Last Friday, Secretary of State Bruce McPherson announced he has certified several pieces of Diebold equipment, includng the TSX touchscreen voting machine with a voter-verified paper audit trail printer attachment. The certification came with a number of conditions, which are more fully discussed in this report issued by members of the Secretary of State's Voting Systems Technology Assessment Advisory Board (VSTAAB). The Secretary of State has also made public this letter to Diebold, and the certification document, which outlines the conditions under which the equipment may be used in California.
The certification is controversial because it has come after a security flaw was identified by Harri Hursti, who demonstrated how Diebold's code could be exploited to alter vote totals without leaving any trace of the attack. The VSTAAB members discussed this in their report, which concluded that these known security risks could be addressed through tighter procedures, which are reflected in the certification conditions.
Coverage of the certification was featured in this article by Kevin Yamamura in Saturday's Sacramento Bee and this Oakland Tribune article by Ian Hoffman, excerpts from which are featured below.
After almost three years, Diebold Election Systems won approval Friday to sell its latest voting machines in California, despite findings by computer scientists that the software inside is probably illegal and has security holes found in earlier Diebold products.
The scientists advised Secretary of State Bruce McPherson last week that those risks were "manageable" and could be "mitigated" by tightening security around Diebold's voting machines.
McPherson gave conditional approval to Diebold's latest touch-screen voting machines and optical scanners Friday, while his staff ordered the McKinney, Texas-based company to get rid of the security holes as quickly as possible.
In a statement, McPherson said, "after rigorous scrutiny, I have determined that these Diebold systems can be used for the 2006 elections."
The decision is likely to set off a buying spree for as many as 21 counties, more than a third of the state, as local elections officials rush to acquire one ofonly two voting systems approved for use in the 2006 elections. Registrars and clerks prefer having voting systems for at least six months before conducting a statewide primary like the one in June, partly because it is California's most complicated and error-prone type of election.
McPherson's approval comes just in time for San Diego County, which bought the new machines in 2003, used them once in 2004, then saw the state's approval withdrawn. The county has been warehousing 10,000 Diebold AccuVote TSx touch-screens for more than two years and withholding its $35 million payment to Diebold until approval. Now, with an election set for early April to replace Rep. Duke Cunningham, San Diego can use those machines. In June, so could San Joaquin County, which also bought and has been storing the new touchscreens trusting on approval.
Sen. Debra Bowen, who chairs the Senate elections committee and is running for the Democratic nomination to challenge McPherson as secretary of state, criticized the approval as contrary to state and federal law.
Part of the software running in Diebold's touch-screens and optical scanners is what computer scientists call "interpreted code" that is loaded by memory cards or PC cards just before an election. That changes the software that private testing labs and states had tested and approved, and for that reason interpreted code is prohibited by federal 2002 voting system standards.
McPherson found that private laboratories charged with testing Diebold's machines for compliance with the federal standards never examined the interpreted code and ordered Diebold back into lab testing. At the same time, he asked a team of scientific advisers from Lawrence Livermore National Laboratory, the University of California, Berkeley and UC Davis, to study the interpreted code and report back. The panel included computer scientists who have been skeptical, even critical of electronic voting systems, such as David Jefferson, Matt Bishop and David Wagner.
The scientists recommended counties change the encryption keys on all Diebold touch-screens and maintain tighter controls over the memory cards and PC cards, for example by requiring two people be present whenever the cards are moved or their contents changed. Serial numbers for the cards and the tamper-proof seals to lock them into the voting machines will have to be logged by elections officials at each polling place.
McPherson adopted those recommendations in certifying the Diebold machines for the June and November statewide elections. His staff wrote Diebold Friday urging the company to fix the bugs in its software and eventually to get rid of the interpreted code entirely.