explicitly prohibited under the program,' the Hancock wrote. 'In the future we encourage you to coordinate more closely with the agency so that we may avoid problems rather than reporting them.'

About the Author

William Jackson is a Maryland-based freelance writer.

inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group