In response to a request from the Election Assistance Commission (EAC), the National Institute of Standards and Technology conducted research on six specific areas in connection to voting systems. We posted about that request earlier on this blog. The goal of this research was to focus on the state of some very specific technical issues that are affected by the proposed next iteration of the Voluntary Voting System Guidelines (VVSG). Those issues are:
1. Possible alternatives to the requirement of Software Independence (SI)
2. Possible standards for ballot on demand systems
3. Potential impact of the VVSG on vote by phone systems
4. A feasibility study of the ramifications of the EAC separately testing and certifying components of a voting system, and requirements for interoperability between systems and system components
5. Impact of early voting and vote centers on the VVSG
6. Identification of “goal level requirements” in the VVSG and developing alternatives
You can read the results of that research online (PDF).
Given the focus of USACM comments on the VVSG, we are particularly interested in issues one and four. All areas of research described in the report are important, and will need some kind of resolution prior to the final approval of the next version of the VVSG.
The possible alternatives to Software Independence were end-to-end encryption systems, independent verification, and secure audit ports. The NIST team found that “all require significant research and prototyping before requirements could be written for the VVSG-NI.” NIST staff went a bit further, indicating that another alternative would be to replace the Software Independence requirement for Innovation Class systems with an auditability requirement. Exactly how that would work, and whether it could provide the same level of security as a Software Independence requirement, is unclear.
The NIST response to the feasibility of testing individual components of a voting system goes into significant detail about the challenges of such an approach. The least of these concerns is a shift away from an underlying theme of the VVSG – that a system is certified rather than individual components.
The EAC only recently received this document from NIST staff. It will inform what the Commission decides to do with the VVSG, but when it will decide and what it will decide are not clear at this time.