Official Summary Meeting Minutes …

                        Official Summary Meeting Minutes
          Technical Guidelines Development Committee (TGDC) Meeting
                                  May 21-22, 2007
              National Institute of Standards and Technology (NIST)
                             Gaithersburg, MD 20899

Members in Attendance:

Dr. William Jeffrey ­ Chair
Hon. John Gale
Patrick Gannon
Tricia Mason
Alice Miller (via Conference Call)
Paul Miller
Philip G. Pearce
Helen Purcell
Whitney Quesenbery
Ronald Rivest
David Wagner
Brit Williams (via Conference Call)

Committee Support Staff:

Melissa Lieberman, General Counsel Office, NIST
Mark Skall, Chief, Software Diagnostics and Conformance Testing, Information
Technology Laboratory (ITL), NIST
Barbara Guttman, Software Diagnostics and Conformance Testing, ITL, NIST
John Wack, Software Diagnostics and Conformance Testing, ITL, NIST
Alan Goldfine, Software Diagnostics and Conformance Testing, ITL, NIST
David Flater, Software Diagnostics and Conformance Testing, ITL, NIST
Wendy Havens, Software Diagnostics and Conformance Testing, ITL, NIST
Lucy Salah, Software Diagnostics and Conformance Testing, ITL, NIST
Allan Eustis, Software Diagnostics and Conformance Testing, ITL, NIST
Lynne Rosenthal, Software Diagnostics and Conformance Testing, ITL, NIST
Thelma Allen, Software Diagnostics and Conformance Testing, ITL, NIST
Sharon Laskowski, Information Access, ITL, NIST
John Cugini, Information Access, ITL, NIST
Nelson Hastings, Computer Security, ITL, NIST
Rene Peralta, Computer Security, ITL, NIST
Bill Burr, Computer Security, ITL, NIST

May 21, 2007: Morning Session # 1

Dr. William Jeffrey, TGDC Chair, called the ninth plenary session of the Technical
Guidelines Development Committee to order at 9:00 a.m. He introduced himself as the
Director of the National Institute of Standards and Technology (NIST) and Chair of the
Technical Guidelines Development Committee.


                                           1
After the Pledge of Allegiance, the Chair recognized Ms. Thelma Allen as the TGDC
Parliamentarian and requested that she determine if a quorum of the Committee was
present. Ms. Allen then called the roll (see Table 1). Eight TGDC members answered
"present." Ms. Allen notified the Chair that a quorum (simple majority) of the Committee
was present either in person or via conference call connection.

The Chair then asked for a motion to accept the published agenda for the May 21-22,
2007, TGDC meeting and, subsequently a motion to adopt the March 22-23, 2007
Technical Guidelines Development Committee meeting minutes. Both motions passed by
unanimous consent (see Table 1).

The Chair recognized EAC Commissioner Donetta Davidson. Commissioner Davidson
expressed the EAC's appreciation for the TGDC members' commitment to the Voluntary
Voting System Guidelines (VVSG) development project. She then introduced Mr. Brian
Hancock who provided a summary of the EAC Election Management Guidelines and a
description of the EAC Standards Board review of the ballot design recommendations from
Design for Democracy.

The Chair called on Mr. Mark Skall of NIST's Information Technology Laboratory to
review progress on VVSG tasks since the March 2007 plenary. He summarized NIST's
close coordination with the working subcommittees through 23 teleconferences and
optimal outcomes for the current plenary session.

Dr. Jeffrey opened the floor to Mr. John Wack for an overview of the draft VVSG document
including final production issues. Mr. Wack provided a high-level overview of the VVSG
document. He described a companion document to the VVSG recommendations that would
give a comprehensive statement of what's in the VVSG in a way that's understandable to
most audiences, and would also describe major differences between this VVSG document
and VVSG 2005.

The Chair opened the floor to Dr. David Flater of NIST's Information Technology
Laboratory to review of the Core Requirements and Testing (CRT) Subcommittee Draft
Sections for VVSG. Dr. Flater covered benchmark definition, conformity assessment and
terminology issues. He detailed changes in the draft VVSG from the March 2007 version
and concluded with a review of major changes from the VVSG 2005 document.

In answer to questions from TGDC Committee members, Wagner, Quesenbery, and Jeffrey,
Dr. Flater explained the intent of the accuracy benchmark; differentiated between the terms
`repeatable' and `correct'; elaborated on the volume testing accuracy benchmark; and
clarified testing for EBM devices.

The Chair called on Dr. Alan Goldfine of NIST's Information Technology Laboratory to
complete the review of the CRT Subcommittee sections of the draft VVSG. He reviewed
changes to the quality assurance/configuration management requirements from the VVSG
2005. As a result of TDGC guidance from the March plenary, he noted revised requirements
dealing with the timing of the vendor delivery of the quality assurance manual. In
conclusion, he summarized changes to the electromagnetic compatibility requirements from
the VVSG 2005 and since the March 2007 plenary.

                                           2
In answer to a question from Dr. Wagner concerning CRT requirements, Dr. Goldfine
indicated that changes included incorporation of text into the current draft VVSG from
previous white papers.

May 21, 2007: Morning Session # 2

At the suggestion of Secretary Gale, the Chair recommended that approval votes for the
VVSG would be postponed until tomorrow (May 22, 2007), since many of the various
subcommittee sections are interspersed throughout the document. There was no
objection.

Dr. Flater then reviewed the VVSG by volume and chapter to identify sections for which
each TGDC subcommittee is responsible.

The Chair called on Dr. Sharon Laskowski of NIST's ITL to present the Human Factors
and Privacy (HFP) Subcommittee's VVSG draft sections. Dr. Laskowski reviewed 13
significant changes to the VVSG draft from the March version. She summarized
significant changes from the VVSG 2005 and gave a progress report on the usability
benchmark research and development project.

In response to a question from Dr. Rivest, Dr. Laskowski clarified which of the
requirements applied to the accessible voting station (Acc-VS) and which requirements
apply to all voting systems. The Committee engaged in extensive discussion regarding
voter verifiable paper records (VVPR) requirements. The Chair concluded that the issues
related to this VVPR requirement would require resolution at a later time.

Secretary Gale initiated discussion regarding an accepted definition for "low vision. Dr.
Laskowski indicated that the term does not refer to voters with corrected vision, but
rather visual impairment. At the request of Secretary Gale, Dr. Laskowski agreed to
review and determine a consistent use of `low vision' in the requirements versus `partial
vision'.

In conclusion, Ms. Quesenbery and Dr. Laskowski initiated a discussion on the time to
vote performance benchmark. They noted that the error rate does not correlate with the
time to vote in the initial tests. Dr. Williams agreed with the comments of other TGDC
members that time to vote was not necessarily a useful performance metric.

Ms. Quesenbery elaborated on the rationale for the choice of measurement metrics.
Dr. Wagner initiated a discussion of subjective satisfaction measures. Dr. Laskowski
noted that a number of the participants in the current tests had not voted on a particular
voting system. Dr. Rivest reiterated his interest in the process for setting benchmarks.

May 21, 2007: Afternoon Session # 1

The Chair called the meeting to order and asked Ms. Allen to take attendance. Ms. Allen
called the roll and reported ten members in attendance. She notified the Chair that the a
quorum was present (see Table 1).


                                             3
Dr. Laskowski summarized the outstanding HFP issue. The Committee discussed at
length and reached agreement on a rewording of the ease-of-comparison requirement
(6.3.4.1.3.4-B) to read:

       `If the voting system offers the opportunity for the voter to compare two distinct
       records of the vote as in VVPAT systems, the format and presentation of these
       records shall be designed to facilitate a rapid and accurate comparison.'

The Chair asked Mr. Bill Burr of NIST's ITL to begin the presentation of the Security
and Transparency Subcommittee's (STS) requirements in the draft VVSG. He initially
provided the TGDC with some background into basic IT-related security vulnerabilities
with voting systems. He then summarized the security requirements in this version of the
draft VVSG.

Ms. Purcell echoed Ms. Quesenbery's concerns with requirement 6.3.5.1-E requiring
paper ballot verification records to fit on one sheet. This question initiated a lengthy
discussion of split-page ballots. Dr. Wagner suggested that the STS Subcommittee take
the requirement back for further review and stated his analysis. The Chair agreed.

Dr. Williams initiated a discussion of the `should' PCOS requirement creating small
batches of ballots for later auditing. The Committee discussed the practicality of this
requirement at length. Mr. Miller noted that there is a counterargument as to whether or
not this is a desirable feature. However, it was also noted that if a manufacturer can figure
out a way to separate the ballots, it would be a convenience from an auditing point of
view.

Dr. Williams expressed concern over the inability to develop standards for paper-free
voting systems. He expressed his opinion that this draft of the VVSG should not be silent
on the ability to use current electronic voting systems securely along with accepted best
practices and management procedures from the EAC.

Dr. Williams recommended that `verified' be changed to `verifiable' in VVPR and
VVPAT. TGDC members agreed. The Chair agreed and there was no objection.

Dr. Williams initiated a lengthy Committee discussion on machine-readable paper
records. The final resolution proposed by Ms. Quesenbery and accepted by the
Committee returned the requirement to the STS Subcommittee for further work.

Dr. Hastings then presented a review of the STS Subcommittee changes to the VVSG
draft since the March 2007 plenary.

Mr. Gannon asked for clarification on whether the electronic records requirements had
changed since the March 2007 meeting. Dr. Hastings indicated that they had not changed.

Dr. Hastings noted that the software build requirements are based on requirements in the
EAC Testing and Certification Program Manual. In response to a Committee request, Dr.
Hastings agreed to review the appropriate location in the VVSG for this and other
requirements in Section 9.3.6.

                                             4
With respect to physical security requirements, Dr. Williams and Ms. Purcell initiated a
lengthy discussion of keys for multiple jurisdictions and subsequently the definition of
`jurisdiction' in this requirements section. Dr. Williams noted that the jurisdiction is
defined in this instance as the entity that owns and is responsible for the equipment.

May 21, 2007: Afternoon Session # 2

The Chair called the meeting back to order and asked Mr. Wack to resolve the issues with
respect to electronic records requirements. Mr. Wack noted that the electronic
requirements section is currently in Chapter 5 of the draft VVSG. He noted that NIST
staff needed to review electronic records requirements presentation slides from the March
2007 presentation. If there are indeed new items for the TGDC to review, they will be
raised at the plenary on Tuesday.

Dr. Flater then reviewed the CRT Subcommittee changes to the VVSG section entitled
previously `Interoperability' and now titled `Integratability,' that deals with the
integration of electronic records. Dr. Flater noted that the relevant sections in the VVSG
are in Volume 3, Section 16.6 and Section 16.7.

Extensive discussion ensued on the benefits to the exporting of cast vote records (CVRs)
in a royalty-free published open format. Mr. Miller noted the current lack of a defined
public markup language export of records by vendors. Dr. Williams cautioned that this
requirement would require recertification of an interoperable voting system. Mr. Gannon
offered his perspective that you will never achieve interoperability by allowing vendors
to use formats that are simply open and published without agreeing upon a common set
of formats. The Chair received no recommendation from the Committee for a change in
the requirement at this time.

Dr. Jeffrey called on Mr. Wack and Dr. Rivest to provide a presentation titled "E-poll
books: Ballot Activation with External Network Connectivity." Mr. Wack prefaced his
remarks by noting that there are currently no requirements for e-poll books in the draft
VVSG. There are requirements for ballot activation. He noted that, in general, voting
systems are not externally networked. He then summarized STS recommendations related
to e-poll book requirements.

Dr. Rivest then commented on the recommendations from the STS Subcommittee and
The TGDC then engaged in a lengthy discussion of potential threats verses the
advantages of networked e-poll books.

Dr. Williams emphasized that election officials should always have a backup for
registration data. Secretary Gale concurred and indicated he was opposed to attempting to
go back and address the security of e-poll books. Mr. Miller agreed that the e-poll book is
a valuable tool. Dr. Jeffrey concurred and recommended that the STS Subcommittee
crafts a requirement that addresses the backup capability.




                                             5
The Chair concluded the afternoon session with the review of a table that would provide
members with the status of various chapters of the VVSG for their review. Before
adjournment, the Committee reviewed and edited the table.

Dr. Jeffrey adjourned the meeting until Tuesday, May 22, 2007, at 8:30 a.m.

May 22, 2007: Morning Session # 1

The Chair called the meeting to order at 9:00 a.m. Ms. Allen called the roll. She reported
a quorum of ten members in attendance (see Table 1).

Secretary Gale offered a motion for preliminary and conditional approval of the HFP
sections of the VVSG. The motion was seconded for discussion. After several friendly
amendments were accepted by Secretary Gale, the Chair read the resolution.

Resolution # 03-07 HFP Preliminary Approval
Offered by Secretary Gale

The TGDC grants preliminary and conditional approval for the TGDC HFP
Subcommittee to complete the HFP sections of the VVSG (Volume 3, Chapter 3) subject
to final review of the edited and updated materials.

Dr. Jeffrey inquired as to whether there was objection to unanimous consent to adopt
TGDC Resolution #03-07. Hearing none, the motion passed unanimously (see Table 1).

Ms. Quesenbery offered the motion for CRT preliminary approval. The motion was
seconded. The Chair read the motion for discussion.

Resolution #04-07 CRT Preliminary Approval
Offered by Ms. Quesenbery

The TGDC grants preliminary and conditional approval for the TGDC CRT
Subcommittee, working with other subcommittees, to complete the CRT sections of the
VVSG (Volume 2, Chapter 2; Volume 3, Chapters 2, 16, 17, 18; Volume 4, All; and
Volume 5, All) subject to final review of the edited and updated materials.

Mr. Gannon commented on the need for public comment on Chapter 16. Secretary Gale
agreed but also noted that this is preliminary and conditional approval.

Hearing no further comments, the Chair asked if there was objection to adopting TGDC
Resolution #04-07. Hearing no objection, the motion was adopted unanimously (see
Table 1).

Dr. Jeffrey asked Mr. Wack to lead a discussion on open issues where NIST requires
further guidance. Mr. Wack enumerated the open issues and added additional ones
suggested by Committee members.



                                            6
The Committee engaged in extensive discussion of glossary terms that would benefit
from redefinition, clarification, or a word substitution including such terms as: voting
system (device), general election, and partisan contest.

Mr. Wack then initiated a discussion of bar codes. In response to a question from Dr.
Williams, Mr. Wack noted that use of bar codes (nonhuman-readable information) was
optional. Dr. Wagner then noted that the option, in fact, extended to both the vendor and
the election officials.

Secretary Gale expressed his concern over a possible conflict in the use of the term
`durable ballot' in pending legislation if the receipt becomes the official ballot versus a
piece of paper with a bar code that is simply used for efficient and rapid random auditing.
Mr. Wack indicated that a rewording of the requirement changing the term `ballot' to
paper record could be useful here.

The Committee engaged in a long discussion of bar code usage. Dr. Rivest cautioned
against use of bar codes on paper ballots if not used carefully in audits.

Discussion ensued on whether the human-readable text on the voter-verified paper record
should also be machine-readable. Dr. Wagner indicated this applied to VVPAT only. Ms.
Quesenbery indicated that this was a `should' requirement for EBMs. Mr. Miller raised
concerns but concluded that if the issue is simply should the font on the VVPAT be
machine-readable while the font on the paper ballot type of media doesn't need to be
machine-readable, he would agree with the premise. The consensus of the Committee
echoed by Mr. Wack agreed with Mr. Miller's interpretation of the issue.

May 22, 2007: Morning Session # 2

The Chair called the meeting back to order and recognized Mr. Wack to continue a
discussion of issues for Committee guidance. He briefly reviewed the current paper roll
requirements ensuring durability, fitness for audit, and the 22-month record retention.
Secretary Gale asked for clarification on whether paper rolls were in fact rendered
obsolete by these requirements. Mr. Wack indicated that the requirements currently
preserve the use of paper rolls in the future.

He asked Mr. Burr to provide an overview of the electronic records requirements. Mr.
Burr noted that the electronic records must be in an open format, digitally signed, and
produce tallies that support an audit.

Ms. Quesenbery initiated a discussion on the consolidation of electronic record
requirements. Dr. Rivest noted some inconsistencies with terminology here. Mr. Burr
indicated that NIST staff would review all terms for accuracy and consistency.

Mr. Gannon inquired as to the stated purpose of the electronic records chapter.
He noted the need to be clear on the scope of the requirements in Chapter 5.
Addressing the question from Mr. Skall on whether there was a need for different
electronic record requirements wording, Mr. Gannon responded that the answer is
dependent upon feedback from experts in the marketplace during public review.

                                             7
After further discussion, the Chair noted the need to harmonize the language in Chapter
16 on `integratability' with electronic records requirements in Chapter 5. He then
summarized his understanding of the intent of the TGDC is to maximize `integratability'
across all systems and across all records. Dr. Rivest concurred.

Dr. Rivest introduced the last open issue for discussion: reliability and security for
networked e-poll books. He noted the possibility of Committee agreement on
requirements specifying an air gap for e-poll books that also activate the ballot. Also, he
offered the possibility of a switch on the e-poll book that would allow it to be used as a
ballot activation device or to turn off the function.

Dr. Rivest offered a resolution for preliminary approval of the STS Subcommittee VVSG
material. The resolution was read into the record.

Resolution #07-07 STS Preliminary Approval
Offered by Dr. Rivest

The TGDC grants preliminary and conditional approval for TGDC STS Subcommittee,
working with other subcommittees, to complete the STS sections o f the VVSG (Vol. 3,
Chapter 4-15) subject to final review of the edited and updated materials.

The motion was seconded. The Chair asked if there was unanimous consent to adopting
Resolution #07-07. Hearing no objection, the motion passed (see Table 1).

The Chair adjourned the ninth plenary meeting of the Technical Guidelines Development
Committee at 11:30 am EDT.




                                             8
9
10