Technical Guidelines Development Committee (TGDC)
Human Factors and Privacy Subcommittee (HFP)*
June 29, 2007
Draft Minutes


1. Administrative updates and logistics for the July 3 TGDC plenary telecon (Eustis, Wack)
2. Summary of VVPR, Audits and Electronic Records sections (Hastings)
3. Go over final draft of usability benchmark white paper and draft presentations for the July 3 TGDC plenary telecon. (Sharon)
4. Other issues

Attendees: Alexia Scott Morrison, Allan Eustis, Alicia Clay, Barbara Guttman, Bill Burr, Elle Colver (EAC), John Cugini, Secretary John Gale, John Kelsey, John Wack, Mark Skall, Mat Masterson (EAC), Neal Erickson, Nelson Hastings, Sharon Laskowski, Wendy Havens, Whitney Quesenbery

Administrative Updates:

  • The agenda for the July 3rd plenary meeting was reorganized per Secretary Gale's suggestion to put STS first, then CRT, and HFP. (Note: the re-scheduling of the TGDC telcon plenary occurred after this subcommittee teleconference. The July 3 plenary teleconference will now take place on August 17.)
  • A summary of the May 2007 plenary minutes was prepared at the request of Secretary Gale. Longer, more detailed background minutes are still available.
  • TGDC members will call in for the plenary teleconference the same way as for normal subcommittee meetings. The goal is to move the approval process along and finish the meeting by 5:30.
  • Changes that are made to the VVSG (compared to the copy received by TGDC members) need to be pointed out. HFP has put a listing of changes on the plenary meeting website, CRT has an extensive change log, and STS will work to put something together.

Usability Benchmarks and Presentations:

Per instructions from Dr. W. Jeffrey, Sharon is writing an executive summary to clarify for the general public the benchmarks white paper. A change list of HFP's changes has been circulated - the new stuff having to do with the benchmarks material. The TGDC needs to discuss the policy/philosophy of the benchmarks. The benchmarks may need to be pushed higher, that should be discussed at the plenary. The benchmarks we've chosen to set are ballot casting (98%), 100% correct casting rate (70%), and accuracy rate/index (.35 w/possibility of moving to .4). [NOTE: Benchmark numbers can be changed during public comment period.]

The two items that will be covered regarding benchmarks at the July 3rd meeting will be a discussion on the demographics and the accuracy index. HFP feels that the accuracy index benchmark can be raised so that vendors strive for better systems. Full TGDC input will be requested.

Summary of VVPR, Audit, and Electronic Records Sections (Hastings/Clay/Kelsey):

Nelson Hastings summarized the changes to chapters 7-14. For all STS sections, "voting equipment" changed to "voting device" as well as other modifications to harmonize with other VVSG sections. All the security documentation requirements were moved to volume 4 with other documentation requirements.

  • Cryptography chapter: Changed audit record to election record. After STS debate it was decided that multiple keys were not needed for devices used to host multiple precincts during an election.
  • Setup Validation changed to Setup Inspection chapter. This change was a result of system integrity management requirements enabling us to relax focus on setup verification. Removed software verification by external hardware device requirement. Used clearer, better language.
  • Software distribution and installation chapter: Refocused to software installation capabilities of a device. All software distribution requirements and activities related to witness build moved to volume 5.
  • Access control chapter: Refocused to requirements on administration authentication. Voter authentication requirements were moved to e poll book requirements. Removed requirements on remote access.
  • System integrity management: Focus here on software integrity verification on boot up and loading into memory before execution and its affect on the setup verification chapter. Deleted requirements that are covered in other chapters. Re-scoped focus of malicious code real-time detection and backup recovery from election devices to make specific on election management systems.
  • Communications: Deleted requirements related to limiting remote activities and limiting number of active interfaces. Added new requirement related to air gap between networked devices.
  • System event logging: Re-scoped requirements. Added to list of items to be logged - acknowledged that some items needing logging must be done from procedural prospective..
  • Physical security: Added requirements about locks based on TGDC discussion.
  • OEVT: New section. Focuses on scope, team composition, level of effort, fail criteria, and rules of engagement.
  • Auditing: Took out any requirement that was not an equipment requirement or equipment documentation (removed anything that looked like election procedures). Removed descriptions of auditing steps - left what requirements were supposed to accomplish. Removed parallel and spot parallel testing. Changed what record was being used for final tally audit. Harmonized with CRT.
  • Electronic records: Deleted overlap with cryptography section. Added report for ballot counted and vote total.
  • VVPR: Added requirements that all records must be OCR readable. Added requirements per TGDC for the machine readability of the human readable paper records. Added requirements about the process of rejecting paper records and needing election official involvement. Changed requirements on cut-sheet VVPATs to allow split of cast vote record over more than one sheet.
  • SI: Added SI requirements (that it's required) to Conformance Clause, saying it "may" be achieved by independent voter verifiable records which VVPR is one way.

Meeting adjourned at 12:15 p.m.

[* Pursuant to the Help America Vote Act of 2002, the TGDC is charged with directing NIST in performing voting systems research so that the TGDC can fulfill its role of recommending technical standards for voting equipment to the EAC. This teleconference discussion serves the purposes of the HFP subcommittee of the TGDC to direct NIST staff and coordinate its voting-related research relevant to the VVSG 2007. Discussions on this telecon are preliminary and do not necessarily reflect the views of NIST or the TGDC.]



Link to NIST HAVA Page

Last updated: July 25, 2007
Point of Contact

Privacy policy / security notice / accessibility statement
Disclaimer / FOIA
NIST is an agency of the U.S. Commerce Department