1 / 33

Voting Project Briefing for William Jeffrey Director, NIST

Voting Project Briefing for William Jeffrey Director, NIST. September 26, 2005 National Institute of Standards and Technology http://vote.nist.gov. Briefing Outline. History of Voting Standards HAVA TGDC VVSG Implementation Strategy NIST/TGDC Activities Who’s Who

mei
Download Presentation

Voting Project Briefing for William Jeffrey Director, NIST

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Voting ProjectBriefing for William JeffreyDirector, NIST September 26, 2005 National Institute of Standards and Technology http://vote.nist.gov

  2. Briefing Outline • History of Voting Standards • HAVA • TGDC • VVSG Implementation Strategy • NIST/TGDC Activities • Who’s Who • VVSG Version 1 Description • VVSG Version 2 Work to Date • Lab Accreditation • Funding • Outreach • Issues

  3. History of Voting Standards • 1975 NBS/NIST issues report critical of electronic vote tallying • 1984 Congress funds FEC to develop national standards • 1990 FEC issues Standards • NASED to oversee testing • 1999 Congress funds FEC to update Standards • 2002 FEC issues new Standards – 2002 VSS • 2002 HAVA enacted

  4. Help America Vote Act (HAVA) • Provides for the creation of the Technical Development Guidelines Committee (TGDC) • Mandates that the TGDC provide its first set of recommendations to the EAC not later than 9 months after all of its members have been appointed. • Assigns specific responsibilities to NIST

  5. NIST Responsibilities Under HAVA • NIST Director Chairs the TGDC • Provides technical support (R&D) to the TGDC including • Security of computers • Methods to detect and prevent fraud • Protection of Voter Privacy • Human factors, including assistive technologies for individuals with disabilities • Remote access voting • Laboratory Accreditation • NIST submits, to the EAC, a list of proposed laboratories to be accredited no later than 6 months after adoption of standard • Human Factors Report

  6. Composition of TGDC • 15 Members including the Chairman • An equal number of members from • Standards Board • Board of Advisors • Architectural and Transportation Barrier Compliance Board (Access Board) • ANSI representative • IEEE representative • 2 representatives of NASED • Others with technical and scientific expertise

  7. TGDC Members • Chair:William JeffreyDirector of the National Institute of Standards and Technology (NIST) • Representing Standards Board: John Gale Nebraska Secretary of State Alice MillerDirector of Elections-District of Columbia • Representing Board of Advisors:Sharon Turner BuieDirector of Elections-Kansas CityHelen PurcellMaricopa County Recorder

  8. TGDC Members (Continued) • Representing Access Board:James ElekesDr. James (“J.R.”) R. Harding • Representing ANSI:David KarmolVice President, Policy and Government Affairs • Representing IEEE:H. Stephen BergerTEM Consulting, LP- Chair, IEEE SEC 38 (Voting Syst. Stds.) • Representing National Association of State Election Directors (NASED):Dr. Brittain WilliamsRetired professor- Kennesaw StateTucker, GA Paul CraftFlorida Department of State, Voting Systems  

  9. TGDC Members (Continued) • Other: Patrick GannonPresident and CEO,OASIS Whitney QuesenberyPresident-Usability Professionals' Association Dr. Ronald RivestProfessor, MIT-Department of Electrical Engineering and Computer ScienceDr. Daniel Schutzer Vice President & Director of External Standards and Advanced Technology, e-Citi, CitiGroup

  10. TGDC Method of Operation • Plenary Sessions • Formal meetings held periodically to develop resolutions, review work products, discuss, and vote • Public invited to attend and provided access via webcast, transcripts published • Subcommittees • Comprised of TGCG members and supported by NIST staff • Gather and analyze information in support of development of voting system guidelines • Conduct bi-weekly teleconferences with occasional face-to-face meetings • Public provided access via Internet, transcripts provided • NIST Staff • Provide technical expertise and research • Develop work products as directed by TGDC resolutions, with guidance from subcommittee • Work products are submitted to the entire TGDC for approval

  11. Voluntary Voting System Guidelines (VVSG) Implementation Strategy • Develop best long-term voting systems guidelines possible • Build on strengths of 2002 VSS • Significantly enhance areas needing improvement • Redesign and reorganize for clarity and testability • Provide guidance to states in time for 2006 election cycle • Implied need to minimize changes to 2002 VSS while filling in 2002 VSS gaps • Implied need to require only what is possible by 2006 • Thus, two guidelines developed: • VVSG Version 1 – augmented 2002 VSS for 2006 • VVSG Version 2 – new, redesigned guideline

  12. NIST/TGDC Activities - 1 • Dec 2003 – NIST Symposium • Building Trust and Confidence in Voting Systems • July 2004: 1st TGDC meeting • Organizational, divided into 3 subcommittees: • Human factors and privacy • Core requirements and testing • Security and transparency • Sep 2004: information gathering meeting for the TGDC • Heard public input from voting officials, vendors

  13. NIST/TGDC Activities - 2 • January 2005: VVSG direction • Discussed, adopted 35 resolutions affecting development of VVSG Version 1 and VVSG Version 2 • EAC requests NIST develop VVPAT requirements • NIST subsequently prioritized resolutions • March 2005: VVSG Version 1 preliminary drafts • Commented on presentations, materials from NIST staff • EAC requests additional security material for VVSG Version 1 • April 2005: final draft and VVSG Version 1 adoption • Commented on final materials from NIST staff • NIST directed to make final edits and deliver to EAC • May 9, 2005: VVSG Version 1 delivered to EAC • EAC version released June 29, 2005 • Public review ends Sept. 30, 2005

  14. Who’s Who EAC Commissioners: • Gracia Hillman, chair • Paul DeGregorio, vice-chair • Ray Martinez • Donetta Davidson – former Colorado Secy of State & TGDC member EAC Executive Dir. Tom Wilkey - former NY State Election Director, VSS organizer/advocate Standards Board: 110 members drawn from State and local election officials Advisory Board: 37 members drawn from various national associations and government agencies. TGDC (vocal and active members) • Whitney Quesenberry - HFP chair, Usability/Accessibility expert, very engaged w/NIST • Ron Rivest - STS chair, renowned cryptographer and security expert, very engaged w/NIST • Dan Schutzer - CRT chair, VP at CitiGroup • Brit Williams - NASED rep, Kennesaw State U., Georgia, performs state voting system certifications, contracted to assist EAC with VVSG public comments • Paul Craft - NASED rep, head of elections for Florida • Steve Berger - IEEE rep, chair IEEE Voting System Standard, contract with EAC • National Association of State Election Directors, prior to HAVA had authority on standard, Qualification (Certification) and ITAs • National Association of Secretaries of States NASED NASS

  15. New Material in VVSG Version 1 • Conformance Clause • Human Factors • Security Overview – IDV Systems • VVPAT • Wireless • Software Distribution/Setup Validation • Glossary • Error Rates • Best Practices for Voting Officials

  16. Conformance Clause • VSS-2002 did not include a conformance clause • Conformance: the fulfillment by a product, process, or service of requirements as specified in a standard or specification • The conformance clause of a standard specification is a high-level description of what is required of implementers and developers • Refers to other parts of the standard • Specifies minimal requirements for certain functions and implementation-dependent values • Specifies the permissibility of extensions, options, and alternative approaches and how they are to be handled

  17. Human Factors • The VSS-2002, Volume 1 Section 2.2.7, addressed Accessibility; Section 3.4.9 addressed Human Engineering—Controls and Displays; Appendix C addressed Usability • VVSG Version 1 replaces these items with a new Section 2.2.7 that addresses Human Factors including accessibility, usability, and limited English proficiency • Privacy Requirements added • Incorporates the two NASED Technical Guides (Guide #1 and Guide #2) • VVSG Version 2 will contain performance-based requirements (specifies how voting systems must perform)

  18. Security Overview • New security Section 6.0, with 4 parts: • Overview of Independent Dual Verification (IDV) voting systems (informative only) • VVPAT Requirements • Wireless Requirements • Software Distribution/Setup Validation Requirements

  19. Independent Dual Verification • IDV systems produce a 2nd record of votes for ballot record integrity and auditability • Current approaches include • Split process systems • Witness systems – recently marketed • Cryptographic-based systems – available today • VVPAT, modified Op Scan – available today • New Appendix D contains in-depth IDV discussion • IDV systems expected to evolve significantly in VVSG Version 2

  20. VVPAT • The VSS-2002 contained no requirements for voter verified paper audit trails (VVPAT) • Vendors, most States in need of consistent, common guidance • TGDC directed by EAC to produce VVPAT guidance for States requiring VVPAT • VVPAT a form of IDV • VVSG does not require or endorse VVPAT • Methods other than VVPAT can provide ways to achieve IDV, as explained in Security Overview • NIST used CA State, IEEE standards, and enacted State legislation as initial basis

  21. Wireless Technology • TGDC concluded that use of wireless technology introduces risk and should be approached with caution • VVSG Version 1 includes new section on wireless that augments the general telecommunications requirements in Volume 1, Section 5 • Requires that wireless transmissions be encrypted to protect against a variety of security problems • Requires wireless to be turned on/off under controlled conditions • Requires backup procedures in case wireless fails

  22. Software Distribution • Helps to ensure correct version of voting software is used • Helps to ensure voting software is set up correctly • Uses NIST’s National Software Reference Library at http://www.nsrl.nist.gov

  23. Glossary • Common terminology forms basis for understanding requirements and for discussing improvements • This glossary contains terms from the VSS-2002 and additional terms needed to understand voting and related areas, e.g., security, human factors, testing • Terms in glossary include a definition and its source, and an association as to the domain for which the term applies • Also available in a web-based on-line version at http://www.nist.gov/votingglossary.

  24. Best Practices for Voting Officials • VSS 2002 contained requirements for voting systems and testing entities • Requirements in VVSG Version 1 for wireless, VVPAT, human factors, etc. depend on voting officials developing and carrying out appropriate procedures • VVSG Version 1 contains best practices for voting officials • These are not testable and conformance can not be determined • Best Practices for Voting Officials are also contained in Appendix C of Volume I

  25. VVSG Version 2 • A comprehensive standards guideline, a complete rewrite of 2002 VSS with updated and expanded material • Will draw from VSS, IEEE P1583, Federal and other standards • Will include material from VVSG Version 1 and other material as directed by TGDC resolutions from Jan ’05 • Outreach with other efforts

  26. VVSG2 Kick-Off Meeting with EAC • Meeting held on July 8 • Follow-up meeting with Commissioners on July 26 • Agreement that a lot more work needs to be done • Two Year Window for effective date does not preclude enhancements to existing VVSG • NIST/TGDC will deliver replacement “chunks” • Candidate “chunks” include VVPAT, IDV, HFP • Final version of next iteration – July, 2007 • Internet Voting

  27. VVSG Version 2 Overview • 5 major sections: • An overview for using the VVSG, executive summary, etc. • A terminology standard (NIST glossary) • A product standard, containing general and voting-activity related requirements (e.g., setup, cast, count, …) • A standard on data to be provided by testing authorities or the vendor • A testing standard including all test methods, testing requirements, evaluation guidelines, test cases, etc.

  28. VVSG Version 2 Current Status • Detailed outline has been developed; NIST and TGDC working to create final version of outline • Timeline for VVSG2 deliverables has been created • Research underway: • Meetings with vendors • Working with usability and accessibility experts • Threat analysis under development • Preliminary requirements development underway

  29. Lab Accreditation • June 23, 2004 FRN – NVLAP announced the intent to establish a program for laboratories testing voting systems • August 17, 2004 – NVLAP conducted a public workshop • June 17, 2005 FRN – NVLAP announced the availability of application for its Voting Systems Testing accreditation program • June 2005 - A draft of NIST Handbook 1501-22, Voting Systems Testing, was made available to the public

  30. Funding • FY05 Funding - $2.8 million via the EAC and $500K NIST funds • FY06 Funding Request - $6.5 million • Includes comprehensive test suite development • FY06 Funding Request constrained to $2.8 million • No test suite development • Other items funded proportionately • FY07 Funding Request - $ 5 million • Assumes $2.8 million for FY06 • Includes test suite development

  31. Outreach • NSF Grant to Johns Hopkins University • To improve the reliability and trustworthiness of voting technology • Parallels many topics in NIST/TGDC plans • Voting system architectures built for verifiability • IDV and trusted models • Defense-in-depth techniques for security • Many opportunities for collaboration or consultation • NIST subsequently contacted NSF to initiate collaboration • NSF invited NIST to kick-off meeting tentatively Winter, 2005

  32. Outreach Continued • State of MD Independent Verification Study • Studying add-on technologies to existing Diebold DREs • Intent is to produce 2nd, verified record • NIST may consult with respect to evaluation criteria • Threat Analysis Workshop • October 7 at NIST/Gaithersburg • To arrive at consensus on plausible threats • May involve follow-on workshop or study • GAO Report • Public release Fall/2005 • Relevant to EAC/TGDC/NIST

  33. Issues • Working Relationship with EAC • NIST/TGDC/EAC interrelationship • Security/IDV • IDV De-emphasis in EAC version • Time to do research • Two year window for effective date for VVSG1

More Related