Author: Ed Smith
The US Election Assistance Commission (EAC) started accepting voting systems for federal certification in 2007. In its earliest days, the EAC Testing and Certification process placed few barriers to submitting an application for certification and obtaining approval of that application. Some years ago, the EAC took steps to ensure that systems were ready for test before approving the associated application, and EAC staff continue to tighten the requirements for entry into certification testing. The recently adopted Voluntary Voting System Guidelines (VVSG) 2.0 and updates to the Testing and Certification Program Manual require still more up-front work by technology providers prior to application – and that’s a good thing. It will go a long way toward improving the quality of voting systems and, ultimately, election integrity.
I’ve spoken before about the concept of “baking in” positive system attributes rather than “bolting on” those attributes after the design and development process. System attributes such as accessibility, usability, auditability, reliability and other “-ilities” must be considered early in the design process and become a pillar of the thought processes that lead to that first-iteration prototype.
Baked in “-ilities,” as a rule, lead to better performing systems. The Testing and Certification Manual contains the Test Readiness Review (TRR) process. The TRR has been in place for a few years and sets a reasonable bar for entry into certification testing. The candidate voting system has to pass through three hurdles:
- Mock Election – the testing laboratory must be able to run a small election on the system as presented for test.
- Review of the Technical Data Package – the voluminous documentation that accompanies the system hardware and software is checked for completeness.
- Review of the source code – the stringent requirements for code maintainability and readability, proper use of programming languages, and code construction are audited across the entire voting system.
The TRR process is further evolved in the latest version of the Program Manual and now requires a system security penetration test. The addition of penetration testing will add further confidence in system security and allow the system provider to prove that they “baked in” security in the design process, rather than relying on the test lab or other downstream parties to find security flaws.
Only after successful completion of the TRR and additional requirements is the system application considered complete. The EAC then renders a decision regarding whether to accept the system into test.
Finally, the newly adopted VVSG 2.0 puts user-centered design front and center in the process. It uses ISO standards as the basis for the requirements and mandates a report in the system’s documentation on how the design teams incorporated ISO principles. This significant enhancement to VVSG will lead to voting systems that are more friendly to all, including groups that are often disaffected:
- Those with language limitations
- Those with physical disabilities
- Those with cognitive disabilities
- Those with learning limitations
User centered design will also benefit election workers tasked with setting up, operating, reporting precinct results, and taking down the voting equipment.
While these enhanced requirements of VVSG 2.0 and the Testing and Certification Program Manual may be daunting to some, Smartmatic welcomes these changes. We contributed to their development through the Public Working Groups and subsequent Public Comment period and were glad to do so. Why? Because we have been working to these kinds of standards for a long time. We’ve long known their value to election officials. I know firsthand because I’ve been part of it, and other Smartmatic experts in compliance, testing, and certification have successfully certified voting systems in many countries.
Even though elections worldwide are becoming more secure with the adoption of technology through means such as the electronic and paper records for each ballot cast, the public view of election security diminished in 2020. Working to restore belief and confidence in elections and election outcomes needs to be everyone’s goal for 2021 and beyond.
About the author
Ed Smith is Smartmatic’s Director of Global Services and Certification in North America. He oversees all election support functions including equipment provision and compliance, technology deployment, training and supply chain logistics. Ed represents Smartmatic on the Elections Infrastructure Sector Coordinating Council of the Department of Homeland Security. With more than 80 state and federal voting system certifications to his credit, Ed is regarded as an expert in system certification, compliance and security.