The Small World of Voting Machine Certification

Tiny, understaffed federal agency and 2 private testing labs responsible for certification of nation's voting systems
November 20, 2020 Updated: November 23, 2020

News Analysis

The fallout of the Nov. 3 elections has put the spotlight on the integrity of electronic voting machines used in the United States. In response, authorities have pointed to certifications of the machines as a safeguard against potential systemic problems with the voting machines and their software.

A deeper look into the certification process used for the machines, however, reveals that the main certification agency in the United States—the federal Election Assistance Commission (EAC)—maintains an unexpectedly small staff, and one of its chief employees is a former executive of Dominion Voting Systems.

Furthermore, it appears the bulk—if not all—of the testing of the election equipment is conducted by only two companies, Pro V&V and SLI Compliance.

Electronic voting systems have become increasingly incorporated into the election process, raising concerns over their security, reliability, and accuracy in the process. Lightly-staffed federal agencies that appear to maintain overly close ties to the companies they are supposed to be monitoring raises additional questions about the thoroughness and integrity of the verification process.

Dominion Executive Joins Certification Commission

Kathy Boockvar, just two weeks after she was appointed as Pennsylvania’s secretary of the commonwealth, concluded in a Jan. 17, 2019, report (pdf) that Dominion’s “Democracy Suite 5.5A” voting machine “can be safely used by voters at elections,” and certified the Dominion voting systems in Pennsylvania.

Representing Dominion in that process was Jessica Bowers, director of certification for Dominion. In addition to Pennsylvania, Bowers appears to have been responsible for the implementation of Dominion systems into a number of other states, including California, Colorado, Nevada, and Tennessee.

However, after enjoying a 10-year career at Dominion, Bowers would find her way into a new career path at the federal Election Assistance Commission (EAC).

The EAC, which describes itself as “an independent bipartisan commission,” is responsible for adopting voluntary voting system guidelines and provides for the accreditation of manufacturers’ voting systems and voting system testing laboratories.

In May 2019, just as the agency was preparing for the 2020 election, it announced the departure of Ryan Macias, who had served as EAC’s acting director of testing and certification.

Macias’s position was an important one—he was responsible for managing EAC’s program that “works with the country’s top voting equipment vendors to certify and decertify voting system hardware and software, and accredits labs for testing equipment,” according to the website CyberScoop. Additionally, Macias had been overseeing an “important update to voting system security guidelines.”

On May 9, 2019, the EAC announced that they had selected Jerome Lovato, who had worked at the EAC since September 2017, to replace Macias. The resignation of Macias and the subsequent appointment of Lovato raised some concerns in Congress, as noted in a letter sent to the EAC by Sens. Amy Klobuchar (D-Minn.) and Chris Coons (D-Del.).

“Following the resignation of Ryan Macias, public reporting indicates that the EAC now employs only one full-time staff member dedicated to overseeing the certification process. While we understand that the Commission may be working to hire additional staff, we are concerned by the sudden appointment of Jerome Lovato to be the Director of Testing and Certification especially as reports indicating that Mr. Lovato will be working remotely, more than a thousand miles from EAC headquarters. As states continue to update their election equipment and vendors develop new machines, it is essential that Testing and Certification at the EAC be fully operational,” the senators wrote in their letter.

“Given the length of time the certification process can take, we are concerned that the EAC will not be able to certify the machines that states intend to use as part of their modernization efforts ahead of the 2020 elections.”

The concern over the EAC having only “one full-time staff member dedicated to overseeing the certification process” seems understandable, given the potential importance of that duty. The senators asked the EAC what actions they would be taking to shore up personnel ahead of the 2020 election.

That question was answered on May 21, 2019, with the announcement that the EAC was adding two individuals to its voting certification program—Bowers, recently the director of certification for Dominion and a 10-year veteran with the firm, and Paul Aumayr, a former Maryland election official.

An article describing the new hires noted, “It was not immediately clear how the EAC might mitigate any potential conflicts of interest that could arise with hiring Bowers, the former director of certification at Dominion Voting Systems, onto the EAC program.”

The EAC website describes Bowers as managing “voting system testing and certification projects as well as assisting the development of new Voluntary Voting System Guidelines” but fails to disclose any direct mention of her role at Dominion Voting Systems.

“Prior to joining the EAC, she was the Director of Certification for a voting system manufacturer and has worked in the election industry in software development and certification since 2008,” the website states.

Under EAC staff members, Bowers is listed as acting CIO/CISO, while Aumayr is listed as senior election technology specialist. Despite the important role the EAC plays in election integrity, they list only a total of 23 staff members, five executives (of which Lovato is one), and four commissioners. The EAC does have a large board of advisers comprised of 37 individuals.

Both Bowers and Aumayr appear to have hit the ground running as a July 9, 2019, update from the EAC Testing and Certification blog lists Aumayr as the project manager for Dominion Voting Systems’ “Democracy Suite 5.5B” and Clear Ballot’s “ClearVote 2.0” while Bowers is listed as the project manager for Election Systems & Software’s (ES&S) “EVS 6.1.0.0” and Unisyn Voting Solutions’ “OpenElect 2.1.”

All four of these companies are members of CISA’s Sector Coordinating Council, one of two councils that issued a recent Nov. 12 joint statement on the election, claiming it was the “most secure in American history.”

Only 2 Certified Testers of Election Equipment

On the EAC website, there are seven voting system test laboratories (VSTL) listed. However, only two of these testing labs, Pro V&V and SLI Compliance, are listed on the page as accredited, as the others are listed as having their accreditation expired.

From early 2017 on, these two companies are the only testing labs to have provided voting system certification, according to a listing of certifications by the EAC.

For one of the two companies used, Pro V&V, the EAC fails to publicly provide the accreditation certificate on its website, instead linking to a page giving a “page could not be found” warning.

The latest certificate listed for Pro V&V on the company’s profile overview on the EAC website has an issue date of Feb. 24, 2015, and is effective through Feb. 24, 2017. It’s unclear if the company’s accreditation is truly expired or if the fault lies with the EAC website.

Despite being responsible for the testing and data used in the certification of entire voting systems, including that of Dominion’s recently certified “Democracy Suite (D-Suite) 5.5-C Voting System (Pro V&V Test Report, June 16),” while simultaneously providing system testing across the nation, Pro V&V has only a single office listed, located in a business suite, that’s supported by a surprisingly crude and sparse website.

The website description of Pro V&V’s facilities omits the “Suite” portion of their address while claiming their “office and laboratory layouts allow ample space for test equipment, software, and hardware used in the testing process.” Their site also claims they have the option of expanding into additional space within the same complex.

Pro V&V, like Dominion Voting and Smartmatic, is a member of CISA’s Sector Coordinating Council, the same council that recently issued the joint statement on the 2020 presidential election. The other primary testing lab, SLI Compliance, also is a member of the same council.

In response to recent allegations of potential problems with the integrity of Dominion’s voting machines used in the Nov. 3 election, Pro V&V has been cited repeatedly as an authority in denying these allegations, including the recount in Georgia.

The Georgia Case

In July 2019, despite existing legal challenges, Georgia purchased a $106 million election system from Dominion. In a lawsuit that originated in 2017, critics contended that the new system was subject to many of the same security vulnerabilities as the one it was replacing.

The issue most recently came to a head after credible accusations emerged of problems with voting machines.

Sworn affidavits, filed as part of an emergency motion on Nov. 17, detail allegations by poll observers of potential election fraud. Among other things, the poll workers recounted similar instances of pristine ballots that had similar characteristics: “They were all for Biden and had the same perfect black bubble.”

However, on that same day, Georgia Secretary of State Brad Raffensperger issued a statement announcing the completion of the state’s voting machine audit, which claimed, “Pro V&V found no evidence of the machines being tampered.”

The statement was widely cited by media organizations and others as evidence that claims of problems with voting machines in Georgia were meritless.

A closer examination of the statement, however, indicates that the only thing Pro V&V did was extract “the software or firmware from the components to check that the only software or firmware on the components was certified for use by the Secretary of State’s office.”

The headline of the release appears to have been more important than the scope of the actual functions performed by Pro V&V.

In an Aug. 24 sworn declaration, Harri Hursti, an acknowledged expert on electronic voting security, provided a first-hand description of problems he observed with Georgia’s new voting systems during the June 9 statewide primary election and the runoff elections on Aug. 11.

Hursti told the court of a series of problems, including the fact that “the scanner and tabulation software settings being employed to determine which votes to count on hand-marked paper ballots are likely causing clearly intentioned votes not to be counted.”

Hursti also said that “the voting system is being operated in Fulton County in a manner that escalates the security risk to an extreme level,” and that “voters are not reviewing their BMD [Ballot Marking Devices] printed ballots, which causes BMD-generated results to be un-auditable due to the untrustworthy audit trail.”

Separately, during pre-election testing of Dominion’s voting systems in Georgia in late September, election officials discovered a problem with the display for the U.S. Senate race, finding that under certain circumstances, not all of the candidates’ names fit on a single screen.

Lawyers for Dominion called the problem a “very minor issue” easily fixed with changes to the software. Lawyers for “voting integrity activists,” already involved in lawsuits over Georgia’s new Dominion system, voiced concerns over “the severity of the problem and the security of a last-minute fix.”

Dominion submitted the software fix to Pro V&V, for evaluation. Notably, Pro V&V had just recently provided certification testing for Dominion’s Democracy Suite 5.5-C on April 20 and June 16, leading to the July 9, EAC certification but had not caught the software problem at the time.

On Oct. 1, a Zoom court hearing took place and a transcript of that hearing was created. During the call, a Dr. Coomer from Dominion joined the Zoom meeting. Although no first name was provided, it appears to refer to Dr. Eric Coomer, director of product strategy and security for Dominion Voting Systems.

Coomer told the court it was his belief the software change “was de minimis,” but stated that Dominion didn’t make that determination but instead “submit that change to an accredited laboratory, in this case, Pro V&V. They analyze the change. They look at the code. And they determine whether it is de minimis or not.”

Later during the hearing, Coomer was asked if he knew whom at Pro V&V was performing the software testing. Coomer said he didn’t and noted, “I don’t know the makeup of Pro V&V’s employees.”

This statement from Coomer strikes as somewhat odd given that only three employees of Pro V&V—Jack Cobb, Michael Walker, and Wendy Owens—have been located in reviewed documents. It was Owens and Walker who performed the Nov. 26, 2019, testing for the certification of Dominion Voting Systems Democracy Suite 5.5-A and it was these same two individuals who provided the April 13 and June 16 testing of Dominion’s Democracy Suite 5.5-C. Additionally, Pro V&V and Dominion are both members of the same CISA council.

Indeed, on Oct. 2, a letter from Wendy Owens of Pro V&V was sent, confirming “that this version of the ICX software corrected the issue with displaying of two column contests.” The letter concluded with a recommendation from Pro V&V that the software change to Dominion’s systems be “deemed as de minimis.”

On Oct. 3, a declaration from Dr. J. Alex Halderman was filed that refuted the procedures of Pro V&V’s testing, noting that the “report makes clear that Pro V&V performed only cursory testing of this new software. The company did not attempt to independently verify the cause of the ballot display problem, nor did it adequately verify that the changes are an effective solution. Pro V&V also appears to have made no effort to test whether the changes create new problems that impact the reliability, accuracy, or security of the BMD system.”

On Oct. 11, Judge Amy Totenberg issued a ruling (pdf) in the case, noting that “despite the profound issues raised by the Plaintiffs, the Court cannot jump off the legal edge and potentially trigger major disruption in the legally established state primary process.”

Although Totenberg ruled to allow the Dominion system to be used in the Nov. 3 election, she voiced real concerns, stating the “risks are neither hypothetical nor remote.”

She also noted that Cobb, the director of Pro V&V, “plainly indicated that he actually claims no specialized knowledge or background in cybersecurity engineering and did not himself perform any security risk analysis of the BMD [Ballot Marking Device] system.”

Instead, “State Defendants relied on Dr. Coomer’s testimony, to address—based on his professional experience—some of the significant cybersecurity issues raised by Plaintiffs.”