GAO questions progress on e-voting standards

IDG News Service - Questions about the security and accuracy of electronic voting systems are likely to continue into the 2006 national elections, because the U.S. government has not yet completed work on electronic voting guidelines, according to a new government report.
With lingering concerns about the security of e-voting systems, the U.S. Election Assistance Commission (EAC) needs to define security policies and set up a machine-certification program to help state and local election officials use e-voting equipment, according to a report issued Friday by the U.S. Government Accountability Office (GAO).
"Until these efforts are completed, there is a risk that many state and local jurisdictions will rely on voting systems that were not developed, acquired, tested, operated or managed in accordance with rigorous security and reliability standards -- potentially affecting the reliability of future elections and voter confidence in the accuracy of the vote count," the GAO report said.
The EAC, established with the Help America Vote Act passed by Congress in 2002, is working on several initiatives to help state and local governments improve their management of e-voting systems, the GAO said. The EAC is working on security and reliability standards and on programs to certify voting machines and accredit independent laboratories to test e-voting systems, the GAO said. But those efforts aren't finished and are "unlikely to have a significant effect in the 2006 federal election cycle," the report said.
The EAC "significantly expanded" the security system of proposed voluntary voting system guidelines, the EAC said in response to the GAO report. Those guidelines include a requirement that e-voting machine vendors submit software to the National Software Reference Library, a software repository with which voting officials could examine software for exploits.
"GAO asserted that electronic voting systems must be secure and reliable, and EAC agrees," the EAC statement said. "Security has always been a top priority at EAC, and we have already made significant progress on GAO's recommendations."
The EAC and the National Institute of Standards and Technology (NIST) are developing a vulnerability analysis of e-voting systems, the statement said.
The EAC also questioned the GAO's reference to security and reliability questions about e-voting systems. The GAO report talks about security and reliability problems experienced, but it "does not provide a context of the pervasiveness or relative obscurity of these issues," the EAC wrote in a letter signed by EAC Chairwoman Gracia Hillman and Vice Chairman Paul DeGregorio.
The GAO report relies on documents produced by other people, but the agency didn't substantiate those reports of security and reliability problems, the