By Glynis Kazanjian
State election officials were hoping to certify a new online ballot marking tool that could be accessed when downloading a ballot online — a feature that is currently available to all voters.
But board members were troubled by an IT security assessment conducted for the state by a firm that seemed to have limited experience performing Internet security tests on election systems.
CLARIFICATION 4/30, noon:
Charles Iheagwara, managing director of Unatek of Largo, who was not at the meeting, said after the story was published that the firm had conducted similar tests in the past. Some of these clients could not be disclosed.
In an earlier interview, Iheagwara said elections officials who hired Unatek told him not to discuss with the media security features or tests that had been conducted, due to contract nondisclosure agreements.
Last week’s story also raised questions about Unatek’s testing of voter fraud risks at the front end of the voting system where ballots are requested. Unatek had conducted some tests of voter fraud risks at the front end, but the results did not satisfy some board members.
Legislation passed last year required the state to certify the new voting system in order to facilitate some disabled voters and add to the state’s scope of online voter services. Part of the certification requires the state to deliver a secure ballot while maintaining a voter’s privacy.
For years,voting advocates have been sounding the alarms that the state’s online voter service systems are highly vulnerable to Internet attacks and voter fraud.
Contractor, auditor had no experience
State election officials also hired an independent auditor to verify the authenticity of Unatek’s report. While auditor Valeria James of Mainstay Enterprises Inc. vouched for Unatek, it became clear during her testimony that the auditor never met the security consultant, never independently verified Unatek’s past projects nor had even heard of the company.
State Board Vice Chair David McManus, a Republican, asked the auditor if Mainstay itself had ever had experience with a voting system.
“No, not at all,” James said.
Election board members were also unclear as to whether they needed to certify only the ballot marking tool or also the electronic delivery of the ballot, which makes the ballot marking tool possible.
Assistant Attorney General Jeff Darsie, who acts as counsel to the state board of elections, said his informal opinion was that the board is not required to certify the online ballot delivery system.
However, Darsie said, he had not queried the attorney general, who sometimes issues official opinions on election law.
McManus, a lawyer, said while he didn’t necessarily agree with Darsie, the fact that the electronic delivery will be uncertified creates an opportunity.
One step at a time
“I think we should do this incrementally,” McManus said. “I am not convinced the delivery system is safe either. We can do this one step at a time.”
McManus said the prudent plan should be to try the electronic delivery system first.
“If the delivery works in the primary and the general, I could change my mind,” McManus said. “The Internet is a very vast complicated system. I think the events of the last year have shown us we don’t know as much about it as we think we do. We need to be careful with it.”
After an informal vote by State Board Chairwoman Bobbie Mack, it was clear the required “supermajority” of four out of five votes was not attainable to certify the ballot marking tool.
An exasperated Mack asked the board if they were ever going to be happy with IT experts they are bringing in.
“I’d like someone who has experience working with voting systems,” board member Rachel McGuckian, a Montgomery County Democrat and a lawyer, said. “I don’t think it’s a secure system. The statute says we need to find it secure. I can’t in good conscience vote for it.”