1 / 15

NIST Voting Program Activities Update

NIST Voting Program Activities Update. February 21, 2007 Mark Skall Chief, Software Diagnostics and Conformance Testing Division. Deliverables to the EAC. Next iteration of Voluntary Voting System Guidelines Test materials for new VVSG Delivered separately from new VVSG

joshua
Télécharger la présentation

NIST Voting Program Activities Update

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NIST Voting Program ActivitiesUpdate February 21, 2007 Mark Skall Chief, Software Diagnostics and Conformance Testing Division

  2. Deliverables to the EAC • Next iteration of Voluntary Voting System Guidelines • Test materials for new VVSG • Delivered separately from new VVSG • Delivered incrementally over the next few years • List of recommended test laboratories • NVLAP (National Voluntary Laboratory Accreditation Program) Voting Program Activities Update

  3. Background • Help America Vote Act (HAVA) of 2002 • Created TGDC • 15 members, different disciplines • Chaired by NIST Director • NIST performs research and technical support • Initial TGDC recommendations required within 9 months • TGDC/NIST delivered VVSG 2005 to EAC • Limited, based on 2002 standard • Enhanced areas: security, human factors • Decided to develop more comprehensive guideline • Next iteration of the VVSG Voting Program Activities Update

  4. Next Iteration of the VVSG • Complete re-write of VVSG 2005 in all areas • Usability and Accessibility • Security • Core Requirements • Deliver to EAC in July, 2007 • NIST performs research for the EAC’s TGDC (Technical Guidelines Development Committee) • TGDC makes recommendations to the EAC • NIST does not make recommendations • NIST does the technical writing of the VVSG Voting Program Activities Update

  5. Dec 4-5 TGDC Meeting • The meeting was perhaps the most important to date • Major items for next iteration of the VVSG approved by the TGDC included: • Software-independence - must use verifiable voting records for independent audits • Process to include new and innovative voting systems with greater usability, accessibility, and security • Prohibiting RF wireless • Improving the methods for measuring reliability and accuracy of voting systems • Improving and updating the usability and accessibility requirements • Improving requirements for the overall reliability of VVPAT voting systems Voting Program Activities Update

  6. Usability & Accessibility • Updates to Usability requirements • Usability performance benchmarks are being researched • Result will be more accurate and realistic usability performance metrics - voting systems will be easier to use • Research and requirements to be completed by 4/2007 • Updates to Accessibility requirements • Relatively minor updates from VVSG 2005 • Updates to other requirements for • Alternative languages • Documentation • Plain language • Voter and system response timing Voting Program Activities Update

  7. Security • New VVSG will require new voting systems to be software-independent: • Accuracy of the election will not rely exclusively on the accuracy of the voting system software • Accuracy of the system’s electronic records will be able to be independently audited against a voter-verified record • Systems that do this currently are paper-based e.g., optical scan, VVPAT • New VVSG will include an Innovative Class • TGDC is including a method for researchers or developers to create new and innovative, possibly paperless, voting system approaches that would still be independently auditable and conform to the new VVSG • This may include newer, cryptographic-based systems that potentially promise greater usability and accessibility as well as security Voting Program Activities Update

  8. Security (cont) • Requirements to improve the accessibility of paper-based systems • Requirements to improve the reliability and usability of VVPAT • Radio-Frequency (RF) wireless will no longer be permitted for use on voting systems • Requirements for test labs to conduct open-ended vulnerability testing on voting systems to search for vulnerabilities • Setup validation requirements being updated to permit inspection of whether a voting system’s installed software is the correct software • Other security areas: access control, auditing, cryptography, event logging, and physical security Voting Program Activities Update

  9. Core Requirements • Voting system quality, reliability (MTBF), and accuracy requirements being updated • To improve voting system design and testing techniques • To ensure that voting systems are robust and work properly • To promote quality systems, requirements for vendors to comply with ISO 9000/9001 • COTS testing requirements being written • To make clearer whether to exclude certain COTS products from in-depth source code reviews • COTS grouped into several categories • Each category has its own testing requirements • Conventions for software coding being examined • E.g., requiring software languages that contain improved integrity and security constructs Voting Program Activities Update

  10. Summary of TGDC Resolutions • Innovation class - TGDC to include in new VVSG a class for new, innovative voting system approaches, NIST to research high-level requirements • Wireless security - no RF wireless in future voting systems • Software Independence Voting Program Activities Update

  11. Summary (cont) • Recommendation to ICDR - TGDC recommends Interagency Committee on Disability Research include voting as topic of future conference • Principal criteria – New VVSG to include a stmt that voting systems should be reliable, secure, accurate, usable, accessible, fit for use • Moving away from MTBF metric - TGDC directs NIST to research new reliability metric to replace older MTBF metric Voting Program Activities Update

  12. List of Proposed Test Labs • NVLAP assesses potential voting system testing laboratories • NIST Director proposes them to the EAC • EAC makes decision whether to accredit them to test voting systems • Proposals made to EAC on January 18, 2007 • Proposed two test laboratories for accreditation to test to VSS 2002 and VVSG 2005 • IBeta Quality Assurance • Sys Test Labs Voting Program Activities Update

  13. Plans for Next Few Months • For new VVSG: • 1-2 additional TGDC meetings; roughly 40 teleconferences • Research will be completed for usability performance benchmarks • Requirements for implementing software independence and other security improvements will be completed • Requirements for voting systems to be more reliable and usable both for voters and election officials will be completed • Delivery to EAC in July 2007 • NVLAP will continue to investigate potential applicants for accreditation • Test suite development for new VVSG will start based upon FY07 fiscal appropriations • Funding • Currently, testing laboratories develop tests • Need comprehensive, transparent set of test suites Voting Program Activities Update

  14. Plans Post-New VVSG • NIST is prepared to assist the EAC in vetting the VVSG 2007 with other organizations, including: • the EAC’s Standards Board • the Access Board • other voting-related organizations, e.g., NASS, NASED • NIST is prepared to assist the EAC, if requested, to perform research in response to public comments • Continued development of test suites for new VVSG Voting Program Activities Update

  15. Discussion Voting Program Activities Update

More Related