Voluntary Voting System Guidelines

Last updated

The Voluntary Voting System Guidelines (VVSG) are guidelines adopted by the United States Election Assistance Commission (EAC) for the certification of voting systems. The National Institute of Standards and Technology's Technical Guidelines Development Committee (TGDC) drafts the VVSG and gives them to the EAC in draft form for their adoption.

Contents

History

The Election Assistance Commission was created by the 2002 Help America Vote Act, itself a response to the punch card ballot and multiple ballot style issues that surrounded the 2000 presidential election. [1] The resulting guidelines were intended to provide consistency in the integrity of voting systems. [1]

Writing in 2013, researchers at Auburn University critiqued the guidelines as needing to be paired with funding for states to participate. They argued that the more sophisticated states participated in the voluntary certification while most adapted parts of the guidelines or opted out altogether. [1]

Timeline

Guidelines (2021)

The VVSG 2.0 guidelines were release in 2021. [4] "The Guidelines allow for an improved and consistent voter experience, enabling all voters to vote privately and independently, ensuring votes are marked, verified and cast as intended, and that the final count represents the true will of the voters." [5]

The voting system

"Equipment (including hardware, firmware, and software), materials, and documentation used to enact the following functions of an election:

  1. define elections and ballot styles,
  2. configure voting equipment,
  3. identify and validate voting equipment configurations,
  4. perform logic and accuracy tests,
  5. activate ballots for voters,
  6. record votes cast by voters,
  7. count votes,
  8. label ballots needing special treatment,
  9. generate reports,
  10. export election data including election results,
  11. archive election data, and
  12. produce records in support of audits." [6]

All voting systems must also: [7]

  1. Permit the voter to verify (in a private and independent manner) their choices before their ballot is cast and counted.
  2. Provide the voter with the opportunity (in a private and independent manner) to change their choices or correct any error before their ballot is cast and counted.
  3. Notify the voter if they have selected more than one candidate for a single office, inform the voter of the effect of casting multiple votes for a single office, and provide the voter an opportunity to correct their ballot before it is cast and counted.
  4. Be accessible for individuals with disabilities in a manner that provides the same opportunity for access and participation (including privacy and independence) as for all voters.
  5. Provide alternative language accessibility pursuant to Section 203 of the Voting Rights Act [VRA65].

Principles [8]

High Quality Design

  • Functional equipment requirements are organized as phases of running an election:
    • Election and Ballot Definition
    • Pre-election Setup and logic and accuracy (L&A) testing
    • Opening Polls, Casting Ballots
    • Closing Polls, Results Reporting
    • Tabulation, Audit
    • Storage
  • Requirements dovetail with cybersecurity in areas including:
    • Pre-election setup
    • Audits of barcodes versus readable content for ballot marking devices (BMDs)
    • Audits of scanned ballot images versus paper ballots
    • Audits of Cast Vote Record (CVR) creation
    • Content of various reports
    • Ability to match a ballot with its corresponding CVR
  • Guidance relevant to testing and certification has been moved to the EAC testing and certification manuals.

High Quality Implementation

  • Adds requirement to document and report on user-centered design process by developer to ensure system is designed for a wide range of representative voters, including those with and without disabilities, and election workers

Transparent

  • Addresses transparency from the point of view of documentation that is necessary and sufficient to understand and perform all operations

Interoperable

  • Ensures that devices are capable of importing and exporting data in common data formats
  • Requires manufacturers to provide complete specification of how the format is implemented
  • Requires that encoded data uses publicly available, no-cost method
  • Uses common methods (for example, a USB) for all hardware interfaces
  • Permits commercial-off-the-shelf (COTS) devices as long as relevant requirements are still satisfied

Equivalent and Consistent Voter Access

  • Applies to all modes of interaction and presentation throughout the voting session, fully supporting accessibility

Voter Privacy

  • Distinguishes voter privacy from ballot secrecy and ensures privacy for marking, verifying, and casting the ballot

Marked, Verified, and Cast as Intended

  • Updates voter interface requirements such as font, text size, audio, interaction control and navigation, scrolling, and ballot selections review
  • Describes requirements that are voting system specific, but derived from federal accessibility law

Robust, Safe, Usable, and Accessible

  • References, Section 508 Information and Communication Technology (ICT) Final Standards and Guidelines [USAB18] and Web Content Accessibility Guidelines 2.0 (WCAG 2.0) [W3C10]
  • Updates requirements for reporting developer usability testing with voters and election workers

Auditable

  • Focuses on machine support for post-election audits
  • Makes software independence mandatory
  • Supports paper-based and end-to-end (E2E) verifiable systems
  • Supports all types of audits, including risk-limiting audits (RLAs), compliance audits, and ballot-level audits

Ballot Secrecy

  • Includes a dedicated ballot secrecy section
  • Prevents association of a voter identity to ballot selections

Access Control

  • Prevents the ability to disable logging
  • Bases access control on voting stage (pre-voting, activated, suspended, post-voting)
  • Does not require role-based access control (RBAC)
  • Requires multi-factor authentication for critical operations:
    • Software updates to the certified voting system
    • Aggregating and tabulating
    • Enabling network functions
    • Changing device states, including opening and closing the polls
    • Deleting the audit trail
    • Modifying authentication mechanisms

Physical Security

  • Requires using only those exposed physical ports that are essential to voting operations
  • Ensures that physical ports are able to be logically disabled
  • Requires that all new connections and disconnections be logged

Data Protection

  • Clarifies that there are no hardware security requirements (for example, TPM (trusted platform module))
  • Requires Federal Information Processing Standard (FIPS) 140-2 [NIST01] validated cryptographic modules (except for end-to-end cryptographic functions)
  • Requires cryptographic protection of various election artifacts
  • Requires digitally signed cast vote records and ballot images
  • Ensures transmitted data is encrypted with end-to-end authentication

System Integrity

  • Requires risk assessment and supply chain risk management strategy
  • Removes non-essential services
  • Secures configurations and system hardening
  • Exploit mitigation (for example, address space layout randomization (ASLR) data execution prevention (DEP) and free of known vulnerabilities
  • Requires cryptographic boot validation
  • Requires authenticated updates
  • Ensure sandboxing and runtime integrity

Detection and Monitoring

  • Ensures moderately updated list of log types
  • Detection systems must be updateable
  • Requires digital signatures or allowlisting for voting systems
  • Requires malware detection focusing on backend PCs

See also

Related Research Articles

A voting machine is a machine used to record votes in an election without paper. The first voting machines were mechanical but it is increasingly more common to use electronic voting machines. Traditionally, a voting machine has been defined by its mechanism, and whether the system tallies votes at each voting location, or centrally. Voting machines should not be confused with tabulating machines, which count votes done by paper ballot.

Electronic voting is voting that uses electronic means to either aid or take care of casting and counting ballots.

<span class="mw-page-title-main">Help America Vote Act</span> 2002 election law

The Help America Vote Act of 2002, or HAVA, is a United States federal law which passed in the House 357-48 and 92–2 in the Senate and was signed into law by President George W. Bush on October 29, 2002. The bill was drafted in reaction to the controversy surrounding the 2000 U.S. presidential election, when almost two million ballots were disqualified because they registered multiple votes or no votes when run through vote-counting machines.

<span class="mw-page-title-main">Election Assistance Commission</span> American government agency

The Election Assistance Commission (EAC) is an independent agency of the United States government created by the Help America Vote Act of 2002 (HAVA). The Commission serves as a national clearinghouse and resource of information regarding election administration. It is charged with administering payments to states and developing guidance to meet HAVA requirements, adopting voluntary voting system guidelines, and accrediting voting system test laboratories and certifying voting equipment. It is also charged with developing and maintaining a national mail voter registration form.

In electoral systems, voter registration is the requirement that a person otherwise eligible to vote must register on an electoral roll, which is usually a prerequisite for being entitled or permitted to vote.

An absentee ballot is a vote cast by someone who is unable or unwilling to attend the official polling station to which the voter is normally allocated. Methods include voting at a different location, postal voting, proxy voting and online voting. Increasing the ease of access to absentee ballots is seen by many as one way to improve voter turnout through convenience voting, though some countries require that a valid reason, such as infirmity or travel, be given before a voter can participate in an absentee ballot. Early voting overlaps with absentee voting. Early voting includes votes cast before the official election day(s), by mail, online or in-person at voting centers which are open for the purpose. Some places call early in-person voting a form of "absentee" voting, since voters are absent from the polling place on election day.

<span class="mw-page-title-main">Election Systems & Software</span>

Election Systems & Software is an Omaha, Nebraska-based company that manufactures and sells voting machine equipment and services. The company's offerings include vote tabulators, DRE voting machines, voter registration and election management systems, ballot-marking devices, electronic poll books, ballot on demand printing services, and absentee voting-by-mail services.

Various governments require a certification of voting machines.

End-to-end auditable or end-to-end voter verifiable (E2E) systems are voting systems with stringent integrity properties and strong tamper resistance. E2E systems often employ cryptographic methods to craft receipts that allow voters to verify that their votes were counted as cast, without revealing which candidates were voted for. As such, these systems are sometimes referred to as receipt-based systems.

The term "software independence" (SI) was coined by Dr. Ron Rivest and NIST researcher John Wack. A software independent voting machine is one whose tabulation record does not rely solely on software. The goal of an SI system is to definitively determine whether all votes were recorded legitimately or in error.

An Independent Testing Authority (ITA) is a laboratory certified by the United States-based National Association of State Election Directors (NASED) to test voting systems to the Voting System Standards (VSS) or the Voluntary Voting System Guidelines (VVSG) in the process of certifying voting systems. The Election Assistance Commission has taken over the responsibility for accrediting such laboratories and now uses the National Institute of Standards and Technology's National Voluntary Laboratory Accreditation Program. Under the EAC process, ITA's are now known as Voting System Testing Laboratories (VSTLs).

The Technical Guidelines Development Committee (TGDC) of the National Institute of Standards and Technology supports the Election Assistance Commission in the United States by providing recommendations on voluntary standards and guidelines related to voting equipment and technologies.

Election Markup Language (EML) is an XML-based standard to support end to end management of election processes.

<span class="mw-page-title-main">Risk-limiting audit</span>

A risk-limiting audit (RLA) is a post-election tabulation auditing procedure which can limit the risk that the reported outcome in an election contest is incorrect. It generally involves (1) storing voter-verified paper ballots securely until they can be checked, and (2) manually examining a statistical sample of the paper ballots until enough evidence is gathered to meet the risk limit.

According to Abilities United, over 16% of Americans are considered to have either a physical, developmental, or learning disability. The barriers that 33.7 million persons with disabilities face within the American electoral process include: access to polling information, physical access to polls, current and future laws that deal with the topic, and the moral implications regarding the varying levels of both physical and cognitive disabilities and the act of voting.

<span class="mw-page-title-main">Election audit</span>

An election audit is any review conducted after polls close for the purpose of determining whether the votes were counted accurately or whether proper procedures were followed, or both.

The Verified Voting Foundation is a non-governmental, nonpartisan organization founded in 2004 by David L. Dill, a computer scientist from Stanford University, focused on how technology impacts the administration of US elections. The organization's mission is to “strengthen democracy for all voters by promoting the responsible use of technology in elections.” Verified Voting works with election officials, elected leaders, and other policymakers who are responsible for managing local and state election systems to mitigate the risks associated with novel voting technologies.

Election cybersecurity or election security refers to the protection of elections and voting infrastructure from cyberattack or cyber threat – including the tampering with or infiltration of voting machines and equipment, election office networks and practices, and voter registration databases.

<span class="mw-page-title-main">Electronic voting in the United States</span> Facet of American elections

Electronic voting in the United States involves several types of machines: touchscreens for voters to mark choices, scanners to read paper ballots, scanners to verify signatures on envelopes of absentee ballots, and web servers to display tallies to the public. Aside from voting, there are also computer systems to maintain voter registrations and display these electoral rolls to polling place staff.

Direct Recording Electronic with Integrity and Enforced Privacy (DRE-ip) is an End-to-End (E2E) verifiable e-voting system without involving any tallying authorities, proposed by Siamak Shahandashti and Feng Hao in 2016. It improves a previous DRE-i system by using a real-time computation strategy and providing enhanced privacy. A touch-screen based prototype of the system was trialed in the Gateshead Civic Centre polling station on 2 May 2019 during the 2019 United Kingdom local elections with positive voter feedback. A proposal that includes DRE-ip as a solution for large-scale elections was ranked 3rd place in the 2016 Economist Cybersecurity Challenge jointly organized by The Economist and Kaspersky Lab.

References

  1. 1 2 3 Hale, K.; Brown, M. (2013-07-01). "Adopting, Adapting, and Opting Out: State Response to Federal Voting System Guidelines". Publius: The Journal of Federalism. 43 (3): 428–451. doi:10.1093/publius/pjt016. ISSN   0048-5950.
  2. "Voluntary Voting System Guidelines - Voting Equipment - US Election Assistance Commission". www.eac.gov. Retrieved March 28, 2018.
  3. "U.S. Election Assistance Commission Adopts New Voluntary Voting System Guidelines 2.0 | U.S. Election Assistance Commission". www.eac.gov. Retrieved 2022-12-01.
  4. "VVSG 2.0". Election Assistance Commission. c. 2021.
  5. "VVSG 2.0". Election Assistance Commission. c. 2021. p. 5 https://www.eac.gov/sites/default/files/TestingCertification/Voluntary_Voting_System_Guidelines_Version_2_0.pdf
  6. "VVSG 2.0". Election Assistance Commission. c. 2021. p. 10 https://www.eac.gov/sites/default/files/TestingCertification/Voluntary_Voting_System_Guidelines_Version_2_0.pdf
  7. "VVSG 2.0". Election Assistance Commission. c. 2021. p. 10-11. https://www.eac.gov/sites/default/files/TestingCertification/Voluntary_Voting_System_Guidelines_Version_2_0.pdf
  8. "VVSG 2.0". Election Assistance Commission. c. 2021. p. 14-17. https://www.eac.gov/sites/default/files/TestingCertification/Voluntary_Voting_System_Guidelines_Version_2_0.pdf
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.