By Joe Hoft
Guest post by Kevin Moncla
SLI Compliance and Pro V&V are Election Assistance Commission (EAC) accredited Voting System Testing Laboratories (VSTLs). What does that mean? It means voting system manufacturers, like Dominion, pay the VSTLs to test their voting system as required to be certified by the EAC.
VSTLs do not work for the government or the EAC.
SLI Compliance and Pro V&V literally work on behalf of the voting system manufacturers.
If a voting systems company wants their system to be certified by the EAC, then that system has to be successfully tested by a VSTL. The voting systems company then hires one of the only two “accredited” companies to test their system, and the results (somehow always pass) go to the EAC for certification. This is no secret to all of those involved, and it is proudly advertised on the home page of Pro V&V’s website:
Since our founding in 2011, we have always had one focus: our clients. Pro V&V exists to help its clients comply with regulations in systems and software testing in the most efficient and professional manner possible and will always be dedicated to verifying your products to your satisfaction. (emphasis added)”
If you’re thinking that is a conflict of interest, then you’d be right.
We’ve written numerous articles about the VSTL’s. For example, we identified that these firms were not certified by the EAC when state governments claimed they were.
The reason that this and other unacceptable deficiencies (like 16-year-old voting machine standards) are allowed is that the testing and EAC certification program is “voluntary”. Voluntary, that is unless the voting system is to be used in the 40 states which all require some form of VSTL testing and certification. Federally voluntary but state required. (Almost like a real 3rd world country) Then there are the complications with a private company hiring another private company which obscures any and all oversight and rights of the public to see records, etc.
Considering this, it comes as no surprise that Arizona and Georgia chose the VSTLs for their “forensic audits”. However, there are four problems with this arrangement.
First is the existing conflict-of-interest issue which is only worsened by the present circumstances. To put it bluntly, an audit that resulted in problems with a voting system that is made by a company that pays you to test their voting systems wouldn’t necessarily be good for business. Especially when that company accounts for nearly half of your income.
This fact alone should have disqualified these two companies during the decision-making process by the public officials who should have known that that conflict exists. If not, then the VSTLs should have refused on basic principle or for the EAC’s policies restricting conflicts of interest.
Second is the fact that neither of these two VSTLs are qualified to perform forensic audits of computer-based voting systems. Contrary to what the public officials, voting system manufacturers, and the media claim, these companies are not certified by the EAC to audit voting systems. In fact, the EAC specifically addresses the qualifications recommended for forensic auditors.
The following is from the EAC’s “Best Practices: Chain of Custody” guide:
Third Party Post-Election Audits and Electronic Discovery Services”
“Digital forensics require specialized skillsets, and the audit team should possess certifications or applicable work experience in this specialty. Industry standard certifications are offered by organizations such as the International Association of Computer Investigative Specialists (IACIS) or the Sans Institute. “
Note that it doesn’t mention VSTLs.
Some may think this is a mere technicality and the VSTLs have plenty of experience from testing the machines.
While it’s true that they do test these systems for certification, (to a 2005 standard) the testing is wholly inadequate and involves things such as dropping a machine from X number of feet, then powering on the machine and test that it doesn’t shock the user. They also test to ensure the machine performs according to the manual and confirm it is accurate in counting ballots, when brand new, in a lab.
What they don’t test is the things you would expect them to test, such as security, and penetration vulnerabilities.
Third, the audits by the VSTLs in both Maricopa and Georgia were not forensic audits and they didn’t follow the protocol set forth by standards established by court precedent of preserving evidence and chain of custody as those mirrored by the EAC guidelines detailed here:
The shortcomings are easily established when comparing the audit reports by Pro V&V and SLI Compliance for Maricopa County, and Pro V&V’s report for the State of Georgia with the chain of custody best practices referenced above. The Gateway Pundit has previously reported on the shortcomings of these audits:
Fourth, the officials of the state of Georgia and Maricopa County have misrepresented the audits by Pro V&V and SLI Compliance to the people of the United States. Including the qualifications and certifications of those who did the work and the work that was performed.
Here is a description of the audits by Maricopa County:
Maricopa County’s election equipment and software passed all tests performed by two independent firms hired to conduct the forensic audit, according to reports by two federally certified Voting System Testing (my emphasis added) Laboratories.”
More misrepresentation from Maricopa County:
Were the auditors certified?
Both Pro V&V and SLI Compliance are certified Voting System Test Laboratories and their certification is in good standing with the U.S. Elections Assistance Commission
The county sought out the best, most qualified firms to perform this audit. A certified Voting System Test Laboratory is the only firm with the combined skill sets and knowledge to identify vulnerabilities and to verify the systems are configured according to federal certification standards.”
Not according to the EAC when the auditors were selected to perform the work. Now consider that Maricopa County literally purchased new voting equipment, which cost the taxpayers $3,000,000, because a 3rd party who was, according to AZ SOS Hobbs, unqualified to audit the machines when in fact it was their own auditors who were not properly qualified, certified nor did they even follow proper EAC, forensic, or chain of custody protocols! Maricopa County allowed uncertified and unqualified third-parties access to the equipment, and in doing so, they themselves broke the chain of custody.
Here’s what Georgia Secretary of State Raffensperger said in a widely reported and, at best, misleading statement:
Pro V&V conducted an audit of a random sample of Dominion Voting Systems voting machines throughout the state using forensic techniques…”
In reality, there’s just cause to question if an audit was ever done at all in Georgia, because in the one page describing the audit no dates were given when these machines were audited, where, no pictures were provided of seals, no serial numbers of equipment, etc.
Advertisement – story continues below
As The Gateway Pundit previously reported, After reading the report, It is understandable why it was never released to the public and had to be obtained by an open records request:
To avoid the possibility of Georgia Secretary of State Raffensperger or coconspirator Gabriel Sterling attempting to make the claim of being unaware that Pro V&V was unqualified, Judge Totenberg’s ruling in the case, Curling vs. Raffensperger provides evidence:
Mr. Cobb testified at the injunction hearing that he had fourteen years of experience in testing voting machines, but as became apparent in the course of these proceedings, he does not have any specialized expertise in cybersecurity testing or analysis or cybersecurity risk analysis. “
Furthering the damage is the fact that Raffensperger used what he claimed to be a forensic audit by a qualified and federally certified auditing firm to surreptitiously convince the legislature to certify the Georgia election.