Proposed Guidance on Voluntary Voting System Guidelines
Federal Register: June 3, 2009 (Volume 74, Number 105)
Notices
Page 26665-26667
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
DOCID:fr03jn09-41
ELECTION ASSISTANCE COMMISSION
Proposed Guidance on Voluntary Voting System Guidelines
AGENCY: United States Election Assistance Commission.
ACTION: Notice of proposed updates and revisions to the 2005 Voluntary
Voting System Guidelines and request for public comment.
SUMMARY: The Help America Vote Act of 2002 (HAVA) (Pub. L. 107-252; 42
U.S.C. 15301 et seq. (October 29, 2002)) established the U.S. Election
Assistance Commission (EAC). Section 202 of HAVA directs the EAC to adopt voluntary voting system guidelines (VVSG) and to provide for the testing, certification, decertification, and recertification of voting system hardware and software. The VVSG provides specifications and standards against which voting systems can be tested to determine if they provide basic functionality, accessibility, and security capabilities.
As required by Section 222(d) of HAVA the EAC is placing its proposed updates and revisions out for a 120-day public comment period.
The EAC is asking for comments regarding all sections of the standards impacted by the update process. This updated and revised version of the
VVSG will be known as Voluntary Voting System Guidelines v.1.1 (VVSG v.1.1).
The EAC made the decision to update and revise the 2005 VVSG as a result of feedback received through its Voting System Testing and
Certification Program. As the EAC has worked to test and certify voting systems it observed and received feedback from various sources that the standards being tested to were at times ambiguous and difficult to apply in testing. This ambiguity has led to challenges in making testing consist both within a test laboratory and across different laboratories. In addition, the EAC has received feedback from the
National Institute of Standards and Technology (NIST) that the creation of formalized test suites for the 2005 VVSG would be aided by a clarification of certain portions of document. This information, combined with the EAC's issuance of seventeen interpretations of the
VVSG to clarify various standards,
Page 26666
led the EAC to propose improvements to the 2005 VVSG.
Specifically, the EAC determined to implement a number of recommendations submitted by the EAC's Technical Guidelines Development
Committee (TGDC). On March 29, 2006, the TGDC held its first meeting to discuss the next iteration of the VVSG. Since that time, the TGDC has held numerous public meetings and subcommittee conference calls to create a set of draft guidelines for recommendation to the EAC (all
TGDC meeting materials can be found at http://www.vote.nist.gov). On
August 17, 2007, the TGDC voted to complete final edits of their recommendations and submit them to the Executive Director of the EAC.
The EAC received the draft guidelines from the TGDC on August 31, 2007.
After receipt of the TGDC's recommendations for the next iteration of the VVSG the EAC opened a one hundred and eighty day public comment period. During this public comment period the EAC received over 3000 comments on the recommendations. In addition, during the comment period the EAC conducted a series of seven roundtable discussions regarding the TGDC's recommendations.
After the close of the public comment period for the TGDC's recommendations the EAC made the decision to update and revise the 2005
VVSG with portions of the TGDC's recommendations. The purpose of this revision is to clarify and improve the VVSG in order to allow for more efficient and consistent testing under the EAC's Testing and
Certification Program.
In addition, to the observations and feedback produced by the EAC's
Testing and Certification Program the gained additional information as a of the public comment review of the EAC's Technical Guidelines
Development Committee's recommendations for the Next Iteration of the
VVSG. During this comment period, which ran from September 2007 to May 2008 the EAC received comments praising many of the proposed standards as being more testable and less ambiguous as previous versions of the standard. Also, during this comment period the EAC held a series of seven round table discussions with various sections of the Election
Community. During these round table discussions there was near unanimous agreement that the TGDC recommended standards were a clearly written and a more testable standard than the 2005 VVSG.
Based on all of this information the EAC made the decision to revise and update the 2005 VVSG with portions of the TGDC recommended version of the VVSG. While the EAC is continuing to work with the next iteration of the standards it felt it was important to revise and update the 2005 VVSG. The purpose for these revisions and updates is to:
diams
Improve the clarity and testability of the VVSG.
diams
Ensure consistency of testing by accredited test laboratories.
diams
Aid NIST in the development of test suites for the VVSG.
diams
Minimize the need for EAC interpretations of the standards.
diams
Update portions of VVSG requirements to reflect advancements in voting technology.
In evaluating which sections of the TGDC recommendations to use to update the 2005 VVSG the EAC/NIST used the following criteria:
diams
Those sections which would not require hardware changes to current voting systems.
diams
Those sections which would not require complex software changes to current voting systems.
diams
Those sections which cause no substantial changes to the overall structure of the 2005 VVSG.
diams
Those sections which clarify or improve portions of the 2005 VVSG in order to allow for development of test cases.
With those criteria in mind the EAC chose to revise the following sections of the 2005 VVSG with the following sections of the TGDC recommendations: 1. Hardware and Software Performance Benchmarks and Test Method
Volume I Section 4.1.1 of the 2005 VVSG is replaced by
Part 1 Section 6.3.2 (Accuracy) of the TGDC Recommendations.
Volume I Section 4.1.5.1.e.ii (under Ballot Handling) and 4.1.5.2.f (under Ballot Reading Accuracy) of the 2005 VVSG are replaced by Part 1 Section 6.3.3 (Misfeed Rate) of the TGDC Recommendations.
Volume I Section 4.3.3 of the 2005 VVSG is replaced by a condensed version of Part 1 Section 6.3.1 (Reliability) of the TGDC
Recommendations.
To update the test method, Volume II Appendix C of the 2005 VVSG is completely replaced by Part 3 Section 5.3 of the TGDC
Recommendations. Volume II Sections 4.7.1.1 and 4.7.3 of the 2005 VVSG are deleted. Volume II Sections 1.8.2.3 and 4.5 of the 2005 VVSG are harmonized with Part 3 Section 2.5.3 of the TGDC Recommendations. 2. Software Workmanship
Volume I Section 5.2 of the 2005 VVSG is replaced by Part 1 Sections 6.4.1 through 6.4.1.8 of the TGDC Recommendations.
Volume II Section 5.4 of the 2005 VVSG is replaced by Part 3 Section 4.5.1 of the TGDC Recommendations.
Volume II Section 1.8.2.6 (Certification Test Practices) of the 2005 VVSG is harmonized with Part 3 Section 2.5.5 of the TGDC
Recommendations to clarify the handling of logic defects. 3. Test Plan and Test Report--Appendices A and B of Volume II of the 2005 VVSG are harmonized with the current EAC manuals and NOC 09- 001. 4. TDP and Voting Equipment User Documentation--Volume II Section 2.1.1.1 of the 2005 VVSG is revised to include an outline of the TDP and the Voting Equipment User Documentation that is based on the TGDC
Recommendations. Miscellaneous TDP requirements are added or modified to correct problems:
Volume II Section 2.1.3 (Protection of Proprietary
Information) is harmonized with EAC manuals.
An obsolete normative reference is removed from Volume II
Section 2.7.1.
Volume II Sections 2.2.1 and 2.5.5.2 have new requirements to identify the compilers and interpreters used by the voting system.
Volume II Section 2.2.2 has a new requirement for optical scanners, to specify what constitutes a reliably detectable mark versus a marginal mark.
Volume II Section 2.8.5 has a new requirement to detail the care and handling precautions necessary for removable media to last the statutory 22 months. 5. (Non-EMC) Environmental Hardware
Volume I Section 4.1.2.13 (Environmental Control--
Operating Environment) of the 2005 VVSG is revised with an operational temperature and humidity test requirement, with temperatures ranging from 41 [deg]F to 104 [deg]F (5 [deg]C to 40 [deg]C) and relative humidity from 5% to 85%, non-condensing.
Volume II Section 4.7.1 (Temperature and Power Variation
Tests) is replaced with requirements for testing according to appropriate procedures of MIL-STD-810D. Most of the previous text in this section was devoted to test materials, including detailed test scenarios, which will be included in the test materials for the 2005
VVSG revision. 6. Human Factors Requirements--The usability and accessibility requirements in Volume I Section 3 of the 2005 VVSG are replaced with requirements from
Page 26667
Part 1 Chapter 3 of the TGDC Recommendations, with the exception of
Chapter 3's performance benchmark requirements. Part 1 Chapter 3 of the
TGDC Recommendations is primarily a maintenance level upgrade to the 2005 VVSG with minor modifications, clarifications, and a few additions including performance and poll worker usability requirements. (The VSS 2002 contained almost no usability, accessibility, and privacy requirements. As a result, the 2005 VVSG Section 3 was mostly new material based on research, best practices, and standards relating to human factors and the design of user interfaces as they apply to voting systems.) 7. System Security Documentation Requirements--Security documentation requirements in Volume II Section 2.6 (Security
Documentation) of the 2005 VVSG are revised with requirements from Part 2 Section 3.5 (System Security Specification) of the TGDC
Recommendations. The new requirements include high-level security descriptions of the voting system and specific areas including
Access control,
Software installation security,
System event logging,
Physical security,
Setup inspection, and
Cryptography. 8. Electronic Records--Section 2.4.4 (Electronic Records) has been added to Volume I Section 2 (Functional Requirements) of the 2005 VVSG; it contains requirements from Part 1 Chapter 4.3 (Electronic Records) of the TGDC Recommendations. These requirements cover the electronic reports generated by the voting system, including specific reports for tabulators and Election Management Systems (EMS). 9. Voter Verified Paper Audit Trails (VVPAT)--VVPAT requirements in
Volume I Sections 7.9.1 through 7.9.4 (Voter Verifiable Paper Audit
Trail Requirements) are replaced with requirements from Part 1 Chapter 4.4.2 (VVPAT) of the TGDC Recommendations. 10. Cryptography--Cryptography requirements in the 2005 VVSG are revised with requirements from Part 1 Section 5.1 (Cryptography) of the
TGDC Recommendations. When cryptography is used in a voting system, the requirements call for the use of a level 1 FIPS 140 validated cryptographic module (which allows software as well as hardware implementations, whereas the TGDC Recommendations allowed only hardware implementations). In addition, the new requirements require the use of
NIST approved cryptographic algorithms at the 112-bit security strength or higher. 11. External Interface Requirement--Volume I Section 7.4.6
(Software Setup Validation) of the 2005 VVSG are revised with newly developed requirements to allow an alternative method to validate software on voting systems. The requirements state that voting systems must support one of the two verification methods specified in the requirements. The current software verification method allows software to be verified after software has been installed. The alternative software verification method verifies software as it is being installed on the voting system and requires voting systems to have mechanisms to protect the software once installed. 12. EAC Requests for Interpretation (RFI) decisions--Requirements and discussion throughout the 2005 VVSG are revised based on the current set of EAC RFI decisions, from 2007-01 through 2008-12, located at http://www.eac.gov/program-areas/voting-systems/voting-system- certification/interpretations. 13. General Edits--Several sections of the VVSG were revised to improve the consistency of wording or fix errors in the 2005 VVSG. In addition, several sections were revised to recognize the creation of the EAC's Testing and Certification Program which was not in place at the time of adoption of the 2005 VVSG.
DATES: Comments must be received on or before 4 p.m. EST on September 28, 2009.
Submission of Comments: The public may submit comments through one of the three different methods provided by the EAC: (1) Online electronic comment form at http://www.eac.gov, (Please note that the electronic comment tool will not be immediately available. The EAC will inform the public once the online comment tool becomes available.); (2) by mail to Voluntary Voting System Guidelines Comments, U.S. Election
Assistance Commission, 1225 New York Ave, NW., Suite 1100, Washington,
DC 20005; and (3) via e-mail at votingsystemguidelines@eac.gov. Members of the public are encouraged to submit comments electronically to ensure timely receipt and consideration.
In order to allow efficient and effective review of comments the
EAC requests that:
(1) Comments refer to the specific section that is the subject of the comment.
(2) General comments regarding the entire document or comments that refer to more than one section be made as specifically as possible so that EAC can clearly understand to which portion(s) of the documents the comment refers.
(3) To the extent that a comment suggests a change in the wording of a requirement or section of the guidelines, please provide proposed language for the suggested change.
To Obtain a Copy of the VVSG Volume Version 1.1: Due to the fact that the Voluntary Voting System Guidelines are more than 400 pages in length, the entire draft document has not been attached to this notice.
A complete copy of the draft VVSG version 1.1 is available from the EAC in electronic format. An electronic copy can be downloaded in PDF format on the EAC's Web site, http://www.eac.gov. In order to obtain a paper copy of the TGDC draft recommendations please mail a written request to Voluntary Voting System Guidelines Comments, U.S. Election
Assistance Commission, 1225 New York Ave, NW., Suite 1100, Washington,
DC 20005.
FOR FURTHER INFORMATION CONTACT: Matthew Masterson, Phone (202) 566- 3100, e-mail votingsystemguidelines@eac.gov.
SUPPLEMENTARY INFORMATION: Prior to the passage of HAVA, the Federal
Election Commission (FEC) published the 2002 Voting System Standards
(VSS). HAVA mandated that the EAC update the VSS. In December of 2005 the EAC adopted the 2005 VVSG. The 2005 VVSG used many of the same requirements as the 2002 VSS but it expanded the security, accessibility, and usability sections.
Donetta L. Davidson,
Commissioner, U.S. Election Assistance Commission.
FR Doc. E9-12831 Filed 5-29-09; 11:15 am
BILLING CODE 6820-KF-P
