image © Utah Count Votes
Utah's RFP for Voting Systems/Equipment
July 2004 - Summary of Response by
BYU CS Professors: Phillip J. Windley, Mike Jones, Kent Seamon
University of Utah CS Professors: Erik Brunvand, John Carter,
Samuel H. Drake, Ganesh Gopalakrishnan, David Hanscom, Art Lee, Jay
Lepreau, John Regehr, Peter Shirley
Stanford University CS Professor David Dill
Rice University CS Professor Dan Wallach
Verified Voting Foundation Pamela Smith, National Coordinator
Utah Count Votes Kathy Dopp, Founder
Association for Computing Machinery Barbara Simons, former
Utah Rights Lawyer Dow Patten, Esq.
Utah has the chance to lead America and increase economic
opportunity in Utah, by creating the best voting system, if it
amends its voting equipment RFP process in response to Utah's
computer science professionals response.
On July 27th, Utah's voting equipment RFP was amended in
response to our July 19th 12 page response. Now Utah's RFP weights
security and accuracy 20% rather than 10%; no longer requires one
digital recording device (DRE ATM-style) voting machine in each
polling place; and considers security during storage. See
The following inadequacies remain in Utah's RFP for voting
- The RFP schedule is too aggressive because it does not allow
time for security evaluations of voting equipment proposals, or
time for newer less-costly, more usable, trustworthy voting systems
to come to market. The schedule calls for completion of contract
negotiations by December 2004 and implementation of new voting
systems by 2005. The Help America Vote Act (HAVA) does not require
implementation to receive HAVA funds until June 2006, and new
national standards are not planned to be released until June
- The RFP does not require a voter verified physical record,
e.g., paper ballot, be provided to ensure that votes are correctly
recorded and available for recount in case of machine malfunction
or tampering. In a recent survey by the Association of Computing
Machinery, 95% of computer professionals agreed that a voter
verified physical record is vital for ensuring the validity of
election results. Many systems currently on the market do not
provide an adequate voter verified paper ballot suitable for
election officials to store and conveniently use for recounts. The
RFP does not provide any specifications for voter verifiable paper
ballots. Will a thermal receipt be accepted whose printing fades
and becomes invisible? What are the storability or recount ability
requirements for a voter verifiable paper ballot?
- The RFP does not require, or allow time for, any independent
security reviews of voting equipment, and weights "security and
accuracy" at only 20%.
- The RFP's own criteria can effectively be waived or set
aside at the end of the bid process. QUOTE FROM RFP: "The State of
Utah reserves the right to evaluate each type of equipment proposed
as a solution with other types of proposed equipment solutions.
Each type or group will be evaluated independently. The State will
determine which proposed solution best meets the State's
requirements and will make an award based on this decision. The
award may not necessarily be made to the highest overall scoring
offeror. Rather, the award will go to the highest scoring offeror
for the proposed solution preferred by the State of Utah."
- The RFP is an insufficient basis upon which to acquire
voting machinery. The RFP can be made much more specific in ways
that will save Utah taxpayer dollars over the life of the competing
- The RFP does not give additional consideration to open
source solutions that would increase security, accuracy, and
reliability of Utah's voting machines.
- The RFP provides no terms for when the escrowed source code
may be released, so even under a lawsuit the programming
instructions for the voting machines may be withheld. Even if these
terms are made explicit, experts in voting source code would not be
able to review escrowed or publicly "disclosed" source code because
it might result in law suits if any similar features were
incorporated in the voting programs they work on.
- Without sufficient detail in the RFP, it will be difficult
for the State to reduce to writing or enforce any nonconformance so
as to hold the vendor to account.
- Logic and accuracy tests are limited to the memory of the
main processor and the programmable memory device, so that all
votes may be processed in untested associated processors.
- Requirements and expense for security during storage and
transportation before, during, and after elections are inadequately
considered and weighted, and the RFP requires a network connection
to report election results to a website.
- The entire RFP process is closed. Utah should make the
process as open as possible and source code should be open to the
public upon signing a nondisclosure.
SUMMARY: Utah's RFP for voting equipment can be amended to allow
time for a careful information-gathering and decision-making
process; and made much more specific in ways that will save Utah
taxpayer dollars and make the RFP a much clearer yardstick by which
to judge competing solutions. Utah could use HAVA funds to hire
independent experts to study and rewrite the RFP and to do security
reviews of all proposals, including the source code of any
electronic systems, and still meet the HAVA deadline. Pending
federal amendments under consideration, such as HR2239 and S1980
that are supported by the computer science community should be
taken under consideration. Because current federal standards for
voting equipment are voluntary and out-dated, it is especially
important to follow the advice and suggestions of local Utah
computer scientists that are given in