Presentation is loading. Please wait.

Presentation is loading. Please wait.

NIST HAVA-Related Work: Status and Plans June 16, 2005 National Institute of Standards and Technology

Published byClare Fletcher Modified over 8 years ago

Similar presentations

Presentation on theme: "NIST HAVA-Related Work: Status and Plans June 16, 2005 National Institute of Standards and Technology"— Presentation transcript:

1 NIST HAVA-Related Work: Status and Plans June 16, 2005 National Institute of Standards and Technology http://vote.nist.gov

2 6/10/2005 - page 2 Voluntary Voting System Guidelines (VVSG) Implementation Strategy Develop best long-term voting systems guidelines possible Build on strengths of 2002 VSS Significantly enhance areas needing improvement Reorganize for clarity and testability Provide guidance to states in time for 2006 election cycle Implied need to minimize changes to 2000 to VSS while filling in 2002 VSS gaps Implied need to require only what is possible by 2006 Thus, two guidelines developed: VVSG Version 1 – augmented 2002 VSS for 2006 VVSG Version 2 – new, redesigned guideline

3 6/10/2005 - page 3 Overview of NIST Work NIST worked with Technical Guidelines Development Committee (TGDC) to augment 2002 VSS NIST/TGDC developed augmented version of Voluntary Voting System Guidelines (VVSG Version 1) in open process, Sep ’04 – May ’05 NIST delivered VVSG Version 1 to EAC on May 9 NIST now vetting outline for VVSG Version 2 with TGDC NIST will work with TGDC subcommittees on VVSG Version 2 development, plan future meetings (next is Sep ’05)

4 6/10/2005 - page 4 VVSG Version 1 Overview Two volumes Volume I, the performance provisions of the guidelines Volume II, how conformance is to be tested Improves the 2002 VSS by addressing Human Factors VVPAT (Voter Verified Paper Audit Trails) Wireless Software Distribution and Setup Validation Conformance, Glossary, Error Rates Sets stage for VVSG Version 2 (under development) Expanded Human Factors Independent Dual Verification

5 6/10/2005 - page 5 VVSG Version 2 A comprehensive standards guideline A complete rewrite of 2002 VSS with updated and expanded material 4 Volumes: Product requirements Terminology Requirements for data from vendor to be provided to testing lab Testing requirements Will draw from VSS, IEEE P1583, Federal and other standards Will include material from VVSG Version 1 and other material as directed by TGDC resolutions from Jan ’05

6 6/10/2005 - page 6 VVSG Version 1 and 2 Current Status VVSG Version 1 delivered to EAC May 9, 2005 NIST will monitor public comments on VVSG Version 1 while working on VVSG Version 2 VVSG Version 2 outline has been developed; NIST and TGDC working to create final version of outline Research underway: Meetings with vendors Working with usability and accessibility experts Threat analysis development Preliminary requirements development

7 6/10/2005 - page 7 Detailed Presentation Outline NIST HAVA Responsibilities Current status of voting work at NIST Overview of Voluntary Voting Systems Guidelines Version 1 (VVSG Version 1) Plans for VVSG Version 2 Comments/Questions

8 6/10/2005 - page 8 NIST HAVA Responsibilities Chair the Technical guidelines development committee (TGDC) Provide technical support to the TGDC in the development of Voluntary Voting System Guidelines (VVSG) including: Security Methods to detect and prevent fraud Human factors, including technologies for individuals with disabilities Deliver initial VVSG to EAC 9 months after TGDC appointments (May 9, 2005)

9 6/10/2005 - page 9 Voluntary Voting System Guidelines (VVSG) Implementation Strategy Develop best long-term voting systems guidelines possible Build on strengths of 2002 VSS Significantly enhance areas needing improvement Reorganize for clarity and testability Provide guidance to states in time for 2006 election cycle Implied need to minimize changes to 2000 to VSS while filling in 2002 VSS gaps Implied need to require only what is possible by 2006 Thus, two guidelines developed: VVSG Version 1 – augmented 2002 VSS for 2006 VVSG Version 2 – new, redesigned guideline

10 6/10/2005 - page 10 NIST/TGDC Activities - 1 July 2004: 1 st TGDC meeting Organizational, divided into 3 subcommittees: Human factors and privacy Core requirements and testing Security and transparency Sep 2004: information gathering meeting for the TGDC Heard public input from voting officials, vendors October 2004: posted voting software hashes For use by state and local officials Used NIST national software reference library http://www.nsrl.nist.gov http://www.nsrl.nist.gov

11 6/10/2005 - page 11 NIST/TGDC Activities - 2 January 2005: VVSG Version 1 organization Discussed, adopted 35 resolutions affecting development of VVSG Version 1 and VVSG Version 2 EAC requests NIST develop VVPAT requirements March 2005: VVSG Version 1 preliminary drafts Commented on presentations, materials from NIST staff EAC requests additional security material for VVSG Version 1 April 2005: final draft and VVSG Version 1 adoption Commented on final materials from NIST staff NIST directed to make final edits and deliver to EAC May 9, 2005: VVSG Version 1 delivered to EAC

12 6/10/2005 - page 12 Current Status NIST presented the VVSG Version 1 to the TGDC during April 20-21 meetings NIST updated VVSG Version 1 with TGDC edits, delivered to EAC on May 9 NIST now vetting outline for VVSG Version 2 with TGDC NIST will work with TGDC subcommittees on VVSG Version 2 development, plan future meetings (next is Sep’05) NIST planning to monitor public comments on VVSG Version 1 while writing VVSG Version 2

13 6/10/2005 - page 13 VVSG Version 1 Overview Two volumes Volume I, the performance provisions of the guidelines Volume II, the testing specification Improves the 2002 VSS by addressing Human Factors VVPAT Wireless Software Distribution and Setup Validation Conformance, Glossary, Error Rates Sets stage for new version under development Expanded Human Factors Independent Dual Verification

14 6/10/2005 - page 14 Major Organizational Changes in VVSG Version 1 1. Best Practices for Voting Officials 2. Voting Process 3. Structure of Requirements

15 6/10/2005 - page 15 Best Practices for Voting Officials VSS 2002 contained requirements for voting systems and testing entities Requirements in VVSG Version 1 for wireless, VVPAT, human factors, etc. depend on voting officials developing and carrying out appropriate procedures VVSG Version 1 contains best practices for voting officials These are not testable and conformance can not be determined Best Practices for Voting Officials are contained in Appendix C of Volume I

16 6/10/2005 - page 16 Voting Process VSS 2002 defined three major stages of voting Pre-voting Voting Post-voting New sections designate which stage the requirements pertain to VVSG Version 2 will contain a more detailed voting process model

17 6/10/2005 - page 17 Structure of Requirements New sections of the VVSG Version 1 contain a more structured approach Each requirement is numbered according to a hierarchical scheme Higher level requirements are supported by lower level requirements Higher level requirements may not be directly testable but can be “indirectly” tested via their lower level requirements

18 6/10/2005 - page 18 New Material in VVSG Version 1 1. Conformance Clause 2. Human Factors 3. Security Overview – IDV Systems 4. VVPAT 5. Wireless 6. Software Distribution/Setup Validation 7. Glossary 8. Error Rates

19 6/10/2005 - page 19 Conformance Clause VSS-2002 did not include a conformance clause Conformance: the fulfillment by a product, process, or service of requirements as specified in a standard or specification The conformance clause of a standard specification is a high-level description of what is required of implementers and developers Refers to other parts of the standard Specifies minimal requirements for certain functions and implementation-dependent values Specifies the permissibility of extensions, options, and alternative approaches and how they are to be handled

20 6/10/2005 - page 20 Human Factors The VSS-2002, Volume 1 Section 2.2.7, addressed Accessibility; Section 3.4.9 addressed Human Engineering—Controls and Displays; Appendix C addressed Usability VVSG Version 1 replaces these items with a new Section 2.2.7 that addresses Human Factors including accessibility, usability, and limited English proficiency Incorporates the two NASED Technical Guides (Guide #1 and Guide #2) VVSG Version 2 will contain performance-based requirements (specifies how voting systems must perform)

21 6/10/2005 - page 21 Human Factors 4 Areas: Accessibility Usability Limited English Proficiency Privacy Based on current state of the art Require more advanced accessibility but still in industry state of the art Synchronized audio and video Performance measures for usability

22 6/10/2005 - page 22 Security Overview New security Section 6.0, with 4 parts: Overview of Independent Dual Verification (IDV) voting systems (informative only, not required for 2006) VVPAT Requirements Wireless Requirements Software Distribution/Setup Validation Requirements

23 6/10/2005 - page 23 Independent Dual Verification Requires voting systems to produce 2 nd record of votes for ballot record integrity and auditability Required as part of standard computerized record- keeping practices Current approaches include Split process systems Witness systems – recently marketed Cryptographic-based systems – available today VVPAT, modified Op Scan – available today New Appendix D contains in-depth IDV discussion IDV systems expected to evolve significantly in VVSG Version 2

24 6/10/2005 - page 24 VVPAT The VSS-2002 contained no requirements for voter verified paper audit trails (VVPAT) Vendors, most States in need of consistent, common guidance TGDC directed by EAC to produce VVPAT guidance for States requiring VVPAT VVPAT a form of IDV VVSG does not require or endorse VVPAT Methods other than VVPAT can provide ways to achieve IDV, as explained in Security Overview NIST used CA State, IEEE standards, and enacted State legislation as initial basis

25 6/10/2005 - page 25 Wireless Technology TGDC concluded that use of wireless technology introduces risk and should be approached with caution VVSG Version 1 includes new section on wireless that augments the general telecommunications requirements in Volume 1, Section 5 Requires that wireless transmissions be encrypted to protect against a variety of security problems Requires wireless to be turned on/off under controlled conditions Requires backup procedures in case wireless fails

26 6/10/2005 - page 26 Software Distribution Helps to ensure correct version of voting software is used Helps to ensure voting software is set up correctly Uses NIST’s National Software Reference Library at http://www.nsrl.nist.govhttp://www.nsrl.nist.gov This section of VVSG Version 1 builds on the VSS-2002 to include use of this repository and other validation mechanisms

27 6/10/2005 - page 27 Glossary Common terminology forms basis for understanding requirements and for discussing improvements This glossary contains terms from the VSS-2002 and additional terms needed to understand voting and related areas, e.g., security, human factors, testing Terms in glossary include a definition and its source, and an association as to the domain for which the term applies Also available in a web-based on-line version at http://www.nist.gov/votingglossary. http://www.nist.gov/votingglossary

28 6/10/2005 - page 28 VVSG Version 2 A comprehensive standards guideline, a complete rewrite of 2002 VSS with updated and expanded material Will draw from VSS, IEEE P1583, Federal and other standards Will include material from VVSG Version 1 and other material as directed by TGDC resolutions from Jan ’05

29 6/10/2005 - page 29 Major Goals for VVSG Version 2 Provide complete and comprehensive guideline for vendors and test labs Provide clear, usable requirements discussion with associated test methods Address security and human factors developments since 2002 VSS Respond to all TGDC Jan’05 resolutions

30 6/10/2005 - page 30 VVSG Version 2 Overview 4 major sections: A product standard, containing general and voting- activity related requirements (e.g., setup, cast, count, …) A terminology standard (NIST glossary) A standard on data to be provided by testing authorities or the vendor A testing standard including all test methods, testing requirements, evaluation guidelines, test cases, etc.

31 6/10/2005 - page 31 VVSG Version 2 Current Status Detailed outline has been developed; NIST and TGDC working to create final version of outline Research underway: Meetings with vendors Working with usability and accessibility experts Threat analysis under development Preliminary requirements development underway

32 6/10/2005 - page 32 Comments/Questions

Download ppt "NIST HAVA-Related Work: Status and Plans June 16, 2005 National Institute of Standards and Technology"

Similar presentations

IEEE P1622 Meeting, Oct 2011 IEEE P1622 Meeting October 24-25, 2011 Overview of IEEE P1622 Draft Standard for Electronic Distribution of Blank Ballots.

IEEE P1622 Meeting, Oct 2011 IEEE P1622 Meeting October 24-25, 2011 Overview of IEEE P1622 Draft Standard for Electronic Distribution of Blank Ballots.
TGDC Meeting, July 2011 Review of VVSG 1.1 Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL

TGDC Meeting, July 2011 Review of VVSG 1.1 Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL
Human Factors in Voting Systems John O’Hara IEEE Usability-Accessibility Working Group Chair HFES Voting System Task Force Chair Advisory Board Meeting.

Human Factors in Voting Systems John O’Hara IEEE Usability-Accessibility Working Group Chair HFES Voting System Task Force Chair Advisory Board Meeting.
Recent Developments in Voting System Standards Ronald L. Rivest Frontiers in Electronic Elections (Milan) September 15, 2005.

Recent Developments in Voting System Standards Ronald L. Rivest Frontiers in Electronic Elections (Milan) September 15, 2005.
TGDC Meeting, Jan 2011 VVSG 1.1 Test Suite Status Mary Brady National Institute of Standards and Technology

TGDC Meeting, Jan 2011 VVSG 1.1 Test Suite Status Mary Brady National Institute of Standards and Technology
ISO 9000 Certification ISO 9001 and ISO 9000.3.

ISO 9000 Certification ISO 9001 and ISO
A Review ISO 9001:2015 Draft What’s Important to Know Now

A Review ISO 9001:2015 Draft What’s Important to Know Now
United States Election Assistance Commission Pilot Program Testing and Certification Manual & UOCAVA Pilot Program Testing and Certification Manual & UOCAVA.

United States Election Assistance Commission Pilot Program Testing and Certification Manual & UOCAVA Pilot Program Testing and Certification Manual & UOCAVA.
Voting System Qualification How it happens and why.

Voting System Qualification How it happens and why.
12/9-10/2009 TGDC Meeting TGDC Recommendations Research as requested by the EAC John P. Wack National Institute of Standards and Technology

12/9-10/2009 TGDC Meeting TGDC Recommendations Research as requested by the EAC John P. Wack National Institute of Standards and Technology
TGDC Meeting, July 2011 Overview of July TGDC Meeting Belinda L. Collins, Ph.D. Senior Advisor, Voting Standards, ITL

TGDC Meeting, July 2011 Overview of July TGDC Meeting Belinda L. Collins, Ph.D. Senior Advisor, Voting Standards, ITL
Election Assistance Commission United States VVSG 1.1 www.eac.gov 1 Technical Guidelines Development Committee (TGDC) NIST July 20, 2015 Gaithersburg,

Election Assistance Commission United States VVSG Technical Guidelines Development Committee (TGDC) NIST July 20, 2015 Gaithersburg,
Testing Summit Sacramento, CA November 28, 2005 Barbara Guttman National Institute of Standards and Technology www.vote.nist.gov.

Testing Summit Sacramento, CA November 28, 2005 Barbara Guttman National Institute of Standards and Technology
TGDC Meeting, Jan 2011 VVSG 2.0 and Beyond: Usability and Accessibility Issues, Gaps, and Performance Tests Sharon Laskowski, PhD National Institute of.

TGDC Meeting, Jan 2011 VVSG 2.0 and Beyond: Usability and Accessibility Issues, Gaps, and Performance Tests Sharon Laskowski, PhD National Institute of.
EAC-requested VVSG Research Overview and Status June 2008 Mark Skall Chief, Software Diagnostics and Conformance Testing Division National Institute of.

EAC-requested VVSG Research Overview and Status June 2008 Mark Skall Chief, Software Diagnostics and Conformance Testing Division National Institute of.
Demystifying the Independent Test Authority (ITA)

Demystifying the Independent Test Authority (ITA)
TGDC Meeting, July 2011 UOCAVA Roadmap Update Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL

TGDC Meeting, July 2011 UOCAVA Roadmap Update Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL
TGDC Meeting, July 2011 IEEE P.1622 Update John P. Wack Computer Scientist, Software and Systems Division, ITL

TGDC Meeting, July 2011 IEEE P.1622 Update John P. Wack Computer Scientist, Software and Systems Division, ITL
Implementing the New Reliability Standards Status of Draft Cyber Security Standards CIP-002-1 through CIP-009-1 Larry Bugh ECAR Standard Drafting Team.

Implementing the New Reliability Standards Status of Draft Cyber Security Standards CIP through CIP Larry Bugh ECAR Standard Drafting Team.
Voting Project Briefing for William Jeffrey Director, NIST September 26, 2005 National Institute of Standards and Technology

Voting Project Briefing for William Jeffrey Director, NIST September 26, 2005 National Institute of Standards and Technology

Similar presentations

Ads by Google