This secrecy works against voting integrity. Test labs, after all, are charged with determining whether voting systems satisfy standards, all of which are public. Test plans simply put the rubber to the road, and the system benefits by having a common understanding of what kinds of tests are sufficiently rigorous. Keeping this information secret only protects labs with lax procedures. Greater transparency, on the other hand, would encourage all test labs to develop more rigorous procedures.
Where to go from here? The EAC must begin by disclosing to Congress and the public the information that led it to leave Ciber out of the testing process. Going forward, Congress should ensure that the EAC re-examines the parts of its testing and certification policy that protect sloppy testing practices. Publishing all test plans — whether approved or not — is a place to start. In addition, the EAC should publish all test reports, which summarize the labs’ findings after testing. Publishing test reports only for certified systems will leave everyone other than the manufacturers, the labs and the EAC guessing about what kinds of defects make a voting system unacceptable for use in elections.
It is exceedingly important to clear up the past and allow more public review in the future. Many states rely on federal certification and need to know what this mark of approval means and that it can be relied upon. Also, partly in response to a lack of information about federal testing, some states have established their own testing programs. A world of multiple certification programs driven by a lack of trust in the federal system is inefficient and extremely costly to the states, which already are strapped for funds to run elections. The EAC controls the information about federal testing and thus bears the burden of demonstrating it is thorough and rigorous. The EAC shouldn’t make states pay the price for its failure to meet this burden.
It is regrettable that the EAC announced its new testing and certification policy while keeping secret its refusal to accredit Ciber. If the de-accreditation of Ciber had been public knowledge, there would have been pressure on the EAC to strengthen its policy to prevent a repeat of this event. Instead, the EAC withheld important information that would have shaped the public’s and election officials’ views of the adequacy of its policy. The EAC has the power to set the record straight and to change its policy. Congress should ensure that this happens. Secrecy isn’t working for the EAC or democracy — and there is no reason to think it will in the future.
Aaron Burstein is a research fellow in the Samuelson Law, Technology & Public Policy Clinic and Berkeley Center for Technology at the University of California at Berkeley School of Law. Joseph Lorenzo Hall is a Ph.D. candidate in the School of Information at the University of California at Berkeley. Both authors receive funding from the National Science Foundation through ACCURATE (A Center for Correct, Usable, Reliable, Auditable, and Transparent Elections, funded by the National Science Foundation).