Voting Machines: Will the New Standards and Guidelines Help Prevent Future Problems?

Introduction

Chairmen Ehlers and Boehlert, Ranking Members Millender-McDonald and Gordon, and members of the committees, thank you for the opportunity to testify today on “The Status of Voluntary Voting System Guidelines.” I am William Jeffrey, Director of the National Institute of Standards and Technology (NIST), part of the Technology Administration of the Department of Commerce. I am pleased to be offered the opportunity to add to this discussion regarding standards development for voting systems.

I will focus my testimony on NIST’s role in meeting the requirements of the Help America Vote Act of 2002, specifically in providing technical expertise towards the development of voluntary guidelines for voting systems and providing assistance to the Election Assistance Commission (EAC) with respect to voting system testing laboratories. I will discuss NIST’s role in producing the Voluntary Voting System Guidelines (VVSG) of 2005 and then discuss our current and future work, which is to produce a next iteration of the VVSG that is more precise and testable and to produce associated test suites for this redesigned VVSG. Lastly, I will discuss the status of our work in assessing potential voting system testing laboratories and recommending them to the EAC for accreditation.

HAVA

I will begin by giving a brief review of the Help America Vote Act (HAVA) of 2002 with respect to NIST’s role. HAVA provided for the creation of the Technical Guidelines Development Committee (TGDC) and mandated that the TGDC provide its first set of recommendations to the Election Assistance Commission (EAC) not later than 9 months after all of its members have been appointed.

HAVA assigned three major items to NIST. First, NIST was tasked with the development of a report to assess the areas of human factors research, which could be applied to voting products and systems design to ensure the usability and accuracy of voting products and systems. Second, NIST was tasked with chairing and providing technical support to the TGDC, in areas including (a) the security of computers, computer networks, and computer data storage used in voting systems, (b) methods to detect and prevent fraud, (c) the protection of voter privacy, and (d) the role of human factors in the design and application of voting systems, including assistive technologies for individuals with disabilities and varying levels of literacy. Third, NIST is to conduct an evaluation of independent, non-Federal laboratories and to submit to the EAC a list of those laboratories that NIST proposes to be accredited to carry out the testing.

The first major item assigned by HAVA was the production of a human factors report. This report, titled “Improving the Usability and Accessibility of Voting Systems and Products,” was completed by NIST in January 2004. It assesses human factors issues related to the process of a voter casting a ballot as he or she intends. The report recommends developing a set of performance-based usability standards for voting systems. Performance-based standards address results rather than equipment design. Such standards would leave voting machine vendors free to develop a variety of innovative products and not be limited by current or older technologies. The EAC delivered this report to Congress on April 30, 2004.

Second, HAVA assigned NIST to provide technical support to the TGDC in the development of voluntary voting system guidelines. The TGDC provides technical direction to NIST in the form of TGDC resolutions, and it reviews and approves proposed guidelines and research material written by NIST researchers. The TGDC ultimately is responsible for approving the guidelines and submitting them to the EAC.

These voluntary guidelines contain requirements for vendors when developing voting systems and for laboratories when testing whether the systems conform to, or meet, the requirements of the guidelines. Voluntary standards or guidelines are common in industry. Voluntary standards encourage the adoption of requirements and procedures without the enforcement of regulation or law. The marketplace—in this case, the states and the public—provides the impetus for software developers to implement and conform to the standard.

2005 VVSG

I will now discuss NIST’s role in producing the 2005 VVSG for the EAC. HAVA mandated that the first set of recommendations be written and delivered to the EAC nine months after the final creation of the TGDC. To meet this very aggressive schedule, the TGDC organized into 3 subcommittees addressing the following areas of voting standards: core requirements and testing, human factors and privacy, and security and transparency. Over nine months, NIST and the TGDC conducted workshops, meetings, and numerous teleconferences to gather input, pass resolutions, and review and approve NIST-authored material. This was done in a fully transparent process, with meetings conducted in public and draft materials available over the web. The resulting document, now known as the VVSG 2005, was delivered on schedule to the EAC in May 2005.

The VVSG 2005 built upon the strengths of the previous Voting Systems Standards and enhanced areas needing improvement and added new material. The new material adds more formalism and precision to the requirements using constructs and language commonly used in rigorous, well-specified standards. This includes rules for determining conformance to the standard and a glossary for clarifying terms, which is very important when one considers that each voting jurisdiction may define terms differently.

The new material focuses primarily on usability, accessibility, and security. The usability section includes requirements on voting system controls, displays, font sizes, lighting, and response times. It also requires voting systems to alert voters who make errors such as overvoting so as to reduce the overall number of spoiled ballots. The accessibility section is greatly expanded from the previous material and includes requirements for

voters with limited vision and other disabilities. It also addresses the privacy of voters who require assistive technology or alternative languages on ballots.

The new section on security includes the first Federal standard for Voter Verified Paper Audit Trails (VVPAT). As you know, many states require that their voting systems include a voter verified paper trail. The VVSG takes no position regarding the implementation of VVPAT and neither requires nor endorses them. If states choose to implement VVPAT, the VVSG’s requirements help to ensure that their VVPAT systems are usable, accessible, reliable and secure, and that the paper record is useful to election officials for audits of voting equipment.

The new security section also contains requirements for addressing how voting system software is to be distributed. This will help to ensure that states and localities receive the tested and certified voting system. Moreover, the section also includes requirements for validating the voting system setup. This will enable inspection of the voting system software after it has been loaded onto the voting system—again to ensure that the software running on the voting system is indeed the tested and certified software. Lastly, there are requirements governing how wireless communications are to be secured. The TGDC concluded that, for now, the use of wireless technology introduces severe risk and should be approached with extreme caution. Wireless communications are currently permitted in the VVSG if security measures and contingency procedures are in effect.

The TGDC-approved version of the VVSG 2005 was sent to the EAC in May 2005. Following that, the EAC conducted a 90-day public review and received thousands of comments; NIST provided technical assistance to the EAC in addressing these comments. The EAC published its version of the VVSG on December 13, 2005. This version included changes to the TGDC-approved version, reflecting the EAC’s additional review.

2007 VVSG

Immediately after completing its work on the VVSG 2005, NIST and the TGDC began work on what is now called the VVSG 2007, currently planned for delivery to the EAC in July 2007.

The VVSG 2007 builds upon the VVSG 2005 but takes a fresh look at many of the requirements. It will be a larger, more comprehensive standard, with more thorough treatments of security areas and requirements for equipment integrity and reliability. The TGDC will consider updated requirements for accessibility and requirements for usability based on performance benchmarks. They will also consider updated requirements for documentation and data to be provided to testing labs, and for testing laboratory reports on voting equipment. The requirements will be structured so as to improve their clarity to vendors and their testability by testing labs.

The VVSG 2005 included a discussion of voting systems with Independent Verification (IV). IV means that the voting systems produce a second record of votes for ballot record accuracy and integrity. For VVSG 2007, the TGDC will update this discussion for consideration as new requirements. The TGDC will also consider a number of updated requirements dealing with voting equipment integrity and reliability.

NIST is aware that, in addition to the VVSG 2007, an open test suite needs to be developed so that the requirements in the VVSG 2007 can be tested uniformly and consistently by all of the testing labs. The development of a test suite is a major undertaking and once complete, will add significantly to the trust and confidence that voting systems are not only being tested correctly, but are robust, secure and work correctly. Test suite development is planned to begin in fiscal year 2007.

Laboratory Accreditation

I will conclude my remarks with the status of NIST’s third major item under HAVA, laboratory accreditation. NIST has been directed to recommend testing laboratories to the EAC for accreditation. In order to accomplish this, NIST is utilizing its National Voluntary Laboratory Accreditation Program (NVLAP). NVLAP is a well-established laboratory accreditation program that is recognized both nationally and internationally.

Simply stated, laboratory accreditation is formal recognition that a laboratory is competent to carry out specific tests. Expert technical assessors conduct a thorough evaluation of all aspects of laboratory operation using recognized criteria and procedures. General criteria are based on the international standard ISO/IEC 17025, General Requirements for the Competence of Testing and Calibration Laboratories, which is used for evaluating laboratories throughout the world. Laboratory accreditation bodies use this standard specifically to assess factors relevant to a laboratory’s ability to produce precise, accurate test data, including the technical competency of staff, validity and appropriateness of test methods, testing and quality assurance of test and calibration data.

Laboratories seeking accreditation to test voting system hardware and software are required to meet the ISO/IEC 17025 criteria and to demonstrate technical competence in testing voting systems. To ensure continued compliance, all NVLAP-accredited voting system testing laboratories will undergo periodic assessments to evaluate their ongoing compliance with specific accreditation criteria.

NVLAP has received applications thus far from five laboratories. We are conducting on-site visits and examining their qualifications to test voting systems and be granted NVLAP accreditation. NVLAP is working to submit the qualified labs from the five applications to the EAC for accreditation in early 2007.

Conclusion

NIST is pleased to be working on this matter of national importance with our EAC and TGDC partners. NIST has a long history of writing voluntary standards and guidelines and developing test suites to help ensure compliance to these standards and guidelines. NIST is using its expertise to work with our partners to produce precise, testable voting system guidelines and tests that will reduce voting system errors and increase voter confidence, usability, and accessibility.

Thank you for the opportunity to testify. I would be happy to answer any questions the Committee might have.