Fact Sheets from NIST skip navigation Contact NIST go to A-Z subject indexgo to NIST home pageSearch NIST web spaceNIST logo go to NIST Home page

Questions and Answers on the Draft Report:
“Requiring Software Independence in VVSG 2007: STS Recommendations for the TGDC”

Recent news accounts discussing the vulnerabilities of electronic voting systems contained in the report titled "Requiring Software Independence in VVSG 2007: STS Recommendations for the TGDC," have raised the question of whether the report's recommendations represent the official position of NIST. This draft report was prepared by staff at the National Institute of Standards and Technology (NIST) at the request of the Technical Guidelines Development Committee (TGDC) to serve as a point of discussion at its Dec. 4-5, 2006, meeting. Prepared in conjunction with the Security and Transparency Subcommittee (STS) of the TGDC, the report is a discussion draft and does not represent a consensus view or recommendation from either NIST or the TGDC. 

The report contains draft recommendations that were presented on Monday, Dec. 4, for consideration by the TGDC. The TGDC may adopt, reject, or modify the recommendations.

During the Dec. 4 & 5 meeting of the Technical Guidelines Development Committee, did the committee adopt any resolutions regarding the draft report, "Requiring Software Independence in VVSG 2007: STS Recommendations for the TGDC"?

Yes. On Dec. 5, Dr. Ron Rivest (chair of the TGDC transparency & security subcommittee, and professor, Massachusetts Institute of Technology, Department of Electrical Engineering & Computer Science) proposed the following draft resolution which passed unanimously.

Resolution # 06-06: Software Independence of Voting Systems
Election officials and vendors have appropriately responded to the growing complexity of voting systems by adding more stringent access controls, encryption, testing, and physical security to election procedures and systems. The TGDC has considered current threats to voting systems and, at this time, finds that security concerns do not warrant replacing deployed voting systems where EAC Best Practices are used.

To provide auditability and proactively address the increasing difficulty of protecting against all prospective threats, the TGDC directs the Security and Transparency Subcommittee (STS) to write requirements for the next version of the Voluntary Voting System Guidelines (VVSG) requiring the next generation of voting systems to be software independent. The TGDC directs the STS and the Human Factors and Privacy Subcommittee (HFP) to draft usability and accessibility requirements to ensure that all voters can verify the independent voting record.

The TGDC further directs STS and Core Requirements and Testing (CRT) Subcommittee to draft requirements to ensure that systems that produce independently verifiable voting records are reliable and provide adequate support for audits.

Several other resolutions, including one on a new class of voting systems and wireless security, also were adopted by the TGDC. The resolutions and other material from the Dec. 4 and 5, 2006, TGDC meeting are available at http://vote.nist.gov/index.htm.

What is the next step regarding this resolution?

The three subcommittees, working with technical experts at NIST, will draft requirements as stated in the resolution. The draft requirements will then be presented to the TGDC which may adopt, modify, or ask the subcommittee to revise the requirements. Once they are adopted by the TGDC, the requirements will become part of the next version of the VVSG that will be presented to the EAC for consideration in July 2007. Following a public comment period, the EAC will issue the voluntary guidelines.

What is the TGDC and what is NIST’s role in the group?

The TGDC is an advisory group to the Election Assistance Commission (EAC), which produces voluntary voting system guidelines. Both the TGDC and EAC were established by the Help America Vote Act of 2002. NIST serves as a technical adviser to the TGDC.

Why was the draft software independence report done?

It was drafted to help in the development of some of the key guidelines for the next generation of electronic voting machine to ensure that these systems are as reliable, accurate, and secure as possible. The guidelines, known as the Voluntary Voting System Guidelines 2007 (VVSG 2007), will be issued by the EAC after public comment.

How was the research in the software independence report done and how were conclusions reached?

The researchers’ and subcommittee’s conclusions in the draft report are based on interviews and discussions with election officials, voting system vendors, computer scientists, and other experts in the field, as well as a literature search and the technical expertise of its authors.

What review and approval process is followed for the recommendations in this report? Who is responsible for implementing the recommendations when they are final?

At the Dec. 4-5, 2006, TGDC meeting, the committee discussed the research conclusions and recommendations in the draft software independence report. See above for information on resolutions submitted to the TGDC.

It appears that the recommendations in the draft software independence report—if they were accepted as is—would require independent paper trails or other means of auditing Direct Record Electronic (DRE) voting machines, and decertification of current DREs that do not include independent audit mechanisms. Is that correct?

The TGDC approved a resolution on Dec. 5 that directs two of its subcommittees to draft requirements to ensure that systems that produce independently verifiable voting records are reliable and provide adequate support for audits. (See above for more information on this resolution.) Neither NIST nor the TGDC will make any requirements about certification, and the draft software independence report does not address issues of certification of current voting systems. Certification, decertification, or recertification of DREs is up to the Election Assistance Commission (EAC) and individual states. Current EAC certification procedures pertain to the VVSG 2005 guidelines. EAC requirements for 2007 certification would likely not take effect for many years. It has been erroneously reported that NIST is recommending decertification of DREs.

If the recommendations in the draft software independence report are adopted, would that mean that some DREs in use now could no longer be used?

No. The draft recommendations do not imply that existing DREs could no longer be used.  Decisions concerning decertification of DREs would be determined by the individual states. Issues of certification and decertification of voting systems currently in place are outside the scope of the draft report and the TGDC’s deliberations.

Does the draft software independence report conclude that there is no audit capability whatsoever in DREs?

The draft report says that DREs are auditable but not independently auditable.  In other words, the DRE audits itself which is less preferable than an independent audit capability.

Did the draft software independence report conclude that current DREs are highly vulnerable and a single programmer could “rig” an election?

Some statements in the report have been misinterpreted. The draft report includes statements from election officials, voting system vendors, computer scientists and other experts in the field about what is potentially possible in terms of attacks on DREs. However, these statements are not report conclusions.

Additional information is available at:
http://vote.nist.gov

 

Date created:12/1/06
Last updated:12/2/06
Contact: inquiries@nist.gov


 
go to NIST home page