The Security of Electronic Voting Systems in the U.S.

“Here are a few facts that should be considered: EAC has reviewed the source code of every registered manufacturer and maintains the source code of every registered manufacturer and each system. The experts at the accredited labs and EAC will tell you independently that the source code and software is NOT the same for every manufacturer and there is no one master key to all systems - this is just a fallacy. I would also add that many of these newer systems offered by manufacturers have also been independently reviewed by Idaho National Lab (INL) whose mission is to seek to exploit the systems, identify vulnerabilities and then offer mitigation strategies to the manufacturers in the building of systems, and this "universal key" or "universal software" is not something that has ever been identified and reported by some of the best white hat hackers in the world or any of EAC/Lab experts or any three letter agency. The accredited labs and EAC have certified the trusted build of each of these systems and this trusted build is what the states and counties receive when they use an EAC certified system. The EAC also conducts penetration testing prior to a VVSG campaign to ensure known vulnerabilities have been remedied and seek to identify any new vulnerabilities. The EAC would like to do even more and conduct regular independent vulnerability testing of all voting systems and that is being considered by the House and Senate with the NDAA, but this is not a sure thing without funding and legislation.”