Last updated on: 4/23/2008 12:23:00 PM PST
If a Software 'Patch' Is Installed, Are Electronic Voting Machines Re-tested prior to Being Used on Election Day?
Britain Williams, PhD, voting machine examiner for the State of Georgia, offered the following explanation in his May 5, 2004 testimony before the U.S. Election Assistance Commission (EAC):
"Georgia considers a voting system to consist of a specific version of each of the system components: hardware, voting system software, operating system software. Any change to any component, no matter how insignificant, is considered a different system and requires re-examination, both NASED Qualification and State Certification, of the entire system...
The KSU [Kennesaw State University] Center for Election Systems conducts a series of [State Certification] tests on the system... If any of these tests result in a modification to the system, the entire system is returned to the vendor for correction and the NASED Qualification/State Certification test cycle is repeated."
May 5, 2004 - Britain Williams, PhD
Herb Deutsch, Product Development Manager for Election Systems and Software (ES&S), stated in his Sep. 21, 2004 testimony before the Technical Guidelines Development Committee Subcommittee on Computer Security and Transparency:
"To upgrade any piece of the [electronic voting] system requires a full ITA [Independent Testing Authority] testing event with all associated documentation and source code analysis. This is true even if the only change is in an output report or export file format in the results reporting subsystem...
Many states do not have emergency certification processes. Even if they do, with the scrutiny that election officials are under today, they don't want to do anything that puts them at risk. Thus upgrades become a virtual impossibility."
Sep. 21, 2004 - Herb Deutsch, MA
Doug Jones, PhD, Associate Professor of Computer Science at the University of Iowa, stated in his paper "Testing Voting Systems," available on his website (accessed June 30, 2006):
"Loading new software or replacing hardware components on a voting machine generally requires the repetition of those parts of the pre-election tests that could possibly depend on the particular hardware or software updates that were made."
June 30, 2006 - Douglas W. Jones, PhD
The National Association of State Election Directors (NASED) explained in their Mar. 20, 2003 document "General Overview for Getting a Voting System Qualified":
"In order to maintain its status as a NASED Qualified system, the hardware and software must be identical to the hardware and software tested by the ITAs. Should it differ, even slightly, it would not meet the definition of NASED Qualified and may render the system in noncompliance with the state's certification process, so it is incumbent upon the manufacturer to keep their systems current through the ITA process."
Mar. 20, 2003 - National Association of State Election Directors (NASED)
The National Academy of Sciences' 2005 report "Asking the Right Questions About Electronic Voting," stated:
"A vendor may uncover a potentially problematic issue in software that has been previously certified and address the issue in a program patch. Strictly speaking, any change to a program requires recertification, and some state laws require recertification after every software change, no matter how small. But because full recertification generally takes a long time (in principle, as long as the initial certification), there are strong incentives for the vendor to argue that the change can be administratively approved.
The question then arises whether the change involved is small enough to be addressed administratively. In the absence of specific criteria, vendors are in the best position to know about the scope and significance of any change... If an administrative certification is not possible, election officials have the operational choice in practice between running certified code that may have problems or running uncertified code that has been fixed. Thus, some election officials may still try to think of ways to avoid this certification step."
2005 - National Academy of Sciences (NAS)
Ellen Theisen, CEO of the Vote-PAD Company, explained in her 2005 report "Myth Breakers: Facts About Electronic Elections":
"Vendors know that in most states it's illegal to install unauthorized software. Yet they do it - sometimes quite casually... Even one small change to one line of the code can impact the operation of the software, often in unexpected ways. However, many election officials do not understand the integrated nature of software and yet they have the authority to make decisions."
2005 - Ellen Theisen, MA
Kim Zetter, a journalist for Wired News wrote in her Oct. 13, 2003 article "Did E-Vote Firm Patch Election?":
"A former worker in Diebold's Georgia warehouse says the company installed patches on its machines before the state's 2002 gubernatorial election that were never certified by independent testing authorities or cleared with Georgia election officials...
According to Rob Behler, an engineer hired as a contractor to work in Diebold's Georgia warehouse last year, the Diebold systems had major functioning problems... Behler said Diebold provided warehouse workers with at least three patches to apply to the systems before state officials began logic and accuracy testing on them. Behler said one patch was applied to the machines when he came to the warehouse in June, a second patch was applied in July and a third in August after he left the warehouse...
Behler said the patches he applied were never certified. No third party, other than the Diebold engineers who created the patches, knew what was in the patches. And once machines were patched, they did not undergo re-certification."
Oct. 13, 2003 - Kim Zetter