Minimum Security Procedures for Voting Systems  

  • DEPARTMENT OF STATE

    Division of Elections

    RULE NO.:RULE TITLE:

    1S-2.015Minimum Security Procedures for Voting Systems

    NOTICE OF CHANGE

    Notice is hereby given that the following changes have been made to the proposed rule in accordance with subparagraph 120.54(3)(d)1., F.S., published in Vol. 41 No. 159, August 17, 2015 issue of the Florida Administrative Register.

    The following changes were made to Rule 1S-2.015 Minimum Security Procedures for Voting Systems:

    (2)(c) changed as follows:

    (c): “Ballot type” means an early voting, Eelection Dday, or absentee ballot. Provisional ballots cast in the election may be grouped with early voting, Eelection Dday, or absentee ballots, as applicable.  Overseas absentee ballots are to be grouped with other absentee ballots.

    (2)(f) changed as follows:

    (f) “Election management system” means those components of a voting system is an entity that defines, develops, and maintains election databases, performs election definitions and setup functions, formats ballots, acquires the tabulation results, consolidates the aggregate election results, produces report results, and maintains its audit trails.

    (2)(g) changed as follows:

    (g) “Election materials” mean those materials provided to poll workers to properly conduct the election to and shall include, but not be limited to, as applicable, legally required affidavits and forms, provisional ballots, voter authority slips, precinct registers, and any electronic devices necessary to activate ballot styles in the voting system.

    (4)(c) was added as follows:

    (c)  Upon approval of the security procedures by the Division, the supervisor shall submit to the Division a copy of the approved version of the procedures that has all confidential and exempt information redacted from the procedures, along with the statutory citations for each redaction contained in the document.  The supervisor shall submit the redacted copy within 15 days of notification by the Division of the approval.

    (5)(b) changed as follows:

    (b) Election schedule template. The security procedures shall include one or more schedule templates for each type of election.  A schedule template need not be prepared for a municipal election. The supervisor shall provide the template to the Division of Elections at least 90 days prior to each regularly scheduled election and within 20 days of the date a special election is scheduled. The supervisor is not required to provide a previously submitted schedule template before an election unless changes have been made since the prior submission; however, any changes to a schedule template must be submitted in a revised security procedure within the time  period specified in paragraph (3)(b).  The election schedule template shall contain the following:

    1. A list of all tasks necessary to conduct the election; and

    2. The legal deadline, where applicable, or tentative date each task is to be completed

    (5)(d) changed as follows:

    (d) Filing of election information.  The supervisor of elections shall file with the Division of Elections a copy of the information used within the election management voting system to define the tabulation and reporting instructions for each election regardless of filings for prior elections.  The filing shall, at a minimum, include the following:

    1. A copy of the election database used to define the election; and

    2. If the election definition is created by an individual who is not an employee of the supervisor of elections, the information shall include a statement by the person who created the election database and definition. The person coding the election shall sign the election coding statement using Form DS-DE 132.

    (5)(f)1. changed as follows:

    1. Each component of the test performed including the test materials utilized for ADA voting devices, early voting devices, precinct voting devices, and absentee voting devices.

    (5)(g) changed as follows:

    (g) Pre-election steps for voting systems. The security procedures for use with voting devices shall include a description of the process to seal and secure the voting devices on Eelection Dday and daily during the early voting period. This description shall include:

    1. The process for permanently identifying electronic media type such as memory packs, compact flash cards, PC Cards or PCMCIA cards, and any instrument used to activate a voting machine type of key activators.  This activity shall include:

    a. The process to create and maintain an inventory of all electronic media.

    b. The chain of custody process and procedure for identifying, documenting, handling, and tracking electronic media from the point of collection or transfer from their storage location, through election coding, through the election process, to their final post-election disposition and return to storage. Such process must use two or more individuals to perform any written check and verification checks whenever a transfer of custody takes place. This electronic media must be given the same level of attention that one would give to official ballots.

    (5)(g)2.c. changed as follows:

    c. A procedure is created and maintained for tracking the custody of these voting devices once these devices are loaded with an election definition. This record shall include the protective counter numbers for the voting device, where applicable, to permit the protective count numbers at poll opening and poll closing to be verified, if necessary, against the public vote count. The chain of custody must specifically provide for the identifying, documenting, handling, and tracking of such devices from the point of loading to final post-election disposition. A minimum of two persons must be used to perform any written checks and verification checks when a transfer of custody takes place. These voting devices must be given the same level of attention that one would give to official ballots.

    (5)(h) changed as follows:

    (h) Ballot distribution. Where marksense ballots or paper outputs from a hybrid voting system are used, including on Eelection Dday and during the early voting period, the security procedures shall, at a minimum, include the following:

    1. Description of how the number and variations of ballots required by each precinct is determined;

    2. Description of the method for securing the ballots; and

    3. Description of the process for distributing the ballots to precincts, to include an accounting of who distributed and who received the ballots, the date, and how they were checked.

    (5)(j) changed as follows:

    (j) Election Board duties.

    1. The security procedures when marksense ballots or paper outputs from a hybrid voting system, including provisional ballots are used shall, at a minimum, include the following Election Board duties on Eelection Dday and during the early voting period:

    a. Verification that the correct number of ballots were received, and that they are the proper ballots for that precinct;

    b. Checking the operability or readiness of the voting devices;

    c. Checking and sealing the ballot box;

    d. Description of how unscanned and spoiled ballots are handled;

    e. Description of how write-in and provisional ballots are handled; and

    f. Accounting for all ballots after the polls close.

    (5)(k) changed as follows:

    (k) Transport of ballots and/or election materials. The security procedures shall describe the steps necessary to ensure a complete written record of the chain of custody of ballots and/or election materials on Eelection Dday and during the early voting period and shall include:

    1. A description of the method and equipment used to transport all ballots and/or election materials.;

    2. A method of recording the names of the individuals who transport the ballots and/or election materials from one site to another and the time they left the sending site.

    3. A method of recording the time the individuals who transport the ballots and/or election materials arrived at the receiving site and the name of the individual at the receiving site who accepted the ballots and/or election materials.

    4. A description of the process to create and maintain a secured location for storing and transporting voting devices once the election definitions are loaded.  This description shall include procedures that are to be used at locations outside the direct control of the supervisor of elections, such as overnight storage at a polling location or early voting site.  This description shall include:

    a. A process for creating and maintaining an inventory of these items for each storage location, for each election.  These voting devices must be given the same level of attention that one would give to official ballots.

    b. A chain of custody process that specifically provides for the identifying, documenting, handling, and tracking of such voting devices from the point of storage to transfer to final disposition or when the voting devices have been left unattended for any length of time. A minimum of two persons must be used to perform any written checks and verification checks when a transfer of custody takes place. Particular attention must be given to the integrity of the tamper-resistant or tamper-evident seals. These voting devices must be given the same level of attention that one would give to official ballots.

    (5)(m) changed as follows:

    (m) Tabulation of vote.

    1. The security procedures for use with polling locations and central sites shall describe each step of a ballot tabulation, including on Eelection Dday and daily during the early voting period and shall to include, at a minimum, the following:

    a. Counting and reconciliation of voted marksense paper ballots or paper outputs from a hybrid voting system;

    b. Processing, tabulation and accumulation of voted ballots and election data;

    c. Processing and recording of all write-in and provisional ballots;

    d. The process for handling unreadable ballots and returning any duplicates to tabulation;

    e. Backup and recovery of tabulated results and voting system programs for electronic or electromechanical voting systems; and

    f. The procedure for public viewing of the accumulation tabulation process and access to results.

    2. Security procedures shall describe each step of ballot tabulation during the early voting period  the steps necessary for vote tabulation in the precincts.

    3. The security procedures for use in the precincts on Eelection Dday shall include procedures that describe each step of ballot tabulation to include, at a minimum, the following:

    a. Printing of precinct results and results from individual tabulating devices;

    b. Processing and recording of write-in votes;

    c. Endorsing a copy of the precinct results by the Election Board;

    d. Posting a copy of precinct results;

    e. Transport of precinct results to central or regional site;

    f. Consolidation of precinct and provisional ballot results; and

    g. The process for public viewing of the accumulation tabulation process and access to results.

    (5)(n) changed as follows:

    (n) Electronic access to voting systems. Security procedures shall identify all methods of electronic access to the vote tabulation system including on Eelection Dday and daily during the early voting period. The procedures for authorizing electronic access and specific functions, and specifying methods for detecting, controlling and reporting access to the vote tabulation system shall be identified, and shall additionally include:

    1. A document that defines the procedure that ensures that default or vendor supplied passwords, encryption keys, or other identifier have been changed.  This activity must ensure that:

    a. Access control keys/passwords are maintained in a secured and controlled environment.  The individual(s) with access to these items must be delineated in the relevant position descriptions.

    b. Changes to the encryption keys and passwords are at the discretion of the supervisor of elections.  This discretionary authority should not be delegated.  The individual(s) that implement a change to the encryption keys and/or passwords must have this "authorization to change" responsibility delineated within their position description(s).

    c. The degree of access is defined within each relevant position description and maintained at that level within the election management system and/or equipment.  This applies where a voting system can limit an individual's access to certain menus, software modules, or other component.

    2. A procedure that governs access to any device, election media, or election management system with a requirement to use an encryption key. This process must be witnessed by one or more individuals authorized to use such information and an access log must be created and maintained.

    (5)(p) changed as follows:

    (p) Ballot sSecurity. The security procedures shall describe ballot accountability and security beginning with their receipt from a printer or manufacturer until such time as they are destroyed. The procedures for each location including on Eelection Dday and during the early voting period shall describe physical security, identify who has authorized access and identify who has the authority to permit access.

    (5)(q)1. changed as follows:

    (q) Voting system maintenance and storage.

    1. The security procedures shall describe the maintenance and testing performed on all components of the system to assure that it is in proper working order and is within manufacturer’s operating specifications including on Eelection Dday and during the early voting period. Procedures shall also describe storage and nonoperational maintenance of all voting devices.

    Rulemaking Authority 20.10(3), 97.012(1), 101.015 FS. Law Implemented 101.015(4) FS. History–New 5-27-85, Formerly 1C-7.15, 1C-7.015, Amended 8-28-93, 11-24-04,_________.