According to the Secretary of State, the decision comes after months of thorough review of both voting systems, their compliance with both state and federal laws and the completion of an additional security analysis by independent testers from computer labs at the University of California, Berkeley.
"As the State's chief elections official, the decision to certify voting systems is a very serious responsibility, and a number of factors must be carefully weighed before I determine whether to grant certification," said Secretary McPherson. "This is precisely why I created 10 strict standards that must be met for a voting system to be certified, making California's process the most stringent in the nation. We have applied these standards and after rigorous scrutiny, I have determined that these Diebold systems can be used for the 2006 elections."
San Diego is home to California's first federal election of 2006, a special congressional vacancy election to be held in April. The current voting system certification process was established by Secretary McPherson shortly after taking office in 2005. The certification process requires that each voting system or vendor meet 10 strict standards as conditions for use in the State's elections. The certification standards are designed to ensure that every voting system is secure, reliable and accurate for California's nearly 16 million voters.
Among the requirements, systems must: undergo a "volume test" to ensure the systems will withstand election day levels of activity, deposit a copy of the system source code and the binary executables with the Office of the Secretary of State, and establish a California County User Group to review the system and ensure voter usability.
After the completion of the federal and state certification requirements, as well as a complete and thorough review of the voting system components, Secretary McPherson requested that Diebold undergo an additional security analysis of the source code on the system's memory card. Computer scientists at the University of California, Berkeley laboratory conducted the additional security review of the memory card components for both systems. The independent reviewers concluded that while some of the code on the memory cards should be rewritten for an improved long-term solution, the problems identified are "manageable" and "the risks can be mitigated through appropriate use procedures."
In his certification of the systems, Secretary McPherson is mandating the additional use procedures from the independent reviewer's analysis to further bolster security and oversight of the use of these products. Counties wishing to use either the upgraded OS system or the upgraded, paper audit trail-retrofitted touch screen (TSX) system for elections in 2006 must comply with these requirements.
Diebold will be required to make all recommended long-term programming modifications contained in the report and submit the modified product to the Federal Independent Testing Authority (ITA) for requalification and state certification.
On December 20, 2005, Secretary McPherson requested that the ITA conduct an additional review of the Diebold systems. To date, that review is not yet complete. However, the additional security review conducted at the University of California, Berkeley addressed the identical issue that the federal testing authority was asked by this office to examine.
Currently, Diebold's OS is certified for use in 37 states including California, and the TSX is certified for use in 19 states including California. Eighteen of California's 58 counties used earlier versions of Diebold voting systems in the 2005 Special Election and in prior years. Both systems comply with federal and state laws.
More California voting system information.
California Holds Hearing on Open Source Software in Election Systems
