OSET Institute

View Original

California de-re-de-certification for voting machine use

There's a pretty regular stream of news about activities in the office of California Secretary of State Debra Bowen, de-certifying or re-certifying voting systems following the results of the state's top-to-bottom review. Rather than making an up to the minute comment, I thought it would be useful to re-visit what I think is one of the more notable past scenes in the on-going drama.

About half a year ago, the SoS office announced a return to use of some e-voting systems that had previously be de-certified as part of the top-to-bottom review. But there is a catch, or rather a boatload of catches - a number of requirements for the more secure operation of the device, plus a requirement for source code escrow, and an explicit stipulation of costs of these measures to be paid by the vendors.

It's just one example of escalating costs of being a vendor of proprietary closed systems for election automation. (I recently commented on an open-source-based cost savings in New York.) It's an interesting trend, and maybe correlated with the increase in somewhat belligerent behavior of a few of the vendors.

And I heartily recommend reading Ryan Paul's excellent posting that provided a good summary of the specific provisions - as well as a perspective on the fact that these newly re-certified systems still have the same security and quality issues previously identified. Are the new operational security requirements helpful? I think the real question is, if these requirements were helpful, how would we know? Six months later, I still don't think that there's a good answer.

EJS