VVSG Public Comment 9.30.05 (Final am)

Obbe - Joseph Hall

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

50 pages

English

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

A propos
Informations
Extrait

Description

Informations

Publié par	Obbe
Nombre de lectures	20
Langue	English

Extrait

Public Comment on the 2005 Voluntary
Voting System Guidelines

Submitted to the United States Election Assistance
Commission

September 30, 2005

Prepared by the Samuelson Law, Technology & Public Policy Clinic
University of California, Berkeley

ACCURATE Principal Investigators

Aviel D. Rubin David L. Dill
ACCURATE Director Department of Computer Science
Department of Computer Science Stanford University
Johns Hopkins University dill@cs.stanford.edu
rubin@cs.jhu.edu http://verify.stanford.edu/dill/
http://www.cs.jhu.edu/~rubin/
Douglas W. Jones
Dan S. Wallach Department of Computer Science
ACCURATE Associate Director University of Iowa
Department of Computer Science jones@cs.uiowa.edu
Rice University http://www.cs.uiowa.edu/~jones/
dwallach@cs.rice.edu
Peter G. Neumann http://www.cs.rice.edu/~dwallach/
Computer Science Laboratory
Dan Boneh SRI International
Department of Computer Science neumann@csl.sri.com
Stanford University http://www.csl.sri.com/users/neumann/ne
dabo@cs.stanford.edu umann.html
http://crypto.stanford.edu/~dabo/
Deirdre K. Mulligan
Michael D. Byrne School of Law
Department of Psychology University of California, Berkeley
Rice University dmulligan@law.berkeley.edu
byrne@rice.edu http://www.law.berkeley.edu/faculty/profil
http://www.ruf.rice.edu/~byrne/ es/facultyProfile.php?facID=1018
Drew Dean David A. Wagner
Computer Science Laboratory Department of Computer Science
SRI International University of California, Berkeley
ddean@csl.sri.com daw@cs.berkeley.edu
http://www.csl.sri.com/users/ddean/ http://www.cs.berkeley.edu/~daw/

ACCURATE Affiliates also endorsing this Comment
Robert Kibrick, Legislative Analyst, the Verified Voting Foundation
Kim Alexander, President & Founder, California Voter Foundation
Cindy Cohn, Legal Director, and Matt Zimmerman, Staff Attorney, Electronic Frontier
Foundation

PUBLIC COMMENT OF ACCURATE
ON THE
2005 VOLUNTARY VOTING SYSTEM GUIDELINES

TABLE OF CONTENTS
PREFACE
I. INTRODUCTION
II. ESTABLISHING A SOUND FRAMEWORK FOR VOTING SYSTEM ASSESSMENT
A. The Process Of Certification And Evaluation of Voting Systems Must Be Transparent
B. The Certification And Evaluation Of Voting Systems Must Reflect The State Of The Art
In Applicable Disciplines
C. A Systems Approach To Voting System Analysis Must Be Adopted That Includes
Investigating And Acting On Field Data
D. Voting Standards And Technology Must Be Continually Updated
III. TRANSPARENCY AND PUBLIC OVERSIGHT
A. Transparency In Certification
B. Source Code Transparency
IV. SYSTEM ASSESSMENTS THAT DELIVER ENHANCED SECURITY
A. Building Security Into Voting Systems
B. The Framework For Security Evaluation
1. Threat Assessment
2. Code Review
3. Penetration Testing
C. The Quest For Auditability: An Indelible, Independent, Voter-Verified Audit Trail Must
Be Required
D. A Call For Interoperability
E. Addressing Network Vulnerabilities

V. APPLYING A SYSTEMS PERSPECTIVE TO VOTING TECHNOLOGY
A. The Human Factors Challenge: Users Are An Integral Part Of The Voting System
1. Voting Systems Pose Complex Usability Issues
2. The Proper Framework For Usability Certification And Evaluation
3. Defining The Accessibility Requirements
B. Field Data Must Play An Integral Role In The Development Of Guidelines And System
Evaluation
C. Ensuring Equality Of Voting Systems: The Relationship Between Usability And Field
Data
VI. NEEDED CHANGES IN DEVELOPMENT OF THE GUIDELINES
A. Unacceptable Results Of Delayed Implementation
B. Opportunities For Administrative Improvement
VII. CONCLUSION
APPENDIX

Public Comment on the 2005 Voluntary Voting System Guidelines from
A Center for Correct, Usable, Reliable, Auditable & Transparent Elections (ACCURATE)

PUBLIC COMMENT OF ACCURATE
ON THE
2005 VOLUNTARY VOTING SYSTEM GUIDELINES

PREFACE
A Center for Correct, Usable, Reliable, Auditable and Transparent Elections
1(ACCURATE), a multi-institution, interdisciplinary, academic research project funded by the
2National Science Foundation’s (NSF) “CyberTrust Program,” is pleased to provide these
comments on the Voluntary Voting System Guidelines (the Guidelines) to the Election
Assistance Commission (EAC). ACCURATE was established to improve election technology.
ACCURATE is conducting research aimed at investigating software architecture, tamper-
resistant hardware, cryptographic protocols and verification systems as applied to electronic
voting systems. Additionally, ACCURATE is evaluating system usability and how public
policy, in combination with technology, can better safeguard voting nationwide.
With experts in computer security, usability, and technology policy, and knowledge of
election technology, procedure, law and practice, ACCURATE is uniquely positioned to provide
helpful guidance to the EAC as it attempts to strengthen the specifications and requirements
entrusted with ensuring the functionality, accessibility, security, privacy and equality of the
machinery of our democracy.
We welcome this opportunity to assist the EAC and hope this process marks the
beginning of collaboration between the EAC and independent, academic experts that will vastly
improve election systems and their use.

1 http://accurate-voting.org/
2 National Science Foundation Directorate for Computer & Information Science & Engineering, Cyber Trust, at
http://www.nsf.gov/funding/pgm_summ.jsp?pims_id=13451&org=CISE.

1 Public Comment on the 2005 Voluntary Voting System Guidelines from
A Center for Correct, Usable, Reliable, Auditable & Transparent Elections (ACCURATE)

I. INTRODUCTION
Voting systems must ensure security, privacy, transparency, usability, accessibility and
equality. Through the 2005 Voluntary Voting System Guidelines (the Guidelines) the Election
Assistance Commission is responsible for translating these diverse values into specifications and
requirements that reliably instill these values in voting systems. As past elections and past
standards amply illustrate, the distillation of these broad core democratic values into workable
voting system requirements that can be effectively evaluated is a complicated, continuous
process. To accomplish this task there must be (1) consensus on the meaning of the values listed
above, (2) a concerted effort to determine how the Guidelines will drive system design to align
with these values, and (3) a sophisticated understanding of how to assess compliance with these
requirements and, in a broader sense, of whether the requirements ultimately further the values
that inspired them
We recognize the complicated nature of this task and are pleased to have the support of
the National Science Foundation, allowing us to turn our intellectual and institutional resources
to efforts such as assisting the EAC in meeting this challenge.
ACCURATE’s comments provide several levels of advice and direction to the EAC. In
section II, we identify fundamental problems with the process that the EAC has set forth for
certifying and evaluating voting systems, and suggest solutions to those problems. First, we call
for increased transparency throughout the EAC’s processes and the certification and testing
process. Second, we call for a reorientation of the VVSG away from its current overwhelming
focus on functional testing to discipline-specific approaches to certification and evaluation.
Third, we call for a systems approach to voting system certification and evaluation which
importantly includes capturing, learning from, and responding to experiences with voting
systems at the polling place. Fourth, we recommend that the EAC develop a more nimble and
timely approach to updating the VVSG and requiring voting system compliance with new
guidelines. In sections III through VII, we further discuss these overarching recommendations
and recommend both short term fixes and long term goals in the specific subject areas of
transparency, security, human factors, certification and evaluation, and incident feedback. The
Appendix provides a detailed chart capturing our recommendations as well as section-specific
changes to the Guidelines.

2
Public Comment on the 2005 Voluntary Voting System Guidelines from
A Center for Correct, Usable, Reliable, Auditable & Transparent Elections (ACCURATE)

II. ESTABLISHING A SOUND FRAMEWORK FOR VOTING SYSTEM
ASSESSMENT
We commend the EAC’s candid acknowledgement of the past failures of the 1990 and
2002 voting standards and the broader focus of the proposed 2005 Guidelines on the “critical
3topics of accessibility, usability, and security.” However, the proposed Guidelines fail to
address central structural flaws of the 1990 and 2002 standards that resulted in an election
process with unacceptable levels of incidents and vulnerabilities