[Federal Register Volume 77, Number 173 (Thursday, September 6, 2012)]
[Notices]
[Pages 54905-54907]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2012-21895]
=======================================================================
-----------------------------------------------------------------------
ELECTION ASSISTANCE COMMISSION
Request for Substantive Comments on the EAC's Proposed
Requirements for Version 1.1 of the Voluntary Voting System Guidelines
(VVSG)
AGENCY: United States Election Assistance Commission.
ACTION: Request for public comment on proposed requirements for Version
1.1 of the Voluntary Voting System Guidelines (VVSG).
-----------------------------------------------------------------------
SUMMARY: The Help America Vote Act of 2002 (HAVA) (Pub. L. 107-252; 42
U.S.C. 15301 et seq. (October 29, 2002)) established the U.S. Election
Assistance Commission (EAC). Section 202 of HAVA directs the EAC to
adopt voluntary voting system guidelines (VVSG) and to provide for the
testing, certification, decertification, and recertification of voting
system hardware and software. The VVSG provides specifications and
standards against which voting systems can be tested to determine if
they provide basic functionality, accessibility, and security
capabilities. As required by Section 222 (d) of HAVA, the EAC is
publishing a set of proposed requirements (Voluntary Voting System
Guidelines, 1.1) for the testing of voting systems for a 90 day public
comment period.
SUPPLEMENTARY INFORMATION:
Background
The EAC made the decision to update and revise the 2005 VVSG (also
known as VVSG 1.0) as a result of feedback received through its Voting
System Testing and Certification Program. As the EAC has worked to test
and certify voting systems it observed and received feedback from
various sources that the standards being tested to were at times
ambiguous and difficult to apply in testing. This ambiguity led to
challenges in making testing consistent both within a test laboratory
and across test campaigns at different laboratories. The EAC also
received feedback from the National Institute of Standards and
Technology (NIST) that the creation of formalized test suites for the
2005 VVSG would be aided by a clarification of certain portions of
document. This information, combined with the EAC's issuance of thirty
five interpretations of the VVSG to clarify various standards, led the
EAC to propose improvements to the 2005 VVSG. In addition, the EAC
determined to implement a number of recommendations submitted by the
EAC's Technical Guidelines Development Committee (TGDC).
The TGDC held numerous public meetings and subcommittee conference
calls to create a set of draft guidelines for recommendation to the EAC
(all TGDC meeting materials can be found at http://www.nist.gov/itl/vote/). On August 17, 2007, the TGDC voted to complete final edits of
their recommendations and submitted them to the Executive Director of
the EAC. The EAC received the draft guidelines from the TGDC on August
31, 2007.
After receipt of the TGDC's recommendations for the next iteration
(VVSG 2.0) of the VVSG the EAC opened a one hundred and eighty day
public comment period. During this comment period, which ran from
September 2007 to May 2008, the EAC received comments praising many of
the proposed standards as being more testable and less ambiguous than
previous versions of the standard. This public comment period produced
over 3000 comments on the recommendations. In addition, during the
comment period the EAC conducted a series of seven roundtable
discussions regarding the TGDC's recommendations. After the close of
the public comment period for the TGDC's VVSG 2.0 recommendations and
considering a variety of relevant factors, the EAC made the decision to
first update and revise the 2005 VVSG with portions of the TGDC's
recommendations. This serves as the basis for the creation of VVSG 1.1.
As noted during the previous public comment period for version VVSG
1.1, by revising the guidelines now, the EAC expects to improve the
test process over the short term for existing voting systems while
allowing additional time to develop more complex revisions for the
requirements in VVSG 2.0 written for the next generation of voting
systems. Topics currently undergoing
[[Page 54906]]
continued research at NIST include open ended vulnerability testing/
penetration testing, volume testing, further development of the concept
of software independence and the development (with IEEE Working Group
P1622 of a common data format for voting systems.
Changes to VVSG 1.1 Since the Initial Public Comment Period
The initial proposed revision to VVSG 1.1, was offered during a
120-day public comment period in the summer of 2009. Since that time,
the EAC's Testing & Certification Program has discovered additional
best practices, experienced anomalies and deficiencies with voting
systems entering the Testing and Certification Program, and clarified
many ambiguities with the standard. Changes were made after the 120-day
public comment period to address these issues. Since the initial public
comment, changes were made to the following areas:
----------------------------------------------------------------------------------------------------------------
Heading Comment
----------------------------------------------------------------------------------------------------------------
Telecommunications...................... Treated all results as official.
NSRL.................................... Removed all references.
Software Validation..................... Provided a secondary method of software validation not available in
the 2005 VVSG.
Access Control.......................... Enhanced access control requirements based on the two-tier access
control model present in today's election equipment.
Quality Assurance and Configuration Combined sections 8 and 9 into a single section.
Management.
Coding Convention
Required Languages...................... Required all systems to officially support at least one ideographic
language.
Audit and Election Logging.............. Enhanced and strengthen logging requirements by providing greater
clarity and specific, especially for election logs.
----------------------------------------------------------------------------------------------------------------
Additionally, the EAC included all relevant Requests for
Interpretations (located at the EAC's Web site) within the latest draft
of VVSG 1.1. Please be aware that those sections added since the close
of the initial public comment period for VVSG 1,1 are the only sections
that the EAC is accepting comments on for this 90-day public comment
period.
Project Summary
Although both Volume 1 and Volume 2 of the VVSG 1.1 draft have
undergone revisions, and should be commented on, we believe most
commenter's should focus on the significant changes to Volume 1 of the
draft document. Major sections of VVSG 1.1 Volume 1 revised for this
comment period include but are not limited to:
Volume 1
2.12 Accuracy
2.1.4 Integrity
2.1.5.1 Operational Requirements
2.3.1 Opening the Polls
2.3.3.3 DRE and EBM System requirements
2.4.1 Closing the Polls
2.4.4.2 Tabulator electronic reports
3.2.2.1 Editable electronic ballot interfaces
3.2.5 Visual display characteristics
3.3.2 Enhanced visual interfaces
3.3.4 Enhanced input and control characteristics
4.1.1 Accuracy requirements
4.1.2 Environmental requirements
4.1.2.4 Electrical supply
4.1.5.2 Ballot reading accuracy
4.3.3 Reliability
5.2.1 Scope (Software requirements)
5.2.2 Selection of programming languages
5.2.4 Software modularity and programming
5.2.5 Structured programming
5.2.8 Error checking
5.5 Vote secrecy on DRE and EBM systems
6.2.2 Durability (Telecommunications)
6.2.3 Reliability
7.1 Scope (Security requirements)
7.2 Access control
7.3 Physical security measures
7.4.4 Software distribution
7.4.5 Software reference information
7.4.6 Software setup validation
7.5.1 Maintaining data integrity
7.5.5 Election returns
7.7.3 Protecting transmitted data
7.8.2 Approve or void the paper record
7.8.3 Electronic and paper record structure
8 Quality Assurance and Configuration Management (all)
All changes made since the last public comment period are
highlighted in yellow in the version published on the EAC's Web site
and in the Federal Register.
The U.S. Election Assistance Commission (EAC) lacks a quorum of
commissioners since the resignation of Commissioner Gracia Hillman on
December 10, 2010. The EAC lost its two remaining commissioners in
December 2011, with the resignations of Commissioners Gineen Bresso and
Donetta Davidson. Because HAVA requires an affirmative vote of the
Commission (Section 222(d)), all comments received will be reviewed and
published as noted below. The final VVSG 1.1 draft document will be
prepared for a Commission vote at such time as the EAC once again has a
quorum of Commissioners.
DATES: Comments must be received on or before 4 p.m. EST on December 5,
2012.
Submission of Comments: The public may submit comments through one
of the two different methods provided by the EAC: (1) Email submissions
to [email protected]; (2) by mail to Voluntary Voting
System Guidelines Comments, U.S. Election Assistance Commission, 1201
New York Ave. NW., Suite 300, Washington, DC 20005.
In order to allow efficient and effective review of comments the
EAC requests that:
(1) Comments refer to the specific section that is the subject of
the comment.
(2) General comments regarding the entire document or comments that
refer to more than one section be made as specifically as possible so
that EAC can clearly understand to which portion(s) of the documents
the comment refers.
(3) To the extent that a comment suggests a change in the wording
of a requirement or section of the guidelines, please provide proposed
language for the suggested change.
[[Page 54907]]
All comments submitted will be published at the end of the comment
period on the EAC's Web site at www.eac.gov. This publication and
request for comment is not required under the rulemaking, adjudicative,
or licensing provisions of the Administrative Procedures Act (APA). It
is a voluntary effort by the EAC to gather input from the public on the
EAC's administrative procedures for certifying voting systems to be
used in pilot projects. Furthermore, this request by the EAC for public
comment is not intended to make any of the APA's rulemaking provisions
applicable to development of this or future EAC procedural programs.
An electronic copy of the proposed guidance may be found on the
EAC's Web site at http://www.eac.gov/open/comment.aspx.
FOR FURTHER INFORMATION CONTACT: Brian Hancock, Phone (202) 566-3100,
email [email protected].
Alice P. Miller,
Chief Operating Officer and Acting Executive Director, U.S. Election
Assistance Commission.
[FR Doc. 2012-21895 Filed 9-5-12; 8:45 am]
BILLING CODE P