Security of Ballot Delivery

This topic is for discussions of security-related issues associated with the BallotDeliveryUseCase

Security Considerations

Information Types:

  • Ballot styles
Security Objectives and Impact Levels
  • Confidentiality: Low
  • Integrity: Moderate
  • Availability: Moderate
Notes:
  • Ballot marking considerations should be discussed on the BallotMarkingSecurity topic.
  • Scenarios include:
    • Blank Ballot Delivery
      • Polling place voting systems
      • Postal mail
      • Electronic (e.g., email, web)
    • Voted Ballot Return
      • Polling place voting systems
      • Postal mail
      • Electronic (e.g., email, web)
  • There are few unique security considerations for ballot distribution in polling places, beyond those covered by BallotOnDemandSecurity or BallotMarkingSecurity.
  • Electronic Blank Ballot Delivery- Major Security Considerations:
    • Ability to reliably match voters to ballot style
    • Integrity of blank ballots
    • Availability of the system
  • Electronic Ballot Return- Major Security Considerations:
    • This is a form of Internet voting
    • Major challenges include the auditibility of such systems, the ability to authenticate voters while maintaining voter privacy, and the ability to protect against malware.
    • See the resources identified at the bottom of this topic for more information

VVSG Security Gap Analysis

Applicability of the VVSG 1.1 and/or draft VVSG 2.0

  • VVSG 1.1: Absentee voting systems out-of-scope
  • VVSG 2.0: Absentee voting systems out-of-scope
Estimated Level-of-Effort to Address
  • Polling Place Systems: Minimal- already addressed or addressed by other use cases
  • Absentee/Remote Voting:
    • Electronic Ballot Delivery: Moderate- while these systems are very different from polling place systems, general cybersecurity best practices for IT systems could be applied and tailored to online blank ballot delivery portals. Guidelines could have significant overlap with online voter registiration database guidelines under the VrdbSecurity use case.
    • Electronic Ballot Return: High- there are fundamental challenges in technology and the supporting infrastructure.
Gap Areas
  • Blank Ballot Delivery
  • Voted Ballot Return

Related Resources:

Comments

Edit | Attach | Watch | Print version | History: r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r4 - 2016-09-12 - AndrewRegenscheid
 
This site is powered by the TWiki collaboration platform Powered by PerlPLEASE NOTE: This wiki is a collaborative website. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. All the material on this website is in the public domain, including any text, diagrams, or images, unless indicated explicitly. Don't share anything on this site that you do not want to be public. Do not pass any proprietary documents or put any on the TWiki with implied public disclosure. If you do, it shall be deemed to have been disclosed on a non-confidential basis, without any restrictions on use by anyone, except that no valid copyright or patent right shall be deemed to have been waived by such disclosure. Certain commercial equipment, instruments, materials, systems, software, and trade names may be identified throughout this site in order to specify or identify technologies adequately. Such identification is not intended to imply recommendation or endorsement by NIST, nor is it intended to imply that the systems or products identified are necessarily the best available for the purpose. Any data provided on this site is for illustrative purposes only, and does not imply a validation of results by NIST. By selecting external links, you will be leaving NIST webspace. Links to other websites are provided because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose.