Technical
Guidelines Development Committee (TGDC) Draft Agenda
Attendees: Allan Eustis, Barbara Guttman, Bill Burr, David Wagner, John Kelsey, John Wack, Nelson Hastings, Paul Miller, Ron Rivest, Sharon Laskowski Administrative Updates (Allan Eustis):
Audit of Electronic Records and VVPR (John Kelsey): This draft
chapter (prepared by John Kelsey) was distributed several days before
the meeting for feedback. At the meeting, John went over major items
where he would like comments: The first
part of the document covers general security requirements that a paper
record has to contain, what it has to do, and how it is to be processed.
The first section applies to ALL voter verifiable paper records. (General
requirements apply to machine marked and human marked ballots, specific
requirements probably only impact machine marked.) General requirement
is that paper records must contain enough information so that there
is no ambiguity in how to interpret the record when performing an audit.
The high level requirements may not be testable, and so a layer of sub-requirements
may be necessary. John had
a question regarding his requirement on the durability of paper. This
should be removed (per John Wack) as it is covered by the core requirements
chapter. Other
general requirements are covered in specific requirements. For example,
machine readable encoding - requirements cover must be included and
optional inclusions. The requirement
regarding public format was discussed - should all non-human readable
text be in a public format. This requirement brought up the issue of
the use of barcodes. John Wack suggested two options: either not allow
barcodes or if allowed, add requirements to more publicly document protocol
and publish warnings. Concern was shared over having the same information
on a ballot in two different formats. Also, should there be anything
on the ballot that in non-human readable? Some felt there was no security
benefit from adding barcodes - barcodes add no benefit when conducting
a recount unless there is something wrong with your voting system. Paul
Miller discussed the Holt bill and felt that barcodes would accomplish
the requirement in that bill about accessibility when verifying records.
Barbara Guttman reminded the group that barcodes have been discussed
in the past and that STS had agreed to allow them with certain requirements.
This will be discussed again at the next STS telecom call. Next,
VVPAT requirements: Some of these requirements will need to be moved
or deleted, such as the supply requirements. There is a lot of stuff
on error handling. John requested comments about anything that was missing.
Are there common errors that leave a voter in a stage where the election
official is not sure if they should vote again or not? Also, if you
want to correct a vote, can a voter go back or does it need election
official intervention? (Wasn't sure how to address these due to state
requirements, comments welcome from state election officials.) The voter
needs to see whether a vote was accepted or rejected right away - what
happens to the paper record if a vote is rejected? Requirements also
cover operation requirements, covering the ease of record comparison
(easy to look at electronic record on screen and read paper record simultaneously).
John requested that group look at what he has for requirements about
what needs to be printed on the record and give comments. Ron Rivest
brought up the problem with transporting ballots for individuals with
dexterity problems and the privacy issue associated with that issue.
John needs to think about that and get back. Read back
requirements are going to be handled by the HFP subcommittee so that
will be removed from John Kelsey's document. Privacy
requirements: John would like comments. These are technical requirements,
not procedural requirements. John Kelsey will look at how to handle
provisional ballots. Precinct
count optical scan systems: The requirement was written so that machines
were able to batch records in groups of 50 or more if states requested
it. This is for unit of auditability. Cut sheets
for DREs. There is a requirement that says you cannot split ballots
across sheets. Feedback requested. Meeting
adjourned at 12:45 p.m. [* Pursuant to the Help America Vote Act of 2002, the TGDC is charged with directing NIST in performing voting systems research so that the TGDC can fulfill its role of recommending technical standards for voting equipment to the EAC. This teleconference served the purposes of the STS subcommittee of the TGDC to direct NIST staff and coordinate voting-related research relevant to the VVSG 2007. Discussions on this telecon are preliminary and do not necessarily reflect the views of NIST or the TGDC.]
Teleconferences from 2004, 2005, 2006 and upcoming in 2006. ************* Link
to NIST HAVA Page Last updated: July 25, 2007 Privacy
policy / security notice / accessibility statement
|