briefing for nist acting director james turner regarding visit from eac commissioners march 26, 2008...
TRANSCRIPT
Briefing for NIST Acting Director James Turner regarding visit from
EAC Commissioners
March 26, 2008
For internal use only
1
Briefing Purpose and Overview
• Purpose: to prepare for the EAC visit• Overview:
1. Current NIST voting activities and plans2. EAC concerns3. Supporting background material4. Detailed discussion
2
Current Voting Activities Work PlanFunding - $3.25M
• Assisting the EAC in vetting next VVSG– Met with Standards and Advisory Boards – Assist in resolution of public reviews– Participate in EAC public roundtable discussions– Perform additional research in support of EAC issues
• Developing test suite for next VVSG– Target areas where tests could apply to VVSG 2005– Important to build test suite early on
• Feedback to standard while it can still be updated• Helps manufacturers build quality products
• Preparing guidance for UOCAVA (Uniformed and Overseas Citizens Absentee Voting Act) issues
• Continuing NVLAP accreditation of voting system test labs
3
EAC Concerns
1. Changes to next VVSG• Perform additional research in support of making
major changes to key areas2. Support for VVSG 2005• Retrofit VVSG 2005 with material from next VVSG• Refocus next VVSG test development on VVSG 2005
3. Issues with NVLAP• Review management practices of labs• Review validity of lab-developed test suites
4
Supporting Background Material
1. HAVA and TGDC2. Voting Standards and Test Development
Activities3. UOCAVA (Uniformed and Overseas Citizens
Absentee Voting Act) support4. NVLAP accreditation of voting system test
labs
5
HAVA• Passed in 2002 in wake of 2000 elections• Gave money to states to buy new equipment• Created EAC and TGDC to work in conjunction with
NIST
6
NIST HAVA Responsibilities• Chair TGDC• Provide technical support to TGDC in development of
VVSG • Recommend independent testing labs to EAC for
accreditation
2005 Voluntary Voting System Guidelines
• Created in 9 months• Improves the 2002 VSS by addressing: – Human Factors – VVPAT (Voter Verifiable Paper Audit Trails) – Wireless– Software Distribution and Setup Validation– Conformance, Glossary, Error Rates
7
What is the Next VVSG?
• Complete re-write of VVSG 2005 • More usable, precise standard• Will be accompanied by a public test suite
under development by NIST• Key new items (of concern to EAC):– Software Independence (SI)– The Innovation Class– Open Ended Vulnerability Testing (OEVT)
8
Software Independence
• Voting systems must be SI– Accuracy of the election must not rely exclusively on the
accuracy of the voting system software– Accuracy of the system’s electronic records will be able to
be independently audited against an independent voter-verified record (IVVR)
– Systems that do this currently are paper-based e.g., optical scan, VVPAT
9
Innovation Class
• Next VVSG includes an Innovation Class– Allows developers to create new and innovative, possibly
paperless, voting system approaches that would still be independently auditable and conform to the next VVSG
– May include newer, cryptographic-based systems that potentially promise greater usability and accessibility as well as security
– Requires more definition by EAC to develop policy and procedures
10
OEVT• Expert security review during conformance testing• Involves a red-team* approach to finding problems
not caught by other testing• Concern expressed by EAC, test labs, election
officials over its – repeatability– open-ended nature– potential cost
* red team - independent review of voting system security
11
UOCAVA
• Uniformed and Overseas Citizens Absentee Voting Act support
• At request of EAC, NIST writing guidance to assist states in electronic alternatives to postal-based methods for sending registration and ballot materials
• Smaller effort than standards and testing efforts
12
NVLAP
• Mandated by HAVA to investigate and recommend voting system test labs to EAC
• NIST NVLAP has recommended 4 labs to EAC for accreditation as Voting System Test Labs (VSTLs)
• NVLAP examines labs capability to test voting systems according to standards in place
13
Discussion of EAC Concerns
1. Changes to next VVSG– Perform additional research in support of potential
major changes to key areas
2. Support for VVSG 2005– Retrofit VVSG 2005 with material from next VVSG– Refocus next VVSG test development on VVSG 2005
3. Issues with NVLAP– Review management practices of labs– Review validity of lab-developed test suites
14
1. Changes to Next VVSG• EAC has extended public review of next VVSG:– Gathering input from public review, public roundtables– SI and other requirements caused controversy with
election officials, Standards Board, manufacturers– Concern with increase in cost of testing
• EAC asked NIST to perform additional research: (formal letter sent to Mark Skall 2-13-2008) – Alternatives to SI that don’t require paper trails– Impact of certifying parts of voting systems (components)
• Output of research and recommendations should involve participation of TGDC
15
2. Support for VVSG 2005EAC may ask NIST to:• Add/retrofit material from next VVSG to VVSG 2005– Possibly: Volume testing, aspects of OEVT
• Develop a test suite for VVSG 2005– Says that current tests by labs not adequate, they think a
common test suite is needed• Concerns – Ambiguous, incomplete, un-testable requirements– Resource re-alignment
16
3. NVLAP
17
• EAC has issues with some aspects of VSTL performance
• Letter sent to Mary Saunders 03-13-2008–NVLAP to review how labs utilize
appropriately qualified staff for testing–NVLAP to review validity of test methods
used by labs
Discussion
18