Last updated on: 4/23/2008 | Author:

If a Software Patch Is Installed, Are Electronic Voting Machines Re-Tested before Election Day?

General Reference (not clearly pro or con)

The National Academy of Sciences’ 2005 report “Asking the Right Questions About Electronic Voting,” stated:

“A vendor may uncover a potentially problematic issue in software that has been previously certified and address the issue in a program patch… [A patch] is any change to a software program.”


U.S. Representative Rush Holt (D-NJ) explained in the May 23, 2003 Congressional Record:

“A ‘patch’ [is] a modification to the voting machines’ software program.”

May 23, 2003

Ellen Theisen, CEO of the Vote-PAD Company, stated in her May 12, 2004 paper “Voter-Verified Paper Ballots Are Not Enough to Fix DRE Problems,” available at the VotersUnite! website:

“‘Patch’ is an innocuous word, like ‘glitch.’ But a patch means that the code has been changed to fix a bug.”

May 12, 2004

Oracle Corporation, an information technology company, included the following definition in their online glossary (accessed June 29, 2006):

“Patch – A software update designed to repair known problems or ‘bugs’ in previous software releases.”

June 29, 2006

PRO (yes)


Britain Williams, PhD, voting machine examiner for the State of Georgia, offered the following explanation in his May 5, 2004 testimony before the U.S. Election Assistance Commission (EAC):

“Georgia considers a voting system to consist of a specific version of each of the system components: hardware, voting system software, operating system software. Any change to any component, no matter how insignificant, is considered a different system and requires re-examination, both NASED Qualification and State Certification, of the entire system…

The KSU [Kennesaw State University] Center for Election Systems conducts a series of [State Certification] tests on the system… If any of these tests result in a modification to the system, the entire system is returned to the vendor for correction and the NASED Qualification/State Certification test cycle is repeated.”

May 5, 2004


Herb Deutsch, Product Development Manager for Election Systems and Software (ES&S), stated in his Sep. 21, 2004 testimony before the Technical Guidelines Development Committee Subcommittee on Computer Security and Transparency:

“To upgrade any piece of the [electronic voting] system requires a full ITA [Independent Testing Authority] testing event with all associated documentation and source code analysis. This is true even if the only change is in an output report or export file format in the results reporting subsystem…

Many states do not have emergency certification processes. Even if they do, with the scrutiny that election officials are under today, they don’t want to do anything that puts them at risk. Thus upgrades become a virtual impossibility.”

Sep. 21, 2004


Doug Jones, PhD, Associate Professor of Computer Science at the University of Iowa, stated in his paper “Testing Voting Systems,” available on his website (accessed June 30, 2006):

“Loading new software or replacing hardware components on a voting machine generally requires the repetition of those parts of the pre-election tests that could possibly depend on the particular hardware or software updates that were made.”

June 30, 2006


The National Association of State Election Directors (NASED) explained in their Mar. 20, 2003 document “General Overview for Getting a Voting System Qualified”:

“In order to maintain its status as a NASED Qualified system, the hardware and software must be identical to the hardware and software tested by the ITAs. Should it differ, even slightly, it would not meet the definition of NASED Qualified and may render the system in noncompliance with the state’s certification process, so it is incumbent upon the manufacturer to keep their systems current through the ITA process.”

Mar. 20, 2003

CON (no)


The National Academy of Sciences’ 2005 report “Asking the Right Questions About Electronic Voting,” stated:

“A vendor may uncover a potentially problematic issue in software that has been previously certified and address the issue in a program patch. Strictly speaking, any change to a program requires recertification, and some state laws require recertification after every software change, no matter how small. But because full recertification generally takes a long time (in principle, as long as the initial certification), there are strong incentives for the vendor to argue that the change can be administratively approved.

The question then arises whether the change involved is small enough to be addressed administratively. In the absence of specific criteria, vendors are in the best position to know about the scope and significance of any change… If an administrative certification is not possible, election officials have the operational choice in practice between running certified code that may have problems or running uncertified code that has been fixed. Thus, some election officials may still try to think of ways to avoid this certification step.”



Ellen Theisen, CEO of the Vote-PAD Company, explained in her 2005 report “Myth Breakers: Facts About Electronic Elections”:

“Vendors know that in most states it’s illegal to install unauthorized software. Yet they do it – sometimes quite casually… Even one small change to one line of the code can impact the operation of the software, often in unexpected ways. However, many election officials do not understand the integrated nature of software and yet they have the authority to make decisions.”



Kim Zetter, a journalist for Wired News wrote in her Oct. 13, 2003 article “Did E-Vote Firm Patch Election?”:

“A former worker in Diebold’s Georgia warehouse says the company installed patches on its machines before the state’s 2002 gubernatorial election that were never certified by independent testing authorities or cleared with Georgia election officials…

According to Rob Behler, an engineer hired as a contractor to work in Diebold’s Georgia warehouse last year, the Diebold systems had major functioning problems… Behler said Diebold provided warehouse workers with at least three patches to apply to the systems before state officials began logic and accuracy testing on them. Behler said one patch was applied to the machines when he came to the warehouse in June, a second patch was applied in July and a third in August after he left the warehouse…

Behler said the patches he applied were never certified. No third party, other than the Diebold engineers who created the patches, knew what was in the patches. And once machines were patched, they did not undergo re-certification.”

Oct. 13, 2003