Elections

The Help America Vote Act of 2002 established the Election Assistance Commission (EAC) to help improve state and local administration of federal elections and authorized funding for state and local governments to expand their use of electronic voting systems. EAC began operations in January 2004. However, reported problems with electronic voting systems have led to questions about the security and reliability of these systems. GAO was requested to (1) determine the significant security and reliability concerns identified about electronic voting systems, (2) identify recommended practices relevant to ensuring the security and reliability of these systems, and (3) describe actions taken or planned to improve their security and reliability.

While electronic voting systems hold promise for improving the election process, numerous entities have raised concerns about their security and reliability, citing instances of weak security controls, system design flaws, inadequate system version control, inadequate security testing, incorrect system configuration, poor security management, and vague or incomplete voting system standards. It is important to note that many of these concerns were based on specific system makes and models or a specific jurisdiction's election, and there is no consensus among election officials and other experts on their pervasiveness. Nevertheless, some have caused problems in elections and therefore merit attention. Federal organizations and nongovernmental groups have issued both election-specific recommended practices for improving the voting process and more general guidance intended to help organizations manage information systems' security and reliability. These recommended practices and guidelines (applicable throughout the voting system life cycle) include having vendors build security controls and audit trails into their systems during development, and having election officials specify security requirements when acquiring systems. Other suggested practices include testing and certifying systems against national voting system standards. The federal government has begun efforts intended to improve life cycle management of electronic voting systems and thereby improve their security and reliability. Specifically, EAC has led efforts to (1) draft changes to existing federal voluntary standards for voting systems, including provisions addressing security and reliability; (2) develop a process for certifying voting systems; (3) establish a program to accredit independent laboratories to test electronic voting systems; and (4) develop a library and clearinghouse for information on state and local elections and systems. However, these actions are unlikely to have a significant effect in the 2006 federal election cycle because important changes to the voting standards have not yet been completed, the system certification and laboratory accreditation programs are still in development, and a system software library has not been updated or improved since the 2004 election. Further, EAC has not consistently defined specific tasks, processes, and time frames for completing these activities; as a result, it is unclear when their results will be available to assist state and local election officials.

Recommendations

Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.

Director: Team: Phone: