image © Utah Count Votes

Utah's RFP for Voting Systems/Equipment July 2004 - Summary of Response by BYU CS Professors: Phillip J. Windley, Mike Jones, Kent Seamon University of Utah CS Professors: Erik Brunvand, John Carter, Samuel H. Drake, Ganesh Gopalakrishnan, David Hanscom, Art Lee, Jay Lepreau, John Regehr, Peter Shirley Stanford University CS Professor David Dill Rice University CS Professor Dan Wallach Verified Voting Foundation Pamela Smith, National Coordinator Utah Count Votes Kathy Dopp, Founder Association for Computing Machinery Barbara Simons, former President Utah Rights Lawyer Dow Patten, Esq.

Utah has the chance to lead America and increase economic opportunity in Utah, by creating the best voting system, if it amends its voting equipment RFP process in response to Utah's computer science professionals response. http://www.utahrights.com/RESPONSE_RFP_add_sig_contrib.pdf

On July 27th, Utah's voting equipment RFP was amended in response to our July 19th 12 page response. Now Utah's RFP weights security and accuracy 20% rather than 10%; no longer requires one digital recording device (DRE ATM-style) voting machine in each polling place; and considers security during storage. See http://purchasing.utah.gov/BidProcessing/CurrentBids.asp

The following inadequacies remain in Utah's RFP for voting equipment:

1. The RFP schedule is too aggressive because it does not allow time for security evaluations of voting equipment proposals, or time for newer less-costly, more usable, trustworthy voting systems to come to market. The schedule calls for completion of contract negotiations by December 2004 and implementation of new voting systems by 2005. The Help America Vote Act (HAVA) does not require implementation to receive HAVA funds until June 2006, and new national standards are not planned to be released until June 2005.
2. The RFP does not require a voter verified physical record, e.g., paper ballot, be provided to ensure that votes are correctly recorded and available for recount in case of machine malfunction or tampering. In a recent survey by the Association of Computing Machinery, 95% of computer professionals agreed that a voter verified physical record is vital for ensuring the validity of election results. Many systems currently on the market do not provide an adequate voter verified paper ballot suitable for election officials to store and conveniently use for recounts. The RFP does not provide any specifications for voter verifiable paper ballots. Will a thermal receipt be accepted whose printing fades and becomes invisible? What are the storability or recount ability requirements for a voter verifiable paper ballot?
3. The RFP does not require, or allow time for, any independent security reviews of voting equipment, and weights "security and accuracy" at only 20%.
4. The RFP's own criteria can effectively be waived or set aside at the end of the bid process. QUOTE FROM RFP: "The State of Utah reserves the right to evaluate each type of equipment proposed as a solution with other types of proposed equipment solutions. Each type or group will be evaluated independently. The State will determine which proposed solution best meets the State's requirements and will make an award based on this decision. The award may not necessarily be made to the highest overall scoring offeror. Rather, the award will go to the highest scoring offeror for the proposed solution preferred by the State of Utah."
5. The RFP is an insufficient basis upon which to acquire voting machinery. The RFP can be made much more specific in ways that will save Utah taxpayer dollars over the life of the competing solutions.
6. The RFP does not give additional consideration to open source solutions that would increase security, accuracy, and reliability of Utah's voting machines.
7. The RFP provides no terms for when the escrowed source code may be released, so even under a lawsuit the programming instructions for the voting machines may be withheld. Even if these terms are made explicit, experts in voting source code would not be able to review escrowed or publicly "disclosed" source code because it might result in law suits if any similar features were incorporated in the voting programs they work on.
8. Without sufficient detail in the RFP, it will be difficult for the State to reduce to writing or enforce any nonconformance so as to hold the vendor to account.
9. Logic and accuracy tests are limited to the memory of the main processor and the programmable memory device, so that all votes may be processed in untested associated processors.
10. Requirements and expense for security during storage and transportation before, during, and after elections are inadequately considered and weighted, and the RFP requires a network connection to report election results to a website.
11. The entire RFP process is closed. Utah should make the process as open as possible and source code should be open to the public upon signing a nondisclosure.

SUMMARY: