Certification of voting machines

Last updated
Election technology
Terminology
Testing
Technology
Manufacturers

Various governments require a certification of voting machines.

Contents

In the United States there is only a voluntary federal certification for voting machines and each state has ultimate jurisdiction over certification, though most states currently require national certification for the voting systems. [1]

Germany

In Germany the Physikalisch-Technische Bundesanstalt was responsible for certification of the voting machines for federal and European elections till 2009. Since the respective law, the Bundeswahlgeräteverordnung ("Federal Voting Machine Ordinance") is considered to be in contradiction to Germany's Constitution, this responsibility is suspended. The only machines certified so far are the Nedap ESD1 and ESD2.

United States

The US Election Assistance Commission has assumed federal responsibility for accrediting voting system test laboratories and certifying voting equipment through the Voting System Certification & Laboratory Accreditation Program. [1] The purpose of the program is to independently verify that voting systems comply with the functional capabilities, accessibility, and security requirements necessary to ensure the integrity and reliability of voting system operation, as established in the Voluntary Voting System Guidelines (VVSG). With this program the National Institute of Standards and Technology (NIST) will recommend labs for accreditation through its National Voluntary Laboratory Accreditation Program (NVLAP).

The VVSG provide a set of specifications and requirements against which voting systems can be tested to determine if the systems provide all of the basic functionality, accessibility and security capabilities required of these systems. In addition, the guidelines establish evaluation criteria for the national certification of voting systems.

The EAC's Technical Guidelines Development Committee, with technical support from NIST are tasked with developing an initial set of recommendations for each VVSG iteration. [2] After the initial draft guidelines are authored, they are sent to the EAC for review and revision and then released for public comment. Comments are reviewed and considered by the EAC in consultation with NIST in development of the final release.

In 2007, California Secretary of State Debra Bowen decertified four electronic voting systems, three of which were conditionally recertified, after a "top-to-bottom review" of the voting machines certified for use in California in March 2007. [3] [4]

VVSG 1.1

A new version of the VVSG was approved in 2015. .

2007 VVSG

A draft version of the 2007 VVSG was developed by the TGDC and NIST. It was not approved by the TGDC nor the EAC.

2005 VVSG

The 2005 VVSG, which significantly increased security requirements for voting systems and expanded access, including opportunities to vote privately and independently, for individuals with disabilities, was unanimously adopted by the EAC in December 2005; [5] It was version of the federal certification standards. During the 90-day public comment period, EAC received more than 6,000 comments on the proposed guidelines. These comments and the proposed guidelines are available via the Kennesaw State University. The 2005 VVSG will go into effect 24 months after their final adoption (December 2007).

Certification Origins and Roy Saltman

In February 1975 an interagency agreement was formed with General Accounting Office’s Office of Federal Elections (predecessor to the Federal Election Commission) and the National Bureau of Standards (predecessor to the National Institute of Standards and Technology) resulting in a March 1975 report, Effective Use of Computing Technology in Vote-Tallying, [6] authored by Roy Saltman. This report highlighted "the lack of appropriate technical skills at the State and local level for developing or implementing written standards, against which voting system hardware and software could be evaluated."

The U.S. Congress then directed the Federal Election Commission (FEC), in conjunction with the National Bureau of Standards to create engineering and procedural performance standards for voting systems. Another report, Voting System Standards: A Report on the Feasibility of Developing Voluntary Standards for Voting Equipment was produced in early 1984. [7] In July 1984 the FEC armed with congressionally appropriated funds began a six-year task of creating the first national performance and test standards for punchcard, marksense, and direct recording electronic voting systems.

The resulting body of work was the first set of voluntary Voting System Standards issued in 1990. [8]

FEC and NASED

In addition to their involvement in the origins of national voting certification and testing, the FEC's Office of Election Administration and the National Association of State Election Directors (NASED) updated the initial Voting System Standards with the 2002 Voting System Standards/Guidelines.

The national testing effort was overseen by NASED’s Voting Systems Board, which is composed of election officials and independent technical advisors. NASED established a process for vendors to submit their equipment to an Independent Test Authority (ITA) for evaluation against the Standards. The NASED has compiled a list of Qualified Voting Systems 12-22-05

EAC Interim Voting System Certification Program

The Help America Vote Act mandated the federal certification process be assumed by the EAC. The EAC implemented an interim certification program in July 2006 which provided a means to obtain federal certification for modifications required by state and local election officials administering the 2006 General Election. [9]

In summer 2006 the EAC barred the company Ciber Inc. from approving further voting machines. Federal officials found that it was not following its quality-control procedures and could not document that it was conducting all the required tests. [10] According to the EAC "Ciber, Inc. has applied for interim accreditation, but EAC has not completed its review, so the Ciber application is pending." They have released relevant documentation regarding the Ciber, Inc. application from accreditation.

See also

Related Research Articles

American National Standards Institute American non-profit organization that develops standards

The American National Standards Institute is a private non-profit organization that oversees the development of voluntary consensus standards for products, services, processes, systems, and personnel in the United States. The organization also coordinates U.S. standards with international standards so that American products can be used worldwide.

The National Institute of Standards and Technology (NIST) is a physical sciences laboratory and a non-regulatory agency of the United States Department of Commerce. Its mission is to promote innovation and industrial competitiveness. NIST's activities are organized into laboratory programs that include nanoscale science and technology, engineering, information technology, neutron research, material measurement, and physical measurement. From 1901–1988, the agency was named the National Bureau of Standards.

David A. Wagner American computer scientist

David A. Wagner is a Professor of Computer Science at the University of California, Berkeley and a well-known researcher in cryptography and computer security. He is a member of the Election Assistance Commission's Technical Guidelines Development Committee, tasked with assisting the EAC in drafting the Voluntary Voting System Guidelines. He is also a member of the ACCURATE project.

Help America Vote Act 2002 law to retire outdated voting equipment, create standards and election commission

The Help America Vote Act of 2002, or HAVA, is a United States federal law which passed in the House 357-48 and 92-2 in the Senate and was signed into law by President Bush on October 29, 2002. The bill was drafted in reaction to the controversy surrounding the 2000 U.S. presidential election, when almost two million ballots were disqualified because they registered multiple votes or none when run through vote-counting machines.

Britain J. Williams III is a Professor Emeritus of computer science at Kennesaw State University in Georgia, and is consultant with the school's Center For Election Systems. He has bachelor's and master's degrees in mathematics from the University of Georgia, and a PhD is in Statistics from the University of Georgia in 1965. He joined the faculty of (then) Kennesaw State College in 1990.

Election Assistance Commission government agency

The Election Assistance Commission (EAC) is an independent agency of the United States government created by the Help America Vote Act of 2002 (HAVA). The Commission serves as a national clearinghouse and resource of information regarding election administration. It is charged with administering payments to states and developing guidance to meet HAVA requirements, adopting voluntary voting system guidelines, and accrediting voting system test laboratories and certifying voting equipment. It is also charged with developing and maintaining a national mail voter registration form.

The Federal Information Processing Standard Publication 140-2,, is a U.S. government computer security standard used to approve cryptographic modules. The title is Security Requirements for Cryptographic Modules. Initial publication was on May 25, 2001 and was last updated December 3, 2002.

Cryptographic Module Validation Program Joint American-Canadian security accreditation program for cryptographic modules

The Cryptographic Module Validation Program (CMVP) is a joint American and Canadian security accreditation program for cryptographic modules. The program is available to any vendors who seek to have their products certified for use by the U.S. Government and regulated industries that collect, store, transfer, share and disseminate "sensitive, but not classified" information. All of the tests under the CMVP are handled by third-party laboratories that are accredited as Cryptographic Module Testing Laboratories by the National Voluntary Laboratory Accreditation Program (NVLAP). Product certifications under the CMVP are performed in accordance with the requirements of FIPS 140-2.

Election Systems & Software company

Election Systems & Software (ES&S) is an Omaha, Nebraska-based company that manufactures and sells voting machine equipment and services. The company's offerings include vote tabulators, direct-recording electronic (DRE) machines, voter registration and election management systems, ballot-marking devices, electronic poll books, Ballot on Demand printing services, and absentee voting-by-mail services.

Federal Information Security Management Act of 2002 United States Law

The Federal Information Security Management Act of 2002 is a United States federal law enacted in 2002 as Title III of the E-Government Act of 2002. The act recognized the importance of information security to the economic and national security interests of the United States. The act requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source.

Cybersecurity standards are techniques generally set forth in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.

The Standards Council of Canada (SCC) is a federal Crown corporation with the mandate to promote voluntary standardization in Canada, where standardization is not expressly provided for by law. Located in Ottawa, Ontario, SCC has a governing council of as many as 13 members and a staff of approximately 100. The organization reports to Parliament through the Minister of Industry.

William A. Jeffrey CEO of SRI International and former NIST director

William A. Jeffrey is the CEO of SRI International, a position he has held since September 2014.

The Common Criteria model provides for the separation of the roles of evaluator and certifier. Product certificates are awarded by national schemes on the basis of evaluations carried by independent testing laboratories.

The term "software independence" (SI) was coined by Dr. Ron Rivest and NIST researcher John Wack. A software independent voting machine is one whose tabulation record does not rely solely on software. The goal of an SI system is to definitively determine whether all votes were recorded legitimately or in error.

An Independent Testing Authority (ITA) is a laboratory certified by the United States-based National Association of State Election Directors (NASED) to test voting systems to the Voting System Standards (VSS) or the Voluntary Voting System Guidelines (VVSG) in the process of certifying voting systems. The Election Assistance Commission has taken over the responsibility for accrediting such laboratories and now uses the National Institute of Standards and Technology's National Voluntary Laboratory Accreditation Program. Under the EAC process, ITA's are now known as Voting System Testing Laboratories (VSTLs).

The Voluntary Voting System Guidelines (VVSG) are guidelines adopted by the United States Election Assistance Commission (EAC) for the certification of voting systems. The National Institute of Standards and Technology's Technical Guidelines Development Committee drafts the VVSG and gives them to the EAC in draft form for their adoption.

The Technical Guidelines Development Committee (TGDC) of the National Institute of Standards and Technology supports the Election Assistance Commission in the United States by providing recommendations on voluntary standards and guidelines related to voting equipment and technologies. It is composed of 14 members selected from various standards boards and for their technical and scientific expertise related to voting systems and equipment.

The Federal Information Processing Standard (FIPS) Publication 140-3 is an announced update to the U.S. government computer security standard used to accredit cryptographic modules. The title of the standard is Security Requirements for Cryptographic Modules and FIPS 140-2 remains the currently approved version. Efforts to update FIPS 140-2 date back to the early 2000s. The FIPS 140-3 was scheduled for signature by the Secretary of Commerce in August 2013, however that never happened and the draft was subsequently abandoned. In 2014, NIST released a substantially different draft of FIPS 140-3, this version effectively directing the use of an International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) standard, 19790:2012, as the replacement for FIPS 140-2. The 2014 draft of FIPS 140-3 was also abandoned. On August 12, 2015, NIST formally released a statement on the Federal Register asking for comments on the potential use of portions of ISO/IEC 19790:2014 in the update of FIPS 140-2. The reference to a 2014-version of ISO/IEC 19790 was an inadvertent error in the Federal Registry posting, as 2012 is the most recent version.

Electronic voting in the United States

Electronic voting in the United States involves several types of machines: touch screens for voters to mark choices, scanners to read paper ballots, scanners to verify signatures on envelopes of absentee ballots, and web servers to display tallies to the public. Aside from voting, there are also computer systems to maintain voter registrations and display these electoral rolls to polling place staff.

References

  1. 1 2 "[[Election Assistance Commission|EAC]] History of Voting System Certification and Test Laboratory Accreditation". Archived from the original on 2007-02-08. Retrieved 2007-02-17.
  2. 2005 Voluntary Voting System Guidelines Volume 1 Archived 2006-02-08 at the Wayback Machine
  3. "Top-To-Bottom Review". California Secretary of State. 2007-08-03. Archived from the original on 2007-07-15. Retrieved 2007-08-10.
  4. San Francisco Gate: County officials fear new voting standards will be hard to meet. August 4, 2007.
  5. Voluntary Voting System Guidelines Archived 2006-02-09 at the Wayback Machine , U.S. Election Assistance Commission
  6. Roy G. Saltman. Final Project Report: Effective Use of Computing Technology in Vote-Tallying, prepared for the Clearinghouse on Election Administration (May 1975). URL= http://csrc.nist.gov/publications/nistpubs/NBS_SP_500-30.pdf
  7. Saltman, R. G. 1988. Accuracy, integrity and security in computerized vote-tallying. Commun. ACM 31, 10 (October 1988), 1184-1191. DOI= http://doi.acm.org/10.1145/63039.63041
  8. Performance and Test Standards for Punchcard, Marksense, and Direct Recording Electronic Voting Systems, Federal Election Commission (1990)
  9. "EAC's Voting System Certification Program". Archived from the original on 2007-02-08. Retrieved 2007-03-17.
  10. U.S. Bars Lab From Testing Electronic Voting
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.