EAC Guidelines for Overseas Voting Pilots
Last Friday was a busy day for the Federal Elections Assistance Commission. They issued their Report to Congress on efforts to establish guidelines for remote voting systems. And they closed their comment period at 4:00pm for the public to submit feedback on their draft Pilot Program Testing Requirements. This is being driven by the MOVE Act implementation mandates, which we have covered previously here (and summarized again below). I want to offer a comment or two on the 300+ page report to Congress and the Pilot program guidelines for which we submitted some brief comments, most of which reflected the comments submitted by ACCURATE, friends and advisers of the OSDV Foundation.
To be sure, the size of the Congressional Report is due to the volume of content in the Appendices including the full text of the Pilot Program Testing Requirements, the NIST System Security Guidelines, a range of example EAC processing and compliance documents, and some other useful exhibits.
Why Do We Care? The TrustTheVote Project’s open source elections and voting systems framework includes several components useful to configuring a remote ballot delivery service for overseas voters. And the MOVE Act, which updates existing federal regulations intended to ensure voters stationed or residing (not visiting) abroad can participate in elections at home.
A Quick Review of the Overseas Voting Issue The Uniformed and Overseas Citizens Absentee Voting Act (UOCAVA) protects the absentee voting rights for U.S. Citizens, including active members of the uniformed services and the merchant marines, and their spouses and dependents who are away from their place of legal voting residence. It also protects the voting rights of U.S. civilians living overseas. Election administrators are charged with ensuring that each UOCAVA voter can exercise their right to cast a ballot. In order to fulfill this responsibility, election officials must provide a variety of means to obtain information about voter registration and voting procedures, and to receive and return their ballots. (As a side note, UOCAVA also establishes requirements for reporting statistics on the effectiveness these mechanisms to the EAC.)
What Motivated the Congressional Report? The MOVE (Military and Overseas Voting Enhancement) Act, which became law last fall, is intended to bring UOCAVA into the digital age. Essentially it mandates a digital means to deliver a blank ballot.
Note: the law is silent on a digital means to return prepared ballots, although several jurisdictions are already asking the obvious question: "Why improve only half the round trip of an overseas ballot casting?"
And accordingly, some Pilot programs for MOVE Act implementation are contemplating the ability to return prepared ballots. Regardless, there are many considerations in deploying such systems, and given that the EAC is allocating supporting funds to help States implement the mandates of the MOVE Act, they are charged with ensuring that those monies are allocated for programs adhering to guidelines they promulgate. I see it as a "checks and balances" effort to ensure EAC funding is not spent on system failures that put UOCAVA voters participation at risk of disenfranchisement.
And this is reasonable given the MOVE Act intent. After all, in order to streamline the process of absentee voting and to ensure that UOCAVA voters are not adversely impacted by the transit delays involved due to the difficulty of mail delivery around the world, technology can be used to facilitate overseas absentee voting in many ways from managing voter registration to balloting, and notably for our purposes:
- Distributing blank ballots;
- Returning prepared ballots;
- Providing for tracking ballot progress or status; and
- Compiling statistics for UOCAVA-mandated reports.
The reality is, however, systems deployed to provide these capabilities face a variety of threats. If technology solutions are not developed or chosen so as to be configured and managed using guidelines commensurate with the importance of the services provided and the sensitivity of the data involved, a system compromise could carry severe consequences for the integrity of the election, or the confidentiality of sensitive voter information.
The EAC was therefore compelled to prepare Guidelines, report to Congress, and establish (at least) voluntary guidelines. And so we commented on those Guidelines, as did colleagues of ours from other organizations.
What We Said - In a Nutshell Due to the very short comment period, we were unable to dive into the depth and breadth of the Testing Requirements. And that’s a matter for another commentary. Nevertheless, here are the highlights of the main points we offered.
Our comments were developed in consultation with ACCURATE; they consisted of (a) underlining a few of the ACCURATE comments that we believed were most important from our viewpoint; (b) the addition of a few suggestions for how Pilots should be designed or conducted. Among the ACCURATE comments, we underscored:
- The need for a Pilot's voting method to include a robust paper record, as well as complementary data, that can be used to audit the results of the pilot.
- Development of, and publication of security specifications that are testable.
In addition, we recommended:
- Development of a semi-formal threat model, and comparison of it to threats of one or more existing voting methods.
- Testing in a mock election, in which members of the public can gain understanding of the mechanisms of the pilot, and perform experimentation and testing (including security testing), without impacting an actual election.
- Auditing of the technical operations of the Pilot (including data center operations), publication of audit results, and development of a means of cost accounting for the cost of operating the pilot.
- Publication of ballots data, cast vote records, and results of auditing them, but without compromising the anonymity of the voter and the ballot.
- Post-facto reporting on means and limits of scaling the size of the pilot.
You can bet this won't be the last we'll hear about MOVE Act Pilots issues; I think its just the 2nd inning of an interesting ball game... GAM|out