Order Code RS22363
January 11, 2006
CRS Report for Congress
Received through the CRS Web
Federal Voluntary Voting System Guidelines:
FAQs
Eric A. Fischer
Senior Specialist in Science and Technology
Resources, Science, and Industry Division
Summary
The federal Voluntary Voting System Guidelines (VVSG) are a set of technical
standards for voting systems that use computers to assist in recording or counting votes.
They were released in December 2005 and will go into effect in December 2007. They
will replace the 2002 version of the federal voluntary Voting Systems Standards (VSS).
The VVSG are a partial revision of the VSS, with revision focused mainly on
accessibility, usability, and security. Several issues have been raised about the VVSG
that may require congressional attention. Among them is the question of timing. Some
vendors claim that there needs to be more time for technology development before the
new guidelines become effective; some activists argue that problems with voting
systems, and federal requirements, demand more rapid implementation of the VVSG.
It is generally considered unlikely that the guidelines will have much direct impact on
voting systems used in 2006. One exception may be provisions relating to paper-ballot
audit trails, which several states now require to be used in conjunction with electronic
voting systems. The VVSG will be voluntary, but some observers believe that a
regulatory approach would be more appropriate given the importance of elections to the
democratic process. However, since many states require that voting systems be
certified, vendors are expected to treat the VVSG in the same way they have treated the
VSS — as effectively mandatory. For more detail, see CRS Report RL33146, Federal
Voluntary Voting System Guidelines: Summary and Analysis of Issues, by Eric A.
Fischer. This report will be updated in response to major developments.
What are the Federal Voluntary Voting System Guidelines
(VVSG)?
The Help America Vote Act of 2002 (HAVA, P.L. 107-252) established the federal
Election Assistance Commission (EAC) and gave it the responsibility to develop a set of
Voluntary Voting System Guidelines (VVSG). It established the Technical Guidelines
Development Committee (TGDC), chaired by the director of the National Institute of
Standards and Technology (NIST), to develop recommended guidelines for consideration
by the EAC.
Congressional Research Service ˜ The Library of Congress

---

CRS-2
The VVSG are a set of technical standards for voting systems that use computers to
assist in recording or counting votes. Systems covered include most used in the United
States — not only DREs (direct recording electronic systems) such as touchscreen voting
machines, but also optical scan and punch card systems. Hand-counted paper-ballot and
lever-machine systems, which do not involve computers, are not covered. However, they
are used by a small and decreasing number of election jurisdictions.
What is the Status of the VVSG?
The EAC began developing the guidelines in 2004, releasing a draft for public
comment in June 2005. After considering the thousands of comments that were
submitted, and after making revisions in response, the commission approved the VVSG
in December 2005, stipulating that they will go into effect in two years. Meanwhile, the
TGDC has begun work on developing the next version.
What is the Relationship Between the VVSG and the Federal
Voting Systems Standards (VSS)?
The VVSG will replace the federal voluntary VSS originally developed under the
auspices of the Federal Election Commission (FEC). The VSS, which will remain in
effect until the end of 2007, were developed in response to concerns raised in the 1970s
and 1980s about the then largely unregulated voting technology industry. Congress
directed the FEC to perform a study on the matter in cooperation with the National
Bureau of Standards (now NIST) but did not establish the VSS specifically by statute (see
CRS Report RS21156 for more detail). The first version was released in 1990, and a
testing and certification program began in 1994 under the auspices of the National
Association of State Election Directors (NASED). The VSS and the NASED certification
program are widely credited with having greatly improved the performance of voting
systems in several areas, such as reliability and accuracy.
The FEC began a project to update the VSS in 1997 and approved the second version
in May 2002, while Congress was debating election reform legislation. Enacted in
October 2002, HAVA provided a statutory basis for voting system standards, which the
act renamed guidelines, to distinguish them from the act’s voting system requirements,
which it called standards. HAVA also provided an administrative structure for
promulgating the guidelines and for certifying systems under the auspices of the EAC,
and also directed NIST to assist in the certification process. HAVA stipulated that the
current VSS will serve as the guidelines until replaced by the VVSG.
Most sections of the VVSG are virtually identical to those in the 2002 update of the
VSS. Major revision focused mainly on usability, including accessibility for persons with
disabilities, and certain aspects of security; those sections were completely rewritten. The
decision to limit the scope of the revisions resulted from a desire to meet urgent needs
while creating a version that could be used in preparation for the 2006 election cycle.
HAVA’s accessibility requirements go into effect in January 2006, and many states have
adopted new security requirements for voting systems, including paper-audit-trail
requirements, in the wake of controversies that emerged subsequent to the passage of
HAVA (see CRS Report RL32139, Election Reform and Electronic Voting Systems
(DREs): Analysis of Security Issues, by Eric A. Fischer).

---

CRS-3
How are the VVSG Used?
The VVSG provide a set of specifications and requirements to be used in the
development of computer-assisted voting systems and their certification testing by
independent laboratories. They include descriptions of functional requirements and
performance standards, as well as requirements for vendors in quality assurance and in
configuration management, which involves ensuring that a system functions in specified
ways under various modifications and throughout its life cycle. They provide details of
the testing process for certification of voting systems, and also include suggested
practices for election officials in some areas covered by the guidelines, and discussion of
verification concepts for future design of voting systems.
The guidelines are aimed at a broad audience, but most specifically at vendors,
testing laboratories, and election officials. Their use is voluntary at the federal level, but
many states require that any new voting systems used in the state adhere to them (in most
cases, the requirements currently refer to the VSS), or to state standards that incorporate
similar specifications. The practical effect of such state requirements is that voting
system vendors can successfully market systems only if they are certified under the VSS
or VVSG. In this sense, the provisions have acquired some of the force of regulation, in
that they are treated by manufacturers as requirements.
Consequently, when a company develops a new voting system, it typically uses the
VSS (and soon, the VVSG) as a source of specifications to which the system must adhere.
When the vendor submits the system to an independent laboratory for certification, the
laboratory uses the VSS as a source of standards against which it tests the system. The
system may also need to be certified against state standards to the extent that they differ
from the VSS. State officials may then use the VSS in their state-level certification tests
of systems they are considering for acquisition. Private citizens who might wish to test
voting systems cannot ordinarily do so because of contractual restrictions imposed by the
vendors. While adherence to some specifications can be assessed by knowledgeable
citizens when they vote, many provisions can be assessed only in a laboratory.
What Subjects are the VVSG Required to Address?
HAVA does not specifically direct the EAC to include any particular issues in the
guidelines. However, in the debate on the House floor before passage of the HAVA
conference agreement on October 10, 2002, a colloquy (Congressional Record, daily ed.,
148: H7842) stipulated an interpretation that the guidelines specifically address the
usability, accuracy, security, accessibility, and integrity of voting systems. Also, the act
requires NIST to provide support to the TGDC for development of guidelines relating to
security, voter privacy, human factors, remote voting, and fraud detection and prevention.
HAVA does establish some specific requirements for voting systems, but leaves the
method of implementation to the states. The EAC is required to provide guidance for
implementing the requirements, but the guidance is not a technical standard and its use
is also voluntary. The act is largely silent on the relationship between the VVSG and
those requirements, which stipulate that voting systems must provide for auditability,
accessibility, and ballot verification and error correction by voters, that states must set
standards for what constitutes a vote on a given system, and that machine error rates of

---

CRS-4
voting systems must conform to the standards set in the guidelines. This last is the only
direct connection in the act between the requirements and the VVSG. HAVA also
specifically exempts states from adherence to the VVSG as a condition for receipt of
payments to meet HAVA requirements.
What Subjects do the VVSG Currently Address?
The VVSG cover largely the same topics as the VSS. They include the following:
! The functional capabilities a voting system is expected to have. These
fall into several categories, including security, accuracy, error recovery,
system integrity, auditing, election management, human factors, vote
tabulation and reporting, telecommunications, data retention, ballot
preparation and control, voting, maintenance, transportation, and storage.
! Performance, physical, design, construction, and maintenance
requirements for hardware, from printers to voting devices to paper
ballots to back-office computer equipment.
! Requirements for software, including design and coding, data and
document retention, audit record data, and vote secrecy for DREs.
! Telecommunications requirements for operation and reporting election
results, including performance, design, and maintenance characteristics.
! Essential security capabilities, including controls to minimize errors and
accidents, protect from malicious manipulation, identify fraudulent or
erroneous changes, and protect voting secrecy.
! Requirements for voter-verified paper trails (VVPAT) used in
conjunction with DREs (this is new in the VVSG).
! Requirements for quality-assurance programs and configuration
management throughout a voting system’s life cycle.
! Suggested best practices for election officials with respect to usability
and security requirements.
! Suggested specifications for a class of vote-verification systems (which
includes VVPAT) that produce at least two separate, independent ballot
records that voters can verify before casting and that can be compared in
a post-election audit.
! The certification testing process, including planning, testing sequence,
specific tests required, exemptions (such as unaltered commercial off-
the-shelf software), and vendor requirements.
What Are Major Policy Issues about the VVSG?
Several issues have been raised about the VVSG that may require congressional
attention. Among them are the following:
The degree to which the guidelines are voluntary. HAVA makes the standards
voluntary at the federal level and did not give the EAC regulatory authority, but vendors
have usually treated the VSS as mandatory because of state requirements. Nevertheless,
some observers believe that adherence should be mandatory or at least a condition of
receiving any federal grants for voting equipment. Others state that mandatory standards

---

CRS-5
would give too large a role to the federal government and reduce the flexibility of state
and local governments to respond to their specific needs.
What standards can and cannot do. Standards can address only issues that were
considered by the developers of those standards, and the way that they are developed and
implemented can also affect the way issues are addressed. The VSS and certification
process have been criticized for not anticipating the kinds of security weaknesses with
DREs that have been discovered in some certified systems, and for limiting testing of
systems to controlled laboratory conditions rather than realistically simulated election
conditions. The VVSG have strengthened the security requirements but the current
version has not addressed the second criticism.
Development and implementation of the VVSG. The development of standards can
involve lengthy deliberations under the best of circumstances, and HAVA may have
exacerbated that characteristic by creating a complex process for the development of the
VVSG. HAVA does not specify an updating cycle for the guidelines, but international
standards are often updated on a three- to five-year cycle. Some observers believe that
a four-year development cycle is desirable, to permit systems to be used for two federal
election cycles without requiring recertification. Others have criticized the process for
development of the VVSG as being too slow and cumbersome. There appears to be an
inherent conflict in responsiveness of the guidelines to, on the one hand, evolving needs
and technology and, on the other, time and cost constraints inherent in responding
appropriately to such changes. Achieving the right balance is likely to be difficult.
Funding has also been an issue. Although HAVA requires NIST to assist in the
development of the VVSG and the certification process, it did not authorize any funding
specifically for that purpose. Appropriations legislation has been addressing that gap by
specifying EAC funds to be transferred to NIST for their support activities. However,
funding for the EAC is authorized only through FY2005, and some observers have called
for abolishing the EAC after all current HAVA payments to states have been disbursed.
Certification process. The development of plans for certification testing has also
raised issues. Some observers believe that the public trust would best be served by open
certification testing, whereas others believe that the release of proprietary vendor
information that would accompany such open testing would be a strong disincentive for
investment and innovation by vendors, and therefore counterproductive. The process for
selecting testing laboratories has also been criticized, with some observers believing that
use of government or nonprofit testing centers would be preferable to the current open
competition. However, it is generally recognized that the HAVA process is likely to be
superior to the one it replaces, which has been criticized as slow and expensive.
VVSG revisions. The first version of the guidelines has only partially revised the
VSS, and some observers believe that the revisions should have been more comprehensive
to address perceived shortcomings of the VSS. Some also believe that the added
provisions are inadequate to meet accessibility, alternative language, and security needs
and that broader and more stringent requirements are required. Others believe that the
limited changes in the VVSG are more likely to be implementable in the short term. Still
others believe that the guidelines have more new requirements for certification than is
prudent for an interim document, which is intended to be followed by a more complete
revision. It is not clear at this point what the appropriate balance is among those and

---

CRS-6
other conflicting concerns, and the question of scope is liable to remain contentious at
least until the next version of the guidelines is completed and implemented.
The role of the VVSG in the 2006 and 2008 federal elections. It is unclear how the
relationship between the VVSG and HAVA voting-system requirements will be
interpreted for the 2006 elections. Until the VVSG go into effect in late 2007, federal
certification of voting systems will presumably continue to be based on the 2002 VSS.
However, state or local jurisdictions may choose to require vendors to meet some or all
of the VVSG requirements sooner. That may be especially important for those
jurisdictions that require a voter-verifiable paper audit trail for use with DREs.
Some observers have expressed concerns that if states do not follow the VVSG in
meeting the requirements, they could be judged not to be in compliance, despite the
voluntary nature of the guidelines and the stipulation in HAVA that the methods of
implementation are left to states. As a result, uncertainties remain about whether systems
already acquired to meet the January 2006 deadline for HAVA requirements will be
deemed inadequate in light of the December 2005 release of the VVSG.
Another concern is that the proposed fall 2007 implementation date may not leave
sufficient time for vendors and states to develop and acquire conforming systems before
the 2008 federal election, especially in light of uncertainties about the timeline for the
next version of the VVSG. How these concerns should be addressed is not clear.
Voter Registration. HAVA requires NIST to provide technical support for
development of guidelines for the computerized statewide voter registration lists that the
act mandates. There are currently no widely accepted standards for those lists. That
absence has raised concerns about adequate state implementation of the requirement. The
VVSG do not address voter registration, but some observers believe they should.
Use of proprietary software. Most if not all voting systems use proprietary software
for which the code is not publicly available. Some of that software consists of
commercial off-the-shelf (COTS) products, and some is written by the vendor. Critics
argue that all software should be available for public inspection to ensure that it functions
properly and does not have any malicious code. They say that such an approach is
essential to ensure public trust. Others disagree, arguing that such an approach would
stifle innovation, increase costs by prohibiting the use of most COTS software, and would
not result in improved software quality.
Verification systems, including voter-verified paper audit trails (VVPAT). The
possible need for voter-verification systems has become a matter of public interest
because of the controversy over the security of DREs. While most public attention has
been paid to VVPAT, other methods arguably show more promise in terms of usability,
accessibility, and verification power. Some observers believe that the VVSG should
require VVPAT, but others believe that the verification provided by that method is of
questionable value in practice and may create unforeseen problems of its own. The trend
at the state level toward requiring the use of paper ballots has also raised questions about
whether such requirements can be reconciled with HAVA accessibility requirements
under the constraints imposed by current technology. Several bills have been introduced
in the 109th Congress that would make the use of paper ballots a federal requirement, but
none have received committee or floor action as of the date of this report.

---