Security and Transparency Teleconference Meeting
Wednesday, August 23, 2006
10:30 a.m.

Participants: Alicia Clay, Allen Eustis, Angela, David Flater, Helen Purcell, Nelson Hastings, Patrick Gannon, Philip Pearce, Ron Rivest, Sharon Laskowski, Thelma Allen, Wendy Haven

The meeting was called to order at 10:33 a.m.

Administrative Updates:

  • Allan Eustis is in Wyoming observing their post election certification process, receiving an education about canvassing procedures after an election. Laramie county has a secure routine and back up process. Trip report forthcoming upon Allen's return.

  • Allen forwarded a note about CNN's Lou Dobbs Tonight which featured an interview with Verified Voting's Founder, Stanford computer science Professor David Dill, concerning the failed pre-election Logic & Accuracy (L&A) tests of voting machines in Pinellas County, Florida last week.

  • There will be several NIST employees attending upcoming logic and accuracy tests in WA, DC, and MD. Follow up notes will be sent out.

  • Helen Purcell mentioned that they were conducting L&A tests on the August 29th. They are having problems with their DREs because of their size. Everything is not able to fit on one computer, more like 12 - they have over 7,000 ballot styles. They have new legislation in place and must count certain counties (approx 2%).

  • John Wack and Nelson Hastings will be traveling to DC on Friday to observe Q&A tests.

  • Nelson introduced Stephen Quinn from the Computer Security Division (CSD).

  • Alternative dates of Tuesday or Thursday were suggested for the teleconferences. Nelson has sent an email out with new dates.
Basic Assumptions:
  • Steve gave a quick introduction regarding CSD's plans to provide various security input to the group. Sections will be introduced into the group for vetting. A schedule of deliverables will be posted on the web. For the August 23rd meeting, the discussion will center around Basic Assumptions for which a bulletized package was forwarded before the meeting.

  • General comments about the sections organization were discussed, including what was the context of the bullets. The bullets are being provided for background material and for the framework in writing the security section

  • Page 1:
    Bullet 1: This bullet discussing voting systems should be replaced with David Flater's definition of voting systems and voting process.
    Bullet 2: Voter registration systems are not part of the voting system
    Bullet 3: Clarify that the poling place in part of the voting system
    Bullet 4: Procedures for running elections are a part of the voting process but not a part of the voting system and therefore outside of scope

  • Page 2:
    Bullet 1: Regarding changes should be inexpensive - What kind of changes are we talking about? It was decided to remove this bullet and it would be given as a verbal guide.

  • Page 3:
    Bullet 6: Discussion about "possible" adversaries.

  • Page 4:
    Add bullet about certification testing not guaranteeing 100% against vulnerabilities.

  • Page 5:
    Methods regarding voter registration system will eventually appear in the VVSG, not immediately.
    Last Bullet: Needs adjustment. How much tampering is possible. Degree of affect needs to be accounted for as well as the risk of detection.

  • Page 6:
    Bullet 1: Not broad enough. Needs to include states view.
    Last Bullet: Intention of this bullet? Needs to have procedures specified and the operation impact of the VVSG.

  • Page 7:
    Bullet 1: Vulnerabilities during life cycle need to be addressed. This bullet needs to be rewritten to make the context larger.

  • Page 8:
    Bullet 1: This bullet sounds like an "absolute". Should be rewritten to change wording to "shall minimize".
    *Add a bullet about transparency and documentation.

  • Page 9:
    Small changes

  • Document Overview: Some organization would be helpful. Is this comprehensive enough? Steve welcomes comments offline.

  • Transparency and documentation not covered - voter confidence is a part of transparency.

  • Question: If voter system uses Cox product are we going to deal with compliance issues? The answer is yes.

  • This is a good starting point for a white paper that needs to be done to address these bullets in more detail. Ron will work on draft. Steve would like comments by next Wednesday, August 30, 2006, including next steps.

Meeting adjourned at 11:45 a.m.

Next teleconference, Thursday, September 7 at 10:30.

Teleconferences from 2004, 2005, 2006 and upcoming in 2006.

 

***************

Link to NIST HAVA Page

Last updated: July 25, 2007
Point of Contact

Privacy policy / security notice / accessibility statement
Disclaimer / FOIA
NIST is an agency of the U.S. Commerce Department