The image “” cannot be displayed, because it contains errors.


National Issues

NIST White Paper Recommends That New Standards Should Require "Software Independent" Voting Systems PDF  | Print |  Email
By Warren Stewart, VoteTrustUSA   
November 29, 2006

Other Recommendations Include Banning of Wireless Devices, Volume Testing, Software SetupValidation, and Open-Ended Vulnerability Testing


Information on TGDC Meetings Webcast

Several draft white papers have been submitted by the National Institute of Standards and Technology (NIST) to the Technical Guidelines Development Committee (TGDC) including one that recommends that the next iteration of the Voluntary Voting System Standards (VVSG) require that all systems be “software independent”. Systems that are software independent include paper ballot optical scan systems, direct recording electronic (DRE) systems equipped with voter verified paper audit trail (VVPAT) printers, and ballot marking devices like the AutoMARK and VotePAD. The concept of software independence is amplified in a supplemental paper.


Troubling to many election activists were recommendations in the paper for research and development of "End to End" verification systems, i.e. crytographic verification like that developed by Dategrity (formerly, and still frequently referred to as VoteHere). The paper admits that it remains a matter of debate as to whether high-level requirements for software independent verification systems can be written at this point without further research.


If the NIST's recommendations were adopted, the primary effect would be that paperless DREs could not be certified to the next iteration of the VVSG, projected to be adopted late in 2007. The new VVSG would not take effect until two years after their adoption and any currently certified systems or systems certified before then would remain certified. Therefore, jurisdictions that have already purchased paperless DREs would be able to keep them, unless states took some additional action to prohibit this. Likewise, in states that have already certified paperless DREs, those paperless DREs would remain state-certified indefinitely, unless a state took some explicit action to decertify them.


The TGDC was established by the Help America Vote Act to act in the public interest to assist the Executive Director of the Election Assistance Commission (EAC) in the development of VVSG.The TGDC will hold a plenary meeting next week to review and approve draft documents that will form the bases for recommendations for future voluntary voting system guidelines to the EAC. The draft documents respond to tasks defined in resolutions passed at previous Committee meetings.The Software Independence paper was submitted by the Security and Transparency Subcommittee (STS).


In addition to the software independence requirement, the STS has submitted another paper that discusses some of the problems with the current generation of DRE with VVPAT systems. The paper recommends some minor changes to the stance on voter-verified paper records in the current VVSG, but avoids making any recommendations for major new requirements.


The subcommittee on core requirements and testing (CRT) has recommended changes to the way that reliability and accuracy testing are performed. Currently, the standards essentially permit testing labs to "cheat" in the methodology they use to test the reliability and accuracy of voting machines. To establish whether voting systems meet the maximum allowable error rate of 1 in 500,000 ballot positions without labor intensive and time consuming volume testing, laboratories use a program that bypasses the user interface entirely and submits thousands of “votes” in the form of electronic impulses. This shortcut undermines the effectiveness of those tests.

Another paper recommends new, more stringent restrictions on the use of radio-based wireless communications devices in voting systems. The use of infrared-based wireless communications would be permitted only under some narrowly defined circumstances.  

Open-Ended Vulnerability Testing, designed to detect security vulnerabilities in voting systems is recommended in another paper. Intended to make up for the failure of past standards to include any kind of meaningful security evaluation, the paper leaves open the critical question of who would perform the testing: truly independent security experts or the current testing laboratories that are paid by the manufacturers?

Yet another paper recommends a new requirement that voting systems support "setup validation", which is intended to provide a secure means verifying that the correct, certified version of the software is installed on a voting system and that it has not been, for instance, corrupted by malicious code. This recommendation was previously authorized by the TGDC, and NIST will be giving a status update on this work at next week's meetings. Supporting setup validation requires changes to the voting machine's hardware, so this new requirement would render almost all existing systems non-compliant to the new VVSG until the necessary hardware changes are made.

Comment on This Article
You must login to leave comments...
Other Visitors Comments
You must login to see comments...
< Prev   Next >
National Pages
Federal Government
Federal Legislation
Help America Vote Act (HAVA)
Election Assistance Commission (EAC)
Federal Election Commission
Department of Justice - Voting Section
Non-Government Institutions
Independent Testing Authority
The Election Center
Carter Baker Commission
Voting System Standards
Electoral College
Open Source Voting System Software
Proposed Legislation
Voting Rights
Campaign Finance
Overseas/Military Voting
Electronic Verification
: mosShowVIMenu( $params ); break; } ?>