By Patrick Colbeck
Attempts to access and analyze electronic voting system equipment are routinely blocked by bureaucrats, vendors, and lawyers stating that such actions can only be undertaken by an Election Assistance Commission (EAC) accredited organization.
At present, there are only 2 organizations accredited by the EAC.
How does one become an accredited organization? It is outlined clearly in the EAC Voting System Test Laboratory Program Manual (See below).
According to the Voting System Test Laboratory Program Manual, there are two methods:
- NIST Recommendation
- Emergency EAC Accreditation without NIST Recommendation
It is the classic case of “it’s not what you know, but who you know”. Clearly, one must have an associate at the NIST in order to be considered for EAC accreditation. Technical expertise does not appear to be a determining factor.
NOTE: The NIST is the same organization which is responsible for leaving the “key under the mat” for hackers interested in subverting our electronic voting systems.
In addition to the lack of merit-based criteria for EAC certification, am I the only one concerned that the gatekeeper for the security of our election systems continues to violate rudimentary best practices regarding information security?
This leads me to conclude that EAC certification is nothing but a good ole boys club where the motto is “if you scratch my back, I’ll scratch yours”. Yet, to this day, EAC certification continues to be used bureaucrats, vendors and lawyers as a condition for accessing and analyzing electronic voting systems.