The State of California, concerned with questions about Smartmatic’s acquisition of Sequoia, commissions an independent Source Code Review of the Sequoia Voting System.

The results, contained in the link below, are published in October. The Source Code Review panel is made up of the following experts:

“We have found that the documentation for the Sequoia voting system is incomplete,” a California state panel concludes as part of its “bottom-up review” of electronic voting vendors.

“The documentation, taken as a whole, fails to provide evidence that all applicable requirements of the Voting System Standards (VSS) were tested during the system’s qualification tests. The incompleteness of the documentation in this regard is particularly acute for WinEDS; the Independent Testing Authorities (ITA) report for that component does not state with specificity which requirements were tested. The other ITA reports provide this specificity but do not detail the tests that they used to determine compliance with the standards. Finally, documentation for the course of testing the AVC Edge is highly incomplete.”

Security problem: “Finally, we found that the documentation does not provide sufficient procedures for handling removable media—particularly re-writable media—in highly security-sensitive facilities, such as central counting and tallying facilities.”

Source:
1. votingsystems.cdn.sos.ca.gov/oversight/ttbr/sequoia-doc-final.pdf
2. https://votingsystems.cdn.sos.ca.gov/sequoia-source-public-jul26.pdf

1. If Sequoia Voting Systems was not able to comply with the standards to retain California state certification, how and why did it manage to expand in the U.S. electoral market?

2. How many other states have done a bottom-up security review of electronic voting equipment source codes and software as thoroughly as California?

3. Has any independent, best-practices institution anywhere ever done a thorough audit of the technology since 2007?

4. What measures did Dominion take to provide a solution for this security problem? Which independent experts audited and certified that solution?

5. When was the last such bottom-up security review commissioned, and by whom?

6. Did Dominion Voting Systems know about the Sequoia security problem before acquiring Sequoia from Smartmatic? What legal recourses did Dominion take in this case?