We appreciate the opportunity to comment on the most recent iteration of the Voluntary Voting System Guidelines (1.1). We understand that the goal is to move forward on specific elements from the prior draft which were widely supported. The exclusion of some key principles warrant great concern and if left out of any approved version going forward, will delay progress toward greater reliability of voting systems. We support the comments made by A Center for Correct, Usable, Reliable, Auditable and Transparent Elections (ACCURATE), and add our comments on three main points below.
1. SOFTWARE INDEPENDENCE
Software independence (SI), or the “quality of a voting system or voting device such that a previously undetected change or fault in software cannot cause an undetectable change or error in election outcome,” is the foundation of an auditable voting system. Verified Voting strongly supports software independence. Leaving out this core element from the prior draft in the current VVSG 1.1 will delay essential progress in voting system reliability and security. We strongly recommend the reinstatement of the principle of software independence into the VVSG to be enacted as quickly as possible. For security, nothing is as crucial as auditing an auditable voting system. Without the ability to detect changes or problems in the voting system confidence in the integrity of electoral outcomes is unfounded.
2. ELECTION DATA IMPORT AND EXPORT FORMATS
Timely and efficient election auditing depends on, among other things, getting necessary data quickly and easily — often from a variety of different local jurisdictions that use different types of voting equipment. But not having such data in a single, standard format is a significant barrier to election auditing.
The current draft VVSG 1.1 does not do enough to move systems to supporting a robust standard data exchange format, and is thus insufficient. Voting systems should utilize a single, common XML-based data format for data import, export and exchange that is the same for all types and makes of equipment, such as the Election Markup Language (EML).
3. VOLUME TESTING and OPEN-ENDED TESTING
We support the use of volume testing, which has demonstrated success in identifying problems using ways that more closely duplicate real election scenarios. We also support open-ended vulnerability testing (OEVT), which to date has to be conducted piecemeal and in a costlier way, by individual states and jurisdictions. But more and more extensive and expensive testing may not be the best use of resources. Such tests are necessary and at the same time insufficient to ensure confidence in election outcomes, where we do not have software independent systems, being robustly audited as a matter of standard practice.