Presentation is loading. Please wait.

Presentation is loading. Please wait.

NIST VOTING PROGRAM MARY BRADY, PROGRAM MANAGER. Outline  Motivation & Congressional Mandates  Help America Vote Act  Current Challenges  Engage the.

Published byAllen James Modified over 9 years ago

Similar presentations

Presentation on theme: "NIST VOTING PROGRAM MARY BRADY, PROGRAM MANAGER. Outline  Motivation & Congressional Mandates  Help America Vote Act  Current Challenges  Engage the."— Presentation transcript:

1 NIST VOTING PROGRAM MARY BRADY, PROGRAM MANAGER

2 Outline  Motivation & Congressional Mandates  Help America Vote Act  Current Challenges  Engage the Broader Community  Summary

3 Motivation: 2000 Presidential Election

4 Congressional Mandates HAVA 2002 (Public Law 107-252) : The Help America Vote Act (HAVA) requires NIST/SSD to provide technical support for the development of Voluntary Voting Standard Guidelines (VVSG). Such technical work includes computer security, methods to detect and prevent fraud, protection of voter privacy, the role of human factors, including assistive technology for voters with disabilities, and remote access voting, including voting through the internet. MOVE 2009: The Military and Overseas Voters Empowerment Act of 2009 (MOVE) directs NIST and EAC to provide ”best practices or standards in accordance with electronic absentee voting guidelines established”… to support the pilot program or programs developed by DOD as directed by the Uniformed and Overseas Citizens Absentee Voting Act (UOCAVA) of 1986 as amended.

5 Outline  Motivation & Congressional Mandates  Help America Vote Act  Current Challenges  NIST Response: A New Paradigm  Summary

6 Standards Development Accreditation, Testing, and Certification Usage by States Help America Vote Act

7 VVSG Development Voting Guidelines  VVSG 1.0 -- 2005  VVSG 2.0 -- 2007  VVSG 1.1 -- 2015 Voting Guidelines  VVSG 1.0 -- 2005  VVSG 2.0 -- 2007  VVSG 1.1 -- 2015

8 Lab Accreditation, Testing, Certification VSTL’s – Voting System Test Laboratories are recommended for accreditation by NIST NVLAP Program. VSTL’s test voting systems and make recommendation to the EAC. - Certification - procedure by which a third party gives written assurance that a product, process or service conforms to specified requirements. EAC – Reviews testing information provided by the VSTL’s and certifies a system. Also responsible for decertifying a system if necessary. EAC – In consultation with NIST, may provide a request for interpretation.

9 TGDC Meeting July 20 – 21, 2015 Improving U.S. Voting Systems 9

10 Outline  Motivation & Congressional Mandates  Help America Vote Act  Current Challenges  Engage the Broader Community  Summary

11 Presidential Commission on Election Administration Jurisdictions: Large and Small Equipment Changes Increasing Use of Information Technology in Elections Current Challenges

12 In Recent Years… No EAC Commissioners from 2011 until January 2015 TGDC has been on a hiatus Presidential Commission on Election Administration Voting Equipment is Changing Election officials looking to capitalize on advances in IT to gain efficiencies and lower cost Increasingly complex IT application Interconnected devices New paradigms for voting systems Voter Registration Ballot marking devices E-pollbooks Election Night Reporting

13 Presidential Commission on Election Administration (PCEA)

14 Basic Election Administration Facts 50 States 3,140 Counties 1,620 NE Townships 5,312 Midwest Townships 10,072 Election Jurisdictions Diversity is the underpinning of Elections. Source: Kim Brace

15 Range of Election Jurisdictions LA County Warehouse LA County 4.8 million registered voters 9 languages supported besides English (Spanish, Hindi, Japanese, Korean, Thai, Vietnamese, Chinese, Cambodian, Filipeno) 4,600 polling places 22,200 pollworkers LA County 4.8 million registered voters 9 languages supported besides English (Spanish, Hindi, Japanese, Korean, Thai, Vietnamese, Chinese, Cambodian, Filipeno) 4,600 polling places 22,200 pollworkers Source: Kim Brace

16 Voting Equipment is Changing 2010 & 2012 Source: Kim Brace

17 TGDC Meeting July 20 – 21, 2015 Improving U.S. Voting Systems 17

18 Outline  Motivation & Congressional Mandates  Help America Vote Act  Current Challenges  Engage the Broader Community  Summary

19 Future of Voting – Feb 2013, 2015 NIST/EAC Symposiums Explore Emerging Trends in Voting

20 Standards Standards EffortsNIST Roadmap NASED Subcommittee EAC Future VVSG CSG Technology Group IEEE VSSC

21 NIST Roadmap: The Voter Journey Learn Do People Use Policy Preparing to vote Registration Forms/OVR Register to vote "My Voter" Portals Registrar Elections Web/Phone Am I/How do I register? What is on the ballot? Eligibility Voter Ed Choosing how to vote Request a VBM (or other) Access to 'Polling Place' What are my choices? Where do I go to vote "My Voter" Portals Online VBM SYstem Elections Web/Phone Elections office Voting Options Hours/Places Checking in/ getting ballot Poll workers Authenticate/ Sign-In Ballot Delivery System Transportation to Polls Receive 'ballot' How do I get my ballot Pollbook or Sign-in Voter ID Provisional Marking the ballot Poll workers Mark the ballot Ballot Ballot Marking System How do I mark as I intend? Activate or open the ballot Helper Rules Sample Ballots Pre-Marked Ballot Casting the ballot Poll workers Ballot Scanner Electronic Casting Cast the ballot Review the ballot How do I cast my ballot? Mail Ballot Return Counting Rules Helper Rules Verification & results Verify ballot was received See election results VBM/Ballot Tracking Elections Web/Phone E2E Verification System Who won? Did my vote count? Elections office Canvass Ballot Access

22 NIST Roadmap Partnered with Center for Civic Design Convened 2 Workshops Draft Report Available at:  http://civicdesign.org/wp-content/uploads/Roadmap-V1-FINAL-15-0205a.pdfhttp://civicdesign.org/wp-content/uploads/Roadmap-V1-FINAL-15-0205a.pdf Identified Six Priority Areas:  Support the design process  Engage voters effectively  Address the entire voter journey  Support evolving technology  Provide useful guidance and standards  Improve testing in design and certification

23 Principles High-level Discussion points U&A: 2 pages VVSG Additional Information U&A: 100 pages Test Assertions Low-level details U&A: 65 pages Encapsulate knowledge from other disciplines: U&A: >15 other standards activities NASED Subcommittee

24

25 TGDC Meeting July 20 – 21, 2015 Improving U.S. Voting Systems 25

26 IEEE Voting System Standards VSSC John Wack, Chair 1622.2 Election Results Reporting Sarah Whitt 1622.4 Election Data Modeling Kenneth Bennett 1622.6 Voting Methods Mathematical Models Lauren Massa- Lochridge 1622.7 Electronic Pollbooks Jay Bagga 1622-3 Event Logging John Wack “IEEE effort is most significant work going on in Voting” Matt Masterson EAC Commissioner “IEEE effort is most significant work going on in Voting” Matt Masterson EAC Commissioner

27 Trustworthy Elections Trustworthy Elections Legislatures, Election Officials Cybersecurity Education Risk-Based Security Manufacturers, Test Labs, EAC Software Assurance Test Assertions

28 Test Assertions: Low-level details NIST Team Draft from VVSG EAC/VSTL’s In-Depth Review Manufacturers Feedback Harmonized Assertions Usability/Accessibility (U/A) assertions Covered 19 sections: 3.1.1-3.2.8, 7.9.5-7.9.7 546 TAs = (204 usability, 287 acc., 55 VVPAT Security assertions Covered Chapter 8, 9 404 TAs Usability/Accessibility (U/A) assertions Covered 19 sections: 3.1.1-3.2.8, 7.9.5-7.9.7 546 TAs = (204 usability, 287 acc., 55 VVPAT Security assertions Covered Chapter 8, 9 404 TAs

29 Principle: No interference VVSG 1.0 Requirement 3.2.2.2c-iii: No voting equipment shall cause electromagnetic interference with assistive hearing devices that would substantially degrade the performance of those devices. The voting equipment, considered as a wireless device, shall achieve at least a category T4 rating as defined by American National Standard for Methods of Measurement of Compatibility between Devices and Hearing Aids, ANSI C63.19. TA3222ciii-1: Voting equipment, when used with assistive hearing devices, SHALL achieve at least a category T4 rating as defined by American National Standard for Methods of Measurement of Compatibility between Wireless Communications Devices and Hearing Aids, ANSI C63.19. TA3222ciii-1-1: Voting equipment, when used with cochlear implants, SHALL achieve at least a category T4 rating as defined by American National Standard for Methods of Measurement of Compatibility between Wireless Communications Devices and Hearing Aids, ANSI C63.19. TA3222ciii-1-2: Voting equipment, when used with hearing aids, SHALL achieve at least a category T4 rating as defined by American National Standard for Methods of Measurement of Compatibility between Wireless Communications Devices and Hearing Aids, ANSI C63.19. U&A: An Example

30 Voting Security Studies

31 CWE Mapping CWE-306 - Missing Authentication for Critical Function CWE-120 - Classic Buffer Overflow CWE-522 - Insufficiently Protected Credentials CWE-345 - Insufficient Verification of Data Authenticity CWE-311 - Missing Encryption of Sensitive Data CWE-134 - Uncontrolled Format String CWE-310 - Cryptographic Issues CWE-330 - Use of Insufficiently Random Values CWE-190 - Integer Overflow or Wraparound CWE-20 - Improper Input Validation CWE-321 - Use of Hard-coded Cryptographic Key CWE-327 - Use of a Broken or Risky Cryptographic Algorithm CWE-269 - Improper Privilege Management CWE-303 - Incorrect Implementation of Authentication Algorithm CWE-306 - Missing Authentication for Critical Function CWE-120 - Classic Buffer Overflow CWE-522 - Insufficiently Protected Credentials CWE-345 - Insufficient Verification of Data Authenticity CWE-311 - Missing Encryption of Sensitive Data CWE-134 - Uncontrolled Format String CWE-310 - Cryptographic Issues CWE-330 - Use of Insufficiently Random Values CWE-190 - Integer Overflow or Wraparound CWE-20 - Improper Input Validation CWE-321 - Use of Hard-coded Cryptographic Key CWE-327 - Use of a Broken or Risky Cryptographic Algorithm CWE-269 - Improper Privilege Management CWE-303 - Incorrect Implementation of Authentication Algorithm  Over 250 Vulnerabilities  Top 15 Voting CWE’s

32 Outline  Motivation & Congressional Mandates  Help America Vote Act  Current Challenges  Engage the Broader Community  Summary

33 Summary Elections are complex and the elections community is very diverse Wider engagement of state and local election officials, manufacturers, test laboratories, academics, and a number of advocacy groups Working with the broader elections community on laying the foundation for the next version of the VVSG Restarting the TGDC with recently appointed Commissioners Let’s get to work!

Download ppt "NIST VOTING PROGRAM MARY BRADY, PROGRAM MANAGER. Outline  Motivation & Congressional Mandates  Help America Vote Act  Current Challenges  Engage the."

Similar presentations

TGDC Meeting, December 2011 Usability and Accessibility (U&A) Research Update Sharon J. Laskowski, Ph.D.

TGDC Meeting, December 2011 Usability and Accessibility (U&A) Research Update Sharon J. Laskowski, Ph.D.
IEEE P1622 Meeting, Oct 2011 IEEE P1622 Meeting October 24-25, 2011 Overview of IEEE P1622 Draft Standard for Electronic Distribution of Blank Ballots.

IEEE P1622 Meeting, Oct 2011 IEEE P1622 Meeting October 24-25, 2011 Overview of IEEE P1622 Draft Standard for Electronic Distribution of Blank Ballots.
Affidavit Ballot Procedures The Mississippi Secretary of State’s Office Elections Division 2012.

Affidavit Ballot Procedures The Mississippi Secretary of State’s Office Elections Division 2012.
TGDC Meeting, July 2011 Review of VVSG 1.1 Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL

TGDC Meeting, July 2011 Review of VVSG 1.1 Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL
© Copyright 2009 TEM Consulting, LP - All Rights Reserved Presentation To Travis County, TX - May 27, 2009Rev 1 – 05/22/09 - HSB US Voting System Conformity.

© Copyright 2009 TEM Consulting, LP - All Rights Reserved Presentation To Travis County, TX - May 27, 2009Rev 1 – 05/22/09 - HSB US Voting System Conformity.
Heath Hillman Assistant Secretary of State Elections Division

Heath Hillman Assistant Secretary of State Elections Division
Chapter 10 Section 1: p. 236-239.  Early America: most voters were white, adult males who owned property ◦ White adult males who could not afford property,

Chapter 10 Section 1: p  Early America: most voters were white, adult males who owned property ◦ White adult males who could not afford property,
United States Election Assistance Commission Pilot Program Testing and Certification Manual & UOCAVA Pilot Program Testing and Certification Manual & UOCAVA.

United States Election Assistance Commission Pilot Program Testing and Certification Manual & UOCAVA Pilot Program Testing and Certification Manual & UOCAVA.
Voting System Qualification How it happens and why.

Voting System Qualification How it happens and why.
United States 1 Election Assistance Commission www.eac.gov 1 Inspiring Change & Modernization in Election Administration Seattle, WA June 10, 2015.

United States 1 Election Assistance Commission 1 Inspiring Change & Modernization in Election Administration Seattle, WA June 10, 2015.
12/9-10/2009 TGDC Meeting TGDC Recommendations Research as requested by the EAC John P. Wack National Institute of Standards and Technology

12/9-10/2009 TGDC Meeting TGDC Recommendations Research as requested by the EAC John P. Wack National Institute of Standards and Technology
TGDC Meeting, Jan 2011 UOCAVA Pilot Projects for the 2012 Federal Election Report from the UOCAVA Working Group Andrew Regenscheid National Institute of.

TGDC Meeting, Jan 2011 UOCAVA Pilot Projects for the 2012 Federal Election Report from the UOCAVA Working Group Andrew Regenscheid National Institute of.
Improving U.S. Voting Systems The Voters’ Perspective: Next generation guidelines for usability and accessibility Sharon Laskowski NIST Whitney Quesenbery.

Improving U.S. Voting Systems The Voters’ Perspective: Next generation guidelines for usability and accessibility Sharon Laskowski NIST Whitney Quesenbery.
TGDC Meeting, July 2011 Overview of July TGDC Meeting Belinda L. Collins, Ph.D. Senior Advisor, Voting Standards, ITL

TGDC Meeting, July 2011 Overview of July TGDC Meeting Belinda L. Collins, Ph.D. Senior Advisor, Voting Standards, ITL
TGDC Meeting, July 2011 Update on the UOCAVA Working Group Andrew Regenscheid Mathematician, Computer Security Division, ITL

TGDC Meeting, July 2011 Update on the UOCAVA Working Group Andrew Regenscheid Mathematician, Computer Security Division, ITL
Testing Summit Sacramento, CA November 28, 2005 Barbara Guttman National Institute of Standards and Technology www.vote.nist.gov.

Testing Summit Sacramento, CA November 28, 2005 Barbara Guttman National Institute of Standards and Technology
United States www.eac.gov Election Assistance Commission EAC UOCAVA Documents: Status &Update EAC Technical Guidelines Development Committee Meeting (TGDC)

United States Election Assistance Commission EAC UOCAVA Documents: Status &Update EAC Technical Guidelines Development Committee Meeting (TGDC)
TGDC Meeting, Jan 2011 VVSG 2.0 and Beyond: Usability and Accessibility Issues, Gaps, and Performance Tests Sharon Laskowski, PhD National Institute of.

TGDC Meeting, Jan 2011 VVSG 2.0 and Beyond: Usability and Accessibility Issues, Gaps, and Performance Tests Sharon Laskowski, PhD National Institute of.
TGDC Meeting, July 2011 UOCAVA Roadmap Update Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL

TGDC Meeting, July 2011 UOCAVA Roadmap Update Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL
TGDC Meeting, July 2011 IEEE P.1622 Update John P. Wack Computer Scientist, Software and Systems Division, ITL

TGDC Meeting, July 2011 IEEE P.1622 Update John P. Wack Computer Scientist, Software and Systems Division, ITL

Similar presentations

Ads by Google