EAC to release draft voting-system guidelines
The Election Assistance Commission expects to release a major revision to its Voluntary Voting System Guidelines for comment soon, beginning a process for approving a new set of standards that states can use to certify voting systems.
The commission describes the new guidelines as a complete rewrite of standards adopted in 2005. Although voluntary, most states use the guidelines for certifying voting systems. They address the reliability, quality, usability, accessibility, security and testing of systems. The new draft prohibits wireless connections on electronic voting systems, addresses software independence and contains updated requirements for a voter-verifiable paper audit trail on electronic machines.
The commission plans to publish the draft in the Federal Register by Sept. 20. But because of two comment periods and possible rewrites of the guidelines, the new version likely will not be available for 2008 elections.
The guidelines apply to any type of voting system, but they have generated a lot of attention because of questions about the security and reliability of electronic touch-screen systems.
The commission also accredits test labs to certify voting systems.
NIST warns of security dangers in active content
The National Institute of Standards and Technology has updated security guidelines for dealing with active content and mobile code and issued a scheme for developing common descriptors of information technology vulnerabilities.
In the draft publication, NIST defines active content as electronic documents that can carry out or trigger actions automatically without a user directly or knowingly invoking the actions.
Incorporating active content such as macros, Java applets, JavaScript and other scripts can add functionality to documents, electronic messages, Web pages and files in a wide variety of formats. But NIST warns of security vulnerabilities in active content. The expanding use of those technologies is becoming common in a range of products and services, on desktop computers, servers and gateway devices.
