Electronic Voting Systems (DREs): Legislation in the 108th Congress

CRS Report for Congress
Electronic Voting Systems (DREs):
Legislation in the 108 Congress
August 11, 2004
Eric A. Fischer
Senior Specialist in Science and Technology
Resources, Science, and Industry Division
Kevin Coleman
Analyst in American National Government
Government and Finance Division

Congressional Research Service ˜ The Library of Congress

Electronic Voting Systems (DREs): Legislation in the
108th Congress
Several bills have been introduced in the 108th Congress to address issues that
have been raised about the security of direct recording electronic (DRE) voting
machines. Touchscreen and other DREs using computer-style displays are arguably
the most versatile and voter-friendly of any current voting system. The popularity of
DREs, particularly the touchscreen variety, has grown in recent years. In addition,
the Help America Vote Act of 2002 (HAVA, P.L. 107 — 252), while not requiring
or prohibiting the use of any specific kind of voting system, does promote the use of
DREs through some of its provisions. About 30% of voters are expected to use
DREs in the November 2004 election. However, there is currently some controversy
about how secure DREs are from tampering. There has been some disagreement
among experts about both the seriousness of the security concerns and what should
be done to address them. The bills — H.R. 2239 (Holt), S. 1980 (Graham-FL), S.

1986 (Clinton), S. 2045 (Boxer), S. 2313 (Graham-FL), H.R. 4187 (King-IA), S.

2437 (Ensign), and H.R. 4966 (Larson) — address these concerns in various ways:

-- Requiring that all voting systems produce a paper ballot that can be verified by a
voter before the vote is cast (all except S. 1986 and H.R. 4966), or that all
voting systems produce a verifiable ballot using the most accurate technology,
which may or may not be paper-based (S. 1986).
-- Requiring that voting systems used to fulfill HAVA disability requirements use a
system not requiring paper that provides for voter verification and separates vote
generation from vote casting — called modular voting architecture — and
providing for assisted voting as an option for jurisdictions unable to meet the
requirement (H.R. 2239/S. 1980, S. 2045, S. 2313).
-- Providing an interim paper-based system to be supplied by the Election Assistance
Commission (EAC) for states unable to meet the verification requirement (H.R.

2239/S. 1980, S. 2045, S. 2313).

-- Requiring mandatory recounts by the EAC of a small proportion of jurisdictions
in each state (H.R. 2239/S. 1980, S. 2045, S. 2313).
-- Requiring that all voting system software be available for public inspection (“open
source”), as certified by the EAC (H.R. 2239/S. 1980, S. 2045, S. 2313), or that
states be provided with copies of the software (H.R. 4966).
-- Prohibiting the use of wireless communication devices in voting systems, with
certification by the EAC (H.R. 2239/S. 1980, S. 1986, S. 2045, S. 2313).
-- Requiring adherence to certain security requirements (all except S. 2437).
-- Requiring federal certification of voting systems (S. 2313) or applying conflict-of-
interest standards to certification laboratories (H.R. 4966).
-- Posting information in the polling place regarding the availability of state
administrative complaint procedures (H.R. 4966).
-- Requiring development by the EAC of best practices for accessibility and voter-
verification (H.R. 2239/S. 1980, S. 2045, S. 2313).
-- Moving up deadlines for complying with HAVA standards (H.R. 2239/S. 1980,
S. 2045, S. 2313).
This report will be updated in response to legislative action on the bills discussed.

Provisions and Issues Addressed......................................4
Voter-Verified Ballot Requirement................................4
Interim Paper System...........................................6
Voter Verification for Individuals with Disabilities and Alternative
Language Needs..........................................7
Appropriations for Voter-Verified Systems..........................9
Requirement for Mandatory Recounts.............................10
Requirement for Open-Source Software and Prohibition of
Wireless Communications..................................12
Open-Source Software.....................................12
Wireless communications..................................13
Voting System Security and Testing Requirements...................14
Certification of Security for Voter Registration Lists.................15
Certification of Voting Systems..................................16
Posting of Information Regarding Administrative Complaint Procedures.17
Deadline for Compliance.......................................17
Best Practices................................................17
Security Consultation Services..................................18
Report to Congress............................................19
Extension of Title I Payments...................................19
Repeal of EAC Contracting Exemption............................19
Effective Date...............................................20
Conclusion ......................................................20
List of Tables
Side-by-Side Comparison of Bills in the 108th Congress on the Security of
Electronic Voting Systems......................................22

Electronic Voting Systems (DREs):
Legislation in the 108 Congress
Several bills have been introduced in the 108th Congress to address issues that
have been raised about the security of direct recording electronic (DRE) voting
machines. DREs are the first completely computerized voting systems.1 They were
introduced in the 1970s. Touchscreen and other DREs using computer-style displays
are arguably the most versatile and user-friendly of any current voting system. Each
machine can display ballots in different languages and for different offices,
depending on voters’ needs. It can also display a voter’s ballot choices on a single
page for review before casting the vote. Finally, a DRE can be made fully accessible
for persons with disabilities, including visual impairment, and can prevent several
kinds of voter error. No other kind of voting system possesses all of these features.
The popularity of DREs, particularly the touchscreen variety, has been growing,
and many expect that growth to continue. The Help America Vote Act of 2002
(HAVA, P.L. 107 — 252), while not requiring or prohibiting the use of any specific
kind of voting system, promotes the use of DREs through some of its provisions.2
The act has encouraged the replacement of punchcard and lever machines through a
buyout program; it specifically states that DREs can be used to meet the accessibility
requirement of the act;3 and, starting in 2007, it requires any voting system purchased
with HAVA funds to meet the accessibility requirement. Also, DREs easily meet the

1 Most DREs are produced by four companies: Diebold Election Systems (which produces
the Accuvote system), Election Systems and Software (iVotronic), Sequoia Voting Systems
(AVC Edge), and Hart Intercivic (eSlate). There are also several smaller companies.
2 For a general discussion of HAVA, see Kevin J. Coleman and Eric A. Fischer, Elections
Reform: Overview and Issues, CRS Report RS20898, 29 March 2004; and Congressional
Research Service, Election Reform Briefing Book: Implementation in the 108th Congress,
[ h t t p : / / www.c ongr e s s . go v/ br bk/ h t ml / e be r f 1.s ht ml ] .
3 §301(a)(3), Accessibility for Individuals with Disabilities, states,
The voting system shall —
(A) be accessible for individuals with disabilities, including nonvisual
accessibility for the blind and visually impaired, in a manner that provides the
same opportunity for access and participation (including privacy and
independence) as for other voters;
(B) satisfy the requirement of subparagraph (A) through the use of at least one
direct recording electronic voting system or other voting system equipped for
individuals with disabilities at each polling place; and
(C) if purchased with funds made available under title II on or after January 1,
2007, meet the voting system standards for disability access (as outlined in this

act’s requirements for prevention and correction of voter errors. About 30% of
registered voters are expected to use DREs in the November 2004 election.4
However, there is currently some controversy about how secure DREs are from
tampering by voters, election personnel, Internet “hackers,” or even manufacturers
(for a detailed discussion, see CRS Report RL32139).5 The controversy stems in part
from another characteristic of current DREs: The ballot itself consists of electronic
records, which the voter cannot see, inside the machine. Therefore, there is no way
for the voter to know if the ballot that is cast is the same as the electronic
representation of it on the face of the machine.
The security of DREs and other voting systems was not a major issue in the
debate leading to the enactment of HAVA.6 Although they issue was discussed
during at least one hearing,7 it became prominent only with the publication in July

2003 of an analysis of computer code for one type of DRE.8

There has been some disagreement among experts about both the seriousness
of the security concerns and what should be done to address them. While it is
generally accepted that tampering is possible with any computer system, given
sufficient time and resources, some experts believe that the concerns can be
addressed using current practices. Others believe that significant changes are needed.
Among the steps proposed are requiring the use of “open source” software code,
which would be available for public inspection; the development of systems that
effectively mimic electronically the observability of manually counted paper ballot
systems; and the printing by DREs of document ballots where a voter could verify
the choices made and that would be hand-counted if the election results were

4 Election Data Services, “New Study Shows 50 Million Voters Will Use Electronic Voting
Systems, 32 Million Still with Punch Cards in 2004,” Press Release, 12 February 2004. The
actual percentage may be somewhat lower, as some states, such as Ohio, have postponed
deployment of DREs in light of security and other issues. About 23% of registered voters
used DREs in 2002.
5 For a detailed discussion, see Eric A. Fischer, Election Reform and Electronic Voting
Systems (DREs): Analysis of Security Issues, CRS Report RL32139, 4 November 2003.
6 HAVA contains no explicit security requirements for voting systems. However, it does
require that a voting system have an audit capacity (a common security feature) — and that
this include a permanent paper record that can be used in manual recounts (§301(a)(2)), a
provision added in an amendment adopted in the Senate by unanimous consent, without
debate (see Eric Fischer and Kevin Coleman, Senate Consideration and Passage of H.R.

3295 (Dodd-McConnell), CRS Election Reform Briefing Book, 6 May 2002,

[ ht t p: / / www.congr e ss.gov/ br bk/ ht ml / e ber f 27.ht ml ] ) .
7 On 22 May 2001, the House Science Committee held a hearing on the role of standards in
voting technology at which the security of DREs was discussed, among other issues (House
Committee on Science, Voting Technology Standards Act of 2001, 107th Cong., 1st sess.,

2001, H.Rept. 107 — 263.

8 Tadayoshi Kohno, Adam Stubblefield, Aviel D. Rubin, and Dan S. Wallach, “Analysis of
an Electronic Voting System,” Johns Hopkins Information Security Institute Technical
Report TR-2003-19, July 23, 2003, [http://avirubin.com/vote/]. See also Fischer, Election
Reform and Electronic Voting Systems.

contested. Some experts have called for such changes before DREs are more widely
adopted. Others believe that procedural and other safeguards make DREs sufficiently
safe from tampering, that use of printed paper ballots would create substantial
problems that would more than outweigh any benefits, and that the controversy risks
drawing attention away from the demonstrated utility of DREs in addressing known
problems of access to and usability of voting systems.
Several bills have been introduced in the 108th Congress that would amend
HAVA to address these and other issues in various ways. The issues these bills
address and the major differences in the ways they address them are discussed below.
The bills that this report covers are
!H.R. 2239, Voter Confidence and Increased Accessibility Act of
2003, introduced May 22, 2003, by Representative Holt (identical to
S. 1980).
!S. 1980, Voter Confidence and Increased Accessibility Act of 2003,
introduced December 9, 2003, by Senator Graham of Florida
(identical to H.R. 2239).
!S. 1986, Protecting American Democracy Act of 2003, introduced
December 9, 2003, by Senator Clinton.
!S. 2045, Secure and Verifiable Electronic Voting Act of 2004
(SAVE Voting Act), introduced February 2, 2004, by Senator Boxer.
!S. 2313, Restore Elector Confidence in Our Representative
Democracy Act of 2004 (RECORD Act), introduced April 8, 2004,
by Senator Graham of Florida.
!H.R. 4187, Know Your Vote Counts Act of 2004, introduced April

21, 2004, by Representative King of Iowa.

!S. 2437, Voting Integrity and Verification Act of 2004, introduced
May 18, 2004, by Senator Ensign.
!H.R. 4966, Improving Electronic Voting Standards and Disclosure
Act of 2004, introduced July 22, 2004, by Representative Larson.
The House bills were referred to the House Committee on House Administration, and
the Senate bills to the Senate Committee on Rules and Administration. None of the9
bills has received additional committee or floor action.

9 However, hearings have been held at which issues addressed by the bills were discussed.
On June 24, 2004, the Subcommittee on Environment, Technology, and Standards of the
House Science Committee held a hearing on “Testing and Certification for Voting
Equipment: How Can the Process Be Improved?” The House Committee on House
Administration has held an oversight hearing on “The Election Assistance Commission and
Implementation of the Help America Vote Act,” on June 17, and a hearing on “Electronic
Voting System Security,” on July 7. On July 20, The Subcommittee on Technology,
Information Policy, Intergovernmental Relations and the Census of the House Committee
on Government Reform held a hearing on “The Science of Voting Machine Technology:
Accuracy, Reliability, and Security.”

Provisions and Issues Addressed
The bills contain a broad range of provisions concerning the verification of
ballots by voters, including those with disabilities, before ballots are cast; the use of
interim paper-based systems; the use of mandatory recounts; the availability of voting
system software for inspection by the public or by states; prohibitions on wireless
communications; security, testing, and certification requirements; posting of voter
information; changes in deadlines for compliance with HAVA requirements;
extension of deadlines for payments under HAVA; and other matters. Those
provisions and associated issues are discussed below. This report also includes a
table providing a side-by-side comparison of the provisions.
Voter-Verified Ballot Requirement
Voter verifiability refers to the capability of the voter to determine that his or her
ballot is cast and counted as intended. No voting system currently in use in federal
elections provides true voter verifiability. However, paper-based document ballot
systems (hand-counted paper ballots, punchcards, and optical scan ballots) arguably
exhibit somewhat more verifiability than the nondocument systems (lever machines
and DREs).
With current DREs, a voter sees a representation of the choices made on a
computer screen or ballot face, but cannot see what choices the machine actually
records when the vote is cast. There is no independent record of the voter’s choices
that the machine totals can be checked against.10 Document ballots, on the other
hand, permit a voter to check the actual ballot before casting it, although the voter
cannot verify that the votes on the ballot were counted as the voter intended.
Many computer security experts view the lack of transparency of DREs as a
significant security vulnerability, and some advocate addressing this vulnerability by
requiring a paper record of the voter’s choices that the voter can verify before casting
the ballot. This approach is often called a voter-verified paper audit trail, or VVPAT.
HAVA currently requires that a permanent paper record be produced for the
voting system and that the record be available as an official record for a recount
(§301(a)(2)), but it does not require either that the paper record consist of individual
ballots or that the paper record be used in recounts. HAVA also requires that the
system “permit the voter to verify (in a private and independent manner) the votes
selected by the voter on the ballot before the ballot is cast and counted”
(§301(a)(1)(A)(i)).11 However, it does not specify the method of verification.

10 Votes are recorded in more than one location inside the machine, which can protect
against certain kinds of recording and counting problems, but these are not truly independent
11 These and most other HAVA requirements go into effect in January 2006 (see Deadline
for Compliance below).

All of the bills discussed in this report except S. 1986 and H.R. 4966 modify
HAVA to require (1) that voting systems provide voter-verification via a paper ballot
that the voter can inspect before the vote is cast, (2) that voters have the opportunity
to correct any errors detected before casting the ballot, and (3) that the paper ballot
will be a permanent record of the vote. S. 1986 has the same requirements except the
voting system is to use “the most accurate technology,” which need not be paper-
based — some alternative technologies in development show promise of providing
stronger voter verification capabilities than paper-based systems.12 All bills except
H.R. 4187 and H.R. 4966 specify that the voter-verified ballot be the official record
for any recounts. All except S. 1986, H.R. 4187, and H.R. 4966 require that the
voter-verified ballot system be at least as suitable for manual audit as a paper ballot-
box system (presumably meaning hand-counted paper ballots). S. 2045 and S. 2313
also prohibit the use of thermal paper for the permanent ballot record. H.R. 2239/S.
1980, S. 2045, and S. 2313 require voter verification beginning with the November
2004 federal election. The other bills retain the current HAVA 2006 deadline for
meeting §301(a) requirements.
There are two main ways that VVPAT can be implemented. In one, the paper
ballot is used for the initial count as well as being preserved for audits and recounts.
This is how current document-ballot systems — hand-counted ballots, punchcards,
and optical scan ballots — work. Some observers have proposed separating the
vote-choice and vote-casting functions of DREs to create an analogous single-ballot
system (also called modular voting architecture), but DREs do not use this method.
The other approach records votes electronically within the DRE but creates a parallel
paper ballot record that the voter can verify and that would be used only in audits and
recounts. This parallel-ballot approach (also called contemporaneous paper replica,
or CPR) is most often discussed with respect to implementation of a VVPAT for
The use of VVPAT has several potential advantages, including the following:
!Any recount would be based on an independent record that the voter
had had an opportunity to verify.
!Each election could be audited, and any significant discrepancies
between the electronic and paper tallies would trigger a full recount.
!If the recount were performed by hand, that would take advantage of
the transparency and observability that can be associated with that
!The method could help ensure voter confidence in the legitimacy of
election results, since voters would know that ballots they had
verified would be available for recounts.
The approach also has potential disadvantages, including the following:
!The use of printers could substantially increase both the cost of
administering an election and the risk of mechanical failure of a
voting machine.

12 See Fischer, Election Reform and Electronic Voting Systems.

!Since the use of VVPAT with DREs is largely untested, it is not
clear to what extent it would improve security in practice and what
impacts it might have on voters — it may make voting more
complicated and time-consuming by requiring extra steps.
!Hand counting of the paper ballots would be time-consuming and
arguably more error-prone than machine counting; it may also
provide opportunities for tampering that do not exist with
nondocument systems.
!The method will not necessarily provide the level of confidence in
the results of an election that proponents project, since initial
counting will still be done by computers.
!While there have been several studies of the security vulnerabilities
of DREs, there have been no comparable studies for paper-based or
lever voting systems; such studies are necessary to determine what
the relative security risks are of DREs in comparison to other kinds
of voting systems.
Although HAVA does not prohibit or require any particular voting system, the
accessibility requirements effectively encourage the use of DREs, given the state of
current technology. Therefore, if VVPAT is deemed essential to ensure the security
and integrity of DRE voting, an argument can be made that HAVA should be revised
to require it. However, to the extent that the need for VVPAT is not settled, and that
requiring it might stifle innovation, and given the focus of HAVA on leaving
specifics of implementation to the states, it could be argued that the decision of
whether to implement VVPAT is best left to the states. Most observers appear to
agree that widespread implementation of VVPAT for the November 2004 election
is not feasible. Among the roughly 30 states expected to use DREs in that election,13
only Nevada is requiring VVPAT for all machines in the 2004 election.14 However,
California requires either VVPAT or a set of other security requirements.15
Interim Paper System
H.R. 2239/S. 1980, S. 2045, and S. 2313 require that if a state certifies that it
cannot comply with HAVA §301 requirements (as modified by these bills) by
November 2004, the Election Assistance Commission (EAC) will provide the state
with an interim paper-based voting system that the EAC will deem to comply with
the requirements for that election. S. 2045 includes a deadline of 1 July 2004 for
states to certify that they cannot comply, and requires that the EAC reimburse
jurisdictions for the costs of implementing the paper system. S. 2313 provides for
reimbursement and further stipulates that the interim system provision will apply also

13 This estimate is based on data received from the Election Reform Information Project
[http://www.electionline.org] and Election Data Services
[http://www.electiondataservices.com] in March 2004.
14 Nevada uses the Sequoia AVC Edge and will be using a VVPAT printer developed by
Sequoia and certified for use with that system.
15 See California Secretary of State Kevin Shelley, “Voting Systems,”
[ h t t p : / / www.s s . c a . go v/ e l e c t i ons / e l e c t i ons _vs .ht m] ,

for federal elections held in 2005. The bills also require that any state receiving a
title I payment to replace voting systems and requesting an extension of the deadline
for replacement to 2006 will use a paper-based voting system for the November 2004
election. However, S. 2313 also permits states required to use an interim paper
system to apply for a waiver if compliance is “technologically impossible.”
The paper system is to be “based on paper systems in use in the jurisdiction, if
any.” H.R. 2239/S. 1980 stipulate that the state will “receive” the system at EAC
expense. It is not clear whether the interim system will be chosen by the state or by
the EAC. S. 2045 and S. 2313 stipulate that the state will “use” the required system
with costs reimbursed by the EAC. Presumably, this means that the state will choose
the system.
The four bills also require that whatever system is used “shall be deemed
compliant” by the EAC with HAVA requirements. Under HAVA, the EAC currently
has no role in determining compliance with the requirements of the act. However,
it is responsible for voluntary certification of voting systems, but by laboratories that
it has accredited, not by the EAC itself. It is not clear whether the language in these
bills significantly expands the authority of the EAC, or, alternatively, if compliance
of any paper-based system a state chooses is automatic.
It is not clear what the cost of this provision would be, as it would depend on
how many states would require interim paper systems. It would presumably include
at a minimum any jurisdictions that were intending to use lever machines in the
November 2004 election, as well as states with DRE systems that could not modify
them to include VVPAT for that election. More than 30 states are expected to use
either lever machines or DREs or both in at least some jurisdictions (roughly 75 —16

80,000 precincts) in 2004.

Voter Verification for Individuals with Disabilities and
Alternative Language Needs
HAVA requires that voting systems “be accessible for individuals with
disabilities, including nonvisual accessibility for the blind and visually impaired, in
a manner that provides the same opportunity for access and participation (including
privacy and independence) as for other voters” (§301(a)(3)). It requires that there be
at least one accessible system in each polling place starting in 2006, and that any
voting systems purchased with HAVA title II funds starting in 2007 be fully
accessible. It further states that properly equipped DREs will meet the accessibility
requirement. HAVA also requires that voting systems provide alternative-language
accessibility, pursuant to the requirements of the Voting Rights Act (42 U.S.C.


DREs can provide improved accessibility in several ways. They include
magnified ballots for the vision-impaired; audio ballots for blind voters and,

16 This estimate is based on data received from the Election Reform Information Project
[http://www.electionline.org], March 2004.

potentially, voters whose primary language is unwritten, or English speakers with
substantial reading difficulty; and special interfaces for physically challenged voters.
Four of the bills require that HAVA accessibility requirements be met through
use of modular voting architecture that does not require the use of paper (H.R.

2239/S. 1980, S. 2045) or does not require the voter to “view or handle paper” (S.

2313). Those bills also move the deadline for meeting accessibility requirements
from 2006 to the November 2004 federal election (they move the 2007 deadline for
all new machines purchased with title II funds ahead one year, to 2006). They
require that jurisdictions unable to comply with this requirement and using an interim
paper-ballot system provide disabled voters both the option of voting with that
system with assistance from another person, as provided for by the Voting Rights Act
(42 U.S.C. 1973aa-6), and the option to use another system providing for disability
access, if such a system is available. The bills therefore appear to provide an interim
exemption for jurisdictions from providing for voter-verifiability for disabled persons
by the November 2004 election, as required for other voters. What effect this
exemption might have on voting by disabled persons in 2004 is not clear, especially
given the requirement in the bill that all jurisdictions use VVPAT or paper-based
voting systems in that election. For example, a jurisdiction that had planned to
replace a punchcard system with DREs before November 2004 might delay
implementation and rely on punchcards for 2004 rather than attempting to add
VVPAT to the system. In such a case, assisted voting would be the only option for
blind voters in the election.
S. 1986 requires that the method of verification used guarantee accessibility for
persons with disabilities and alternative language needs, but does not specify a
particular method (see above). A memorandum opinion from the U.S. Department
of Justice states that electronic voting systems that produce voter-verifiable paper
ballots are consistent with both HAVA and the Americans with Disabilities Act (P.L.
101-336) “so long as the voting system provides a similar opportunity for
sight-impaired voters to verify their ballots before those ballots are finally cast.”17
VVPAT requires additional technology beyond the use of a printer to provide
fully accessible voting for persons with disabilities, including the blind. The four
bills requiring VVPAT for the 2004 election (H.R. 2239/S. 1980, S. 2045, and S.
2313) address this need by requiring use of a modular voting system for voters with
disabilities (but not for other voters). With such a system, one device generates the
ballot, recording it on a medium such as a memory card or paper, and another device
is used to scan and verify the ballot (and presumably to cast and count it, although
that could also be done by a third device).18 Both devices would need an audio
program and hardware that would read the ballot back to a blind voter, and other

17 Sheldon Bradshaw, Deputy Assistant Attorney General, “Whether Certain Direct
Recording Electronic Voting Systems Comply with the Help America Vote Act and the
Americans with Disabilities Act,” Memorandum Opinion for the Principal Deputy Assistant
Attorney General, Civil Rights Division, U.S. Department of Justice, 10 October 2003,
available at [http://www.usdoj.gov/olc/drevotingsystems.htm].
18 An optical scan voting system is a kind of modular system, with a pencil serving as the
ballot-generating device, and the reader as the ballot-scanning device.

features to meet other accessibility requirements such as alternative languages.
While such devices and programs exist and are in common use by persons with
disabilities, only one such system appears to be certified under the federal voting
systems standards.19
Concerns about accessibility have led some advocates for the blind to strongly
oppose the imposition of a VVPAT requirement. Those advocates express additional
concern that a VVPAT requirement would draw attention and resources away from
efforts to make voting systems more accessible and to reduce the number of votes
that are not counted or not cast as intended as a result of voter error stemming from
poor usability of voting systems. Proponents argue, in contrast, that addressing the
security issues associated with DREs is a critical need, and VVPAT is the only way
it can be done effectively.
Advocates for the disabled also have expressed concerns that voting systems
must not provide means of identifying which ballots were cast by disabled persons.
Of the four bills requiring modular voting architecture for disabled persons, three
(H.R. 2239/S. 1980, S. 2045) appear to eliminate the HAVA requirement that all20
future voting systems purchased with title II funds be accessible (§301(a)(3)(C)).
If, as a result, jurisdictions maintain a distinct voting system for persons with
disabilities, it might permit such identification.
Some observers have pointed out that underlying concerns of voting
accessibility advocates and VVPAT proponents are similar. A blind voter cannot
know that the person providing assistance is recording the votes as the voter
instructed, and VVPAT proponents argue that a voter using a DRE cannot know that
the machine is recording the votes as the voter instructed. Both sides appear to agree
that solutions are possible that would satisfy the needs of both, and major points of
contention appear to revolve around perceived differences in the relative urgency
needed to address the different concerns.
Appropriations for Voter-Verified Systems
Two bills specifically provide funding for the required voter-verified systems.
S. 2045 appropriates (but does not specifically authorize) such sums as necessary and
requires payments by the EAC to assist states in implementing the system, but not to
exceed for any state the cost of adding a printer to existing systems. S. 2313 contains

19 Election Systems and Software has made available the AutoMARK Voter Assist
Terminal, which provides accessibility and language features like a DRE but uses optical
scan ballots, with the device printing the choices made by the voter onto the ballot.
However, it does not appear to provide a means of independent voter verification for those
voters who cannot read the marked ballot. At least one other company, Populex, has
developed a modular, single-ballot system that prints a paper ballot that is read by a separate
bar-code reader. A modular system using electronic “smartcards” rather than paper has been
in use in Belgium for several years.
20 This may be inadvertent. The bills replace the language of the subparagraph with a
provision that does not include the requirement but also cites the subparagraph and moves
the deadline it currently contains, as if the intention is to retain the requirement.

similar provisions but authorizes and appropriates $150 million for the payments plus
$15 million for interim paper systems, and $15 million for implementation, improved
security, and recounts (see below for discussion of those provisions). The other bills
contain no additional authorizations to fund their voter-verification provisions.
The cost of adding VVPAT capacity to DREs is difficult to estimate. Industry
estimates have ranged from roughly $500 — $1,000 or more per machine. However,
some believe that such estimates are significantly inflated. It is also difficult to
estimate the number of DREs that would need to be fitted with printers. About
50,000 precincts may use DREs in 2004. On average, there are about 875 registered
voters per precinct.21 The number of registered voters per machine can range
substantially among jurisdictions, from as low as about 100 voters to as high as 900.
Some vendors recommend one DRE for every 250 — 400 voters, depending on local
requirements. Thus, the total cost of adding VVPAT to all existing DREs is difficult
to estimate, but could range from as low as $45 million or less to more than $200
million, not including operational and maintenance costs. For jurisdictions using
lever machines (about 25,000 precincts), the voting system would have to be
replaced. The 17 states currently using lever machines all have indicated that they
plan to replace them by the end of 2005.22 Almost all have received or expect to
receive HAVA funds to assist in the replacement. Adding VVPAT for those
jurisdictions could increase the total cost estimate for VVPAT by about 50% — $65
— 300 million altogether under the assumptions above.
Requirement for Mandatory Recounts
There are two major benefits generally cited for VVPAT. First, it gives the
voter the opportunity to verify that the ballot that is cast is the one the voter intended
to cast. Second, it provides a permanent record of such verified ballots that can be
used in a recount. Voter verification is not by itself sufficient to determine that votes
are counted as cast. It is possible, for example, that an optical scan reader could
misread a sufficient number of ballots to change the outcome of an election. If the
results are not sufficiently close or contested, a recount might not be performed. One
way to address the question of verifying the results of an election is to perform
automatic recounts for a sample of ballots. HAVA involves the EAC in studies of
recount procedures and laws but does not involve it in the performance of recounts.
Three bills require the EAC to conduct and publish the results of mandatory,
manual recounts of the voter-verified paper ballots in a small percentage of
jurisdictions in each state, for every federal contest. H.R. 2239/S. 1980 requires
“surprise” recounts of one in every 200 jurisdictions. It requires the results of the
recount to be treated in accordance with applicable law but permits citizens to appeal
to the EAC if they do not believe the law provides “a fair remedy.” S. 2045 requires

21 Estimated from data tables in Election Data Services, “New Study.” The estimate is 938
using data for 2004, 826 for 2002, and 858 for 2000, for a mean of 874.
22 Replacement plans are described in the state plans required for states applying for
payments under title II of HAVA (see Election Reform Information Project, “HAVA
Information Central,” 3 November 2003, [http://www.electionline.org/site/docs/pdf/
HAV A% 20Information%20Central.pdf]).

“unannounced” recounts. S. 2313 requires “unannounced, random” recounts of 2%
of jurisdictions. Neither of the latter two bills contains the appeal provision.
The method of implementation of the recount provisions appears to be
ambiguous. The term jurisdiction is not defined in these bills or HAVA, but given
how it is used, it likely refers to the unit of government within a state, whether
county, town, or township, that administers an election. It is not clear if, under these
bills, at least one jurisdiction per state will be subject to recount for each federal
election, or if a straight probability rule will be used. This is an issue because the
number of election jurisdictions per state varies substantially. Texas, for example,
has 254 counties. It would therefore have at least one county recounted each election
under H.R. 2239/S. 1980 and S. 2045, which require a recount of 0.5% of
jurisdictions, or 1 out of every 200, in each state. However, since there are more than
200 counties in the state, it is not clear whether 2 counties would be recounted each
election (for an actual rate of 0.8%) or just one (0.4%), or if a second county would
be recounted every four years on average (0.5%). In contrast, Maryland has 24
counties. It is not clear whether one county would be recounted each election (for an
actual rate of 4.2%) or 1 county every eight years (0.5%). A similar ambiguity
applies with respect to S. 2313, which requires a recount of 2% of jurisdictions in
each state. These ambiguities would be substantially reduced if precincts, rather than
jurisdictions, were chosen for recounts, since most states have more than 2,000
precincts. 23
As a practical matter, it is not clear how the EAC would conduct a recount in
every state, even on a limited basis. On average, the EAC would need to recount by
hand roughly 1.4 million votes per election under the first two bills, and 5.6 million
under the third. That might pose a significant logistical challenge and considerable
costs. Also, it is not clear what standard of what constitutes a vote would be used
with a given system. Under HAVA, each state is required to define “what constitutes
a vote and what will be counted as a vote for each category of voting system used...”
(§301(a)(6)). For the results of the recounts to be comparable to the original counts,
the EAC would need to use the state standards. But since states are free to adopt
different standards, the EAC would then need to use different standards in different
states. Also, some states, such as California, already do partial recounts. It is not
clear whether the EAC recount would replace such state procedures or be done in
addition to them.
At least one analysis has questioned the effectiveness with which recounts of a
small percentage of votes can detect irregularities. For example, in California, a
recount of 1% of precincts is estimated to detect a discrepancy of 0.1% fewer than
one out of four times on average for a statewide race, with far lower rates of detection
for races for the House of Representatives.24 No similar study has been done for a

23 The number of precincts per state ranges from 142 for the District of Columbia to 24,726
for California, with a mean of 3,622 and a median of 2,157. The number of jurisdictions
ranges from 1 (District of Columbia) to 1,859 (Wisconsin), with a mean of 188 and a median
of 67 (data from Election Reform Information Project, March 2004).
24 C. Andrew Neff, “Election Confidence: Comparison of Methodologies and Their Relative
Effectiveness at Achieving It”, [http://www.votehere.net/papers/ElectionConfidence.pdf],

nationwide recount, but it is likely that to be effective at detecting irregularities, a
partial recount would need to sample a much higher percentage of jurisdictions than
proposed by these bills.25
Currently, no federal executive agency counts votes in any election. The
conducting of the recount by the EAC would therefore presumably constitute a new
federal authority. Some observers may object that such authority is unconstitutional,
or at least that it runs counter to the well-established practice, reinforced by HAVA,
that states, not the federal government, administer elections.
Requirement for Open-Source Software and Prohibition of
Wireless Communications
H.R. 2239/S. 1980, S. 2045, and S. 2313 require that the software code used in
a voting system be disclosed to the EAC and made available for public inspection
(open source), that the system contain no wireless communication devices, and that
EAC-accredited laboratories certify that systems meet those requirements. S. 1986
is similar except it does not require open-source software. H. R. 4966 requires
manufacturers of voting system software to provide updated copies of the software
to states that use it, but does not require that the code be publicly disclosed. HAVA
provides for voluntary certification of voting systems, but does not include
requirements for software or for communications devices. Almost all software
currently used in voting systems is proprietary. The federal voluntary voting systems
standards (VSS) do not require open-source software and do not prohibit wireless
Open-Source Software. Some computer security experts believe that
open-source code is more secure than proprietary or closed-source code, while others
believe that closed-source code can be at least as secure.26 Voting systems currently
in use rely on closed-source code. Some observers, particularly proponents of
modular voting architecture, advocate a third approach, in which the device with
which the voter initially makes choices is closed source, to facilitate innovation in
improving usability and other aspects of the voting experience, and the device on
which votes are cast and counted uses simple open-source code, to maximize
transparency and take advantage of the security benefits of this approach.27

24 (...continued)

2 December 2003.

25 For example, if errors occurred at five out of 100 precincts, a simple mathematical
analysis predicts that recounting 1% would have a 5% chance of detecting the problem —
that is, 95 out of 100 times no problem would be detected. A 5% recount would yield only
a 30% chance of detection. It would be necessary to recount 8% to achieve a 50% chance
of discovering one of the problem precincts. To achieve a 95% chance of detecting one
problem precinct would require recounting 20%.
26 See Jeffrey W. Seifert, Computer Software and Open Source Issues: A Primer, CRS
Report RL31627, 17 December 2003.
27 See Fischer, Election Reform and Electronic Voting Systems, for more detail.

The bills requiring open-source code would resolve the issue of which approach
is more secure in favor of those advocating open source. Since the bills prohibit the
use of undisclosed software in the voting system, they would appear to foreclose
some benefits of the modular architecture approach as described above. Also, given
that some current voting systems in widespread use employ proprietary commercial
off-the-shelf (COTS) software, such as Microsoft Windows, this provision seems to
require that those systems be reengineered to use other software or that they be
withdrawn from the marketplace, since it is doubtful that a company providing
closed-source COTS software would be willing to disclose the code. Furthermore,
since a voting system using such software would not meet the requirements of
HAVA as amended by these bills, it would need to be replaced by a paper-based
system that did meet the requirements for the November 2004 election, even if the
current system met the VVPAT requirement in the bill. In addition, HAVA defines
voting system to include components other than those in the voting machine per se,
such as the computer code used to define ballots and to make materials available to
the voter. Such components are part of all voting systems and probably use
proprietary software (operating systems, word processors, database software, and so
forth) in all cases. Therefore, it is possible that all voting systems currently in use in
the United States — except hand-counted paper-ballot systems where the ballot is not
generated with the aid of a computer — would fail to meet the open-source
requirement in the bills.
It is also not clear what impact an open-source requirement would have on the
marketplace for voting systems. While it may draw in new companies that specialize
in using open-source code, and provide new opportunities for innovation, it could
also cause some current voting system manufacturers to withdraw from the
marketplace, especially if they believed that revealing the code of their systems
would substantially reduce the competitiveness of their products.28 These potential
problems could presumably be addressed by more precise language relating to what
components of what voting systems the open-source requirement applies.
Wireless communications. The use of wireless communications in
computer systems provides unique risks with respect to attack by hackers and
therefore requires special attention with regard to security. Some observers believe
that voting systems should not use wireless communications, because of those
potential security risks, while others believe that such communications can be made
sufficiently secure. However, any mode of electronic communication — by modem,
Internet, or memory card, as well as wireless — provides potential points of attack
for a voting system; but some means of communication is required. Many computer
experts would argue that proper use of cryptographic methods would provide more
security than prohibition of any one mode of communication, but that if wireless
communication were to be prohibited, then Internet and possibly even modem
communications should be as well. Nevertheless, wireless communication is

28 If the reason for loss of competitiveness were security vulnerabilities that were revealed
as a result of the disclosure, the withdrawal might be warranted, but if what would be
revealed were legitimate intellectual property such as innovations in the user interface, then
withdrawal might reduce the opportunity for further innovation.

arguably the least secure by far of the three, and the EAC recommends that it not be
used. 29
Voting System Security and Testing Requirements
It is generally accepted that security should involve a focus on three elements:
personnel, technology, and operations.30 The personnel element focuses on a clear
commitment by leadership, appropriate roles and responsibilities, access control,
training, and accountability. The technology element focuses on the development,
acquisition, and implementation of hardware and software. The operations element
focuses on policies and procedures.
Both Maryland and Ohio have undertaken studies of the security of DREs.31
While the studies took different approaches and examined different aspects of DRE
security, they addressed aspects of the above elements, and each found concerns in
whatever areas of security it examined. Those included computer software and
hardware, and security policies and procedures, including personnel practices, along
the supply chain from the manufacture of the machines to their use in the polling
place. The studies made specific recommendations for addressing the risks and
concerns identified, with many of the recommendations relating to operations and
HAVA contains no explicit requirements relating to those elements with regard
to the development, manufacture, and deployment of voting systems. It does require
technological security measures for state voter-registration lists (see below), and the
auditability requirement for voting systems can be an important security control.

29 Election Assistance Commission, “Issues and Shared Practices in Administration
Management and Security for All Voting Systems,” 9 August 2004,
[ ht t p: / / www.eac.gov/ bp/ avs.asp] .
30 National Security Agency (NSA), “Defense in Depth: A Practical Strategy for Achieving
Information Assurance in Today’s Highly Networked Environments,” NSA Security
Recommendation Guide, 8 June 2001, available at [http://nsa2.www.conxion.com/support/
31 Science Applications International Corporation (SAIC), “Risk Assessment Report:
Diebold AccuVote-TS Voting System and Processes” (redacted), SAIC-6099-2003-261, 2
September 2003, [http://www.dbm.maryland.gov/DBM%20Taxonomy/Technology/Policies
% 2 0 & % 2 0 P ublications/State%20V oting% 20Sys tem% 20Report/stat e V o t i n gS ys t e mR e p o
rt.html]; Maryland Department of Legislative Services, “A Review of Issues Relating to the
Diebold AccuVote-TS Voting System in Maryland,” January 2004,
[http://mlis.state.md.us/Other/ voting_system/final_diebold.pdf]; Maryland Department of
Legislative Services, “Trusted Agent Report:Diebold AccuVote-TS Voting System,”
prepared by RABA Technologies Innovative Solution Cell, 20 January 2004,
[http://mlis.state.md.us/Other/voting_system/trusted_agent_report.pdf]; Ohio Secretary of
State, “DRE Security Assessment, Vol. 1, Computerized Voting Systems, Security
Assessment: Summary of Findings and Recommendations,” prepared by InfoSENTRY, 21
November 2003, [http://www.sos.state.oh.us/sos/hava/files/InfoSentry1.pdf]; Ohio
Secretary of State, “Direct Recording Electronic (DRE) Technical Security Assessment
Report,” prepared by Compuware, 21 November 2003,
[http://www.sos.state.oh.us/sos/hava/files/ compuware.pdf].

S. 1986 requires that voting systems adhere to security requirements at least as
stringent as those for federal computer systems and requires that EAC-accredited
laboratories certify that systems meet those requirements. S. 2045 requires that,
beginning with the November 2004 election, voting system manufacturers conduct
background checks on programmers and developers, document the chain of custody
for software, and implement security procedures and meet other requirements
established by the Director of the National Institute of Standards and Technology
(NIST); it also prohibits transmission of computer code for voting systems over the
Internet and alteration of codes without recertification. The requirements in S. 2313
are similar to those in S. 2045 except the requirement for background checks is
omitted, and the effective date is January 1, 2006.
H.R. 4966 requires that manufacturers of voting system software provide the
EAC with updated information about the identification of persons involved in writing
the software, including information about any convictions for fraud. It also requires
that a state test each voting machine used in an election, to ensure that the software
is operating correctly, within 30 days before the election and at least once on election
day. HAVA provides for but does not require the testing of voting systems.
H.R. 4187 requires that the voluntary voting system guidelines required by
HAVA include provisions on security of data transmission and receipt. The
guidelines, to be developed by the EAC and supporting bodies, will replace the VSS,
which do contain several provisions relating to this matter. HAVA establishes the
VSS as the initial set of guidelines. HAVA does not direct the EAC to include any
specific issues in the guidelines, although NIST is directed to provide technical
support with respect to security, protection and prevention of fraud, and other
matters. In the debate on the House floor before passage of the conference agreement
on October 10, 2002, a colloquy32 stipulated an interpretation that the guidelines
specifically address the usability, accuracy, security, accessibility, and integrity of
voting systems.
Certification of Security for Voter Registration Lists
HAVA currently requires jurisdictions to provide “adequate technological
security measures” to prevent unauthorized access to computerized state voter
registration lists. H.R. 2239/S. 1980, S. 2045, and S. 2313 require the EAC to certify
the adequacy of those measures. The method by which the EAC is to perform the
certification is not specified. HAVA currently gives the EAC authority to accredit
laboratories that can certify voting systems (see below), but the use by states of such
systems is voluntary. The provisions therefore give the EAC new authority. While
the required certification may result in improved security, some may object to
providing such authority to the federal government over the administration of
elections by states.

32 Congressional Record, daily ed., 148: H7842.

Certification of Voting Systems
Under HAVA, the certification of voting systems is not a federal requirement
but is voluntary. Accredited independent testing laboratories (ITAs) test computer-
assisted voting system hardware and software to determine compliance with the
guidelines (there are currently no federal standards for lever machines and hand-
counted paper-ballot systems). Systems deemed to comply receive certification.
Most states have adopted the standards or require testing against them.33 However,
the standards and certification process have been somewhat controversial. The VSS
have been criticized for inadequately addressing usability, security, administrative
procedures and practices, performance in actual use, voter registration systems, and
other aspects of election administration.34 Some also believe that the current system
of ITAs has created bottlenecks in certifying new systems and that more certified
testing laboratories are needed.35 Some critics also point out that most of the
weaknesses and problems found with the software and hardware used in DREs and
other computer-assisted voting systems occurred in systems that had been certified
by ITAs.
S. 2313 requires states to use voting systems certified by the EAC as meeting
HAVA §301 requirements. Alternatively, they may use an interim paper-ballot
system or apply to the EAC for a waiver. The method by which the EAC is to
perform certification is not specified. HAVA distinguishes between the guidelines
(§221), which will replace the VSS, and guidance (§312), which the EAC will
develop to assist states in meeting the requirements. The act does not specify what
the relationship should be between the two, nor do the testing and certification
provisions in §231 explicitly state the relationship of testing and certification to either
the guidelines or guidance. However, a reasonable interpretation is that voting
systems will be tested and certified against the guidelines, since they replace the
Some critics have expressed concerns about relationships between some36
organizations involved in the certification of voting systems and manufacturers.
H.R. 4966 requires that laboratories accredited by the EAC to test and certify voting
systems adhere to standards, to be established by the EAC, for avoiding financial and
other conflicts of interest. HAVA currently contains no provisions relating to
conflict of interest.

33 Federal Election Commission, “Frequently Asked Questions about Voting System
Standards,” 18 May 2001, available at [http://www.fec.gov/pages/faqsvss.htm].
34 See, for example, comments submitted on the draft revision to the VSS, available at
[http://www.fec.gov/pages/vss/comments/comments.html], 17 September 2002. See also
Fischer, Election Reform and Electronic Voting Systems.
35 National Institute of Standards and Technology is developing a new laboratory
accreditation program, as required by HAVA.
36 Linda K. Harris, “Group That Called Electronic Vote Secure Got Makers’ Aid,” The
Philadelphia Inquirer, 25 March 2004, p. A2.

Posting of Information Regarding Administrative Complaint
HAVA requires that certain information be publicly posted at each polling place
on election day, including a sample ballot, polling place hours, instructions for those
required to show ID to vote, voting rights under federal and state law, and
prohibitions on fraud and misrepresentation under federal and state law (§302(b)).
HAVA also requires that each state receiving HAVA funds establish a program
whereby persons can file a complaint regarding compliance with the title III
requirements and follow specified procedures for handling the complaint (§402).
However, the act does not require that information on the availability of that
complaint procedure be posted. H.R. 4966 requires that the posted voter information
include the availability of §402 administrative complaint procedures for those who
believe that equipment is malfunctioning or that HAVA requirements are not being
Deadline for Compliance
The deadline for compliance with most HAVA requirements is January 1, 2006.
The exceptions are the provisional voting and voter information requirements of
§302 and the voter identification requirements of §303, which went into effect
January 1, 2004; and the accessibility requirement for new voting systems in §301,
which go into effect January 1, 2007.
H.R. 2239/S. 1980 and S. 2045 move the deadline for all HAVA voting system
requirements in §301 (as modified by these bills), from January 1, 2006, to the
November 2004 federal election, and move up by one year, to January 1, 2006, the
date by which all new voting systems purchased with title II funds are required to
meet the act’s accessibility requirements. S. 2313 moves to the November 2004
election the deadline for meeting §301 requirements (as modified by the bill), for
error correction, voter verification and auditing, provision of at least one fully
accessible voting system per polling place, instruction of election officials on
assistance to voters, and open source software and the prohibition on the use of
wireless communications; other requirements go into effect January 1, 2006. H.R.
4966 requires the EAC to adopt voluntary voting system guidelines regarding the
software requirements in the bill by January 1, 2006; and standards on conflict of
interest for accredited laboratories by the same date. Many observers believe that too
little time remains before the November election for states to meet VVPAT or other
new requirements, should any of these bills be enacted. Some have even expressed
concerns about the ability of states to meet the current 2006 requirements under
Best Practices
Many issues of concern with respect to the November 2004 election might be
addressed to a significant extent through improvements in practices that could be
implemented before the election. They include such issues as ballot design, voter
error, the accuracy of counts, and security. Several observers have suggested that a

specific set of best practices should be developed, and the EAC has issued a best
practices “tool kit.”37
H.R. 2239/S. 1980, S. 2045, and S. 2313 require the EAC to “study, test, and
develop best practices to enhance accessibility and voter-verification mechanisms for
disabled voters.” HAVA includes accessibility, accuracy, security, and equal
opportunity among the goals for the periodic studies required under §241, and §245
requires a study of electronic voting, which may include “the appropriate security
measures required and minimum standards for certification of systems or
technologies in order to minimize the potential for fraud in voting.” The act does not
include any provisions specifically relating to the study of voter verification for either
disabled or any other voters. It does require the development of best practices in
certain areas: recounts (§241(b)(13)(B)) and facilitating military and overseas voting
The term best practices is often used in business and government, but is rarely
well characterized. It often refers to strategies, policies, procedures, and other
action-related elements that are generally accepted as being the most successful or
cost-effective for meeting a specified set of goals. Unfortunately, there does not
appear to be any overall agreement on how a best practice should be identified.
Ideally, perhaps, it would involve a set of practices that were empirically and
objectively demonstrated to be the best among various alternatives for achieving a
stated set of goals. That is rarely achieved, and more often best practices are the
result of a consensus process involving selected experts. Such an approach can be
effective, but in the absence of empirical comparisons, there is the risk of a gap
between what is generally perceived to be a best practice and what in fact would be
best. Therefore, the utility of the sets of practices required by the bills would depend
to a significant extent on the methods by which they were developed.
Security Consultation Services
Few election officials are well-versed in security procedures and other controls,
and HAVA contains no mechanisms to assist them in that regard. S. 1986 and S.
2313 require NIST to provide security consultation services to state and local
jurisdictions and authorize $2 million per year through FY2006 for that purpose.
NIST currently provides assistance to federal agencies in improving their information38
security programs. NIST provides some assistance to states and local governments,
for example in weights and measures and computer forensics investigations.39

37 Election Assistance Commission, “Best Practices in Administration, Management and
Security in Voting Systems and Provisional Voting: A Tool Kit for Election Administrators
and Stakeholders,” 9 August 2004, [http://www.eac.gov/bp].
38 See, for example, NIST, “Program Review for Information Security Management
Assistance,” 10 March 2004, [http://prisma.nist.gov].
39 See NIST, “About Weights and Measures Division,” 4 December 2002,
[http://ts.nist.gov/ts/htdocs/230/235/owm_about.htm]; NIST, “National Software Reference
Library (NSRL),” 30 March 2004, [http://www.itl.nist.gov/div897/docs/nsrl.html].

Report to Congress
HAVA requires the EAC to report to Congress on a wide range of subjects. In
addition to an annual report, periodic reports are required on a wide range of election
administration topics, and specific reports are required on best practices for
facilitating military and overseas voting, human factors research relating to voting,
voters who register by mail, the use of Social Security information in election
administration, electronic voting and the electoral process, and free absentee ballot
H.R. 2239/S. 1980 requires the EAC, in consultation with NIST, to report to
Congress regarding a proposed security review and certification process for all voting
systems. It also requires the Government Accountability Office (GAO) to issue a
report to Congress on the operational and management systems that should be used
to safeguard the security of voting systems, and a schedule for implementation. S.
2313 requires an identical security review study as S. 1986, but also requires it to
include a description of the voting system certification process required by §231 of
HAVA. S. 2313 also requires a similar report on operational and management
systems as S. 1986, but requires that in addition the report examine such systems for
federal elections generally and security standards for manufacturers, and that the
report be done by the EAC rather than GAO.
Extension of Title I Payments
HAVA requires that title I funds returned and unobligated as of September 1,
2003, be transferred from GSA to the EAC and be used for title II requirements
payments (§104(c)(2)). All appropriated title I funds have been distributed.40 The
act also required that states receiving title I payments to replace punchcards and lever
machines were to request a waiver by January 1, 2004, if they were unable to replace
the systems before November 2, 2004 (§102(a)(3)(B)). H.R. 2239/S. 1980 would
have extended the deadline for requesting payments under title I of HAVA to
November 2003; S. 2045 extends the deadline to November 2, 2004. S. 2313 would
have extended to August 1, 2004, the waiver deadline for the punchcard and lever
machine replacement program. Seven of the 30 states that received replacement
funds did not apply for a waiver.41
Repeal of EAC Contracting Exemption
HAVA (§205(e)) exempts the EAC from requirements to advertise when
procuring supplies and services (41 USC 5). H.R. 2239/S. 1980, S. 2045, and S.

2313 repeal that exemption.

40 See EAC, “Early Money to States: GSA Statistics,” 28 July 2004,
[ h t t p : / / www.eac.go v/ gs a_st at s_ear l y_money.asp] .
41 Those states are Alabama, Arizona, Florida, Georgia, Maryland, Oregon, and South

Effective Date
H.R. 2239/S. 1980 stipulates that provisions in the bill will take effect as if they
had been included in HAVA when it was enacted, except that the repeal of the
contracting exemption will be effective upon enactment of the bill. S. 1986, H.R.

4187 and S. 2437 are similar except they do not include the contracting provision.

S. 2045 is also similar to H.R. 2239/S. 1980, but also stipulates that the security
requirements in the bill will apply to voting systems in use beginning November 2,
2004. H.R. 4966 stipulates that provisions in the bill will take effect with the
November 2006 federal election except as otherwise specified.
The bills discussed in this report would all increase the federal role in the
administration of elections, some of them substantially. HAVA does not specifically
require any particular method of voting or prohibit any particular type of voting
system (see for example §301(c)), nor does it give the EAC any explicit authority or
operational role in the administration of elections. It leaves methods of complying
with the requirements of title III to the states (§305). Federal guidelines and
certification of voting systems remain voluntary under HAVA.
Several of the bills discussed in this report, in contrast, would significantly
change those aspects of HAVA, by, for example, effectively prohibiting any voting
system that does not use or produce a paper ballot, requiring that only EAC-certified
voting systems be used or that the EAC certify the security of state computerized
voter-registration lists, or requiring the EAC to perform recounts of a portion of
election results in each state. While Congress has the authority to regulate federal
elections, some of the proposed provisions might be subject to legal challenge.
While potential impacts of these bills, if enacted, on the implementation of
HAVA are difficult to assess, there are at least four potential areas of impact: the
administration of the November 2004 and subsequent elections, the costs of
complying with the provisions of the bills, effects on accessibility provisions of
HAVA, and potential impacts on the marketplace. These potential impacts have been
discussed to some extent above and are summarized here.
!Moving up deadlines would have the potential benefit of
accelerating compliance with HAVA requirements. However, to the
extent that states have developed and are implementing plans in
response to the current deadlines, such changes could be disruptive.
Furthermore, many of the changes to HAVA requirements contained
in the bills would also require significant changes to current state
plans and activities. Because elections are complex to administer,
such changes could have unpredictable and possibly negative effects.
!The bills could add significantly to the costs of implementing
HAVA. Implementing the VVPAT provision alone could cost
several hundred million dollars. Other costs are more difficult to
estimate but could be substantial.

!The VVPAT requirement and related provisions could slow the
adoption of DREs and therefore impede the development of fully
accessible voting in the United States. However, its actual likely
impact is difficult to assess. At the same time, several of the bills
accelerate adoption of fully accessible voting systems by moving up
deadlines for their deployment.
!If the provisions in several bills caused significant changes in the
voting industry, more jurisdictions might be required to change
voting systems because of withdrawal of some manufacturers from
the marketplace. That could disrupt the implementation of state
plans and increase costs. At the same time, however, such changes
to the industry might open opportunities for innovative companies
to enter the market. For example, the VVPAT requirement might
increase market demand for modular-architecture, document-ballot
systems in lieu of parallel-ballot DREs. That may be likely under
some of the bills, given that all new voting systems would have to
use modular voting architecture for disabled voters beginning in
2006. In the longer term, the VVPAT requirement could result in
greater uniformity of state voting systems, with attendant benefits
and risks, but it could also impede the development of new, superior
approaches to voting, some of which are currently in development.42
With a short time remaining until the November 2004 election, several of the
issues addressed by the bills discussed in this report may be expected to persist
beyond it. Close scrutiny of the election by the media and public interest groups is
anticipated. Prospects for further consideration of the provisions in these bills after
the election, by the 108th or 109th Congress, is likely to depend in part on the results
of that scrutiny.

42 See Fischer, Election Reform and Electronic Voting Systems.

Side-by-Side Comparison of Bills in the 108th Congress on the Security of Electronic Voting Systems
S. 1986S. 2045S. 2313H.R. 4187S. 2437H.R. 4966
uirement for voter-verified ballot
odifiesSec. 2(a) modifiesSec. 2(a) provisionsSec. 2(a)(1)Sec. 2(a) modifiesSec. 2(a) containsno provision
§301(a)(2) toare identical tocontains similar§301(a)(2) tosimilar
lp America Voterequire that votingthose in H.R.requirements torequire that votingrequirements to
systems provide a2239/S. 1980, butthose in S. 2045.systems provide anthose in H.R.
A) to requiremeans for a voter toadditionallyauditable paper2239/S. 1980 but
oting systemsverify his or herprohibits the use ofrecord that the voteralso requires
oter-vote, that votersthermal paper foruses to verify thatelectronic records to
rified paperhave the option tothe paper record.votes are asbe “consistent” with
iki/CRS-RL32526anualcorrect errorsintended, andthe paper records.
g/w that arebefore the ballot isprovide the
s.oralent orcast, and that thoseopportunity to
leakverified votes becorrect errors before
://wikistems,”the official recordsfor any recount. the vote is cast; andthat the paper
httpents be theRequires the use ofrecord serve as the
the most accuratepermanent record of
recount, andtechnology, whichthe votes.
oters have themay or may not beSec. 2(b) prohibits
paper-based. removal of the
paper record from
the polling place
other than by an
election official.
r Verification for Voters with Disabilities and Languages other than English
Sec 2(a) requiresSec. 2(b) and (c)Sec. 2(b) and (c)no provisionno provisionno provision

oting systemsthat the votingcontain similarcontain similar

S. 1986S. 2045S. 2313H.R. 4187S. 2437H.R. 4966
system berequirements torequirements to
accessible forthose in Sec. 4(b) ofthose in Sec. 4(b) of
ents ofvoters withH.R. 2239/S. 1980.H.R. 2239/S. 1980.

A (§301(a)(3))disabilities as
ide for voterrequired by
rifiability of§301(a)(3)(A) of
h aHAVA and for
eans not requiringvoters using a
language other than
ote- generationEnglish as required
ote- castingunder the Voting
Rights Act.
iki/CRS-RL32526ting system
g/wnown as modular
s.orting architecture).
leakides an
e for
://wikirisdictions that are
ent in time
risdictions must
ide, for the
oter to use
stem that the
ter can use with

S. 1986S. 2045S. 2313H.R. 4187S. 2437H.R. 4966
instructed in
hts of such
ters in that
ard, and (2) a
stem without
ter verification
eets the
leaknuary 1, 2006.
://wikiterim Paper System
no provisionSec. 4(b) containsSec. 4(b) containsno provisionno provisionno provision

requirements torequirements to
ply withthose in Sec. 5(b) ofthose in Sec. 5(b)
A §301H.R. 2239/S. 1980and 3(d)of S. 2045
ents byexcept it includes aexcept it
ember 2004, thecertificationspecifically
ssistancedeadline (July 1,includes federal
mission (EAC)2004), and specifieselections in 2005 as
ide thethat the EAC willwell as 2004. It
Creimbursealso permits states
jurisdictions for therequired to use an
based systemcosts ofinterim paper
AC willimplementing ansystem to apply for

S. 1986S. 2045S. 2313H.R. 4187S. 2437H.R. 4966
to complyinterim papera waiver if
system.compliance is
ents forSec. 3(d) contains“technologically
similar impossible.”
requirements to
statethose in Sec. 2(d) of
ing a title IH.R. 2239/S. 1980.
ment to replace
ting systems and
iki/CRS-RL32526ent to 2006
s.orbased voting
leakstem for the
ember 2004
propriations for Voter-Verified Systems
isionno provisionSec. 2(d)Sec. 9 containsno provisionno provisionno provision

appropriates suchidentical provisions
sums as necessaryto Sec. 2(d) of S.
and requires2045 except it
payments by theauthorizes and
EAC to assist statesappropriates $150
in implementing themillion for the
required voter-payments plus $15
verified system, butmillion for interim
not to exceed forpaper systems and
any state the cost of$15 million for
adding a printer toimplementation,

S. 1986S. 2045S. 2313H.R. 4187S. 2437H.R. 4966
existing systems toimproved security,
meet theand recounts.
uirement for Mandatory Recounts
no provisionSec. 6 containsSec. 7 containsno provisionno provisionno provision
requirements torequirements to
those in Sec. 7 ofthose in Sec. 7 of S.
ery 200H.R. 2239/S. 19802045 except it
risdictions (0.5%)except it does notrequires “random”
iki/CRS-RL32526erseas and toinclude the appealprovision.recounts of 2% ofjurisdictions.
its any “citizen
C if they believe
ide a fair
uirement for Open-Source Software and Prohibition of Wireless Communications
Sec. 3 prohibits theSec. 2(a) provisionsSec. 2(c)no provisionno provisionSec. 2(a) requires
areuse of wirelessare identical torequirements aremanufacturers of
devices in votingthose of Sec. 4(a) ofsimilar to those ofvoting system

S. 1986S. 2045S. 2313H.R. 4187S. 2437H.R. 4966
ting system besystems andH.R. 2239/S. 1980.Sec. 4(a) of H.R.software to provide
requires that2239/S. 1980.a state using the
adeEAC-accreditedsystem with an
ailable for publiclaboratories certifyupdated copy of the
that systems meetsoftware.
that requirement.
stem contain no
ices, and
stems meet
iki/CRS-RL32526e nts.
s.orng System Security and Testing Requirements
isionSec. 3 modifiesSec. 7 requires that,Sec. 2(c)Sec. 2(c) requiresno provisionSec. 2(a) requires
://wiki§301(a) of HAVAbeginning with therequirements arethat the Voluntarythat manufacturers
httpto require thatNovember 2004similar to those inVoting Systemof voting system
voting systemselection, votingSec. 7 of S. 2045Guidelines requiredsoftware provide the
adhere to securitysystemexcept theby Sec. 221(b) ofEAC with updated
requirements atmanufacturersrequirement forHAVA includeinformation about
least as stringent asconduct backgroundbackground checksprovisions onpersons involved in
those for federalchecks on program-is omitted, and thesecurity of datawriting the software,
computer systemsmers andeffective date istransmission andincluding
and requires thatdevelopers,January 1, 2006.receipt.information about
EAC-accrediteddocument the chainany convictions for
laboratories certifyof custody forfraud.
that systems meetsoftware, andIt also requires that
that requirement.implement securitya state test each
procedures andvoting machine used
meet other require-in an election, to
ments establishedensure that the

S. 1986S. 2045S. 2313H.R. 4187S. 2437H.R. 4966
by the Director ofsoftware is
the Nationaloperating correctly,
Institute ofwithin 30 days
Standards andbefore the election
Technology (NIST);and at least once on
also prohibits trans-election day.
mission of
computer code for
voting systems over
the Internet and
alteration of codes
iki/CRS-RL32526 recertification.
s.orfication of Security for Voter Registration Lists
odifiesno provision Sec. 5 contains aSec. 5 is identical tono provision no provision no provision
://wikisimilar requirementSec. 5 of S. 2045.
httpA to requireas Sec. 6 of H.R.
AC to certify2239/S. 1980.
istration lists.
ication of Voting Systems
no separateno separateSec. 4(b) requiresno provisionno provisionSec. 3(a) requires
ision, but Sec.provision, but Sec.provision, but Sec.states to use votingthat laboratories
3(a) requires that2(a) requires thatsystems certified byaccredited by the
ting systemvoting systemvoting systemthe EAC as meetingEAC to test and

S. 1986S. 2045S. 2313H.R. 4187S. 2437H.R. 4966
are be certifiedsoftware besoftware beHAVA §301certify voting
eetingcertified as meetingcertified as meetingrequirements, or ansystems adhere to
ents of thatrequirements of thatrequirements of thatinterim paper-ballotstandards for
section. no generalsection. no generalsystem, or to applyavoiding conflicts of
provisionprovisionto the EAC for ainterest to be
waiver. established by the
sting of Information Regarding Administrative Complaint Procedures
isionno provisionno provisionno provisionno provisionno provisionSec. 4 requires that
the information
iki/CRS-RL32526posted in the pollingplace under HAVA
s.or§302(b) include the
leakavailability of
://wiki complaint
httpprocedures required
by §402 for those
who believe that
equipment is
malfunctioning or
that HAVA
requirements are not
being followed.
adline for Compliance
oves theno provisionSec. 4(a) is identicalSec. 3 moves tono provisionno provisionSec. 2(b) requires
to Sec. 5(a) of H.R.November 2004 thethe EAC to adopt
A voting2239/S. 1980. deadline for HAVAvoluntary voting
stemSec 2(b) is similarrequirements, assystem guidelines

S. 1986S. 2045S. 2313H.R. 4187S. 2437H.R. 4966
ents into Sec. 4(b) of H.R.modified, for errorregarding the
January2239/S. 1980.correctionsoftware
(§301(a)(1)), voterrequirements in Sec.
ember 2004verification and3(a) by January 1,
auditing (2),2006.
provision of at leastSec. 3(b) requires
oves up by oneone fully accessiblethe EAC to establish
anuary 1,voting system perstandards regarding
polling placethe requirements in
ich all new(3)(B), instructionSec. 3(a) by January
ting systemsof election officials1, 2006.
on assistance to
iki/CRS-RL32526A are requiredvoters (8), open
g/weet the act’ssource software (9)
s.orand the prohibition
leakents. on the use of
://wiki communications
http (10).
no provisionSec. 2(e) requiresSec. 8 requires anno provisionno provisionno provision

AC to “study,an identical study asidentical study as
elopSec. 4(c) of H.R.Sec. 4(c) of H.R.

2239/S. 1980. 2239/S. 1980.

echanisms for

S. 1986S. 2045S. 2313H.R. 4187S. 2437H.R. 4966
rity Consultation Services
isionSec. 3(a) requiresno provisionSec. 10(2) containsno provisionno provisionno provision
NIST, upona similar
enactment, torequirement to Sec.
provide security3(a) of S. 1986.
services to state and
local jurisdictions
and authorizes $2
million per year
through 2006 for
iki/CRS-RL32526that purpose.
s.orort to Congress
leakisionSec. 3(a) requiresno provisionSec. 10 requires anno provisionno provisionno provision

://wikithe EAC, inidentical security
httpconsultation withreview study as Sec.
NIST, to report to3(a) of S. 1986, but
Congress within sixalso requires it to
months afterinclude a
enactmentdescription of the
regarding avoting system
proposed securitycertification process
review andrequired by §231 of
certification processHAVA;
for all votingSec. 10 also
systems; requires a similar
it also requires thereport on
Governmentoperational and
Accountability ma n a g e me n t
Office (GAO) tosystems as Sec. 3(a)

S. 1986S. 2045S. 2313H.R. 4187S. 2437H.R. 4966
issue a report toof S. 1986, but
Congress (unlessrequires that in
the EAC hasaddition the report
already done so),examine such
within three monthssystems for federal
after enactment, onelections generally
the operational andand security
managementstandards for
systems that shouldmanufacturers, and
be used tothat the report be
safeguard thedone by the EAC.
security of voting
iki/CRS-RL32526systems, and a
g/wschedule for
Title I Payments
httpno provisionSec. 3(a) and (b)Sec. 4(a) extends tono provisionno provisionno provision

eextend the deadlineAugust 1, 2004, the
for requesting title Ideadline for
payments torequesting an
paymentsNovember 2, 2004. extension of the
ofSec. 3(c) extendsdeadline for
A tothe authorizationreplacing punch
ember 2003. period forcard and lever
appropriationsmachine voting
ationunder title I throughsystems.
FY2005 and
extends the date on
towhich unobligated
and returned title I
efunds would be

S. 1986S. 2045S. 2313H.R. 4187S. 2437H.R. 4966
transferred to the
atedEAC to January 1,


C for use in
ments to January
EAC Contracting exemptions
iki/CRS-RL32526A,no provisionSec. 8 is identical toSec. 3 of H.R.Sec. 6 is identical toSec. 3 of H.R.no provisionno provisionno provision
s.orides the2239/S. 1980.2239/S. 1980.
leakC with an
ption from a
://wikive r n me n t
ffective Date
Sec. 4 is similar toSec. 9 is similar toSec. 11 is similar toSec. 3 is similar toSec. 2(b) is similarSec. 5 stipulates that
isions in theSec. 8 of H.R.Sec. 8 of H.R.Sec. 8 of H.R.Sec. 4 of S. 1986. to Sec. 4 of S. 1986.provisions in the bill
ill take effect2239/S. 1980 but2239/S. 1980, but2239/S. 1980.will take effect with
had beendoes not include thealso stipulates thatthe November 2006
Acontractingthe securityfederal election
n it wasexemption.requirements inexcept as otherwise
Sec. 7 will apply tospecified.

voting systems in
use beginning
ption will beNovember 2, 2004.

S. 1986S. 2045S. 2313H.R. 4187S. 2437H.R. 4966
e upon
ent of the