California Code of Regulations

Title 2. Administration
Division 7. Secretary of State
Chapter 3.6. Electronic Poll Books

 

20150. Definitions

  • (a)   “Electronic poll book” means a system containing an electronic list of registered voters that may be transported to the polling location.  
          (1)   An electronic poll book shall contain, at a minimum, all of the following voter registration data:
    • i.  Name.
    • ii.  Address.
    • iii.  District/Precinct.
    • iv.  Party preference.
    • v.  Voter status.
    • vi.  Whether or not the voter has been issued a vote by mail ballot.
    • vii.  Whether or not the vote by mail ballot has been recorded as accepted by the elections official.
    • viii.  Whether or not the voter’s identification must be verified.
              (2)   An electronic poll book shall not contain the following voter registration data:
    •           (a)      California driver’s license number.
    •           (b)      Social Security Number or portion thereof.

    (b)  A local election management system utilized at polling locations, in whole or in part, is not an electronic poll book.
    (c)  “Voter activity” means all voter data collected by an electronic poll book or local election management system as outlined in this section.

Note: Authority cited: Section 12172.5, Government Code and Section 2550, Elections Code. Reference: Section 2550, Elections Code.

20151. Local Election Management System Use at Polling Locations.

Counties utilizing their local election management system at polling locations, in whole or in part, shall adhere to sections 20158, 20160, 20161 and 20162 of these regulations.

Note: Authority cited: Section 12172.5, Government Code and Section 2550, Elections Code. Reference: Section 2550, Elections Code.

20152. Application.

Any person, corporation, or public agency owning or having an interest in the sale or acquisition of an electronic poll book may apply to the Secretary of State for certification. The application shall include the following:

  • (a)  Information about the applicant, including name, standing to present application, entity type, principle address, mailing address, telephone number, fax number and email, if applicable.
  • (b)  Identification of the specific electronic poll book to be evaluated for certification. Each electronic poll book or version of an electronic poll book requires a separate request for certification. Each component of the hardware, firmware, and software must be identified by version number.
  • (c)  A signed confidentiality agreement providing the Secretary of State, upon demand, source code for all software and firmware and a working model of the electronic poll book.
  • (d)  All the documentation necessary for the identification of the full system configuration submitted for evaluation and for the development of an appropriate test plan for conducting system certification testing, collectively referred to as the Technical Data Package (TDP) as described in section 20153.
  • (e)  Documentation and description of any known anomalies, including a description of the root cause and resolution.
  • (f)   Documentation from election jurisdictions that have certified the proposed electronic poll book.
  • (g)  Whether the proposed electronic poll book has ever been denied certification or had certification withdrawn in any other state.
  • (h)  A list of election jurisdictions using or previously having used the proposed electronic poll book.

 
Note: Authority cited: Section 12172.5, Government Code and Section 2550, Elections Code. Reference: Section 2550, Elections Code.

20153. Technical Data Package.

(a)   Prior to the initiation of any certification testing, the Secretary of State shall receive a complete Technical Data Package. The Technical Data Package shall include the following:

  • (1)   Customer maintenance documentation describing any maintenance that the vendor recommends can be performed by a customer with minimal knowledge of the system.
  • (2)   Operations manual(s) to be supplied to the customer for use by the person(s) who will operate the equipment.
  • (3)   Use procedures providing specific election administration procedures recommended for use with the system.
  • (4)   Software system design documentation describing the logical design of the software. This documentation should clearly indicate the various modules of the software, their functions, and their interrelationships with each other. This shall include the data format(s) the system is capable of importing and exporting.
  • (5)   Any available test data that can be used to demonstrate the various functions of the electronic poll book or verify that the version of the applications submitted are identical to the versions that will be certified. This shall include test reports for certification of the identical system in other jurisdictions.
  • (6)   Security procedures documentation containing the recommended security procedures and system hardening setting to ensure the optimum security and functionality of the system.
  • (7)   Training manual(s) to be supplied to the customer for use by the person(s) that will conduct staff and poll worker training.

(b)   The vendor must clearly mark any documentation it requests to be treated as confidential and proprietary before providing it to the Secretary of State or its representatives for evaluation. Marking the entire package as confidential and/or proprietary is insufficient. All pages of the documentation that contain information the vendor considers confidential and/or proprietary information must be clearly marked as such.

Note: Authority cited: Section 12172.5, Government Code and Section 2550, Elections Code. Reference: Section 2550, Elections Code.

20154. Cost of Electronic Poll Book Certification Testing.

The electronic poll book applicant seeking certification shall be responsible for the costs associated with certification testing.

  • (a)  After the Office of Voting Systems Technology Assessment of the Secretary of State’s office has received the application, it shall review the application and associated documentation and provide the applicant with:

    • (1)   A list of any deficiencies.
    • (2)   An estimated amount designated as the initial deposit of funds into an Agency Trust Account sufficient to guarantee and reimburse the cost of any expenditures associated with the examination of the voting system, pursuant to Elections Code section 19222.

    (b)  If the initial deposit is not sufficient to reimburse the cost of all expenditures associated with the certification testing, the Secretary of State's office will require an additional deposit of funds into the Agency Trust Account to be received by the Office of Voting Systems Technology Assessment of the Secretary of State's office as directed. If the Secretary of State does not receive such additional deposit of funds as directed, the Secretary of State may suspend the certification process.

    (c) After all expenditures have been paid, the Secretary of State shall notify the applicant of any amount in excess of those expenditures. The applicant may request that the amount in excess of those expenditures be refunded or held in the Agency Trust Account for future testing and certification

 Note: Authority cited: Section 12172.5, Government Code and Section 2550, Elections Code. Reference: Section 2550, Elections Code.

20155. Application Complete Before Examination Begins.

No application shall be deemed to be complete until all required documentation and funds for examination have been submitted to the Secretary of State's office. The application must be complete for examination to begin.

 Note: Authority cited: Section 12172.5, Government Code and Section 2550, Elections Code. Reference: Section 2550, Elections Code.

20156. Examination Testers.

The Secretary of State's office shall conduct and/or oversee the examination of electronic poll books. The Secretary of State may use a state-approved testing agency as defined in Division 19 of the Elections Code to assist in the examination.

Note: Authority cited: Section 12172.5, Government Code and Section 2550, Elections Code. Reference: Section 2550, Elections Code.

20157. Equipment to Submit for Testing.

  •  (a)   For the purposes of testing, the applicant shall provide:

    • (1)   A copy of the electronic poll book software and firmware source code, including the directory structure of the source code and a map to show how the source code was built into the final install files.

      • i. All build environment information and necessary compiler(s) shall be provided, including any commercial-off-the-shelf (COTS) software necessary to create the trusted build software.
      • ii. This information shall be provided in an encrypted form on standard machine-readable media (e.g. CD, DVD, USB drive, etc.). The designated media device shall be new and void of additional material to aid against the propagation of malware.

      (2)   At least one production model of the specific electronic poll book under review for each phase of testing, if applicable, to the Secretary of State for the duration of the testing process. A working model of the specific electronic poll book under review shall include:

      • i.    All hardware, software and firmware necessary to run the electronic poll book.
      • ii.    Software shall be provided in a format readable by the electronic poll book hardware that is being submitted for certification.
      • iii.    All commercial-off-the-shelf software and necessary drivers, including but not limited to the operating system, any software applications for logging, reporting, printing, etc..
      • iv.    All peripheral devices, including those required for usability and accessibility.
      • v.    Any other components recommended by the manufacturer for use.

      (3)   Any other materials and equipment deemed necessary by the Secretary of State.

    (b)   The equipment provided shall be identical in fit, form, and function as the production units that will be sold to California jurisdictions, if the electronic poll book is certified. Engineering or developmental prototypes are not acceptable.  
  • (c)    The Secretary of State shall maintain one working copy of the electronic poll book, in its certified configuration, until such time as it is not used in any California county. At any time the Secretary of State, at its discretion, may request more than one set of all hardware to be submitted for testing.

 Note: Authority cited: Section 12172.5, Government Code and Sections 2550, Elections Code. Reference: Sections 2550, Elections Code.

20158. System Requirements.

  • (a)   The electronic poll book shall not be connected to a voting system at any time.
    (b)   The electronic poll book shall demonstrate that it accurately processes all activity as prescribed in the vendor’s application packet.
    (c)    The electronic poll book shall be capable of operating for a period of at least two hours on backup power, such that no data is lost or corrupted nor normal operations interrupted. When backup power is exhausted, the electronic poll book shall retain the contents of all memories intact.
    (d)   The electronic poll book shall be compatible with:

    • (1)   All voter registration election management systems used in the State of California, including any software system (middle ware) used to prepare the list of voters for the equipment.
    • (2)   Any hardware attached to the electronic poll book (e.g. bar code scanners, signature capture devices, transport media, printers, etc.).

    (e)   An electronic poll book shall contain all of the following voter registration data:

    • (1)   Name.
    • (2)   Address.
    • (3)   District/Precinct.
    • (4)   Party preference.
    • (5)   Voter status.
    • (6)   Whether or not the voter has been issued a vote by mail ballot.
    • (7)   Whether or not the vote by mail ballot has been recorded as accepted by the elections official.
    • (8)   Whether or not the voter’s identification must be verified.

    (f)    The electronic poll book shall encrypt all voter registration data at rest and in transit, utilizing a minimum of Advanced Encryption Standard (AES) 256-bit data encryption, based on recognized industry standards.
    (g)   The electronic poll book shall provide reliable transmission of voter registration and election information.
    (h)   The electronic poll book shall have the capability to store a local version of the electronic list of registered voters to serve as a backup.
    (i)     The electronic poll book shall produce a list of audit records that reflect all actions of the system, including in-process audit records that display all transactions. Such audit records shall be able to be exported in non-proprietary, human readable format.
    (j)     The electronic poll book shall enable a poll worker to easily verify that the electronic poll book:

    • (1)   Has been set up correctly.
    • (2)   Is working correctly so as to verify the eligibility of the voter.
    • (3)   Is correctly recording that a voter has voted.
    • (4)   Has been shut down correctly.

    (k)    After the voter has been provided with a ballot, the electronic poll book shall permit a poll worker to enter information indicating that the voter has voted at the election. The electronic poll book shall have the capability to transmit this information to every other electronic poll book in the county utilizing the same list of registered voters.
    (l)     The electronic poll book shall permit voter activity to be accurately uploaded into the county’s voter registration election management system.
    (m)  During an interruption in network connectivity of an electronic poll book, all voter activity shall be captured and the electronic poll book shall have the capacity to transmit that voter activity upon connectivity being restored.
    (n)   If the electronic poll book uses an electronic signature capture device, the device shall:

    • (1)   Produce a clear image of the electronic signature, capable of verification.
    • (2)   Retain and identify the signature of the voter.

    (o)   The electronic poll book shall have the capacity to transmit all information generated by the voter or poll worker as part of the process of receiving a ballot, including the time and date stamp indicating when the voter voted, and the electronic signature of the voter, where applicable, to the county’s voter registration election management system.

    (p)   The Secretary of State recommends electronic poll books not be enabled or installed with any technologies delineated in the Institute of Electrical and Electronics Engineers’ (IEEE) 802.11 wireless local area network (LAN) standards. However, should an electronic poll book be enabled or installed with a wireless technology, the following shall be utilized:

    • (1)   A minimum of 256-bit data encryption.
    • (2)   A minimum of Wireless Protected Access (WPA) 2 security enabled.
    • (3)   Compliance with Payment Card Industry Data Security Standards (PCI DSS) version 3.2, which is hereby incorporated by reference.
    • (4)   A dedicated wireless access point (WAP) or connection utilized only by county employees or elections officials, void of public or guest access.
    • (5)   Devices equipped with one or more of the following:
    • i.    Biometric authentication.
    • ii.    Multi-factor authentication.
    • iii.    Compliance with current PCI DSS version 3.2 password requirements, which is hereby incorporated by reference.
    • iv.    Remote wipe technology set to automatically clear a device upon eight failed login attempts.

    (q)   Jurisdictions utilizing a wide area network (WAN) to transmit voter registration data from an electronic poll book to a centralized location shall utilize one of the following:

    • (1)   A dedicated leased line.
    • (2)   A hardware virtual private network (VPN).
    • (3)   A dedicated cellular connection void of public or guest access.

    (r) The electronic poll book shall be reviewed for accessibility.

     Note: Authority cited: Section 12172.5, Government Code and Section 2550, Elections Code. Reference: Section 2550, Elections Code.

20159. Changes or Modifications to a Certified Electronic Poll Book. 

    • (a)   Any person, corporation, or public agency owning or having an interest in the sale or acquisition of an electronic poll book or part of an electronic poll book may submit a written request for review of any proposed change or modification to the Secretary of State.
      (b)   The written request for review for a change or modification shall, at a minimum, include:

      • (1)   Documentation supporting the need for each change or modification.
      • (2)   Detailed description of the change and any assumptions and/or constraints.
      • (3)   A list of every electronic poll book component – hardware, firmware, or software – that interacts directly or indirectly with the electronic poll book component or components for which administrative approval of a change or modification is requested.
      • (4)   Version numbers of all affected hardware, firmware, or software.
      • (5)   Classification of each modified hardware, firmware, or software component as either commercial-off-the-shelf (COTS), third-party, or vendor-developed. Where applicable, the name of any third-party company that developed the modified component shall be included.
      • (6)   A list of all affected California jurisdictions.
      • (c)    Any change or modification must be examined for conformance by the Secretary of State.

      (d)   The applicant shall pay for all expenditures associated with the review, pursuant to California Code of Regulations, Title 2, Division 7, section 20154.
      (e)   Changes or modifications include appropriate security and critical software patches, or equivalent, to protect against the exploitation and compromise of voter registration data.

      • (1)   Written request for review of an appropriate security or critical software patch shall be made, at a minimum, 90 days prior to the date in which the system will be utilized.
      • (2)   If a need for an appropriate security or critical software patch is identified less than 90 days prior to the date in which it will be utilized, an emergency request for review shall be immediately submitted to the Secretary of State.

 Note: Authority cited: Section 12172.5, Government Code and Section 2550, Elections Code. Reference: Section 2550, Elections Code.

20160. Physical Access and Chain of Custody.

County officials shall maintain and document uninterrupted chain-of-custody for each electronic poll book from installation to the present, throughout the county’s ownership or leasing of the device.

 Note: Authority cited: Section 12172.5, Government Code and Section 2550, Elections Code. Reference: Section 2550, Elections Code.

20161. Notification.

County officials and electronic poll book vendors shall notify the Secretary of State within 24 hours upon discovery of any of the following:

  • (a)  A breach in the security or information relating to electronic poll books.
  • (b)  An attempted breach in the security or information relating to electronic poll books.
  • (c)  A defect in any of the electronic poll books.
  • (d)  A failure in any of the electronic poll books.
  • (e)  A fault in any of the electronic poll books.

 Note: Authority cited: Section 12172.5, Government Code and Section 2550, Elections Code. Reference: Section 2550, Elections Code.

20162. Emergency Operations Preparedness Plan.

Any jurisdiction utilizing an electronic poll book, in any election, shall create and have on file an emergency preparedness plan that outlines the processes and procedures to be followed by county officials and poll workers in the event of a failure of any of the electronic poll books.

 Note: Authority cited: Section 12172.5, Government Code and Section 2550, Elections Code. Reference: Section 2550, Elections Code.

20163. Equipment Formatting upon End of Canvass.

Within thirty (30) days from the end of canvass of any election, all equipment shall be formatted by the jurisdiction so that no voter data is resident on the equipment unless needed for litigation or recount purposes.

Note: Authority cited: Section 12172.5, Government Code and Section 2550, Elections Code. Reference: Section 2550, Elections Code.

20164. Disposal or Sale of Electronic Poll Book Equipment.

Prior to the disposal or sale of any electronic poll book or portion thereof, all equipment shall be cleared with a minimum of a two pass wipe so that no software, firmware or voter data remains on the equipment. At the time of disposal or sale, the equipment shall be returned solely to a non-functioning piece of hardware and the following document for each:

  • (a)  Whether the machine is void of all software, firmware and voter data.
  • (b)  The hardware model name.
  • (c)  The hardware model number.
  • (d)  The hardware serial number.

Note: Authority cited: Section 12172.5, Government Code and Section 2550, Elections Code. Reference: Section 2550, Elections Code.

20165. Testing Prior to an Election.

Before utilization of an electronic poll book for any election, the elections official shall verify and document the readiness of each electronic poll book prior to its use.

Note: Authority cited: Section 12172.5, Government Code and Section 2550, Elections Code. Reference: Section 2550, Elections Code.

Back to Top