Under California law, a voting system and any modification to a voting system must be approved by the Secretary of State before it can be used in any election. Electronic voting systems must be certified at the federal level by the U.S. Election Assistance Commission (EAC) before they can be submitted to the Secretary of State’s office for review.
When a voting system is brought to California for review, the Secretary of State conducts a thorough examination and review of the proposed system that includes:
The Secretary of State’s review process is designed to augment, not duplicate, the EAC review and approval process. Here is a summary of the key differences between the two processes:
|Application & Documentation||A technical data package (TDP) is submitted by the vendor to the EAC. The TDP identifies the voting system design, operation, functionality, hardware, software, security, maintenance, and other system requirements.||The same technical data package is submitted to the Secretary of State, along with the EAC certification number.|
|Software||Examines system source code for its compliance with the EAC’s Voluntary Voting System Guidelines (VVSG).||Examines system source code solely for voting system security purposes.|
|Security||Determines if the system can detect, prevent, log and recover form a broad range of security risks.||Conducts penetration testing to identify any security or accuracy vulnerabilities.|
|Hardware||Evaluates whether the voting system hardware can withstand exposure to environmental conditions, including varying and extreme temperatures, humidity, vibrations, and inconsistent voltage.||Does not conduct environmental testing of the hardware.|
|Functional||Determines if the voting system can perform each function required by federal law.||Determines if the voting system can perform each function required by California law.
Volume testing under election-like conditions is conducted to ensure the systems can perform in real world election conditions, not just in the laboratory.
|Accessibility||Requires vendor to provide the EAC with results from third-party accessibility testing.||Independently contracts with third-party accessibility experts to conduct accessibility testing.|