[House Hearing, 110 Congress]
[From the U.S. Government Publishing Office]


 
ENSURING FAIRNESS AND ACCURACY IN ELECTIONS INVOLVING ELECTRONIC VOTING 
                                SYSTEMS

=======================================================================

                                HEARING

                               before the

                  SUBCOMMITTEE ON INFORMATION POLICY,
                     CENSUS, AND NATIONAL ARCHIVES

                                 of the

                         COMMITTEE ON OVERSIGHT
                         AND GOVERNMENT REFORM

                        HOUSE OF REPRESENTATIVES

                       ONE HUNDRED TENTH CONGRESS

                             FIRST SESSION

                               __________

                             APRIL 18, 2007

                               __________

                            Serial No. 110-5

                               __________

Printed for the use of the Committee on Oversight and Government Reform


  Available via the World Wide Web: http://www.gpoaccess.gov/congress/
                               index.html
                     http://www.oversight.house.gov




                      U.S. GOVERNMENT PRINTING OFFICE
35-768 PDF                    WASHINGTON  :  2007
---------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government
Printing Office Internet:  bookstore.gpo.gov Phone:  toll free (866)
512-1800; DC area (202) 512-1800 Fax: (202)512-2250 Mail: Stop SSOP,
Washington, DC 20402-0001 







             COMMITTEE ON OVERSISGHT AND GOVERNMENT REFORM

                 HENRY A. WAXMAN, California, Chairman
TOM LANTOS, California               TOM DAVIS, Virginia
EDOLPHUS TOWNS, New York             DAN BURTON, Indiana
PAUL E. KANJORSKI, Pennsylvania      CHRISTOPHER SHAYS, Connecticut
CAROLYN B. MALONEY, New York         JOHN M. McHUGH, New York
ELIJAH E. CUMMINGS, Maryland         JOHN L. MICA, Florida
DENNIS J. KUCINICH, Ohio             MARK E. SOUDER, Indiana
DANNY K. DAVIS, Illinois             TODD RUSSELL PLATTS, Pennsylvania
JOHN F. TIERNEY, Massachusetts       CHRIS CANNON, Utah
WM. LACY CLAY, Missouri              JOHN J. DUNCAN, Jr., Tennessee
DIANE E. WATSON, California          MICHAEL R. TURNER, Ohio
STEPHEN F. LYNCH, Massachusetts      DARRELL E. ISSA, California
BRIAN HIGGINS, New York              KENNY MARCHANT, Texas
JOHN A. YARMUTH, Kentucky            LYNN A. WESTMORELAND, Georgia
BRUCE L. BRALEY, Iowa                PATRICK T. McHENRY, North Carolina
ELEANOR HOLMES NORTON, District of   VIRGINIA FOXX, North Carolina
    Columbia                         BRIAN P. BILBRAY, California
BETTY McCOLLUM, Minnesota            BILL SALI, Idaho
JIM COOPER, Tennessee                ------ ------
CHRIS VAN HOLLEN, Maryland
PAUL W. HODES, New Hampshire
CHRISTOPHER S. MURPHY, Connecticut
JOHN P. SARBANES, Maryland
PETER WELCH, Vermont

                     Phil Schiliro, Chief of Staff
                      Phil Barnett, Staff Director
                       Earley Green, Chief Clerk
                  David Marin, Minority Staff Director

   Subcommittee on Information Policy, Census, and National Archives

                   WM. LACY CLAY, Missouri, Chairman
PAUL E. KANJORSKI, Pennsylvania      MICHAEL R. TURNER, Ohio
CAROLYN B. MALONEY, New York         CHRIS CANNON, Utah
JOHN A. YARMUTH, Kentucky            BILL SALI, Idaho
PAUL W. HODES, New Hampshire
                      Tony Haywood, Staff Director










                            C O N T E N T S

                              ----------                              
                                                                   Page
Hearing held on April 18, 2007...................................     1
Statement of:
    Carnahan, Robin, Secretary of State, State of Missouri; Avi 
      D. Rubin, technical director, Information Security 
      Institute, Department of Computer Science, Johns Hopkins 
      University; John S. Groh, vice president, Election Systems 
      and Software International, and chairman, Election 
      Technology Council; and Diane Golden, director, Missouri 
      Assistive Technology Council, on behalf of the National 
      Association of Assistive Technology Act Programs...........    83
        Carnahan, Robin..........................................    83
        Golden, Diane............................................    98
        Groh, John S.............................................    93
        Rubin, Avi D.............................................    89
    Hillman, Gracia, Commissioner, U.S. Election Assistance 
      Commission; and Randolph Hite, Director, Information 
      Technology Architecture and Systems, U.S. Government 
      Accountability Office......................................    16
        Hillman, Gracia..........................................    16
        Hite, Randolph...........................................    34
Letters, statements, etc., submitted for the record by:
    Carnahan, Robin, Secretary of State, State of Missouri, 
      prepared statement of......................................    85
    Clay, Wm. Lacy, a Representative in Congress from the State 
      of Missouri, prepared statement of.........................     4
    Golden, Diane, director, Missouri Assistive Technology 
      Council, on behalf of the National Association of Assistive 
      Technology Act Programs, prepared statement of.............   100
    Groh, John S., vice president, Election Systems and Software 
      International, and chairman, Election Technology Council, 
      prepared statement of......................................    95
    Hillman, Gracia, Commissioner, U.S. Election Assistance 
      Commission, prepared statement of..........................    18
    Hite, Randolph, Director, Information Technology Architecture 
      and Systems, U.S. Government Accountability Office, 
      prepared statement of......................................    36
    Maloney, Hon. Carolyn B., a Representative in Congress from 
      the State of New York, prepared statement of...............    12
    Rubin, Avi D., technical director, Information Security 
      Institute, Department of Computer Science, Johns Hopkins 
      University, prepared statement of..........................    91
    Sali, Hon. Bill, a Representative in Congress from the State 
      of Idaho, prepared statement of............................    75
    Turner, Hon. Michael R., a Representative in Congress from 
      the State of Ohio, prepared statement of...................     9
    Yarmuth, Hon. John A., a Representative in Congress from the 
      State of Kentucky, prepared statement of...................    67

ENSURING FAIRNESS AND ACCURACY IN ELECTIONS INVOLVING ELECTRONIC VOTING 
                                SYSTEMS

                              ----------                              


                       WEDNESDAY, APRIL 18, 2007

                  House of Representatives,
   Subcommittee on Information Policy, Census, and 
                                 National Archives,
              Committee on Oversight and Government Reform,
                                                    Washington, DC.
    The subcommittee met, pursuant to notice, at 2 p.m. in room 
2154, Rayburn House Office Building, Hon. Wm. Lacy Clay 
(chairman of the subcommittee) presiding.
    Present: Representatives Clay, Hodes, Maloney, Sali, 
Turner, Yarmuth, and Watson.
    Staff present: Tony Haywood, staff director and counsel; 
Alissa Bonner and Adam C. Bordes, professional staff members; 
Jean Gosa, clerk; Nidia Salazar, staff assistant; Leneal Scott, 
information systems manager; Jacy Dardine, intern; Jay 
O'Callaghan, minority professional staff member; John Cuaderes, 
minority senior investigator and policy advisor; and Benjamin 
Chance, minority clerk.
    Mr. Clay. The Subcommittee on Information Policy, Census, 
and National Archives of the Committee on Oversight and 
Government Reform will now come to order. Today's hearing will 
examine issues relating to ensuring fairness and accuracy in 
elections involving electronic voting systems.
    Without objection, the Chair and ranking minority member 
will have 5 minutes to make opening statements, followed by 
opening statements not to exceed 3 minutes by any other Member 
who seeks recognition.
    Without objection, Members or witnesses may have 5 
legislative days to submit a written statement or extraneous 
material for the record.
    Let me start off by saying good afternoon and welcome to 
today's hearing. As we enter the 2008 election season, it is 
essential that this subcommittee examine the use of modern 
electronic voting systems and the potential vulnerabilities 
associated with them. The principle of free and fair elections 
is the foundation of our democratic Government. The 
constitutional right to vote has enabled our Nation's citizens 
to be stakeholders in the greatest democratic experiment the 
world has ever known.
    The need for uniform standards to govern Federal elections 
became painfully clear in the weeks following the 2000 
Presidential election in Florida. In response to news reports 
of hanging chads, invalid punch card ballots and insufficient 
controls over voter registration systems in Florida, Congress 
passed the Help America Vote Act of 2002. HAVA is the first 
comprehensive Federal law establishing requirements for the 
administration of Federal elections.
    These requirements cover voting system standards and voter 
information and registration requirements. HAVA created the 
Election Assistance Commission to serve as a national 
clearinghouse for election information, to develop standards 
for electronic voting systems, and to assist State and local 
governments in their HAVA compliance efforts.
    Research and development activities required by HAVA are 
carried out by the National Institute of Standards and 
Technology under the EAC's direction. To date, Congress has 
appropriated over $3 billion to the EAC for these activities. 
With grants from the EAC, many State and local jurisdictions 
have attempted to improve the reliability and accuracy of the 
voting process by replacing antiquated punch card or lever 
machine systems with electronic voting systems such as direct 
recording electronic or optical scan systems.
    Unfortunately, numerous State and local governments have 
reported significant problems with electronic systems. The 
still-contested House election in Florida's 13th District is a 
prominent example of how in some instances electronic voting 
systems have produced unreliable results, raising concerns 
among voting system experts, and causing distrust among voters.
    Accordingly, I believe we should pursue two major goals in 
moving forward with new electronic voting system requirements. 
First, we should utilize technology that provides an 
independent auditable voting record that can be verified by 
election officials, such as a paper audit trail for DREs. In 
addition, we should ensure that electronic voting system 
standards meet the need for adequate privacy safeguards and 
accessibility for the disabled. These efforts would help to 
ensure that every vote is accurately counted.
    Second, we must try to make the process for testing 
software code more transparent. This would enable both the EAC 
and election officials to determine which products are the most 
secure, reliable and available in the marketplace. To do this, 
I believe the EAC and the NIST should search for new 
opportunities to partner with our federally funded research 
community in order to improve our vulnerability testing and 
certification practices.
    Furthermore, the EAC should fully implement GAO's 
recommendations for strengthening the commission's efforts to 
become a true national clearinghouse for election 
administration.
    Unfortunately, the technological challenges we face are 
compounded by problems with the EAC itself. Recent news reports 
indicate that the EAC has failed to carry out certain 
responsibilities required by HAVA. During the past week, the 
New York Times and other publications have reported that the 
EAC edited the findings of a Government-funded report on voter 
fraud to support partisan efforts to mislead the public on the 
pervasiveness of fraud.
    Furthermore, we have learned that recent research on State 
voter ID standards conducted by Rutgers University for the EAC 
was rejected for questionable reasons. These developments 
suggest that the bipartisan EAC may be improperly politicizing 
their work. At the very least, it appears that the EAC has 
strayed from its mandate to develop and disseminate vital 
information on major election-related topics to the public in 
an objective manner. As a result, I have serious concerns about 
how the EAC is handling its stewardship role within our Federal 
election system.
    It is my hope that our witnesses today can address these 
issues and offer recommendations to remedy the challenges we 
face.
    Testifying on our first panel will be Commissioner Gracia 
Hillman of the Election Assistance Commission, and Mr. Randolph 
Hite of the Government Accountability Office. Our second panel 
includes four distinguished witnesses from both the public and 
private sector: The Honorable Robin Carnahan, Missouri 
Secretary of State; Professor Avi Rubin of Johns Hopkins 
University; Mr. John Groh, vice president of Election Systems 
and Software, and chairman of the Election Technology Council; 
and Dr. Diane Golden of the Missouri Assistive Technology 
Council.
    I welcome all of our witnesses and look forward to an 
informative and frank discussion on these issues.
    Now I recognize the ranking member from Ohio, Mr. Turner.
    [The prepared statement of Hon. Wm. Lacy Clay follows:]
    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    
    Mr. Turner. Thank you, Mr. Chairman. I appreciate your 
holding this very important hearing.
    Since the 2000 Presidential race, the Federal Government 
has been actively involved in seeking a uniform, accessible 
solution that helps ensure better elections. While overall, 
voting systems may have improved, we should continue to 
investigate our voting systems and make improvements when the 
need arises.
    After Congress passed the bipartisan legislation Help 
America Vote Act in 2002, complaints arose regarding direct 
recording electronic voting machines, which are commonly known 
as touch screen voting machines used for elections in the 
majority of States. The security and accuracy in vote recording 
on these machines are of particular concern. Also, some 
accounts claim the operation of DRE machines may be confusing 
for some. To that end, we should address and resolve these 
issues.
    Mr. Chairman, this is one reason why today's hearing is so 
important. We need honest feedback and thorough analysis of any 
problems encountered in these new voting machines.
    Mr. Chairman, I want to thank you for inviting a balanced 
panel that will give us all sides of the story.
    I appreciate the witnesses' testimony and I yield back the 
balance of my time.
    [The prepared statement of Hon. Michael R. Turner follows:]
    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    
    Mr. Clay. Thank you very much, Mr. Turner.
    Are there any other Members who would like to have an 
opening statement? Mrs. Maloney.
    Mrs. Maloney. Thank you, Mr. Chairman. I thank Chairman 
Clay and Ranking Member Turner for holding today's hearing 
about an issue that deeply concerns me, the accuracy of our 
Nation's voting systems.
    Our representative democracy depends upon the integrity of 
the voting system, and it is imperative that the machines are 
secure and reliable. Questions have been raised about the 
security and reliability of electronic voting systems, 
including weak security controls and design flaws, among other 
concerns.
    In the 2004 election, millions of voters used electronic 
voting machines that lacked a voter-verified paper audit trail. 
Nationwide, the problems included broken voting machines and 
inaccurately recorded votes, where in a few jurisdictions the 
votes were switched from John Kerry to George Bush and vice 
versa.
    Maryland experienced so many problems with its electronic 
voting machines in the September 2006 primary that its Governor 
urged residents to vote with absentee ballots to ensure that 
their votes were counted.
    I support requiring voting machines to have a voter-
verifiable paper audit trail, and I am a cosponsor of H.R. 811, 
the Voter Confidence and Increased Accessibility Act, which 
would require a voter-verified permanent paper record or hard 
copy.
    The American people also deserve to know who is 
manufacturing and controlling the voting machines they are 
using, and if these machines are at risk for outside 
manipulation.
    Last year, I raised the possibility in front of the 
Committee on Foreign Investment in the United States Review 
Board of Smartmatic's purchase in 2005 of Sequoia Voting 
Machines because of my concerns that a foreign government--in 
this case, Venezuela--was investing in or owning the company 
that supplies voting machines for U.S. elections.
    CFIUS looks at national security threats. I can't think of 
a larger national security threat than not having the total 
integrity of your voting machines.
    For a few years, questions surrounded Smartmatic about its 
ownership and its possible ties and control by the Venezuelan 
government. In December, Smartmatic announced that it would 
sell Sequoia voting machines. There clearly were doubts about 
this company, and as long as those doubts lingered, many people 
would have legitimate questions about the integrity of those 
voting machines.
    It is time to institute procedures that ensure that 
election results can be audited to ensure accuracy. If the 
American public does not have faith that their votes will be 
recorded accurately, they may decide to stay home on election 
day, which would undermine our democracy.
    I look forward to hearing the witnesses. Again, I can't 
think of a more important issue that we could be looking at 
than the integrity of our voting machines.
    Thank you.
    [The prepared statement of Hon. Carolyn B. Maloney 
follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

    Mr. Clay. Thank you so much, Mrs. Maloney, for your opening 
statement.
    It is the policy of the committee to swear in all witnesses 
before they testify. I would like to ask you both to please 
stand and raise your right hands.
    [Witnesses sworn.]
    Mr. Clay. Thank you. Let the record reflect that the 
witnesses answered in the affirmative.
    Ms. Hillman, please proceed.

   STATEMENTS OF GRACIA HILLMAN, COMMISSIONER, U.S. ELECTION 
ASSISTANCE COMMISSION; AND RANDOLPH HITE, DIRECTOR, INFORMATION 
     TECHNOLOGY ARCHITECTURE AND SYSTEMS, U.S. GOVERNMENT 
                     ACCOUNTABILITY OFFICE

                  STATEMENT OF GRACIA HILLMAN

    Ms. Hillman. Thank you very much. Let me begin by saying 
that EAC has submitted for the record extensive testimony 
outlining the details of all of our programs that certify and 
test voting systems, including the hardware and software. My 
remarks will summarize some of the testimony.
    Good afternoon, Chairman Clay, Ranking Member Turner and 
all members of the subcommittee. My name is Gracia Hillman and 
I am a member of the U.S. Election Assistance Commission. Mr. 
Chairman, you asked me here today to discuss issues concerning 
fairness and accuracy in elections that use electronic voting 
systems. Today's hearing adds an important discussion to this 
issue. Fairness and accuracy are crucial components in every 
facet of elections. This applies to voter registration, casting 
ballots, and certifying election results.
    It is important to remember that whether we are discussing 
a ballot box, an optical scan machine, or an electronic touch 
screen voting system, people control fair and accurate 
elections. There are lots of discussions about whether we can 
or should trust electronic voting machines. States choose their 
voting systems and some are now switching to optical scan 
machines. However, we must remember that electronic technology 
is not exclusive to a touch screen voting system. The counting 
and casting of ballots on an optical scan machine is done 
electronically, so we must cast a critical eye on all voting 
technologies, and the system manufacturers and the testing 
laboratories must join us in that endeavor.
    Mr. Chairman, it is not enough to only examine the device 
that people use to vote. We must remember that voting is a 
human exercise. To that end, EAC focuses on the technical 
functions and testing of voting systems, and at the same time, 
we examine the human management of elections. America is in a 
period of major changes in the technology of our voting system. 
We know that electronic voting systems bring advantages. For 
example, they enable us to meet the language and disability 
access requirements of HAVA, and they prevent people from over-
voting a ballot.
    However, if people do not trust these systems, if they 
believe the systems can be compromised, then the advantages do 
not mean very much. Nonetheless, it is important to point out 
that to compromise a voting system, and I am talking about any 
type of voting system, you must have two things: knowledge of 
the system and unsupervised access to the machine and software.
    Mr. Chairman, election officials follow security protocols 
to prevent that access. I mean, really, no voting system should 
be fully trusted unless election officials store them in a 
secure location, prevent tampering, conduct independent logic 
and accuracy testing, train its workers, audit the results, and 
let the public observe the entire process.
    EAC publishes guidelines on how to secure voting systems. 
We emphasize that details and training matter in every facet of 
elections. Just one person forgetting one detail, like 
forgetting to bring election day supplies to the polling place 
or not even showing up to open the polls, can make or break an 
election.
    Mr. Chairman, before closing I want to address the issue of 
paper trail printing devices for DRE machines. As you know, 
this device enables a voter to confirm his selections before 
casting the ballot and presumably the paper could be used in 
audits. I am not here to discuss whether Congress should 
mandate paper trail. I do want to point out that depending on 
what the particular requirements are, at least 180,000 DREs in 
this country would have to be replaced or upgraded.
    When you combine the introduction of new equipment, earlier 
primaries, and the enormous tasks of recruiting and training 
poll workers to meet a Presidential election year deadline, 
which is only a year and a half from now, you have all of the 
ingredients for a recipe for colossal confusion. That is why we 
cannot discuss voting system technology in a vacuum. We must 
also discuss and consider the human element.
    I have spent my entire career working to make sure all 
voters are treated fairly and that votes are counted 
accurately. It is useful to question the use of electronic 
voting systems. However, I urge you to not let electronic 
voting divert our attention from issues such as voter 
registration, participation and disenfranchisement.
    It is my understanding that the committee likely has 
questions for me about EAC matters, namely our research and 
study work. I am prepared to answer your questions about my 
testimony today and all of our other work.
    Thank you for this opportunity.
    [The prepared statement of Ms. Hillman follows:]
    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    
    Mr. Clay. Thank you so much for your testimony, Ms. 
Hillman.
    Mr. Hite, you may proceed. Would you summarize your 
testimony for us within 5 minutes?

                   STATEMENT OF RANDOLPH HITE

    Mr. Hite. Yes, sir.
    Thank you, Chairman Clay.
    In the wake of the 2000 and 2004 elections, GAO looked at 
the national election process end to end, focusing on all 
aspects of it, including the use of electronic voting systems. 
Our most recent reports cast considerable light on the 
challenges associated with these systems, so my testimony today 
draws from those reports and I will summarize it by making five 
points.
    Point one, although voting systems play a major role in 
elections, they are but one facet of a highly complex and 
decentralized election environment that depends on the 
effective interplay of people, processes and technology. As 
such, when I think of a ``voting system'' I think of not only 
the hardware and software, but also the persons who interact 
with them and the rules that govern this interaction.
    Point two, although security and reliability have arguably 
taken center stage in the debate surrounding electronic voting 
systems, other performance characteristics such as ease of use 
and cost should not be overlooked. For example, certain DREs 
have been found to have security vulnerabilities that can be 
exploited, such as unencrypted files and no or easily guessed 
passwords, and some lack a paper record.
    At the same time, DREs can be more accommodating to voters 
with disabilities, and they can protect against common voter 
errors such as over-voting.
    On the other hand, optical scan voting systems, 
particularly central count systems, have a lower capital cost 
than DREs and they offer a paper record. However, they can be 
more challenging for voters with certain types of disabilities, 
and they can create paper nightmares for jurisdictions that 
have to accommodate multiple languages.
    Point three, voting system security and reliability is a 
function of how well each phase in the voting system life cycle 
is managed at all levels of government. Simply stated, the 
system life cycle begins with defining the standards that a 
system is to meet. It is followed by vendor development and 
associated vendor and government testing to ensure that the 
standards are met. It ends with government acquisition and 
operation and maintenance of the vendor systems. How well each 
of these phases is executed will largely dictate how securely 
and reliably the system performs on election day.
    Since the 2004 elections, a range of concerns have been 
voiced about the extent to which the activities associated with 
each of these life cycle phases are being performed by all 
levels of government and the system manufacturers.
    Point four, given the highly decentralized nature of 
elections, States and local jurisdictions play huge roles in 
the life cycle management of voting systems. However, they have 
not always ensured that important voting system management 
practices are employed. Relative to the 2004 elections, we 
surveyed the 50 States and the District of Columbia, a sample 
of 788 local voting jurisdictions, and we visited 28 
jurisdictions. According to the responses we received, outdated 
systems standards were sometimes being adopted and applied; 
certain types of testing were widely performed, while others 
were rarely performed; security management practices ranged 
from rigorous to ad hoc; and the nature and type of security 
controls ran the gamut.
    Point five, the challenges associated with ensuring that 
electronic voting systems operate securely and reliably during 
an election are many and profound, but they are not like the 
challenges related to relying on technology to support any 
mission-critical government operation. However, the highly 
diffused and decentralized nature of elections, in my opinion, 
makes these challenges more formidable, as it requires the 
combined efforts of all levels of government.
    HAVA established the EAC and assigned it certain 
responsibilities relative to these efforts. We have made 
recommendations to assist the EAC in this regard, which it 
agreed with. In general, these recommendations focused on 
introducing greater transparency and accountability into the 
EAC's activities by having them develop plans for each of its 
areas of responsibility, that is, plans that defined what 
actions will be done, when, at what cost, to what end, and what 
outcomes will be achieved.
    To the EAC's credit, it has continued taking important 
action since our recommendations aimed at meetings its HAVA 
responsibilities. However, we have yet to see the kind of 
strategic planning that our recommendations envisioned.
    This concludes my statement. I would be happy to answer any 
questions that you have.
    [The prepared statement of Mr. Hite follows:]
    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    
    Mr. Clay. Thank you very much. Thank you both for your 
testimony.
    Let me start with Mr. Hite. Mr. Hite, GAO's past work on 
electronic voting systems highlights the need for vendors and 
election officials to better manage this equipment throughout 
the product life cycle. Have there been adequate best practices 
or requirements promulgated under the VVSG guidelines or under 
HAVA for stakeholders to follow?
    Mr. Hite. The voluntary voting system guidelines that you 
refer to in 2005, that take effect at the end of this year, is 
a vast improvement over the standards that were in place prior 
to this. Is it complete and comprehensive relative to the range 
of security provisions that need to be in the standards? No. It 
is a work in process in that regard, and it will need to evolve 
over time.
    Mr. Clay. Doesn't the lack of effective system standards 
hinder the implementation of stronger stewardship best 
practices?
    Mr. Hite. Yes, sir. It is a key variable in that equation. 
It is actually a double-edged sword. On the one hand, you want 
to have the most up to date, robust, comprehensive standards 
that you can have. At the same time, you have to consider the 
capacity to implement those standards, and the impact it is 
going to have on the States and the jurisdictions out there to 
adjust their systems environment to comply with those 
standards. It is not something that can be done overnight.
    So you are trying to balance the two from a practical 
standpoint in terms of the pace at which you are asking 
jurisdictions to improve, and their capacity to improve.
    Mr. Clay. Well, there is a problem that the standards were 
not put in place initially, and that people didn't have many 
guidelines to follow?
    Mr. Hite. Absolutely. The root cause of this is that the 
standards were pretty much stagnant for virtually a decade. So 
we are trying to play catch-up relative to putting in place the 
kind of quality standards that are needed.
    Mr. Clay. Has NIST begun to research the larger issues of 
electronic voting system architecture, as opposed to testing 
and evaluation of current products on the market, in order to 
address the inherent vulnerabilities in the systems currently 
in use? Has that started to occur?
    Mr. Hite. Sir, I don't have the answer to that because I 
don't know. It kind of relates to the point that we were making 
relative to creating more transparency around what is going to 
be done, when, relative to getting to the desired end with 
regard to standards in other areas.
    Mr. Clay. Thank you for that response.
    Ms. Hillman, it has been stated that individuals with 
expertise and experience in assistive technology have not been 
involved in discussions regarding voting security and in 
judging conformance to accessibility standards. I know that Dr. 
Diane Golden, who will testify on the following panel, has 
provided testimony to the EAC and the TGDC.
    Can you tell me, beyond this, to what extent has the EAC 
tried to involve experts from the assistive technology 
community in development of standards?
    Ms. Hillman. Yes. On the Technical Guidelines Development 
Committee, there are two members representing the Access Board, 
and certainly concerns from the disability community are 
brought to discussions of the voluntary guidelines through 
their participation.
    In addition, the EAC has met with members of the disability 
community. One of the members of our Board of Advisors 
represents the American Association of Persons with 
Disabilities. And we post all of our draft guidelines out for 
public comment. Of 6,000 comments we received, I know that 
several hundred came from members of the disability community.
    Mr. Clay. Thank you for that.
    GAO has offered the EAC a list of open recommendations from 
its 2005 report on the reliability of e-voting systems. Some of 
these recommendations address critical topics such as the 
NIST's work on software assurance and interim standards for the 
certification of e-voting products. Does the EAC intend to 
implement all of the GAO's recommendations? What is the status 
of the commission's implementation efforts?
    Ms. Hillman. As Mr. Hite indicated, we did agree with their 
recommendations and we are certainly working to make certain 
that our program to test and certify voting systems is done in 
a way that does two things. It provides the rigorous testing to 
assure election officials that the machines are compliant, and 
that the process is as open and understanding to the public so 
that we can get past some of the technicalities and the public 
can appreciate the benefits of the Federal Government testing 
and certifying machines.
    The process is new. I think, as you know, the Election 
Assistance Commission was set up in a way that we lost a good 
year of operation before we could really begin our work, due to 
lack of funding. But once that began, we have caught up. Our 
certification program is in place. We have accredited 
laboratories that are poised and ready to begin that testing.
    Mr. Clay. Thank you for that response.
    We have some additional Members that joined us. I will go 
to the gentleman from Kentucky, Mr. Yarmuth. I understand you 
have an opening statement.
    Mr. Yarmuth. Thank you, Mr. Chairman. I will just submit it 
for the record. That will be fine. I appreciate it.
    [The prepared statement of Hon. John A. Yarmuth follows:]
    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    
    Mr. Clay. Would the gentleman care to ask questions?
    Mr. Yarmuth. I think I will pass at this time. Thank you.
    Mr. Clay. OK.
    The gentleman from New Hampshire, do you have an opening 
statement?
    Mr. Hodes. Thank you, Mr. Chairman. I do have a brief 
statement.
    Mr. Clay. You may proceed.
    Mr. Hodes. Thank you, Mr. Chairman.
    I want to thank you for holding this important hearing on 
fairness and accuracy in elections, with a focus on electronic 
voting systems.
    I also want to thank the panel for being here today. I look 
forward to hearing the rest of your testimony, and your 
testimony, sir.
    Nothing is more critical to our democracy than the 
integrity of our elections. After punch card ballots proved to 
be ineffective for recounting votes in the 2000 Presidential 
election, Congress took an important step toward ensuring the 
accuracy of election results with the Help America Vote Act of 
2002. In 2004, more voters than ever before used the optical 
scan voting system that produces individual paper ballots, but 
other electronic systems were shown to be flawed.
    Today, the goal of effective standards for voting systems 
still faces serious obstacles. As we work to ensure the 
accuracy and security of Federal elections, we must be careful 
not to preempt State and local election systems. In my home 
State of New Hampshire, the optical scan systems, combined with 
hand counting procedures, have produced accurate election 
results. The Election Assistance Commission must ensure that 
new standards do not threaten existing voting systems that 
work.
    Congress must remain committed to its role of oversight 
over voting system standards and ensure that critical decisions 
are made after careful consideration of possible consequences.
    Finally, we must ensure that voting systems generate paper 
voting records that are not susceptible to hackers and 
electronic glitches.
    Again, thank you for being here today. I look forward to 
hearing your thoughts as we consider these important issues.
    Thank you, Mr. Chairman.
    Mr. Clay. Thank you very much.
    The gentleman from Kentucky, would you care to ask 
questions?
    The gentleman from New Hampshire, do you have questions for 
the witnesses? Mr. Hodes. You may proceed.
    Mr. Hodes. Thank you, Mr. Chairman.
    Commissioner Hillman, I serve on the House Financial 
Services Committee. When one of my constituents goes to a bank 
and makes a transaction, they get a paper receipt, in addition 
to the electronic records the bank keeps. However, when a voter 
casts a ballot in some States with a direct record electronic 
voting system, there is no individual paper ballots that can be 
used if a recount is needed.
    Isn't it true that some DRE systems only require one 
printout of all ballots cast, and not individual ballots that 
can be recounted?
    Ms. Hillman. Sir, it is true that all DREs require the 
system to be able to print out a paper record of all 
transactions that happened on that machine. That information is 
contained within the system. Some of those systems have a 
printer to produce a paper trail and many do not.
    Mr. Hodes. Don't you think there should be a similar 
individual paper record system for all individual ballots in 
the transaction, especially since this isn't just a financial 
transaction, but voting is the basis for our system of 
democracy?
    Ms. Hillman. EAC has made certain that our voting system 
standards include guidelines for the use of a printer to 
produce a paper trail. Many States through their legislative 
actions already require such a paper trail. HAVA allows the 
States to choose their own voting systems and to determine what 
type of machine they will use. So EAC accepts the 
responsibility to produce standards for all types of voting 
systems.
    Mr. Hodes. Has the EAC required individual paper records of 
each ballot cast?
    Ms. Hillman. No, we have not required that.
    Mr. Hodes. Do you think that ought to happen?
    Ms. Hillman. Congressman, I appreciate your question, but I 
am also respecting the role that HAVA prescribes to the EAC and 
to the States. It has left the decisionmaking of the manner in 
which voting systems will be used up to the States. So at this 
point, EAC has not seen it as its authority to tell States that 
it must use a paper trail.
    Mr. Hodes. So if the EAC doesn't have the authority and you 
have left it to the individual States, it is essentially up to 
Congress to legislate whether or not an individual paper record 
for each ballot cast needs to be produced for every voter.
    Ms. Hillman. With due respect, it was Congress who left it 
up to the States to make the decision in the first place. EAC 
doesn't have that authority, so we are not telling the States 
that it is their responsibility. We are simply following what 
the Help America Vote Act provides for.
    Mr. Hodes. So my question was, therefore if Congress wanted 
to change it and require an individual paper record for each 
vote cast, it would be up to Congress to legislative that.
    Ms. Hillman. It would, sir.
    Mr. Hodes. For Mr. Hite, a question for you, sir. It is my 
understanding that no one from the EAC has been asked to 
testify before Congress since 2004. In your opinion, has 
Congress done an effective job of providing oversight over the 
EAC and its critical work to improve Federal election accuracy 
in the last 5 years?
    Mr. Hite. For an organization that works for the Congress, 
that is really a loaded question for me to have to respond to.
    One point of clarification, the EAC has testified since 
2004 before committees of Congress. I have sat beside the 
chairwoman here in doing that.
    I would say that there has been extensive oversight with 
respect to elections since 2004. There is a proliferation of 
legislation associated with making changes to HAVA and other 
aspects of the election process. So I would compliment the 
Congress for the extent of the oversight that it has provided 
to this area.
    Mr. Hodes. I have one further question. Currently, it is my 
understanding that the GAO recently reported that 44 States 
have laws requiring some form of compliance with Federal EAC 
VVSG guidelines or FEC voting system standards. What happens to 
States such as New York when voluntary guidelines become 
mandatory?
    Mr. Hite. Are you asking if they are made mandatory by the 
State?
    Mr. Hodes. Yes.
    Mr. Hite. Well, then the States have that prerogative to 
adopt the guidelines and to treat them by reference as 
mandatory requirements for their jurisdictions.
    Mr. Hodes. What are the consequences from a management 
perspective? It is my understanding that New York has not fully 
complied with HAVA with regard to accessible voting machines, 
but it doesn't have clear signals from the EAC as yet regarding 
what voting system would be appropriate. It is caught, at least 
as far as I understand it, between competing versions of the 
2002 voting system standards, 2005 VVSG-1 and VVSG-2 in draft 
forms.
    Mr. Hite. I don't believe New York is in any different 
position than other States. States have adopted different 
versions of the standards. Not all States have adopted the 2005 
standards. Some are using a combination. Some are using the 
2002 standards.
    So they are all faced with this dilemma of which standards 
do we adopt, in light of the fact that standards are going to 
evolve. There is going to be a next version of the standards. 
So at what point do we adopt which version of the standard from 
a practical standpoint to implement the systems in that 
particular State or that particular jurisdiction?
    Ms. Hillman. Sir, might I clarify about the standards?
    Mr. Hodes. Please. Thank you.
    Ms. Hillman. Before the establishment of the Election 
Assistance Commission, the FEC had responsibility for adopting 
standards. The last set of standards adopted by FEC was in 
2002, at the same time the Help America Vote Act was being 
debated by Congress. Those two things happened to come together 
at the same time, but they were complementary.
    What EAC has done since then, as required by HAVA, is to 
develop what are now called the voluntary guidelines. Because 
we had very limited resources and time, working with NIST, we 
updated the 2002 guidelines on certain critical sections such 
as security and accessibility for persons with disabilities. We 
also did make sure that the 2005 guidelines included all the 
HAVA requirements.
    Working with the States, it became important that the 
effective date of our 2005 standards be such that the States 
would have time to work with their suppliers to have systems 
that met the standards. So we made the standards fully 
effective December of this year.
    In the meantime, States could still have their systems 
certified to the 2002 standards, but that was not an EAC 
responsibility. That was being done by an outside organization. 
Beginning January of this year, EAC has fully implemented its 
testing and certification program. We are now accrediting 
laboratories to test against both the 2002 standards, as well 
as our newer 2005 standards.
    So it is true that for some States with laws that require 
the Federal standards, they are having to change their State 
law to accommodate that, but States have had 2 years to know 
what the requirements of our 2005 standards are before they 
become fully effective.
    Mr. Clay. Thank you, Mr. Hodes. I appreciate that.
    Mr. Hodes. Thank you, Mr. Chairman.
    Mr. Clay. Let me preface my next question, Ms. Hillman, by 
saying that I have the utmost regard for your lifetime history 
in protecting people's voting rights throughout this country. 
That is why the next question is rather troubling for me.
    As you know, the New York Times and other newspapers have 
reported on EAC efforts to alter the findings of a report 
solicited by the Commission concerning the incidence of voter 
fraud. In fact, a New York Times editorial on Sunday, April 
15th, points out that only 86 people were convicted of voter 
fraud since the Department of Justice began placing significant 
resources into investigating voter fraud more than 5 years ago.
    While I recognize that you are only one member of the 
board, I think hearing your perspective on insight on how the 
EAC made these decisions would be helpful to us as an oversight 
body. The original draft report findings said that among 
experts, ``There is widespread, but not unanimous agreement 
that there is little polling place fraud.'' While the final 
version stated that there is a great deal of debate on the 
pervasiveness of fraud.
    Why were the original findings altered?
    Ms. Hillman. Thank you for the question. Before I answer, 
let me just say that I have provided each member of the 
committee with a copy of a statement that I issued yesterday on 
this issue.
    To put it in context, Mr. Chairman, the EAC commissioned 
two individuals to work as special government employees, to 
conduct research for us. We asked them to help define voter 
fraud and voter intimidation, so that in a future study 
everybody would know what we were studying; and second, to 
compile research that would inform EAC on a future study and to 
make recommendations from that research.
    We did not have the time or the money to commission the 
kind of study that would have allowed conclusions to be 
presented. The consultants did provide a summary of 
conclusions. Quite frankly, what would have been helpful if 
that summary had said based on an interview with this person, 
it is documented that there are concerns about intimidation of 
minority voters in a particular State, and we think that is an 
issue the EAC should look into; or several of the people 
interviewed believe the following to be true and we think the 
EAC should study that.
    And so some of the conclusions they presented, which were 
based on interviews with people, did not have data to support 
the conclusion. As much as I would like to sit here and say 
today that there is conclusionary evidence with respect to 
fraud and voter intimidation, that particular report does not 
provide us with that data.
    Mr. Clay. Were there anomalies or flawed research 
identified?
    Ms. Hillman. The conclusions that you are referring to were 
based on interviews with people. In addition to those 
interviews, the researchers compiled several hundred court 
cases. They did extensive review of news clips and other 
articles. The conclusions were not tied to those clips and 
articles. And so at the time that EAC adopted its report in 
December, what I believe we were saying was, this is 
information that helps us define what we will study and flags 
for us the issues we need to look into.
    I do not believe that the EAC could have reached agreement 
on the conclusions that were offered by the researchers without 
being able to validate those conclusions. And so as a result of 
the very serious allegations that have been made, EAC has asked 
its Inspector General to look into this matter on both the 
voter fraud and intimidation study, as well as the voter ID 
study so that Congress and the public and the commissioners can 
know what the circumstances were.
    Mr. Clay. I really find all of that peculiar that you all 
are going to an internal investigation about the actions that 
the Commission voted on. The Commission authorized the study by 
Rutgers University, and then rejected its findings on voter ID 
laws, citing flawed methodology. Perhaps there is something 
wrong in the process there as far as how you go out and get 
these studies?
    Ms. Hillman. That would be a fair observation. With respect 
to the Rutgers study, I know that some of my colleagues believe 
that the methodology was flawed. I personally do not believe I 
could pass judgment on the methodology used by Rutgers. What I 
know is Rutgers didn't give me comparative data. For example, I 
will just use your State, and I am making this up. If Missouri 
had implemented new voter identification requirements in 2002 
and there was an analysis of what those requirements were and 
turnout in 2004, it doesn't tell me if those requirements alone 
contributed to a rise or fall in voter participation unless I 
can look at it, compared to 2000.
    Mr. Clay. OK. I am not going to prolong this much further, 
but you know what the effects are.
    Ms. Hillman. I absolutely do, sir.
    Mr. Clay. Are there intimidating effects of voter ID laws. 
I mean, it takes us back to reconstruction. It takes us back to 
figuring out how many jelly beans are in the jar, a literacy 
test. And that is the impact of voter ID laws. I am just 
surprised at the actions of the EAC when they are here to 
protect America's voter.
    I will recognize Mr. Sali for 5 minutes, sir.
    Mr. Sali. Thank you, Mr. Chairman.
    Ms. Hillman, are the States going to be able to meet the 
requirements of the bill that is proposed by Mr. Holt before 
the 2008 elections?
    Ms. Hillman. In my testimony, I did indicate that there 
will be at least 180,000 DRE voting systems in the country that 
would have to be upgraded or replaced, depending on the 
requirements of any legislation requiring VVPAT. And many 
States have expressed to us concern that they would be able to 
meet that requirement by the 2008 deadline.
    Mr. Sali. Can you tell me what the major problems were that 
the election officials and poll workers had in the 2000 
elections in transitioning to the new electronic voting devices 
and the requirements of the Help America Vote Act?
    Ms. Hillman. Well, I think the overriding problem was one 
of time, and that is when the systems were received by the 
election officials using a brand new systems for the first time 
in an election, the training of the people who would use the 
system, the knowledge and experience to conduct the required 
independent logic and accuracy testing, the capacity to be able 
to test every machine. So a lot of what was experienced were 
human resource and financial resource limitations.
    Mr. Sali. And we will be repeating those again for 2008 if 
we pass this bill. Is that correct?
    Ms. Hillman. I certainly can't speak on behalf of the 
States, but I can say I have heard loudly and clearly from 
States a concern that unless such a requirement is phased in, 
States would have a major resource challenge to be able to meet 
any mandate.
    Mr. Sali. Is it more expensive to meet language 
requirements for ballots on an optical scanner or on a DRE?
    Ms. Hillman. It would be more expensive to do it on an 
optical scan because of the design and printing of the ballots. 
Whereas on the DRE, it is programming.
    Mr. Sali. Mr. Hite, has the GAO looked at the fiscal impact 
on State and local governments if Congress passes this bill?
    Mr. Hite. No, sir, we have not.
    Mr. Sali. For either of you, are either of you aware of an 
instance where a case has been found and confirmed of an 
electronic voting machine that has been hacked into, if you 
will, during an election?
    Ms. Hillman. I have not any information that would suggest 
that a DRE has been hacked into during an election while it was 
in the custody of an election official. There have been such 
experiments in controlled environments, which informs that the 
key to that would be knowledge of the system and access to the 
system.
    Mr. Sali. Let me ask the question a little different way. 
Are either of you aware of a situation where an electronic 
voting machine was hacked and it changed the outcome of an 
election or was raised as an issue in an election?
    Mr. Hite. No, sir.
    Ms. Hillman. No.
    Mr. Sali. That is all I have, Mr. Chairman.
    [The prepared statement of Hon. Bill Sali follows:]
    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    
    Mr. Clay. Thank you so much, Mr. Sali.
    Now, we will go to the gentleman from Kentucky, Mr. 
Yarmuth.
    Mr. Yarmuth. Thank you, Mr. Chairman.
    Could you, Ms. Hillman, offer us an opinion on how the EAC 
could alter the current accreditation and certification process 
in order for it to become more transparent and reliable?
    Ms. Hillman. Are you talking about the accreditation of the 
laboratories and the certifying of the systems? We are in 
discussions with NIST about that. When we established our 
certification process, we were in fact following the standard 
protocols used by, for one example, NIST's Laboratory 
Accreditation Program. What we realized is that it will be 
useful to be able to provide updated information along the way 
before a laboratory is accredited, if people are interested in 
the status of that.
    I am not sure what mechanism. We are looking at the posting 
of information on the Web site, but what mechanism would be 
useful and informative to be able to keep people informed 
because the process takes several months to accredit a 
laboratory.
    And then similarly with the certification of the systems, 
the laboratories conduct the testing and then they provide a 
report to us. That report will be reviewed by technical 
reviewers at EAC before the recommendation comes for any 
certification. If there is concern that the machine go back for 
testing, that will be done.
    So we are looking at the process to see what is appropriate 
within those stages to make information available to the public 
about what the laboratory recommendation is at the time that it 
is made.
    Mr. Yarmuth. When you talk about 180,000 machines requiring 
updating to bring them into compliance with the requirements, 
and I guess part of it would depend on how extensive these 
180,000 are or where they are, but would it make any sense to 
try to focus on the concentration of voting machines? Or are 
the electronic voting machines concentrated in, say, heavily 
populated areas?
    I understand the problem of requiring a lot of new 
technology and updated technology in relatively small 
communities, and maybe in some rural States. Is that a factor 
in trying to get implementation of these requirements rolled 
out faster? Is that something that we should be interested in?
    Ms. Hillman. One way to respond to your question, sir, 
would be to point out that the States of Maryland and Georgia 
currently use statewide DREs without a paper trail, and both of 
those States I think would be considered fairly heavily 
populated with major urban areas.
    In addition to that, the other large system without the 
paper trail would be in the State of Florida. Beyond that, 
there are jurisdictions all across the country. What is 
important to look at would be the process a State would have to 
go through to be able to acquire the equipment that would be 
needed to produce the paper trail.
    And so when I speak of the 180,000, depending on the 
technical requirements would determine whether a system would 
have to be upgraded or fully replaced, because some DRE systems 
do not have right now a printer that could be attached to 
produce the paper trail. So I think the timing and the 
requirements of it are important.
    My own personal opinion is that the ultimate requirement 
should be in place with recognition if Congress were to pass 
the law, with recognition of how long should be allowed for 
States to meet that requirement.
    Mr. Yarmuth. I yield back my time. Thank you.
    Mr. Clay. Thank you, Mr. Yarmuth.
    Mr. Hodes.
    Mr. Hodes. Thank you, Mr. Chairman.
    Commissioner Hillman, I am trying to understand as a new 
Member some of the political dynamics at work around the issues 
that you are dealing with. I would like your perspective.
    I got a letter from my New Hampshire Secretary of State, 
Bill Gardner. He indicated to me that the National Association 
of Secretaries of State in 2005 passed a resolution calling on 
Congress not to reauthorize the EAC after the 2006 general 
election. He supported that resolution and supported sunsetting 
the EAC, as was apparently called for in the original HAVA Act.
    My sense is that he is concerned that the EAC will usurp 
his right to control New Hampshire's successful paper ballot 
system. Can you offer me any of your thoughts on what relations 
have been between the EAC and the Secretaries of State, and how 
you have responded to the concerns of the Secretaries of State 
about ultimately who will control the integrity of the voting 
system and how it has worked?
    Ms. Hillman. Thank you for the question. Let me begin by 
saying that the relationships with the National Association of 
Secretaries of State is a very healthy one. We were there the 
day that NASS adopted the resolution, and in fact we were 
testifying the same day that they made the information 
available to the House Committee on Administration.
    What I will say from those discussions is that it was less 
about the role of EAC, because HAVA has been very, very clear 
about the delegation of responsibility for the administration 
of elections to the States; that the Election Assistance 
Commission was set up to assist the States in meeting the 
requirements of HAVA. Along the line, we have to gather 
information to do that. We do have full responsibility for the 
testing and certification of voting systems, but again, 
voluntary compliance on the part of the States.
    We have a fiduciary responsibility to how States are 
expending the funds, and we do receive annual reports from the 
States, and our Inspector General is required to audit the 
States. But that is with respect to making certain that States 
have spent their money both in compliance with HAVA, as well as 
in compliance with their own State HAVA plan.
    I do believe that I am not mis-stating this, that the 
States were more concerned about whether Congress would invest 
more authority in EAC, than to the authority that EAC has now, 
because we do not have the authority and we do not tell the 
States what types of systems they should use. We cannot even 
tell them what we think should be statewide standards for 
provisional voting. Again, that is left to the States. They 
determine the kind of testing and certification that will be 
done on the voting systems used in their States.
    So I am hopeful. I do believe, based on the ongoing 
relations that we have with NASS, that issue is behind us. 
Although I will say that I know that election officials, State 
and local, are very concerned about what might be the next wave 
of election reform and what the requirements will be on those 
States.
    Mr. Hodes. So if I understand what you have said, from your 
perspective, the States' concern is that we in Congress would 
give more power to the EAC and that is what the Secretaries of 
State are concerned about.
    Ms. Hillman. At that time. I do not believe that is a 
continued concern, but that was in February 2005. That was 2 
years ago.
    Mr. Hodes. Have you heard any expressions of concern that 
the EAC is a creature, if you will, of the executive branch, 
with the President having the authority to appoint four 
commissioners with essentially de facto regulatory authority 
over the voting systems, although I hear your testimony that it 
is voluntary and you are providing assistance and guidance. But 
in essence, it seems you really are de facto having regulatory 
authority over the voting system.
    Have you heard any concerns that there are four 
Presidential appointees, and that the Commission resides in the 
executive branch, say, as opposed to in Congress?
    Ms. Hillman. I have heard those concerns, nothing that the 
EAC has been called upon to talk about necessarily. I think a 
review of HAVA would show that while the commissioners are 
Presidentially appointed, each commissioner candidate is 
recommended to the President by the leadership of both the 
House and the Senate.
    Mr. Hodes. Do you see any downside in moving the EAC to 
Congress in terms of where it resides, as opposed to the 
executive branch?
    Ms. Hillman. I can't say that I am an expert in government 
operations, but it would seem to me that it might be difficult 
for some of the work assigned to EAC to be done outside of the 
Federal Government administration, for example, the issuance of 
requirements payments or any funds to the States and the 
monitoring of those funds, or the whole process of setting up 
the voting guidelines and doing the testing and the 
accreditation. I just don't know if a body of Congress should 
be responsible for accrediting laboratories, testing voting 
systems, and issuing the certifications. I don't know of 
anything that has existed like that. Generally, those functions 
are within Federal Government agencies.
    Mr. Hodes. Thank you.
    Ms. Hillman. Sure.
    Mr. Hodes. Thank you, Mr. Chairman. I yield back.
    Mr. Clay. Thank you, Mr. Hodes.
    Mrs. Maloney.
    Mrs. Maloney. Thank you, Mr. Chairman.
    I would like to ask Commissioner Hillman, the CIBER 
assessment report submitted to the EAC last summer documented 
the entirely inadequate testing performed by CIBER and Wyle, 
for that matter, on software used in over 70 percent of the 
voting systems last November. These systems had been sold to 
counties as having been tested and certified to Federal voting 
system standards.
    Once they learned that the software testing was woefully 
inadequate, did the EAC inform elected officials, not to 
mention the public, that would be using the equipment to count 
the votes?
    Ms. Hillman. Thank you, Congresswoman. I am just going to 
glance at my counsel while I answer this question because what 
I understand is that the certification was to assess the 
capacity of CIBER to perform testing under our program. We did 
not in that process assess or evaluate work they had done 
previously, work that CIBER had done before EAC, what was done 
for the National Association of State Election Directors.
    So the report to us did not include evaluation of work they 
had done previously, but rather whether or not they were 
capable to perform under our certification program.
    Mrs. Maloney. But didn't the report show that it was 
inadequately tested? That is the point. The point was that it 
showed it was inadequately tested. The question is, did you 
inform anybody that it was inadequately tested?
    Ms. Hillman. Again, Congresswoman, I don't believe the 
report addressed prior work. It looked at their existing 
procedures against our requirements. So I don't believe the 
report that we received on CIBER informed us of inappropriate 
or inadequate things they had done prior to our program.
    Mrs. Maloney. I believe that it did, but we need to look at 
it further.
    Let me just ask Richard Hite, in 2005 the GAO recommended 
that the EAC, ``improved management support to State and local 
election officials by collaborating with the Technical 
Guidelines Development Committee and the National Institute of 
Standards and Technology to develop a process and associated 
timeframes for sharing information on the problems and 
vulnerabilities of voting systems.'' This is a GAO 
recommendation.
    I would like to ask you, Mr. Hite, do you feel it is the 
role of the EAC to inform elected officials and the public of 
problems encountered with voting machines, even if those voting 
systems were not directly certified by the EAC? So should the 
EAC, if they are aware of problems, inform the public and 
elected officials?
    Mr. Hite. As my written statement brings out, we believe 
that any information that the EAC becomes aware of that would 
be deemed credible and useful to election officials, regardless 
of the source, whether it is from a vendor, whether it from an 
independent authority, or whether it is from State and local 
jurisdictions, that information should be disseminated under 
their clearinghouse role.
    Mrs. Maloney. So particularly problems encountered with the 
machines should be definitely covered.
    Mr. Hite. Yes.
    Mrs. Maloney. Absolutely, probably more than any other 
reason. So therefore, going back to my first question to 
Commissioner Hillman, it was my understanding the CIBER 
assessment report documented inadequate testing, so therefore 
shouldn't that then have been given to the counties and to the 
people with the voting machines? Maybe I will ask Mr. Hite the 
same question. Do you think they should have informed election 
officials and the public that would be using these machines 
that the CIBER assessment report said they were inadequately 
tested?
    Mr. Hite. For me to answer the question, I would have to 
have some knowledge into the particular reports that are being 
talked about. I have not seen those and I don't know the time 
line.
    Mrs. Maloney. OK, we will get them to you, then, and maybe 
you can get the answer back to us. OK? Thank you.
    Mr. Clay. Thank you very much, Mrs. Maloney.
    Mrs. Maloney. We have been called for a vote, Mr. Chairman. 
Are you aware?
    Mr. Clay. Yes, I am.
    That will conclude the testimony from panel one. Thank you, 
Ms. Hillman and thank you, Mr. Hite, for your testimony. You 
may be excused.
    Ms. Hillman. Thank you.
    Mr. Clay. I would like to now invite our second panel of 
witnesses to come forward. We have a series of six votes that 
follow. I would like to swear in the witnesses and possibly get 
their opening statements going. And then we will recess the 
hearing and reconvene. With six votes, it is going to take 
about an hour.
    Mrs. Maloney. An hour?
    Mr. Clay. An hour, I would bet you. So let's see what we 
can get in now.
    If the next panel could come forward and make some brief 
opening statements, and then we will recess and make our votes.
    Our second panel is here with us today to address issues 
relating to electronic voting. Our first witness is the 
Honorable Robin Carnahan, who is Missouri's Secretary of State. 
Our second witness is Avi Rubin, Ph.D, technical director of 
Information Security Institute, Department of Computer Science, 
Johns Hopkins University; and Mr. John S. Groh, vice president, 
Election Systems and Software International, and chairman, 
Election Technology Council. Our fourth and final witness is 
Ms. Diane Golden, Ph.D, director of the Missouri Assistive 
Technology Council, on behalf of the National Association of 
Assistive Technology Act Programs.
    Welcome to all of you. It is the policy of the Committee on 
Oversight and Government Reform to swear in all witnesses 
before they testify. At this time, I would like to ask you to 
stand and raise your right hands.
    [Witnesses sworn.]
    Mr. Clay. Thank you. Let the record reflect that all the 
witnesses answered in the affirmative.
    We will start with Ms. Carnahan, if you could please give 
us a brief summary of your testimony.

  STATEMENTS OF ROBIN CARNAHAN, SECRETARY OF STATE, STATE OF 
    MISSOURI; AVI D. RUBIN, TECHNICAL DIRECTOR, INFORMATION 
   SECURITY INSTITUTE, DEPARTMENT OF COMPUTER SCIENCE, JOHNS 
  HOPKINS UNIVERSITY; JOHN S. GROH, VICE PRESIDENT, ELECTION 
  SYSTEMS AND SOFTWARE INTERNATIONAL, AND CHAIRMAN, ELECTION 
   TECHNOLOGY COUNCIL; AND DIANE GOLDEN, DIRECTOR, MISSOURI 
    ASSISTIVE TECHNOLOGY COUNCIL, ON BEHALF OF THE NATIONAL 
        ASSOCIATION OF ASSISTIVE TECHNOLOGY ACT PROGRAMS

                  STATEMENT OF ROBIN CARNAHAN

    Ms. Carnahan. Thank you, Mr. Chairman. It is an honor to be 
here with you today. As one of your constituents, I am pleased 
to see you up in the Chair.
    I am Secretary of State Robin Carnahan of Missouri. It is 
my job as the chief elections officials in my State to ensure 
that elections are run in a fair, secure, and accurate way. I 
want to share with you today some of the things that happened 
in the 2006 election.
    By all accounts, the election in Missouri was one that was 
fair and accurate and secure. Over 2 million people voted. That 
was 53 percent of the vote. In most instances, it went 
efficiently and smoothly. This was particularly noteworthy 
because of all the changes that were required after the Help 
America Vote Act and the new machinery that was put in place.
    I will be clear: elections in Missouri are run locally. 
They probably are that way in your State as well. Locally 
elected public officials run those elections in most places. In 
the larger metropolitan areas, there are appointed election 
boards. What we have done is documented the instances of 
problems that happened in the election, but also the successes. 
We put out a report about that, and we have a copy that we have 
submitted for the record. It is called Voters First: An 
Examination of the 2006 Mid-Term Election in Missouri.
    The successes were clear. We were able to implement the 
HAVA changes in a way that was fair and accurate. We got rid of 
punch card ballots. We got the new optical scan and DRE 
equipment. This new equipment was accessible for people with 
disabilities. We had the most accurate voter lists we have ever 
had in the State of Missouri.
    So there were significant improvements. But there were also 
some issues, and I want to identify what a couple of those 
were. The first and clearest and most obvious was that there 
were long lines at the polls. It took people a long time to 
vote. It stemmed from a number of things, in part because of 
the new machinery, in part because of a need for more training 
of poll workers, in part because there were some places that 
ran out of ballots.
    We have a number of recommendations that we have put 
forward about how we can deal with those issues, including 
having early voting in our State, as well as ensuring that 
there are adequate numbers of paper ballots for every person 
that can go and vote there.
    There were also some issues surrounding some of the new 
voting equipment. We have 116 election jurisdictions in 
Missouri. The primary voting system is an optical scan paper 
ballot. There is a DRE in every voting precinct, as required by 
HAVA. But unlike other States, we have paper trails for every 
vote that is cast in Missouri.
    In the main, that equipment worked well. There were some 
problems, but in the main the equipment worked well. I will 
also tell you that we did a statewide recount already, using 
those paper trails, including the paper trail on the DRE 
machine in our August primary election. It did not change any 
results.
    My recommendations on this front are that we need to have 
people obviously more familiar with the new machines and the 
poll workers in particular who are familiar.
    Another common theme that we saw was that there was some 
misinformation. There were issues surrounding this in our State 
because there were changes in what the voting requirements were 
going to be and what kind of ID was required. One out of five 
complaints that we got in our office were about the wrong ID 
requirements being asked for at the polls.
    There were a couple of registration issues that we saw, but 
there are a number of ways I think we can address those. 
Congressman, we have talked about those, some being automatic 
voter registration when you get a driver's license with the 
DMV, or also same day registration, which is being looked at in 
a number of States.
    I know that you all are looking at a number of changes, the 
Holt bill and others, that will affect elections and how they 
are run. I would just stress to you to keep in mind the 
principles that the National Association of Secretaries of 
State have put forward. Let me just quickly go over those.
    The first is to avoid preemption of State authority. 
Obviously, elections are run locally. If you all are going to 
take over the election process, that is a big change in our 
country and it will take money to do that. The second is 
provide reasonable timeframes for implementation, and don't do 
things that raise expectations that can't actually be met by 
the local election officials.
    Third is to gather in put from people who actually run the 
elections on the ground before you make any of these changes. 
And of course, guarantee full funding for any mandates that 
come down. And finally, to encourage the use of maximum 
flexibility once you set the goal, let the States figure out 
how to meet those goals.
    That is all I have to say today. I know that you all need 
to get away.
    [The prepared statement of Ms. Carnahan follows:]
    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    
    Mr. Clay. Thank you so much, Madam Secretary, for that 
abbreviated presentation.
    We will try Dr. Rubin, and see how far we can go. You may 
proceed.

                   STATEMENT OF AVI D. RUBIN

    Mr. Rubin. Thank you very much, Mr. Chairman and members of 
the committee.
    My name is Avi Rubin. I am a computer science professor at 
Johns Hopkins University. My background and training are in the 
area of computer security. In 2003, I made electronic voting my 
primary research focus.
    After reviewing the source code of the Diebold DRE voting 
machine and finding serious security problems there, I also 
published a report outlining the risks of these machines. After 
that, I became an election judge and worked two primaries and 
two general elections in Baltimore County to get a feeling for 
the process, and understand exactly how it works from a non-
academic perspective.
    I found that there were many other computer science 
professors around the country like myself who were working on 
electronic voting and for whom electronic voting was very 
important. We decided rather than duplicating effort and 
working everyone in their little island, to join forces and try 
to create a center to study electronic voting. We made a 
proposal to the National Science Foundation to establish the 
ACCURATE Center. The Center was funded to the tune of $7.5 
million over 5 years. I am the director of ACCURATE.
    Our main focus is to explore the design space of voting 
machines to better understand how the next generation of voting 
machines can be designed. We also perform outreach into the 
community by working on things like post-election audits like 
we had in Sarasota County that we were involved with, and 
working as election judges and poll workers and poll watchers.
    Finally, we educate students by teaching courses that focus 
on issues related to electronic voting.
    The discussion of voting machines has focused primarily on 
three types of technologies these days. Those are DREs, optical 
scan paper ballots, and DREs with a voter-verified paper record 
or paper trail. The primary difference between DREs and other 
voting systems is that a DRE is a software application running 
on a computer. It is typically running over the Windows 
operating system, although not all do. There are no ballots. 
The votes are kept on memory cards like the ones you might have 
in a digital camera, and there is another copy usually kept in 
the internal flash memory.
    Now, optical scanners use software as well. DREs are not 
the only ones that use software. They use software to read the 
scanned images, to process the images, and to tally the votes. 
But there are two important differences between the software in 
a DRE and the software in an optical scanner. The first 
difference is the amount of software. A DRE utilizes tens of 
thousands of lines of code, and the DRE operating systems that 
these DRE applications run on top of are typically millions of 
lines of code. An optical scanner can be written on hundreds of 
lines of code, so it is much simpler and easier to analyze.
    The second difference is that DREs produce no ballots, so 
they cannot be independently audited. Optical scanners can be 
audited and the ballots can be recounted.
    Let me take these two differences one at a time. First, the 
amount of software. If you haven't programmed a computer, it is 
hard to appreciate how different software is from anything 
else. It is highly complex and they are hidden in our actions 
between components and software. This is why some of the 
problems you may run into in a software system might not be 
replicable. You might have one section of software in a 
particular State, and then another section of software in an 
another State, and that combination of States creates an 
unexpected output.
    So you can find, and we often do see, that software systems 
can misbehave in surprising ways that cannot be reproduced and 
we cannot really understand exactly what happened. We can never 
know that a software system is free of bugs. In the discipline 
of software engineering, the No. 1 metric for how many bugs 
there in a program is the number of lines of code. More 
software means more bugs. So voting machines that have a lot of 
software are going to have a lot more bugs.
    I run short contests in my class where I have the students 
write very small programs. I am talking five or six lines. And 
then I have other students in the class try to evaluate these 
programs and find any bugs that are inserted there on purpose. 
I overwhelmingly find that it is much easier to create software 
bugs and to hide bugs than it is to find them. Finding software 
bugs is not something that can be done scientifically. It is an 
art right now and it is an imperfect art.
    I see that I am running out of time. I know you have 
somewhere to be, so I am going to leave a lot of what I had to 
say for the question and answer. But let me just wrap up by 
pointing out that NIST defines the concept of software 
independence, which is that a previously undetected change or 
error in the software cannot cause an undetectable change or 
error in election outcome. I think that is the right standard. 
I think that there are going to be undetectable bugs in 
software systems and we cannot have them affect the outcome.
    The only way that I know of right now to actually achieve 
software independence is with paper.
    [The prepared statement of Mr. Rubin follows:]
    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

    Mr. Clay. Thank you so much, Dr. Rubin, for that testimony.
    Mr. Groh and Dr. Golden, the committee will recess now. We 
will reconvene very shortly after the final vote. If you could 
just bear with us, we will come back to you.
    The committee stands in recess.
    [Recess.]
    Mr. Clay. The Committee on Oversight and Government Reform 
will come to order. We left off with Mr. Rubin. We will go to 
Mr. Groh. You may present your testimony.

                   STATEMENT OF JOHN S. GROH

    Mr. Groh. Thank you, and welcome back.
    I will dispense with a little bit of my background and who 
I am, but I do represent the Election Technology Council as the 
chairman. The member companies of the Election Technology 
Council, we account for over 98 percent of the ballot 
tabulation in the United States. So this is made up of the 
people who are the stakeholders in supplying the technology to 
the election community.
    The other point I would make is my voice today is also a 
voice of over 1,000 individuals that are citizens, voters and 
employees of these vendor companies, who live in over 33 
States. So we have a large constituency of individuals that 
work in the voting industry and we are proud to have done that.
    We all know that historically the 2000 election launched 
for the first time a national debate on elections. I think 
everybody was ready and it was well overdue that it happened. 
This was not a surprise at what happened in 2000 to any of the 
voting officials because they had been dealing with this for 
years.
    But I want to remind the subcommittee of a couple of key 
dates, because I think we need to recognize that there were two 
events going on. One is there was an old system that all of us 
were operating under that was run by the National Association 
of State Election Directors. This was then propagated by the 
2000 election. We had some changes. So I would remind you that 
in October 2002 is when HAVA passed, but it wasn't until March 
2004 that the EAC first came into formation, a brand new 
agency. It was very, very difficult to get traction and get 
themselves going.
    So there is a little bit of a reminder that the EAC has 
done a lot. Have they done everything they could do? Absolutely 
not, but they are on path to do all of it. It is just that they 
have a lot to do.
    We as the vendor community, we believe that there was one 
single goal of HAVA. Actually, I would like to recant that and 
say I think there were two. One was to ensure that every vote 
counted, but I think a bigger one was to assure that every 
voter is able to vote unassisted. That has been one of the 
mantras of the vendor community, was to come up with 
methodologies to allow everybody to vote. The ETC is open to 
all companies that wish to be in this, so we are a pretty broad 
group of individuals that are in this.
    I want to talk a little bit about a few areas that the 
committee has asked to hear about, and a couple that you 
haven't. We do know that one of them is time. Time is a very 
important element, and HAVA did not allow enough time. We would 
recommend that anything that Congress does going forward, 
please allow enough time for local and State jurisdictions to 
implement that.
    The second one would be the cost factor that goes into 
anything that is being mandated or required of State and local 
jurisdictions that in fact can happen.
    And the third is to not give up and remove the accessible 
voting strides that we have made in the last 2 or 3 years with 
new technology that is out there.
    Now, I will talk a little bit about some subjects that you 
had asked for a little more detail. One of them was the area of 
security. I am also going to talk about voting system 
certification, and then also I want to divert a little bit into 
source code and the area of the openness of source code.
    One of the things around security that everybody is focused 
on is trying to make the technology be something that handles 
everything in the security. It can't. One must recognize that 
security is an end to end process and you account for the 
totality of circumstances that can impact the security element.
    Prior speakers have all addressed that, and I think it is 
something that we, as election vendors, also understand that 
you have to have good practices. We have submitted along with 
our testimony, the testimony of Donetta Davidson, Chair of the 
EAC, that she provided I believe on March 15th. That is 
attached to my testimony as a supplement to it.
    To quote what she had put in hers, that the fundamental 
election administration process is to protect the entire voting 
process will always be important, even as voting technology 
evolves. Focusing solely on the reliability of voting systems 
is not enough, and Federal certification for the system cannot 
take the place of solid, thorough management procedures at the 
State and local levels to enure the system is managed and 
tested properly. That is one of the things that we will 
continue to talk about in our dialog with different committees.
    If I move over to the certification process, one of the 
things that certification is, they are on a path to launch a 
new certification program. They just haven't had enough time to 
get it implemented. All of us were working under the old 
certification process run by NASED. I have provided for you two 
diagrams, one pre-January 1, 2007, when EAC took over and has 
implemented a new certification process. I wanted you to have a 
view of what it was like before and what it is like as we look 
into the future. Please give the EAC enough time to implement 
that.
    And the final one was on voting system source code. The ETC 
members are in agreement that we think there needs to be best 
practices put out there, and some type of an oversight of how 
source code is to be looked at. I have submitted, along with my 
testimony, from the ETC members that of Britain Williams, 
Kennesaw State University professor, with over 20 years of 
election experience. He has put together some recommendations. 
We embrace those as a good process to start that, and would ask 
the Chair and the committee to look at those.
    With that, I am open to any questions you would have.
    [The prepared statement of Mr. Groh follows:]
    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    
    
    Mr. Clay. Thank you very much for that testimony.
    And last, but not least, Dr. Golden. Thank you for your 
patience and thank you for being here.
    Ms. Golden. Not a problem at all. You just saved the best 
for last, right? I assumed that.

                   STATEMENT OF DIANE GOLDEN

    Ms. Golden. I am here to talk about accessibility for 
people with disabilities. I am not here to support or oppose 
paper, electronic, combinations. It doesn't really matter to me 
as long as the system delivers accessibility for people with a 
broad range of disabilities.
    A couple of principles. If indeed you are going to use a 
paper ballot for security reasons, and it is a determinant 
ballot of record that can be counted as an official ballot, 
then it has to be accessible. I can't emphasize that enough. 
There are actually, most recently a report by NIST to the 
Technical Guidelines Development Committee of the EAC that 
suggested that perhaps it wasn't important for people with 
disabilities to verify their paper ballot; that it would be 
enough for people without disabilities to verify ballots and 
that should be sufficient. I can just tell you in no uncertain 
terms that is not going to be sufficient.
    If a paper ballot is going to be used, it needs to be able 
to deliver the same access features as one can get from an 
electronic ballot. Unfortunately, if I am the wet blanket in 
the room, electronic information is very, very easy to make 
accessible. Paper is much more challenging to be made 
accessible. In order to manipulate the information on paper, 
you pretty much have to convert it into an electronic form so 
that you can deliver accessible media and formats.
    So what we are faced with right now are, as people have 
talked about previously, two primary voting systems: DRE 
electronic voting systems, with paper added in a printer form; 
or ballot marking devices where the vote starts and ends as 
paper. The person with a disability interacts with both of 
those electronically, so there is a wide range of access 
features. Blind people can use the tactile audio ballot. People 
with low vision can use enlarged print. People with motor 
disabilities can use switch input, large tactile input, and 
mark the ballot with very little motor skills involved.
    Unfortunately, both of those current systems have glaring 
accessibility problems. If you start out with a base DRE and 
add a printer, the print on the paper needs to be accessible 
some way. The only way to do that is to scan it back in and 
reproduce it electronically so that someone with low vision can 
see it in large print, and someone who is blind can get it 
auditorily. Right now, we don't have any DREs with VVPATs that 
have that capacity. So for all of the jurisdictions that 
currently provide DREs with VVPATs, and Missouri is one of 
them, people with disabilities can't verify the print on that 
paper. If that becomes a determinative vote of record, then the 
person with the disability never was able to verify the actual 
vote.
    Ballot marking devices have their own problem. The vote 
starts and ends paper, so I take my paper ballot, insert it 
into the ballot marking device. I interact with it 
electronically. It marks my ballot for me, but then it spits it 
back out to me and I have to physically handle it. I have to 
reinsert it in that machine or insert it in a precinct counter 
to verify. I may have to insert it in a ballot box to finally 
cast it. All of that takes motor skills that if I am a 
quadriplegic I don't have.
    So for both of the systems that we have out there that have 
paper, we have access problems. The situation facing people 
with disabilities who have voted on paperless systems is they 
have had pretty much complete accessibility available. By 
adding paper back into the voting process, we have reintroduced 
access barriers.
    Are they solvable? Yes. We can solve these. People have 
been doing assistive technology for years, and we have ways of 
solving these problems. As was pointed out, it is going to take 
time and money to do that. So in terms of any kind of paper 
mandate, whether it is at a State level, and Missouri is one of 
the States where we pretty much have a paper mandate, we need 
to address this and we need to address it quickly, and we need 
to make sure it gets done so that we have not again 
disenfranchised people with disabilities by deciding that paper 
is the way we need to go for security purposes.
    With that, I will close and I am more than willing to 
answer questions.
    [The prepared statement of Ms. Golden follows:]
    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    
    
    Mr. Clay. Thank you very much, Dr. Golden.
    Now, we will move to the question period. My first question 
is for both Dr. Rubin and Mr. Groh. Let me ask you, would you 
agree that a major flaw in the EAC's voting system guidelines 
is the lack of prescribed standards or guidance for testing or 
maintaining commercial off the shelf software or products in e-
voting systems? And have you and your colleagues at the 
ACCURATE Center sought to offer recommendations for 
establishing such a requirement. I know Mr. Groh pointed to 
some documentation he was going to leave with the committee.
    Mr. Rubin, first.
    Mr. Rubin. Thank you.
    Sir, that is outside of the charter of what ACCURATE does. 
We have been funded by the National Science Foundation to do 
research, outreach and education. We did provide I believe a 40 
page document of feedback to the EAC on their proposed VVSG. I 
don't think that software, whether COTS or whether a specific 
voting application software, can be tested for security the way 
you would test it for humidity or for dropping or for any other 
things like that. I think voting machines need to be red team 
tested and I don't feel that the VVSG offers the kind of 
standards that would need to be prescribed to properly test a 
system like this for security.
    Mr. Clay. Mr. Groh.
    Mr. Groh. Again, I will not claim to be a computer 
scientist or expert, so I acquiesce a little bit to what Dr. 
Rubin would bring up. But I would like to answer from a 
different perspective. That is that the EAC was working as hard 
as they could, as fast as they could, trying to develop the 
2005 voluntary voting system guidelines to replace the 2002. 
They almost had a challenge that was not going to be met. Part 
of that is when you begin to dig into this, there are many, 
many moving parts, and many, many individuals or stakeholders 
in this from voters to local election officials, Secretaries of 
State, the disability community, the vendors.
    When that process took place, what they did is they had to 
rush that. So if you look at the time line that the NIST and 
the Technical Guidelines Development Committee worked under, 
they had to shortcut and come up with something to deliver in 
May 2005, so that they could get something implemented. They 
were racing to the finish line. They now have started on the 
second round of that, and they are going through the next 
iteration. I believe it is in that they will do a much better 
job of coming up with standards around it.
    So a lot of the standards that you see were left off, were 
left off knowingly because they were going to be out of time, 
or they would have still not had them released.
    Mr. Clay. Thank you so much for that response.
    Dr. Golden, can you specify how current and available 
technology can provide a verifiable audit trail for those 
needing assistance? Wouldn't the use of barcoded information 
from a paper ballot machine provide accessibility, while also 
ensuring the privacy of the voter's ballot? Are there other e-
voting system options that can be employed in order to provide 
both accessibility and reliability in the voting process?
    Ms. Golden. Thanks for the question about barcoding, 
because that always seems to come up. The interesting scenario 
with barcoding is again, you have the DRE that has an 
electronic vote, and then there is a secondary or parallel 
paper printed vote over here. If there is a barcode printed on 
that paper ballot, then yes, a scanner can either read human 
readable text, OCR scanning, or it can read a barcode. If 
indeed a person with a disability is verifying what is in the 
barcode, and that is actually what is being counted, then yes, 
it works beautifully.
    However, it the barcode isn't really the determinative 
ballot of record, if it is the human readable text, then the 
person with a disability needs to verify that human readable 
text. It could be that if the barcode is printed on the VVPAT 
specifically for the purpose of counting ballots, which is kind 
of I think why it was originally going to be placed there, it 
wasn't for accessibility purposes, if that is what is actually 
going to be counted by a scanner, then the person with a 
disability technically is the only one verifying what is going 
to be counted, because they are verifying what is in the 
barcode and all the sighted people are verifying the human 
readable print, and yet that is not what is being counted.
    So I guess the answer is barcodes would be a great idea if 
that is what is being counted, then I actually think people 
with disabilities come out way ahead, because they are probably 
the only people verifying what is going to be the actual 
countable record.
    So it all boils down to what is being counted, what really 
is the ballot, and what is going to be counted.
    Mr. Clay. Would you say that the most acceptable equipment 
now in the polling places would be the optical scan with the 
audible component on it? I mean, that is the one that election 
officials have demonstrated to me. They say that is the one 
that is widely accepted in the disabled community. Is that 
accurate?
    Ms. Golden. The two ``types'' of accessible machines most 
commonly used are the ballot marking device, which is what you 
are talking about, an electronic interface with an optical scan 
marked ballot; or a DRE with or without paper. They are 
probably about split even. I wouldn't have the data, but they 
are widely used, both of them, as accessible machines.
    The problem is with a ballot marking device you are 
disenfranchising people with motor disabilities, because they 
cannot physically handle that paper ballot through the process. 
DRE with a VVPAT, you are disenfranchising people with vision 
loss because they can't see the print on that paper.
    So in essence, your choices of accessible machines right 
now are which disability constituency group would you rather 
disenfranchise.
    Mr. Clay. That is a tough choice. [Laughter.]
    Ms. Golden. It is a great choice.
    Mr. Clay. Thank you for that response.
    Dr. Rubin, in your testimony, you discuss various 
vulnerabilities identified in the DRE machines used in Maryland 
since 2002. Can you offer us some detailed examples of the 
types of vulnerabilities identified or malfunctions that 
occurred in Maryland?
    Mr. Rubin. Sure. I also want to take this opportunity to 
comment on something that came up earlier today, where Maryland 
was used as an example of a place that would have to switch 
from DREs, part of that 180,000. The Maryland House and Senate 
have passed a bill to move by 2010 to all paper optical scan, 
so they would be going anyway, although the Governor has not 
signed that bill yet. I just wanted to mention that.
    Working as a poll worker in Maryland, I encountered in the 
September 2006 primary a lot of issues that had to do with the 
reliability of the electronic poll books. That is what received 
a lot of press. That is separate from the DREs. That is what is 
used to sign people in.
    There have been some problems of machine freezes, etc., but 
I don't know of any tangible, viewable security problem that 
has occurred. That said, I think that the kind of security 
problems that I worry about don't always manifest themselves in 
something noticeable.
    So the thought that if one of these machines accidentally 
had the wrong vote tally, there would be no way to know it. I 
think this is what we are seeing that happened when something 
actually visible occurred in Sarasota County. What I ask myself 
is, how do we know that in Maryland there wasn't a problem that 
just didn't occur in a way that was visible? If 5 percent of 
the votes were recorded for the wrong candidate, and everything 
falls within statistical exit polls, we wouldn't know.
    Mr. Clay. That is troubling, what you just said. So do you 
believe that there is a rate of error as far as miscounting 
votes?
    Mr. Rubin. I don't actually believe that. My concern is 
that whenever there is an election, there is often a dispute. 
You have a loser. You have everyone except one usually loses. 
And so there is often a challenge to the election. There are a 
lot of people in the community that don't feel that the right 
answer was obtained. We have a tradition of having recounts. 
With the DREs as we use them in Maryland right now, there is no 
way to perform these recounts, and there is no way to gain any 
assurance.
    That is a different question from, do I believe these 
mistakes have been occurring. I actually don't have any reason 
to believe that they have or have not been occurring, but I am 
concerned with the fact that we can never resolve an issue if a 
situation occurs where there is reason to doubt the outcome.
    Mr. Clay. And Maryland has attempted to correct this how?
    Mr. Rubin. So Maryland has had several times bills have 
come before the House and Senate. The most recent one calls for 
all paper ballots with ballot marking devices for 
accessibility, and optical scan for counting, and random 
audits. This bill, like I said, has passed the two houses in 
Maryland and is awaiting the Governor's signature.
    Mr. Clay. Thank you for that response.
    Mr. Groh, to what extent have voting system manufacturers 
assessed their capacity to modify and upgrade voting systems 
for the 2008 election? And furthermore, what are manufacturers 
doing now to project future demands on their resources and 
address their needs?
    Mr. Groh. I think the first thing that we have done is we 
have had a lot of sleepless nights. Part of it is when you 
don't know what you are going to be doing because there is not 
clear direction. You then continue to worry about it.
    All of us, though, are trying to come up with scenarios and 
try and second guess what those scenarios are, but until we 
know for a fact what things are going to be implemented, it is 
hard for us to hit a target that will move. In fact, that has 
been a lot of the issues that we were all challenged with 
during the implementation of the HAVA, of where people needed 
to get the products purchased and installed by January 1, 2006. 
That created a tremendous amount of a time constraint, and so 
many of us were rushing to the goal line when we would have 
liked to have had more time to have made corrections that we 
knew about, but we didn't have the time to do those things.
    So today, many of us are trying to address issues we saw in 
the 2006 election to make sure that they are ready for 2008. We 
are trying to address that. You need to understand, to do 
anything for 2008, I need to be ready to implement from my 
company's perspective in about November or October of this 
year. The first elections are in February 2008.
    We will be doing early balloting and voting on that will 
happen 45 days in advance. If you back up ballot layout, ballot 
proof, logic and accuracy, public testing and so forth in 
there, you run yourself out of time. So getting through a 
certification process on new technology between now and 2008, 
it is going to be impossible to do.
    Mr. Clay. In light of the dysfunctional processes 
identified in the current lab certification process for 
systems, what are your views on the EAC's current voting system 
certification process?
    Mr. Groh. The process the EAC is implementing is a much 
more rigorous level. It is like, to use an analogy, it is like 
stepping from high school basketball to professional 
basketball. It has that kind of a differential.
    To implement that, you can't implement it overnight. So 
they are going through a process right now of certifying the 
labs under a NIST program called NAVLAB, which is a national 
laboratory certification program that they put them through. 
That is the piece that you were challenging Commissioner 
Hillman to earlier about what they found out in their 
evaluation of CIBER to meet that new test lab process.
    We right now are seeing from a manufacturer's standpoint 
there is a constraint or there is a keyhole that we are trying 
to go through in the test labs. There are only two of them 
available. We can't get all of our product, that is stacked up 
there like airplanes waiting to land, through those two. We 
know that NAVLAB will free that up, but you have to give them 
enough time to get the NAVLAB program in place to get enough 
laboratories available.
    Mr. Clay. Has the ETC developed its own recommendations for 
improving the system?
    Mr. Groh. Yes, we have. We submitted from the May timeframe 
of 2005, when NIST and TGDC presented their recommendations on 
the VVSG, we were part of helping them develop and answer 
questions. We were allowed to provide comments, and we are 
continuing to work in the process of the new programs that they 
are looking at, the new VVSG standards and the certification 
process.
    Mr. Clay. As a final question for you, are the threats to 
voting system security changing? And what more needs to be done 
to understand and address the threats?
    Mr. Groh. Dr. Rubin's ACCURATE organization is doing some 
of that because they are looking at how voting systems and the 
voter interface and interact. There are probably four or five 
other organizations that are doing the same thing.
    From the vendors perspective, we do think this is an end to 
end process. So from the time that we develop a product, Q/A 
it, run it through certification, there are a whole group of 
other activities that happen that are all part of 
certification, such as the State level. There are 36 States 
that do their own State-level certification on that is an 
enhanced version of it over the EAC's process.
    Additionally, there is acceptance testing done by the local 
election officials. There is chain of custody programs that 
they are implementing and putting into place under the EAC's 
guidance and direction.
    But to me, the biggest security principle that we have in 
this is the fact that these voting systems are used widely 
across the United States. They are not all one uniform, unique 
system. It is impossible to get access to all of these systems, 
to get in there and do something with them, because they are 
all different from each other. So that alone creates a layer of 
security in here that people don't recognize or see that is 
there.
    And then you have the citizenry that oversees it. The poll 
workers are voters and are citizens that are voting and using 
that. Hundreds of thousands of them work on this. You have 
local oversight into that through them.
    Mr. Clay. Thank you for that response.
    Dr. Rubin, in yesterday's PC World, there was an article 
about research being conducted at University College Dublin in 
order to develop a more secure e-voting software architecture 
through the use of open source software. Can you offer us an 
opinion on how the EAC could alter the current accreditation 
and certification process in order for it to become more 
transparent and reliable?
    Mr. Rubin. Sure. I am familiar with that article. I think 
that a lot of the attention that has been placed by people who 
are described in that article on open source in my opinion are 
somewhat misguided. You can have all kinds of bugs and security 
flaws in software that is open source, just as you can in 
software that is not open source.
    It is my belief that you are not necessarily much more 
likely to expect to find these problems in open source as you 
are in things that are not open source, because bugs are that 
difficult to find.
    In terms of what the EAC can do, I think following NIST's 
advice and striving for software independence. If we had a 
software independence system as defined by NIST, then it 
wouldn't really matter if the software was that secure, and it 
wouldn't really matter if the software was open or not, because 
software independence means that you are not depending on the 
software for security.
    So I don't want to sound like a broken record with respect 
to paper, but right now I can't think of a system that provides 
software independence that is not based on paper. I do think 
there are such systems in the works, and I am a big fan of the 
cryptographic systems that are being developed. I don't think 
that they are ready to be deployed in any precincts right now, 
but someday they will be.
    Mr. Clay. Can you offer us an opinion on how the EAC could 
alter the current accreditation and certification process in 
order for it to become more transparent and reliable?
    Mr. Rubin. I think that several things could happen. The 
EAC could require what is known as red team testing of the 
machines, which is different from the kind of testing them to a 
standard, where you get security experts and software experts 
to have a field day with these things in the lab and try to 
break them and find out where the weaknesses are. I think that 
is the best way to test security these days.
    Mr. Clay. Thank you for that response.
    Ms. Golden, as a final question, has the voting system 
vendor community been receptive to the needs of the disabled 
community? Are there adequate systems development efforts 
underway to improve the accessibility of voting systems under 
the new guidelines?
    Ms. Golden. Since I am sitting right next to Mr. Groh, I 
would never say no to that question, and in all fairness, the 
vendor community has I think worked very, very hard on 
accessibility.
    I will say the progress has kind of been in fits and 
starts, but some of that was very legitimate. First off, we 
didn't have good accessibility standards until the VVSG came 
out, which does provide a robust set of access standards that 
they could actually build to.
    In terms of accessibility, this is similar at least to 
architectural access. Until we had good architectural access 
standards that said door widths need to be X wide and slopes 
need to be this kind of slope, and grab rails need to go here, 
people didn't know how to build something accessible, so part 
of it had to do with standards.
    Part of it, too, quite frankly, is the vendor community did 
what seemed logical, which was they went to constituency groups 
of people with disabilities and asked them what they wanted. 
The classic example that I always give is a vendor who went to 
a bunch of blind folks who were very competent technology 
users. What they wanted is going to be very different from what 
older blind people who are not very technology savvy are going 
to want and need. So they built the system, and it did work 
very, very well for blind people who were technology savvy. The 
older blind population had a heck of a time figuring out a 10 
key pad and a this and a that.
    So some of it, too, was just not being familiar with the 
disability community as a very diverse group of people. Someone 
with ALS is very different from someone who is blind, who is 
very different from someone with cerebral palsy. Knowing that 
whole population, I think it has been a bit of a learning curve 
for the vendor industry.
    But yes, I would say they are very committed to it. I don't 
think anybody doesn't want people with disabilities to have a 
completely private independent vote.
    Mr. Clay. So the issues relevant to the disabled community 
are solvable by the industry, as long as they work together 
with the disabled community?
    Ms. Golden. Yes. And I think technologically, the solutions 
are there. It is just going to take us some time and money to 
get there, and a clear vision. Part of this has been too, we 
are going to do electronic votes; no, we are going to go back 
to paper. If we had been focused on paper all along, we might 
have been a little further ahead in this game, but we have gone 
back and forth. If paper is the game, then we just need to make 
it accessible. We have a couple of big issues to solve, and 
somebody just needs to get down to it, and solve it and be done 
with it.
    Mr. Clay. Thank you.
    Thank you for your response. Let me thank the panel for 
their response. I will allow anyone on the panel to make a 
closing statement, if you have any.
    Dr. Rubin, you may proceed.
    Mr. Rubin. OK. There is one thing I didn't get to in my 
opening remarks. I wanted to point out that DREs did break 
ground in accessibility, but that the accessibility features 
are not particular to DRE, and some of this has come out. I 
think the same accessibility features can be obtained with op 
scan using ballot marking machines and accessible verification 
technologies. I agree that a lot of work needs to be done to 
make that happen so it is usable in a precinct.
    I want to point out that the security community is not 
advocating compromising on accessibility, but rather preserving 
accessibility, but adding security and audit.
    Mr. Clay. Thank you for that.
    Mr. Groh.
    Mr. Groh. Yes. I would like to just close with a couple of 
things. The Election Technology member companies, we believe we 
are a stakeholder in this. The companies and all the employees 
that are involved in this, our aim has been always in the 
products that we build and the development we work with and the 
interfaces we have, whether it is with Secretaries of State or 
with the accessibility community, and that is a broad 
community. There are many, many organizations, but it has been 
to be responsive to all voters, the local election officials, 
State and Federal Government, and kind of in that order.
    We are also committed to providing safe, accurate, secure 
and reliable, accessible voting systems, but we need to know 
what that target is and we will build it. People are saying, if 
you build this, we will buy it or we will come. So that is what 
we want, and we need those definable solutions.
    The closing pieces would be you need to allow the time to 
do this. That has been, if I can say there is one root cause of 
many of the issues that we are dealing with today, we have 
never given it enough time to allow everybody to get to the 
table and hash and debate this out. There are many good ideas 
that can come out of that discussion, but we have always tried 
to do that in about a 2 month or 3 month window of time. It is 
not enough time.
    The other one is to encourage you to make sure you consider 
funding responsiveness on this, because the No. 1 competitor 
that I have experience being in this business since 1995, was 
not another competitor. It was the local election official 
saying, I don't have enough money. They knew they wanted better 
election equipment, but they had a school or a library or a 
road that needed to be done.
    HAVA allowed us to make a huge leap forward. Let's not 
throw that all away, but if we are going to spend the next 
round of money, let's do it very, very appropriately. We don't 
need to rush to the finish line on this one.
    Mr. Clay. Thank you so much, Mr. Groh.
    Dr. Golden.
    Ms. Golden. Since everybody else did something, of course I 
can't be outdone. I might as well.
    Mr. Clay. You might as well. Please do.
    Ms. Golden. Just a couple of quick points.
    One is to followup on a question you asked earlier about 
the Technical Guidelines Development Committee, and 
representation of accessibility interests. I talked with 
Commissioner Hillman a little bit after the closing of the 
first round. The disability community I think as a whole does 
have a bit of a concern with the degree to which accessibility 
interests are being discussed as part of the Technical 
Guidelines Development Committee. They are working on the next 
iteration of the VVSG, and yet again we are finding that 
security interests are trampling accessibility, for lack of a 
better way of describing it, and no one is at the table saying, 
wait a minute; I am not telling you not to do this, but if you 
do ``A,'' you have again diminished accessibility.
    The accessibility community just seems to always be playing 
catch-up behind the game. The train seems to be driven by the 
security issues, and it is always the afterthought, oh, oops, 
you mean if we require not only software independence, but 
hardware independence, then we also have caused another 
accessibility problem. Yes. So that continues to be a concern.
    And the second issue has to do with the testing facilities 
and labs. The EAC has a new process, much more rigorous. We 
have not seen the outputs of that process yet, but in terms of 
accessibility, I guess I am fearful again that we are not going 
to be adequately represented in terms of the skills and 
expertise in those labs.
    What I saw in the first round of conformance to the FEC 
2002 access standards, I would get a report, worked with 
Secretary of State Carnahan and our group. Missouri does 
certify equipment, in addition to national certification. When 
we looked at the equipment, I would see the testing lab report 
and it would say this piece of equipment conformed to this 
access standard, and yet I could tell it didn't. The vendor 
could tell it didn't. And yet, the certification statement 
said, yes, it conformed.
    So I am fearful, or at least I would like to hope that we 
have more expertise involved in judging conformance and 
evaluating conformance to the access standards. They are highly 
technical. You have to know something about people with 
disabilities and accessibility if you are going to judge 
conformance to those standards. I don't know enough about those 
labs to know if they have that kind of expertise or not, quite 
frankly.
    Mr. Clay. Thank you for that.
    Let me thank this panel, and the previous panel, for their 
expert testimony today on such an important subject to this 
committee, to this Congress, and to the American public, so 
that they can have confidence in their vote and ensure that it 
is counted accurately, and that they can have a better 
understanding of the electronic voting systems that each State 
administers.
    So I want to say thank you to this panel and the previous 
panel for their testimony.
    Without objection, the committee stands adjourned.
    Thank you.
    [Whereupon, at 5:55 p.m. the subcommittee was adjourned.]

                                 
