ANSI - American National Standards Institute
 Print this article  Previous Next 

Recommendations for Future Voting System Guidelines Herald Significant Changes

New York, Nov 30, 2006

In a series of preliminary security reports issued by the National Institute of Standards and Technology (NIST), the federal agency is recommending significant changes to standards for electronic voting machines. The recommendations will form the basis of discussions at the upcoming meeting of the Technical Guidelines Development Committee (TGDC) next week, when election regulators will meet to hammer out the latest iteration of the nation’s voluntary voting systems guidelines, known as the VVSG 2007.

Formed under charter by the Help America Vote Act of 2002 (HAVA), the TGDC was established to support the U.S. Election Assistance Commission (EAC) in developing standards to improve the reliability and security of the nation’s voting systems. As chair of the TGDC, NIST oversees the development of the guidelines and provides technical guidance in areas such as encryption, usability engineering and testing. The recommendations for the VVSG 2007 were prepared by TGDC’s Security and Transparency Subcommittee (STS) in consultation with NIST.

If the recommendations are approved, the 2007 version of the VVSG would bar direct record electronic (DRE) voting machines from future elections. According to one report, there is no means of verifying tallies because DRE machines are software dependent. Because there is no audit mechanism other than the software that tabulated the results to begin with, the machines are open to undetectable errors and malicious software attacks.

“The computer security community rejects the notion that DREs can be made secure, arguing that their design is inadequate to meet the requirements of voting and that they are vulnerable to large-scale errors and election fraud,” the report states. “Potentially, a single programmer could 'rig' a major election.”

The reports also recommend focusing attention on improving the reliability and usability of voting systems that produce voter verified paper records, emphasizing that a voting system “should never be able to record an electronic record and at the same time fail in properly creating or storing the paper record.”

To a large extent, STS says, the usability of paper records depends on a machine’s design. Many machines equipped with paper rolls produce illegible or otherwise unusable records. The report recommends modifications to paper roll equipped machines to increase the security of the housings in which the rolls are encased. New voting machines, the report said, should not make use of paper rolls.

The nation’s existing voting systems guidelines, the VVSG 2005, currently allow the use of radiofrequency (RF) and infrared wireless for voting systems, albeit with several stringent caveats and restrictions. But in light of recent voting system threat analyses on the complexities of secure wireless networking, the report concludes that the use of RF and infrared wireless is a “tremendous risk.” The VVSG 2007 should therefore not include—or be designed to potentially accommodate—RF wireless capability, and the use of infrared wireless should be discouraged, according to the report.

The TGDC meeting will be held December 4-5 at the NIST campus in Gaithersburg, MD, and is open to the public. For information on meeting registration or watching the meeting via webcast, please visit the NIST HAVA webpage.

To view the preliminary security reports for the full list of recommendations, please click here.

As mandated by HAVA, the TGDC includes appointed representatives from the American National Standards Institute (ANSI) and ANSI-accredited standards developer the Institute of Electrical and Electronics Engineers (IEEE).

 Homeland Defense and Security Standardization Collaborative