TGDC Decides Against Software Independent Systems

As Cameron posted to the blog yesterday, the Technical Guidelines Development Committee is meeting today and tomorrow at the NIST Gaithersburg facility to discuss its advice to the Election Assistance Commission for the 2007 Voluntary Voting System Guidelines. The meeting is being webcast and will be archived for later viewing. Presentation slides should also be available online in the next few days. Contrary to the white paper we circulated late last week, and supported in a letter to the NIST director, the TGDC rejected a proposal for requiring voting systems to be software independent under the next Voluntary Voting System Guidelines.

As my post on e-voting late last week suggests, there is some confusion about the timeline the TGDC and EAC are working on with respect to voting guidelines. Some clarification is in order. (Those wishing to jump to the meeting activity should skip ahead.)

Voting systems are currently being tested to the 2002 Voting System Standards approved by the Federal Election Commission. The 2005 Voluntary Voting System Guidelines were approved in December 2005 and were supposed to take effect in December of 2007, 24 months later. However, according to EAC Commissioner Donetta Davidson, new voting systems will be tested to both the 2002 VSS and 2005 VVSG as of January 1, 2007. As of December 13, 2007, systems will be tested only to the 2005 VVSG.

As for the development and implementation of the 2007 VVSG, the EAC is expecting a draft from the TGDC on July 31, 2007. Given the required public hearing and comment period, along with possible revisions, the EAC anticipates adopting the 20007 VVSG no earlier than November of 2007, and this could slip into early 2008. The guidelines would become operative several months later (presumably 24 months, but with the recent changes on the 2005 VVSG, that’s not as certain).

On to the meeting. Today and tomorrow the TGDC will hear from the NIST staff supporting its three subcommittees – the Security and Transparency Subcommittee (STS), the Core Requirements and Testing Subcommittee (CRT) and the Human Factors and Privacy Subcommittee (HFP). Today the committee heard from STS and CRT. Tomorrow CRT will finish its briefing, and the committee will hear from HFP. Several resolutions should be debated and voted on tomorrow, though some were considered today. While the EAC staff present will comment as they deem appropriate, there will be no public comment at this meeting. Comments may be sent through this webpage, and are encouraged.

The meeting started with remarks from EAC Commissioner Davidson, who declared this past election “very successful” with only 39 jurisdictions out of over 6700 reporting problems, and CNN reporting 88 percent of voters confident in the results of the election. Voters in Denver and Sarasota would no doubt disagree. She also made remarks suggesting a disdain for the trend toward paper trails, encouraging the TGDC to avoid a scenario where the courts must make decisions based on faulty or missing paper trails. Other members of the TGDC (typically state elections officials) expressed similar frustration with paper trails, though a majority of voters are using some kind of system involving paper.

In connection with the white paper we posted about last week, the STS group reported on the need for software independent systems to better ensure security and reliability of elections (please see Cameron’s post linked to above for an analysis of the paper). This would require some kind of means (not necessarily paper, but that is the current state of the art) of verifiying the results of an election without depending on the software used in the voting systems. In other words, a more secure system would not depend on voting software being free of bugs or other problems.

A resolution was offered to recommend in the next VVSG that only software independent voting systems be approved. To emphasize that the TGDC was not foreclosing non-paper software independent voting systems another resolution was introduced requiring a process by which such new technologies could be tested and approved. This second resolution passed with unanimous consent. The first resolution failed – obtaining only six positive votes (eight votes were necessary since there are 14 members of the committee). Of the six who voted no, nearly all were state elections officials representing either the National Association of State Elections Directors or various Boards of the EAC. Not all of them voiced the reasons behind their opposition, but those who did cited reasons of additional burden to the states as well as some skepticism to the claims that the voting systems could not be sufficiently tested to an acceptable level of security. Expect some action on this resolution, or the idea of software independent systems during tomorrow’s meeting, because the STS chair indicated that NIST would need additonal guidance, as they’ve indicated in that white paper that they could not effectively develop security standards for software dependent voting systems.

The only other resolution passed today concerned wireless transmission involving voting systems. Consistent with the 2005 VVSG, infrared wireless will be acceptable because it is line of sight and easily shielded. Radio frequency wireless is not permitted on voting equipment that captures cast ballots. NIST has been directed to further examine paper records with an eye toward developing performance based requirements for security and usability.

There will be other resolutions voted on tomorrow, possibly including ones addressing standards for off-the-shelf technology and calling for the continuous paper rolls to be prohibited from voting systems. Stay tuned to the weblog for further information.

This entry was posted in E-voting, Privacy and Security. Bookmark the permalink. Comments are closed, but you can leave a trackback: Trackback URL.