Alternatives to Software Independence

1. Alternatives to Software Independence Nelson Hastings National Institute of Standards and Technology http://vote.nist.gov

2. Motivation • Alternatives to Software Independence to retain the VVSG’s focus on security, verifiability, and auditability • Issues: Impacts on innovation and usability

3. Make auditability, not SI, an overarching requirement Moves focus to the trustworthiness of audit records Allows some reliance on software based on trust in audit records How is auditability achieved? Software independent approaches: IVVR requirements End-to-End protocols (E2E) Independent Verification (IV) Secure Audit Port Strategy

4. Strategy Auditability With inclusion of alternatives: Current draft next VVSG: SI - Auditability SI Independent Verification (IV) Secure Audit Port IVVR Innovation Class IVVR End-to-End (E2E) Innovation Class

5. SI requirement on VVSG could be replaced with requirements for auditability Unclear what the auditability requirements should be for the VVSG Unclear what the impact will be on the cost of developing and testing of the systems Impact other areas of the VVSG that need further study, e.g., usability, accessibility For all alternatives, more research is needed Possible Ramifications

6. Two day workshop in October 2009 Brought the security, usability, accessibility, and election communities together Purpose to define what is an end-to-end voting systems Identified desired security properties Discussed usability and accessibility issues Outcome: More research needs to be done End-to-End Workshop