NIST Voting Program ActivitiesUpdate

February 21, 2007

Mark SkallChief, Software Diagnostics

and Conformance Testing Division

Page 2Voting Program Activities Update

Deliverables to the EAC Next iteration of Voluntary Voting

System Guidelines Test materials for new VVSG

Delivered separately from new VVSG Delivered incrementally over the next few

years List of recommended test laboratories

NVLAP (National Voluntary Laboratory Accreditation Program)

Page 3Voting Program Activities Update

Background Help America Vote Act (HAVA) of 2002

Created TGDC 15 members, different disciplines Chaired by NIST Director

NIST performs research and technical support Initial TGDC recommendations required within 9

months TGDC/NIST delivered VVSG 2005 to EAC

Limited, based on 2002 standard Enhanced areas: security, human factors

Decided to develop more comprehensive guideline Next iteration of the VVSG

Page 4Voting Program Activities Update

Next Iteration of the VVSG Complete re-write of VVSG 2005 in all areas

Usability and Accessibility Security Core Requirements

Deliver to EAC in July, 2007 NIST performs research for the EAC’s TGDC

(Technical Guidelines Development Committee) TGDC makes recommendations to the EAC NIST does not make recommendations

NIST does the technical writing of the VVSG

Page 5Voting Program Activities Update

Dec 4-5 TGDC Meeting The meeting was perhaps the most important to date Major items for next iteration of the VVSG approved by the

TGDC included: Software-independence - must use verifiable voting records

for independent audits Process to include new and innovative voting systems with

greater usability, accessibility, and security Prohibiting RF wireless Improving the methods for measuring reliability and accuracy

of voting systems Improving and updating the usability and accessibility

requirements Improving requirements for the overall reliability of VVPAT

voting systems

Page 6Voting Program Activities Update

Usability & Accessibility Updates to Usability requirements

Usability performance benchmarks are being researched Result will be more accurate and realistic usability

performance metrics - voting systems will be easier to use Research and requirements to be completed by 4/2007

Updates to Accessibility requirements Relatively minor updates from VVSG 2005

Updates to other requirements for Alternative languages Documentation Plain language Voter and system response timing

Page 7Voting Program Activities Update

Security New VVSG will require new voting systems to be software-

independent: Accuracy of the election will not rely exclusively on the accuracy of the

voting system software Accuracy of the system’s electronic records will be able to be

independently audited against a voter-verified record Systems that do this currently are paper-based e.g., optical scan, VVPAT

New VVSG will include an Innovative Class TGDC is including a method for researchers or developers to create new

and innovative, possibly paperless, voting system approaches that would still be independently auditable and conform to the new VVSG

This may include newer, cryptographic-based systems that potentially promise greater usability and accessibility as well as security

Page 8Voting Program Activities Update

Security (cont) Requirements to improve the accessibility of paper-based

systems Requirements to improve the reliability and usability of VVPAT Radio-Frequency (RF) wireless will no longer be permitted for

use on voting systems Requirements for test labs to conduct open-ended

vulnerability testing on voting systems to search for vulnerabilities

Setup validation requirements being updated to permit inspection of whether a voting system’s installed software is the correct software

Other security areas: access control, auditing, cryptography, event logging, and physical security

Page 9Voting Program Activities Update

Core Requirements Voting system quality, reliability (MTBF), and accuracy

requirements being updated To improve voting system design and testing techniques To ensure that voting systems are robust and work properly

To promote quality systems, requirements for vendors to comply with ISO 9000/9001

COTS testing requirements being written To make clearer whether to exclude certain COTS products from in-

depth source code reviews COTS grouped into several categories Each category has its own testing requirements

Conventions for software coding being examined E.g., requiring software languages that contain improved integrity

and security constructs

Page 10Voting Program Activities Update

Summary of TGDC Resolutions

Innovation class - TGDC to include in new VVSG a class for new, innovative voting system approaches, NIST to research high-level requirements

Wireless security - no RF wireless in future voting systems

Software Independence

Page 11Voting Program Activities Update

Summary (cont) Recommendation to ICDR - TGDC recommends

Interagency Committee on Disability Research include voting as topic of future conference

Principal criteria – New VVSG to include a stmt that voting systems should be reliable, secure, accurate, usable, accessible, fit for use

Moving away from MTBF metric - TGDC directs NIST to research new reliability metric to replace older MTBF metric

Page 12Voting Program Activities Update

List of Proposed Test Labs NVLAP assesses potential voting system testing

laboratories NIST Director proposes them to the EAC EAC makes decision whether to accredit

them to test voting systems Proposals made to EAC on January 18, 2007

Proposed two test laboratories for accreditation to test to VSS 2002 and VVSG 2005

IBeta Quality Assurance Sys Test Labs

Page 13Voting Program Activities Update

Plans for Next Few Months For new VVSG:

1-2 additional TGDC meetings; roughly 40 teleconferences Research will be completed for usability performance

benchmarks Requirements for implementing software independence and

other security improvements will be completed Requirements for voting systems to be more reliable and usable

both for voters and election officials will be completed Delivery to EAC in July 2007

NVLAP will continue to investigate potential applicants for accreditation

Test suite development for new VVSG will start based upon FY07 fiscal appropriations

Funding Currently, testing laboratories develop tests Need comprehensive, transparent set of test suites

Page 14Voting Program Activities Update

Plans Post-New VVSG NIST is prepared to assist the EAC in vetting the

VVSG 2007 with other organizations, including: the EAC’s Standards Board the Access Board other voting-related organizations, e.g., NASS, NASED

NIST is prepared to assist the EAC, if requested, to perform research in response to public comments

Continued development of test suites for new VVSG

Page 15Voting Program Activities Update

Discussion