Charlie Daniels Arkansas Secretary of State HAVA Compliant Voting Systems Security Considerations...
-
Upload
cali-haist -
Category
Documents
-
view
217 -
download
0
Transcript of Charlie Daniels Arkansas Secretary of State HAVA Compliant Voting Systems Security Considerations...
Charlie Daniels Arkansas Secretary of State
HAVA Compliant Voting Systems
Security Considerations
General Recommendations to Enhance Security and
Integrity of the Ballot
Mark MartinArkansas Secretary of State
Charlie Daniels Arkansas Secretary of State
Voting System Security
Why Is Security Important?– Electronic Systems required by HAVA
face intense scrutiny by the media and voter advocacy groups. The machines themselves are secure PROVIDED proper measures are in place to prevent fraudulent activity.
Mark MartinArkansas Secretary of State
Charlie Daniels Arkansas Secretary of State
Voting System Security
How Has Security Changed?– Some of the same security procedures
election officials followed pre-HAVA still apply in a post-HAVA environment, including appropriate chain-of-custody and access to machines, etc. PEOPLE are just as important as machines!
Mark MartinArkansas Secretary of State
Charlie Daniels Arkansas Secretary of State
Voting System Security
What Must I Know About Security?– Security Incident Reporting• Arkansas has a mechanism for reporting
ANY breach of security, suspicious practice/procedure, or damaged/missing equipment.• Form available on Elected Officials Only
page of www.VoteNaturally.com, or by requesting copies from the SOS office.• All Local Election Officials should know
about the form and if possible, make the form available to poll workers.
Mark MartinArkansas Secretary of State
Charlie Daniels Arkansas Secretary of State
Voting System Security
What Must I Know About Security?– Security Incident Reporting
• Forms should be filled out as completely as possible and faxed to the Secretary of State’s legal office IMMEDIATELY at 501.682.1213. The SOS will follow up with the appropriate entities to conduct an investigation.
• Security Incidents may be reported by voters, poll workers, or election officials. The important thing is to document the incident!
Mark MartinArkansas Secretary of State
Charlie Daniels Arkansas Secretary of State
Physical Security
Who Has Access, When, & Where
Mark MartinArkansas Secretary of State
Charlie Daniels Arkansas Secretary of State
Voting System Security
Important PHYSICAL Security Do’s & Don’ts– DO keep all voting machines, PEB’s, Memory
Cards, ballots, and peripheral equipment in a secure location with restricted access.
– DO allow access to election equipment to authorized personnel ONLY (ID is a plus).
– DO seal memory cards in the machines.– DO seal communication packs and PEB
envelopes.– DO keep track of all keys to the voting
machines.
Mark MartinArkansas Secretary of State
Charlie Daniels Arkansas Secretary of State
Voting System Security
Important PHYSICAL Security Do’s & Don’ts– DO make sure you can track ballot custody from signoff
to tabulation.– DO secure the voted RTAL roll. It is the official ballot for a
recount!– DO deliver PEB’s & Memory Cards separately from
machines.– DO NOT leave the voting machines unattended for ANY
reason until the machine is closed to voting.– DO NOT allow a voter to vote multiple ballots without
canceling prior votes.– DO NOT leave PEB’s or memory cards at the polling site!
Mark MartinArkansas Secretary of State
Charlie Daniels Arkansas Secretary of State
Password Security
General Password Tips
Mark MartinArkansas Secretary of State
Charlie Daniels Arkansas Secretary of State
Voting System Security
Important PASSWORD Security Do’s & Don’ts– DO run standard password controls.– DO change passwords regularly.– DO NOT share user name or password
information.– DO NOT share passwords with poll workers for
any function other than the main menu.– DO NOT write passwords down.– DO NOT allow a terminated employee’s
password to remain active.
Mark MartinArkansas Secretary of State
Charlie Daniels Arkansas Secretary of State
Network, Hardware & Software Security
Tips About Unity Laptops
Mark MartinArkansas Secretary of State
Charlie Daniels Arkansas Secretary of State
Voting System Security
Important NETWORK Security Do’s & Don’ts– DO use your Unity Laptop ONLY for Election
Management.– DO NOT install unauthorized software onto
ANY election PC.– DO NOT connect your Unity Laptop to the
Internet or other unsecured network.– DO NOT modem results from the polling site.– DO NOT allow installation of Unity Software
on other PC’s.
Mark MartinArkansas Secretary of State
Charlie Daniels Arkansas Secretary of State
Voting System Security
Important SOFTWARE Security Do’s & Don’ts– DO make a backup copy of your EDM file and
store in a secure location.– DO limit password access to the Unity
software.
Mark MartinArkansas Secretary of State
Charlie Daniels Arkansas Secretary of State
Voting Machine Security
Checking and Double-Checking Your Machines
Mark MartinArkansas Secretary of State
Charlie Daniels Arkansas Secretary of State
Voting System Security
Important VOTING MACHINE Do’s and Don’ts– DO perform Logic & Accuracy Tests, including the
reporting of results through ERM. TEST TEST TEST!!!– DO clear and test the machine before Election Day.– DO clear and test the PEB’s before Election Day!– DO clear test results from ERM before Election Day!– DO make sure the machine public count is ZERO
before voting begins.– DO NOT allow a voter PEB access!
Mark MartinArkansas Secretary of State
Charlie Daniels Arkansas Secretary of State
Voting System Security
Important BALLOT INTEGRITY Tips– DO periodically check machine public count
with the poll book count.– DO have separate people receive and scan the
ballots.– DO validate precinct results with ERM report.– DO NOT allow unauthorized access to paper
or electronic ballots.– DO double-check & record materials delivery
and complete a ballot accounting log.
Mark MartinArkansas Secretary of State
Charlie Daniels Arkansas Secretary of State
Voting System Security
Security and Integrity of Your Voting System: Reference Documents– Election Incident Reporting Form– Election Information Sensitivity Guidelines
(What Voting System Information Is Prohibited from Release?)
– ES&S “Tips for a Secure Election.”– Materials Available at www.VoteNaturally.org
Mark MartinArkansas Secretary of State
Charlie Daniels Arkansas Secretary of State
Frequently Asked Questions About Security of HAVA
Compliant Voting Systems
What Everyone Reads in the Paper
Mark MartinArkansas Secretary of State
Charlie Daniels Arkansas Secretary of State
Voting System Security
Frequently Asked Questions– How Do I know My Vote Counts?• Voter may verify his or her vote on paper
record at the machine. That (RTAL) record is the official ballot in the case of a recount.• The vote is recorded internally (3 different
locations), on a separate memory card, in the PEB and on the RTAL printout. When in doubt, these records can be cross-checked against each other.
Mark MartinArkansas Secretary of State
Charlie Daniels Arkansas Secretary of State
Voting System Security
Frequently Asked Questions– How Do I know My Vote Counts?• For optical scan, the original paper ballot
can be consulted in cases of a recount. • For all machines, precinct totals can be
verified against countywide totals produced through ERM.
Mark MartinArkansas Secretary of State
Charlie Daniels Arkansas Secretary of State
Voting System Security
Frequently Asked Questions– Can the results be manipulated by Internet
hackers?• Arkansas DOES NOT modem results from the
precinct to the Courthouse. • The Unity laptop should NOT be connected to the
Internet. • Neither the Internet nor networked machines/PC’s
are involved in reading and tabulating results.• Reporting of results to the www.arelections.org is
done through a secure network with user name and password login.
Mark MartinArkansas Secretary of State
Charlie Daniels Arkansas Secretary of State
Voting System Security
Frequently Asked Questions– Can a voter insert something into the
machine to destroy the programming or manipulate the election?• The voter does not activate the machine.
Only the poll worker has access to the PEB’s. • The PEB only “talks” to the machine and
the PEB reader at a secure location. It cannot be read or inserted into any other computer.
Mark MartinArkansas Secretary of State
Charlie Daniels Arkansas Secretary of State
Voting System Security
Frequently Asked Questions–What about studies that say Windows
programs are vulnerable to hacking?• Arkansas’s voting system uses
proprietary software that performs Election functions only, nothing else. The software is NOT Windows-based.
Mark MartinArkansas Secretary of State
Charlie Daniels Arkansas Secretary of State
Voting System Security
Frequently Asked Questions– How Can I Be Sure the Votes are
Tabulating Properly?• TEST TEST TEST! This cannot be
stressed enough. When you receive your Election materials you MUST test them to ensure the machines AND the ERM software are programmed accurately. Successful testing ensures accurate results.
Mark MartinArkansas Secretary of State