If a Software 'Patch' Is Installed, Are Electronic Voting Machines Re-tested prior to Being Used on Election Day?
Britain Williams, PhD, voting machine examiner for the State of Georgia, offered the following explanation in his May 5, 2004 testimony before the U.S. Election Assistance Commission (EAC):
considers a voting system to consist of a specific version of each of
the system components: hardware, voting system software, operating
system software. Any change to any component, no matter how
insignificant, is considered a different system and requires
re-examination, both NASED Qualification and State Certification, of
the entire system...
KSU [Kennesaw State University] Center for Election Systems conducts a
series of [State Certification] tests on the system... If any of these
tests result in a modification to the system, the entire system is returned to the vendor for correction and the NASED Qualification/State Certification test cycle is repeated."
Herb Deutsch, Product Development Manager for Election Systems and Software (ES&S), stated in his Sep. 21, 2004 testimony before the Technical Guidelines Development Committee Subcommittee on Computer Security and Transparency:
upgrade any piece of the [electronic voting] system requires a full ITA
[Independent Testing Authority] testing event with all associated
documentation and source code analysis. This is true even if the only
change is in an output report or export file format in the results
states do not have emergency certification processes. Even if they do,
with the scrutiny that election officials are under today, they don't
want to do anything that puts them at risk. Thus upgrades become a
Doug Jones, PhD, Associate Professor of Computer Science at the University of Iowastated in his paper "Testing Voting Systems," available on his website (accessed June 30, 2006):
"Loading new software or replacing hardware components on a voting machine generally requires the repetition of those parts of the pre-election tests that could possibly depend on the particular hardware or software updates that were made."
The National Association of State Election Directors (NASED) explained in their Mar. 20, 2003 document "General Overview for Getting a Voting System Qualified":
order to maintain its status as a NASED Qualified system, the hardware
and software must be identical to the hardware and software tested by
the ITAs. Should it differ, even slightly, it would not meet the
definition of NASED Qualified and may render the system in
noncompliance with the state's certification process, so it is
incumbent upon the manufacturer to keep their systems current through
the ITA process."
The National Academy of Sciences' 2005 report "Asking the Right Questions About Electronic Voting," stated:
"A vendor may uncover a potentially problematic issue in software that has been previously certified and address the issue in a program patch. Strictly speaking, any change to a program requires recertification, and some state laws require recertification after every software change, no matter how small. But because full recertification generally takes a long time (in principle, as long as the initial certification), there are strong incentives for the vendor to argue that the change can be administratively approved.
The question then arises whether the change involved is small enough to be addressed administratively. In the absence of specific criteria, vendors are in the best position to know about the scope and significance of any change... If an administrative certification is not possible, election officials have the operational choice in practice between running certified code that may have problems or running uncertified code that has been fixed. Thus, some election officials may still try to think of ways to avoid this certification step."
Ellen Theisen, CEO of the Vote-PAD Company, explained in her 2005 report "Myth Breakers: Facts About Electronic Elections":
"Vendors know that in most states it's illegal to install unauthorized software. Yet they do it - sometimes quite casually... Even one small change to one line of the code can impact the operation of the software, often in unexpected ways. However, many election officials do not understand the integrated nature of software and yet they have the authority to make decisions."
Kim Zetter, a journalist for Wired News wrote in her Oct. 13, 2003 article "Did E-Vote Firm Patch Election?":
former worker in Diebold's Georgia warehouse says the company installed
patches on its machines before the state's 2002 gubernatorial election
that were never certified by independent testing authorities or cleared
with Georgia election officials...
to Rob Behler, an engineer hired as a contractor to work in Diebold's
Georgia warehouse last year, the Diebold systems had major functioning
problems... Behler said Diebold provided warehouse workers with at
least three patches to apply to the systems before state officials
began logic and accuracy testing on them. Behler said one patch was
applied to the machines when he came to the warehouse in June, a second
patch was applied in July and a third in August after he left the
said the patches he applied were never certified. No third party, other
than the Diebold engineers who created the patches, knew what was in
the patches. And once machines were patched, they did not undergo