Implementation plan for voting system requirements set
- By William Jackson
- Apr 07, 2009
The Election Assistance Commission (EAC) expects to finish up work on a revised set of voluntary guidelines for voting systems later this year, setting the stage for a complete rewrite of the guidelines expected to be completed in 2011.
The Voluntary Voting System Guidelines (VVSG) are a set of standards created by the EAC for use by states in certifying voting equipment. Since elections are administered by the states rather than the federal government the EAC guidelines are voluntary, but a majority of states require compliance with some version of them for their voting systems.
The current generation of guidelines is the 2005 VVSG. The EAC’s Technical Guidelines Development Committee, along with the National Institute of Standards and Technology (NIST), has been working on a major rewrite of these guidelines for the last year. They are referred to as the Next Iteration. NIST also is developing a suite of standard tests for the Next Iteration guidelines that would replace the current proprietary tests now used by accredited laboratories to test voting equipment.
The EAC was created by the Help America Vote Act of 2002. Prior to that, the first set of national voting system standards was created in 1990 by the Federal Election Commission. Testing and certification of voting systems was overseen by an organization of state election officials. In 2002 EAC was given responsibility of updating these standards and overseeing the testing and certification. The present VVSGs were adopted in 2005.
The guidelines and the testing are intended to address concerns about the reliability and security of voting systems that have arisen in the last decade, particularly electronic systems. As electronic systems have become more widely adopted to avoid the confusion created by mechanical systems with paper ballots in the 2000 presidential election, critics have pointed out that computer-based systems are subject to the same security vulnerabilities and failings as other IT systems.
A review of public comments on proposals for the Next Iteration of guidelines convinced the EAC that the guidelines needed an interim revision so that needed improvements in testing could be made more quickly. The revision also would buy the EAC time to deal with some thornier technical issues it the Next Iteration. These issues include:
- Developing a threat assessment of voting systems.
- Possibly developing requirements for a common interface language for peripheral voting equipment such as e-pollbooks.
- Addressing recommendations such as software independence in voting equipment and open ended vulnerability testing.
The EAC and NIST began working on the revision of the 2005 guidelines in July 2008 and expects to publish a draft for a 90-day public comment period in May. The final revision would be adopted in October. Work on the Next Iteration guidelines would continue, with a draft expected to be released for 120-day comment period next year. The final version is expected to be released in 2011.
NIST has said that the new test suite being developed for the Next Iteration is not necessarily applicable to the 2005 revision guidelines; but the EAC has said it plans to use at least some of the standardized tests for those portions of the revision that have been adopted from the Next Iteration.
William Jackson is freelance writer and the author of the CyberEye blog.