Don the Federal and State certification processes make sure the machines are secure?
No. The NASED (National Association of State Election Directors, the organization that oversees certification to Federal requirements) and California state certification processes are considerably weaker than other accepted standards for the security of computer-based products. Security-critical systems for the Department of Defense, for example, must meet the more stringent standards overseen by National Institute of Standards and Technology (NIST), such as the International Standards Organization (ISO)’s Common Criteria. Many other computer vendors, such as health care, voluntarily apply the NIST standards to their products, but to date, no electronic voting system has been certified under the NIST programs. (Some may have received ISO 9000 certification, but this is largely meaningless in the context of security.) The Help America Vote Act requires NIST work to develop a real standard (the FEC recommendations are not a standard, and require adoption by the states, only 2/3 of which
