So, what happened? This.
For a bit more color on things…
The Travis County STAR-Vote RFP had five mandatory components: (1) voting system, (2) ballot box, (3) red team, (4) UX team, (5) existing certified vendor must modify their Election Management System (EMS) to work with STAR-Vote.
My company, Free & Fair, submitted a bid for #1 and #2, some of the best red teams in the world submitted a bid for #3, and the best UX teams in the world submitted a bid for #4.
Unfortunately, and unsurprisingly, the existing vendors did not submit bids that were compliant with the RFP for #5—instead they submitted bids that said “STAR-Vote is a Bad Idea, buy our system instead”, so the County Commissioners cancelled the entire RFP. How do we know this? We filed a FOIA request.
If you’d like to see what the future of End-to-End Verifiable Voting might look like, have a look at our STAR-Vote proposal, linked below. Yes, we do, in fact, make all of our software and proposals public.
It’s because they’re using technology to solve a people/political problem. The problem is these companies are powerful enough to deliver garbage on a regular basis for high profit with no liability for its problems. The fix for that will be in government. Most likely avenues are requirements changes in Congress that guarantees their favored groups continued profits if they meet certain requirements and/or lawsuits hitting them for knowingly producing/selling defective parts.
Then, they’ll have a financial reason to improve their offerings. Then it will happen or new suppliers will show up. Until then, they can stall or squash efforts like these most of the time since they represent only a tiny, financial hit.
New manufacturers have occasionally shown up over the years. Unfortunately, they nearly always get litigated out of existence or get bought and shutdown by an existing vendor.
There are still only five-ish vendors that matter in the USA: ES&S, Hart-Intercivic, Dominion Voting, Unisyn, and Clear Ballot Group.
Smartmatic is starting to break into the US market by virtue of winning L.A. County’s VSAP project. That’s a whole ’nother can of worms…
See http://vsap.lavote.net/ for more information.
Too much hand waving and not enough traction.
I TAed and wrote curriculum for Dan Wallach’s undergrad security class a couple years ago. He is doing good work that needs to be done but has to deal with too many people who don’t understand that this stuff is important. Some of these people need to spend a day in the DEF CON voting village. :-(
We had a bunch of election officials there this year. Our main panel included several notable national figures at the intersection of politics, elections, and cybersecurity. See https://defcon.org/images/defcon-26/voting-village-schedule.pdf for more information.
Next year’s Voting Village will be significantly larger and more interesting and impactful than this year.