NIST to Certify Voting Machine Security, Standards

The EAC and NIST are working together to create the standards against which voting products are judged.

WASHINGTON—The U.S. Election Assistance Commission, the little-known agency that controls how national elections are held in the United States, is enlisting the help of the National Institute of Standards and Technology in making sure electronic voting machines meet federal standards.

According to EAC Voting Systems Certification Director Brian Hancock, all voting machines to be used in federal elections must meet certification requirements for the specific election in which theyre being used.

For this reason, the EAC requires vendors of electronic voting machines to show that they meet the required standards by having their products tested by private labs, and having the results verified by NIST.

The EAC and NIST are working together to create the standards against which voting products are judged.

"NIST will address security and wireless access," Hancock noted. He said that focus will be in addition to the standards already in place on usability, performance, accessibility, etc.

Hancock said that manufacturers of machines that dont meet federal standards could have what he called the "ultimate sanction" placed against them.

"This includes decertification," he said. If a manufacturer or its machines have been decertified, they cannot be used in elections in the United States, he added.

The EAC is requiring that electronic voting machines be certified for security, so that tampering, vote rigging or other types of election tampering cannot take place.

However, he noted that attacks on the voting process havent surfaced.

"There has never been an attempt to hack into a voting machine on Election Day," Hancock said.

/zimages/4/28571.gifClick here to read more about voting machine certification.

Hancock said that the EAC studied the FCCs certification process and decided to use as much as they could from that program.

"We pulled some of their concepts," Hancock noted. Hancock made his comments during a hearing on Oct. 26 at the commissions headquarters here.

The tests being developed by NIST and performed by private test labs will be as transparent as possible, Hancock said.

The law requiring the voting machine certification also requires that the test results be posted on the Commissions Web site.

However, Ian Piper, representing the Election Technology Council of the Information Technology Association of America, expressed concern that such posting might reveal trade secrets.

He also said that the commission needs to work to reduce the required frequency of the tests, and requirements for duplicate tests.

He called for uniform test standards throughout the United States. Piper is also director of compliance for Diebold Election Systems.

The company is a division of Diebold, which is the leading maker of automatic teller machines.

Piper said that constantly changing requirements, inconsistencies in testing standards and wide ranging differences in test requirements between state and federal elections are doing a lot to slow down delivery of electronic voting machines.

In any case, electronic voting is certain to play a major role in the upcoming election.

Commission chairman Paul DeGregorio said that over a third of all voters in the United States will be voting electronically this year. He noted that it was the biggest such change in history.

/zimages/4/28571.gifCheck out eWEEK.coms for the latest news, views and analysis of technologys impact on government and politics.

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...