Vocabulary, The Gadsden Group

Vocabulary

EMS – Election Management System

EVS – Electronic Voting System

EED – Election Event Designer: ballot design software

BMD – Ballot marking device: In-person electronic voting kiosk

BMD w/Auditory tactile interface (ATI) (for blind and vision impaired)

BMD w/Sip ‘n Puff (for amputee or paralyzed)

VVPAT – Voter-verified paper audit trail

UOCAVA – Uniformed, overseas citizen absentee voter (UOCAVA, MOVE)

NVease.gov for UOCAVA: active 45-days to opening of polls

NVease.gov for the disabled: active 30-days prior to opening of polls

Inactive voter – someone who has not voted in up to two presidential races, the voter registration postcard mailed to them is returned address unknown, and/or the voter requests to be removed from the registration database

Status unknown voter – includes all transmitted by-mail ballots that were not returned by voter, spoiled, returned as undeliverable, or otherwise unable to be tracked by the county/registrar (there should only be a few of these)

Spoiled ballot – a ballot that is torn, rumpled, or soiled, missing signature or required information, and cannot be counted

Undervote – when not all votes are cast on a ballot, candidates and initiatives are ignored

Ranked Choice Voting – If a candidate receives more than half of the first choices in races where voters elect one winner, that candidate wins, just like in a single-choice election. However, if there is no majority winner after counting first choices, the race is decided by an “instant runoff.” The candidate with the fewest votes is eliminated, and voters who picked that candidate as ‘number 1’ will have their votes count for their next choice. This process continues until there’s a majority winner or a candidate won with more than half of the vote. In races where voters select multiple winners, RCV can serve as a candidate-based form of proportional voting.

Dominion’s Democracy Suite® provides the most comprehensive and transparent Ranked Choice Voting functionality in the market today. This product is not currently part of U.S. EAC certification. Availability may be subject to state certification.

Encrypted keys – a string of specifically organized bits designed to unscramble and decipher encrypted data. Each key is specific to a specific encryption code, therefore making each key unique and difficult to replicable. Encryption keys are necessary to decipher plaintext that is hidden within encoded messages. They must be unique to each piece of shared data (e.g., personally identifiable information (PII), personal healthcare information (PHI) and personal card information (PCI)) in order to ensure the highest amount of security.

Hardware tokens – The simplest hardware tokens look identical to a USB flash drive and contain a small amount of storage holding a certificate or unique identifier, and are often called dongles. More complex hardware tokens incorporate LCD displays, keypads for entering passwords, biometric readers, wireless devices, and additional features to enhance security.

Hardening – a pre-election machine security setting or app to limit connectivity or accessibility/tampering

Slack space – When you delete a file on your file system the space that file occupied is shown in the computer as “free space”; but the file itself is still fully intact on the file system until the computer puts some other file in the space occupied prior by that file.

Risk-limiting audit – an audit protocol that makes use of statistical methods and is designed to limit to acceptable levels the risk of certifying a preliminary election outcome that constitutes an incorrect outcome. RLAs use software that allows the auditor to set the acceptable risk limit of say, 5%. If an error is found, the sampling size increases until 95% or better accuracy is realized. This may lead to a 100% paper ballot recount in a tight race. RLAs have significant costs, too.

Algorithm – A finite set of unambiguous instructions that, given some set of initial conditions, can be performed in a prescribed sequence to achieve a certain goal and that has a recognizable set of end conditions.

“Hash” value: a hash is a function that can be used to map data of an arbitrary size onto data of a fixed size. The word “function” is used in its truest form from mathematics. The hash value is the result of the function. Standard hash algorithms are sets of complex but public mathematical steps. There is nothing secret about them.

Cryptography: All cryptographic software in the voting system shall be approved by the U.S. Government’s Cryptographic Module Validation Program, as applicable. Discussion:

Cryptographic software may be used for a number of different purposes, including calculating checksums, encrypting records, authentication, generating random numbers, and digital signatures. This software should be reviewed and approved by the Cryptographic Module Validation Program (CMVP). There may be cryptographic voting schemes where the cryptographic algorithms used are necessarily different from any algorithms that have approved CMVP implementations, thus CMVP approved software should be used where feasible but is not required. The CMVP website is http://csrc.nist.gov/cryptval. (Attachment A – Dominion D-Suite 5.5.-A Implementation Statement.pdf)

National Software Reference Library – The National Software Reference Library (NSRL) is designed to collect software from various sources and incorporate file profiles computed from this software into a Reference Data Set (RDS) of information. The RDS can be used by law enforcement, government, and industry organizations to review files on a computer by matching file profiles in the RDS. This will help alleviate much of the effort involved in determining which files are important as evidence on computers or file systems that have been seized as part of criminal investigations. The RDS is a collection of digital signatures of known, traceable software applications. There are application hash values in the hash set which may be considered malicious, i.e. steganography tools and hacking scripts. There are no hash values of illicit data, i.e. child abuse images. The National Software Reference Library is a project in Software and Systems Division supported by NIST Special Programs Office.

DIMS – Digital Image Management System

NIST – National Institute of Standards and Technology (U.S. Department of Commerce)

NIST/CAVP – The NIST Cryptographic Algorithm Validation Program (CAVP) provides validation testing of Approved (i.e., FIPS-approved and NIST-recommended) cryptographic algorithms and their individual components.

An algorithm implementation successfully tested by a lab and validated by NIST is added to an appropriate validation list, which identifies the vendor, implementation, operational environment, validation date and algorithm details.

What is ERIC (http://www.ericstates.org/)?

Electronic Registration Information Center

In 2012, Nevada was one of the seven states the pioneered the formation of the Electronic Registration Information Center (ERIC). ERIC is governed and managed by member states. ERIC is an innovative approach to list maintenance, which uses information from motor vehicle departments, Social Security Administration records and other databases to compare voters within Nevada and in other member states.