and Transparency Subcommittee (STS) Teleconference*
Participants: Allan Eustis, Angela Orbaugh, Barbara Guttman, Bill Burr, David Flater, Helen Purcell, John Wack, Mat Masterson (EAC), Nelson Hastings, Patrick Gannon, Rene Peralta, Ron Rivest, Santosh Chokani, Sharon Laskowski, Steve Berger, Wendy Havens
Administrative Updates (Allan Eustis):
Review of Joint STS-HFP Teleconference
At the joint HFP/STS meeting, two topics were on the agenda: First, software independence and accessibility for the voter and second, software independence and its implications on the usability of audits. As an action item from discussion of the first topic, John Cugini is working on a paper outlining some methods to be discussed on 2/23. One key issue to keep in mind is the notion of SI and accessibility in understanding all the ramifications and complexities when reviewing voter verification. John Wack expressed concerns that the machines used for voter verification would not be the same for both sighted and unsighted voters. Discussion ensued on "separate but equal" access or more appropriately "sufficient" access. Discussion has not occurred regarding implementation details regarding usability. The significance of auditability to security needs to be stressed - a proposal to toss auditability was a non-starter. The next joint STS/HFP meeting is 2/23/07 at 11:00 a.m.
Update on Comments Received on Access Control and System Event Logging Sections
All comments that were received last week have been reviewed. Some changes have been made, such as the comments regarding improving requirements with the wording "shall be capable of" have been corrected. Subcommittee is currently reviewing comments about items that should be in other sections. Three specific questions were discussed:
Update on Modifications to Setup Validation Section
All changes discussed at the last STS conference call were made for the section on software identification and software verification. One of the changes was limiting the scope of software requirements to election management systems. Discussion ensued about the scope of set up requirements on networked devices. This had been brought up originally by David Wagner because of a concern with viruses. Nelson has extended the scope in the paper to include not only the verification but the identification part as well. Consensus was reached that identification needs to be universal. Discussion continued about which pieces needed strong verification. Election management systems. The requirement regarding Network Vote Capture Devices will be changed to Vote Capture Devices and written with a "should", with the recommendation that this will become a "shall". A note will be added in the Discussion section annotating this.
Nelson then clarified what had been deleted. Correct behavior of the verification software requirement, external port requirement, chain of custody requirement, robustness of the verification technique, and sourcing of the verification hardware and software from parties other than the vendor were removed. The digital signature-centric language was modified. Barbara asked for a clarification about the impacts of the changes. These changes are all related to the requirements on the verification technique that was used. It was generalized to say that a technique had to be used, but it did not get specific. A clarification was then asked regarding what requirements were written to make sure a technique was good. Nelson will send out an email clarifying - the requirement needs to be strong but flexible.
Exchange Standards for Election Data (David Flater)
This subject is being brought up because STS was interested in looking at possibility of representing cast vote records and possibly other things in a standard export format. CRT's testing requirements are more broad than what's needed by STS. EDX cannot be used because it is the intellectual property of Hart. The current version of EML has a lot of issues - too many for testing as required by CRT. They are currently working on a new version but not sure if that will be ready in time for VVSG 07. One issue that will not be resolved in the next iteration is the conceptual distinction between a vote tally and a ballot count. John Wack feels that we will not be able to point to a specific standard by draft time. EML V5 may not be out in time to be referenced. Ron Rivest suggested that we put a placeholder in that states "cast vote records will be in a plausible open format, meeting the following requirements, etc." with the understanding that it could be replaced when EML V5 or V6 come out. STS needs to specify a list of requirements to determine if the next iteration will meet its needs. A comment could be added about it being STS's hope that EML will be the language we use as a standard.
Meeting adjourned at 12:00.
policy / security notice / accessibility statement