TGDC Meeting, Jan 2011 Development of High Level Guidelines for UOCAVA voting systems Andrew Regenscheid National Institute of Standards and Technology
TGDC Meeting, Jan 2011 Page 2 Background (1) EAC tasked TGDC with the development of guidelines for testing and certifying of electronic absentee voting systems. TGDC established UOCAVA Working Group. The UOCAVA Roadmap submitted to Congress by the EAC calls for the development of high-level non- testable guidelines for remote electronic absentee voting systems by Spring 2011.
TGDC Meeting, Jan 2011 Page 3 Background (2) EAC/NIST/FVAP UOCAVA Roadmap “EAC and the TGDC, with technical support from NIST, and input from FVAP, will identify high-level, non- testable guidelines for remote electronic absentee voting systems. This effort will focus on the desirable characteristics of such systems and serve as a needs analysis for future pilots and research; and for the purposes of driving industry to implement solutions.”
TGDC Meeting, Jan 2011 Page 4 Approach (1) Identified Council of Europe recommendations, Legal, Operational and Technical Standards for E-Voting, as starting point. Included legal and procedural items out-of-scope for our purposes. Lacked comprehensive security, usability and accessibility guidelines. The CoE recommendations were reviewed and a subset of the recommendations were extracted. Recommendations related to election administration, election law, and instructions for election officials were not included. Recommendations related to technical aspects of design, implementation, and deployment of election equipment were included.
TGDC Meeting, Jan 2011 Page 5 Approach (2) The subset of the recommendations were initially modified. A point was reached where clarity about how the high level guidelines would be used was needed for the group to move forward. The working group asked the EAC to take a pass at modifying the subset of the recommendations. This resulted in a second document with high level guidelines based on VVSG, Pilot Testing Requirements, Operation BRAVO requirement, SERVE, etc.
TGDC Meeting, Jan 2011 Next Steps To meet the UOCAVA Roadmap Spring 2011 deadline, the EAC and NIST will work to complete the document initially provided by the EAC while the working group focuses on other activities. Page 6
TGDC Meeting, Jan 2011 What Now (1) David Wagner suggested focusing on differences between polling place and remote voting systems. Some areas unlikely to need substantially new requirements. Core requirements Software requirements Usability Other areas may need substantial changes. Security Accessibility Page 7
TGDC Meeting, Jan 2011 What Now (2) We can develop testable requirements in a piecemeal fashion. Some areas are ripe for guidelines development. Electronic voter authentication Communications channel security Accessibility Other areas will require additional research and possibly technological improvement. Auditability of remote electronic voting systems End-point security Page 8
TGDC Meeting, Jan 2011 Proposed Resolution (1) High level guidelines for UOCAVA voting systems The TGDC requests the EAC and NIST complete the high level guidelines for UOCAVA voting systems initially started by the UOCAVA working group. This responds to the request in the “Report to Congress on EAC’s Efforts to Establish Guidelines for Remote Electronic Absentee Voting Systems” for the TGDC to assist the Election Assistance Commission in identifying high-level, non-testable guidelines for remote electronic absentee voting systems. Page 9
TGDC Meeting, Jan 2011 Proposed Resolution (2) Guidelines development for UOCAVA voting systems The TGDC requests the UOCAVA working group begin developing guidelines for UOCAVA voting systems in key areas where there are significant differences between polling place and remote voting systems and technology exists to address these differences. Page 10