1
UNITED STATES ELECTION ASSISTANCE
COMMISSION
PUBLIC MEETING
-------------------------------------------------
TUESDAY, AUGUST 23, 2005 -
10:00 A.M.
-------------------------------------------------
THE ADAM'S MARK HOTEL
DENVER, COLORADO
2
1 CHAIR HILLMAN: Good morning.
This
2
meeting of the Untied States Election Assistance
3
Commission will come to order. If
I could ask
4
everyone to please make sure your cell phone and
5
all other electronic devices are turned off or
6
silent, so as not to disturb the proceedings of
7
this meeting. And if you would
stand and join me
8
in the Pledge of Allegiance.
9 ALL: I pledge allegiance to the flag of
10
the United States of America, and to the Republic,
11
for which it stands, one Nation under God,
12
indivisible, with liberty and justice for all.
13 CHAIR HILLMAN: If we could have the roll
14
call, please?
15 MS. THOMPSON: Thank you, Madame Chair.
16
Commissioners, please respond by saying present or
17
here after I call your name.
Gracia Hillman,
18
Chair?
19 CHAIR HILLMAN: Here.
20 MS. THOMPSON: Paul DeGregorio, Vice-
21
Chairman?
22 MR. DEGREGORIO: Here.
23 MS. THOMPSON: Ray Martinez,
24
Commissioner?
25 MR. MARTINEZ: Here.
3
1 MS. THOMPSON: Donetta Davidson,
2
Commissioner?
3 MS. DAVIDSON: Here.
4 MS. THOMPSON: Madame Chair, that is four
5
members present, and a quorum.
6 CHAIR HILLMAN: Thank you.
We have
7
before us the agenda for today's meeting. Are
8
there any adjustments or amendments to the agenda.
9
If not, it would be appropriate to adopt the
10
agenda.
11 MR. DEGREGORIO: So moved.
12 MR. MARTINEZ: Second.
13 CHAIR HILLMAN: Okay, all in favor.
14 MR. DEGREGORIO: I.
15 MR. MARTINEZ: I
16
MS. DAVIDSON: I.
17 CHAIR HILLMAN: Thanks.
Correction and
18
approval of minutes for July 28.
We have those in
19
our binder; are there any corrections?
20 MR. DEGREGORIO: Move adoption of the
21
minutes, Madame Chair.
22 MR. MARTINEZ: Second.
23 CHAIR HILLMAN: Okay, all in favor of
24
adoption of the minutes, say I.
25 MR. DEGREGORIO: I.
4
1 MR. MARTINEZ: I.
2 MS. DAVIDSON: I.
3 CHAIR HILLMAN: Okay, thank you. So now
4
we move to the report section, and we have two
5
reports this morning. One is an
update on the
6
Title II Requirements payments to the states. And
7
the second will be an update on public comments
8
received regarding the voluntary voting system
9
guidelines. Commissioner - - I
think,
10
Vice-Chairman, do you have a report --
11 MR. DEGREGORIO: Thank you --
12 CHAIR HILLMAN: -- on the requirements;
13
I'm sorry.
14 MR. DEGREGORIO: -- Madame Chair, and
15
fellow Commissioners, and Commissioner Davidson.
16 MS. DAVIDSON: Thank you.
17 MR. DEGREGORIO: Welcome.
I know this is
18
your first meeting.
19 CHAIR HILLMAN: Thank you.
Excuse me. I
20
just took it for granted. I'm so
sorry. This is
21
such an exciting time that I just didn't -- we've
22
already talked, you know, organized.
This is the
23
first meeting of the United States Election
24
Assistance Commission that former Secretary of
25
State, now Commissioner Donetta Davidson is joining
5
1
us, and welcome.
2 MS. DAVIDSON: Thank you.
3 CHAIR HILLMAN: And it is so fortuitous
4
that we happen to be holding this meeting here. I
5
know people won't believe it, but it just really
6
was sort of coincidental. But it
all worked out
7
very nicely and we're so pleased to be here.
8 MS. DAVIDSON: Thank you, and welcome to
9
Colorado.
10 CHAIR HILLMAN: Thank you.
Okay.
11 MR. DEGREGORIO: Thank you.
12 CHAIR HILLMAN: Mr. Vice-Chairman?
13 MR. DEGREGORIO: Thank you.
You know I
14
met Donetta -- Commissioner Davidson, I guess I
15
should call her now since she's a fellow
16 Commissioner, four years ago in this room,
and she
17
was welcoming the folks from my [indiscernible] who
18
were meeting here in Denver at the same hotel. And
19
I think you gave them a taste of the west, a taste
20
of Colorado, and I hope that you're bringing that
21
back to Washington, because we know that westerners
22
always have a lot to bring, and perhaps you wear
23
one of those western hats that I saw you in, I
24
think, at the [indiscernible].
25 MS. DAVIDSON: We are unique.
6
1 MR. DEGREGORIO: Madame Chair, let me
2
give you a report on our requirements payments.
3
You know, we do this every month, and we get it at
4
our last meeting on July 7. I'm
here to report
5
that we haven't made anymore payments since that
6
time. We have distributed $2.3
billion though, of
7
course, since July 9 of 2004. And
we have $76
8
million left to distribute. And there's four states
9
or territories that haven't received any of there
10
2004 requirements payments, that's Delaware, Guam,
11
Montana, and Oregon. In addition
to that, the
12
State of Michigan has received a partial payment
13
because they previously received the requirements
14
payments from a partial payment that they made to a
15
partial match that they made in early of this year.
16
Just to briefly -- Delaware needs to file a state
17
plan to address the 2004 funds.
Hawaii has
18
recently appropriated a five percent match, and we
19
expect them to apply and certify for the 2004 funds
20
very shortly. Michigan plans to
submit a
21
certification for the additional payments very
22 shortly. Montana delivered its state plan to us,
23
and it has to go to the federal register for
24
publication. Once the 30 day
comment period is
25
over, we fully expect to receive their
7
1
certification for their 2004 funds.
And the State
2
of Oregon recently appropriated its five percent
3
match, and will label certified for its 2004 funds
4
shortly. So, Madame Chair, the
bottom line is that
5
we fully expect, if not by the end of the fiscal
6
year on September 30, shortly thereafter, to have
7
distributed the $76 million that's left from our
8
requirements payments.
9 CHAIR HILLMAN: Thank you.
Are there
10
questions on the report, Commissioner Martinez?
11
No? Okay. Thank you so much. The next report is
12
Carol Paquette. Ms. Paquette, oh
there she is;
13
thank you. We'll receive an update on the public
14
comments that the EAC has received regarding the
15
voluntary voting system guidelines.
Just as a
16
reminder, the guidelines went out for public
17
comments at the end of June, and so we are about
18
seven -- probably seven weeks into that cycle, and
19
they'll be out for comment until the end of
20 September.
Ms. Paquette?
21 MS. PAQUETTE: Thank you, Madame Chair.
22
Just to very briefly summarize the comments that we
23
have received. We currently, as
of about 3:00
24
yesterday afternoon, have 141 comments submitted.
25
Many of these comments are very concise, single
8
1
comments, to a single requirement in the guidelines
2
document. Several commenters have
provided us
3
documents with comments, and we are in the process
4
of going through those documents and extracting all
5
the various comments and allocating them to the
6
appropriate places in the guidelines.
About half
7
of the comments we've received by e-mail and about
8
half have been submitted to our website.
In
9
general, about half of the comments received --
10
half of the commenters have made observations
11
specifically related to the guidelines. The
12
remainder are very general observations, to the
13
effect that the EAC should make paper audit trails
14
mandatory, or general observations that the
15
election process in the United States needs to be
16
improved, but no specific attribution to the places
17
in the guidelines document that might be modified.
18
Of those comments that deal specifically with the
19
guidelines, the largest number we have received so
20
far, which is 16, is on security, and we have about
21
14 that deal with accessibility comments. As the
22
Chair noted, we have about another five or six
23
weeks of commenting time until September 30, which
24
is when the public comment period closes. We
25
expect to receive many more comments in this final
9
1
month and we will be giving future reports on what
2
those are. I would note that all
the comments are
3
being posted to our website. Even
those that have
4
been received by e-mail are being entered into the
5
database that is under the EAC website under
6
voluntary voting system guidelines, so that anyone
7
can log into that website and review the comments
8
that are being provided themselves.
We will also
9
accept comments and observations on comments,
10
should anyone be so inclined to do that.
Madame
11
Chair, that concludes my report; are there any
12
questions?
13 CHAIR HILLMAN: Okay, Commissioners?
14 MR. DEGREGORIO: Carol, if you can just
15
repeat the exact closing date of public comments
16
for the benefit of the audience here, but also I
17
think we're live on our webcast.
We do have a date
18
for the final -- the final date to submit the
19
public comments, in other words.
20 MS. PAQUETTE: Yes, the final date for
21
submission of public comments is September 30.
22 MR. DEGREGORIO: Okay, thank you.
23 MS. PAQUETTE: Sure.
24 MR. MARTINEZ: A quick question, Carol,
25
these 141 comments, they are pertinent to the
10
1
document that we published in the Federal Register.
2
Is that correct?
3 MS. PAQUETTE: Well, as I indicated,
4
about half of those are directly referencing the
5
guidelines.
6 MR. MARTINEZ: I understand.
7 MS. PAQUETTE: The other half are more
8
general in nature.
9 MR. MARTINEZ: My point is -- as I
10
understand it that NIST [phonetic] received
11
comments after they published their final document?
12 MS. PAQUETTE: That is correct.
13 MR. MARTINEZ: And we'll receive those
14
comments also, the people who make comments to
15
NIST, on the document, prior to --
16 MS. PAQUETTE: Yes, we have received
17
those comments from NIST, and as you are aware, we
18
have a contract with Kennesaw State University that
19
is --
20 MR. MARTINEZ: Right.
21 MS. PAQUETTE: -- assisting us in
22
managing and doing the data entry, and so on with
23
these comments, and they will be adding those
24
comments to the one that have been submitted by the
25
public and not processed.
11
1 MR. MARTINEZ: Thank you.
2 CHAIR HILLMAN: Commissioner Davidson,
3
any questions?
4 MS. DAVIDSON: No questions.
5 CHAIR HILLMAN: Okay, thank you very
6
much.
7 MS. PAQUETTE: Thank you.
8 CHAIR HILLMAN: I appreciate the report.
9
This afternoon at the public hearing, we will be
10
receiving testimony from individuals about the
11
guidelines. And so -- and we
include those
12
comments that are submitted in writing as a part of
13
the total comments that we receive on the voluntary
14
voting system guidelines. The
next section of our
15
meeting will be presentations about voting systems
16
certifications and laboratory accreditation
17
processes. Under the Help America
Vote Act, the
18
Election Assistance Commission has been assigned
19
significant responsibility to accredit
20
laboratories, as well as to certify voting systems
21
against the guidelines. And we
have with us this
22
morning three people who will make presentations,
23
and I believe we will be receiving a recommendation
24
from the EAC Staff, with respect to next steps in
25
this process. Up to this point,
the National
12
1
Association of State Election Directors has been
2
assuming the responsibility for certification on a
3
voluntary basis, and so we are in the process of a
4
transition, and I believe the presentations and the
5
recommendation will address and cover important
6
aspects of the transition process.
So if we could
7
ask Stephen Berger from TEM Consulting, and Chair
8
of the IEEE Standard Coordinating Committee 38, and
9
you can explain what all that is, for the record.
10
Art Wall, with TEM Consulting, and he is retired
11
Deputy Chief of Federal Communications Commission
12
Laboratory Division -- that's the US Federal
13
Communications Commissions. And
Brian Hancock, who
14
is Election Research Specialist for the EAC.
15 Please. We have a good amount of time, an hour or
16
so, to be able to get through the presentation,
17
including questions for the Commissioners, so I'm
18
guessing your presentations are what, about seven
19
or ten minutes each, or thereabouts, but feel free
20
to take your time because you will be talking about
21
a lot of technical terms, and I don't want us to
22
rush through this, especially since we will be
23
receiving a recommendation for action at the end of
24
the presentations. So, Mr.
Berger, I believe you
25
are first. And for the record, if
you could please
13
1
just explain what the IEEE stands for, number one,
2
and what the function of the Standard Coordinating
3
Committee 38 is.
4 MR. BERGER: Thank you, Madame Chair,
5
Commissioners, I appreciate very much the
6
opportunity to be here and present these thoughts.
7
The IEEE is the Institute for Electrical and
8
Electronic Engineers. It is the largest
technical
9
professional organization in the world.
We operate
10
under the IEEE Standards Association to establish
11
technical standards in a variety of fields related
12
to our discipline. Currently, I believe we have
13
about 800 published standards, and a similar number
14
of active projects under development.
In those
15
efforts, what we try and accomplish is to identify
16
where the technical consensus is on any of the
17
topics that we're dealing with.
Where we have
18
topics that deal with several areas of technology,
19
we try and bring together collaborative forums,
20
where different specialists can bring their
21
expertise to bear, resulting in a standard that
22
represents the best technical understanding of the
23
combined community. Very often
what we do is
24
develop standard coordinating committees. Those
25
would be areas where none of our 36 societies
14
1
clearly have dominance. So for example, for voting
2
equipment, clearly our Computer Society,
3
Electromagnetic Compatibility Society, Reliability
4
Society, Communication Society, all have important
5
expertise and understanding to contribute, but none
6 totally take care of all of
the issues that need to
7
be brought to bear. So for the
topic of voting
8
systems and election technology, the IEEE created
9
standard coordinating committee 38.
We have seven
10
of our IEEE societies that are participating there.
11
And also we had eight additional organization that
12
wanted to contribute, notably in the areas of
13
usability and security. And so
that organization
14
is an attempt, in the IEEE standards process, to
15
allow those organizations to have easy entrance to
16
the process and contribute their expertise.
17 CHAIR HILLMAN: Thank you.
18 MR. BERGER: Okay, so if I can proceed.
19
These presentation will discuss the elements that
20
are common to conformity assessment systems, and
21
how Election Assistance Commission may implement
22
these elements in a system in for certification and
23
decertification of voting system -- voting
24
equipment. In my previous comments, talking about
25
the IEEE Standards, I was discussing the standards
15
1
and specification documents.
Those are vitally
2
important, and much of today will be contributed to
3
-- dedicated to discussing the voluntary voting
4
system guidelines. But the concerns of the EAC have
5
to go beyond the good technical document that puts
6
forth the technical specifications for voting
7
equipment, and the technical term for that is
8
conformity assessment. And that
addresses a set of
9
questions of how do we know those requirements are
10
adequately evaluated, and then embodied in
11
equipment that's delivered. Next
slide please.
12
And so certification of a product is a means of
13
providing assurance that it complies with specified
14
standrads and other normative documents.
The topic
15
for today would be the voting -- voluntary voting
16
system guidelines. And there are
number of
17
conformity assessment systems that exist, and a
18
body of international standards under the ISO,
19
International Standard Organization, that give
20
guidance on how to construct a conformity
21
assessment system. Just as an
example, ISO Guide
22
17025 gives guidance on how to assess a laboratory
23
as to its confidence, and I'll discuss some of the
24
others as we go through. Key
components of
25
conformity assessment system are, first of all,
16
1
initial type testing. A
representative system is
2
brought to an accredited laboratory and is
3
evaluated as to whether it meets the requirements.
4
After that happens, a second element is the
5
evaluation of the supplier's quality system, and
6
their change control system. So
what confidence is
7
there that the system that is brought for
8
evaluation will be sufficiently similar, within
9
manufacturing tolerance, to the system that are
10
later built and delivered to the end-users. The
11
third element is field information and feedback.
12
How do we know what actually is happening in the
13
field, and what are the communication lines that
14
will ensure that the system has an ongoing quality
15
and reaction to field experience and user
16
involvement. Will the users of
the system
17
understand their role and how to properly use the
18
system, so they get the full benefit of it. Just as
19
examples, we know that any security can be either
20 strengthened or diminished by
the way a system is
21
used, equally usability can be enhanced or
22
diminished by the way the system is set up in the
23
polling place. So that's the user
involvement
24
aspect of this. And when we talk
about the system,
25
we're really envisioning the way all the key
17
1
stakeholders cooperate. Clearly
the EAC has a
2
pivotal role in this process, equally state
3
certification authorities, as they evaluate
4
equipment for usability in the states are protocol.
5 The
testing laboratories, the vendors, through
6
state and local officials, all have vital roles.
7
In this slide, we're talking about the contrast
8
between the national program, and the state and
9
local programs. Part of our concern of the
10
national program is to evaluate that the system
11
design meets the requirements that are set forth.
12
And so there, the focus is on evaluation of a
13
system that is delivered, representative of a
14
design for a voting system. The
primary concern of
15
the state and local officials, is that the units
16
delivered meet and continue to meet the
17
requirements over their useful life.
So we look at
18
conformity assessment systems, we're really looking
19
to answer a set of very simple, common sense
20
questions, simply questions not easy to answer.
21
First, what is the minimum acceptable system? That
22
question is being answered through the BBSG, and
23
that will set forth specific requirements, the
24
number of technical areas, as to what the minimum
25
acceptable system for the US is. Beyond that, tests
18
1
are provided in the document so that the valuators
2
can know how to test and demonstrate that a system
3
meets the requirements set forth.
As soon as we
4
have -- are comfortable -- we have a satisfactory
5
document, we then need to ask the questions, are
6
testing laboratories or testing personnel, and the
7
lab assessors who accredit those laboratories
8
qualified, second set of processes.
Third, will
9
the vendor deliver units within manufacturing
10 tolerance to those
tested? There needs to be a
11
satisfactory and comfortable answer that there is
12
adequate assurance that the delivered units will be
13
well represented by the units tested.
Fourth, how
14
will election officials known if non-compliant
15
units are delivered, and then what lines of
16
communication and corrective actions are available
17
to deal with non-compliance and deficiencies that
18
are identified? Fifth, will
election officials and
19
poll workers use this system as intended? Next
20
slide. So to provide answers to
those questions, a
21
set of processes is necessary.
And, let me digress
22
for a moment and talk about the international
23
standards -- there's a series of them in the ISO
24
Guidelines -- 17025 provides laboratory
25
accreditation, and in a quick summary, what that
19
1
document sets forth is a guidance on how to assess
2
that a lab first has the technical specialized
3
knowledge to do an adequate evaluation in the area
4
that its addressing. Secondly,
that it has the
5
managerial and quality processes in place to assure
6
that the same evaluation will be done for every
7
system that is brought to that lab for evaluation,
8
or to other labs that are working on the same
9
topic. 17011 is a document that
particularly has
10
relevance to the EAC in this, in their roles as
11
accrediting bodies. And it
provides guidance on
12
the topics that should be addressed by the
13
accrediting bodies, in their roles of accrediting
14
laboratories, certifying systems, or examiners. A
15
third document, 17024, gives guidance on value --
16
on personnel certification. That
basically deals
17
with the topic of assuring that personnel have the
18
adequate skills, knowledge, and experience to
19
perform adequately in their specified roles. So
20
now looking at the processes that we have, there
21
are technical reviewers, and they'll be a slide at
22
the end in which we lay out the flowchart, but the
23
concept is that the EAC will make available to
24
itself a set of technical experts who will be able
25
to receive test plans and test reports, review
20
1
them, and give recommendation on whether a system
2
adequately has been evaluated and then it meets
3
their requirements set forth.
Product evaluations
4
will be performed by accredited labs that will
5
first deliver a test plan to be reviewed and
6
approved, and then provide testing, perhaps at
7
times witness testing, by the test reviewers. Next
8
slide, please. Vendors will be
registered, and at
9
the registration process will include their
10
delivering information on what their configuration
11
control and quality systems are.
User involvement
12
is important to communicate to election officials
13
and others, give feedback on the guidelines, which
14
is -- will be happening this afternoon.
Also,
15
giving feedback to vendors and voting system test
16
laboratories to assure that ongoing quality is part
17
of the process. There are
processes being
18
recommended for interpretations, petitions,
19
appeals, and complaints, so that good ideas can be
20
brought forth and deficiencies can be identified
21
and dealt with. We field
information and feedback
22
processes. Next slide,
please. Product evaluation
23
is being dealt with in -- the concept is that a
24
vendor will develop a candidate system, select one
25
of a list of accredited labs, bring that system to
21
1
the lab, and explain its function.
The lab will
2
then develop a specialized test plan for that
3
system. That test plan will be
delivered to the
4
EAC for review and approval, and then the lab will
5
be free to go ahead on this test.
Actually, I
6
think we went backward there. So here's the process
7
in overview. The candidate system
gets brought to
8
a set of accredited labs. The
labs first develop a
9
test plan, deliver that to the EAC.
Once it's
10
approved they do the tests, send over a test
11
report, and the EAC, with the assistance of a test
12
review team, will look over those documents. And
13
when it's satisfied that a product meets the
14
requirements, three things need to happen. First,
15
clearly the system will be certified by the
16
Commissioners. And at that point,
the vendor needs
17
to put that system under its quality and
18
configuration control process, to ensure that the
19
system tested will be in tolerance to the systems
20
delivered from that point forward.
Then it's very
21
important that an adequate and a technically
22
detailed description of the system be prepared and
23
delivered to state and local officials so that when
24
they are evaluating systems for state acceptance
25
and local incoming receiving inspection, they can
22
1
know that in detail with the systems they're
2
looking at are the same as the system that was
3
originally evaluated at the federal level.
4
Software will be deposited in the software records
5
library at M.I.S.T. and hash codes and other
6
metrics will be delivered, so that with high
7
confidence, the software can be certified to be the
8
same without change, in this systems evaluation,
9
state, and local level, and on each system as it's
10
brought in initially for receiving, and then before
11
each election it can be documented that the
12
software is uncahnged from what was evaluated.
13
Following those evaluations, the system is
14
delivered for deployment and use.
Next slide,
15
please. That assumes that a lot
of lines of
16
communication are established and developed.
17
Clearly vendors need to be communicating ongoing
18
with the Commission, with state and local
19
officials, and with those who perform incoming
20
receiving. No product remains
unchanged for long,
21
particularly with ongoing part changes, responses
22
to field experience, and other things.
And so that
23
communication also envisions the vendor notifying
24
officials of changes that they proposed, and then
25
appropriate evaluations being done to upgrade
23
1
systems certifications. And of
course, ongoing
2
communication with technical reviewers, NIST, and
3
the National Voluntary Laboratory Accreditation
4
Program, and the software reference library, and
5
the citizens. When a system is
well constructed
6
and these processes are detailed out, as they are
7
being recommended today, we believe that what is
8
delivered will be satisfactory answers to the
9
Commission and to the nation as a whole -- that
10
minimum acceptable standards have been developed,
11
that competent laboratories have been identified,
12
evaluated, and in place to review some candidate
13
systems, that the vendors will be good partners and
14
control deliver units with a manufacturing
15
tolerance to those that are evaluated.
That
16
election officials will have the tools at their
17
disposal to know that if non-compliant systems,
18
either in hardware or software are either initially
19
delivered or, before elections, brought forth, that
20
they can document that the systems before each
21
election are the same as those that were evaluated.
22
And finally, that the election officials and
23
poll-workers will us the systems as intended. So I
24
thank you for this time and this opportunity to
25
present these thoughts.
24
1 CHAIR HILLMAN: Okay, Commissioners, if
2
it's okay, we'll wait and have questions after all
3
three have made presentations.
Mr. Wall?
4 MR. WALL: Thank you, Madame Chair and
5
Commissioners. This presentation
compares the
6
proposed EAC certification program with a similar
7
products approval program, mandated by the US
8
Federal Communications Commission.
It will show
9
that the EAC proposed system is comparable to other
10
private sector and government conformity assessment
11
systems. My testimony will
basically cover some
12
common terms, so they're not confused, some
13
standards that are internationally accepted, go
14
over some of the same issues that Steve has already
15
covered -- Mr. Berger has already covered, talk
16
about the EAC conformity assessment program, just
17 the key elements,
similarities between the EAC
18
system and the FCC system for product
19
certification. I'll talk abut the
stakeholders
20
inputs to all the systems, enforcement, and then
21
conclusion and additional thoughts.
You'll hear
22
different terms; you'll hear conformity assessment,
23
you'll hear certification, equipment approval and
24
-- certification, just to be clear, is a
25
third-party product approval system.
And
25
1
accredited laboratories are laboratories that have
2
determined to be competent to perform a specific
3
task. And they usually accredit
it by somebody, in
4
this case it'd be under the NIST NVLAP program. A
5
lot of these definitions and everything come out
6
IEC ISO Guide 17000. These are
just a short list
7
of some of the conformity assessment guides. Mr.
8
Berger has already mentioned some of them. The one
9
that -- probably one that will be used here in this
10
program is, of course, 17025, which is the program
11
for laboratory accreditation. The
creditor must
12
meet guide 58. Certification
bodies typically meet
13
17011, and there's the definitions and terms of
14
those. Again, if you look at
17000, IEC Standard
15
17000 those terms are explained in greater detail.
16
Mr. Berger has already gone over the key elements,
17
so I won't spend a lot of time on the EAC program
18
that's being proposed. But
basically you're going
19
to use accredited laboratories, there's a vendor
20
registration program, there's a test plan
21
submittal, voters systems are tested, and
22
applications filed with the EAC.
The applications
23
will be viewed by technical reviewers, and then
24
there's a quality system to ensure compliance of
25
the product that's actually marketed.
Maybe I'll
26
1
just mention very, very briefly a little bit about
2
the FCC. The FCC is an
independent regulatory
3
agency, created by the Communications Act of 1934,
4
and it's been amended a number of times, to
5
regulate radio and wire line communications in the
6
public interest. It has adopted
mandatory
7
standards to ensure --
8 CHAIR HILLMAN: Excuse me one second, Mr.
9
Wall, could you turn the mic a little bit toward
10
you so that we --
11 MR. WALL: -- it has mandatory standards
12
that was adopted over the years, and then it has
13
adopted a quality approval program, or a conformity
14
assessment program. These -- this
is called the
15
electromagnetic environment, or radio environment,
16
with all kinds of the places on the market. Now,
17
I'm not implying by this diagram that the FCC
18
regulates the lightning and ESD, but manufacturers
19
have to take into considerations when they're
20
designing a product, the electrical impact or radio
21
impact of lightning and other national phenomenons.
22
Obviously, power lines can cause interference, so
23
power companies have to take that into
24
consideration. We do regulate a
number of
25
products, such as transmittals, computers, and
27
1
other devices. We have adopted,
over the years,
2
some technical regulations or mandatory standards,
3
test methods, conformity assessment requirements,
4
and marketing requirements. Briefly, this is the
5
FCC equipment modification program.
We have more
6
than just certification requirements.
Most
7
products are subject to what it is called
8
manufacturers self-declaration [phonetic], SDOC.
9
For a few products, such as transmitters, we feel
10
there's greater potential for radio interference,
11
so we have adopted this certification program, but
12
it's only for a few products. The
certification
13
process that the FCC has adopted is just kind of
14
outlined here really briefly. The product is tested
15
to determine compliance, a report is prepared, that
16
report is sent to either the FCC or something
17
called a telecommunication certification party. It
18
has been designated -- accredited by ANSI and
19
designated by the FCC. They are
-- if you will,
20
many FCC's that have authority to certify products.
21
Their authority is very limited.
But any case, the
22
manufacturer sends the application to either the
23
FCC for approval or the ETCB. The
FCC issues a
24
grant, a label is put on a product, uses
25
instructions, and the product is marketed. A
28
1
summary of the key elements of the FCC program.
2
They are equipped with standards, and test
3
procedures as specified. The
equipment is tested
4
by an accredited laboratory. The
test report in
5
application must be submitted to the FCC or
6
designated TCB for approval. A
grant of
7
certification is issued by the FCC, and there are
8
follow-up audits and compliance, if necessary. In
9
conclusion, while there are some minor differences
10
between the proposed EAC system and the FCC
11
certification system, the major issues and
12
procedures are essentially the same.
Both systems
13
are developed in the open, with public input and
14
guidance, and both have all the essential same
15
elements. Now, some additional
thoughts, the key
16
element of the EAC certification program is the use
17
of technical reviews to review and evaluate the
18
efficiency of voting systems.
Sufficient training
19
and time should be allocated to develop eight to
20
ten technical reviewers -- basically you're using
21
contractors to do that. Meetings
of the technical
22
reviewers and the EAC staff should be held on a
23
regular basis to ensure consistency of the results.
24
The reason I'm giving you these additional thoughts
25
is in going through and developing the TCB program
29
1
for the FCC, these are the type of issues that we
2
ran into -- the constant communication between all
3
the parties is a key element of that.
To ensure
4
the voting systems are marketed -- are the same as
5
the unit tested and certified, require
6
manufacturers to have a plan in place to ensure
7
reliability and consistency of products marketed
8
based on a units test and certified.
That's the
9
quality program that Mr. Berger was talking about.
10
Have the states and technical reviewers field test
11
at least one system for each of the manufacturers
12
against the unit certified. To
help the states and
13
local municipalities, it would be helpful if the
14
EAC would call on the manufacturers to include any
15
application or series of simple test to assist the
16
end user in determining efficiency or the
17
compliance of the voting system.
The voting system
18
users should be encouraged to follow reports of the
19
EAC to -- on how the machines are functioning in
20
the field. The reports should be
taken seriously
21
and audits should be performed, if warranted. And
22
finally, actions to direct field problems can be a
23
number of different ways -- allow manufacturers to
24
correct field problems, remove manufacturers from
25 the
EAC vendor list, or issue EAC notice of
30
1
non-conformity. And these are all
tools that you
2
use, or would you develop as you move down the
3
path. Again, these are just some
personal
4
comments, and thank you for the time.
5 CHAIR HILLMAN: Okay, thank you very
6
much, Mr. Wall. Mr. Hancock, does
your
7
presentation -- if it doesn't, would it, just do a
8
review for us of where the certification process
9
has been, and where it is today, and how -- just
10
how it will move forward. I know
you're going to
11
address moving forward, but I would like for the
12
record to put it into the context of where the
13
process has been and where it is today.
14 MR. HANCOCK: I will do that; thank you,
15
Madame Chair. As you can see, the
EAC staff has
16
been working very closely with Mr. Berger and Mr.
17
Wall over the past several months to develop the
18
proposed EAC testing and certification program,
19
parallel to a very well developed and very well
20
recognized program in other government agencies.
21
We didn't just start from scratch or from somewhere
22
out there. We've worked very hard
to make sure
23
this program is similar to other well established
24
programs. Where the testing and
certification
25
program is now -- for the past 12 to 15 years, the
31
1
National Association of State Election Directors,
2
that is NASED, has been the entity in charge of the
3
testing, and currently qualification, of voting
4
systems. After the Federal Election
Commission
5
passed the first set of voluntary voting systems
6
standards in 1990, there was not an organization
7
out there -- that is, Congress did not give the FEC
8
the authority at that time, nor any other federal
9
agency, the authority to implement the standards
10
and to have voting systems tested to these
11
standards. To step in to the gap,
as it were, the
12
National Association of State Election Directors
13
which, in fact, was a very new organization at that
14
time, felt that it was not only in the best
15
interest of the company, but also in the best
16
interest of their organization to step in and
17
develop a process to use these standards to test
18
voting systems. During that
process, NASED has
19
worked with three test labs -- there's currently
20 three test labs used. These labs have been
21
accredited by NASED, by an individual that is, in
22
fact, certified by NVLAP, the National Voluntary
23
Laboratory Accreditation Program to do for them
24
accreditation of laboratories.
And it follows a
25
very, very similar program that NVLAP will be using
32
1
to accredit the EAC laboratories in the future.
2
The process currently is that a voting systems
3
vendor will contract with one of these test labs,
4
initially, it was simply hardware.
It's moved now
5
more because computers have moved to software;
6
there are software test labs as well.
The vendors
7
have their systems tested by these independent labs
8
according to the current, currently 2002 Voting
9
Systems Standards. Once that
process has been
10
completed, the test report moves from the test lab
11
to members of the NASED technical subcommittee, of
12
the voting systems board of NASED.
These folks are
13
experts, not only in election administration, but
14
also in computer science. They
review the test
15
reports to make sure that the labs have done their
16
due diligence in testing these systems, and then
17
recommend to the full voting systems board that the
18
systems be qualified. At that
point, NASED does
19
issue a qualification number to the voting system.
20
And that is where we are as of today's date.
21 CHAIR HILLMAN: Okay.
You referred to
22
NVLAP, accrediting labs for EAC.
Will you explain
23
NVLAP?
24 MR. HANCOCK: All right.
NVLAP is an arm
25
of NIST. It's an organization
under the National
33
1
Institute of Standards and Technology.
It is the
2
National Voluntary Laboratory Accreditation
3
Program, and it works to test laboratories under
4
ISO Standard 17025 that Steve and Art have talked
5
about.
6 CHAIR HILLMAN: Okay.
And just one other
7
point of clarification before you go on, what is
8
the difference between what was previously a
9
qualification and what EAC is being asked to do,
10
which I understand is certified?
11 MR. HANCOCK: Yes, Madame Chair.
12
Essentially qualify and certify can be used
13
interchangeably. The NASED
process was qualified;
14
under the Help America Vote Act, it requires the
15
EAC certify voting systems. The process is very
16
similar, however.
17 CHAIR HILLMAN: Thank you, please
18
proceed.
19 MR. HANCOCK: Okay.
Madame Chair, I will
20
now read the staff recommendation into the record,
21
and I've also submitted this document for inclusion
22
into the written record. After I
read the
23
recommendation, the three of us would be happy to
24
take any questions from the Commission.
As
25
required by Section 231 of the Help America Vote
34
1
Act of 2002, the Election Assistance Commission is
2
mandated to provide for the testing, certification,
3
decertification, and recertification of voting
4
systems. To accomplish this goal,
the Commission
5
is required to first develop a program for
6
accrediting independent, non-Federal testing
7
laboratories. These accredited
laboratories will
8
test voting systems in accordance wit applicable
9
EAC standards or guidelines. The
EAC is also
10
required to create a program and process for the
11
ultimate certification, decertification,
12
recertification of tested voting system hardware
13
and software. Consistent with
these mandates,
14
therefore, staff recommends the Commission -- A,
15
provide for interim accreditation of National
16
Association of State Election Directors accredited
17
Independent Test Authorities, or ITA's.
The EAC
18
will develop a process to temporarily accredit
19
current NASED ITS's. This
temporary EAC
20
accreditation is needed to ensure that certified
21
test laboratories are available in the near term.
22
It has been determined that the EAC will not
23
receive a recommended list of testing laboratories
24
from the National Institute of Standards and
25
Technology's National Voluntary Laboratory
35
1
Accreditation Program until approximately the
2
spring of 2007. Item B, develop
procedures for the
3
EAC accreditation of Voting System Test
4
Laboratories, as opposed to the accreditation of
5
the current ITA's. The EAC will develop procedures
6
for the accreditation of Voting System Test
7
Laboratories recommended by NIST after appropriate
8
evaluation under its NVLAP program. C, create
9
procedures for the EAC certification,
10
decertification, and recertification of voting
11
systems. These procedures shall constitute a
12
program which, one, makes use of the test results
13
provided by EAC certified Voting System Test Labs
14
or ITA's. Certified labs shall,
through the use of
15
technical data packages and test plans, test voting
16
systems to standards found in the relevant EAC
17
guidelines. Voting System Test
Labs, or ITA's
18
shall create test reports for use by the Election
19
Assistance Commission in its system certification
20
program. Two, utilize contracted
experts to assist
21
the EAC in the review of voting system technical
22
data packages, test plans, and test reports
23
forwarded by the test laboratories.
Three, provide
24
stakeholders a process for requesting
25
interpretations of voting systems standards found
36
1
in the EAC Guidelines and appealing perceived
2
adverse certification determinations.
Four,
3
provide the public access to relevant voting system
4
information to the greatest degree practical under
5
current law. And D, develop
additional procedures
6
and documents necessary to carry out this program.
7
With that, Madame Chair, we would be happy to
8
answer any questions the Commission might have.
9 CHAIR HILLMAN: Okay.
Commissioners,
10
given the time we have about ten minutes a piece
11
which would include our questions to the panelists
12
and their responses back. Mr.
Vice-Chairman?
13 MR. DEGREGORIO: Thank you, Madame Chair.
14
Thank you for your presentation, and I know this
15
has been a process that we have taken very
16
seriously, and I know that you all and folks
17
associated with you worked very hard to bring us to
18
this point. If I might ask just a
few questions.
19
Mr. Berger, in your presentation, you gave us a
20
slide that talked about this national program, this
21
one that's established by the EAC, then how there's
22
a state program -- there's a state's program for
23
certification. How is our
national program going
24
to help instruct state and local election officials
25
in the process that they use to certify election
37
1
equipment in their state?
2 MR. BERGER: Well, there's overlap and
3
difference. In the national
program, we're looking
4
at common minimum requirements for voting equipment
5
that are common for all states, and that's the
6
primary focus of that program. In
the state
7
evaluations, the officials are particularly looking
8
at the unique ways that each state conducts
9
elections and evaluating systems as to their
10
adequacy to support individual state requirements.
11
The two obviously are linked and I think, well
12
constructed, there's a certain level of overlap,
13
because deficiencies can be identified in one place
14
or another, and those sorts of things need to be
15
identified. For example,
functional problems or
16
security vulnerabilities may be identified at any
17
point in the system. And clearly,
a well
18
constructed system would provide with appropriate
19
reaction and can come about whether or not that
20
happens in the initial evaluation through the EAC
21
process, or subsequently in a state evaluation.
22 MR. DEGREGORIO: Okay.
Mr. Hancock, can
23
you give us some idea of a timetable for this
24
activity. And I recognize that we're going to be
25
hear -- getting comments on the voluntary voting
38
1
system guidelines until September 30, and then at
2
some point thereafter, perhaps, in October this
3
Commission will adopt these guidelines.
And that
4
begins a process, obviously once that is done. But
5
can you give me some -- and I know you described
6
the certification process for the laboratories.
7
You're suggesting to us that we have an interim
8
accreditation and then the longer term some time in
9
2007, after we get the NIST/NVLAP process
10
completed. What is the time frame
that you see for
11
the first equipment out there to be run through
12
this program and to certified for the EAC. Do you
13
have any estimate for a timetable for this?
14 MR. HANCOCK: Yes, Mr. Vice-Chair, I
15
think we do. We have been working
over the past
16
several months and have already established
17
procedures and documents that will be ready for
18
Commission review very shortly, for the interim
19
accreditation of the NVLAP labs
that I spoke of.
20
That will be ready, again, for Commission review,
21
probably within the next one to two weeks I think
22
that can be done. Beyond that,
sometime in
23
September, I believe we should be ready to start
24
the procedures that will bring us competent
25
technical reviewers that we spoke about that will
39
1
need to look at the test plans that come in, the
2
test reports, to help us get guidance to the
3
Commission. Beyond that, we are
looking sometime
4
toward the end of this calendar year to be able to
5 begin the full testing
program, so we would say
6
probably December sometime we would hope to have
7
the technical reviewers on board, trained, and
8
ready to go to review reports.
And hopefully those
9 currently ITA's will be ready
to do the same to the
10
guidelines.
11 MR. DEGREGORIO: I know you described the
12
current system, the current NASED certification,
13
and of course this one that is proposed.
What
14
would you say that are two to three major
15
differences or enhancements, perhaps, to this
16
process, the one we are about to embark on with the
17
EAC versus the NASED process that has been in
18
existence for, certainly, several years.
19 MR. HANCOCK: Yes, certainly to me, one
20
of the key points of the program, and probably the
21
most important that we are presenting for
22
Commission consideration is the transparency of the
23
process. I think we've all heard
and read
24
different reports that the current process does not
25
allow the public, media, other members to review
40
1
what goes on in the process, what test labs do,
2
what, you know, NASED does to a great extent. We
3
are going to provide through a program to allow as
4
much openness. We envision a
program whereby the
5
EAC would make available on its website, test
6
reports, even things like pictures of the systems
7
that were tested, other pertinent information,
8
consistent with current law. Of
course, there
9
would be certain things, proprietary information,
10
that would need to be redacted from those reports.
11
But I think the transparency by far is the key. We
12
will also have -- I just think more resources than
13
the NASED folks had to put towards all this, so the
14
program will be a little larger and hopefully done
15
consistent to more international programs that
16
NASED was not able to do.
17 MR. DEGREGORIO: Thank you.
Thank you,
18
Madame Chair.
19 CHAIR HILLMAN: Okay, Commissioner
20
Martinez?
21 MR. MARTINEZ: Thank you, Madame Chair.
22
And my thanks to all of your for your time and your
23
expertise to this particular issue.
Mr. Hancock,
24
and I'm sorry if I'm having you repeat something
25
you might have said during your presentation. How
41
1
many states currently participate or require a
2
national certification of their voting systems
3
before a vendor can actually market that system in
4
their jurisdiction?
5 MR. HANCOCK: Right now about 40 states
6
require a use of the current voluntary voting
7
system standards.
8 MR. MARTINEZ: And I know that you've
9
been doing this for even longer than the history of
10
the EAC because you came over to us from the FCC,
11
and you even in that capacity were participating
12
with helping to coordinate the certification
13
process through NASED. Is there
any indication
14
from you, in just talking to your colleagues and
15
others, that do this that some of the states that
16
do not participate may have some interest so that
17
we can increase the number 40 up to as much to full
18
participation as possible.
19 MR. HANCOCK: I think so, at least some
20
indication has been out there.
There are a few
21
states that actually had problems in the last
22
federal election that did not use the current
23
voluntary voting system standards that I think now
24
see some of the reasons for using that program and
25
some of the benefits it can bring to the states.
42
1
So I would say yes, I'm looking for several more
2
states, at least, to adopt the standards and new
3
guidelines.
4 MR. MARTINEZ: Mr. Berger, one of the
5
things that is somewhat intriguing to me is this
6
whole -- this term used and called decertification.
7
And perhaps, Mr. Hancock, you can jump in here, is
8
there any precedent for the decertification of a
9
voting system in this county?
10 MR. BERGER: Brian, do you want to take
11
that question?
12 MR. HANCOCK: Sure, as far as I'm aware,
13
the current NASED process has never decertified a
14
voting system. What happens more
than likely if a
15
defect is found during the current testing process,
16
that machine never gets out into the public or is
17
able to be purchased by election officials. It is
18
sent back to the vendor to make whatever changes
19
are necessary, and then is put back into the
20
testing process to make sure those changes have
21
been made.
22 MR. MARTINEZ: So in this framework that
23
you are envisioning that we are trying to wrap our
24
arms around, from the EAC prospective, is there a
25
protocol? Is there something that would give us
43
1
something to cling to when we're contemplating the
2
possibility of decertification of a voting system.
3
Mr. Berger, any thoughts about that?
4 MR. BERGER: No.
5 MR. MARTINEZ: Or Mr. Wall, please jump
6
in.
7 MR. BERGER: I would say that
8
decertification should be seen as a single tool in
9
a list of remedies available to the Commission.
10
Clearly we want to construct the system so that
11
systems don't gain certification unless they have
12
full compliance. Clearly we want to arm the
13
receiving election officials with whatever they
14
need so that they can make sure they don't receive
15
equipment that is not well represented by the
16
equipment that was certified, you know, same design
17
within a reasonable manufacturing tolerance. We
18
equally want to make sure that before each election
19
there are careful checks available on both hardware
20
and software so that equipment that is actually
21
placed in service is the same as what was
22
evaluated. Hopefully, most of the
action is to
23
remedy deficiencies identified at those places, and
24
so the equipment simply never gets into the system.
25
But nevertheless, in every conformity assessment
44
1
system, they are processes by which decertification
2
can come about, typically if those other kinds of
3
actions and work with vendors fails to produce a
4
desired result.
5 MR. MARTINEZ: Is there precedent then
6
Mr. Wall from the FCC perspective?
7 MR. WALL: Yes, I was just going to add a
8
little bit to that.
9 MR. MARTINEZ: Certainly.
10 MR. WALL:
You have a list of remedies
11
typically available to you. And
usually chose the
12
simplest one. In my over 30 years
with the
13
equipment authorization program at the FCC, only
14
one time that I can recall did we revoke the
15
granted certification. That's the term that the FCC
16
used, decertify or whatever you want to call it.
17
It had to go before the Commission.
It's a very
18 lengthy process, and it
typically is the last
19
resort that you want to use. What you typically do
20
-- what we've done mostly is work with the
21
manufacturer -- first we identified the problem,
22 let
them try to correct the problem; in some cases
23
they have to go and retro-fix some of their
24
machines out there. Another last
resort is we had
25
authority to issue fine and we could do that, and
45
1
we've done that on several occasions -- in some
2
cases as much as a quarter of a million dollars.
3
But, the biggest thing for manufacturers is the
4
publicity. They do not want bad
publicity, so
5
that's another remedy. And that
was the reason for
6
some of the remarks at the end of my presentation.
7 MR. MARTINEZ: Got it.
8 MR. HANCOCK: And Commissioner, if I just
9
may add just a little bit to that.
10 MR. MARTINEZ: Sure.
11 MR. HANCOCK: I do think we've been
12
contemplating the decertification as a remedy of
13
last resort for the EAC, as well, because we not
14
only have to consider the ramifications to the
15
vendors and manufacturers, but more importantly, I
16
think, to the voters and election officials in this
17
country that may have those systems deployed and
18
are ready to use them for an election, so we do
19
have to think very carefully if that does happen.
20 MR. MARTINEZ: Sure, I think that is a
21
good point. Mr. Berger, if I
could go back to you.
22
Walk me through the different documents that are
23
produced in the certification -- in the proposed
24
certification process. The test
plan is the first
25
thing that is produced. The ITA
or there's a
46
1
different acronym that we're going to use, the --
2 MR. BERGER: Yes.
3 MR. MARTINEZ: -- that's the entity that
4
produces the test plan once a vendor contacts an
5
appropriately accredited ITA to put their system
6
through the certification process.
7 MR. BERGER: Yes.
8 MR. MARTINEZ: Is that correct?
9 MR. BERGER: Actually, there is a set of
10
documents that precedes that, and that is the
11
vendor informs the test lab with depth what the
12
system is they've proposed for testing.
And then
13
the test lab looks at that, that's called a
14
technical data package.
15 MR. MARTINEZ: Um-hmm.
16 MR. BERGER: They look at that data
17
package, and looking at the features, functions,
18
and particular technologies, and develop a test
19
plan as to how they're going to review that
20
specific system against the requirements. Both of
21
those documents need to come over to the EAC and to
22
the reviews so that the can look at does this test
23
plan represent an adequate evaluation of this
24
specific system.
25 MR. MARTINEZ: Sure.
47
1 MR. BERGER: So it's --
2 MR. MARTINEZ: And let me cut you off
3
there and ask you the next question.
After the
4
test plan -- after the vendor contacts the
5
laboratory, and the technical data package and the
6
test plan is developed, is that the end of the
7
communication between the vendor and the ITA, the
8
laboratory, or is there ongoing communication
9
during this entire process between the vendor and
10
the testing authority?
11 MR. BERGER: Typically, communication
12
between the vendor and the test lab is quite active
13
throughout the process.
14 MR. MARTINEZ: Okay, so we have a test --
15
the test plan, the test data package, I've seen
16
written some place, an application.
Is that just
17
what it implies that there's an application
18
involved to start in the whole process, basically?
19 MR. BERGER: Yes.
20 MR. MARTINEZ: Okay, he test report then
21
is generated by the Independent Testing Authority,
22
by the testing authority?
23 MR. BERGER: Yes.
24 MR. MARTINEZ: And the test report then
25
has to be reviewed not just by the EAC, but by the
48
1
technical reviewers that we will contract with to
2
carry out this particular function.
3 MR. BERGER: That's correct.
4 MR. MARTINEZ: Mr. Wall, the test plan --
5
there's a similar plan for FCC called the test
6
plan, I think I saw in your slides, and or
7
something to that effect, a report that is
8
generated after the testing authority does its work
9
basically. And my question then
would be to you in
10
terms of what information in that test plan is
11
public data from the FCC perspective? What can we
12
learn from what you all put out in public that we
13
ought to be looking at to guide us as we're making
14
the same decisions without reaching proprietary
15
information.
16 MR. WALL: Well, there are slight
17
differences between the FCC and the EAC System. One
18
of those differences is the requirement for test
19
plan. We did not require the
manufacturer
20
laboratories to have approved a test plan ahead of
21 time. And there a good reason for that, there's a
22
difference in perplexity here.
The vending
23
systems, or voting systems, I should say are much
24
more complex, and there's a process to learn what
25
test should be done, and EAC feels they should be
49
1
involved and what tests need to be done to have a
2
complete package.
3 MR. MARTINEZ: Got you, okay, I
4
understand that. And I don't mean
to cut you off,
5
but I know I'm about to be cut off by our Chair;
6
he's got to move on to another Commission, and I
7
want to ask one more question.
Mr. Berger, part of
8
your diagram, one of the diagrams you put up
9
contemplates -- and our proposed guidelines
10
contemplate a very important piece of successful,
11
successfully completing the certification process
12
is for the vendor to submit their software to the
13
National Software Reference Library, which I think
14
is an extremely important step that remains largely
15
unheralded and perhaps even used.
And I think
16
we're going to see a lot more in that particular
17
area as we move forward, and I think it's going to
18
be a big piece of what we do to ensure the security
19
and integrity of voting systems.
But there's also,
20
if I understand it, it's not uncommon to see
21
vendors put patches into their systems, perhaps
22
even a day before an election. So
my question to
23 you is, how do you reconcile
the fact that the
24
purpose of the National Software Reference Library
25
is to compare the executable final software that
50
1
was submitted for certification with what is out
2
there in the field. And yet, if
patches are
3
installed as we move towards election day, isn't
4
there going to be some discrepancies there? Any
5
thoughts about that, and my time is limited, so if
6
you could make your answer as short as possible.
7 MR. BERGER: Well, I think it's very
8
important as we look at the different evaluations
9
that we construct a system that's additive, so that
10
when the ITA's evaluate software, when later state
11
officials evaluate them in the state evaluations,
12
that they know they're looking at the same code,
13
and that their inspections build on one another,
14
and therefore, deliver to the public increasing
15
confidence that there is not malicious intent, or
16
errors that may result in inaccuracies.
Patches
17
are a reality and a very difficult issue. I think
18
at a minimum, we would want to make sure that those
19
patches are escrowed, so that if absolutely
20
required after the fact, review evaluations can be
21
done to make sure the code was performing exactly
22
as intended. And that certainly
can be done. Much
23
more preferable would be that those patches were
24
reviewed they were approved, and therefore that --
25
really what's in the National Software Reference
51
1
Library is what's used on election day.
2 MR. MARTINEZ: I agree with that. Thank
3
you, Madame Chair.
4 CHAIR HILLMAN: Okay, Commissioner
5
Davidson?
6 MS. DAVIDSON: I have a couple questions.
7
And Mr. Berger or Mr. Wall, one of things that you
8
mentioned was that once the certified, you know,
9
from the ITA's, then it goes down to the states for
10
their certification. Do you
suggest that they use
11
a -- I mean, if some states will out source that
12
and have somebody else do it, and it was suggested
13
even that the same ITA's do the states, but do you
14
see that being a conflict of having a very same ITA
15
that certified the equipment do a state test?
16 MR. BERGER: I personally could foresee
17
an integrated system that actually would add
18
robustness. I think there's conflicting issues
19
here. On the one hand, as you
indicate, there's
20
some value in having independent reviews; they're
21
totally separated and therefore what may be missed
22
in one review, you know, may be picked up in
23
another one. Another concern I
personally have
24
with this system is if the individuals involved are
25
going to gain the requisite expertise, they need to
52
1
have enough experience to get that over a serious
2
of systems. And so there's certain
value in
3
concentrating the works, so that we keep people
4
busy enough, give them enough breadth of experience
5
over several voting systems, so they really gain
6
expertise and nuance. One
possibility, I might
7
point out, is there no reason that's obvious to me
8
why test reports can't be parallel reviewed by a
9
body comparable to the technical reviewers on this
10
EAC, on the state level. And they equally could be
11
available to do witness testing during the
12
laboratory testing, giving additional expertise at
13
the point of test, but also independent review of
14
the test. So I think there's some
things that
15
could be creatively done to address those concerns.
16 MS. DAVIDSON: Well, and namely -- I
17
mean, if there was ever a problem in a state with a
18
certain type of equipment, having that reported
19
would be very important.
Sometimes that is not
20
reported as freely as what we probably would like
21
to have, so we can have a total handle on some of
22
that. Do you see there is
anything that we can do
23
to make sure that issue sare reported, and so that
24
the vendors are held to the responsibility that we
25
feel they should be.
53
1 MR. BERGER: Well, in the last chart I
2
indicated some -- a number of lines of
3
communication, and that's certainly one that I hope
4
would be very active.
Particularly in some of the
5
security areas, the more reviewers that look over
6
the code, the more reviewers that challenge the
7
system in various ways, the better.
And if the
8
lines of communications are there so that a
9
vulnerability identified wherever gets reported and
10
therefore benefits any users of that system, I
11
think the public confidence in the system just
12
increased.
13 MS. DAVIDSON: Back to the question about
14
when we talked about the issue of decertifying and
15
having that, don't you feel that states will also
16
take underneath their wings of decertifying
17
equipment that they found to be a problem within
18
their own state. That's what's been happening in
19
the past.
20 MR. BERGER: Absolutely, and in some
21
cases, state decertification may go beyond the
22
equipment, to some other functions that are
23
delivered by the vendor, because typically the
24
vendor is delivering more than raw equipment. You
25
are delivering services and support, and
54
1
decertification on the state or local level may be
2
because of deficiencies in those other areas.
3 MS. DAVIDSON: I guess my last statement
4
is I think that it is really important that we
5
figure out some way that patches can be made,
6
because state laws require them to be made if a
7
candidate -- deceased candidate comes up, a law, or
8
something like that that you have to remove a name
9
from the ballot, or that something takes place t
10
hat, you know, something had to be changed because
11
of a courts or. So we really need
to really, I
12
think, put some thought in to how we handle the
13
package, and the filing of that software with the
14
National Institution of Standards and Technology.
15 MR. BERGER: I certainly would agree.
16
And of course, the most difficult scenario are
17
those patches that come up at the last minute. But
18
that has to be dealt with.
19 CHAIR HILLMAN: Thank you, ma'am.
20 MS. DAVIDSON: Thank you.
21 CHAIR HILLMAN: I do have a couple of
22
specific questions, but I have an overarching
23
question. When I buy appliances, equipment, for use
24
in my home, whether it's my car, or microwave, or
25
computer, or whatever, or when agencies or
55
1
businesses by equipment to use in their offices, we
2
take for granted that the equipment and appliances
3
have been tested. We know that
they meet some
4
standards; they're safe. They'll
do what they say
5
they'll going to do. They'll
going to withstand
6
use over a period of time, and we're going to both
7
be protected and assured of safety, but we also
8
know that the item is reliable, and it's going to
9
work for us and do what we need it to do. Is it
10
fair to make a comparison between voting equipment
11
and voting systems, including software, and
12
microwave ovens, and automobiles, and anything else
13
we use, where we need to know at the end of the day
14
that this item is functioning as it is intended to
15
do. And if the answer to that is
yes, what comfort
16
then should the public take in this certification
17
process we are about to take?
That voting systems
18
will perform the way the voters expect and need
19
them to perform, and will it help increase voter
20
confidence in the reliability, and accuracy, and
21
security of the voting equipment.
22 MR. BERGER: Those questions are
23
critical, of course. And I think
the public should
24
take confidence in that the system that is being
25
recommended to the EAC is built on decades of
56
1
experience in conformity assessment in a number of
2
fields. That knowledge and
understanding has been
3
deposited into the ISO Guides and into the system
4
in general. And all of us here
have spent decades
5
working on those systems to ensure the safety of
6
products, to ensure the compliance with FCC
7
regulations and other regulatory requirements. And
8
the system that is being proposed has been well
9
tested, and delivers a safe products that meet a
10
variety of requirements in a variety of arena. So
11
I'm quite confident that those same mechanisms will
12
prove effective here.
13 MR. WALL: Let me just add something to
14
that, if I may. I've spent years
in looking at the
15
issue of standards, and there are a different type
16
of standards. Your question is very insightful in
17
that the standard - - the voting guidelines
18
standards is critical, and that's a work in
19
progress; as you learn more, you'll probably
20
improve that document as you go down the path. That
21
looks at not just minimal standards, but it looks
22
at quality issues; it looks at a number of
23
different issues. And that's
going to be the
24
document you really want to follow really
25
carefully. The conformity
assessment aspect isn't
57
1
really a part of the program you're undertaking.
2
All you're doing in the conformity assessment is
3
assuring that the product is capable of meeting
4
that standard. And so it's the --
there are two
5
parts that you want to look at very carefully. You
6
want to make sure that the standard does what you
7
want it to do, that it gives people confidence that
8
the equipment is doing what it says its going to
9
do, and that the conformity assessment program only
10
says okay, yeah, we've tested that product or we
11
had that product tested and we certified it, and
12
yeah, it is capable of meeting that standard. So
13
you want to make a distinction between the two
14
aspects. And maybe Brian would
like to add a
15
couple things to that?
16 MR. HANCOCK: Just one quick thing,
17
Madame Chair. I think from my
perspective, one of
18
the most important things is that all of the
19
components of this program work together.
20
Separately, they cannot give the American public
21
the level of assurance that I think the Commission
22
is looking for. And what I mean
by that is the
23
voluntary voting system guidelines, the testing and
24
certification program, the laboratory accreditation
25
program, the state certification and testing, and
58
1
importantly, something the Commission is going to
2
be undertaking is management guidelines for the use
3
of these systems. All of those
are important
4
components, and I think, you know, if those are not
5
all together and very robust, there is a letter of
6
decreased confidence. But, if
they're all there, I
7
think we will have an extremely high level of
8
confidence that re employed.
9 CHAIR HILLMAN: I'm assuming telephones
10
have standards that -- okay. Is
it fair -- is it a
11
fair comparison to say that the guidelines that we
12
will be adopting in the certification process that
13
EAC undertakes will product the same kind of
14
standards, if you will, that are applied to
15
telephones or others. I mean I've
heard that
16
comparison a lot from people, and I'm never quite
17
sure how to respond. I want to
provide assurity
18
[phonetic], but I don't want to be misleading.
19 MR. BERGER: Well, let me reflect on
20
that. I hear Art wanting to
contribute. I've
21
spent a great deal of my career in both the
22
information technology and telecommunications
23
industry. My responsibility in
several jobs has
24
been to test products -- telecommunication
25
products, for compliance to FCC and other
59
1
standards, and actually for international
2
compliance. And I can tell you
that we've looked
3
very consciously at the kinds of systems and
4
requirements that we've used for
5
telecommunications, and brought over, as
6
appropriate, the lessons learned.
And I think
7
that's an accurate comparison.
8 MR. WALL: I'm going to have to go back
9
and talk about standards and the different types of
10
standards. When the FCC adopts
standards, there
11
are mandatory performance standards to ensure that
12
the equipment does not interfere with the radio
13
spectrum. We do not get into reliability issues
14
with those standards. We did not
get into
15
performance issues. We leave that
to the Voluntary
16
Standards area. Manufacturers then get together and
17
adopt voluntary standards, through organizations
18
like the IEEE and other organizations.
And there
19
they look at more performance issues and how could
20
the product that's come before them, we believe is
21
a manufacturers issue, whether they're going to be
22
able to continue to sell a product that's not
23
performing the way customers believe it should
24
perform, that's a marketplace decision.
So the FCC
25
didn't get involved in that. In
the EAC case,
60
1
you've got a different role.
You're looking at
2
voting systems, and you want to provide assurance
3
to the public that that system is capable of doing
4
what it says it's going to do, so you're looking at
5
performance standards. So it's a
difference in
6
standards that we're talking about.
You talked
7
about the FCC and telecom equipment, but our
8
standards are looking at a different aspect than
9
just the performance issues.
10 CHAIR HILLMAN: Great, thank you. Just a
11
couple of quick questions. Mr.
Berger, is it fair
12
to say that there is -- in your presentation, one
13
of your slides talked about the national program
14
that the EAC will be putting in place, is there a
15
national program in place now, would you say?
16 MR. BERGER: I would certainly
17
characterize the NASED program as a national
18
program. I think it's fulfilled that function. And
19
as Brian had said, they have been resource limited.
20
I personally have the utmost respect for what's
21
been accomplished, considering the resources
22
they've had available. It's
amazing what they have
23
accomplished, and I think that's to be commended.
24
What's evident and what's being recommended to the
25
EAc is that additional resources are available and
61
1
we want to sue those to best effect, to give the
2
public the greatest confidence in the system
3
they're going to be using.
4 CHAIR HILLMAN: You talked about key
5
issues for certification systems.
Are there other
6
-- are there issues that others would say are key
7
that you haven't put on your list?
I mean is there
8
any debate in the scientific, academic, engineering
9
world about what the key issues are for
10
certification of voting systems?
11 MR. BERGER: We've worked rather
12
diligently to answer that question.
In 2001 when
13
the IEEE first got involved in setting up standards
14
for voting equipment, when we established SEC38. At
15
that point, we were just concerned citizens, kind
16
of a grassroots movements, and we came to the FEC,
17
that's where I first met Brian, and we discovered
18
that the FEC was in the process of establishing
19
what's now the 2002 FEC Guidelines. We decided that
20
the best contribution we could make would be to go
21
through the technical community of the IEEE and
22
bring what comment we could to that process, and
23
ultimately we went out through those seven
24
societies and others and brought, I think, 30 or 40
25
pages of comment that were contributed to the staff
62
1
and may of those incorporated into the system. I
2
say that to just summarize that while there is
3
technical debate on some points, I think what you
4
have represents a pretty fair consensus of the
5
community, of the area of specification and what
6
those specifications should be.
7 CHAIR HILLMAN: Okay.
Technical reviews,
8
what is the universe from which these technical
9
reviewers come from? Where do
they come from?
10 MR. BERGER: A variety of places.
11
Clearly, on every review team you need people who
12
have in-depth, domain knowledge of elections and
13
elections systems voting equipment.
Those people
14
are probably going to be known on a first-named
15
basis to the Commissioners. They will be people
16
who, have in the past, performed NASED evaluations
17
and reviewed the ITA's for the NASED program. They
18
are people who worked in state systems, assisting
19
state election officials and local officials
20
perform reviews and in other ways gotten domain
21
knowledge. They'll also come from
bodies that have
22
specific knowledge in specialized topics, such as
23
security, usability, reliability, and accuracy. And
24 so
we're looking in those technical communities and
25
bring forth individuals who have that kind of
63
1
knowledge and can bring that there.
2 CHAIR HILLMAN: Testing labs, are there a
3
sufficient number of entities that have qualified
4
to be testing labs, to allow the EAC to fulfill
5
their responsibilities, in your opinion?
In your
6
collective opinions?
7 MR. BERGER: There are certainly a number
8
of very confident labs that test a wide variety of
9
topics in this country. Given the
specialized
10
nature of this topic and the rather limited number
11
of units that are brought for evaluation, I think
12
the Commission is going to have a challenge just to
13
have an adequate number of labs appropriately busy
14
and experienced in evaluation.
15 MR. HANCOCK: I would agree with Steve.
16
Currently, the NASED process has three testing
17
laboratories that they use. The
NVLAP program
18
apparently has, as this point,
received
19
applications for a number of other laboratories.
20
I'm not sure how many of those have actually been
21
received, but as Steve said, the election
22
community, unlike a community protesting cell
23
phones or something like that, the units are fairly
24
limited. And I think we have to
remember that this
25
is a business for these testing labs and they do
64
1
have to make a business decision.
2 CHAIR HILLMAN: Okay, and my final
3
question about the FCC certification process. Just
4
out of curiosity, what determines when a product is
5
submitted to the FCC versus the TCB?
6 MR. WALL: It's actually specified in the
7
rules?
8 CHAIR HILLMAN: The rules?
9 MR. WALL: Excuse me.
The manufacturer
10
has the option of sending it to the FCC or TCB. The
11
only few products we say has to go to the FCC is
12
when the test procedure is not well defined or it's
13
a new technology, and for those few pieces we
14
require them to come to the FCC.
I think the
15
question -- I misinterpreted your question was
16
there are products for which certification is not
17
required, but the matter of fact, they have to send
18
it to an accredited lab, and that's specified in
19
the FCC rules.
20 CHAIR HILLMAN: Okay, thank you.
21
Commissioners, we have before us a recommendation,
22
and I'm going to ask our Executive Director if he
23
has any comments for us with respect to the
24
recommendation, before we act on it.
25 MR. WILKEY: Thank you, Madame Chair. I
65
1
think that the staff has spent a considerable
2
amount of time, both the individuals before you, as
3
well as significant and several meetings with both
4
vendors and the ITA's that are presently working in
5
the NASED program. I think that
the framework that
6
they have provided the Commissioners is an
7
excellent start. We know we have
some additional
8
work to do, but certainly the framework that you
9
have before you is one that I think will be a good
10
process for the EAC to undertake. As you know, I
11
have been personally involved in the voting system
12
certification process for well over ten years and
13
go back to the original development of the
14
standards in 1990. So I
understand the process; I
15
understand what needs to be done.
I certainly am
16
very pleased with what this staff has presented
17
you, and certainly recommend for the adoption of
18 that concept.
19 CHAIR HILLMAN: Okay, thank you. For the
20
General Council, do you have any recommendations
21
for us regarding this recommendation before we
22
proceed.
23 MS. THOMPSON: No, Madame Chair, unless
24
you have any questions with regard to the
25
parliamentary procedure, I think we're ready to
66
1
move to a vote.
2 CHAIR HILLMAN: Okay.
Well, I do have --
3
there is a resource implication, and that is what
4
the EAC will need in terms of dollar and human
5
resources to fully carry out this responsibility.
6
We are in the process of having Congress respond
7
through the Appropriations Committee to our request
8
for our 2006 budget, and we did put some resources
9
in for the 2006 budget. Of
course, if Congress
10
doesn't appropriate the full amount of money we
11
requested, the question comes up what we will have
12
to do to make certain that we have sufficient
13
resources to meet this requirement, and how we
14
juggle all that. And I just
wondered -- Mr.
15
Wilkey, if you've got any thoughts for us on that?
16 MR. WILKEY: Well, we certainly hope that
17 -- and since the bulk of this
program will not
18
commence until our fiscal year 2006 that we are
19
hopeful that as we make our presentations to the
20
appropriators that they will be so inclined to
21
listen to that request, in terms of what we have to
22
do. Initially, I think we have --
if the 2006
23
request stays in place as it has been presented, we
24
would be able to proceed. If not,
then I think
25
we're going to have to take a look across the board
67
1
and see how can fit all this into our program.
2 CHAIR HILLMAN: Can you remind us what
3
that was? Was it -- did we say
that we need three
4
full-time staff people, and then in 2006 budget of
5
about how much for the certification?
6 MR. WILKEY: In 2006 we had added -- has
7
asked for initially four additional FTE's, two to
8
assist in the audit process and two in the
9
certification process, to assist Mr. Hancock in his
10
work.
11 CHAIR HILLMAN: Okay.
And that was what,
12
around a half a million dollars, do you remember?
13 MR. WILKEY: I believe so.
14 CHAIR HILLMAN: Ms. Paquette, do you
15
recall?
16 MS. PAQUETTE: I'm sorry, I'm drawing a
17
blank on that right now. I
haven't thought about
18
the budget for awhile.
19 CHAIR HILLMAN: Mr. Hancock, do you
20
remember?
21 MR. HANCOCK: I believe it was --
22 CHAIR HILLMAN: -- about a half of
23
million?
24 MR. HANCOCK: -- about $500 or $600,000,
25
yes.
68
1 CHAIR HILLMAN: Right, three full-time
2
staff people and about a half a million dollars is
3
what we estimated would be the cost to the
4
Elections Assistance Commission to undertake this
5
responsibility in 2007.
6 MR. WILKEY: That's correct. It's gets a
7
little confusing because we've already started
8
putting together our budget for 2007, so we were
9
looking at figures for that. So,
yes, I would say
10
about a half of a million.
11 CHAIR HILLMAN: Okay, Commissioners,
12
before we move on the recommendation before us, do
13
you have any further questions?
14 MR. MARTINEZ: I would just make a quick
15
statement if I could, Madame Chair, and that is to
16
reiterate the excellent point you just brought up,
17
and that is the infrastructure of the EAC, and the
18
fact that we are currently capped at, essentially
19
18 full- time employees; it's 22, but the four
20
Commissioners count against that cap.
So we have
21
18 full-time employees, one of which is doing this
22
on a full-time basis, although Brian also wears
23
other hats for the EAC, and doing other things as
24
well, so I think your point is very well taken in
25
the sense that we need additional bodies to help
69
1
dedicate to this important task.
I mean this is
2
the first time in the history of our government
3
that a federal agency would be involved in the
4
certification, decertification, recertification of
5
voting systems. It's a major
responsibility, and
6
one that I think if done right can help to ensure
7
that the confidence of the American public and the
8
voting systems they use is at the level that it
9
ought to be. So I would simply amplify the
10
excellent point that you've just made, and also
11
keep in mind Mr. Hancock's testimony that there are
12
states -- additional states who are looking to now
13
jump into this process as well. We really need all
14
states, I think, to participate in this national
15
certification process. It sounds
like there's
16
interest in other states coming on board, if we do
17
this right. And part of doing it
right is having
18
the resources, and the framework, the
19
infrastructure to get it done. SO
I just think
20
that's an excellent point.
21 CHAIR HILLMAN: Okay, any other
22
questions. Okay, so we have before us the
23
recommendation that Mr. Hancock read into the
24
record, and we have it before us in writing. And
25
so, it would be appropriate if we're in agreement
70
1
for a motion to accept the recommendation as read
2
and as presented to us in writing.
3 MR. MARTINEZ: So moved.
4
MS. DAVIDSON: Second it.
5 CHAIR HILLMAN: Okay.
Any other
6
questions? All in favor, say I.
7 MR. DEGREGORIO: I.
8 MR. MARTINEZ: I.
9 MS. DAVIDSON: I.
10 CHAIR HILLMAN: Okay, so we have approved
11
the recommendation, accepted the recommendation,
12
and we will move forward with all due speed. We
13
have come to the end of our agenda.
There are a
14
couple of announcements I want to make.
First,
15
just to remind people that this meeting is being
16
broadcast live via webcast, and I understand that
17
they are probably, at any given point, have been
18
about 90 people viewing the meeting through the
19
webcast, and we appreciate the public interest in
20
our work. I also want to
acknowledge that we have
21
with us several members of the Election Assistance
22
Commissions Standards Board. The
Chairman of the
23
Board, Mike Sciortino is here; welcome. And I'm
24
sure you all will understand and forgive that I
25
don't call each members name, but I do want to
71
1
recognize that we have with us Secretary of State,
2
Deb Markowitz, from Vermont, who is a member of the
3
Standards Board; and two State Election Directors,
4
at least from what I've been able to eyeball, Sarah
5
Ball Johnson, from Kentucky, and John Lindback from
6
Oregon, and a number of local election officials
7
from Louisiana, and California, and different parts
8
of the country, and welcome to all of you. We are,
9
as I mentioned earlier, when this meeting adjourns,
10
we will be having a lunch break and regathering at
11
1:00 p.m. Our afternoon session will be a public
12
hearing on the Voluntary Voting System Guidelines
13
that are out for public comment.
And we are
14
scheduled to have the hearing from 1:00 to 5:00
15
p.m. We have, I believe, two
panels, and following
16
the panel presentations there will be a session at
17
which individuals from the public who have comments
18
they want to share with us will be invited to do
19
that. If there -- right, two
panels, three panels?
20 MS. THOMPSON: Three panels.
21
CHAIR HILLMAN: Right, sorry about that,
22
three panels. And the public
comment period will
23
be 4:30 to 5:00. I'm looking
forward to it. It's
24
a good variety of panels. It's
our last public
25
hearing on the Voluntary Voting System Guidelines,
72
1
and it's our third hearing. It's
been a good
2
process. We have tried to have
the meetings across
3
the country so we could allow people from other
4
parts of the country to, not only observe our
5
meetings, but also to participate in the
6
proceedings. So, Commissioners,
are there any
7
final comments or questions before we adjourn?
8
Executive Director, any?
9 MR. WILKEY: No.
10 CHAIR HILLMAN: Okay, I think --
11 MR. MARTINEZ: Move adjournment, Madame
12
Chair.
13 CHAIR HILLMAN: All right.
14 MR. DEGREGORIO: Second.
15 CHAIR HILLMAN: All right, thank you.
16
The meeting is adjourned.
17
18
19
20
21
22
23
24
25
73
1
STATE OF COLORADO )
2 ) ss.
CERTIFICATE
3
COUNTY OF DENVER )
4
5 I, Christopher Boone, Notary Public
within
6
and for the State of Colorado, do hereby certify:
7 That the foregoing proceedings
were
8
transcribed from a digital recording and
9
thereafter reduced to typewritten form under my
10
supervision, and that the same is, to the best of
11
my ability, a true and correct transcription of
12
the proceedings as I was able to hear them on the
13
digital recording made available to me for
14
re-recording transcription;
15 That I am not related to or in any
way
16
associated with any of the parties to said cause
17
of action, or their counsel, and that I am not
18
interested in the event thereof.
19 In witness whereof, I have affixed my
20
signature and seal this 14th day of September, 2005.
21
22
My commission expires August 16, 2006.
23
24
________________________________________
Christopher Boone, Digital Reporter
25