NIST Voting Program Activities Update February 21, 2007 Mark Skall Chief, Software Diagnostics and Conformance Testing Division.
Download ReportTranscript NIST Voting Program Activities Update February 21, 2007 Mark Skall Chief, Software Diagnostics and Conformance Testing Division.
NIST Voting Program Activities Update February 21, 2007 Mark Skall Chief, Software Diagnostics and Conformance Testing Division Deliverables to the EAC Next iteration of Voluntary Voting System Guidelines Test materials for new VVSG Delivered separately from new VVSG Delivered incrementally over the next few years List of recommended test laboratories NVLAP (National Voluntary Laboratory Accreditation Program) Voting Program Activities Update Page 2 Background Help America Vote Act (HAVA) of 2002 Created TGDC NIST performs research and technical support Initial TGDC recommendations required within 9 months TGDC/NIST delivered VVSG 2005 to EAC 15 members, different disciplines Chaired by NIST Director Limited, based on 2002 standard Enhanced areas: security, human factors Decided to develop more comprehensive guideline Next iteration of the VVSG Voting Program Activities Update Page 3 Next Iteration of the VVSG Complete re-write of VVSG 2005 in all areas Deliver to EAC in July, 2007 NIST performs research for the EAC’s TGDC (Technical Guidelines Development Committee) Usability and Accessibility Security Core Requirements TGDC makes recommendations to the EAC NIST does not make recommendations NIST does the technical writing of the VVSG Voting Program Activities Update Page 4 Dec 4-5 TGDC Meeting The meeting was perhaps the most important to date Major items for next iteration of the VVSG approved by the TGDC included: Software-independence - must use verifiable voting records for independent audits Process to include new and innovative voting systems with greater usability, accessibility, and security Prohibiting RF wireless Improving the methods for measuring reliability and accuracy of voting systems Improving and updating the usability and accessibility requirements Improving requirements for the overall reliability of VVPAT voting systems Voting Program Activities Update Page 5 Usability & Accessibility Updates to Usability requirements Updates to Accessibility requirements Usability performance benchmarks are being researched Result will be more accurate and realistic usability performance metrics - voting systems will be easier to use Research and requirements to be completed by 4/2007 Relatively minor updates from VVSG 2005 Updates to other requirements for Alternative languages Documentation Plain language Voter and system response timing Voting Program Activities Update Page 6 Security New VVSG will require new voting systems to be software-independent: Accuracy of the election will not rely exclusively on the accuracy of the voting system software Accuracy of the system’s electronic records will be able to be independently audited against a voter-verified record Systems that do this currently are paper-based e.g., optical scan, VVPAT New VVSG will include an Innovative Class TGDC is including a method for researchers or developers to create new and innovative, possibly paperless, voting system approaches that would still be independently auditable and conform to the new VVSG This may include newer, cryptographic-based systems that potentially promise greater usability and accessibility as well as security Voting Program Activities Update Page 7 Security (cont) Requirements to improve the accessibility of paper-based systems Requirements to improve the reliability and usability of VVPAT Radio-Frequency (RF) wireless will no longer be permitted for use on voting systems Requirements for test labs to conduct open-ended vulnerability testing on voting systems to search for vulnerabilities Setup validation requirements being updated to permit inspection of whether a voting system’s installed software is the correct software Other security areas: access control, auditing, cryptography, event logging, and physical security Voting Program Activities Update Page 8 Core Requirements Voting system quality, reliability (MTBF), and accuracy requirements being updated To promote quality systems, requirements for vendors to comply with ISO 9000/9001 COTS testing requirements being written To improve voting system design and testing techniques To ensure that voting systems are robust and work properly To make clearer whether to exclude certain COTS products from in-depth source code reviews COTS grouped into several categories Each category has its own testing requirements Conventions for software coding being examined E.g., requiring software languages that contain improved integrity and security constructs Voting Program Activities Update Page 9 Summary of TGDC Resolutions Innovation class - TGDC to include in new VVSG a class for new, innovative voting system approaches, NIST to research high-level requirements Wireless security - no RF wireless in future voting systems Software Independence Voting Program Activities Update Page 10 Summary (cont) Recommendation to ICDR - TGDC recommends Interagency Committee on Disability Research include voting as topic of future conference Principal criteria – New VVSG to include a stmt that voting systems should be reliable, secure, accurate, usable, accessible, fit for use Moving away from MTBF metric - TGDC directs NIST to research new reliability metric to replace older MTBF metric Voting Program Activities Update Page 11 List of Proposed Test Labs NVLAP assesses potential voting system testing laboratories NIST Director proposes them to the EAC EAC makes decision whether to accredit them to test voting systems Proposals made to EAC on January 18, 2007 Proposed two test laboratories for accreditation to test to VSS 2002 and VVSG 2005 IBeta Quality Assurance Sys Test Labs Voting Program Activities Update Page 12 Plans for Next Few Months For new VVSG: 1-2 additional TGDC meetings; roughly 40 teleconferences Research will be completed for usability performance benchmarks Requirements for implementing software independence and other security improvements will be completed Requirements for voting systems to be more reliable and usable both for voters and election officials will be completed Delivery to EAC in July 2007 NVLAP will continue to investigate potential applicants for accreditation Test suite development for new VVSG will start based upon FY07 fiscal appropriations Funding Currently, testing laboratories develop tests Need comprehensive, transparent set of test suites Voting Program Activities Update Page 13 Plans Post-New VVSG NIST is prepared to assist the EAC in vetting the VVSG 2007 with other organizations, including: the EAC’s Standards Board the Access Board other voting-related organizations, e.g., NASS, NASED NIST is prepared to assist the EAC, if requested, to perform research in response to public comments Continued development of test suites for new VVSG Voting Program Activities Update Page 14 Discussion Voting Program Activities Update Page 15