Voting Project Briefing for William Jeffrey Director, NIST September 26, 2005 National Institute of...
-
Upload
elizabeth-wade -
Category
Documents
-
view
213 -
download
0
Transcript of Voting Project Briefing for William Jeffrey Director, NIST September 26, 2005 National Institute of...
Voting ProjectBriefing for William Jeffrey
Director, NIST
September 26, 2005National Institute of Standards and
Technologyhttp://vote.nist.gov
page 2
Briefing Outline History of Voting Standards HAVA TGDC VVSG Implementation Strategy NIST/TGDC Activities Who’s Who VVSG Version 1 Description VVSG Version 2 Work to Date Lab Accreditation Funding Outreach Issues
page 3
History of Voting Standards
1975 NBS/NIST issues report critical of electronic vote tallying
1984 Congress funds FEC to develop national standards
1990 FEC issues Standards NASED to oversee testing
1999 Congress funds FEC to update Standards
2002 FEC issues new Standards – 2002 VSS 2002 HAVA enacted
page 4
Help America Vote Act (HAVA)
Provides for the creation of the Technical Development Guidelines Committee (TGDC)
Mandates that the TGDC provide its first set of recommendations to the EAC not later than 9 months after all of its members have been appointed.
Assigns specific responsibilities to NIST
page 5
NIST Responsibilities Under HAVA
NIST Director Chairs the TGDC Provides technical support (R&D) to the TGDC including
Security of computers Methods to detect and prevent fraud Protection of Voter Privacy Human factors, including assistive technologies for
individuals with disabilities Remote access voting
Laboratory Accreditation NIST submits, to the EAC, a list of proposed
laboratories to be accredited no later than 6 months after adoption of standard
Human Factors Report
page 6
Composition of TGDC 15 Members including the Chairman
An equal number of members from Standards Board Board of Advisors Architectural and Transportation Barrier
Compliance Board (Access Board) ANSI representative IEEE representative 2 representatives of NASED Others with technical and scientific expertise
page 7
TGDC Members Chair:
William JeffreyDirector of the National Institute of Standards and Technology (NIST)
Representing Standards Board: John Gale Nebraska Secretary of State
Alice MillerDirector of Elections-District of Columbia
Representing Board of Advisors:Sharon Turner BuieDirector of Elections-Kansas City
Helen PurcellMaricopa County Recorder
page 8
TGDC Members (Continued)
Representing Access Board:James Elekes
Dr. James (“J.R.”) R. Harding
Representing ANSI:David KarmolVice President, Policy and Government Affairs
Representing IEEE:H. Stephen BergerTEM Consulting, LP- Chair, IEEE SEC 38 (Voting Syst. Stds.)
Representing National Association of State Election Directors (NASED):Dr. Brittain WilliamsRetired professor- Kennesaw StateTucker, GA
Paul CraftFlorida Department of State, Voting Systems
page 9
TGDC Members (Continued)
Other: Patrick GannonPresident and CEO,OASIS
Whitney QuesenberyPresident-Usability Professionals' Association Dr. Ronald RivestProfessor, MIT-Department of Electrical Engineering and Computer Science
Dr. Daniel Schutzer Vice President & Director of External Standards and Advanced Technology, e-Citi, CitiGroup
page 10
TGDC Method of Operation Plenary Sessions
Formal meetings held periodically to develop resolutions, review work products, discuss, and vote Public invited to attend and provided access via webcast, transcripts published
Subcommittees Comprised of TGCG members and supported by NIST staff Gather and analyze information in support of development of voting system guidelines Conduct bi-weekly teleconferences with occasional face-to-face meetings Public provided access via Internet, transcripts provided
NIST Staff Provide technical expertise and research Develop work products as directed by TGDC resolutions, with guidance from subcommittee Work products are submitted to the entire TGDC for approval
page 11
Voluntary Voting System Guidelines (VVSG)
Implementation Strategy Develop best long-term voting systems guidelines
possible Build on strengths of 2002 VSS Significantly enhance areas needing improvement Redesign and reorganize for clarity and testability
Provide guidance to states in time for 2006 election cycle
Implied need to minimize changes to 2002 VSS while filling in 2002 VSS gaps
Implied need to require only what is possible by 2006 Thus, two guidelines developed:
VVSG Version 1 – augmented 2002 VSS for 2006 VVSG Version 2 – new, redesigned guideline
page 12
NIST/TGDC Activities - 1 Dec 2003 – NIST Symposium
Building Trust and Confidence in Voting Systems July 2004: 1st TGDC meeting
Organizational, divided into 3 subcommittees: Human factors and privacy Core requirements and testing Security and transparency
Sep 2004: information gathering meeting for the TGDC Heard public input from voting officials, vendors
page 13
NIST/TGDC Activities - 2 January 2005: VVSG direction
Discussed, adopted 35 resolutions affecting development of VVSG Version 1 and VVSG Version 2
EAC requests NIST develop VVPAT requirements NIST subsequently prioritized resolutions
March 2005: VVSG Version 1 preliminary drafts Commented on presentations, materials from NIST staff EAC requests additional security material for VVSG Version 1
April 2005: final draft and VVSG Version 1 adoption Commented on final materials from NIST staff NIST directed to make final edits and deliver to EAC
May 9, 2005: VVSG Version 1 delivered to EAC EAC version released June 29, 2005 Public review ends Sept. 30, 2005
page 14
Who’s WhoEAC
Standards Board Advisory Board TGDC
EAC Executive Director
EAC Commissioners: Gracia Hillman, chair Paul DeGregorio, vice-chair Ray Martinez Donetta Davidson – former Colorado Secy of State & TGDC memberEAC Executive Dir.Tom Wilkey - former NY State Election Director, VSS organizer/advocate
Standards Board: 110 members drawn from State and local election officialsAdvisory Board: 37 members drawn from various national associations and government agencies.TGDC (vocal and active members) Whitney Quesenberry - HFP chair, Usability/Accessibility expert, very engaged w/NIST Ron Rivest - STS chair, renowned cryptographer and security expert, very engaged w/NIST Dan Schutzer - CRT chair, VP at CitiGroup Brit Williams - NASED rep, Kennesaw State U., Georgia, performs state voting system certifications, contracted to assist EAC with VVSG public
comments Paul Craft - NASED rep, head of elections for Florida Steve Berger - IEEE rep, chair IEEE Voting System Standard, contract with EAC
National Association of State Election Directors, prior to HAVA had authority on standard, Qualification (Certification) and ITAs
National Association of Secretaries of States
NASED
NASS
page 15
New Material in VVSG Version 1
1. Conformance Clause2. Human Factors3. Security Overview – IDV Systems4. VVPAT5. Wireless6. Software Distribution/Setup Validation7. Glossary8. Error Rates9. Best Practices for Voting Officials
page 16
Conformance Clause VSS-2002 did not include a conformance clause Conformance: the fulfillment by a product,
process, or service of requirements as specified in a standard or specification
The conformance clause of a standard specification is a high-level description of what is required of implementers and developers
Refers to other parts of the standard Specifies minimal requirements for certain functions and
implementation-dependent values Specifies the permissibility of extensions, options, and
alternative approaches and how they are to be handled
page 17
Human Factors The VSS-2002, Volume 1 Section 2.2.7, addressed
Accessibility; Section 3.4.9 addressed Human Engineering—Controls and Displays; Appendix C addressed Usability
VVSG Version 1 replaces these items with a new Section 2.2.7 that addresses Human Factors including accessibility, usability, and limited English proficiency
Privacy Requirements added Incorporates the two NASED Technical Guides
(Guide #1 and Guide #2) VVSG Version 2 will contain performance-based
requirements (specifies how voting systems must perform)
page 18
Security Overview New security Section 6.0, with 4
parts: Overview of Independent Dual
Verification (IDV) voting systems (informative only)
VVPAT Requirements Wireless Requirements Software Distribution/Setup Validation
Requirements
page 19
Independent Dual Verification
IDV systems produce a 2nd record of votes for ballot record integrity and auditability
Current approaches include Split process systems Witness systems – recently marketed Cryptographic-based systems – available
today VVPAT, modified Op Scan – available today
New Appendix D contains in-depth IDV discussion
IDV systems expected to evolve significantly in VVSG Version 2
page 20
VVPAT The VSS-2002 contained no requirements for voter
verified paper audit trails (VVPAT) Vendors, most States in need of consistent,
common guidance TGDC directed by EAC to produce VVPAT guidance
for States requiring VVPAT VVPAT a form of IDV VVSG does not require or endorse VVPAT Methods other than VVPAT can provide ways to
achieve IDV, as explained in Security Overview NIST used CA State, IEEE standards, and enacted
State legislation as initial basis
page 21
Wireless Technology TGDC concluded that use of wireless technology
introduces risk and should be approached with caution
VVSG Version 1 includes new section on wireless that augments the general telecommunications requirements in Volume 1, Section 5
Requires that wireless transmissions be encrypted to protect against a variety of security problems
Requires wireless to be turned on/off under controlled conditions
Requires backup procedures in case wireless fails
page 22
Software Distribution Helps to ensure correct version of
voting software is used Helps to ensure voting software is
set up correctly Uses NIST’s National Software
Reference Library at http://www.nsrl.nist.gov
page 23
Glossary Common terminology forms basis for
understanding requirements and for discussing improvements
This glossary contains terms from the VSS-2002 and additional terms needed to understand voting and related areas, e.g., security, human factors, testing
Terms in glossary include a definition and its source, and an association as to the domain for which the term applies
Also available in a web-based on-line version at http://www.nist.gov/votingglossary.
page 24
Best Practices for Voting Officials
VSS 2002 contained requirements for voting systems and testing entities
Requirements in VVSG Version 1 for wireless, VVPAT, human factors, etc. depend on voting officials developing and carrying out appropriate procedures
VVSG Version 1 contains best practices for voting officials
These are not testable and conformance can not be determined
Best Practices for Voting Officials are also contained in Appendix C of Volume I
page 25
VVSG Version 2 A comprehensive standards guideline, a
complete rewrite of 2002 VSS with updated and expanded material
Will draw from VSS, IEEE P1583, Federal and other standards
Will include material from VVSG Version 1 and other material as directed by TGDC resolutions from Jan ’05
Outreach with other efforts
page 26
VVSG2 Kick-Off Meeting with EAC
Meeting held on July 8 Follow-up meeting with Commissioners on July 26 Agreement that a lot more work needs to be
done Two Year Window for effective date does not
preclude enhancements to existing VVSG NIST/TGDC will deliver replacement “chunks” Candidate “chunks” include VVPAT, IDV, HFP
Final version of next iteration – July, 2007 Internet Voting
page 27
VVSG Version 2 Overview 5 major sections:
An overview for using the VVSG, executive summary, etc.
A terminology standard (NIST glossary) A product standard, containing general and voting-
activity related requirements (e.g., setup, cast, count, …)
A standard on data to be provided by testing authorities or the vendor
A testing standard including all test methods, testing requirements, evaluation guidelines, test cases, etc.
page 28
VVSG Version 2 Current Status
Detailed outline has been developed; NIST and TGDC working to create final version of outline
Timeline for VVSG2 deliverables has been created
Research underway: Meetings with vendors Working with usability and accessibility experts Threat analysis under development Preliminary requirements development
underway
page 29
Lab Accreditation June 23, 2004 FRN – NVLAP announced the
intent to establish a program for laboratories testing voting systems
August 17, 2004 – NVLAP conducted a public workshop
June 17, 2005 FRN – NVLAP announced the availability of application for its Voting Systems Testing accreditation program
June 2005 - A draft of NIST Handbook 1501-22, Voting Systems Testing, was made available to the public
page 30
Funding FY05 Funding - $2.8 million via the EAC and
$500K NIST funds FY06 Funding Request - $6.5 million
Includes comprehensive test suite development FY06 Funding Request constrained to $2.8 million
No test suite development Other items funded proportionately
FY07 Funding Request - $ 5 million Assumes $2.8 million for FY06 Includes test suite development
page 31
Outreach NSF Grant to Johns Hopkins University
To improve the reliability and trustworthiness of voting technology
Parallels many topics in NIST/TGDC plans Voting system architectures built for verifiability IDV and trusted models Defense-in-depth techniques for security
Many opportunities for collaboration or consultation NIST subsequently contacted NSF to initiate collaboration NSF invited NIST to kick-off meeting tentatively Winter,
2005
page 32
Outreach Continued State of MD Independent Verification Study
Studying add-on technologies to existing Diebold DREs Intent is to produce 2nd, verified record NIST may consult with respect to evaluation criteria
Threat Analysis Workshop October 7 at NIST/Gaithersburg To arrive at consensus on plausible threats May involve follow-on workshop or study
GAO Report Public release Fall/2005 Relevant to EAC/TGDC/NIST
page 33
Issues Working Relationship with EAC NIST/TGDC/EAC interrelationship Security/IDV
IDV De-emphasis in EAC version Time to do research Two year window for effective date
for VVSG1