NIST Voting Program Activities Update January 4, 2007 Mark Skall Chief, Software Diagnostics and Conformance Testing Division
Page 2Voting Program Activities Update NIST’s Major Deliverables to the EAC List of recommended test laboratories NVLAP (National Voluntary Laboratory Accreditation Program) Next iteration of Voluntary Voting System Guidelines (VVSG 2007) Test materials for VVSG 2007 Delivered separately from VVSG 2007
Page 3Voting Program Activities Update List of testing labs NVLAP assesses potential voting system testing laboratories NIST Director recommends them to the EAC EAC makes decision whether to accredit them to test voting systems NVLAP performed pre/final assessments of 3 potential testing labs in 2006 Will make recommendations to EAC in early 2007
Page 4Voting Program Activities Update VVSG 2007 Complete re-write of VVSG 2005 in all areas Usability and Accessibility Security Core Requirements Deliver to EAC in July, 2007 NIST performs VVSG 2007 research for the EAC’s TGDC (Technical Guidelines Development Committee) TGDC makes recommendations NIST does not make recommendations NIST does the technical writing of the VVSG 2007
Page 5Voting Program Activities Update Dec 4-5 TGDC Meeting The meeting was perhaps the most important to date Major items for VVSG 2007 approved by the TGDC included: Software-independence - must use verifiable voting records for independent audits Process to include new and innovative voting systems with greater usability, accessibility, and security Prohibiting RF wireless Improving the methods for measuring reliability and accuracy of voting systems Improving and updating the usability and accessibility requirements Improving requirements for the overall reliability of VVPAT voting systems
Page 6Voting Program Activities Update Usability & Accessibility Updates to Usability requirements Usability performance benchmarks are being researched Result will be more accurate and realistic usability performance metrics - voting systems will be easier to use Research and requirements to be completed by 4/2007 Updates to Accessibility requirements Relatively minor updates from VVSG 2005 Updates to other requirements for Alternative languages Documentation Plain language Voter and system response timing
Page 7Voting Program Activities Update Security VVSG 2007 will require new voting systems to be software-independent: Accuracy of the election will not rely exclusively on the accuracy of the voting system software Accuracy of the system’s electronic records will be able to be independently audited against a voter-verified record Systems that do this currently are paper-based e.g., optical scan VVSG 2007 will include an Innovative Class TGDC is including a method for researchers or developers to create new and innovative, possibly paperless, voting system approaches that would still be independently auditable and conform to VVSG 2007 This may include newer, cryptographic-based systems that potentially promise greater usability and accessibility as well as security
Page 8Voting Program Activities Update Security (cont) Requirements to improve the accessibility of paper-based systems Requirements to improve the reliability and usability of VVPAT Radio-Frequency (RF) wireless will no longer be permitted for use on voting systems Requirements for test labs to conduct open-ended vulnerability testing on voting systems to search for vulnerabilities Setup validation requirements being updated to permit inspection of whether a voting system’s installed software is the correct software Other security areas: access control, auditing, cryptography, event logging, and physical security
Page 9Voting Program Activities Update Core Requirements Voting system quality, reliability (MTBF), and accuracy requirements being updated To improve voting system design and testing techniques To ensure that voting systems are robust and work properly To promote quality systems, requirements for vendors to comply with ISO 9000/9001 COTS testing requirements being written To make clearer whether to exclude certain COTS products from in-depth source code reviews COTS grouped into several categories Each category has its own testing requirements Conventions for software coding being examined E.g., requiring software languages that contain improved integrity and security constructs
Page 10Voting Program Activities Update Summary of TGDC Resolutions Innovation class - TGDC to include in VVSG 2007 a class for new, innovative voting system approaches, NIST to research high-level requirements Wireless security - no RF wireless in future voting systems Software Independence
Page 11Voting Program Activities Update Summary (cont) Recommendation to ICDR - TGDC recommends Interagency Committee on Disability Research include voting as topic of future conference Principal criteria - VVSG 2007 to include a stmt that voting systems should be reliable, secure, accurate, usable, accessible, fit for use Moving away from MTBF metric - TGDC directs NIST to research new reliability metric to replace older MTBF metric
Page 12Voting Program Activities Update Plans for Next 7 Months For VVSG 2007: 1-2 additional TGDC meetings; roughly 40 teleconferences Research will be completed for usability performance benchmarks Requirements for implementing software independence and other security improvements will be completed Requirements for voting systems to be more reliable and usable both for voters and election officials will be completed Delivery to EAC in July 2007 NVLAP will continue to investigate potential applicants for accreditation Test suite development for VVSG 2007 will start based upon FY07 fiscal appropriations
Page 13Voting Program Activities Update Plans Post-VVSG 2007 NIST is prepared to assist the EAC in vetting the VVSG 2007 with other organizations, including: the EAC’s Standards Board the Access Board other voting-related organizations, e.g., NASS, NASED NIST is prepared to assist the EAC, if requested, to perform research in response to public comments Continued development of test suites for VVSG 2007
Page 14Voting Program Activities Update Discussion