TGDC Meeting
10/17/07 Draft Meeting Minutes
(Draft) Summary Meeting Minutes
Technical Guidelines Development Committee (TGDC) Meeting\
August 17,
2007
National Institute of Standards and Technology (NIST)
Gaithersburg, MD 20899
Members in Attendance:
Dr. William Jeffrey – Chair
Hon. John Gale (via Conference Call)
Patrick Gannon (via Conference Call)
Tricia Mason (via Conference Call)
Alice Miller (via Conference Call)
Paul Miller (via Conference Call)
Philip G. Pearce (via Conference Call)
Helen Purcell (via Conference Call)
Whitney Quesenbery (via Conference Call)
Ronald Rivest (via Conference Call)
David Wagner (via Conference Call)
Brit Williams (via Conference Call)
Committee Support Staff:
Melissa Lieberman, General Counsel Office, NIST
Mark Skall, Chief, Software Diagnostics and Conformance Testing, Information Technology Laboratory (ITL), NIST
Barbara Guttman, Software Diagnostics and Conformance Testing, ITL, NIST
John Wack, Software Diagnostics and Conformance Testing, ITL, NIST
Alan Goldfine, Software Diagnostics and Conformance Testing, ITL, NIST
David Flater, Software Diagnostics and Conformance Testing, ITL, NIST
Wendy Havens, Software Diagnostics and Conformance Testing, ITL, NIST
Lucy Salah, Software Diagnostics and Conformance Testing, ITL, NIST
Allan Eustis, Software Diagnostics and Conformance Testing, ITL, NIST
Lynne Rosenthal, Software Diagnostics and Conformance Testing, ITL, NIST
Thelma Allen, Software Diagnostics and Conformance Testing, ITL, NIST
Sharon Laskowski, Information Access, ITL, NIST
John Cugini, Information Access, ITL, NIST
Nelson Hastings, Computer Security, ITL, NIST
Alicia Clay-Jones, Computer Security, ITL, NIST
August 17,
2007: Morning Session
Dr. William Jeffrey,
TGDC Chair, called the tenth plenary session of the Technical Guidelines Development
Committee to order at 11:30 a.m. He welcomed all in attendance and introduced
himself as the Director of the National Institute of Standardsand Technology
(NIST) and Chair of the Technical Guidelines Development Committee. He welcomed
all members participating via teleconference.
The Chair recognized
Ms. Thelma Allen as the TGDC Parliamentarian and requested that she determine
if a quorum of the Committee was present. Ms. Allen then called the roll (see
Table 1) and notified the chair that eleven members
answered present and thus a quorum was in attendance.
The Chair thanked
Ms. Allen. He stated that he looked forward to a positive meeting outcome with
the approval of a final document to be delivered to the Election Assistance
Commission after final editing. Dr. Jeffrey informed the Committee that he would
be stepping down as Director of NIST in September 2007. He thanked the TGDC
members for their diligent work in compiling the draft voluntary voting system
guidelines (VVSG) and for educating him in the intricacies of voting systems
and the logistics of the voting process.
He explained the use of an internet based “hand raising” tool to recognize
members participating by conference call. Dr. Jeffrey indicated that members
should speak up if the software malfunctions.
The Chair welcomed
Election Assistance Commission (EAC) Chairwoman Donetta Davidson to the proceedings.
Dr. Jeffrey also welcomed a new nominee to the TGDC, Dr. Cem Kaner as the Committee
representative from the Institute of Electrical and Electronics Engineers (IEEE).
As his nomination process is on-going, Dr. Kaner participated in this plenary
session as an observer.
Dr. Jeffrey entertained
a motion to accept the proposed meeting agenda (http://vote.nist.gov/meeting-08172007/TGDCmeeting081707Agenda.htm).
Secretary offered the motion. Mr. Pearce seconded and without objection the
August 17, 2007 meeting agenda was adopted by unanuimous consent (see Table
1).
The Chair entertained
a motion to accept the executive summary minutes of the May 21-22, 2007 meeting
of the Technical Guidelines Development Committee. Dr. Rivest so moved and Ms.
Purcell seconded. Without objection, the meeting minutes (http://vote.nist.gov/meeting-08172007/OfficialTGDCMinutes052107_execsum_.pdf
) were adopted (see Table 1).
Dr. Jeffrey noted
the considerable efforts of the three working Subcommittees since the May 2007
plenary including numerous public teleconferences resulting in the current draft
VVSG document. He summarized the meeting’s proceedings to review, approve
and, where appropriate, provide supplemental direction to NIST scientists and
the working Subcommittees. This guidance will lead to final editing of the draft
VVSG document to be delivered to the EAC in the September 2007 time frame.
The Chair stated
that public comment on the draft document has been posted to http://vote.nist.gov.
He invited further public comment to the document by e-mail to voting@nist.gov.
Dr. Jeffrey recognized EAC Chairwoman Davidson for introductory remarks. Commissioner
Davidson thanked the Chair. She expressed her appreciation for the volunteer
efforts of all Committee members. She thanked the Chair for his leadership and
briefly reviewed the EAC plan for deliberative review process of the VVSG document
(see: http://www.eac.gov/News/press/eac-seeks-public-comment-on-tgdc2019s-recommended-voluntary-voting-system-guidelines-online-comment-tool-now-available).
Commissioner Davidson also indicated that NIST staff had agreed to provide tutorial
workshops on the VVSG document to the EAC Board of Advisors and Standards Board.
During the public comment period for the VVSG document, the EAC will hold several
public hearings to receive further comment from the election community including
advocacy groups, the manufacturers, and academicians. At the end of the first
public comment period in 2008, the EAC plans to return the document with comments
to the TGDC for further review. A second public comment period of 120 days will
follow with the EAC estimating final publication of the next VVSG in the July
2009 timeframe.
Dr. Jeffrey thanked
Commissioner Davidson for the overview of the process for public review of the
VVSG document. There being no questions for the Commissioner, the Chair opened
the floor to Mr. Mark Skall of NIST’s Information Technology Laboratory
to summarize NIST activities since the previous TGDC plenary meeting on May
21-22, 2007 and Mr. John Wack to summarize the structure of the current VSG
document.
Mr. Skall thanked
the Chair. He reviewed ongoing VVSG research and drafting activities of the
NIST staff and TGDC working Subcommittees. He also summarized the focus, strategy,
aims and agenda for the current plenary meeting. (Mr. Skall’s presentation
is available for review at: http://vote.nist.gov/meeting-08172007/Skall-OverviewTGDC-12-17-07.pdf).
Mr. Skall called on Mr. John Wack to review the structure of the current draft
VVSG, dated August 7, 2007.
Mr. Wack outlined
the changes to the VVSG document since the May 2007 plenary session and described
the remaining work after the adjournment of the current plenary to complete
the final document for submission to the EAC. (Mr. Wack’s presentation
is available for review at: http://vote.nist.gov/meeting-08172007/Wack-Overview.pdf).
Secretary Gale complimented Mr. Wack and the NIST staff on the revisions to
the document incorporated since the May 2007 plenary session. He encouraged
NIST to develop searchable database tools to improve the usability of the document.
Mr. Wack took note of this suggestion.
Dr. Jeffrey thanked
Mr. Wack and opened the floor to Ms. Barbara Guttman to review the sections
of the VVSG under the purview of the Security and Transparency Subcommittee.
Ms. Guttman reviewed the changes to the security sections of the document from
the last plenary including Part 1, Chapters 4 and 5. She noted general modifications
including harmonization of language and removal of the term “voting equipment”.
She summarized general changes to the security and architecture requirements
sections. She reviewed audit steps that were either removed or retained. She
covered security requirements for electronic records, Independent Voter Verifiable
Records (IVVR), Voter Verifiable Paper Audit Trails (VVPAT), Precinct Count
Optical Scan (PCOS) Systems, Cryptography, Setup Inspection, Software Installation,
Access Control, System Integrity Management, Communications, System Event Logging,
Physical Security, Pre and Post Test Activities, and Open Ended Vulnerability
testing (OEVT). (Ms. Guttman’s presentation is available for review at:
http://vote.nist.gov/meeting-08172007/TGDC%20-Meeting-presentation-08132007.pdf
).
The Chair opened
the floor to questions from the Committee. Dr. Rivest answered Secretary Gale’s
question on the reliability of embedded computer chips in voting systems. He
noted that this technology was pervasive in all IT systems today and their addition
to future voting systems should not increase failure rates.
Commissioner Davidson initiated a discussion of Independent Voter Verifiable
Records (IVVRs). Mr. Wack then reviewed clarifications made to the conformance
clause section of the VVSG that address IVVRs and the innovation class of voting
systems. In addition, he summarized revisions in the draft VVSG to Software
Independence (SI) /Innovation Class, Data Export, and E-poll book-related requirements.
(Mr. Wack’s presentation is available for review at: http://vote.nist.gov/meeting-08172007/Wack-STS.pdf
).
The Chair recognized
Secretary Gale who asked Mr. Wack if the security standards in the draft VVSG
were impervious to attack, Mr. Wack answered no. Dr. Rivest amplified noting
that these are reasonable security steps to mitigate many of the known risks
and to move us forward in the game of catch up in the computer security arena.
He noted that these requirements were a major step forward. In answer to a question
from Secretary Gale on whether these proposed security standards would hold
up until the VVSG takes effect in 3 to 5 years, Mr. Wack answered affirmatively
citing the software independence requirement as a major reason for his confidence.
Secretary Gale then inquired as to the criteria for review and certification
of submissions to the innovation class. Commissioner Davidson indicated that
she shared Secretary Gale’s concerns but that specific criteria would best
wait for a complete vetting of the innovation class requirement. Ms. Quesenbery
shared her concerns with the open ended nature of the OEVT standards. Ms. Clay-Jones
reviewed some of the boundaries as written in the requirements.
Hearing no further
questions, the Chair recognized the Security and Transparency Subcommittee (STS)
co chairs Rivest and Purcell to introduce a resolution to adopt the security
requirements. Dr. Rivest introduced the motion to consider:
Resolution
# 06-07: Offered by Ron Rivest
Title: STS VVSG Sections Final Approval
The TGDC grants final approval for the Security and Transparency Sections:
•Part 1
–Chapter 2 Section 2.7 4
TGDC Meeting 10/17/07 Draft Meeting Minutes
–Chapters 4-5 All
–Chapter 6 Section 6.6
–Chapter 7 Section 7.5.1
•Part 2
–Chapter 3 Section 3.5
–Chapter 4 Section 4.3
•Part 3
–Chapter 3 Section 3.4
–Chapter 4 Section 5.4
as part of its second set of VVSG recommendations to the Executive Director of the EAC, subject to editing as instructed by the TGDC at this meeting and final review by the Chair of the TGDC.
Ms. Purcell seconded
the motion. Dr. Jeffrey read the motion into the record. Secretary Gale asked
for clarification on review of the document by the current Chair. Dr. Jeffrey
assured the Secretary and Committee members that the staff would work diligently
to complete the review and editing in order that he is able to approve the final
document before his last day at NIST in early September. If for some reason
this did not transpire, the document would be left in change mode for review
by the Committee. Hearing no further questions, the Chair asked for unanimous
consent to adopt the resolution. Resolution #06-07 was adopted by unanimous
consent (see Table1).
The Chair asked
David Flater of NIST’s Information Technology Laboratory to present the
Core Requirements and Testing Subcommittee’s report. Dr. Flater summarized
the status of the CRT VVSG issues log including resolved issues, pending changes
and open issues. (Dr. Flater’s presentation is available for review at:
http://vote.nist.gov/meeting-08172007/DWF-20070817-v2.pdf
)
The Chair opened
the floor for questions. Ms. Quesenbery asked about plans to close the open
issues with the STS Subcommittee. Dr. Flater indicated that the items were inconsequential
and not related to the editing of the final VVSG.
Hearing no further
questions, Dr. Jeffrey called on the Core Requirements and Testing (CRT) Co-Chair,
Mr. Paul Miller to introduce a resolution to adopt the CRT requirements. Mr.
Miller offered Resolution # 07-07:
Resolution
# 07-07: Offered by Paul Miller
Title: CRT VVSG Sections Final Approval
The TGDC grants final approval for the Core Requirements & Testing Sections:
•Part 1
–Chapters 1 and 8 All
–Chapter 2 All except Section 2.7 5
TGDC Meeting 10/17/07 Draft Meeting Minutes
–Chapter 6 All except Section 6.6
–Chapter 7 All except Section 7.5.1
•Part 2
–All except Chapter 3 Section 3.5 and Chapter 4 Section 4.3
•Part 3
–All except Sections 3.4 and 5.4
as part of its second set of VVSG recommendations to the Executive Director of the EAC, subject to editing as instructed by the TGDC at this meeting and final review by the Chair of the TGDC.
Mr. Pearce seconded
the motion. The Chair read the resolution into the record. Secretary Gale requested
a roll call vote for adoption of this and future resolutions under consideration
to adopt the draft VVSG. The Chair asked the Parliamentarian, Ms. Allen to call
the roll. The motion to adopt Resolution #07-07 passed with nine voting yes,
zero no votes and 3 abstentions.
On Secretary Gale’s original point of order, the Chair asked if he would
propose a roll call vote for Resolution # 06-07. The Secretary responded affirmatively.
The Chair indicated his willingness to entertain a motion to reconsider the
motion to adopt Resolution # 06-07. Ms. Purcell made the motion and Dr Rivest
seconded the motion. Ms. Allen called the roll. The motion to reconsider was
adopted with ten voting yes, zero voting no and 3 abstentions (see Table
1).
The Chair then asked for a motion to adopt Resolution # 06-07. Dr. Rivest moved and Ms. Purcell seconded. Dr. Jeffrey asked for a roll call vote. The Parliamentarian reported that the motion passed with nine voting yes, zero no, and three abstentions.
Dr. Jeffrey then
called on Dr. Sharon Laskowski to present the Human Factors and Privacy Subcommittee
report on the relevant chapters of the draft VVSG document. She initially reviewed
the major changes in the document from the VVSG 2005. Then Dr. Laskowski covered
HFP updates to the document from the May 2007 TGDC plenary meeting. (These changes
are presented in detail in her presentation slides available at: http://vote.nist.gov/meeting-08172007/HPF-TGDC-8-17-07-sjl1.pdf
).
At this point,
the Chair adjourned the plenary for a half hour lunch break.
August 17,
2007: Afternoon Session
Dr. Jeffrey called
the meeting to order and asked the parliamentarian, Ms. Allen to call the roll.
Ms. Allen reported a quorum of nine was present (see Table
1).
Dr. Jeffrey opened the floor to Dr. Laskowski to present the results of the
usability research report and resultant VVSG benchmarks. (The usability benchmark
white paper is available for review at: http://vote.nist.gov/meeting-08172007/Usability-Benchmarks-080907.doc
).
The Chair thanked Dr. Laskowski and opened the floor for Committee comments and questions. Ms. Quesenbery noted that the HFP Subcommittee intended the proposed benchmarks to be forward looking She noted that the Committee should give direction to NIST scientists for the next rounds of usability benchmark testing . Her question to the full Committee was whether the VVSG should aim for the highest usability benchmark requirement levels.
Dr. Jeffrey noted
that the introductory text could differentiate goals versus hard requirements.
Ms. Quesenbery agreed. Mr. Pearce commented on the need to look beyond the next
set of tests to requirements for voting systems three to five years down the
road. Ms. Quesenbery agreed. Commissioner Davidson noted the requirement under
HAVA to update the VVSG no less than every four years. Ms. Quesenbery also noted
the opportunity for the TGDC to re-visit the current proposed benchmarks between
the two public comment periods.
Hearing no further questions or comments, the Chair called on HFP Subcommittee
co-chairs Quesenbery and Miller to propose a resolution for adoption. Ms. Quesenbery
offered Resolution # 08-07:
Resolution
# 08-07: Offered by Whitney Quesenbery
Title: HFP VVSG Sections Final Approval
•The TGDC grants final approval for the Human Factors and Privacy Sections:
•Part 1,
–Chapter 3 All
•Part 3,
–Chapter 4, Section 4.5
as part of its second set of VVSG recommendations to the Executive Director of the EAC, subject to editing as instructed by the TGDC at this meeting and final review by the Chair of the TGDC.
Ms. Miller seconded the motion. The Chair read the text of Resolution #08-07 into the record. Hearing no questions or comments, the Chair asked Ms. Allen to call the roll. The Parliamentarian notified the Chair that Resolution # 08-07 passed nine voting yes, zero no, and three abstaining.
Dr. Jeffrey then
entertained a motion to adopt the entire draft VVSG document. Ms. Quesenbery
so moved to adopt Resolution # 09-07:
Resolution # 09-07: Offered by Whitney Quesenbery
Title: VVSG Document Final Approval
The TGDC grants final approval for the document “Draft Voluntary Voting System Guidelines-Next Iteration-August 7, 2007” in its entirety as the second set of VVSG recommendations to the Executive Director of the EAC, subject to editing as instructed by the TGDC at this meeting and final review by the Chair of the TGDC.
Dr. Jeffrey seconded the motion and read the text into the record. Hearing no comments, he asked Ms. Allen to call the roll. The Parliamentarian notified the Chair that Resolution # 09-07 was adopted ten voting yes, zero no, and two abstentions (see Table 1).
The Chair congratulated
the TGDC members and NIST supporting staff. Dr. Jeffrey recognized Dr. Rivest
who proposed Resolution #10-07 for consideration.
Resolution
#10-07: Offered by Dr. Rivest
Title: TGDC Encouragement of Innovation
The TGDC recognizes that innovation in voting systems must take place for voting systems to become more usable, accessible, secure, reliable, and accurate for all voters and voting populations. The TGDC urges the EAC, with technical assistance from NIST, to continue to develop and publish detailed plans and specific procedures for an Innovation Class program so as to encourage innovation in voting systems and to make clear to manufacturers how they may use the Innovation Class to achieve conformance to the VVSG for their innovative products.
Secretary Gale
seconded the motion and offered a friendly amendment to correct the resolution
number. Dr. Rivest accepted and the Chair read the motion into the record. He
offered his endorsement of the resolution. Hearing no questions or comments,
the Chair asked for a roll call vote. Ms. Allen called the roll and reported
the Resolution passed with nine voting yes, zero voting no, and three abstentions
(see Table 1).
The Chair recognized
Ms. Purcell who offered Resolution # 11-07 for consideration.
Resolution
# 11-07: Offered by Ms. Purcell
Title: Recognition of TGDC Chair and NIST Staff
The TGDC expresses its sincere appreciation for the exemplary leadership of the Chair, Dr. William Jeffrey in the work of this Committee to meet the relevant mandates of the Help America Vote Act. The TGDC also recognizes the superior technical efforts of NIST scientists and support staff in both the drafting of the VVSG recommendations and organizing the activities of this Committee and its working Subcommittees.
Dr. Rivest seconded
the motion. Secretary Gale offered his endorsement of the Chairs leadership
and the technical accomplishments by the NIST staff. Hearing no further comments,
the Chair asked for a roll call vote. The Parliamentarian reported the motion
passed with ten voting yes, zero voting no, and two abstentions (see Table
1).
The Chair opened the floor for closing comments. Secretary Gale urged the entire
election community to review the document thoroughly and provide public comment.
The Chair endorsed this request.
There being no further business, the Chair congratulated the Committee and NIST staff. He then adjourned the meeting.