Monday, January 22, 2007

The case against secrecy in voting system testing

Joseph Lorenzo and Aaron Burstein have written a persuasive opinion piece in Roll Call explaining the damage that secrecy in electronic system oversight does to the election process.

"The Election Assistance Commission has some explaining to do. The secrecy that pervades the EAC, which oversees testing and certification of voting systems, holds dire consequences for our electoral system. Both chambers of Congress need to work to dispel this culture of secrecy.

A recent case illustrates why secrecy is a fundamental problem at the EAC. Last summer the EAC prohibited a lab run by Ciber Inc. from testing new voting systems due to inadequate test plans and documentation. Nonetheless, the voting systems that Ciber previously has tested remained certified and were used in elections in November. The EAC has not disclosed which voting systems Ciber tested using faulty procedures, but according to our calculations, nearly 70 percent of registered voters in the 2006 general elections voted on equipment qualified by Ciber...

consider that the public and voting officials learned of the Ciber de-accreditation not from the EAC last summer, but from The New York Times two weeks ago...

Secrecy is pervasive in voting system development and testing. As one test lab representative testified before the EAC in October, their procedures must be kept secret because their clients — voting system vendors — require confidentiality and “own” the test results. Though this secrecy might protect some proprietary information, or prevent embarrassing information from coming to light, it is inimical to proper oversight of the election system.

Last month, when the EAC adopted its new testing and certification policy, it left the major elements of voting system testing secrecy in place. For example, the EAC’s new policy will continue to allow voting system manufacturers to select, pay and communicate confidentially with test labs, thus diminishing the labs’ independence. Under its new rules, the EAC will not receive manufacturers’ technical data packages, which are documents crucial to understanding a voting system...

In addition, the EAC failed to ensure that election officials, as well as the public, can assess the sufficiency of the test labs’ work. Under its new policy, the EAC will publish test labs’ reports about systems that gain certification. The EAC, however, will not publish the details about what a lab did to test a system, the so-called test plan. Keeping the test plan secret will make it difficult for anyone other than the EAC, the labs and the vendors to judge the conclusions presented in the report. As the experience with Ciber shows, knowing how a test lab evaluates a voting system is just as important as knowing what conclusions the lab reaches.

This secrecy works against voting integrity. Test labs, after all, are charged with determining whether voting systems satisfy standards, all of which are public. Test plans simply put the rubber to the road, and the system benefits by having a common understanding of what kinds of tests are sufficiently rigorous. Keeping this information secret only protects labs with lax procedures. Greater transparency, on the other hand, would encourage all test labs to develop more rigorous procedures."

No comments: