These comments are for me as an individual and as a Virginia registered voter and taxpayer. I have been regularly exposed to the operational aspects of the AVS WinVote platform since 2003. The vendor went out business in 2007.
Anyone with knowledge about the recent technical and security risk evaluation by VITA’s security contractor, and of the AVS WinVote system in general, and the total lack of vendor support for 8 years, should generally agree that the platform is at end of life and it is a candidate to be replaced. However, the key question for right now is what should the SBE do about this and when? While I cannot answer this for the SBE, I can provide some insights and considerations for the SBE to take into account.
Note that ALL of the risks and concerns that have recently been identified by the technical review have existed for over a decade. Even with all of the Federal compliance testing, and the previous Virginia state testing and certification – none of that failed to uncover any vulnerabilities in the hardware and software. SBE should not feel too bad – the other states that certified AVS WinVote also did not discover any of these issues. So most would agree that objectively this is not some new urgent crisis that demands immediate radical attention by the SBE as the only solution.
It is true that there have been no updates and operating system upgrades, etc. However, it is also true that AVS WinVote machines are not connected to the Internet, so in their stand-alone mode, many of the risks and vulnerabilities while on one level are legitimate issues to point out, they frankly are not directly relevant to the operation and use of the AVS WinVote system the way they are used by precincts in Virginia.
There are many redundant procedures and controls that local Registrars and Election Management Offices use each election to ensure smooth operation and integrity of the vote. Some of these are tailored around the various voting platforms, including AVS WinVote. In addition, the AVS voting system hardware and software itself has multiple redundant vote audit and control features both within memory and on the hard drive and on removable memory sticks. There is no evidence that anything recently discovered could be improperly utilized to alter the vote. And the multiple procedures and audit controls used by local election officials will also help ensure this.
If SBE/ELECT prohibits the platform right now it will of course clobber the dozen plus medium to large localities with town/primary elections in May/June. Even replacement by September to be ready for early voting for November 2015 elections is almost impossible to achieve now for any of the two dozen plus medium to large jurisdictions that depend on AVS. There is so much more to all of this than just the new voting machines. Other aspects of any replacement voting system include new hardware, new software, new election management system to set up ballots and administer the election and to collect the votes, install the new EMS in a walled off secure area only accessible by authorized elections personnel, acceptance testing, new training for all elections employees, ballot preparation for the next election (multiple different ballots for multiple precincts), new hardware and software to support HAVA and differently-abled voters, new training for all citizen poll workers, ballot preparation, employee training, election worker training, new election night vote collection and reporting process & procedures, new software license and hardware maintenance agreements, voting machine vendor technical support agreements (particularly for onsite support during initial production usage on election day & night, etc…).
SBE is encouraged to not make a decision that puts immediate pressure on multiple localities to jam in some new voting platform without taking the time to procure and implement it properly. If SBE instantly decertifies AVS WinVote, the decision will force these localities to go to paper ballots, or make them install a brand new platform in a haphazard manner with too many shortcuts. Both of those outcomes will cause chaos and confusion and a poor voter experience.
For this registered voter and tax payer, the threshold for making a radical decision to automatically de-certify WinVote has objectively not been met. A planned future date to decertify AVS WInVote in 12-24 months would be more prudent, and also allow localities to try and allocate scarce budget dollars for a replacement system.
Several forward looking points for SBE consideration:
ELECT should continue to add even more rigor and structure and thoroughness and stress testing into all aspects of the state certification process. This type of testing needs to include the entire voting process including mock elections and the election worker and actual voter interface with the ballot marking and ballot scanning devices.
Even for voting platforms that are certified, it probably makes sense for there to be a re-certification of those every 3-5 years or so. Of course that is more difficult to do when the vendor goes out of business (like AVS), and everyone is dependent a small 3rd party to try and keep their voting equipment investment going for a few more years.
Most localities would like at least 2-3 years lead time before they have to make big investments in a new voting platform because the current one they have may become de-certified.
