330 likes | 496 Views
Voting Project Briefing for William Jeffrey Director, NIST. September 26, 2005 National Institute of Standards and Technology http://vote.nist.gov. Briefing Outline. History of Voting Standards HAVA TGDC VVSG Implementation Strategy NIST/TGDC Activities Who’s Who
E N D
Voting ProjectBriefing for William JeffreyDirector, NIST September 26, 2005 National Institute of Standards and Technology http://vote.nist.gov
Briefing Outline • History of Voting Standards • HAVA • TGDC • VVSG Implementation Strategy • NIST/TGDC Activities • Who’s Who • VVSG Version 1 Description • VVSG Version 2 Work to Date • Lab Accreditation • Funding • Outreach • Issues
History of Voting Standards • 1975 NBS/NIST issues report critical of electronic vote tallying • 1984 Congress funds FEC to develop national standards • 1990 FEC issues Standards • NASED to oversee testing • 1999 Congress funds FEC to update Standards • 2002 FEC issues new Standards – 2002 VSS • 2002 HAVA enacted
Help America Vote Act (HAVA) • Provides for the creation of the Technical Development Guidelines Committee (TGDC) • Mandates that the TGDC provide its first set of recommendations to the EAC not later than 9 months after all of its members have been appointed. • Assigns specific responsibilities to NIST
NIST Responsibilities Under HAVA • NIST Director Chairs the TGDC • Provides technical support (R&D) to the TGDC including • Security of computers • Methods to detect and prevent fraud • Protection of Voter Privacy • Human factors, including assistive technologies for individuals with disabilities • Remote access voting • Laboratory Accreditation • NIST submits, to the EAC, a list of proposed laboratories to be accredited no later than 6 months after adoption of standard • Human Factors Report
Composition of TGDC • 15 Members including the Chairman • An equal number of members from • Standards Board • Board of Advisors • Architectural and Transportation Barrier Compliance Board (Access Board) • ANSI representative • IEEE representative • 2 representatives of NASED • Others with technical and scientific expertise
TGDC Members • Chair:William JeffreyDirector of the National Institute of Standards and Technology (NIST) • Representing Standards Board: John Gale Nebraska Secretary of State Alice MillerDirector of Elections-District of Columbia • Representing Board of Advisors:Sharon Turner BuieDirector of Elections-Kansas CityHelen PurcellMaricopa County Recorder
TGDC Members (Continued) • Representing Access Board:James ElekesDr. James (“J.R.”) R. Harding • Representing ANSI:David KarmolVice President, Policy and Government Affairs • Representing IEEE:H. Stephen BergerTEM Consulting, LP- Chair, IEEE SEC 38 (Voting Syst. Stds.) • Representing National Association of State Election Directors (NASED):Dr. Brittain WilliamsRetired professor- Kennesaw StateTucker, GA Paul CraftFlorida Department of State, Voting Systems
TGDC Members (Continued) • Other: Patrick GannonPresident and CEO,OASIS Whitney QuesenberyPresident-Usability Professionals' Association Dr. Ronald RivestProfessor, MIT-Department of Electrical Engineering and Computer ScienceDr. Daniel Schutzer Vice President & Director of External Standards and Advanced Technology, e-Citi, CitiGroup
TGDC Method of Operation • Plenary Sessions • Formal meetings held periodically to develop resolutions, review work products, discuss, and vote • Public invited to attend and provided access via webcast, transcripts published • Subcommittees • Comprised of TGCG members and supported by NIST staff • Gather and analyze information in support of development of voting system guidelines • Conduct bi-weekly teleconferences with occasional face-to-face meetings • Public provided access via Internet, transcripts provided • NIST Staff • Provide technical expertise and research • Develop work products as directed by TGDC resolutions, with guidance from subcommittee • Work products are submitted to the entire TGDC for approval
Voluntary Voting System Guidelines (VVSG) Implementation Strategy • Develop best long-term voting systems guidelines possible • Build on strengths of 2002 VSS • Significantly enhance areas needing improvement • Redesign and reorganize for clarity and testability • Provide guidance to states in time for 2006 election cycle • Implied need to minimize changes to 2002 VSS while filling in 2002 VSS gaps • Implied need to require only what is possible by 2006 • Thus, two guidelines developed: • VVSG Version 1 – augmented 2002 VSS for 2006 • VVSG Version 2 – new, redesigned guideline
NIST/TGDC Activities - 1 • Dec 2003 – NIST Symposium • Building Trust and Confidence in Voting Systems • July 2004: 1st TGDC meeting • Organizational, divided into 3 subcommittees: • Human factors and privacy • Core requirements and testing • Security and transparency • Sep 2004: information gathering meeting for the TGDC • Heard public input from voting officials, vendors
NIST/TGDC Activities - 2 • January 2005: VVSG direction • Discussed, adopted 35 resolutions affecting development of VVSG Version 1 and VVSG Version 2 • EAC requests NIST develop VVPAT requirements • NIST subsequently prioritized resolutions • March 2005: VVSG Version 1 preliminary drafts • Commented on presentations, materials from NIST staff • EAC requests additional security material for VVSG Version 1 • April 2005: final draft and VVSG Version 1 adoption • Commented on final materials from NIST staff • NIST directed to make final edits and deliver to EAC • May 9, 2005: VVSG Version 1 delivered to EAC • EAC version released June 29, 2005 • Public review ends Sept. 30, 2005
Who’s Who EAC Commissioners: • Gracia Hillman, chair • Paul DeGregorio, vice-chair • Ray Martinez • Donetta Davidson – former Colorado Secy of State & TGDC member EAC Executive Dir. Tom Wilkey - former NY State Election Director, VSS organizer/advocate Standards Board: 110 members drawn from State and local election officials Advisory Board: 37 members drawn from various national associations and government agencies. TGDC (vocal and active members) • Whitney Quesenberry - HFP chair, Usability/Accessibility expert, very engaged w/NIST • Ron Rivest - STS chair, renowned cryptographer and security expert, very engaged w/NIST • Dan Schutzer - CRT chair, VP at CitiGroup • Brit Williams - NASED rep, Kennesaw State U., Georgia, performs state voting system certifications, contracted to assist EAC with VVSG public comments • Paul Craft - NASED rep, head of elections for Florida • Steve Berger - IEEE rep, chair IEEE Voting System Standard, contract with EAC • National Association of State Election Directors, prior to HAVA had authority on standard, Qualification (Certification) and ITAs • National Association of Secretaries of States NASED NASS
New Material in VVSG Version 1 • Conformance Clause • Human Factors • Security Overview – IDV Systems • VVPAT • Wireless • Software Distribution/Setup Validation • Glossary • Error Rates • Best Practices for Voting Officials
Conformance Clause • VSS-2002 did not include a conformance clause • Conformance: the fulfillment by a product, process, or service of requirements as specified in a standard or specification • The conformance clause of a standard specification is a high-level description of what is required of implementers and developers • Refers to other parts of the standard • Specifies minimal requirements for certain functions and implementation-dependent values • Specifies the permissibility of extensions, options, and alternative approaches and how they are to be handled
Human Factors • The VSS-2002, Volume 1 Section 2.2.7, addressed Accessibility; Section 3.4.9 addressed Human Engineering—Controls and Displays; Appendix C addressed Usability • VVSG Version 1 replaces these items with a new Section 2.2.7 that addresses Human Factors including accessibility, usability, and limited English proficiency • Privacy Requirements added • Incorporates the two NASED Technical Guides (Guide #1 and Guide #2) • VVSG Version 2 will contain performance-based requirements (specifies how voting systems must perform)
Security Overview • New security Section 6.0, with 4 parts: • Overview of Independent Dual Verification (IDV) voting systems (informative only) • VVPAT Requirements • Wireless Requirements • Software Distribution/Setup Validation Requirements
Independent Dual Verification • IDV systems produce a 2nd record of votes for ballot record integrity and auditability • Current approaches include • Split process systems • Witness systems – recently marketed • Cryptographic-based systems – available today • VVPAT, modified Op Scan – available today • New Appendix D contains in-depth IDV discussion • IDV systems expected to evolve significantly in VVSG Version 2
VVPAT • The VSS-2002 contained no requirements for voter verified paper audit trails (VVPAT) • Vendors, most States in need of consistent, common guidance • TGDC directed by EAC to produce VVPAT guidance for States requiring VVPAT • VVPAT a form of IDV • VVSG does not require or endorse VVPAT • Methods other than VVPAT can provide ways to achieve IDV, as explained in Security Overview • NIST used CA State, IEEE standards, and enacted State legislation as initial basis
Wireless Technology • TGDC concluded that use of wireless technology introduces risk and should be approached with caution • VVSG Version 1 includes new section on wireless that augments the general telecommunications requirements in Volume 1, Section 5 • Requires that wireless transmissions be encrypted to protect against a variety of security problems • Requires wireless to be turned on/off under controlled conditions • Requires backup procedures in case wireless fails
Software Distribution • Helps to ensure correct version of voting software is used • Helps to ensure voting software is set up correctly • Uses NIST’s National Software Reference Library at http://www.nsrl.nist.gov
Glossary • Common terminology forms basis for understanding requirements and for discussing improvements • This glossary contains terms from the VSS-2002 and additional terms needed to understand voting and related areas, e.g., security, human factors, testing • Terms in glossary include a definition and its source, and an association as to the domain for which the term applies • Also available in a web-based on-line version at http://www.nist.gov/votingglossary.
Best Practices for Voting Officials • VSS 2002 contained requirements for voting systems and testing entities • Requirements in VVSG Version 1 for wireless, VVPAT, human factors, etc. depend on voting officials developing and carrying out appropriate procedures • VVSG Version 1 contains best practices for voting officials • These are not testable and conformance can not be determined • Best Practices for Voting Officials are also contained in Appendix C of Volume I
VVSG Version 2 • A comprehensive standards guideline, a complete rewrite of 2002 VSS with updated and expanded material • Will draw from VSS, IEEE P1583, Federal and other standards • Will include material from VVSG Version 1 and other material as directed by TGDC resolutions from Jan ’05 • Outreach with other efforts
VVSG2 Kick-Off Meeting with EAC • Meeting held on July 8 • Follow-up meeting with Commissioners on July 26 • Agreement that a lot more work needs to be done • Two Year Window for effective date does not preclude enhancements to existing VVSG • NIST/TGDC will deliver replacement “chunks” • Candidate “chunks” include VVPAT, IDV, HFP • Final version of next iteration – July, 2007 • Internet Voting
VVSG Version 2 Overview • 5 major sections: • An overview for using the VVSG, executive summary, etc. • A terminology standard (NIST glossary) • A product standard, containing general and voting-activity related requirements (e.g., setup, cast, count, …) • A standard on data to be provided by testing authorities or the vendor • A testing standard including all test methods, testing requirements, evaluation guidelines, test cases, etc.
VVSG Version 2 Current Status • Detailed outline has been developed; NIST and TGDC working to create final version of outline • Timeline for VVSG2 deliverables has been created • Research underway: • Meetings with vendors • Working with usability and accessibility experts • Threat analysis under development • Preliminary requirements development underway
Lab Accreditation • June 23, 2004 FRN – NVLAP announced the intent to establish a program for laboratories testing voting systems • August 17, 2004 – NVLAP conducted a public workshop • June 17, 2005 FRN – NVLAP announced the availability of application for its Voting Systems Testing accreditation program • June 2005 - A draft of NIST Handbook 1501-22, Voting Systems Testing, was made available to the public
Funding • FY05 Funding - $2.8 million via the EAC and $500K NIST funds • FY06 Funding Request - $6.5 million • Includes comprehensive test suite development • FY06 Funding Request constrained to $2.8 million • No test suite development • Other items funded proportionately • FY07 Funding Request - $ 5 million • Assumes $2.8 million for FY06 • Includes test suite development
Outreach • NSF Grant to Johns Hopkins University • To improve the reliability and trustworthiness of voting technology • Parallels many topics in NIST/TGDC plans • Voting system architectures built for verifiability • IDV and trusted models • Defense-in-depth techniques for security • Many opportunities for collaboration or consultation • NIST subsequently contacted NSF to initiate collaboration • NSF invited NIST to kick-off meeting tentatively Winter, 2005
Outreach Continued • State of MD Independent Verification Study • Studying add-on technologies to existing Diebold DREs • Intent is to produce 2nd, verified record • NIST may consult with respect to evaluation criteria • Threat Analysis Workshop • October 7 at NIST/Gaithersburg • To arrive at consensus on plausible threats • May involve follow-on workshop or study • GAO Report • Public release Fall/2005 • Relevant to EAC/TGDC/NIST
Issues • Working Relationship with EAC • NIST/TGDC/EAC interrelationship • Security/IDV • IDV De-emphasis in EAC version • Time to do research • Two year window for effective date for VVSG1