Officials at the Election Assistance Commission say they are eager to approve updated federal standards for the nation’s voting machines that will introduce new technical and security requirements, but the agency faced harsh criticism from several state election officials at a May 6 public meeting for its sluggish pace. The federal government’s voting system standards are voluntary, but most states require the machines they buy to comply with them. Virginia Elections Commissioner Christopher Piper called the current federal certification process “an obstacle to a more secure system” and griped that election officials have been waiting years for the newest version of the standards to work its way through the EAC approval process. “The process is not fast enough to adapt to the changing security environment or to address the accessibility needs of many voters,” Piper said, later adding “The fact is the delay has proven to be a convenient excuse in all sectors not to update our voting systems.”
National: Voting security guidelines get Election Assistance Commission attention | Tim Starks/Politico
New federal voting system guidelines prohibiting internet and wireless connectivity received significant attention on Friday when members of an Election Assistance Commission advisory group explained the broad suite of new guidelines to EAC commissioners and the public during a virtual meeting. If approved, version 2.0 of the Voluntary Voting System Guidelines will require voting machines and ballot scanners to be air-gapped from networked devices, such as e-poll books that access voter registration databases. The new VVSG would also require physical connections instead of Wi-Fi or Bluetooth for peripherals such as keyboards and audio headsets. The internet and wireless bans “are logical and make sense and definitely could be [accomplished by] election officials,” said Orange County, Calif., elections supervisor Neal Kelley, a member of the EAC’s Technical Guidelines Development Committee. Asked by EAC Commissioner Donald Palmer whether the bans were feasible, Kelley said Orange County and other jurisdictions already use air gaps. The requirements should not “be onerous in any way,” he said. The NIST staffers who wrote the VVSG provisions “had many discussions surrounding this issue,” said Mary Brady, the head of NIST’s voting system program. Staffers talked to vendors about “what they thought might be workable,” she told Palmer. They also reassured election officials that simple workarounds existed for their most common networking use cases.
The EAC’s Technical Guidelines Development Committee meets today by phone to review the latest draft of version 2.0 of the Voluntary Voting System Guidelines. Public working groups have been meeting for months to revise different aspects of the widely cited federal standards, including its security provisions. In October, the cybersecurity working group added a ban on internet and wireless connectivity, which prompted some consternation and confusion at a TGDC meeting in November. Input from the TGDC — a body that includes technical experts and election officials — marks one of the first steps in the process of approving a new VVSG. But more work remains to be done on VVSG 2.0, and the TGDC isn’t likely to give the draft its final seal of approval at today’s meeting. “We anticipate continuing the discussion of the requirements with the TGDC on the next call,” NIST staffer Gema Howell wrote in an email to members of the cyber working group.
National: The voting machine certification process is making it harder to secure elections | Chris Iovenko/Slate
A judicial election in Northampton County, Pennsylvania, in November produced a literally unbelievable result. About 55,000 votes were cast on newly purchased electronic voting machines, but only 164 votes were registered for the Democratic candidate. Luckily, the touch-screen machines produced a backup paper trail, which allowed for an accurate recount. Ultimately, the Democrat won by some 5,000 votes. The root cause of this systemic vote switching is still under investigation. Whatever the case, though, the mass malfunction of these machines highlights the reliability and security issues around electronic voting systems that are mostly already primed for use in the 2020 elections. As disturbing as the Northampton County miscount is in its own right, it throws into relief a grave general issue that applies to voting systems across the country. One would hope that whatever glitch or virus, once identified, that caused the massive malfunction will be quickly and easily fixed, patched, or updated so that those machines can be relied upon to work properly going forward. Further, one would also assume that other vulnerable voting systems around the country will be updated prophylactically to prevent similar malfunctions in next year’s elections. However, neither of those things is very likely to happen. Our current regimen for certifying electronic voting systems makes changing or updating election systems in the run-up to an election very difficult—and as Election Day 2020 gets closer, that maintenance becomes virtually impossible.
National: States, experts ask EAC for more flexibility in voting machine standards | Derek B. Johnson/FCW
State officials and security experts say security updates contained in the Election Assistance Commission’s new Voluntary Voting System Guidelines 2.0 are badly needed, but there is concern that the bureaucratic process the agency has set up to approve and update those standards can’t keep up with the pace of technological change. Later this year, the commission is expected to vote to approve a five-page document outlining principles that will guide the development of VVSG 2.0, including a new emphasis on security. That process will be followed up with far more detailed technical guidance and standards that companies will rely on to design their new voting machines. At a May 21 hearing, the commission heard from a number of stakeholders who advised that the agency refrain from requiring a full vote to approve the technical portions of the guidelines, saying it would run counter to the goal of ensuring that voting machine standards account for the latest developments in technology.
Although the security updates to the Election Assistance Commission’s new Voluntary Voting System Guidelines 2.0 are sorely needed, its approval and updating process can’t keep up with the technological changes. Later this year, the full commission is expected to vote to approve a five-page document outlining principles that will guide the development of VVSG 2.0, including a new emphasis on security. At a May 21 hearing, however, a number of stakeholders advised the agency to refrain from requiring a full vote to approve the technical portions of the guidelines, saying it could keep the latest technology from being incorporated into voting machine standards. “We cannot wait weeks or months for a decision on a federal level when there’s a need to act immediately,” Iowa Secretary of State Paul Pate said. “I’m asking all of you to have a dialogue about what happens if we run into that situation again when there is not a full quorum on the EAC. How will decisions be made, and will that make it more difficult for state election officials to protect the security and integrity of the vote?”
If you have ever looked at the Voluntary Voting System Guidelines (VVSG), you might be overcome by the sheer size of the document and the level of detail included. If your state requires federal certification for the voting systems you use, the VVSG 1.0 (2005) or 1.1 (2015) are the specifications used to test the voting systems against. We all learned a lot from the process of creating and refreshing the VVSG over the years. In the meantime, so much has changed. The technology has changed, the market of voting technology has changed, laws have changed — elections have changed. We all learned a lot from the process of creating and refreshing the VVSG over the years. In the meantime, so much has changed. The technology has changed, the market of voting technology has changed, laws have changed — elections have changed. On September 12, 2017, the Technical Guidelines Development Committee (TGDC), a committee formed by the National Institute of Standards and Technology (NIST) and the Election Assistance Commission (EAC), adopted a new version of the VVSG, which they’re affectionately calling VVSG 2.0.
A new set of voluntary guidelines for security and reliability of elections systems was approved on Sept. 12 by a key committee of the Elections Assistance Commission. The vote took place at a meeting of the EAC that was chaired by Kent Rochford, acting director of the National Institute of Standards and Technology. The new document represents a refresh of voting system guidelines that were developed in 2005 and last updated in 2015. The EAC vote comes as cybersecurity experts warn that election systems are vulnerable to hacking, and almost a year after the Department of Homeland Security added election systems to its list of critical U.S. infrastructure.
Voting Blogs: EAC Wants YOU to Help Develop New Voting System Guidelines! | Matthew Masterson/EAC Blog
Recently, the EAC and NIST rolled out a new approach to developing the next set of Voluntary Voting System Guidelines (VVSG). Since the creation of the public working groups, EAC and NIST have been working to recruit as many election officials, information technologists, accessibility professionals and virtually anyone else ready, willing and able to help to join the working groups. Earlier this month, we introduced the next phase of the project with a kick-off conference call and the creation of the public working group Twiki site. We were overwhelmed with the response as over two hundred people participated in the call.