On 29 April 2003, the California secretary of state decertified DES's touch-screen voting technology for use in four counties in the state. This decision — which affects 14,000 DES touch-screen terminals, and as many as 2 million eligible voters – reflects the state’s concern that DES allegedly deployed systems in four California counties without required federal testing or state certification. The state further alleges that DES lied about the systems' certification status to the state. The secretary of state has asked the state attorney general to investigate the possibility of criminal and civil fraud charges against DES.
If DES knowingly deployed voting systems in the field without required testing and certification, then the state’s decision to decertify DES's voting systems is absolutely justified. Whether DES later lied about the matter is irrelevant, except that it could be grounds for criminal prosecution. Field deployment of uncertified software is completely intolerable in an application in which public trust is a mission-critical requirement.
The software industry has historically favored the rapid introduction of new products, which inevitably leads to high levels of flaws. The release-and-patch approach to software quality and security is no longer acceptable even for consumer-level operating systems, let alone mission-critical applications with major public consequences. The public — which now includes 1 billion Internet users worldwide, all of whom are only too familiar with cybercrime — is simply too sensitive to quality and security concerns. In DES's case, a history of serious security breaches — such as the discovery and worldwide distribution of source code found unprotected on an Internet-connected DES server — and highly critical independent reports alleging security flaws in DES’s products serve to underline the importance of strict attention to testing and certification requirements. California’s refusal to accept any ambiguity regarding the security of DES’s machines is appropriate.
Governments and other agencies evaluating voting and other critical technologies:
Analytical Sources: Richard Hunter and Ray Wagner, Gartner Research
Recommended Reading and Related Research
(You may need to sign in or be a Gartner client to access all of this content.)
|Resource Id: 448039|