On February 13th and 14th, the U.S. Election Assistance Commission (EAC) and National Institute of Standards and Technology (NIST) held their first joint Technical Guidelines Development Committee (TGDC) Meeting of 2017. The focus of the meeting was lessons learned by election officials in the 2016 Election; updates from VVSG constituency groups; presentation of proposed scope and structure of the Voluntary Voting System Guidelines (VVSG) version 2.0; and a presentation and discussion with the Department of Homeland Security (DHS) about elections as critical infrastructure.
On Day 1, we heard from the TGDC members who are election officials about Balancing Security and Accessibility – Lori Augino, State of Washington; Voting Machine Security – Bob Giles, State of New Jersey; Post Election Audits – Natasha Walker; State of Maryland; and Recounts – Ross Hein, State of Wisconsin. Each of the presentations included a look back on their experience during the 2016 election, lessons learned, and ways to improve future elections.
After the election official presentations, the NIST technical leads for each of the Constituency Groups, John Wack – Interoperability, Joshua Franklin – Cybersecurity, David Wagner – Auditabilty and Sharon Laskowski – Human Factors, presented the high-level principles and guidelines that their respective groups created and adopted. Additionally, Benjamin Long (NIST) presented on the general principles for the VVSG 2.0. Concluding the constituency group updates was a dual presentation of Testing in the Real World by Jack Cobb – Pro V&V an EAC accredited voting system testing laboratory and McDermott Coutts of the TGDC and Unisyn Voting Solutions, an EAC registered voting system manufacturer.
The focus of Day 2 was to discuss and finalize the scope and structure of VVSG 2.0. The structure of the document was fairly well defined in the 2016 TGDC meetings. However, there were still many questions about which devices would be in or out of scope. For instance, it was clear that an optical scan tabulator and a direct recording electronic machine were both devices within a voting system, but what about a remote ballot marking device? These were two questions carried over from previous TGDC meetings. With concern that these questions may continue to linger and a defined scope would remain out of reach, the EAC staff presented a proposal to change the approach to scoping of the VVSG 2.0. What if the VVSG 2.0 provided guidelines for the functions that a voting system performs instead of guidelines for the devices that perform those functions?
Taking a step back, the EAC’s presentation began with the definition of a voting system in the Help America Vote Act (HAVA), which states that a voting system is:
The total combination of mechanical, electromechanical, or electronic equipment…that is use to define ballots; to cast and count votes; to report or display election results; and to maintain and produce any audit trail information.
From the definition in HAVA, EAC took each of the four characteristics and associated them to devices that are commonly used in the current voting systems. From the current device-based model, the presentation showed the transition from the device to the functions that device performs, ultimately, presenting a flow of the 17 functions performed by a voting system. The underlying description was that an election, whether manual or electronic, is a set of functions that flow from beginning to end. Systems are just a mechanism for processing those functions. Under this new approach, a voting system is combination of the 17 functions, which happen to interact within a device or between a set of devices.
The TGDC had one main question relating to whether this meant that any device performing a function in scope must be tested and certified. The answer is no. The EAC does not want to dictate which devices need to be certified within a voting system. However, the EAC needs to have the ability to test any combination of devices that make up a voting system.
With that in mind, the EAC described how this new approach could facilitate the Objectives defined in the VVSG 2.0 Project Charter. The function-based method met all of the Objectives of the VVSG 2.0 Project Charter in a way that a device-based methodology would not, particularly with respect to innovation, adaptability, interoperability, and transparency.
After a few questions by the TGDC meeting, the final scope and structure were adopted unanimously. The structure of VVSG 2.0 will follow a model of High-Level Principle and Guidelines followed by lower-level testable requirements and test assertions. The scope will cover the 17 functions performed within a voting device. These standards will promote innovation, improve efficiency and save state and local election officials valuable funds.
After the vote on scope and structure, the meeting’s focus changed to critical infrastructure. Joshua Franklin from NIST presented a framework for improving critical infrastructure and cybersecurity, specifically how to apply the NIST Cybersecurity Framework (CSF) to Elections. The presentation gave a background on the CSF and how to create customized profile, if the election industry decided to do so.
The final presentation came from Geoffrey Hale (DHS) to provide details on the services available to state and local election officials. He began with an overview of the general mission, which includes safeguarding and securing cybersecurity. This was followed with a description of responsibilities for and approach to cybersecurity and a list of resources available to election officials. The presentation provided information on the resources utilized in the 2016 election, as well as those resources available in the future.
Heading into the two days, it was clear that there would be a lot of interesting topics and discussions. However, I don’t know that anyone foresaw the work product that resulted from the meetings. At the conclusion of the second day, many people, including some who have been around since the inception of the TGDC, expressed that this was the most productive TGDC meeting ever conducted. With the adoption of the scope and structure and a list of principles and guidelines, the TGDC is well on its way and a draft of the VVSG 2.0 is within reach.
You can watch the archived webcast of the meeting or the PowerPoint presentations here. For more information on the TGDC or VVSG 2.0, please contact Ryan Macias ([email protected]).