November 13, 2019
  • 12:51 pm Teyana Taylor – Issues/Hold On
  • 11:50 am @TorontoPolice Homicide News Conference | Friday, Jan. 26th, 2018
  • 11:50 am Jürgen Klopp’s pre-Manchester United press conference | Mane, Lovren, Dalglish
  • 8:52 am Will Muschamp Weekly News Conference — 11/5/19
  • 8:52 am G2 press conference, post DAMWON match – 2019 Worlds quarterfinals

jump in and also check off the list so
my name is Ben Hovland Commissioner of the Election Assistance Commission and
the designated federal officer for the Technical Guidelines Development
Committee or TGDC. The TGDC is a 15 member advisory committee established by the Help America Vote Act to assist the Election Assistance Commission in
developing the voluntary voting system guidelines pursuant to HAVA. The director
of the National Institute of Standards and Technology serves as the chair of the
TGDC and we thank Dr. Copan for being with us today and we can do a quick roll
call technology allows me to get a sense of who’s there but we’ll do it for
formality. Bob Giles. We can also test our sound at
this time. Can you hear me? Yes. Here. Paul. Great
Paul Lux. Here. Great Linda Limone? Here.
Linda Limone here. Thank You. Neal Kelley? If I don’t say great then we can’t hear you
but you also may not be here Neal. Hey Ben all right maybe explain because I
didn’t realize that first you have to unclick yourself to unmute yourself I
was muted up on the screen. That is helpful thank you. Thanks. Marc Guthrie? Dan Wallach? Speaking here. Sachin?
I saw earlier. Here. Great. Mary Saunders? I’m here.
Great.Lori Augino? Judd Choate? McDermott Coutts? Diane Golden. I’m here. Great. David Wagner? I’m here. Great and Geoff Hale? McDermott Coutts is here sorry. Thank you. Excellent okay I don’t know
how I don’t know how long I’ll be here I have to step on a plane in about 15
minutes but I’ll be great thanks for joining for this period. So uh perhaps I
should begin this is Walt Copan. sorry sorry Dr. Copan this is Neil
Kelley I just want to go on record I was I was muted. All right thank you so much very good and thanks for taking the time
just to confirm the roll. So again Walt Copan director of NIST I’m
very glad to join with you here today and as Commissioner Hovland has
mentioned in accordance with the Help America Vote Act and as NIST Director
I’m honored to serve as a chairman of the TGDC the Technical Guidelines
Development Committee and so on behalf of our colleagues at NIST and on behalf
of the Election Assistance Commission welcome to our follow on e-meeting to
continue our discussion of the requirements of voluntary voting system
guidelines VVSG during our September TGDC meeting that was held at
the EAC. We had in-depth and quite fruitful discussions on the VVSG
requirements that corresponds to our previously adopted principles and
guidelines. At the end of the meeting we have recorded a number of open issues
that warranted our additional consideration including support for e2e
verifiable voting systems, bar code, transparency ensuring software
independence and ballot secrecy particularly with respect to providing
support for risk limiting audits, wireless and Internet connections and
voting systems best practices for password complexity and random number
generation, ensuring the preservation of log files,
updated mil standards and how best to address dust contamination and
adjustments to wording in the human factors recommendation that we had
reviewed. Today we’ll hear updates from the NIST voting team on these issues.
In addition, Sharon Laskowski will present updates for wheelchair
accessibility and ADA harmonization based on comments from the U.S. Access
Board and also on guidance for election officials when deploying accessible
voting machines. Finally Mary Brady will discuss progress on developing a
recommendation for provisional standards considerations for a patent policy. In
our September meeting we also discussed the importance of maintaining
transparency regarding the handling of public comments received in the process
of modernizing our voting voting system guidelines and I look forward to hearing
more from Commissioner Ben Hovland about the current status of the posting
of comments and to discuss with you our shared expectations and recommendations
for handling future public comment processes. In addition, we’ll consider
adopting a recommendation for provisional VVSG
requirements review an approval process which was prepared in response to
resolution number three from our September meeting. Specific charge to
this committee to assist the EAC and by extension the states that administer
elections in developing voluntary standards and guidelines for voting
equipment and technologies has never been more complex nor more essential to
our democracy these requirements together with the previously adopted
principles and guidelines provide a foundation of trust and confidence in
the U.S. voting system. Our goal for the group at this meeting is to carefully
consider the proposed updates and after thoughtful deliberations that we move
toward adopting the VVSG 2.0 requirements and to forward them to the
EAC for consideration and adoption. So again many thanks for being on the call,
for the important steps that you’ll take to finalize the VVSG 2.0
recommendations today and so it’s a pleasure to have
Commissioner Ben Hovland provide his introductory remarks and then we’ll turn
it over to NIST voting program manager Mary Brady for an in-depth review of the
proposed updates. Thanks and Commissioner Hovland please. Ben? Are we hearing anyone? Hey hey Ben it’s
Ben Long, can you hear us? He’s connected at least. Ben can you hear
us? Hey Ben? Just going to check our settings
here to make sure that everyone’s on. Zoom shows Ben here but perhaps he’s
muted himself. (Ben Hovland speaking) I believe I may have solved the issue. Can everyone hear me?
Yes indeed. Thanks Ben. Oh great so let’s see I was just noting
that for the most part I covered some of the issues earlier but did want a flag
that this meeting has been called pursuant to the Federal Advisory
Committee Act and has been noticed in the Federal Register and published on
the EAC’s website for today’s meeting and this meeting is open to the public.
And I also just want to thank everyone for their attendance and participation I
look forward to a rigorous discussion and would like to just get into it
so thank you. (Dr. Copan speaking) Excellent, well delighted now to turn it over to
Mary Brady to lead the first part of our discussion on the VVSG 2.0 updates (Mary Brady speaking) Good afternoon everyone. I before we start with the the slides I just want to to do
a status check in terms of the order in which we we present the material. I heard
just prior to the meeting that perhaps we’d like to discuss some of the issues
that are not necessarily the the in-depth review of the requirements but
some of the other issues that have come up prior to going into the requirement
discussion. (Bob Giles speaking) Hi this is Bob Giles yeah that would be fantastic because as you
know some of us are not going to be able to stay on the call the whole time we
have elections on Tuesday so we’re going to try and hang in as long as we can. We
were hoping to kind of get some of that housekeeping stuff done and then when we
get to the requirements prioritize those on some of the more potentially
controversial discussions and this way if we start dropping off the the
less controversial stuff and we can get caught up on. Just a couple things and
ones towards Ben any update on us getting a copy of the legal opinion? And
then Mary if we could jump to the provisional approval recommendation that
we’re going to put forward and I think the other things are just some of the
concerns that’s been raised about the public comments and just if we can get
those out of the way then we can focus on the requirements if everyone’s okay
with that. I certainly am thanks very much Bob. (Mary Brady speaking) Okay while I’m
bringing up well I’m supporting to the slides on the provisional standards
perhaps then you could cover the other two the any updates on the public comments
as well as the legal opinion. (Ben Hovland speaking) so at our in-person meeting obviously now former
general counsel Cliff Tatum had expressed the his opinion about the
legal opinion and what that was as a recommendation to us I don’t know that I
am I will say I am personally happy to share it I have not specifically asked
my colleagues if they are comfortable sharing that but I can commit to doing
that and and if we are all comfortable with that I think it’s something we can
share obviously that was a work product recommendation to us I don’t know that I
view it as being particularly relevant to the remainder of this conversation
but I’m happy to share that if people would find it helpful and my colleagues
agree to that. So I will commit to putting in that inquiry. As far as the
public comments go more broadly we should be releasing a statement if not
later today in the first part of next week clarifying some issues on that. Certainly there were things that could have been
done better and I know that we will do better moving forward. You know I think
as far as the substance as you all probably know most of them at least the
the comments that are substantially different in any way has been on our
website now for a while. I hope you’ve gotten a chance to look at
those if you were interested on some of the number issues that you may have seen
reported you know again we had some technical issues that we will explain
more in depth in a in an official statement soon but there’s a certain
element of it that it probably depends on how you count if you have the same
comment with 44,000 signers is that 44,000 comments or is that one comment
with 44,000 people. So anyway but we plan to put all of that out as soon as
possible and let people think of it what they made. I hope that is helpful. (Dr. Copan speaking) Thanks very much then we we appreciate your commitment to doing that and also your indication of the status. (Mary Brady speaking) So are
there any questions before we move on. (Paul Lux speaking) Now this is Paul I just like to function and for bringing that up because that was one of my concern when I started
reviewing the public comments was you know how many of them were literally
just cut and paste of the same comment over and over and over again I know in
our world you know editorial boards of newspapers really don’t treat you know
letter-writing campaigns where everybody copies the same letter and I send 500
over to a newspaper they don’t treat it with the same status as they treat you
know individual letters and so I was just a little concerned I mean to say
the phrase that I use when I was when it initially struck me what I was looking
at I said I I don’t know if this is 50,000 different
people or if this is ten people with really good botnets
I couldn’t tell the bedroom I would say a little of both and again we will be
releasing all of the information we have I believe fairly shortly so hopefully
that is instructive thanks so much so with that room I think we’re having
some problems displaying the desktop on this side if you could enable sharing
they’d be great you should have it now okay great thank you and this is Paul
once again I just wanna let everybody know I am NOT looking at your screen
because I am saying far and route to another engagement elsewhere but I do
have the slides in front of me on paper so I will be following along but I’ll
keep my phone muted so we can keep the road noise reduced let’s hope you’re not
driving – no I’m definitely not driving premiere you’ll walk us through
provisional vbs2 resolution number three okay so there was just a couple slides
on this you all received a copy of the the preventative process her for pushing
forth a provisional standard and I do think there is proof there’s some places
at the end that I’d like to have some feedback from you so let me just start
and for the benefit of those that don’t have eyes in front of them I’ll read
what the resolution was the provisional dbsg resolution number three was from
the September meeting was the EAC Commissioner should ratify a provisional
requirements review an approval process for the EAC professionals fast update
dbsg requirements in the circumstance where there’s no quorum with the AC
commissioners and the TDC will provide a process recommendation within 30 days so
we went back next slide please so we went back and based on an t
proceed and some guidance from the AC general
counsel at the time there there was a bit of a discussion on this already that
we benefited from we but we put together the provisional standard that or the
provisional standard process that was attached to your email and essentially
it goes like this it’s initially the TDC decides to develop a provisional version
so we’re in some period of time that we believe that technology has changed or
or there’s a threat that needs to be addressed and there’s a reason that we
need to update the the requirements so the TDC kicks it off by deciding to
develop a provisional version the AC announces the provisional version after
the after development and approval by the TDC after that the AC starts their
normal review process so we’ve already been through the TDC process the AC
starts their normal review process with the Standards Board and a board of
advisers reviewing for 30 days a public review for 30 days and responses to
review comments and final preparation and deployment by the TTC and EAC for
six months next slide please and I think that I’m sorry on the
previous slide before we we talked about the right to appeal I I think one point
that was brought up and perhaps we should as a point of discussion is at
the point where the AC has conducted their standards board for to review I
mean Board of Advisors review on the public review as responses and
resolution to the comments and the final preparation has taken place who actually
gets the token to say yes this is a provisional standard and I think there’s
a couple of options that if I think through it the ones that I can think of
and perhaps you all can think of additional ones is you might have a case
where there are commissioners but there’s not a quorum of commissioners so
that’s that’s a possibility I would think in that case that perhaps that the
residing commissioners should you know should be the ones with
authority to to to go ahead and put forth the provisional standard we may
have the cases as it has happened in the past where there are no commissioners so
that you know not only is there not a quorum but there aren’t any
commissioners that at all and perhaps the the appropriate person there is the
EAC executive director I believe that the EAC and then you know perhaps you
can confirm this by the way the AC has a process in place on who takes you know
who serves as the acting executive director if there is no executive
director either at the EAC so that’s you know that’s so perhaps something we
should discuss but before we do let me just talk about the right to appeal that
if in fact there are folks who who are not happy with the process that that has
occurred or the resolution along the lines during this provisional standard
process there is a right to appeal the TDC makes the recommendation to the AC
and the EAC can accept or reject the appeal within 30 days in this case the
AC may consult the Standards Board and Board of Advisors and they make public
all comments from its boards and decision and rationale to accept reject
so this is just something that we feel it’s is good you know you know for an
open and trade to conduct all these routers in an open and transparent way
and then finally when the when a quorum has been reestablished when the
Commissioner forum is presence and situation errs you can go through the
normal process to vote to change the status from provisional to official Mary
Mary can I ask you a question excellent that’s Neil Kelly our County Registrar
of Voters so is I guess two clarifying questions is the BBS G in a provisional
status in full force and effect and if it is what occurs if a vendor takes an
item to market and then the provisional status is changed by the Commission
and reverses items that are in the dbsg that’s a great question milk that you
know that said I guess part of the problem with the Provisionals no
standard is there’s no guarantee that it will become the the final adopted
standard Aires Honduras well perhaps you have some advice from an SI alright
hi it’s Mary Saunders um well yes a little bit I mean the intention is that
provisional standards then are folded into the processing of a provisional
standard or a provisional amendment to a standard or then folded into the
processing as a full I’ll just use the American national standard nomenclature
the full national standard American national standard loading feature so
it’s you know there’s there is certainly a possibility that provisional
amendments or a provisional document would be reversed but I think the
practice the typical practices at least in the american national standards world
that the developer sees a need to update the standard on an urgent basis and it
does go through a hmm let’s see a truncated or a light consensus process
so that the odds of reversing the that in in the in a later iteration would be
very slim it’s not impossible but it’s very slim that those would be then
reversed yeah yes to get something out to market to address an urgent need yeah
and I think this is Paul and Okaloosa Florida to me that sort of speaks to the
question I had to and maybe that’s my answer to a degree is who has that right
to appeal that you mentioned are we just talking about like vendors or end users
or members of the general public or what it stated that any participant in the
review process that that would argue that that the appropriate process was
not appropriately followed would have the ability to take take forward a peel
so it’s not not any person who is in the general public but a participant within
the process although in this particular thing I mean the participants in the
process of a Standards Board the Board of Advisors and right know the public
and you know all comments from the public shoulder that is there a need to
I guess has the question it is their need to constrain it and if it were so
constrained like what you know I how does that align with with
hava so this is can you still hear me this is Mary Saunders again I’m just
looking back to the American National Standards procedures the right to appeal
is is it’s not necessarily required in connection with the issuance of a
provisional standard but it’s a right to appeal that the provisional Center
should be withdrawn not that there are problems with particular aspects of the
personal centered so maybe limiting the right to appeal to to that to you know
the entire provisional center should be withdrawn and with with you know support
for why that’s a very good clarification point Mary thank you so much well and
this is Paul again it would be one of my concerns would be good outside
influences unnecessarily drag out this provisional process by filing appeal
after appeal after appeal if it were a very broad appeal process but something
a little more narrow like you know drop it or take it would probably be a little
bit I can see where that was an improvement process thank you
I do agree it provides some some boundary conditions so let me just catch
so that is how boundary conditions for appeal yeah yeah yeah I I think that
this this step feels an important gap that that the t GBC has experienced and
so on a on a personal level i would encourage the group to consider the
recommendation with this with this boundary condition modification that
it’s either acceptance of the provisional in total or or to be
withdrawing the provisional based on the appeal process they’re there any
contrary views to moving forward with finalizing this recommendation to the
EAC this is John I don’t I I I agree with moving forward I just have a quick
question for Ben and I guess if we present this is this I guess you’re
gonna need a legal opinion on this and I’m just curious if you have a time
frame for when you think you’re going to have new legal counsel and listening to
a conversation so I think I caught the end of that Bob but essentially so we
have posted the job postings for executive director and general counsel
that was a 30-day posting that started recently and as you may remember from
four years ago that process sometimes can take a little while but we will
hopefully be moving that along as quickly
as possible and I hope that we get some great applicants encourage anyone you
know that is qualified and interested and I guess my concern is you know we’re
moving forward in good faith and we think this is this is a pretty good
compromise to where from where we were but my concern is you get legal counsel
and they come back with the legal opinion saying oh no you you can’t even
do a provisional and I guess that’s why it’s unfortunately you don’t have legal
counsel right now to maybe even give some initial guidance on this but I mean
III think we move forward but I was you know hopeful we’ll get some kind of
answer back from you guys in a timely manner that it doesn’t take as long as
it took to get the other legal opinion well I would err okay I would just add
one we are exploring other legal assistance options hopefully sooner than
we have a general counsel on board but I would also say that to the degree people
are making a recommendation if if they want to include a legal opinion with
that recommendation it would not hurt my feelings so whether that be from any of
your counsels offices or the mist counsel’s office as if they are so
willing you know that is certainly something that could be taken into
consideration so excellent I think on this side it
would be delighted to provide that in interview of our role and in standards
for the nation thank you I was going to call out for that that you know as part
of our review process yeah everything that goes to gets transmitted from us to
the AC anaphora ladder goes through our legal review good so look forward then
to an updated version of this resolution with this a clarifying a paragraph
inserted and so look forward to that following on from today’s meeting
excellent okay I guess so with that are we ready
to begin the review of some of the security requirements I’m just wondering
just just in India the recommendation that’s been made regarding public
comments that says perhaps we can put forward a resolution that the EAC
commissioners should ratify an open and transparent public comment review and
resolution process for the EAC professional staff to conduct a public
review of voluntary voting system guidelines in a manner that embodies
trust and confidence the TG d c– will provide a process recommendation within
30 days of this meeting I’d like to propose that resolution for
consideration by this group that would allow us then ultimately to have a more
clearly documented process and expectations for for public comment and
resolution handling I’m wondering if that would be a helpful step this is Bob
childs I think it would be very helpful thank you thank you bob says Mary
Saunders I support that as well thanks Barry are are there any opposed to such
a resolution and it really provides sort of an action for the team to provide a
recommendation then within 30 days and quite clearly the group will reconvene
then to consider what has been recommended okay here hearing no negative commentary
I thank you for the support for this resolution will call this resolution
number one from today’s meeting and will look forward to the T GDC taking the
action and to provide a process recommendation within 30 working days all right
Mary I believe then we’re ready to go forward with with the next part program
previewing the the updates to the guidelines great thank you all okay so
we’re going to reverse our slides back to the beginning Ken I’m sorry Mary can
we do one other housekeeping piece related to this I know that I heard from
some members that you know they did not believe they were going to be in a
position to vote on these requirements today based on the time they’d had to
review the update and so I had wanted to see if we could get a sense of that
number one and then number two if that is the case since I know some people are
going to drop off if we are able to get a sense of a timeline I know again a lot
of our members have elections coming up and so want to be sensitive to to their
timeline around that and and some of the work that they will have in the coming
weeks and so on to try to figure out if that is the case what a reasonable
timeline for review and a final vote is Ben this is Walt copán speaking we’ve
proposed a 30-day period for for input on this on this in response to this
resolution and so perhaps we could look at at four weeks hence to to have a
follow-up conversation or potentially even a virtual vote where people could
submit their inputs electronically okay so 30 days puts us in the you know
beginning of December timeframe right pause for the TTC members the this is I
am and I would agree that I I don’t think I’m going to be in a position to
want to vote today there were there to me there were two different kinds of
changes and the I did go through the slides and I went through all the new
standards tried to but it is short notice to digest some the changes that
were in response to our discussion at the face-to-face meeting I’m more
comfortable moving forward on because we sort of cane just consensus for the most
part on most of them the problem is there are brand new things in here now
that we have never discussed in depth the whole Wireless ban the internet ban
I’m I’m concerned about scoping on those and those things potentially
misinterpreted as meeting something I don’t know that they actually are
intended to mean I would be in no position to try to vote on that today
and I’m not sure we’re already a half hour plus in I’m not even sure by the
time we walk through all the changes that were in response to the meeting
discussions I think we’re going to shortchange the discussion on those two
big issues I’m not even sure 30 days is gonna be enough unless we have online
discussion or something else my initial thought is a small look and I couldn’t
agree more glad to hear you say the same thing because speak I know that time II
was a concern just because you know most of us got this document about 24 hours
ago and as you said you know it wasn’t so much the stuff that you know we asked
them to look at and change as all the new stuff and when you talk about scope
that was one of my biggest concerns with some of the changes in section 415 was
the idea that you know they’re applicable to the whole voting system
and then you go look in the the definition of what a voting system
is and it covers a whole bunch of stuff which may or may not be applicable to
that type of stuff never mind just the in-depth discussion that talking about
banning wireless internet is going to entail III here and I understand those
concerns I’ve also heard that there’s general comfort with the progress that
has been made in response to the discussions that that we had at our
September meeting and so perhaps we could look at having interim discussions
to ensure that there’s clarification between today’s date and and our our
follow-on meeting so that everyone can feel that there’s been sufficient
discussion to actually have a vote in good conscience two to four words the
BBS G 2.0 documents to the EAC and I agreed there there is some I’d I’d sense
that there’s a fair amount of confusion regarding scope and I agree that’s a
discussion that we have to have the changes that that we were proposing and
particularly with wireless and Internet were actually not brand new but as a
result of the discussion we had around those topics at the last meeting and and
yes we do need to discuss it but perhaps I’m a little afraid that folks are going
to start dropping off before we nail down some dates and I understand that
it’s difficult to pick a date but perhaps we could put some parameters
around picking a date as in you know whatever suite of December and I’m
looking at my calendar and and availability and I I will be available
to participate in a call just about any day on Monday through Thursday of that
week I proposed that Thursday the 5th of December to give us a little bit more
time to to consider all these matters but I’ll open up that up to the group hi
doesn’t want me to say you know perhaps it y’all could could give us some
feedback on how soon you’d like to see documents and you know the final before
we have the meeting since I think that would help us in setting a date all
again and I would just say that that whole week I have another commitment
that is going to take me out of pocket from the third all the way through
following my home state and winners concerts the week after so that Monday
the second is good but everything from the third all just challenging for me to
get just get it pretty good this perhaps Monday the second cause he eternity and as far as Mary’s other comment about
house how far in advance we’d like to see it obviously the sooner the better
I would say at least a week or perhaps you know a week involving I say a week I
mean like seven days and the moment will begin to give us time to read digested Thank You Paul I also see that Lauria
said a week and that there’s a problem with the first week in December in that
there’s another meetings there’s a CSD meeting at the same time yeah this is
Bob jobs I’d have the same issue with the first week in December and and I
think part of concern is for those of us that have elections next week where were
unfortunately have to put this on the shelf for about a week to two weeks to
focus on our election so so yeah we’re talking second second week of November
before we you kind of pop our heads back up and start looking at this again and
you know and then obviously you start sharing comments and I think it’s
important I think what we missed the opportunity of time is to have that
dialogue leading up to today um so when we say I would rather have stuff as it’s
going along then get everything a week before the meeting so you know we can
focus on there’s definitely a couple areas that I think need more discussion
than others so we can you know kind of get through the through those and know
that the kind of the easier ones we put those to the you know we get those done
and finished and then focus on the couple that may take some more
discussion but I even a week out I would be concerned if we got everything one
week out that’s still a lot to digest I’d rather do it in phases and then as
we get closer and we know you know we could have a ballpark because I think
it’s important to set a target date but we’ll know a week or two out if we’re
going to make that target or not and rather than get everybody together and
and kind of at the last minute say well we’re not ready to vote it’s so part of
what we try to do this time which is it was obviously not a six
cause we would have liked as we did reach out to to folks who were the
primary contributors to the conversation but but not necessarily the whole group
to try to respect their time so so we’ll have to broaden who were reaching out to
yeah very good as as far as states then I mean I would personally hate to see it
slip into January but is is there any other possibility during the month of
December for us to find a date so that we could
have this this update and be able to move toward a vote even if we do need to
have such quote a handled electronically through through email confirmation and
one thing that I would flag for that as far as logistics go as many of you know
but so number one I’d reiterate from our September 1920 meeting I believe what
we’re talking about here is not whether or not whether these are perfect but
whether they are in a state that can be moved forward you know counting backward
you know or looking at the timeline once the tgd see votes to move these forward
I know that the NIST team has some cleanup that generally happens and that
it is then forwarded to the executive director of the EAC the EAC then
forwards it to are the executive director forwards it to the other boards
while I don’t believe they’re set I think we are targeting April for those
board meetings in 2020 and obviously as you all know 2020 will be a busy year
and so to dr. Cohen’s point I think if it’s possible to get this done in
December that would probably be preferable but at least I think we need
to establish I feel like we are close to the finish line
and to establish a path forward to get there is important
excellent thank you so much I couldn’t agree more
commissioner and I saw Laurie put it in as well this is Bob Giles the week of
December 9th is is more open for me I don’t know how it works for everyone
else I think once we I know Paul has some stuff going on but I don’t know if
he has any flexibility that week I know personally that that week I’m on
international travel and will not be accessible so we could look at the
beginning of the following week as we are in 16th of December or the days
immediately following so we’d probably be out there I know there’s another
event that’s going to take place on the 16th so I’ve been to the end of being a
travel day for folk I haven’t seen so I would be looking more like at the 18th it’s certainly workable on my side on
the afternoon of the 18th the same time yeah and that whole week looks good for
me as well as his fault that works for me
Mary Saunders Dan Wallach here are all good for me good for Diane also alright
sounds like we have honed in on a target so let’s plan them for Wednesday
afternoon the 18th of December and Confirmation to follow okay so that
gives us a drop-dead date of the 11th to get everything out to you for review and
hopefully engagement we’ll leave you alone for you know a week after your
elections but perhaps it you know between that date and the Philippine
engagement and I think the point that was raised earlier to these sent
documents are available earlier they’ll be provided rather than waiting until
the week before yeah this is Bob Giles I agree and really reiterate that that you
send me something that’s going to take me 20-30 minutes to read
I can probably squeeze that in here and there as opposed to something it’s going
to take me five hours at the end and then I’m just don’t have five hours so
that would be fantastic things great thanks a lot okay well I think we’ve
taken care of a lot of our housekeeping matters so are we ready to go forward
with the with the update Mary I think we are all right thanks okay so where are
we then so I think you know in the interest of time with the first several
slides or the summary of major changes and given that we we’re going to go into
a fair amount of detail and for each of them I don’t want to belabor at these
slides and take up too much time but essentially they are the same topics
that dr. Kopan iterated in his opening remarks so it’s the baseline edie
verifiable requirements wireless and Internet best practices for password
complexity random number generation unable to the being unable to print a
ballot in the selection area after a voter cast our ballot the e was to
prevent the deletion of logs barcode transparency updated information on the
mill standards and several human factors related clarifications and they finally
a plan that the chairing will present on guidance for deploying ballot marking
devices to support the no discrimination clause that we discussed last time so oh
I’m sorry we already did the VBS G provisional standard if we have time
then that we can have a discussion surrounding our patents so with that let
me pass it over to Gemma Howell so we can begin the discussion of the
security requirements I think they did they probably constitute the one said to
where we’ll be a fair amount of discussion great
GEMA over to you all right thank you very much
Gemma he’ll hear my requirements are kind of in the order of the
controversial topics so I put the ones that I thought were going to be most
controversial up at the top five e to e wireless and internet front and then
some of the other ones that would ever mentioned before as the last four so
unique identifiers that for auditing a random number generation with the
concerns around aggregation and ordering preserving log integrity and then
password complexity all right next slide so for the e to e
requirements and and verifiable requirements give me one second here
okay I did not copy and paste all of the requirements into the slides but many of
the updates fall under section 9 1 6 under principle 9 which is auditability
in section 9 1 6 is all about the intake are all the end-to-end verifiable
requirements so here in the in the file a I give an overview and I’ll speak in
detail about each one so that first one there would fall under 9 1 6 a and a dot
1 so the use of an external process for evaluation and validation of the
cryptograph media protocols we certainly recognize that these types of systems
are not not currently available but definitely in the works but also also
feel that there should be some kind of standard public process for evaluation
and validation of the protocols and 10 verifiable protocols that are being used
and so we we state that in a requirement that that process that the protocol must
go to that process and that that process
will be identified by the EAC so ultimately will be this this would point
to potentially a list of validated protocols that have already gone through
the process so maybe something similar to validate a cryptographic module or
some type of process for example the review of TLS protocol so some type of
process will be should be established in this area and this requirement is kind
of set up so once that is process is established that there can be point
pointed to next next in the requirements a 2 is about just that implementation
must be open and publicly available and then 9 1 6 B&B 1 is all about the Casas
intended verification so ensuring that the voter has the evidence necessary to
review the balance their valid as cast as intended and also that the
documentation is available for how the voter is how the voter uses that
evidence to verify that it’s cast as intended under C and that goes into the
ballot receipt there was discussion around there and
sham will go over it a little more in her section she made updates in her
section but something that was included under C was that these ballot receipts
must be accessible verifiable and preserve voter privacy and then under D
9 161 of the properties for intend voter verifiable systems is that is able to
export the ballot tabulation evidence for the public and then when you jump
down to ask that also gets into the documentation of the method for that
ballot tabulation verification and then lastly in that section
something that came up during our last meeting was a reference implementation
information being available for a tool and verify are supplied we list two
there one for the voter to verify their specific selections and then also for
verifying the ballot tabulation results all right any questions there before I
move on thank you and then just a few more
changes in this area under the balanced secrecy section the indirect
associations which are just a reminder there those are indirect associations
that only apply to paperless systems and they are used to handle provisional
ballots one of the eye identifiers sorry identifiers are applied to those
indirect and encrypted ballots and sorry I’m getting this mixed up with me let me
step back so these ballots are encrypted and they use indirect associations and
the one clarification that we wanted to highlight was that be the actual
indirect associations are not encrypted with the ballot and then and lastly in
the data protection section under three thirteen point three B so in that
section we omit the end-to-end verifiable cryptographic protocols from
having to go through that FIPS 140-2 validation requirements but to that
point they do have to meet the requirements that were mentioned up in
nine eleven six a around that validation process but other commonplace
cryptographic operations that they might use would have to go through that
validation any more questions any questions on e to e before I head over
to wireless okay so the main update in Wireless falls under 14 to D so no
wireless networking basically stating that the voting system must be incapable
of wireless connections and you know what we did here is we definitely
took into consideration the feedback that we received last time you know we
discussed different potential use cases for wireless and the one primary use
case that that came up was the use of assistive technology in the future and
so we worked with the with Sharon in the human factors section and on the human
factors team and had discussions with them around you know what are the
current options available and what does this look like for the future and and
what is the impact of this requirement in the polling place and so this is
strictly limiting no wireless capabilities within the voting within
the voting system itself it does not require the removal of wireless hardware
and that is definitely taking into consideration some of the cost and
devices that would be available that don’t have don’t have wireless wireless
components within them and but a potential increase in cost for
developing special devices that don’t have wireless devices and so instead we
look to secure configuration and disabling those wireless capabilities
and with that we wanted to know what other options if the voting system
didn’t have wireless well alternative options for assistive technology would
be available and what we found was that currently folks are able to use an
adapter that goes into the 3.5 millimeter headphone jack and that would
that currently allows folks with maybe a wireless headset or a hearing aids to to
use their wireless technology through the through the headphone jack Jemma oh
hi this is Neil Kelly Orange County I’m just curious if maybe in some
insight on the debate internally whether this is an overreach or not because you
know California in 2007 the legislature made a decision to prohibit any wireless
transmission in a polling place or on a system and that was the decision you
know that California made irregardless of how a system was certified so it
seems to me that this really should still fall under the heading of you know
the states should make this decision so I’m wondering if you could address that
or maybe somebody could address that this is Bob Jones just to kind of follow
up on that I was gonna have you guys reached out to the vendors to see who is
who is making equipment with this capability and if they have any
customers that are currently using it I’m just curious is if it is being used
anywhere in the country and it kind of ties in to what Neil is saying you know
our state’s allowing it or our local jurisdictions because to me that
obviously that changes things in that and people are using it we need to
address it and this is Paul and I kind of named my biggest concern when I
started looking at the section 14 stuff and section 15 stuff was the way it all
tied into the voting system which I understand these are the voluntary
voting system guidelines we’re talking about but if you go into the appendix
and look at the definition of a voting system you know I mean it includes
generating reports transmitting election data archiving election data all of that
stuff is included in the definition of what an election system is and if what
the intent here is to reduce the you know the the attack size of election
management systems or of tabulating devices that are deployed then let’s
maybe dial that back to something a little more narrow
because hitting the broad definition of the way we in the appendix have defined
voting systems sounds like I will not be able to take an export file from my
election management system and use the internet to upload it to my to my state
so that they can get the election results I’m fine
putting it in the mail to them and they get the results in five to ten business
days but you know at the end of the day everybody wants the answer on election
night there are too many local jurisdictions who rely on that kind of
wireless connectivity whether you agree with that or disagree with it I think a
ban on it in a voting system again just to re-emphasize Neil’s point exactly
that it should really be left to the states individual jurisdictions and this
is I in and I’m going to piggyback on that same thought it’s a scoping issue
for me and Gemma in your discussion at one point you talked about in the
polling place well that’s a whole different issue then when you’re doing
remote ballot delivery and a remote voting system I mean this paired up with
okay my concern is this along with the internet you know restrictions are going
to be interpreted as a ban on wireless a ban on internet which were you know
which were the over and over comments coming in from the security folks that’s
going to be played as no remote valve ballot delivery no you know things that
I don’t think are intended to be prohibited but that’s how it’s going to
play out so Paul first off thanks for pointing out the definition of the
voting system in the appendix that will go back and review that to make sure
it’s consistent with the scope Gemma did you want to talk a little bit about
scope yeah so just for just for a little background
on kind of what the way the requirements fall what falls outside of the
requirements and some of your concerns about potential limitations so the the
wireless and internet requirement don’t wish don’t necessarily restrict things
from happening for example Paul you mentioned the transmission of election
results over the over the internet or over wireless or cellular but that could
still happen but that the way that is done would just be separate from the
voting system totally understanding that the the way that it the voting system is
defined in the glossary may not match up with what I’m about to say but the what
you mentioned about exporting files once you export those files you would then
have to manually transport that to another system or you can transmit those
separately nor as you as you normally would do through through the cellular
wireless or over the Internet as long as that system is not not physically
connected to the voting system those capabilities are also are all still
there we just don’t cover those within the dbsg
those are the way the requirements are written those would be those types of
systems that transmit the election results would be separate so that
definitely the intention is not to restrict how the election results are
transmitted but just to say that it has to be a separate or air-gapped from the
actual voting system and where the requirement stop is that ability to
generate the reports or files that would be transferred over
and as for wireless the same thing for wireless so we definitely didn’t want to
impact the use of assistive technology with within the formerly and or or just
the general use of wireless devices within the polling place the BBS she
doesn’t have control over the users devices and so that’s why was limited to
what Wireless would be in the voting system also one more thing on the other
end for for things like a poll books an activation of the ballot that would be
again that that process would have to be air-gapped and so the e poll books would
not have to be able to be connected to the rest of the voting system so their
voting devices by the ballot marking devices the tabulation devices and the
and they would have to be air-gapped so that actual actual activation process
would have to be some type of manual transfer rather than a internet
connected one so I think what we’re going for in a generalized way is if you
have other components of your election infrastructure that are connected to the
Internet we we’d like to see a narrow gap between them and you know what
constitutes the the voting system if there are other use cases that perhaps
we haven’t considered then you know please you know let us know we’re trying
to get this right well well so I mean I know what we spoke back in September you
know it at one point when we were talking about Bluetooth printers and
Bluetooth is bad so let’s do away with that okay fine
I said yeah we can we can attach a cable to a Bluetooth printer plug it in if we
have to but I mean you look at 14 to be where it says you know you can’t connect
to any device that is capable of establishing a connection to an external
network to me that sounds so over broad that you are limiting the technology
and again I just think this I mean so it but when we’re reading statutes and
statutory language if a particular section of the statute has a definition
that definition is what when we use this word in this part of the statute what it
applies to the fact that our own definition of
voting system it is and this says voting systems must not be capable of this and
may not do this that that flat ban I think is going to be prohibitive of
developing any new technology that might be okay to use and now we’re still not
allowed to use it because we’ve built this into the standard at this point and
I think this is a colossal a huge overreach for this type of I understand
what their what they would like us to do and what they would prefer and if you
want to make this the number one gold standard best practice that’s great but
if you stick this in a standard in the state because they’re voluntary chooses
not to use it that state and coming from Quora de I know what I’m talking about
is going to be beat up in the media should anything happen to say Oh we’ll
see they’re not even following the minimum standards that were established
by the government so that’s where the danger lies so let me just try to
reorder to tell you what I think I’m hearing from you just here to make sure
I’ve got it that we we understand that there’s a problem with the definition of
a voting system and we’ll fix that okay so you know so we will constrain the
definition of a voting system but I think what I’m hearing for you is that
you don’t yet have a use case for for wireless within what we’re talking about
you know should be a voting system but you might there might be one in the
future that you’re concerned about limiting yeah so so so right now I have
52 precincts 42 polling locations to serve those 52 precincts and some of
them are so remote that it would literally take an extra 30 or 40 minutes
on election night before they could even before the memory device from the
tabulators are going to make it to election central if I can’t use the
internal modems on my tabulators because now they won’t exist on the new
tabulators that my company builds in response to these new guidelines my
election results are going to be delayed which means my state’s election results
are going to be delayed god forbid you go out to some of the
counties out west in Wyoming and some of the wide spread out places like Idaho
and elsewhere where they probably rely even more heavily on this type of
technology for the transmission of election results from tabulators to
election central like I said that to me this is a very slippery slope and by
setting this up then what bender anywhere is going to
say hey let’s develop a new technology that’ll 100% make sure that this is a
really secure connection that people be able to use this know who’s going to
build to the standard when your standard says don’t build this okay this is Dan
Wallach can I can I jump in for a second so with other aspects of the V vs G we
have a statement of principles and then we refined down to specific rules and I
think what we’re missing here is the statement of principles so there are
several reasonable principles like we don’t want to have an Avenue where
attackers on the Internet can potentially reach voting machines and
tamper with them similarly we want to make sure that there isn’t an avenue
where our bad actors on the Internet can reach into tabulation systems and tamper
with them and when you state some principles like that now those can be
refined down into for example like if we’re going to have election results
reporting it would be unofficial over a carefully controlled you know internet
situation perhaps by copying data in one way whether it’s a cd-rom or whatever
and then you think that would be unofficial followed up by a physical
courier to double-check it during the canvas period so we can refine some
high-level principles down to workable practice but the high-level principle
that we’re worried about bad actors on the internet trying to tamper with
voting machines and/or the election night tabulation though
or reasonable concerns that we do have to consider but I think Paul your use
cases you have an integrated system where you have tabulation and they modem
that that transfer transferred your results correct and you know I mean I
mean in in the good old days of and I’ll use a bad a bad word I’ll say Diebold in
the days with my old Diebold says I mean we were yeah we were using you know 14.4
modems you know you controlled the physical access of those with dip
switches you could control how that modem behaved so I could set the modems
inside the tabulators to say you don’t take an incoming call period there I’ve
just closed the door on anybody being able to dial in presuming it was plugged
in you know all day long which of course they were only plugged in when we were
trying to transmit the results at the end of the night but that system sounds
like it was more secure than the wireless system because you know now
we’re not talking about a piece of copper wire that runs through telephone
lines now we’re talking about signals that are just out there in the ether
sphere that anybody can get their hands on and while I don’t discount the
concern that’s exactly why we build process these into this to make it
verifiable so yes when we get the election report that tabulator printed
before it was connected to talk to anybody we compare those to the results
that were sent to us we take the same report and we look at the number of
voters that we checked people books and verify that the number of votes the
number of voters who voted are the same as the number all I think we lost you
there thank you cut out are you back huh yeah yeah and we lost
at the end oh okay well yeah it’s rural Alabama so order Russians got my signal
one or the other yes oh so another use case would be that
you would you sent a sneaker net or some other way to to move the results from
your tabulator to another system that would be connected to the Internet
Dayna in order to transmit okay that would be like that and you know that
would well but it well but what’s it going to transmit it to it’s going to
transmit it to not so my election management system because my election
management system is part of the voting system by the definition so you still
can’t mode them into that even from another device so my choices are have
all of my precincts drive the thumb drive to my office and we plugged them
in individually and that’s fine we can do that but I’m just telling you the
public the political parties these people have to get it in their heads
that you can’t expect me to have results on election night at 11:00 p.m. you may
not get them for two weeks I don’t know because we’ve got a bunch I mean there’s
just too much stuff going on I mean and yes understand and so coming from
Florida we’re a little bit more sensitive about this the state of
California I can call the state of California for you for next year right
now the state of Texas may be a little less so but I call the state of Texas
for you I call state of New York for you but I can’t call as a state of Florida
for you because nobody knows but like I suggested earlier I think everybody
agrees that that this definition of a voting system needs to be refined to
avoid that because your concern but nonetheless it is still important to
maintain especially because Florida is exactly the kind of state of foreign
nation state actor might try to target so we need to have things to prevent
election night reporting going through the Internet in a way that it might be
attackable so it’s not let’s say we need to ban it
but we need to carefully have a principle that explains what we’re
trying to protect and why and then procedures using air gaps using making
copies treating them as unofficial and verifying them later we can solve the
problem and still satisfy the needs of the security we can get you election
night reporting and we can try to protect us ourselves against
nation-state actors trying to attack our elections these aren’t mutually
exclusive this is Bob Giles again and it gets back
to what I raised two earlier you has anybody reached out to the vendors I
mean we only had a handful of vendors to say to get these use cases I mean we
have a you know we have a few election officials on the TDD C and we’re getting
use cases from them but it’s time whether it’s the EAC or NIST and and
says okay vendors you know what are the scenarios where whether it’s internet or
Wireless with that that you have customers currently using it or
customers asking to use it do what development do you see down the road and
and then we I think we can have a much more educated conversation about this
and then discuss you know whether there are some best practices and better ways
to do things but right now we’re just kind of okay Paul does it one way how do
we address that I I’m just concerned that we go down a path and then a month
from now somebody comes out of the woodwork and says well we do it
completely differently you guys didn’t even address that issue and then we
should certainly reach out I mean we’ve reached out to you know to some but you
know you’re right there could be other use cases and there’s only a handful
vendors John runs a group that a number of the manufacturers participate in so
we can do that but I would it would also be helpful of those of you who are
representatives from the standards board in particular if there’s a group that
you could reach back into to to see there’s you know other folks that
perhaps we’re missing that that this is my end can can you guys as in terms of
use case talk about remote ballot delivery remote ballot marking all of
those systems that people are using for yo cava using for some disabled groups
and what a quote unquote internet wireless ban is going to do to
those methodologies the sheriff’s Kowski so that’s always the remote ballot
marking mail-in ballot has been out of scope for the BBS cheese so it would not
apply I don’t I don’t think that we are work that would be another set of
requirement I I don’t think it’s clear that’s out of scope at all I understand
that they don’t go through the certification process but the way this
VVS G is written it specifically talks about that and even then the human
factors talks about those standards applying so I’m not I am not at all
convinced that a it’s clear it’s out of scope and B if it’s not explicitly clear
that that’s out of scope then I can guarantee you this ban on internet ban
on wireless is going to be used to try to shut down those remote ballot
delivery systems ballot marking device etc that’s that’s a fair point we will
go through the human fast resection to make sure that that scoping is very
clear excellent and this is Bob Jones again and I think
some of its gonna be perception you’re right when when you know when the
headline readings you know TDD says you know no internet no wireless that’s all
people read so we have to be really careful how we move forward with this
and how we’re going to address it because you don’t want to kind of some
of the earlier points you don’t want the public outcry to be hey I read why are
you doing this you know there’s no internet there’s no
wireless and to Diane’s point then then it starts to bleed into the disability
community so I just think we need to be kept very careful how we we word
everything yeah but those are excellent points take them on board okay Gemma shall we proceed so under the
youth unique identifier is added for auditing we discussed under nine one
five s this requirement was about unique identifiers that are added for things
like risk limiting audits and one piece of text that was in there was around
that’s said or affixed by some other external mechanism which would be a
stamp or something like that so it’s totally reasonable to remove that
because that is outside of the voting system so that was removed there and
another concern in this area that was discussed was the voting systems ability
to print print these unique identifiers on the ballot after the voter cast their
ballots and we made two updates in the requirements one under the software
independent section under nine-one-one C stating that the mechanism for providing
documentation force operand of Independence must include by doing one
second here we go back on track here must include information about how the
system is software independent and that this may include how the system handles
ballots after a voter cast a ballot and then I include some examples such as is
it able to print on the ballot what type of information is printed on the ballot
and where that information is printed one additional requirements to assist in
preserving that software independence is under nine one five G and that’s
printing on a that’s being able to print on a paper ballot and that’s a
requirement saying that the voting system should not be able to print in
the area where the ballot selections reside and so that’s a giftie far go
ahead and again this is Paul I would just
point out the again while we’re looking at that definition of voting system as
it relates to again you’re talking about once the ballot has been submitted the
device it’s being submitted to is what shouldn’t be allowed to print in the
area where the voters ballot selections were made but the generalized voting
system term might need to be looked at hey Paul just one note on that is it
helpful that the requirement States after the voter cast their ballot that
the voting system has been able to to print in that valise election area well
except that again it’s saying that the voting system must not physically be
able to print in the area where and so you know my election management system
is part of the voting system but it’s not going to print anything anywhere at
least not there but I mean I just I just want to be cautious of that over
generalized use of the term voting system when what we’re talking about
most likely is the tabulator any additional questions their comments all right next up – title random number
generation this came up around in the ballot secrecy section there’s a section
for a requirement on aggregation and ordering and there was concerns about
the unique identifiers more potential identifiers that are used there and how
do you ensure that you are able to recreate the order and one of the
recommendations that was provided that it was that we point to specific
misguidance and so we we the requirement 10 – 2 s now points to that random
numbers generated must use the guidance from nist SP 890 which are
recommendations for random number generation is using deterministic random
bit generators this is the document provides very detailed requirements
around number generation and also states that to ensure conformance with guidance
that it must be submitted to the cryptographic module validation program
as well as the cryptographic algorithm validation program it definitely wanted
to give a heads up on that that it will require some additional testing to be
done for approval and then we have another another requirement in 911 see
just about random numbers in general so not necessarily about the numbers that
are used for aggregation and ordering and that states that the documentation
of how random numbers are used and created must be there and that also
points back to this 10 to 2’s requirement next step is preserving log integrity so
this one we had a requirement are there to originally just said disabling no
disabling of logs and so you all provided a great update to the title and
we made that update and then on we also added that this that the added the
prevention of the deletion of the logs I last time I brought up some concerns
around this potentially limiting creating space for more storage of logs
and so I included one exception for law of rotation and again law of rotation is
when the sword logs are rotated out to just create more space for continuous
logging all right and the last slide here is for password complexity
11:3 to be originally this requirement said that the administrator this was a
requirement that said the administrator was able to set the minimum password
complexity this requirement has been updated to point that to miss guidance
saying at minimum they must meet the complexity guidance within nist SP a 863
b and i just wanted to provide some background information on that the
minimum complexity requirement that miss recommends is a password length and only
a password length and the password length is 8 characters and this is this
is due to research around different complexity requirements and the and and
understanding that any any more complex requirements for for password may
increase the difficulty of memorized passwords and increase user frustration
and also more complex passwords impact usability and memorability and so
alternatively what we have what we have in the requirements
you’ll see down at the bottom eleven three to see is passwords blacklist
which was retitled and that one is about preventing the use of common passwords
and we also have another requirement around failed log attempts to provide
around around options for preventing brute force such as exponential back-off
i’m so adding time on to incorrect or failed attempts hey Joe
Neal Kelley orange county I hate to ask you to go back a slide I’m glad to sit
on the phone because if we were in person pictures rolling their eyes at me
right now but in the analog rotation piece their specifics and I’m sorry I
haven’t dived into that piece about how the log rotations or how the logs are
preserved in rotation or is there clarification on that around you’re
talking about preserving the logs like after after yeah yeah I don’t think we
have anything in there now are you looking for that as a requirement or as
maybe a suggestion within a discussion section I think good I was going to say
it sounds like it may be appropriate for that to share some guidance around that
in the discussion yeah I agree okay thank you for that and then that’s pretty much it 11:3 to
be still has has it so the administrators can specify password
strength I don’t know that I necessarily receive feedback on removing that and if
that 1111 3 to be requirement is enough but I it’s still in there that the
administrator can specify additional password strength and that’s it for my
section yeah this is Paul general on that point with it with the
administrators it’s probably okay I mean it really will depend on how how layered
your organization is and my organization is the same person doing all that stuff
but in Diels organization you know there may be layers of people who are telling
other people to do this and set these passwords so it’s probably okay
everything sounds good okay so I think next we have John whack for just a
couple of updates ugly hi everybody I do have some I’ll just say relatively
boring type of requirements so I hope I don’t hear some wearing on the phone so
essentially these requirements make some things more clear about use of bar codes
and then I’ll also cover an upgrade to a more recent version of the military
standards that are used for testing testing for environmental aspects and
the O’Kelly brought up something about dust contamination that proved to be
pretty interesting so I’ll talk about that as well so the transparency
requirements are the place where we had bar code related requirements and
what I did was in response to some of your comments made it more clear that
the voting systems manufacturer must provide documentation intended to be
publicly available at no cost that fully describes you know
well actually I’m sorry we’re looking at the I’ve got ahead of myself we’re
looking at the the first one which really deals more with system event
logging so my apologies it was made clear in that that the log format must
be publicly available we have we produced a common data format or for
export of the log but it wasn’t totally clear that the documentation so you can
actually decipher the load the the material in you know the common data
format we didn’t make it clear that that needed to also be publicly available so
what I’m talking about is if in the log file you use an event code of 37 37
means ballot cast then that needs to be in some sort of report or document that
can be made publicly available so that an auditor you know if looking in at
event log you know knows what they’re looking at okay so I got ahead of myself
I’m back to where I ought to be again specification of common data format
usage publicly available at no cost and then to barcodes again so we had
requirements already about if a barcode is used it needs to be a standard that
you know is in the is freely available and haba has a requirement in it that
the dbsg cannot contain essentially material that costs money for people to
implement so this would need to be made publicly available
cost encoding so this is an area where you had some comments we made it more
clear that within the barcode the data that that’s put into a barcode may
itself be encoded so that format needs to also be described and the intent
there is that an auditor or you know potentially even a voter could use a
commercial off-the-shelf barcode scanner and see that encoded data and with
documentation from the vendor be able to decipher what that means and then we
added let’s see is it up some okay the last requirement ballots election codes
you discussed and what we’re talking about there is again the same thing with
the event log format if so typically the encoded data there are a series of codes
you know for contests and for ballot selections within those contests so
again a you know if if there’s data that says 37 comma 50 and that means in the
state Senate race so-and-so was chosen that needs to be made available or the
voting system must be capable of producing a report that a voter
potentially or an auditor could use to you know actually decipher the
information so it’s it’s not I I wanted to be clear it’s not that we’re saying
that what the voters voter put in the barcode that you know it needs to be
publicly available it is the meaning of the codes so is that fairly clear before
I move on John this is Paul I’m just going to wave the same flag from the
last discussion about the use of the term voting system here so because that
is so broad of a context arguably the tabulator at the polling place should be
able to produce a report that explains this to it
which what would I print it on because all I have the print is the tape my
print results on where as you know and most of the time it is a more standard
it doesn’t say these are votes for John Smith it says these are votes for the
second candidate in the third race on the ballot which you know explains it
but at the same time doesn’t explain it so I just want to be sure that we’re not
being too overly broad again with that use of the term voting system somewhere
you got to be able to produce this and even perhaps for an election climene I
know in my old system I had a report I could print that said here are the names
of all the candidates who are assigned to these places in the race and that
came from the election management system which yes is part of a voting system but
where that tabulator is also part of ableton system it couldn’t produce that
report so I just want to make sure we’re not being overrun okay thank you we are
going to look at the definition of the voting system and take a look at that
but you know you do understand we use that term in a lot of requirements so
that we don’t restrict something you know a requirement to a specific device
so the intention there is not to lock down you know kind of like a physical
architecture but I think we can handle that through re-examining the definition
of the voting system and then discuss it with you Dave Wagner here I would
imagine that an implementation would most likely meet this by having the EMS
produced the report exactly as you suggest and it looks to me like the
wording of this language allows that but also provides flexibility to the voting
system manufacturer that if for some reason it made more sense to have some
other part of the voting system produced that report that would also comply so
kind of I think that’s consistent with what you’re saying if I understood what
you’re said right but I don’t know if I understood the concern accurately
that was my intention David thank you okay well we’ll revisit that the next
thing is the mil standard 810 update so there are a series of requirements that
require voting systems to be resilient to a number of different things
temperature humidity vibration dropping electrical issues and the standard that
was used is a military standard that is in widespread usage people use it all
over the place in industry it it can be modified because you know it you know
you don’t always need to test something to military standards but there’s a lot
of flexibility in this standard so the version that was being used was 8 10 d
and we’re up to 8 10 H I believe if you look up a 10 D on the internet you’re
gonna find that someone scanned in a type typewriter written standard from
way back and and so it I think it was important to move on and make things
more recent now very fortunately the 2000 2007 dbsg effort at NIST intended
to upgrade that to version F and a study was done to look at the differences
between D and F and there were some differences
I would I would classify them as minor the person who did the report also felt
that in some respects perhaps some things were being tested for that really
didn’t need to be tested for some aspects of the drop tests this is
something I intend to discuss more in the testing group but I then took a look
at the differences between F and then the current version H and there were no
differences the differences between the versions were really more
and how the material was presented so so anyway we did an update there and I
think that’s fairly clear and you’ll just see that in section 2.7 a you know
these requirements are are highlighted in yellow okay the very last issue Neal
Kelley raised that his systems are suffering from dust contamination we
would like to get more data and in fact it’s it’s an interesting enough problem
that perhaps we’d like to reach out more to more election officials the 810
standard does contain tests that can be used for dust contamination it would add
expense to certification testing dust could be kind of specific to certain
areas of the US and so it’s a little more difficult to come up with a test
that’s general it would need some work but it can be done and it seems to be
you know important issue in Orange County so again we’ll be reaching out to
get more data about that and perhaps after the public review if we need to
add this sort of testing and we can do it at that point and I think that’s it
hey John Neal Kelley I just wanted to say thank you for addressing that issue
because I not I know it’s not just in our county but it does take place
certainly in the southwest in in larger numbers so thank you great thanks so
much so I think next up we have our Laskowski and I think Aaron you have
about 15 minutes because most of the changes we made were just clarified they
weren’t some major substantial changes except perhaps the accessibility of e 2e
receipts making that explicit and also a plan for how how to develop some
guidance and understanding of how to deploy about marking devices to support
no discrimination for the people that use them so that’s said I’m going to go
through these rather quickly we have comments about voting methods
and interaction modes and there was some confusion
so we revised that and next slide you’re right there before you go and so we
added the term voting methods and five-point-one a voting methods and
interaction mode so within any method of voting all interaction modes have the
same capabilities and we also added in the discussion that method of voting
might support a number of different types of voting but in light of our
discussion about being careful about scoping maybe we want to revisit this
discussion wording to make sure we over reach there and make that make that
clearer that that was a simple change in six point to a voter independence we
revised it to make sure the accessibility of any kind of e to meet
between receipts was clear so the update that we did was to add a sub clause 26.2
way that says if a voting system includes any features voters might use
after testing about they must be accessible so we brought it in will not
just e to e receipts but anything that some future voting system might have
like voter being able to track their ballot in the system etc that that is
indeed accessible we had a question in the last meeting about the sofa what’s a
common gesture and in looking back over 7.2 II there were that was a complete
list of requires conditions that really limits
what the gestures are and we sell cakes maybe that was entirely sweet reordered
them look at the salt the next slide there’s really been no change we just
ordered what’s there and that plus the discussion really says there’s simple
simple gestures where you don’t need to use more than one finger you don’t
require any kind of timed or simultaneous action and you don’t
navigate off the current contest so that really limits it to just a
couple very simple gestures we showed our wheelchair reach ability
accessibility requirements to the access board on access work and we found out
that they’ve got some new technical guides for the face one needs around a
wheelchair to reach controls and operate those controls so basically we updated
requirements and for example and and and I must say they’re beautifully done so
much an improvement over what we’ve been 1.0 back in 2002 they’re very clear and
so we basically say follow here here’s the clear floor space and turning space
you need here’s reach and height and depth and depth with illustrations use
that and there’s a whole guidance and pictures on how voters can reach in his
all awful both operable parts and there was a small comment about seven-point-two about control labels
visible just from a seating position we just remove the one words so thank you
to the our access course compound contact her there were some questions
about the wording for usability testing with voters and with election workers so
we actually are proposing a few minor changes to the guidelines themselves
that’s for the EAC to decide whether they want to do those updates and then
we looked at the requirements underneath for how to specify that usability
testing and we made sure that there was parallel construction be clear so so the
current equity guideline says the voting system is evaluated with a wide range of
representative photos including those with and without disabilities for
effectiveness efficiency and satisfaction we remove that last Clause
effectiveness efficiency and satisfaction
we put it in the actual requirement just these are by the way ISO standard
metrics so you can see slide 38 that we specify how those usability tests should
be done and in the second clause we added the including effectiveness
efficiency and satisfaction methods there and we’ve got guides for how to
use the common industry formats or report on usability test results and
we’ve customized it for voting so there’s lots of specifications on how to
do formal with usability and then 48.4 the current 8.4 so the voting system is
evaluated for usability by election workers we’re suggesting that we say
with election workers to parallel the construction of 8.3
and there was a clause in the requirement and
that says that election where kids can learn understand it’s upon these tasks
read the bleed easily and we change that to successfully because that’s occur
measure and then we rearranged and added to parallel the 8.3 a usually touch with
voters to make that clear that indeed deserves the same kind of you to be
testing accepts to have you’re using election workers and you’re looking at
the specifics off Senate election workers have to do and again to report
those standards format so so I’m going to pause there to see if there’s any
questions or comments this is Paul can we provide a blacklist of poll workers
to not use they should have a range of experience so – and some experience
subfolders that you test with just so you have confidence that they can
actually follow the documentation operated so finally we had a question
about principle three which says all voters can access and usability system
regardless of their abilities without discrimination so we have requirements
about consistency and equivalent experiences but the question was asked
what is without discrimination means that depends on how you deploy the
voting system which we can’t we can the manufacturers can say how it should be
deployed but its user through governed by the polling place but it’s an
opportunity to provide some guidance so we talked to Diane and we talked with
the our access board about how we might make use of the new human
the public working group to have a discussion as far as our plan to discuss
and document the issues around deployment of accessible voting systems
which are primarily about ballot marking devices and we can do that through the
human asset public working group which already have a large number of usability
and accessible experts and advocates and vendors and then the accessport has
kindly agreed to lead the generation of report we do have an outline providing
the discussion to bootstrap things and we’re hoping to use some of our contacts
like Laurie and Bob to invite to make sure we have the right set of election
officials for help from NASA and that’s included on providing input and we’ll
reach out to some additional accessibility advocates to participate
in these discussions and will also notify well notify other working groups
as well food security folks so they know so we have full transparency and then
based on those those the findings from that discussion I think will be well
points to develop some guidance for election officials on what’s a good
number to deploy how you make sure that election workers are ready to go to help
people coming in to use the devices etcetera there are any questions about
that I’m Sharon well done thank you you’ve
brought us back on time and now it’s it’s back to Mary Brady to wrap us up
yet I think there’s only one additional slide that we didn’t go over and this is
on patent science and I just kind of want to introduce the topic I don’t
think there’s anything that we’re going to do about it in the next five minutes
but with there has been some concern particularly expressed by a mcdermott on
you know that the d vs g should be free of patent concerns or if there are any
patterns that that we should be aware of them and they should and there should be
guidance for how how to address them and i just wanted to point out that we went
back we reviewed the help America Vote Act and their intersection the help
America Vote Act it says there would be no private sector intellectual property
rights in the guidelines we look at some of the how some of the other standards
bodies handle this and I get some questions that come to mind is where in
the development process should the patent policies be applied that I think
there is a need to develop some the public working groups or unofficial
advisory groups really to NIST so they’re they’re not actually part of
the hava defying process begins defined some development is starting with the T
G DC and the AC has overall responsibility for the VBS G so I you
know I think we need to have a discussion at at least initially with
the AC to talk to discuss where a patent policy might be applied some things some
best practices to consider from the ANSI and I Triple E policies that we looked
at is normally what happens in those situations is the meetings start with a
chair request for participants to identify patent claims on technologies
that are under consideration the chair can also send letters to participants
asking them to identify patent claims in this case there’s a response that’s
signed by the senior management of the organization and the holder must assure
that that there’s a license to claims that are available under
reasonable terms and conditions in some cases without compensation and under
reasonable terms and conditions that are free of any unfair discrimination so
it’s just something that I want you to start thinking about among among the
other areas and if you have any thoughts please let us know but I’m sure this is
the beginning of a discussion as we can go along and work on developing a patent
policy great wonderful well thank you all for the presentations and for the
great inputs and clarifications that have come out of our discussions so yet
today let me turn it also over to Japan Hovland for any additional comments that
you’d like to make as we bring our session today to a close thank you very
much yeah I do appreciate the nist team and all the work they put into this and
and thank you to all the t GD c numbers for your comments and engaging in this
discussion we can send around follow up I know we talked about the 18th but we
can communicate the email to see if that is a date that will work for most people
and as I mentioned earlier I think there’s value in in identifying if there
are recommendations for how we can we can get across the finish line here and
and how we can review these final pieces so thank you to everyone for joining the
call today thank you so much and I don’t know whether on the date of
the 18th or an alternative if those who are available might be able to join in
person but I would certainly be happy to come out to the EAC and and to
participate directly with you there Ben and any others who can join us in person
I realize that some may have to call in and participate virtually all right well I think we’re at the end
of our time again look forward to the follow-up actions there are plenty but I
think that over the coming weeks there’s certainly a commitment from us here at
NIST to provide our updates so that when we actually do meet and prepare for a
vote that everyone is well prepared and it has adequate opportunity for advance
review we welcome as ever any additional comments and feedback as as we prepare
for what we trust will be a unanimous decision to move forward with tvbs-g 2.0
guidelines and and thank you once again to each of you who have joined with us
on this call very productive call today thank you

Robin Kshlerin