Home » Uncategorized

U.S. firm engaged by COMELEC for source code review has tainted record

3 May 2010 No Comment

February 22, 2010

 

 

The U.S. firm employed by the Commission on Elections to certify the Automated Election System to be used in the May 2010 national elections has a tainted track record in reviewing election systems.

This was pointed out by ACT TEACHERS Partylist president Antonio Tinio in a press statement today.

On February 9, 2010, COMELEC announced that SysTest Labs of Denver, Colorado has completed its review of the source code and has certified it for use in the upcoming elections.

According to its website (http://www.systest. com/), SysTest Labs, Incorporated is an internationally- accredited “quality assurance and software performance testing company.” Last October 2009, COMELEC, through Resolution No. 8677, awarded SysTest Labs a Php 70 million contract to conduct the testing and certification, including the legally-mandated source code review, of the Automated Election System.

“Source code review is critical because this is the only way the public can be assured that the voting machines to be used in May can be trusted—meaning they are accurately counting the actual votes cast by voters,” explained Tinio. He explained that the source code refers to the human-readable instructions to be executed by the electroniccounting machines that will be used to count votes in the upcoming elections.

Tinio cited Section 12 of Republic Act 9369, the poll automation law, which requires the COMELEC to make the source code of the computer programs to be used in the May 2010 elections to be made available to the public for review. Section 14 states: “Once an AES technology is selected for implementation, the Commission shall promptly make the source code of that technology available and open to any interested political party or groups which may conduct their own review thereof.”

However, the COMELEC is under heavy fire for restricting access to the software source code to be used by Smartmatic-TIM. Smartmatic is the Venezuelan firm contracted by COMELEC to implement poll automation. “Instead of making the source code available to any interested party for review, COMELEC chose to engage SysTest Labs as an independent, third party reviewer, who will have complete and exclusive access to Smartmatic’s source code. This is a blatant violation of the law,” said Tinio. “What makes it worse is that the firm chosen by COMELEC has a tainted track record as a reviewer of automated election systems.”

Accreditation suspended by US federal government

Tinio pointed out that in October 2008, the US federal government suspended its accreditation of SysTest Labs as one of five independent laboratories that could conduct testing and certification of electronic voting systems to be used in US elections. The US National Institute of Standards and Technology suspended its accreditation after it observed SysTest Lab’s “lack of properly documented and validated test methods,” “testing conducted by unqualified or untrained personnel,” and “improper assurances made to manufacturers regarding testing outcomes.” [i]

“The US federal government was concerned not only that SysTest Labs did not have the technical competence to review electronic voting systems. What’s worse, it raised questions about the company’s ethics,” said Tinio.

Tinio noted that the US Election Assistance Commisison investigated SysTest Labs for allowing one of its clients, the manufacturer and vendor ES&S (Election Systems and Software), to unduly influence its certification procedures. “EAC has concerns that SysTest is allowing and inviting manufacturers to play an inappropriate role in the development of test plans.” Furthermore, “it is not appropriate for a manufacturer to be directly involved in creating plans for testing their own systems.” The EAC also chided SysTest labs for making “an inappropriate promise of certification” to the manufacturer.[ii]

“In other words, the US federal government was concerned that SysTest Labs was rigging its certification process in behalf of ES&S,” said Tinio. He noted that ES&S iVotronics touch screen electronic voting system certified by SysTest Labs has been cited in a number of electoral controversies, including statewide and local elections inFlorida in 2006.[iii]

As a fallout from the suspension of its accreditation, in January 2009, another election services vendor, Premier Election Solutions (formerly Diebold), sued SysTest Labs in a US Federal Court for fraud, fraudulent inducement, breach of contract, unjust enrichment, conversion and deception. Premier claimed that SysTest Lab’s substandard procedures wreaked havoc on its business.[iv]

Tinio noted that Smartmatic has had a long-standing relationship with SysTest Labs. Its Smartmatic Auditable Election System (SAES) 1800 Precinct Tabulator, which will be deployed in over 70,000 precincts for election day, was certified as “over 99.99999%” accurate. “But the certification comes from SysTest Labs, possibly in accordance with the shoddy procedures criticized by the US federal government.”[v]

Tinio added that the US federal government subsequently reinstated its accreditation of SysTest Labs in March 2009 after the company made changes in compliance with the NIST’s standards. “SysTest was able to demonstrate through documentation and observations that they have corrected the nonconformities that lead to their suspension.”[vi]These included “major changes” in documentation of test methods, changes in personnel, and training in professional ethics for its staff.

Public source code review needed

Tinio reiterated the need for COMELEC to comply with the poll automation law by allowing interested parties to conduct their own source code review. “ACT TEACHERS Partylist join other parties, concerned citizens’ groups and individuals in denouncing COMELEC’s continuing refusal to comply with the provisions of the poll automation law. With less than 90 days to go before election day, all that it is offering is a sham review, a so-called walk-through of the source code under the supervision of Smartmatic.”

“Given SysTest Lab’s less than sterling track record, its history of unethical conduct partnerships with the clients that it certifies, opening up the source code for public review becomes all the more necessary. This is the only way that the public will be assured of that the Automated Election System will deliver credible results,” concluded Tinio. #

[i] Letter of US Election Assistance Commission to SysTest Labs, October 29, 2008 and

Letter of National Institute of Standards and Technology to SysTest Labs, October 28, 2008. Available for download at the US Election Assistance Commission website,http://www.eac. gov/program- areas/voting- systems/docs/ eac-notice- of-intent- to-suspend- ltr-systest- final.pdf/ attachment_ download/ file.

[ii] Letter US Election Assistance Commission to SysTest Labs, July 25, 2008, with attached email correspondence between SysTest Labs and ES&S. Available for download at the US Election Assistance Commission website http://www.eac. gov/program- areas/voting- systems/docs/ accreditation- docs-7-22- 08-ltr-to- systest-labs- final.pdf/ attachment_ download/ file.

[iii] Susan Pynchon and Kitty Garber, “ Sarasota ’s Vanished Votes: An Investigation into the Cause of Uncounted Votes in the 2006 Congressional District 13 Race inSarasota County , Florida .” Florida Fair Elections Coalition, January 2008. Available for download at http://www.floridaf airelections. org/reports/ Vanishing_ Votes.pdf.

[iv] “Electronic Voting Manufacturer Claims Testing Lab’s Shoddy Work Wreaked Havoc.” Courthouse News Service, January 23, 2009. http://www.courthou senews.com/ 2009/01/23/ Electronic_ Voting_Manufactu rer_Claims_ Testing_Lab_ s_Shoddy_ Work_Wreaked_ Havoc.htm.

[v] “Technical Sheet SAES 1800 Precinct Tabulator.” http://www.smartmat ic.com/fileadmin /users/docs/ SAES/SAES1800_ technicalsheet_ v2.0.pdf. This states that the SAES 1800 is “tested to stringent accuracy levels of U.S. Federal 2005 VVSG Vol 1 and Vol 2 by Systest Labs, a certified federal testing lab.”

[vi]  Letter of National Institute of Standards and Technology to SysTest Labs, February 26, 2009  at   http://vote. nist.gov/ NVLAP/NVLAP- ReinstatingSysTe stAccreditation. htm; “EAC lifts suspension of SysTest’s accreditation,” http://www.eac. gov/blog- postings/ eac-accepts- systest-lab.

 

Comments are closed.