A new set of voluntary guidelines for security and reliability of elections systems was approved on Sept. 12 by a key committee of the Elections Assistance Commission. The vote took place at a meeting of the EAC that was chaired by Kent Rochford, acting director of the National Institute of Standards and Technology. The new document represents a refresh of voting system guidelines that were developed in 2005 and last updated in 2015. The EAC vote comes as cybersecurity experts warn that election systems are vulnerable to hacking, and almost a year after the Department of Homeland Security added election systems to its list of critical U.S. infrastructure.
The guidelines are a statement of goals, not a set of specifications to secure voting technology. The draft calls for an audit trail for electronic votes, data interoperability among voting systems, logging of user access for election tools and limits on who gets access and under what circumstances. On the hardware side, the guidelines look to tighten up physical security by making sure any attempt to tamper with voting gear leaves physical evidence.
The guidelines also call for data protection. While it doesn’t require encryption per se, the guidelines call for all cryptographic algorithms to be, “public, well-vetted, and standardized.”