Your browser does not appear to support Javascript, please update your browser or contact your system administrator to enable Javascript on your Internet browser. Thank you. Dr. Kevin Chung: Followup Answers to Questions Posed by EAC - 05/05/04 — U.S. Election Assistance Commission
Skip to content

U.S. Election Assistance Commission

Personal tools
You are here: Home News Center Public Meetings and Hearings 05/05/04 - Public Hearing Dr. Kevin Chung: Followup Answers to Questions Posed by EAC - 05/05/04
Navigation

 
Document Actions

Dr. Kevin Chung: Followup Answers to Questions Posed by EAC - 05/05/04

ANSWER FROM AVANTE TO THE QUESTIONS RAISED BY THE EAC

Kevin Chung, Ph.D. CEO

AVANTE International Technology, Inc.

www.vote-trakker.com Tel: 609-799-8896

 

On the Experience and Suggestion of the ITA Certification Process:


The following are AVANTE’S experiences:

  1. ITA labs performed testing as best as they knew and as they interpreted the FEC standards.
  2. The Integrity of both testing labs that we worked with Wyle and Ciber are impeccable. (We have not dealt with Systest.)
  3. However, we believe their tasks are sometimes unnecessarily interfered with from the current NASED board. The following are some of the cases in points.


ON THE “UNALTERABLE” COUNTERS:

  • 1990 FEC standard call for 2 “unalterable counters”. None of the DRE voting machines that we are aware of have these features (before AVANTE VOTE-TRAKKER was tested). In fact, almost all of them have “software counter”. Software counters are “alterable”.
  • Yet, systems with only software counters all passed under the 1990 standard.
  • I am quite sure Wyle would have caught this. They must have asked the board for guidance. The board must chosen to ignore this non-compliance or given them guidance that differs from what is written.
  • Since then, 2002 FEC standards dropped this requirement totally from the specification. SYSTEST even asked for clarification based on their knowledge on 1990 FEC standards.
  • AVANTE believes these requirements are necessary to have to ensure there are duplicate separate physical records made by polling officials on the total ballots cast in each voting unit.


ON THE REMOVAL OF VOTER CONFIRMATION OF PAPER RECORD FROM THE 2002 STANDARD THAT CHAIRMAN SOARIES ASKED:

  • I am related this story for the benefit of your consideration.

When AVANTE was attending 2002 Election Center summer meeting in New Orleans, a distasteful thing happened to us. During this meeting the final FEC 2002 standards were supposedly to be finalized.

  • A consultant (or so he claimed) that was hired by the NASED board to write the standard came several times keep insisting that the AVANTE paper record system is illegal?
  • I have questioned this “illegal” claim to Peggy Sims (one of the treasure in the FEC staff) at the time.
  • Then, one of the board members (out of kindness, name is withheld) came over to warn us that we have to be more careful in how we are presenting the paper record audit trail. “There are several members “plotting” against you guys” (paraphrasing).
  • The result is that “CONFIRMABLE PAPER AUDIT TRAIL” specification disappeared from the 2002 standards.
  • I am sure most of the NASED certification members have integrity. That may be why AVANTE did not suffer more time delays. In fact, we suspect the integrity of ITA and FEC staff may have some influence on our relatively safe harbor so far.


ON THE AVANTE 2002 STANDARD CERTIFICATION:

  • AVANTE had designed its newer model (AVANTE VOTE-TRAKKER EVC308-SPR) and software early to satisfy some of the more stringent requirements such as “contrast”, “font size”, etc. even though the standard is not as clear as it ought to be.
  • The testing had been finished at least half a year ago. But there were “INDECISION” as exactly how to interpret the specifications.
  • Again, both laboratories had finished testing. Ciber with the permission from Wyle has issued their reports based on 2002 standard for NASED board certification.
  • Wyle kept delaying the decision. I can imagine that Wyle is waiting for clarification from the board.
  • Then in April, we were given more definite guidelines to follow as how the board is interpreting the “contrast issue” and how the “adjusting” of font and contrast must be made and when. We are to modify to what is now the standard that Wyle must follow.
  • The early and earnest effort of AVANTE in trying to get some sales and marketing advantage by working hard and smart to certify its products is of course totally defeated.
  • Normally, if the standard is not clear, the minimum requirements should be used. The judgment of what constitutes the minimum should be left to the testing laboratory.
  • Instead, the ITA has to wait for clarification even after testing all of the features that AVANTE interpreted the best as we could as written.
  • It left us wondering whether the delay is to help our competitors to catch up with us!

RECOMMENDATION AND SUGGESTION:

  • I believe NASED board authority should be immediately transferred to the EAC under the HAVA requirement.
  • I have high confidence in the integrity of the current FEC staff and their ability. I understand there are only a few staff members involved and their time must be limited.
  • The ITA as we know them are trustworthy. They have integrity. All they need is clear specification and guideline.
  • The guideline and new specifications, if any, should come from NIST working under EAC supervision.
  • If a new team in NIST is set up to review the voting standard, the names of the team members may be best kept “blind” so that they will not be influenced by vendors.
  • Any questions on the standard or suggestion may be funneled through an interface with the current EAC staff members that have been dealing with vendors.
  • All suggestions or requests should be made in writing so that undue influence can be traced.


ON THE STATE CERTIFICATIONS:

There are issues with the State certification of some states. The following are some of what we encountered.

  • 80-90% of the State certifications are made with good protocols. But there are some that are very questionable.
  • State certification should be straightly based on ensuring compliance with the State election law only.
  • If modification is needed on the ITA certified version of software, it should be documented as temporary certification even if tested by the State election staff. They may not be used until modifications are tested and certified by ITA again.
  • There should not be requirements for changes of any other kind other than to comply with the State law. It should be up to the market to decide whether that system can sell in that State. For example, we have been asked by election officials to change interfaces, appearance and weight of the device, etc.
  • We have experienced from PA a delay of decision for as long as one year after testing.
  • I know some of these “political” influences are out of the jurisdiction of EAC. They are merely offered as something for all of us to ponder.
  • In the case of California, the testing director that reviewed our designed and source codes joined a competitor company even before our certification is finished.
  • Perhaps EAC can issue some “BEST PRACTICE GUIDELINES” on State certification.


COMMENTS ON COTS WITH OR WITHOUT CERTIFICATIONS:

  1. COTS should be straightly COTS. Whether the change is software, hardware, driver, operating system or database related.
  2. Any changes should be documented and tested by ITA. Obviously, there will be different level of testing that should be exercised. For example:
  • Minor hardware fittings and configurations need little more than safety and functional testing.
  • Additions operating exterior to the hardware, driver and operating system may also requires lower level testing. They may include testing such as functional testing, source code review, etc.
  • Any OPERATING system modifications of any kind must be reviewed and tested much more carefully. May be they should not be considered as COTS anymore.


COMMENTS ON OPEN AND CLOSE SOURCE:

AVANTE has detailed opinion in this area. Please refer to previously attached “white paper” “Is open source or software electronic verification a solution for secured e-voting.”

  1. We believe establishing a scientific “brain trust” working with or under NIST is a better solution than total open source today.
  2. This “brain trust” may focus on software security and their management. Much similar to CMM level. They can be either one or multiple levels depending on the wisdom.

The reasons for this argument rather than total open source are:

    • Currently, there are limited control or testing capability at local levels to see if any software has been changed from the ITA version.
    • In fact, time and again, vendors changed software even up to the time of election. There is no apparent penalty ever imposed. Of course, it will also be equally possible for capable technical person in the jurisdiction to do the same.
    • Open source under this condition can only provide a greater possibility for insiders to tamper with the systems. The traceability to change is also totally lost.

Rev. B May 7, 2004

Kevin Chung, AVANTE International Technology, Inc.