California Secretary of State Debra Bowen has issued a statement (PDF) revealing that Election Systems & Software—the largest voting machine maker in the United States—illegally sold almost 1,000 uncertified voting machines to five counties. A public hearing has been scheduled for September, at which time the evidence will be evaluated. If found guilty, ES&S could be barred from doing business in the state for three years, forced to refund all of the money that the counties paid for the voting machines, and face penalties of up to nearly $10 million.

"ES&S sold nearly 1,000 voting machines in California without telling the counties that bought them that they had never been certified for use in this state," said Bowen in an official statement. "Given that each machine costs about $5,000, it appears ES&S has taken $5 million out of the pockets of several California counties that were simply trying to follow the law and equip their polling places with certified voting machines."

The ES&S AutoMARK Phase One model was apparently certified for use in California in 2005, but the subsequent AutoMARK Phase Two model was not. Bowen says that Phase Two models were sold to five counties even though they hadn't even been certified by either the federal or California state governments.

Wired's Threat Level blog spoke to Secretary of State spokeswoman Nicole Winger, who explained that the Phase Two models had stickers indicating federal certification despite the fact that they never passed federal inspection and that the stickers on the Phase Two machines were only intended to apply to the Phase One machines. The question, Winger says, is whether or not ES&S applied the stickers by accident or with the deliberate intent to deceive state election officials. "We are in the early stages of learning about the facts," Winger told Wired. "We don't know who would have applied the A100 [Phase One] stickers to uncertified equipment."

Bowen has previously advocated higher standards for voting machine security. In March, Bowen proposed red team security testing for electronic voting machines. The tests revealed serious vulnerabilities in all voting machines used in the state of California. In response, Bowen conditionally recertified the machines despite the presence of severe and intractable flaws but limited the use of the most common models to one per polling place and established a broad set of requirements that the vendors would have to meet to limit the potential for security breaches and machine failure. ES&S declined to participate in the red team tests, citing lack of preparedness. As a result, the company's Phase One machines have since been decertified and may no longer be sold in California either.

It looks like ES&S could face the same fate as Diebold in California, which was sued by the state in 2004 and temporarily banned from doing business in the state after installing uncertified software on voting machines.