[House Hearing, 110 Congress]
[From the U.S. Government Publishing Office]
ENSURING FAIRNESS AND ACCURACY IN ELECTIONS INVOLVING ELECTRONIC VOTING
SYSTEMS
=======================================================================
HEARING
before the
SUBCOMMITTEE ON INFORMATION POLICY,
CENSUS, AND NATIONAL ARCHIVES
of the
COMMITTEE ON OVERSIGHT
AND GOVERNMENT REFORM
HOUSE OF REPRESENTATIVES
ONE HUNDRED TENTH CONGRESS
FIRST SESSION
__________
APRIL 18, 2007
__________
Serial No. 110-5
__________
Printed for the use of the Committee on Oversight and Government Reform
Available via the World Wide Web: http://www.gpoaccess.gov/congress/
index.html
http://www.oversight.house.gov
U.S. GOVERNMENT PRINTING OFFICE
35-768 PDF WASHINGTON : 2007
---------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government
Printing Office Internet: bookstore.gpo.gov Phone: toll free (866)
512-1800; DC area (202) 512-1800 Fax: (202)512-2250 Mail: Stop SSOP,
Washington, DC 20402-0001
COMMITTEE ON OVERSISGHT AND GOVERNMENT REFORM
HENRY A. WAXMAN, California, Chairman
TOM LANTOS, California TOM DAVIS, Virginia
EDOLPHUS TOWNS, New York DAN BURTON, Indiana
PAUL E. KANJORSKI, Pennsylvania CHRISTOPHER SHAYS, Connecticut
CAROLYN B. MALONEY, New York JOHN M. McHUGH, New York
ELIJAH E. CUMMINGS, Maryland JOHN L. MICA, Florida
DENNIS J. KUCINICH, Ohio MARK E. SOUDER, Indiana
DANNY K. DAVIS, Illinois TODD RUSSELL PLATTS, Pennsylvania
JOHN F. TIERNEY, Massachusetts CHRIS CANNON, Utah
WM. LACY CLAY, Missouri JOHN J. DUNCAN, Jr., Tennessee
DIANE E. WATSON, California MICHAEL R. TURNER, Ohio
STEPHEN F. LYNCH, Massachusetts DARRELL E. ISSA, California
BRIAN HIGGINS, New York KENNY MARCHANT, Texas
JOHN A. YARMUTH, Kentucky LYNN A. WESTMORELAND, Georgia
BRUCE L. BRALEY, Iowa PATRICK T. McHENRY, North Carolina
ELEANOR HOLMES NORTON, District of VIRGINIA FOXX, North Carolina
Columbia BRIAN P. BILBRAY, California
BETTY McCOLLUM, Minnesota BILL SALI, Idaho
JIM COOPER, Tennessee ------ ------
CHRIS VAN HOLLEN, Maryland
PAUL W. HODES, New Hampshire
CHRISTOPHER S. MURPHY, Connecticut
JOHN P. SARBANES, Maryland
PETER WELCH, Vermont
Phil Schiliro, Chief of Staff
Phil Barnett, Staff Director
Earley Green, Chief Clerk
David Marin, Minority Staff Director
Subcommittee on Information Policy, Census, and National Archives
WM. LACY CLAY, Missouri, Chairman
PAUL E. KANJORSKI, Pennsylvania MICHAEL R. TURNER, Ohio
CAROLYN B. MALONEY, New York CHRIS CANNON, Utah
JOHN A. YARMUTH, Kentucky BILL SALI, Idaho
PAUL W. HODES, New Hampshire
Tony Haywood, Staff Director
C O N T E N T S
----------
Page
Hearing held on April 18, 2007................................... 1
Statement of:
Carnahan, Robin, Secretary of State, State of Missouri; Avi
D. Rubin, technical director, Information Security
Institute, Department of Computer Science, Johns Hopkins
University; John S. Groh, vice president, Election Systems
and Software International, and chairman, Election
Technology Council; and Diane Golden, director, Missouri
Assistive Technology Council, on behalf of the National
Association of Assistive Technology Act Programs........... 83
Carnahan, Robin.......................................... 83
Golden, Diane............................................ 98
Groh, John S............................................. 93
Rubin, Avi D............................................. 89
Hillman, Gracia, Commissioner, U.S. Election Assistance
Commission; and Randolph Hite, Director, Information
Technology Architecture and Systems, U.S. Government
Accountability Office...................................... 16
Hillman, Gracia.......................................... 16
Hite, Randolph........................................... 34
Letters, statements, etc., submitted for the record by:
Carnahan, Robin, Secretary of State, State of Missouri,
prepared statement of...................................... 85
Clay, Wm. Lacy, a Representative in Congress from the State
of Missouri, prepared statement of......................... 4
Golden, Diane, director, Missouri Assistive Technology
Council, on behalf of the National Association of Assistive
Technology Act Programs, prepared statement of............. 100
Groh, John S., vice president, Election Systems and Software
International, and chairman, Election Technology Council,
prepared statement of...................................... 95
Hillman, Gracia, Commissioner, U.S. Election Assistance
Commission, prepared statement of.......................... 18
Hite, Randolph, Director, Information Technology Architecture
and Systems, U.S. Government Accountability Office,
prepared statement of...................................... 36
Maloney, Hon. Carolyn B., a Representative in Congress from
the State of New York, prepared statement of............... 12
Rubin, Avi D., technical director, Information Security
Institute, Department of Computer Science, Johns Hopkins
University, prepared statement of.......................... 91
Sali, Hon. Bill, a Representative in Congress from the State
of Idaho, prepared statement of............................ 75
Turner, Hon. Michael R., a Representative in Congress from
the State of Ohio, prepared statement of................... 9
Yarmuth, Hon. John A., a Representative in Congress from the
State of Kentucky, prepared statement of................... 67
ENSURING FAIRNESS AND ACCURACY IN ELECTIONS INVOLVING ELECTRONIC VOTING
SYSTEMS
----------
WEDNESDAY, APRIL 18, 2007
House of Representatives,
Subcommittee on Information Policy, Census, and
National Archives,
Committee on Oversight and Government Reform,
Washington, DC.
The subcommittee met, pursuant to notice, at 2 p.m. in room
2154, Rayburn House Office Building, Hon. Wm. Lacy Clay
(chairman of the subcommittee) presiding.
Present: Representatives Clay, Hodes, Maloney, Sali,
Turner, Yarmuth, and Watson.
Staff present: Tony Haywood, staff director and counsel;
Alissa Bonner and Adam C. Bordes, professional staff members;
Jean Gosa, clerk; Nidia Salazar, staff assistant; Leneal Scott,
information systems manager; Jacy Dardine, intern; Jay
O'Callaghan, minority professional staff member; John Cuaderes,
minority senior investigator and policy advisor; and Benjamin
Chance, minority clerk.
Mr. Clay. The Subcommittee on Information Policy, Census,
and National Archives of the Committee on Oversight and
Government Reform will now come to order. Today's hearing will
examine issues relating to ensuring fairness and accuracy in
elections involving electronic voting systems.
Without objection, the Chair and ranking minority member
will have 5 minutes to make opening statements, followed by
opening statements not to exceed 3 minutes by any other Member
who seeks recognition.
Without objection, Members or witnesses may have 5
legislative days to submit a written statement or extraneous
material for the record.
Let me start off by saying good afternoon and welcome to
today's hearing. As we enter the 2008 election season, it is
essential that this subcommittee examine the use of modern
electronic voting systems and the potential vulnerabilities
associated with them. The principle of free and fair elections
is the foundation of our democratic Government. The
constitutional right to vote has enabled our Nation's citizens
to be stakeholders in the greatest democratic experiment the
world has ever known.
The need for uniform standards to govern Federal elections
became painfully clear in the weeks following the 2000
Presidential election in Florida. In response to news reports
of hanging chads, invalid punch card ballots and insufficient
controls over voter registration systems in Florida, Congress
passed the Help America Vote Act of 2002. HAVA is the first
comprehensive Federal law establishing requirements for the
administration of Federal elections.
These requirements cover voting system standards and voter
information and registration requirements. HAVA created the
Election Assistance Commission to serve as a national
clearinghouse for election information, to develop standards
for electronic voting systems, and to assist State and local
governments in their HAVA compliance efforts.
Research and development activities required by HAVA are
carried out by the National Institute of Standards and
Technology under the EAC's direction. To date, Congress has
appropriated over $3 billion to the EAC for these activities.
With grants from the EAC, many State and local jurisdictions
have attempted to improve the reliability and accuracy of the
voting process by replacing antiquated punch card or lever
machine systems with electronic voting systems such as direct
recording electronic or optical scan systems.
Unfortunately, numerous State and local governments have
reported significant problems with electronic systems. The
still-contested House election in Florida's 13th District is a
prominent example of how in some instances electronic voting
systems have produced unreliable results, raising concerns
among voting system experts, and causing distrust among voters.
Accordingly, I believe we should pursue two major goals in
moving forward with new electronic voting system requirements.
First, we should utilize technology that provides an
independent auditable voting record that can be verified by
election officials, such as a paper audit trail for DREs. In
addition, we should ensure that electronic voting system
standards meet the need for adequate privacy safeguards and
accessibility for the disabled. These efforts would help to
ensure that every vote is accurately counted.
Second, we must try to make the process for testing
software code more transparent. This would enable both the EAC
and election officials to determine which products are the most
secure, reliable and available in the marketplace. To do this,
I believe the EAC and the NIST should search for new
opportunities to partner with our federally funded research
community in order to improve our vulnerability testing and
certification practices.
Furthermore, the EAC should fully implement GAO's
recommendations for strengthening the commission's efforts to
become a true national clearinghouse for election
administration.
Unfortunately, the technological challenges we face are
compounded by problems with the EAC itself. Recent news reports
indicate that the EAC has failed to carry out certain
responsibilities required by HAVA. During the past week, the
New York Times and other publications have reported that the
EAC edited the findings of a Government-funded report on voter
fraud to support partisan efforts to mislead the public on the
pervasiveness of fraud.
Furthermore, we have learned that recent research on State
voter ID standards conducted by Rutgers University for the EAC
was rejected for questionable reasons. These developments
suggest that the bipartisan EAC may be improperly politicizing
their work. At the very least, it appears that the EAC has
strayed from its mandate to develop and disseminate vital
information on major election-related topics to the public in
an objective manner. As a result, I have serious concerns about
how the EAC is handling its stewardship role within our Federal
election system.
It is my hope that our witnesses today can address these
issues and offer recommendations to remedy the challenges we
face.
Testifying on our first panel will be Commissioner Gracia
Hillman of the Election Assistance Commission, and Mr. Randolph
Hite of the Government Accountability Office. Our second panel
includes four distinguished witnesses from both the public and
private sector: The Honorable Robin Carnahan, Missouri
Secretary of State; Professor Avi Rubin of Johns Hopkins
University; Mr. John Groh, vice president of Election Systems
and Software, and chairman of the Election Technology Council;
and Dr. Diane Golden of the Missouri Assistive Technology
Council.
I welcome all of our witnesses and look forward to an
informative and frank discussion on these issues.
Now I recognize the ranking member from Ohio, Mr. Turner.
[The prepared statement of Hon. Wm. Lacy Clay follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Turner. Thank you, Mr. Chairman. I appreciate your
holding this very important hearing.
Since the 2000 Presidential race, the Federal Government
has been actively involved in seeking a uniform, accessible
solution that helps ensure better elections. While overall,
voting systems may have improved, we should continue to
investigate our voting systems and make improvements when the
need arises.
After Congress passed the bipartisan legislation Help
America Vote Act in 2002, complaints arose regarding direct
recording electronic voting machines, which are commonly known
as touch screen voting machines used for elections in the
majority of States. The security and accuracy in vote recording
on these machines are of particular concern. Also, some
accounts claim the operation of DRE machines may be confusing
for some. To that end, we should address and resolve these
issues.
Mr. Chairman, this is one reason why today's hearing is so
important. We need honest feedback and thorough analysis of any
problems encountered in these new voting machines.
Mr. Chairman, I want to thank you for inviting a balanced
panel that will give us all sides of the story.
I appreciate the witnesses' testimony and I yield back the
balance of my time.
[The prepared statement of Hon. Michael R. Turner follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Clay. Thank you very much, Mr. Turner.
Are there any other Members who would like to have an
opening statement? Mrs. Maloney.
Mrs. Maloney. Thank you, Mr. Chairman. I thank Chairman
Clay and Ranking Member Turner for holding today's hearing
about an issue that deeply concerns me, the accuracy of our
Nation's voting systems.
Our representative democracy depends upon the integrity of
the voting system, and it is imperative that the machines are
secure and reliable. Questions have been raised about the
security and reliability of electronic voting systems,
including weak security controls and design flaws, among other
concerns.
In the 2004 election, millions of voters used electronic
voting machines that lacked a voter-verified paper audit trail.
Nationwide, the problems included broken voting machines and
inaccurately recorded votes, where in a few jurisdictions the
votes were switched from John Kerry to George Bush and vice
versa.
Maryland experienced so many problems with its electronic
voting machines in the September 2006 primary that its Governor
urged residents to vote with absentee ballots to ensure that
their votes were counted.
I support requiring voting machines to have a voter-
verifiable paper audit trail, and I am a cosponsor of H.R. 811,
the Voter Confidence and Increased Accessibility Act, which
would require a voter-verified permanent paper record or hard
copy.
The American people also deserve to know who is
manufacturing and controlling the voting machines they are
using, and if these machines are at risk for outside
manipulation.
Last year, I raised the possibility in front of the
Committee on Foreign Investment in the United States Review
Board of Smartmatic's purchase in 2005 of Sequoia Voting
Machines because of my concerns that a foreign government--in
this case, Venezuela--was investing in or owning the company
that supplies voting machines for U.S. elections.
CFIUS looks at national security threats. I can't think of
a larger national security threat than not having the total
integrity of your voting machines.
For a few years, questions surrounded Smartmatic about its
ownership and its possible ties and control by the Venezuelan
government. In December, Smartmatic announced that it would
sell Sequoia voting machines. There clearly were doubts about
this company, and as long as those doubts lingered, many people
would have legitimate questions about the integrity of those
voting machines.
It is time to institute procedures that ensure that
election results can be audited to ensure accuracy. If the
American public does not have faith that their votes will be
recorded accurately, they may decide to stay home on election
day, which would undermine our democracy.
I look forward to hearing the witnesses. Again, I can't
think of a more important issue that we could be looking at
than the integrity of our voting machines.
Thank you.
[The prepared statement of Hon. Carolyn B. Maloney
follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Clay. Thank you so much, Mrs. Maloney, for your opening
statement.
It is the policy of the committee to swear in all witnesses
before they testify. I would like to ask you both to please
stand and raise your right hands.
[Witnesses sworn.]
Mr. Clay. Thank you. Let the record reflect that the
witnesses answered in the affirmative.
Ms. Hillman, please proceed.
STATEMENTS OF GRACIA HILLMAN, COMMISSIONER, U.S. ELECTION
ASSISTANCE COMMISSION; AND RANDOLPH HITE, DIRECTOR, INFORMATION
TECHNOLOGY ARCHITECTURE AND SYSTEMS, U.S. GOVERNMENT
ACCOUNTABILITY OFFICE
STATEMENT OF GRACIA HILLMAN
Ms. Hillman. Thank you very much. Let me begin by saying
that EAC has submitted for the record extensive testimony
outlining the details of all of our programs that certify and
test voting systems, including the hardware and software. My
remarks will summarize some of the testimony.
Good afternoon, Chairman Clay, Ranking Member Turner and
all members of the subcommittee. My name is Gracia Hillman and
I am a member of the U.S. Election Assistance Commission. Mr.
Chairman, you asked me here today to discuss issues concerning
fairness and accuracy in elections that use electronic voting
systems. Today's hearing adds an important discussion to this
issue. Fairness and accuracy are crucial components in every
facet of elections. This applies to voter registration, casting
ballots, and certifying election results.
It is important to remember that whether we are discussing
a ballot box, an optical scan machine, or an electronic touch
screen voting system, people control fair and accurate
elections. There are lots of discussions about whether we can
or should trust electronic voting machines. States choose their
voting systems and some are now switching to optical scan
machines. However, we must remember that electronic technology
is not exclusive to a touch screen voting system. The counting
and casting of ballots on an optical scan machine is done
electronically, so we must cast a critical eye on all voting
technologies, and the system manufacturers and the testing
laboratories must join us in that endeavor.
Mr. Chairman, it is not enough to only examine the device
that people use to vote. We must remember that voting is a
human exercise. To that end, EAC focuses on the technical
functions and testing of voting systems, and at the same time,
we examine the human management of elections. America is in a
period of major changes in the technology of our voting system.
We know that electronic voting systems bring advantages. For
example, they enable us to meet the language and disability
access requirements of HAVA, and they prevent people from over-
voting a ballot.
However, if people do not trust these systems, if they
believe the systems can be compromised, then the advantages do
not mean very much. Nonetheless, it is important to point out
that to compromise a voting system, and I am talking about any
type of voting system, you must have two things: knowledge of
the system and unsupervised access to the machine and software.
Mr. Chairman, election officials follow security protocols
to prevent that access. I mean, really, no voting system should
be fully trusted unless election officials store them in a
secure location, prevent tampering, conduct independent logic
and accuracy testing, train its workers, audit the results, and
let the public observe the entire process.
EAC publishes guidelines on how to secure voting systems.
We emphasize that details and training matter in every facet of
elections. Just one person forgetting one detail, like
forgetting to bring election day supplies to the polling place
or not even showing up to open the polls, can make or break an
election.
Mr. Chairman, before closing I want to address the issue of
paper trail printing devices for DRE machines. As you know,
this device enables a voter to confirm his selections before
casting the ballot and presumably the paper could be used in
audits. I am not here to discuss whether Congress should
mandate paper trail. I do want to point out that depending on
what the particular requirements are, at least 180,000 DREs in
this country would have to be replaced or upgraded.
When you combine the introduction of new equipment, earlier
primaries, and the enormous tasks of recruiting and training
poll workers to meet a Presidential election year deadline,
which is only a year and a half from now, you have all of the
ingredients for a recipe for colossal confusion. That is why we
cannot discuss voting system technology in a vacuum. We must
also discuss and consider the human element.
I have spent my entire career working to make sure all
voters are treated fairly and that votes are counted
accurately. It is useful to question the use of electronic
voting systems. However, I urge you to not let electronic
voting divert our attention from issues such as voter
registration, participation and disenfranchisement.
It is my understanding that the committee likely has
questions for me about EAC matters, namely our research and
study work. I am prepared to answer your questions about my
testimony today and all of our other work.
Thank you for this opportunity.
[The prepared statement of Ms. Hillman follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Clay. Thank you so much for your testimony, Ms.
Hillman.
Mr. Hite, you may proceed. Would you summarize your
testimony for us within 5 minutes?
STATEMENT OF RANDOLPH HITE
Mr. Hite. Yes, sir.
Thank you, Chairman Clay.
In the wake of the 2000 and 2004 elections, GAO looked at
the national election process end to end, focusing on all
aspects of it, including the use of electronic voting systems.
Our most recent reports cast considerable light on the
challenges associated with these systems, so my testimony today
draws from those reports and I will summarize it by making five
points.
Point one, although voting systems play a major role in
elections, they are but one facet of a highly complex and
decentralized election environment that depends on the
effective interplay of people, processes and technology. As
such, when I think of a ``voting system'' I think of not only
the hardware and software, but also the persons who interact
with them and the rules that govern this interaction.
Point two, although security and reliability have arguably
taken center stage in the debate surrounding electronic voting
systems, other performance characteristics such as ease of use
and cost should not be overlooked. For example, certain DREs
have been found to have security vulnerabilities that can be
exploited, such as unencrypted files and no or easily guessed
passwords, and some lack a paper record.
At the same time, DREs can be more accommodating to voters
with disabilities, and they can protect against common voter
errors such as over-voting.
On the other hand, optical scan voting systems,
particularly central count systems, have a lower capital cost
than DREs and they offer a paper record. However, they can be
more challenging for voters with certain types of disabilities,
and they can create paper nightmares for jurisdictions that
have to accommodate multiple languages.
Point three, voting system security and reliability is a
function of how well each phase in the voting system life cycle
is managed at all levels of government. Simply stated, the
system life cycle begins with defining the standards that a
system is to meet. It is followed by vendor development and
associated vendor and government testing to ensure that the
standards are met. It ends with government acquisition and
operation and maintenance of the vendor systems. How well each
of these phases is executed will largely dictate how securely
and reliably the system performs on election day.
Since the 2004 elections, a range of concerns have been
voiced about the extent to which the activities associated with
each of these life cycle phases are being performed by all
levels of government and the system manufacturers.
Point four, given the highly decentralized nature of
elections, States and local jurisdictions play huge roles in
the life cycle management of voting systems. However, they have
not always ensured that important voting system management
practices are employed. Relative to the 2004 elections, we
surveyed the 50 States and the District of Columbia, a sample
of 788 local voting jurisdictions, and we visited 28
jurisdictions. According to the responses we received, outdated
systems standards were sometimes being adopted and applied;
certain types of testing were widely performed, while others
were rarely performed; security management practices ranged
from rigorous to ad hoc; and the nature and type of security
controls ran the gamut.
Point five, the challenges associated with ensuring that
electronic voting systems operate securely and reliably during
an election are many and profound, but they are not like the
challenges related to relying on technology to support any
mission-critical government operation. However, the highly
diffused and decentralized nature of elections, in my opinion,
makes these challenges more formidable, as it requires the
combined efforts of all levels of government.
HAVA established the EAC and assigned it certain
responsibilities relative to these efforts. We have made
recommendations to assist the EAC in this regard, which it
agreed with. In general, these recommendations focused on
introducing greater transparency and accountability into the
EAC's activities by having them develop plans for each of its
areas of responsibility, that is, plans that defined what
actions will be done, when, at what cost, to what end, and what
outcomes will be achieved.
To the EAC's credit, it has continued taking important
action since our recommendations aimed at meetings its HAVA
responsibilities. However, we have yet to see the kind of
strategic planning that our recommendations envisioned.
This concludes my statement. I would be happy to answer any
questions that you have.
[The prepared statement of Mr. Hite follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Clay. Thank you very much. Thank you both for your
testimony.
Let me start with Mr. Hite. Mr. Hite, GAO's past work on
electronic voting systems highlights the need for vendors and
election officials to better manage this equipment throughout
the product life cycle. Have there been adequate best practices
or requirements promulgated under the VVSG guidelines or under
HAVA for stakeholders to follow?
Mr. Hite. The voluntary voting system guidelines that you
refer to in 2005, that take effect at the end of this year, is
a vast improvement over the standards that were in place prior
to this. Is it complete and comprehensive relative to the range
of security provisions that need to be in the standards? No. It
is a work in process in that regard, and it will need to evolve
over time.
Mr. Clay. Doesn't the lack of effective system standards
hinder the implementation of stronger stewardship best
practices?
Mr. Hite. Yes, sir. It is a key variable in that equation.
It is actually a double-edged sword. On the one hand, you want
to have the most up to date, robust, comprehensive standards
that you can have. At the same time, you have to consider the
capacity to implement those standards, and the impact it is
going to have on the States and the jurisdictions out there to
adjust their systems environment to comply with those
standards. It is not something that can be done overnight.
So you are trying to balance the two from a practical
standpoint in terms of the pace at which you are asking
jurisdictions to improve, and their capacity to improve.
Mr. Clay. Well, there is a problem that the standards were
not put in place initially, and that people didn't have many
guidelines to follow?
Mr. Hite. Absolutely. The root cause of this is that the
standards were pretty much stagnant for virtually a decade. So
we are trying to play catch-up relative to putting in place the
kind of quality standards that are needed.
Mr. Clay. Has NIST begun to research the larger issues of
electronic voting system architecture, as opposed to testing
and evaluation of current products on the market, in order to
address the inherent vulnerabilities in the systems currently
in use? Has that started to occur?
Mr. Hite. Sir, I don't have the answer to that because I
don't know. It kind of relates to the point that we were making
relative to creating more transparency around what is going to
be done, when, relative to getting to the desired end with
regard to standards in other areas.
Mr. Clay. Thank you for that response.
Ms. Hillman, it has been stated that individuals with
expertise and experience in assistive technology have not been
involved in discussions regarding voting security and in
judging conformance to accessibility standards. I know that Dr.
Diane Golden, who will testify on the following panel, has
provided testimony to the EAC and the TGDC.
Can you tell me, beyond this, to what extent has the EAC
tried to involve experts from the assistive technology
community in development of standards?
Ms. Hillman. Yes. On the Technical Guidelines Development
Committee, there are two members representing the Access Board,
and certainly concerns from the disability community are
brought to discussions of the voluntary guidelines through
their participation.
In addition, the EAC has met with members of the disability
community. One of the members of our Board of Advisors
represents the American Association of Persons with
Disabilities. And we post all of our draft guidelines out for
public comment. Of 6,000 comments we received, I know that
several hundred came from members of the disability community.
Mr. Clay. Thank you for that.
GAO has offered the EAC a list of open recommendations from
its 2005 report on the reliability of e-voting systems. Some of
these recommendations address critical topics such as the
NIST's work on software assurance and interim standards for the
certification of e-voting products. Does the EAC intend to
implement all of the GAO's recommendations? What is the status
of the commission's implementation efforts?
Ms. Hillman. As Mr. Hite indicated, we did agree with their
recommendations and we are certainly working to make certain
that our program to test and certify voting systems is done in
a way that does two things. It provides the rigorous testing to
assure election officials that the machines are compliant, and
that the process is as open and understanding to the public so
that we can get past some of the technicalities and the public
can appreciate the benefits of the Federal Government testing
and certifying machines.
The process is new. I think, as you know, the Election
Assistance Commission was set up in a way that we lost a good
year of operation before we could really begin our work, due to
lack of funding. But once that began, we have caught up. Our
certification program is in place. We have accredited
laboratories that are poised and ready to begin that testing.
Mr. Clay. Thank you for that response.
We have some additional Members that joined us. I will go
to the gentleman from Kentucky, Mr. Yarmuth. I understand you
have an opening statement.
Mr. Yarmuth. Thank you, Mr. Chairman. I will just submit it
for the record. That will be fine. I appreciate it.
[The prepared statement of Hon. John A. Yarmuth follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Clay. Would the gentleman care to ask questions?
Mr. Yarmuth. I think I will pass at this time. Thank you.
Mr. Clay. OK.
The gentleman from New Hampshire, do you have an opening
statement?
Mr. Hodes. Thank you, Mr. Chairman. I do have a brief
statement.
Mr. Clay. You may proceed.
Mr. Hodes. Thank you, Mr. Chairman.
I want to thank you for holding this important hearing on
fairness and accuracy in elections, with a focus on electronic
voting systems.
I also want to thank the panel for being here today. I look
forward to hearing the rest of your testimony, and your
testimony, sir.
Nothing is more critical to our democracy than the
integrity of our elections. After punch card ballots proved to
be ineffective for recounting votes in the 2000 Presidential
election, Congress took an important step toward ensuring the
accuracy of election results with the Help America Vote Act of
2002. In 2004, more voters than ever before used the optical
scan voting system that produces individual paper ballots, but
other electronic systems were shown to be flawed.
Today, the goal of effective standards for voting systems
still faces serious obstacles. As we work to ensure the
accuracy and security of Federal elections, we must be careful
not to preempt State and local election systems. In my home
State of New Hampshire, the optical scan systems, combined with
hand counting procedures, have produced accurate election
results. The Election Assistance Commission must ensure that
new standards do not threaten existing voting systems that
work.
Congress must remain committed to its role of oversight
over voting system standards and ensure that critical decisions
are made after careful consideration of possible consequences.
Finally, we must ensure that voting systems generate paper
voting records that are not susceptible to hackers and
electronic glitches.
Again, thank you for being here today. I look forward to
hearing your thoughts as we consider these important issues.
Thank you, Mr. Chairman.
Mr. Clay. Thank you very much.
The gentleman from Kentucky, would you care to ask
questions?
The gentleman from New Hampshire, do you have questions for
the witnesses? Mr. Hodes. You may proceed.
Mr. Hodes. Thank you, Mr. Chairman.
Commissioner Hillman, I serve on the House Financial
Services Committee. When one of my constituents goes to a bank
and makes a transaction, they get a paper receipt, in addition
to the electronic records the bank keeps. However, when a voter
casts a ballot in some States with a direct record electronic
voting system, there is no individual paper ballots that can be
used if a recount is needed.
Isn't it true that some DRE systems only require one
printout of all ballots cast, and not individual ballots that
can be recounted?
Ms. Hillman. Sir, it is true that all DREs require the
system to be able to print out a paper record of all
transactions that happened on that machine. That information is
contained within the system. Some of those systems have a
printer to produce a paper trail and many do not.
Mr. Hodes. Don't you think there should be a similar
individual paper record system for all individual ballots in
the transaction, especially since this isn't just a financial
transaction, but voting is the basis for our system of
democracy?
Ms. Hillman. EAC has made certain that our voting system
standards include guidelines for the use of a printer to
produce a paper trail. Many States through their legislative
actions already require such a paper trail. HAVA allows the
States to choose their own voting systems and to determine what
type of machine they will use. So EAC accepts the
responsibility to produce standards for all types of voting
systems.
Mr. Hodes. Has the EAC required individual paper records of
each ballot cast?
Ms. Hillman. No, we have not required that.
Mr. Hodes. Do you think that ought to happen?
Ms. Hillman. Congressman, I appreciate your question, but I
am also respecting the role that HAVA prescribes to the EAC and
to the States. It has left the decisionmaking of the manner in
which voting systems will be used up to the States. So at this
point, EAC has not seen it as its authority to tell States that
it must use a paper trail.
Mr. Hodes. So if the EAC doesn't have the authority and you
have left it to the individual States, it is essentially up to
Congress to legislate whether or not an individual paper record
for each ballot cast needs to be produced for every voter.
Ms. Hillman. With due respect, it was Congress who left it
up to the States to make the decision in the first place. EAC
doesn't have that authority, so we are not telling the States
that it is their responsibility. We are simply following what
the Help America Vote Act provides for.
Mr. Hodes. So my question was, therefore if Congress wanted
to change it and require an individual paper record for each
vote cast, it would be up to Congress to legislative that.
Ms. Hillman. It would, sir.
Mr. Hodes. For Mr. Hite, a question for you, sir. It is my
understanding that no one from the EAC has been asked to
testify before Congress since 2004. In your opinion, has
Congress done an effective job of providing oversight over the
EAC and its critical work to improve Federal election accuracy
in the last 5 years?
Mr. Hite. For an organization that works for the Congress,
that is really a loaded question for me to have to respond to.
One point of clarification, the EAC has testified since
2004 before committees of Congress. I have sat beside the
chairwoman here in doing that.
I would say that there has been extensive oversight with
respect to elections since 2004. There is a proliferation of
legislation associated with making changes to HAVA and other
aspects of the election process. So I would compliment the
Congress for the extent of the oversight that it has provided
to this area.
Mr. Hodes. I have one further question. Currently, it is my
understanding that the GAO recently reported that 44 States
have laws requiring some form of compliance with Federal EAC
VVSG guidelines or FEC voting system standards. What happens to
States such as New York when voluntary guidelines become
mandatory?
Mr. Hite. Are you asking if they are made mandatory by the
State?
Mr. Hodes. Yes.
Mr. Hite. Well, then the States have that prerogative to
adopt the guidelines and to treat them by reference as
mandatory requirements for their jurisdictions.
Mr. Hodes. What are the consequences from a management
perspective? It is my understanding that New York has not fully
complied with HAVA with regard to accessible voting machines,
but it doesn't have clear signals from the EAC as yet regarding
what voting system would be appropriate. It is caught, at least
as far as I understand it, between competing versions of the
2002 voting system standards, 2005 VVSG-1 and VVSG-2 in draft
forms.
Mr. Hite. I don't believe New York is in any different
position than other States. States have adopted different
versions of the standards. Not all States have adopted the 2005
standards. Some are using a combination. Some are using the
2002 standards.
So they are all faced with this dilemma of which standards
do we adopt, in light of the fact that standards are going to
evolve. There is going to be a next version of the standards.
So at what point do we adopt which version of the standard from
a practical standpoint to implement the systems in that
particular State or that particular jurisdiction?
Ms. Hillman. Sir, might I clarify about the standards?
Mr. Hodes. Please. Thank you.
Ms. Hillman. Before the establishment of the Election
Assistance Commission, the FEC had responsibility for adopting
standards. The last set of standards adopted by FEC was in
2002, at the same time the Help America Vote Act was being
debated by Congress. Those two things happened to come together
at the same time, but they were complementary.
What EAC has done since then, as required by HAVA, is to
develop what are now called the voluntary guidelines. Because
we had very limited resources and time, working with NIST, we
updated the 2002 guidelines on certain critical sections such
as security and accessibility for persons with disabilities. We
also did make sure that the 2005 guidelines included all the
HAVA requirements.
Working with the States, it became important that the
effective date of our 2005 standards be such that the States
would have time to work with their suppliers to have systems
that met the standards. So we made the standards fully
effective December of this year.
In the meantime, States could still have their systems
certified to the 2002 standards, but that was not an EAC
responsibility. That was being done by an outside organization.
Beginning January of this year, EAC has fully implemented its
testing and certification program. We are now accrediting
laboratories to test against both the 2002 standards, as well
as our newer 2005 standards.
So it is true that for some States with laws that require
the Federal standards, they are having to change their State
law to accommodate that, but States have had 2 years to know
what the requirements of our 2005 standards are before they
become fully effective.
Mr. Clay. Thank you, Mr. Hodes. I appreciate that.
Mr. Hodes. Thank you, Mr. Chairman.
Mr. Clay. Let me preface my next question, Ms. Hillman, by
saying that I have the utmost regard for your lifetime history
in protecting people's voting rights throughout this country.
That is why the next question is rather troubling for me.
As you know, the New York Times and other newspapers have
reported on EAC efforts to alter the findings of a report
solicited by the Commission concerning the incidence of voter
fraud. In fact, a New York Times editorial on Sunday, April
15th, points out that only 86 people were convicted of voter
fraud since the Department of Justice began placing significant
resources into investigating voter fraud more than 5 years ago.
While I recognize that you are only one member of the
board, I think hearing your perspective on insight on how the
EAC made these decisions would be helpful to us as an oversight
body. The original draft report findings said that among
experts, ``There is widespread, but not unanimous agreement
that there is little polling place fraud.'' While the final
version stated that there is a great deal of debate on the
pervasiveness of fraud.
Why were the original findings altered?
Ms. Hillman. Thank you for the question. Before I answer,
let me just say that I have provided each member of the
committee with a copy of a statement that I issued yesterday on
this issue.
To put it in context, Mr. Chairman, the EAC commissioned
two individuals to work as special government employees, to
conduct research for us. We asked them to help define voter
fraud and voter intimidation, so that in a future study
everybody would know what we were studying; and second, to
compile research that would inform EAC on a future study and to
make recommendations from that research.
We did not have the time or the money to commission the
kind of study that would have allowed conclusions to be
presented. The consultants did provide a summary of
conclusions. Quite frankly, what would have been helpful if
that summary had said based on an interview with this person,
it is documented that there are concerns about intimidation of
minority voters in a particular State, and we think that is an
issue the EAC should look into; or several of the people
interviewed believe the following to be true and we think the
EAC should study that.
And so some of the conclusions they presented, which were
based on interviews with people, did not have data to support
the conclusion. As much as I would like to sit here and say
today that there is conclusionary evidence with respect to
fraud and voter intimidation, that particular report does not
provide us with that data.
Mr. Clay. Were there anomalies or flawed research
identified?
Ms. Hillman. The conclusions that you are referring to were
based on interviews with people. In addition to those
interviews, the researchers compiled several hundred court
cases. They did extensive review of news clips and other
articles. The conclusions were not tied to those clips and
articles. And so at the time that EAC adopted its report in
December, what I believe we were saying was, this is
information that helps us define what we will study and flags
for us the issues we need to look into.
I do not believe that the EAC could have reached agreement
on the conclusions that were offered by the researchers without
being able to validate those conclusions. And so as a result of
the very serious allegations that have been made, EAC has asked
its Inspector General to look into this matter on both the
voter fraud and intimidation study, as well as the voter ID
study so that Congress and the public and the commissioners can
know what the circumstances were.
Mr. Clay. I really find all of that peculiar that you all
are going to an internal investigation about the actions that
the Commission voted on. The Commission authorized the study by
Rutgers University, and then rejected its findings on voter ID
laws, citing flawed methodology. Perhaps there is something
wrong in the process there as far as how you go out and get
these studies?
Ms. Hillman. That would be a fair observation. With respect
to the Rutgers study, I know that some of my colleagues believe
that the methodology was flawed. I personally do not believe I
could pass judgment on the methodology used by Rutgers. What I
know is Rutgers didn't give me comparative data. For example, I
will just use your State, and I am making this up. If Missouri
had implemented new voter identification requirements in 2002
and there was an analysis of what those requirements were and
turnout in 2004, it doesn't tell me if those requirements alone
contributed to a rise or fall in voter participation unless I
can look at it, compared to 2000.
Mr. Clay. OK. I am not going to prolong this much further,
but you know what the effects are.
Ms. Hillman. I absolutely do, sir.
Mr. Clay. Are there intimidating effects of voter ID laws.
I mean, it takes us back to reconstruction. It takes us back to
figuring out how many jelly beans are in the jar, a literacy
test. And that is the impact of voter ID laws. I am just
surprised at the actions of the EAC when they are here to
protect America's voter.
I will recognize Mr. Sali for 5 minutes, sir.
Mr. Sali. Thank you, Mr. Chairman.
Ms. Hillman, are the States going to be able to meet the
requirements of the bill that is proposed by Mr. Holt before
the 2008 elections?
Ms. Hillman. In my testimony, I did indicate that there
will be at least 180,000 DRE voting systems in the country that
would have to be upgraded or replaced, depending on the
requirements of any legislation requiring VVPAT. And many
States have expressed to us concern that they would be able to
meet that requirement by the 2008 deadline.
Mr. Sali. Can you tell me what the major problems were that
the election officials and poll workers had in the 2000
elections in transitioning to the new electronic voting devices
and the requirements of the Help America Vote Act?
Ms. Hillman. Well, I think the overriding problem was one
of time, and that is when the systems were received by the
election officials using a brand new systems for the first time
in an election, the training of the people who would use the
system, the knowledge and experience to conduct the required
independent logic and accuracy testing, the capacity to be able
to test every machine. So a lot of what was experienced were
human resource and financial resource limitations.
Mr. Sali. And we will be repeating those again for 2008 if
we pass this bill. Is that correct?
Ms. Hillman. I certainly can't speak on behalf of the
States, but I can say I have heard loudly and clearly from
States a concern that unless such a requirement is phased in,
States would have a major resource challenge to be able to meet
any mandate.
Mr. Sali. Is it more expensive to meet language
requirements for ballots on an optical scanner or on a DRE?
Ms. Hillman. It would be more expensive to do it on an
optical scan because of the design and printing of the ballots.
Whereas on the DRE, it is programming.
Mr. Sali. Mr. Hite, has the GAO looked at the fiscal impact
on State and local governments if Congress passes this bill?
Mr. Hite. No, sir, we have not.
Mr. Sali. For either of you, are either of you aware of an
instance where a case has been found and confirmed of an
electronic voting machine that has been hacked into, if you
will, during an election?
Ms. Hillman. I have not any information that would suggest
that a DRE has been hacked into during an election while it was
in the custody of an election official. There have been such
experiments in controlled environments, which informs that the
key to that would be knowledge of the system and access to the
system.
Mr. Sali. Let me ask the question a little different way.
Are either of you aware of a situation where an electronic
voting machine was hacked and it changed the outcome of an
election or was raised as an issue in an election?
Mr. Hite. No, sir.
Ms. Hillman. No.
Mr. Sali. That is all I have, Mr. Chairman.
[The prepared statement of Hon. Bill Sali follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Clay. Thank you so much, Mr. Sali.
Now, we will go to the gentleman from Kentucky, Mr.
Yarmuth.
Mr. Yarmuth. Thank you, Mr. Chairman.
Could you, Ms. Hillman, offer us an opinion on how the EAC
could alter the current accreditation and certification process
in order for it to become more transparent and reliable?
Ms. Hillman. Are you talking about the accreditation of the
laboratories and the certifying of the systems? We are in
discussions with NIST about that. When we established our
certification process, we were in fact following the standard
protocols used by, for one example, NIST's Laboratory
Accreditation Program. What we realized is that it will be
useful to be able to provide updated information along the way
before a laboratory is accredited, if people are interested in
the status of that.
I am not sure what mechanism. We are looking at the posting
of information on the Web site, but what mechanism would be
useful and informative to be able to keep people informed
because the process takes several months to accredit a
laboratory.
And then similarly with the certification of the systems,
the laboratories conduct the testing and then they provide a
report to us. That report will be reviewed by technical
reviewers at EAC before the recommendation comes for any
certification. If there is concern that the machine go back for
testing, that will be done.
So we are looking at the process to see what is appropriate
within those stages to make information available to the public
about what the laboratory recommendation is at the time that it
is made.
Mr. Yarmuth. When you talk about 180,000 machines requiring
updating to bring them into compliance with the requirements,
and I guess part of it would depend on how extensive these
180,000 are or where they are, but would it make any sense to
try to focus on the concentration of voting machines? Or are
the electronic voting machines concentrated in, say, heavily
populated areas?
I understand the problem of requiring a lot of new
technology and updated technology in relatively small
communities, and maybe in some rural States. Is that a factor
in trying to get implementation of these requirements rolled
out faster? Is that something that we should be interested in?
Ms. Hillman. One way to respond to your question, sir,
would be to point out that the States of Maryland and Georgia
currently use statewide DREs without a paper trail, and both of
those States I think would be considered fairly heavily
populated with major urban areas.
In addition to that, the other large system without the
paper trail would be in the State of Florida. Beyond that,
there are jurisdictions all across the country. What is
important to look at would be the process a State would have to
go through to be able to acquire the equipment that would be
needed to produce the paper trail.
And so when I speak of the 180,000, depending on the
technical requirements would determine whether a system would
have to be upgraded or fully replaced, because some DRE systems
do not have right now a printer that could be attached to
produce the paper trail. So I think the timing and the
requirements of it are important.
My own personal opinion is that the ultimate requirement
should be in place with recognition if Congress were to pass
the law, with recognition of how long should be allowed for
States to meet that requirement.
Mr. Yarmuth. I yield back my time. Thank you.
Mr. Clay. Thank you, Mr. Yarmuth.
Mr. Hodes.
Mr. Hodes. Thank you, Mr. Chairman.
Commissioner Hillman, I am trying to understand as a new
Member some of the political dynamics at work around the issues
that you are dealing with. I would like your perspective.
I got a letter from my New Hampshire Secretary of State,
Bill Gardner. He indicated to me that the National Association
of Secretaries of State in 2005 passed a resolution calling on
Congress not to reauthorize the EAC after the 2006 general
election. He supported that resolution and supported sunsetting
the EAC, as was apparently called for in the original HAVA Act.
My sense is that he is concerned that the EAC will usurp
his right to control New Hampshire's successful paper ballot
system. Can you offer me any of your thoughts on what relations
have been between the EAC and the Secretaries of State, and how
you have responded to the concerns of the Secretaries of State
about ultimately who will control the integrity of the voting
system and how it has worked?
Ms. Hillman. Thank you for the question. Let me begin by
saying that the relationships with the National Association of
Secretaries of State is a very healthy one. We were there the
day that NASS adopted the resolution, and in fact we were
testifying the same day that they made the information
available to the House Committee on Administration.
What I will say from those discussions is that it was less
about the role of EAC, because HAVA has been very, very clear
about the delegation of responsibility for the administration
of elections to the States; that the Election Assistance
Commission was set up to assist the States in meeting the
requirements of HAVA. Along the line, we have to gather
information to do that. We do have full responsibility for the
testing and certification of voting systems, but again,
voluntary compliance on the part of the States.
We have a fiduciary responsibility to how States are
expending the funds, and we do receive annual reports from the
States, and our Inspector General is required to audit the
States. But that is with respect to making certain that States
have spent their money both in compliance with HAVA, as well as
in compliance with their own State HAVA plan.
I do believe that I am not mis-stating this, that the
States were more concerned about whether Congress would invest
more authority in EAC, than to the authority that EAC has now,
because we do not have the authority and we do not tell the
States what types of systems they should use. We cannot even
tell them what we think should be statewide standards for
provisional voting. Again, that is left to the States. They
determine the kind of testing and certification that will be
done on the voting systems used in their States.
So I am hopeful. I do believe, based on the ongoing
relations that we have with NASS, that issue is behind us.
Although I will say that I know that election officials, State
and local, are very concerned about what might be the next wave
of election reform and what the requirements will be on those
States.
Mr. Hodes. So if I understand what you have said, from your
perspective, the States' concern is that we in Congress would
give more power to the EAC and that is what the Secretaries of
State are concerned about.
Ms. Hillman. At that time. I do not believe that is a
continued concern, but that was in February 2005. That was 2
years ago.
Mr. Hodes. Have you heard any expressions of concern that
the EAC is a creature, if you will, of the executive branch,
with the President having the authority to appoint four
commissioners with essentially de facto regulatory authority
over the voting systems, although I hear your testimony that it
is voluntary and you are providing assistance and guidance. But
in essence, it seems you really are de facto having regulatory
authority over the voting system.
Have you heard any concerns that there are four
Presidential appointees, and that the Commission resides in the
executive branch, say, as opposed to in Congress?
Ms. Hillman. I have heard those concerns, nothing that the
EAC has been called upon to talk about necessarily. I think a
review of HAVA would show that while the commissioners are
Presidentially appointed, each commissioner candidate is
recommended to the President by the leadership of both the
House and the Senate.
Mr. Hodes. Do you see any downside in moving the EAC to
Congress in terms of where it resides, as opposed to the
executive branch?
Ms. Hillman. I can't say that I am an expert in government
operations, but it would seem to me that it might be difficult
for some of the work assigned to EAC to be done outside of the
Federal Government administration, for example, the issuance of
requirements payments or any funds to the States and the
monitoring of those funds, or the whole process of setting up
the voting guidelines and doing the testing and the
accreditation. I just don't know if a body of Congress should
be responsible for accrediting laboratories, testing voting
systems, and issuing the certifications. I don't know of
anything that has existed like that. Generally, those functions
are within Federal Government agencies.
Mr. Hodes. Thank you.
Ms. Hillman. Sure.
Mr. Hodes. Thank you, Mr. Chairman. I yield back.
Mr. Clay. Thank you, Mr. Hodes.
Mrs. Maloney.
Mrs. Maloney. Thank you, Mr. Chairman.
I would like to ask Commissioner Hillman, the CIBER
assessment report submitted to the EAC last summer documented
the entirely inadequate testing performed by CIBER and Wyle,
for that matter, on software used in over 70 percent of the
voting systems last November. These systems had been sold to
counties as having been tested and certified to Federal voting
system standards.
Once they learned that the software testing was woefully
inadequate, did the EAC inform elected officials, not to
mention the public, that would be using the equipment to count
the votes?
Ms. Hillman. Thank you, Congresswoman. I am just going to
glance at my counsel while I answer this question because what
I understand is that the certification was to assess the
capacity of CIBER to perform testing under our program. We did
not in that process assess or evaluate work they had done
previously, work that CIBER had done before EAC, what was done
for the National Association of State Election Directors.
So the report to us did not include evaluation of work they
had done previously, but rather whether or not they were
capable to perform under our certification program.
Mrs. Maloney. But didn't the report show that it was
inadequately tested? That is the point. The point was that it
showed it was inadequately tested. The question is, did you
inform anybody that it was inadequately tested?
Ms. Hillman. Again, Congresswoman, I don't believe the
report addressed prior work. It looked at their existing
procedures against our requirements. So I don't believe the
report that we received on CIBER informed us of inappropriate
or inadequate things they had done prior to our program.
Mrs. Maloney. I believe that it did, but we need to look at
it further.
Let me just ask Richard Hite, in 2005 the GAO recommended
that the EAC, ``improved management support to State and local
election officials by collaborating with the Technical
Guidelines Development Committee and the National Institute of
Standards and Technology to develop a process and associated
timeframes for sharing information on the problems and
vulnerabilities of voting systems.'' This is a GAO
recommendation.
I would like to ask you, Mr. Hite, do you feel it is the
role of the EAC to inform elected officials and the public of
problems encountered with voting machines, even if those voting
systems were not directly certified by the EAC? So should the
EAC, if they are aware of problems, inform the public and
elected officials?
Mr. Hite. As my written statement brings out, we believe
that any information that the EAC becomes aware of that would
be deemed credible and useful to election officials, regardless
of the source, whether it is from a vendor, whether it from an
independent authority, or whether it is from State and local
jurisdictions, that information should be disseminated under
their clearinghouse role.
Mrs. Maloney. So particularly problems encountered with the
machines should be definitely covered.
Mr. Hite. Yes.
Mrs. Maloney. Absolutely, probably more than any other
reason. So therefore, going back to my first question to
Commissioner Hillman, it was my understanding the CIBER
assessment report documented inadequate testing, so therefore
shouldn't that then have been given to the counties and to the
people with the voting machines? Maybe I will ask Mr. Hite the
same question. Do you think they should have informed election
officials and the public that would be using these machines
that the CIBER assessment report said they were inadequately
tested?
Mr. Hite. For me to answer the question, I would have to
have some knowledge into the particular reports that are being
talked about. I have not seen those and I don't know the time
line.
Mrs. Maloney. OK, we will get them to you, then, and maybe
you can get the answer back to us. OK? Thank you.
Mr. Clay. Thank you very much, Mrs. Maloney.
Mrs. Maloney. We have been called for a vote, Mr. Chairman.
Are you aware?
Mr. Clay. Yes, I am.
That will conclude the testimony from panel one. Thank you,
Ms. Hillman and thank you, Mr. Hite, for your testimony. You
may be excused.
Ms. Hillman. Thank you.
Mr. Clay. I would like to now invite our second panel of
witnesses to come forward. We have a series of six votes that
follow. I would like to swear in the witnesses and possibly get
their opening statements going. And then we will recess the
hearing and reconvene. With six votes, it is going to take
about an hour.
Mrs. Maloney. An hour?
Mr. Clay. An hour, I would bet you. So let's see what we
can get in now.
If the next panel could come forward and make some brief
opening statements, and then we will recess and make our votes.
Our second panel is here with us today to address issues
relating to electronic voting. Our first witness is the
Honorable Robin Carnahan, who is Missouri's Secretary of State.
Our second witness is Avi Rubin, Ph.D, technical director of
Information Security Institute, Department of Computer Science,
Johns Hopkins University; and Mr. John S. Groh, vice president,
Election Systems and Software International, and chairman,
Election Technology Council. Our fourth and final witness is
Ms. Diane Golden, Ph.D, director of the Missouri Assistive
Technology Council, on behalf of the National Association of
Assistive Technology Act Programs.
Welcome to all of you. It is the policy of the Committee on
Oversight and Government Reform to swear in all witnesses
before they testify. At this time, I would like to ask you to
stand and raise your right hands.
[Witnesses sworn.]
Mr. Clay. Thank you. Let the record reflect that all the
witnesses answered in the affirmative.
We will start with Ms. Carnahan, if you could please give
us a brief summary of your testimony.
STATEMENTS OF ROBIN CARNAHAN, SECRETARY OF STATE, STATE OF
MISSOURI; AVI D. RUBIN, TECHNICAL DIRECTOR, INFORMATION
SECURITY INSTITUTE, DEPARTMENT OF COMPUTER SCIENCE, JOHNS
HOPKINS UNIVERSITY; JOHN S. GROH, VICE PRESIDENT, ELECTION
SYSTEMS AND SOFTWARE INTERNATIONAL, AND CHAIRMAN, ELECTION
TECHNOLOGY COUNCIL; AND DIANE GOLDEN, DIRECTOR, MISSOURI
ASSISTIVE TECHNOLOGY COUNCIL, ON BEHALF OF THE NATIONAL
ASSOCIATION OF ASSISTIVE TECHNOLOGY ACT PROGRAMS
STATEMENT OF ROBIN CARNAHAN
Ms. Carnahan. Thank you, Mr. Chairman. It is an honor to be
here with you today. As one of your constituents, I am pleased
to see you up in the Chair.
I am Secretary of State Robin Carnahan of Missouri. It is
my job as the chief elections officials in my State to ensure
that elections are run in a fair, secure, and accurate way. I
want to share with you today some of the things that happened
in the 2006 election.
By all accounts, the election in Missouri was one that was
fair and accurate and secure. Over 2 million people voted. That
was 53 percent of the vote. In most instances, it went
efficiently and smoothly. This was particularly noteworthy
because of all the changes that were required after the Help
America Vote Act and the new machinery that was put in place.
I will be clear: elections in Missouri are run locally.
They probably are that way in your State as well. Locally
elected public officials run those elections in most places. In
the larger metropolitan areas, there are appointed election
boards. What we have done is documented the instances of
problems that happened in the election, but also the successes.
We put out a report about that, and we have a copy that we have
submitted for the record. It is called Voters First: An
Examination of the 2006 Mid-Term Election in Missouri.
The successes were clear. We were able to implement the
HAVA changes in a way that was fair and accurate. We got rid of
punch card ballots. We got the new optical scan and DRE
equipment. This new equipment was accessible for people with
disabilities. We had the most accurate voter lists we have ever
had in the State of Missouri.
So there were significant improvements. But there were also
some issues, and I want to identify what a couple of those
were. The first and clearest and most obvious was that there
were long lines at the polls. It took people a long time to
vote. It stemmed from a number of things, in part because of
the new machinery, in part because of a need for more training
of poll workers, in part because there were some places that
ran out of ballots.
We have a number of recommendations that we have put
forward about how we can deal with those issues, including
having early voting in our State, as well as ensuring that
there are adequate numbers of paper ballots for every person
that can go and vote there.
There were also some issues surrounding some of the new
voting equipment. We have 116 election jurisdictions in
Missouri. The primary voting system is an optical scan paper
ballot. There is a DRE in every voting precinct, as required by
HAVA. But unlike other States, we have paper trails for every
vote that is cast in Missouri.
In the main, that equipment worked well. There were some
problems, but in the main the equipment worked well. I will
also tell you that we did a statewide recount already, using
those paper trails, including the paper trail on the DRE
machine in our August primary election. It did not change any
results.
My recommendations on this front are that we need to have
people obviously more familiar with the new machines and the
poll workers in particular who are familiar.
Another common theme that we saw was that there was some
misinformation. There were issues surrounding this in our State
because there were changes in what the voting requirements were
going to be and what kind of ID was required. One out of five
complaints that we got in our office were about the wrong ID
requirements being asked for at the polls.
There were a couple of registration issues that we saw, but
there are a number of ways I think we can address those.
Congressman, we have talked about those, some being automatic
voter registration when you get a driver's license with the
DMV, or also same day registration, which is being looked at in
a number of States.
I know that you all are looking at a number of changes, the
Holt bill and others, that will affect elections and how they
are run. I would just stress to you to keep in mind the
principles that the National Association of Secretaries of
State have put forward. Let me just quickly go over those.
The first is to avoid preemption of State authority.
Obviously, elections are run locally. If you all are going to
take over the election process, that is a big change in our
country and it will take money to do that. The second is
provide reasonable timeframes for implementation, and don't do
things that raise expectations that can't actually be met by
the local election officials.
Third is to gather in put from people who actually run the
elections on the ground before you make any of these changes.
And of course, guarantee full funding for any mandates that
come down. And finally, to encourage the use of maximum
flexibility once you set the goal, let the States figure out
how to meet those goals.
That is all I have to say today. I know that you all need
to get away.
[The prepared statement of Ms. Carnahan follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Clay. Thank you so much, Madam Secretary, for that
abbreviated presentation.
We will try Dr. Rubin, and see how far we can go. You may
proceed.
STATEMENT OF AVI D. RUBIN
Mr. Rubin. Thank you very much, Mr. Chairman and members of
the committee.
My name is Avi Rubin. I am a computer science professor at
Johns Hopkins University. My background and training are in the
area of computer security. In 2003, I made electronic voting my
primary research focus.
After reviewing the source code of the Diebold DRE voting
machine and finding serious security problems there, I also
published a report outlining the risks of these machines. After
that, I became an election judge and worked two primaries and
two general elections in Baltimore County to get a feeling for
the process, and understand exactly how it works from a non-
academic perspective.
I found that there were many other computer science
professors around the country like myself who were working on
electronic voting and for whom electronic voting was very
important. We decided rather than duplicating effort and
working everyone in their little island, to join forces and try
to create a center to study electronic voting. We made a
proposal to the National Science Foundation to establish the
ACCURATE Center. The Center was funded to the tune of $7.5
million over 5 years. I am the director of ACCURATE.
Our main focus is to explore the design space of voting
machines to better understand how the next generation of voting
machines can be designed. We also perform outreach into the
community by working on things like post-election audits like
we had in Sarasota County that we were involved with, and
working as election judges and poll workers and poll watchers.
Finally, we educate students by teaching courses that focus
on issues related to electronic voting.
The discussion of voting machines has focused primarily on
three types of technologies these days. Those are DREs, optical
scan paper ballots, and DREs with a voter-verified paper record
or paper trail. The primary difference between DREs and other
voting systems is that a DRE is a software application running
on a computer. It is typically running over the Windows
operating system, although not all do. There are no ballots.
The votes are kept on memory cards like the ones you might have
in a digital camera, and there is another copy usually kept in
the internal flash memory.
Now, optical scanners use software as well. DREs are not
the only ones that use software. They use software to read the
scanned images, to process the images, and to tally the votes.
But there are two important differences between the software in
a DRE and the software in an optical scanner. The first
difference is the amount of software. A DRE utilizes tens of
thousands of lines of code, and the DRE operating systems that
these DRE applications run on top of are typically millions of
lines of code. An optical scanner can be written on hundreds of
lines of code, so it is much simpler and easier to analyze.
The second difference is that DREs produce no ballots, so
they cannot be independently audited. Optical scanners can be
audited and the ballots can be recounted.
Let me take these two differences one at a time. First, the
amount of software. If you haven't programmed a computer, it is
hard to appreciate how different software is from anything
else. It is highly complex and they are hidden in our actions
between components and software. This is why some of the
problems you may run into in a software system might not be
replicable. You might have one section of software in a
particular State, and then another section of software in an
another State, and that combination of States creates an
unexpected output.
So you can find, and we often do see, that software systems
can misbehave in surprising ways that cannot be reproduced and
we cannot really understand exactly what happened. We can never
know that a software system is free of bugs. In the discipline
of software engineering, the No. 1 metric for how many bugs
there in a program is the number of lines of code. More
software means more bugs. So voting machines that have a lot of
software are going to have a lot more bugs.
I run short contests in my class where I have the students
write very small programs. I am talking five or six lines. And
then I have other students in the class try to evaluate these
programs and find any bugs that are inserted there on purpose.
I overwhelmingly find that it is much easier to create software
bugs and to hide bugs than it is to find them. Finding software
bugs is not something that can be done scientifically. It is an
art right now and it is an imperfect art.
I see that I am running out of time. I know you have
somewhere to be, so I am going to leave a lot of what I had to
say for the question and answer. But let me just wrap up by
pointing out that NIST defines the concept of software
independence, which is that a previously undetected change or
error in the software cannot cause an undetectable change or
error in election outcome. I think that is the right standard.
I think that there are going to be undetectable bugs in
software systems and we cannot have them affect the outcome.
The only way that I know of right now to actually achieve
software independence is with paper.
[The prepared statement of Mr. Rubin follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Clay. Thank you so much, Dr. Rubin, for that testimony.
Mr. Groh and Dr. Golden, the committee will recess now. We
will reconvene very shortly after the final vote. If you could
just bear with us, we will come back to you.
The committee stands in recess.
[Recess.]
Mr. Clay. The Committee on Oversight and Government Reform
will come to order. We left off with Mr. Rubin. We will go to
Mr. Groh. You may present your testimony.
STATEMENT OF JOHN S. GROH
Mr. Groh. Thank you, and welcome back.
I will dispense with a little bit of my background and who
I am, but I do represent the Election Technology Council as the
chairman. The member companies of the Election Technology
Council, we account for over 98 percent of the ballot
tabulation in the United States. So this is made up of the
people who are the stakeholders in supplying the technology to
the election community.
The other point I would make is my voice today is also a
voice of over 1,000 individuals that are citizens, voters and
employees of these vendor companies, who live in over 33
States. So we have a large constituency of individuals that
work in the voting industry and we are proud to have done that.
We all know that historically the 2000 election launched
for the first time a national debate on elections. I think
everybody was ready and it was well overdue that it happened.
This was not a surprise at what happened in 2000 to any of the
voting officials because they had been dealing with this for
years.
But I want to remind the subcommittee of a couple of key
dates, because I think we need to recognize that there were two
events going on. One is there was an old system that all of us
were operating under that was run by the National Association
of State Election Directors. This was then propagated by the
2000 election. We had some changes. So I would remind you that
in October 2002 is when HAVA passed, but it wasn't until March
2004 that the EAC first came into formation, a brand new
agency. It was very, very difficult to get traction and get
themselves going.
So there is a little bit of a reminder that the EAC has
done a lot. Have they done everything they could do? Absolutely
not, but they are on path to do all of it. It is just that they
have a lot to do.
We as the vendor community, we believe that there was one
single goal of HAVA. Actually, I would like to recant that and
say I think there were two. One was to ensure that every vote
counted, but I think a bigger one was to assure that every
voter is able to vote unassisted. That has been one of the
mantras of the vendor community, was to come up with
methodologies to allow everybody to vote. The ETC is open to
all companies that wish to be in this, so we are a pretty broad
group of individuals that are in this.
I want to talk a little bit about a few areas that the
committee has asked to hear about, and a couple that you
haven't. We do know that one of them is time. Time is a very
important element, and HAVA did not allow enough time. We would
recommend that anything that Congress does going forward,
please allow enough time for local and State jurisdictions to
implement that.
The second one would be the cost factor that goes into
anything that is being mandated or required of State and local
jurisdictions that in fact can happen.
And the third is to not give up and remove the accessible
voting strides that we have made in the last 2 or 3 years with
new technology that is out there.
Now, I will talk a little bit about some subjects that you
had asked for a little more detail. One of them was the area of
security. I am also going to talk about voting system
certification, and then also I want to divert a little bit into
source code and the area of the openness of source code.
One of the things around security that everybody is focused
on is trying to make the technology be something that handles
everything in the security. It can't. One must recognize that
security is an end to end process and you account for the
totality of circumstances that can impact the security element.
Prior speakers have all addressed that, and I think it is
something that we, as election vendors, also understand that
you have to have good practices. We have submitted along with
our testimony, the testimony of Donetta Davidson, Chair of the
EAC, that she provided I believe on March 15th. That is
attached to my testimony as a supplement to it.
To quote what she had put in hers, that the fundamental
election administration process is to protect the entire voting
process will always be important, even as voting technology
evolves. Focusing solely on the reliability of voting systems
is not enough, and Federal certification for the system cannot
take the place of solid, thorough management procedures at the
State and local levels to enure the system is managed and
tested properly. That is one of the things that we will
continue to talk about in our dialog with different committees.
If I move over to the certification process, one of the
things that certification is, they are on a path to launch a
new certification program. They just haven't had enough time to
get it implemented. All of us were working under the old
certification process run by NASED. I have provided for you two
diagrams, one pre-January 1, 2007, when EAC took over and has
implemented a new certification process. I wanted you to have a
view of what it was like before and what it is like as we look
into the future. Please give the EAC enough time to implement
that.
And the final one was on voting system source code. The ETC
members are in agreement that we think there needs to be best
practices put out there, and some type of an oversight of how
source code is to be looked at. I have submitted, along with my
testimony, from the ETC members that of Britain Williams,
Kennesaw State University professor, with over 20 years of
election experience. He has put together some recommendations.
We embrace those as a good process to start that, and would ask
the Chair and the committee to look at those.
With that, I am open to any questions you would have.
[The prepared statement of Mr. Groh follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Clay. Thank you very much for that testimony.
And last, but not least, Dr. Golden. Thank you for your
patience and thank you for being here.
Ms. Golden. Not a problem at all. You just saved the best
for last, right? I assumed that.
STATEMENT OF DIANE GOLDEN
Ms. Golden. I am here to talk about accessibility for
people with disabilities. I am not here to support or oppose
paper, electronic, combinations. It doesn't really matter to me
as long as the system delivers accessibility for people with a
broad range of disabilities.
A couple of principles. If indeed you are going to use a
paper ballot for security reasons, and it is a determinant
ballot of record that can be counted as an official ballot,
then it has to be accessible. I can't emphasize that enough.
There are actually, most recently a report by NIST to the
Technical Guidelines Development Committee of the EAC that
suggested that perhaps it wasn't important for people with
disabilities to verify their paper ballot; that it would be
enough for people without disabilities to verify ballots and
that should be sufficient. I can just tell you in no uncertain
terms that is not going to be sufficient.
If a paper ballot is going to be used, it needs to be able
to deliver the same access features as one can get from an
electronic ballot. Unfortunately, if I am the wet blanket in
the room, electronic information is very, very easy to make
accessible. Paper is much more challenging to be made
accessible. In order to manipulate the information on paper,
you pretty much have to convert it into an electronic form so
that you can deliver accessible media and formats.
So what we are faced with right now are, as people have
talked about previously, two primary voting systems: DRE
electronic voting systems, with paper added in a printer form;
or ballot marking devices where the vote starts and ends as
paper. The person with a disability interacts with both of
those electronically, so there is a wide range of access
features. Blind people can use the tactile audio ballot. People
with low vision can use enlarged print. People with motor
disabilities can use switch input, large tactile input, and
mark the ballot with very little motor skills involved.
Unfortunately, both of those current systems have glaring
accessibility problems. If you start out with a base DRE and
add a printer, the print on the paper needs to be accessible
some way. The only way to do that is to scan it back in and
reproduce it electronically so that someone with low vision can
see it in large print, and someone who is blind can get it
auditorily. Right now, we don't have any DREs with VVPATs that
have that capacity. So for all of the jurisdictions that
currently provide DREs with VVPATs, and Missouri is one of
them, people with disabilities can't verify the print on that
paper. If that becomes a determinative vote of record, then the
person with the disability never was able to verify the actual
vote.
Ballot marking devices have their own problem. The vote
starts and ends paper, so I take my paper ballot, insert it
into the ballot marking device. I interact with it
electronically. It marks my ballot for me, but then it spits it
back out to me and I have to physically handle it. I have to
reinsert it in that machine or insert it in a precinct counter
to verify. I may have to insert it in a ballot box to finally
cast it. All of that takes motor skills that if I am a
quadriplegic I don't have.
So for both of the systems that we have out there that have
paper, we have access problems. The situation facing people
with disabilities who have voted on paperless systems is they
have had pretty much complete accessibility available. By
adding paper back into the voting process, we have reintroduced
access barriers.
Are they solvable? Yes. We can solve these. People have
been doing assistive technology for years, and we have ways of
solving these problems. As was pointed out, it is going to take
time and money to do that. So in terms of any kind of paper
mandate, whether it is at a State level, and Missouri is one of
the States where we pretty much have a paper mandate, we need
to address this and we need to address it quickly, and we need
to make sure it gets done so that we have not again
disenfranchised people with disabilities by deciding that paper
is the way we need to go for security purposes.
With that, I will close and I am more than willing to
answer questions.
[The prepared statement of Ms. Golden follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Clay. Thank you very much, Dr. Golden.
Now, we will move to the question period. My first question
is for both Dr. Rubin and Mr. Groh. Let me ask you, would you
agree that a major flaw in the EAC's voting system guidelines
is the lack of prescribed standards or guidance for testing or
maintaining commercial off the shelf software or products in e-
voting systems? And have you and your colleagues at the
ACCURATE Center sought to offer recommendations for
establishing such a requirement. I know Mr. Groh pointed to
some documentation he was going to leave with the committee.
Mr. Rubin, first.
Mr. Rubin. Thank you.
Sir, that is outside of the charter of what ACCURATE does.
We have been funded by the National Science Foundation to do
research, outreach and education. We did provide I believe a 40
page document of feedback to the EAC on their proposed VVSG. I
don't think that software, whether COTS or whether a specific
voting application software, can be tested for security the way
you would test it for humidity or for dropping or for any other
things like that. I think voting machines need to be red team
tested and I don't feel that the VVSG offers the kind of
standards that would need to be prescribed to properly test a
system like this for security.
Mr. Clay. Mr. Groh.
Mr. Groh. Again, I will not claim to be a computer
scientist or expert, so I acquiesce a little bit to what Dr.
Rubin would bring up. But I would like to answer from a
different perspective. That is that the EAC was working as hard
as they could, as fast as they could, trying to develop the
2005 voluntary voting system guidelines to replace the 2002.
They almost had a challenge that was not going to be met. Part
of that is when you begin to dig into this, there are many,
many moving parts, and many, many individuals or stakeholders
in this from voters to local election officials, Secretaries of
State, the disability community, the vendors.
When that process took place, what they did is they had to
rush that. So if you look at the time line that the NIST and
the Technical Guidelines Development Committee worked under,
they had to shortcut and come up with something to deliver in
May 2005, so that they could get something implemented. They
were racing to the finish line. They now have started on the
second round of that, and they are going through the next
iteration. I believe it is in that they will do a much better
job of coming up with standards around it.
So a lot of the standards that you see were left off, were
left off knowingly because they were going to be out of time,
or they would have still not had them released.
Mr. Clay. Thank you so much for that response.
Dr. Golden, can you specify how current and available
technology can provide a verifiable audit trail for those
needing assistance? Wouldn't the use of barcoded information
from a paper ballot machine provide accessibility, while also
ensuring the privacy of the voter's ballot? Are there other e-
voting system options that can be employed in order to provide
both accessibility and reliability in the voting process?
Ms. Golden. Thanks for the question about barcoding,
because that always seems to come up. The interesting scenario
with barcoding is again, you have the DRE that has an
electronic vote, and then there is a secondary or parallel
paper printed vote over here. If there is a barcode printed on
that paper ballot, then yes, a scanner can either read human
readable text, OCR scanning, or it can read a barcode. If
indeed a person with a disability is verifying what is in the
barcode, and that is actually what is being counted, then yes,
it works beautifully.
However, it the barcode isn't really the determinative
ballot of record, if it is the human readable text, then the
person with a disability needs to verify that human readable
text. It could be that if the barcode is printed on the VVPAT
specifically for the purpose of counting ballots, which is kind
of I think why it was originally going to be placed there, it
wasn't for accessibility purposes, if that is what is actually
going to be counted by a scanner, then the person with a
disability technically is the only one verifying what is going
to be counted, because they are verifying what is in the
barcode and all the sighted people are verifying the human
readable print, and yet that is not what is being counted.
So I guess the answer is barcodes would be a great idea if
that is what is being counted, then I actually think people
with disabilities come out way ahead, because they are probably
the only people verifying what is going to be the actual
countable record.
So it all boils down to what is being counted, what really
is the ballot, and what is going to be counted.
Mr. Clay. Would you say that the most acceptable equipment
now in the polling places would be the optical scan with the
audible component on it? I mean, that is the one that election
officials have demonstrated to me. They say that is the one
that is widely accepted in the disabled community. Is that
accurate?
Ms. Golden. The two ``types'' of accessible machines most
commonly used are the ballot marking device, which is what you
are talking about, an electronic interface with an optical scan
marked ballot; or a DRE with or without paper. They are
probably about split even. I wouldn't have the data, but they
are widely used, both of them, as accessible machines.
The problem is with a ballot marking device you are
disenfranchising people with motor disabilities, because they
cannot physically handle that paper ballot through the process.
DRE with a VVPAT, you are disenfranchising people with vision
loss because they can't see the print on that paper.
So in essence, your choices of accessible machines right
now are which disability constituency group would you rather
disenfranchise.
Mr. Clay. That is a tough choice. [Laughter.]
Ms. Golden. It is a great choice.
Mr. Clay. Thank you for that response.
Dr. Rubin, in your testimony, you discuss various
vulnerabilities identified in the DRE machines used in Maryland
since 2002. Can you offer us some detailed examples of the
types of vulnerabilities identified or malfunctions that
occurred in Maryland?
Mr. Rubin. Sure. I also want to take this opportunity to
comment on something that came up earlier today, where Maryland
was used as an example of a place that would have to switch
from DREs, part of that 180,000. The Maryland House and Senate
have passed a bill to move by 2010 to all paper optical scan,
so they would be going anyway, although the Governor has not
signed that bill yet. I just wanted to mention that.
Working as a poll worker in Maryland, I encountered in the
September 2006 primary a lot of issues that had to do with the
reliability of the electronic poll books. That is what received
a lot of press. That is separate from the DREs. That is what is
used to sign people in.
There have been some problems of machine freezes, etc., but
I don't know of any tangible, viewable security problem that
has occurred. That said, I think that the kind of security
problems that I worry about don't always manifest themselves in
something noticeable.
So the thought that if one of these machines accidentally
had the wrong vote tally, there would be no way to know it. I
think this is what we are seeing that happened when something
actually visible occurred in Sarasota County. What I ask myself
is, how do we know that in Maryland there wasn't a problem that
just didn't occur in a way that was visible? If 5 percent of
the votes were recorded for the wrong candidate, and everything
falls within statistical exit polls, we wouldn't know.
Mr. Clay. That is troubling, what you just said. So do you
believe that there is a rate of error as far as miscounting
votes?
Mr. Rubin. I don't actually believe that. My concern is
that whenever there is an election, there is often a dispute.
You have a loser. You have everyone except one usually loses.
And so there is often a challenge to the election. There are a
lot of people in the community that don't feel that the right
answer was obtained. We have a tradition of having recounts.
With the DREs as we use them in Maryland right now, there is no
way to perform these recounts, and there is no way to gain any
assurance.
That is a different question from, do I believe these
mistakes have been occurring. I actually don't have any reason
to believe that they have or have not been occurring, but I am
concerned with the fact that we can never resolve an issue if a
situation occurs where there is reason to doubt the outcome.
Mr. Clay. And Maryland has attempted to correct this how?
Mr. Rubin. So Maryland has had several times bills have
come before the House and Senate. The most recent one calls for
all paper ballots with ballot marking devices for
accessibility, and optical scan for counting, and random
audits. This bill, like I said, has passed the two houses in
Maryland and is awaiting the Governor's signature.
Mr. Clay. Thank you for that response.
Mr. Groh, to what extent have voting system manufacturers
assessed their capacity to modify and upgrade voting systems
for the 2008 election? And furthermore, what are manufacturers
doing now to project future demands on their resources and
address their needs?
Mr. Groh. I think the first thing that we have done is we
have had a lot of sleepless nights. Part of it is when you
don't know what you are going to be doing because there is not
clear direction. You then continue to worry about it.
All of us, though, are trying to come up with scenarios and
try and second guess what those scenarios are, but until we
know for a fact what things are going to be implemented, it is
hard for us to hit a target that will move. In fact, that has
been a lot of the issues that we were all challenged with
during the implementation of the HAVA, of where people needed
to get the products purchased and installed by January 1, 2006.
That created a tremendous amount of a time constraint, and so
many of us were rushing to the goal line when we would have
liked to have had more time to have made corrections that we
knew about, but we didn't have the time to do those things.
So today, many of us are trying to address issues we saw in
the 2006 election to make sure that they are ready for 2008. We
are trying to address that. You need to understand, to do
anything for 2008, I need to be ready to implement from my
company's perspective in about November or October of this
year. The first elections are in February 2008.
We will be doing early balloting and voting on that will
happen 45 days in advance. If you back up ballot layout, ballot
proof, logic and accuracy, public testing and so forth in
there, you run yourself out of time. So getting through a
certification process on new technology between now and 2008,
it is going to be impossible to do.
Mr. Clay. In light of the dysfunctional processes
identified in the current lab certification process for
systems, what are your views on the EAC's current voting system
certification process?
Mr. Groh. The process the EAC is implementing is a much
more rigorous level. It is like, to use an analogy, it is like
stepping from high school basketball to professional
basketball. It has that kind of a differential.
To implement that, you can't implement it overnight. So
they are going through a process right now of certifying the
labs under a NIST program called NAVLAB, which is a national
laboratory certification program that they put them through.
That is the piece that you were challenging Commissioner
Hillman to earlier about what they found out in their
evaluation of CIBER to meet that new test lab process.
We right now are seeing from a manufacturer's standpoint
there is a constraint or there is a keyhole that we are trying
to go through in the test labs. There are only two of them
available. We can't get all of our product, that is stacked up
there like airplanes waiting to land, through those two. We
know that NAVLAB will free that up, but you have to give them
enough time to get the NAVLAB program in place to get enough
laboratories available.
Mr. Clay. Has the ETC developed its own recommendations for
improving the system?
Mr. Groh. Yes, we have. We submitted from the May timeframe
of 2005, when NIST and TGDC presented their recommendations on
the VVSG, we were part of helping them develop and answer
questions. We were allowed to provide comments, and we are
continuing to work in the process of the new programs that they
are looking at, the new VVSG standards and the certification
process.
Mr. Clay. As a final question for you, are the threats to
voting system security changing? And what more needs to be done
to understand and address the threats?
Mr. Groh. Dr. Rubin's ACCURATE organization is doing some
of that because they are looking at how voting systems and the
voter interface and interact. There are probably four or five
other organizations that are doing the same thing.
From the vendors perspective, we do think this is an end to
end process. So from the time that we develop a product, Q/A
it, run it through certification, there are a whole group of
other activities that happen that are all part of
certification, such as the State level. There are 36 States
that do their own State-level certification on that is an
enhanced version of it over the EAC's process.
Additionally, there is acceptance testing done by the local
election officials. There is chain of custody programs that
they are implementing and putting into place under the EAC's
guidance and direction.
But to me, the biggest security principle that we have in
this is the fact that these voting systems are used widely
across the United States. They are not all one uniform, unique
system. It is impossible to get access to all of these systems,
to get in there and do something with them, because they are
all different from each other. So that alone creates a layer of
security in here that people don't recognize or see that is
there.
And then you have the citizenry that oversees it. The poll
workers are voters and are citizens that are voting and using
that. Hundreds of thousands of them work on this. You have
local oversight into that through them.
Mr. Clay. Thank you for that response.
Dr. Rubin, in yesterday's PC World, there was an article
about research being conducted at University College Dublin in
order to develop a more secure e-voting software architecture
through the use of open source software. Can you offer us an
opinion on how the EAC could alter the current accreditation
and certification process in order for it to become more
transparent and reliable?
Mr. Rubin. Sure. I am familiar with that article. I think
that a lot of the attention that has been placed by people who
are described in that article on open source in my opinion are
somewhat misguided. You can have all kinds of bugs and security
flaws in software that is open source, just as you can in
software that is not open source.
It is my belief that you are not necessarily much more
likely to expect to find these problems in open source as you
are in things that are not open source, because bugs are that
difficult to find.
In terms of what the EAC can do, I think following NIST's
advice and striving for software independence. If we had a
software independence system as defined by NIST, then it
wouldn't really matter if the software was that secure, and it
wouldn't really matter if the software was open or not, because
software independence means that you are not depending on the
software for security.
So I don't want to sound like a broken record with respect
to paper, but right now I can't think of a system that provides
software independence that is not based on paper. I do think
there are such systems in the works, and I am a big fan of the
cryptographic systems that are being developed. I don't think
that they are ready to be deployed in any precincts right now,
but someday they will be.
Mr. Clay. Can you offer us an opinion on how the EAC could
alter the current accreditation and certification process in
order for it to become more transparent and reliable?
Mr. Rubin. I think that several things could happen. The
EAC could require what is known as red team testing of the
machines, which is different from the kind of testing them to a
standard, where you get security experts and software experts
to have a field day with these things in the lab and try to
break them and find out where the weaknesses are. I think that
is the best way to test security these days.
Mr. Clay. Thank you for that response.
Ms. Golden, as a final question, has the voting system
vendor community been receptive to the needs of the disabled
community? Are there adequate systems development efforts
underway to improve the accessibility of voting systems under
the new guidelines?
Ms. Golden. Since I am sitting right next to Mr. Groh, I
would never say no to that question, and in all fairness, the
vendor community has I think worked very, very hard on
accessibility.
I will say the progress has kind of been in fits and
starts, but some of that was very legitimate. First off, we
didn't have good accessibility standards until the VVSG came
out, which does provide a robust set of access standards that
they could actually build to.
In terms of accessibility, this is similar at least to
architectural access. Until we had good architectural access
standards that said door widths need to be X wide and slopes
need to be this kind of slope, and grab rails need to go here,
people didn't know how to build something accessible, so part
of it had to do with standards.
Part of it, too, quite frankly, is the vendor community did
what seemed logical, which was they went to constituency groups
of people with disabilities and asked them what they wanted.
The classic example that I always give is a vendor who went to
a bunch of blind folks who were very competent technology
users. What they wanted is going to be very different from what
older blind people who are not very technology savvy are going
to want and need. So they built the system, and it did work
very, very well for blind people who were technology savvy. The
older blind population had a heck of a time figuring out a 10
key pad and a this and a that.
So some of it, too, was just not being familiar with the
disability community as a very diverse group of people. Someone
with ALS is very different from someone who is blind, who is
very different from someone with cerebral palsy. Knowing that
whole population, I think it has been a bit of a learning curve
for the vendor industry.
But yes, I would say they are very committed to it. I don't
think anybody doesn't want people with disabilities to have a
completely private independent vote.
Mr. Clay. So the issues relevant to the disabled community
are solvable by the industry, as long as they work together
with the disabled community?
Ms. Golden. Yes. And I think technologically, the solutions
are there. It is just going to take us some time and money to
get there, and a clear vision. Part of this has been too, we
are going to do electronic votes; no, we are going to go back
to paper. If we had been focused on paper all along, we might
have been a little further ahead in this game, but we have gone
back and forth. If paper is the game, then we just need to make
it accessible. We have a couple of big issues to solve, and
somebody just needs to get down to it, and solve it and be done
with it.
Mr. Clay. Thank you.
Thank you for your response. Let me thank the panel for
their response. I will allow anyone on the panel to make a
closing statement, if you have any.
Dr. Rubin, you may proceed.
Mr. Rubin. OK. There is one thing I didn't get to in my
opening remarks. I wanted to point out that DREs did break
ground in accessibility, but that the accessibility features
are not particular to DRE, and some of this has come out. I
think the same accessibility features can be obtained with op
scan using ballot marking machines and accessible verification
technologies. I agree that a lot of work needs to be done to
make that happen so it is usable in a precinct.
I want to point out that the security community is not
advocating compromising on accessibility, but rather preserving
accessibility, but adding security and audit.
Mr. Clay. Thank you for that.
Mr. Groh.
Mr. Groh. Yes. I would like to just close with a couple of
things. The Election Technology member companies, we believe we
are a stakeholder in this. The companies and all the employees
that are involved in this, our aim has been always in the
products that we build and the development we work with and the
interfaces we have, whether it is with Secretaries of State or
with the accessibility community, and that is a broad
community. There are many, many organizations, but it has been
to be responsive to all voters, the local election officials,
State and Federal Government, and kind of in that order.
We are also committed to providing safe, accurate, secure
and reliable, accessible voting systems, but we need to know
what that target is and we will build it. People are saying, if
you build this, we will buy it or we will come. So that is what
we want, and we need those definable solutions.
The closing pieces would be you need to allow the time to
do this. That has been, if I can say there is one root cause of
many of the issues that we are dealing with today, we have
never given it enough time to allow everybody to get to the
table and hash and debate this out. There are many good ideas
that can come out of that discussion, but we have always tried
to do that in about a 2 month or 3 month window of time. It is
not enough time.
The other one is to encourage you to make sure you consider
funding responsiveness on this, because the No. 1 competitor
that I have experience being in this business since 1995, was
not another competitor. It was the local election official
saying, I don't have enough money. They knew they wanted better
election equipment, but they had a school or a library or a
road that needed to be done.
HAVA allowed us to make a huge leap forward. Let's not
throw that all away, but if we are going to spend the next
round of money, let's do it very, very appropriately. We don't
need to rush to the finish line on this one.
Mr. Clay. Thank you so much, Mr. Groh.
Dr. Golden.
Ms. Golden. Since everybody else did something, of course I
can't be outdone. I might as well.
Mr. Clay. You might as well. Please do.
Ms. Golden. Just a couple of quick points.
One is to followup on a question you asked earlier about
the Technical Guidelines Development Committee, and
representation of accessibility interests. I talked with
Commissioner Hillman a little bit after the closing of the
first round. The disability community I think as a whole does
have a bit of a concern with the degree to which accessibility
interests are being discussed as part of the Technical
Guidelines Development Committee. They are working on the next
iteration of the VVSG, and yet again we are finding that
security interests are trampling accessibility, for lack of a
better way of describing it, and no one is at the table saying,
wait a minute; I am not telling you not to do this, but if you
do ``A,'' you have again diminished accessibility.
The accessibility community just seems to always be playing
catch-up behind the game. The train seems to be driven by the
security issues, and it is always the afterthought, oh, oops,
you mean if we require not only software independence, but
hardware independence, then we also have caused another
accessibility problem. Yes. So that continues to be a concern.
And the second issue has to do with the testing facilities
and labs. The EAC has a new process, much more rigorous. We
have not seen the outputs of that process yet, but in terms of
accessibility, I guess I am fearful again that we are not going
to be adequately represented in terms of the skills and
expertise in those labs.
What I saw in the first round of conformance to the FEC
2002 access standards, I would get a report, worked with
Secretary of State Carnahan and our group. Missouri does
certify equipment, in addition to national certification. When
we looked at the equipment, I would see the testing lab report
and it would say this piece of equipment conformed to this
access standard, and yet I could tell it didn't. The vendor
could tell it didn't. And yet, the certification statement
said, yes, it conformed.
So I am fearful, or at least I would like to hope that we
have more expertise involved in judging conformance and
evaluating conformance to the access standards. They are highly
technical. You have to know something about people with
disabilities and accessibility if you are going to judge
conformance to those standards. I don't know enough about those
labs to know if they have that kind of expertise or not, quite
frankly.
Mr. Clay. Thank you for that.
Let me thank this panel, and the previous panel, for their
expert testimony today on such an important subject to this
committee, to this Congress, and to the American public, so
that they can have confidence in their vote and ensure that it
is counted accurately, and that they can have a better
understanding of the electronic voting systems that each State
administers.
So I want to say thank you to this panel and the previous
panel for their testimony.
Without objection, the committee stands adjourned.
Thank you.
[Whereupon, at 5:55 p.m. the subcommittee was adjourned.]
�