Yesterday, as a result of voting system reviews, Secretary of State Debra Bowen decertified for state use the voting systems of Diebold Election Systems, Inc., and Sequoia Voting Systems. A third vendor, Election Systems and Software (ES&S), declined to participate in the review process mandated by law, and so Secretary Bowen withdrew approval of their Inkavote Plus Precinct Ballot Counting System for use in California. A fourth firm, Hart InterCivic, Inc. chose not to submit the voting system previously used by California voters for examination and certification, and voluntarily withdrew from the certification process. Instead, the company plans to upgrade their county customers to a newer version and submit that version for review and certification by the Secretary of State.

Diebold was in the center of 2004 election controversies pitting its tabulation results against exit polls. Sequoia Voting Systems offers a product called "Voter Verified Paper Audit Trail" (VVPAT) that was reported by the review team to have a series of serious and often undetectable flaws. Their voting software was also found publicly available online in 2003, raising questions about future vote tampering. In 2006, during a Committee on Foreign Investment in the United States (CFIUS) review, the company, owned then by 3 Venezuelans, was allowed to withdraw from that review on news of its pending sale.

When California's Secretary of State Bowen was inaugurated January 7, 2007, she announced her intention to conduct a "Top to Bottom" review of voting systems used in California. "The review was designed to restore the public's confidence in the integrity of the electoral process and to ensure that California voters are being asked to cast their ballots on machines that are secure, accurate, reliable, and accessible." The review began two months later, in March, 2007.

In early May, Secretary Bowen outlined the possible outcomes. “This kind of a comprehensive review is essential...One of three things will happen to each voting system that’s being reviewed. The first possibility is that a system will be found to be secure, accurate, reliable and accessible as it stands, so voters can have confidence when they use it on Election Day. Second, a system may be required to use additional safeguards, such as an expanded post-election audit process. The third possibility is that a voting system can’t be made secure, accurate, reliable and accessible even with additional safeguards, so that system may be decertified, which means it could not be used for any election in 2008.”

The need for review of the new voting systems which were mandated by Help America Vote Act and signed by Bush in 2002 became apparent in a series of reported problems at the polls. Two examples cited in a California summary are:

• In December 2005, California discovered voting system programming code that escaped the review of federal testers.
• On May 2, 2007, a congressional task force voted to investigate anomalies in 2006 election results in Florida’s 13th Congressional District. These are just two examples that have fueled the debate about whether the systems voters are asked to cast their ballots on are trustworthy and whether the testing processes used to certify voting systems are adequate.

The review's urgency is intensified by the fact that California faces 3 statewide elections in 2008. According to the Secretary of State's summary:

Approximately $450 million has been spent or allocated to buy new voting equipment in California over the past few years. The top-to-bottom review will cost approximately $1.8 million and will be paid for by the voting system vendors and federal Help America Vote Act (HAVA) money allocated by the Legislature and the Governor in the 2006-07 budget.

Despite the review's good intentions, there remain reasons to question whether, even after this intensive review, the voting systems meet the standards of security, accuracy, reliability and accessibility.

As Matt Bishop, a principal investigator on one of the review teams noted:

The short time allocated to this study has several implications. The key one is that the results presented in this study should be seen as a “lower bound”; all team members felt that they lacked sufficient time to conduct a thorough examination, and consequently may have missed other serious vulnerabilities. In particular, Abbott’s team reported that it believed it was close to finding several other problems, but stopped in order to prepare and deliver the required reports on time.

And there was ample regard and concern given to the possibility of adding to the numerous and multiple security breaches uncovered, as noted by David Wagner, another principal investigator.

A common, widely accepted practice in the security literature is to describe attacks in sufficient detail to allow others to independently reproduce and evaluate the threat and, ultimately, build systems that better resist attack. Because of the severity of the attacks we found, and because we wanted to avoid making it easy for would-be attackers to subvert elections, we did not follow that practice here.
Instead, in preparing our public reports, we deliberately chose to err on the side of caution. We carefully screened all of the information that we included in our public reports. Our objective was to avoid reducing the amount of access an attacker would require to attack elections. We attempted to accomplish this by omitting details that would have the effect of converting an attack that would require reverse engineering or access to the source code into one that would not. These details were relegated to a confidential appendix provided to the Secretary of State.

The California Secretary of State's site has related documents.