Posted on June 9, 2023 (June 14, 2023) Election Protection Share: On June 7, 2023, Free Speech For People submitted public comments to the U.S. Election Assistance Commission (EAC) on the federal Voluntary Voting System Guidelines (VVSG) 2.0. Although these federal standards for electronic voting systems are “voluntary” under federal law, many state agencies that certify equipment and software for use in their states rely heavily on these guidelines. In February 2021, the EAC voted to adopt a new set of voting system standards, the VVSG 2.0. (Though the new standards have been adopted, voting systems continue to be tested and certified to the original standards VVSG 1.0, which were drafted in 2005.) The EAC has implemented a policy to provide a regular public comment period every year to solicit feedback on the VVSG 2.0, and to inform decisions as to when it may be necessary to update the guidelines. Free Speech For People’s comments focused on several deficiencies in VVSG 2.0, including a flawed penetration testing program. Penetration testing is an authorized simulated attack performed on a computer system to evaluate its security. While we support this type of security testing on voting systems, the EAC’s penetration testing program is deeply flawed. In particular, we explained: “…the tests and results are not public, and there are no requirements to remedy security vulnerabilities that may be uncovered in the process of the penetration testing. In other words, penetration testing may reveal severe security vulnerabilities, but as long as a system conforms to the VVSG 2.0 requirements and test assertions, it can receive full EAC Certification. Further, there is no mechanism through the testing and certification program to pressure vendors to remedy the vulnerabilities before a system version is upgraded, so these vulnerabilities may persist from version to version of a voting system that is certified.” Our comments also addressed, among other issues, the EAC’s continued allowance of wireless networking capability. The secretive process by which the EAC met privately with voting system manufacturers and agreed to allow wireless modems in voting machines is the subject of our ongoing litigation against the EAC. Read the full set of comments here.