Briefing for NIST Acting Director James Turner regarding visit from

EAC Commissioners

March 26, 2008

For internal use only

1

Briefing Purpose and Overview

• Purpose: to prepare for the EAC visit• Overview:

1. Current NIST voting activities and plans2. EAC concerns3. Supporting background material4. Detailed discussion

2

Current Voting Activities Work PlanFunding - $3.25M

• Assisting the EAC in vetting next VVSG– Met with Standards and Advisory Boards – Assist in resolution of public reviews– Participate in EAC public roundtable discussions– Perform additional research in support of EAC issues

• Developing test suite for next VVSG– Target areas where tests could apply to VVSG 2005– Important to build test suite early on

• Feedback to standard while it can still be updated• Helps manufacturers build quality products

• Preparing guidance for UOCAVA (Uniformed and Overseas Citizens Absentee Voting Act) issues

• Continuing NVLAP accreditation of voting system test labs

3

EAC Concerns

1. Changes to next VVSG• Perform additional research in support of making

major changes to key areas2. Support for VVSG 2005• Retrofit VVSG 2005 with material from next VVSG• Refocus next VVSG test development on VVSG 2005

3. Issues with NVLAP• Review management practices of labs• Review validity of lab-developed test suites

4

Supporting Background Material

1. HAVA and TGDC2. Voting Standards and Test Development

Activities3. UOCAVA (Uniformed and Overseas Citizens

Absentee Voting Act) support4. NVLAP accreditation of voting system test

labs

5

HAVA• Passed in 2002 in wake of 2000 elections• Gave money to states to buy new equipment• Created EAC and TGDC to work in conjunction with

NIST

6

NIST HAVA Responsibilities• Chair TGDC• Provide technical support to TGDC in development of

VVSG • Recommend independent testing labs to EAC for

accreditation

2005 Voluntary Voting System Guidelines

• Created in 9 months• Improves the 2002 VSS by addressing: – Human Factors – VVPAT (Voter Verifiable Paper Audit Trails) – Wireless– Software Distribution and Setup Validation– Conformance, Glossary, Error Rates

7

What is the Next VVSG?

• Complete re-write of VVSG 2005 • More usable, precise standard• Will be accompanied by a public test suite

under development by NIST• Key new items (of concern to EAC):– Software Independence (SI)– The Innovation Class– Open Ended Vulnerability Testing (OEVT)

8

Software Independence

• Voting systems must be SI– Accuracy of the election must not rely exclusively on the

accuracy of the voting system software– Accuracy of the system’s electronic records will be able to

be independently audited against an independent voter-verified record (IVVR)

– Systems that do this currently are paper-based e.g., optical scan, VVPAT

9

Innovation Class

• Next VVSG includes an Innovation Class– Allows developers to create new and innovative, possibly

paperless, voting system approaches that would still be independently auditable and conform to the next VVSG

– May include newer, cryptographic-based systems that potentially promise greater usability and accessibility as well as security

– Requires more definition by EAC to develop policy and procedures

10

OEVT• Expert security review during conformance testing• Involves a red-team* approach to finding problems

not caught by other testing• Concern expressed by EAC, test labs, election

officials over its – repeatability– open-ended nature– potential cost

* red team - independent review of voting system security

11

UOCAVA

• Uniformed and Overseas Citizens Absentee Voting Act support

• At request of EAC, NIST writing guidance to assist states in electronic alternatives to postal-based methods for sending registration and ballot materials

• Smaller effort than standards and testing efforts

12

NVLAP

• Mandated by HAVA to investigate and recommend voting system test labs to EAC

• NIST NVLAP has recommended 4 labs to EAC for accreditation as Voting System Test Labs (VSTLs)

• NVLAP examines labs capability to test voting systems according to standards in place

13

Discussion of EAC Concerns

1. Changes to next VVSG– Perform additional research in support of potential

major changes to key areas

2. Support for VVSG 2005– Retrofit VVSG 2005 with material from next VVSG– Refocus next VVSG test development on VVSG 2005

3. Issues with NVLAP– Review management practices of labs– Review validity of lab-developed test suites

14

1. Changes to Next VVSG• EAC has extended public review of next VVSG:– Gathering input from public review, public roundtables– SI and other requirements caused controversy with

election officials, Standards Board, manufacturers– Concern with increase in cost of testing

• EAC asked NIST to perform additional research: (formal letter sent to Mark Skall 2-13-2008) – Alternatives to SI that don’t require paper trails– Impact of certifying parts of voting systems (components)

• Output of research and recommendations should involve participation of TGDC

15

2. Support for VVSG 2005EAC may ask NIST to:• Add/retrofit material from next VVSG to VVSG 2005– Possibly: Volume testing, aspects of OEVT

• Develop a test suite for VVSG 2005– Says that current tests by labs not adequate, they think a

common test suite is needed• Concerns – Ambiguous, incomplete, un-testable requirements– Resource re-alignment

16

3. NVLAP

17

• EAC has issues with some aspects of VSTL performance

• Letter sent to Mary Saunders 03-13-2008–NVLAP to review how labs utilize

appropriately qualified staff for testing–NVLAP to review validity of test methods

used by labs

Discussion

18