GAO: Tighten voting system standards
Among other shortcomings, existing guidelines do not address the use of commercial hardware and software products that are often used in voting systems.
The nation’s electronic voting systems are in need of comprehensive technology standards, according to a government auditor.In House testimony this week, Randolph Hite, director of information technology architecture and systems issues at the Government Accountability Office, called for the Election Assistance Commission to beef up standards for voting systems. The commission was established under the Help America Vote Act of 2002 to promote election reform.Hite cited some improvement in standards and noted that the commission’s Voluntary Voting System Guidelines address security gaps in previous standards. Those guidelines cover system requirements, performance characteristics, and test and evaluation criteria for national certification of voting systems.But the commission’s guidelines, which go into effect in December 2007, do not comprehensively address voting technology issues, Hite said. He added that the guidelines fail to address commercial hardware and software that may be used in voting systems with no modification.In addition, Hite pointed out that a number of state and local authorities aren’t using the current voting system benchmark –- a set of voluntary standards the Federal Election Commission devised in 1990 and revised in 2002. As of the 2006 general election, a substantial number of states and jurisdictions had yet to adopt those federal standards, he said.“The [Election Assistance Commission] needs to move swiftly to strengthen the voting system standards and the testing associated with enforcing them,” Hite said. “However, the EAC alone cannot ensure that electronic voting system challenges are effectively addressed. State and local governments must also do their parts.”Hite said the commission agreed with GAO’s recommendation but told the agency that it faces resource constraints that limit its ability to perform its duties.
NEXT STORY: NASCIO: Employees are biggest IT threat