Charlie Daniels Arkansas Secretary of State HAVA Compliant Voting Systems Security Considerations...

Charlie Daniels Arkansas Secretary of State

HAVA Compliant Voting Systems

Security Considerations

General Recommendations to Enhance Security and

Integrity of the Ballot

Mark MartinArkansas Secretary of State


Voting System Security

Why Is Security Important?– Electronic Systems required by HAVA

face intense scrutiny by the media and voter advocacy groups. The machines themselves are secure PROVIDED proper measures are in place to prevent fraudulent activity.




How Has Security Changed?– Some of the same security procedures

election officials followed pre-HAVA still apply in a post-HAVA environment, including appropriate chain-of-custody and access to machines, etc. PEOPLE are just as important as machines!




What Must I Know About Security?– Security Incident Reporting• Arkansas has a mechanism for reporting

ANY breach of security, suspicious practice/procedure, or damaged/missing equipment.• Form available on Elected Officials Only

page of www.VoteNaturally.com, or by requesting copies from the SOS office.• All Local Election Officials should know

about the form and if possible, make the form available to poll workers.




What Must I Know About Security?– Security Incident Reporting

• Forms should be filled out as completely as possible and faxed to the Secretary of State’s legal office IMMEDIATELY at 501.682.1213. The SOS will follow up with the appropriate entities to conduct an investigation.

• Security Incidents may be reported by voters, poll workers, or election officials. The important thing is to document the incident!



Physical Security

Who Has Access, When, & Where




Important PHYSICAL Security Do’s & Don’ts– DO keep all voting machines, PEB’s, Memory

Cards, ballots, and peripheral equipment in a secure location with restricted access.

– DO allow access to election equipment to authorized personnel ONLY (ID is a plus).

– DO seal memory cards in the machines.– DO seal communication packs and PEB

envelopes.– DO keep track of all keys to the voting

machines.




Important PHYSICAL Security Do’s & Don’ts– DO make sure you can track ballot custody from signoff

to tabulation.– DO secure the voted RTAL roll. It is the official ballot for a

recount!– DO deliver PEB’s & Memory Cards separately from

machines.– DO NOT leave the voting machines unattended for ANY

reason until the machine is closed to voting.– DO NOT allow a voter to vote multiple ballots without

canceling prior votes.– DO NOT leave PEB’s or memory cards at the polling site!



Password Security

General Password Tips




Important PASSWORD Security Do’s & Don’ts– DO run standard password controls.– DO change passwords regularly.– DO NOT share user name or password

information.– DO NOT share passwords with poll workers for

any function other than the main menu.– DO NOT write passwords down.– DO NOT allow a terminated employee’s

password to remain active.



Network, Hardware & Software Security

Tips About Unity Laptops




Important NETWORK Security Do’s & Don’ts– DO use your Unity Laptop ONLY for Election

Management.– DO NOT install unauthorized software onto

ANY election PC.– DO NOT connect your Unity Laptop to the

Internet or other unsecured network.– DO NOT modem results from the polling site.– DO NOT allow installation of Unity Software

on other PC’s.




Important SOFTWARE Security Do’s & Don’ts– DO make a backup copy of your EDM file and

store in a secure location.– DO limit password access to the Unity

software.



Voting Machine Security

Checking and Double-Checking Your Machines




Important VOTING MACHINE Do’s and Don’ts– DO perform Logic & Accuracy Tests, including the

reporting of results through ERM. TEST TEST TEST!!!– DO clear and test the machine before Election Day.– DO clear and test the PEB’s before Election Day!– DO clear test results from ERM before Election Day!– DO make sure the machine public count is ZERO

before voting begins.– DO NOT allow a voter PEB access!




Important BALLOT INTEGRITY Tips– DO periodically check machine public count

with the poll book count.– DO have separate people receive and scan the

ballots.– DO validate precinct results with ERM report.– DO NOT allow unauthorized access to paper

or electronic ballots.– DO double-check & record materials delivery

and complete a ballot accounting log.




Security and Integrity of Your Voting System: Reference Documents– Election Incident Reporting Form– Election Information Sensitivity Guidelines

(What Voting System Information Is Prohibited from Release?)

– ES&S “Tips for a Secure Election.”– Materials Available at www.VoteNaturally.org



Frequently Asked Questions About Security of HAVA

Compliant Voting Systems

What Everyone Reads in the Paper




Frequently Asked Questions– How Do I know My Vote Counts?• Voter may verify his or her vote on paper

record at the machine. That (RTAL) record is the official ballot in the case of a recount.• The vote is recorded internally (3 different

locations), on a separate memory card, in the PEB and on the RTAL printout. When in doubt, these records can be cross-checked against each other.




Frequently Asked Questions– How Do I know My Vote Counts?• For optical scan, the original paper ballot

can be consulted in cases of a recount. • For all machines, precinct totals can be

verified against countywide totals produced through ERM.




Frequently Asked Questions– Can the results be manipulated by Internet

hackers?• Arkansas DOES NOT modem results from the

precinct to the Courthouse. • The Unity laptop should NOT be connected to the

Internet. • Neither the Internet nor networked machines/PC’s

are involved in reading and tabulating results.• Reporting of results to the www.arelections.org is

done through a secure network with user name and password login.




Frequently Asked Questions– Can a voter insert something into the

machine to destroy the programming or manipulate the election?• The voter does not activate the machine.

Only the poll worker has access to the PEB’s. • The PEB only “talks” to the machine and

the PEB reader at a secure location. It cannot be read or inserted into any other computer.




Frequently Asked Questions–What about studies that say Windows

programs are vulnerable to hacking?• Arkansas’s voting system uses

proprietary software that performs Election functions only, nothing else. The software is NOT Windows-based.




Frequently Asked Questions– How Can I Be Sure the Votes are

Tabulating Properly?• TEST TEST TEST! This cannot be

stressed enough. When you receive your Election materials you MUST test them to ensure the machines AND the ERM software are programmed accurately. Successful testing ensures accurate results.



HAVA Compliant Voting Systems

Security Considerations

General Recommendations to Enhance Security and

Integrity of the Ballot


Date post:	15-Dec-2015
Category:	Documents
Upload:	cali-haist
View:	217 times
Download:	0 times