Cal. Code Regs. Tit. 2, § 20158 - System Requirements
Current through Register 2022 Notice Reg. No. 14, April 8, 2022
(a) The
electronic poll book shall not be connected to a voting system at any
time.
(b) The electronic poll book
shall demonstrate that it accurately processes all activity as prescribed in
the vendor's application packet.
(c) The electronic poll book shall be capable
of operating for a period of at least two hours on backup power, such that no
data is lost or corrupted nor normal operations interrupted. When backup power
is exhausted, the electronic poll book shall retain the contents of all
memories intact.
(d) The electronic
poll book shall be compatible with:
(1) All
voter registration election management systems used in the State of California,
including any software system (middle ware) used to prepare the list of voters
for the equipment.
(2) Any hardware
attached to the electronic poll book (e.g. bar code scanners, signature capture
devices, transport media, printers, etc.).
(e) An electronic poll book shall contain all
of the following voter registration data:
(1)
Name.
(2) Address.
(3) District/Precinct.
(4) Party preference.
(5) Voter status.
(6) Whether or not the voter has been issued
a vote by mail ballot.
(7) Whether
or not the vote by mail ballot has been recorded as accepted by the elections
official.
(8) Whether or not the
voter's identification must be verified.
(f) The electronic poll book shall encrypt
all voter registration data at rest and in transit, utilizing a minimum of
Advanced Encryption Standard (AES) 256-bit data encryption, based on recognized
industry standards.
(g) The
electronic poll book shall provide reliable transmission of voter registration
and election information.
(h) The
electronic poll book shall have the capability to store a local version of the
electronic list of registered voters to serve as a backup.
(i) The electronic poll book shall produce a
list of audit records that reflect all actions of the system, including
in-process audit records that display all transactions. Such audit records
shall be able to be exported in non-proprietary, human readable
format.
(j) The electronic poll
book shall enable a poll worker to easily verify that the electronic poll book:
(1) Has been set up correctly.
(2) Is working correctly so as to verify the
eligibility of the voter.
(3) Is
correctly recording that a voter has voted.
(4) Has been shut down correctly.
(k) After the voter has been
provided with a ballot, the electronic poll book shall permit a poll worker to
enter information indicating that the voter has voted at the election. The
electronic poll book shall have the capability to transmit this information to
every other electronic poll book in the county utilizing the same list of
registered voters.
(l) The
electronic poll book shall permit voter activity to be accurately uploaded into
the county's voter registration election management system.
(m) During an interruption in network
connectivity of an electronic poll book, all voter activity shall be captured
and the electronic poll book shall have the capacity to transmit that voter
activity upon connectivity being restored.
(n) If the electronic poll book uses an
electronic signature capture device, the device shall:
(1) Produce a clear image of the electronic
signature, capable of verification.
(2) Retain and identify the signature of the
voter.
(o) The
electronic poll book shall have the capacity to transmit all information
generated by the voter or poll worker as part of the process of receiving a
ballot, including the time and date stamp indicating when the voter voted, and
the electronic signature of the voter, where applicable, to the county's voter
registration election management system.
(p) The Secretary of State recommends
electronic poll books not be enabled or installed with any technologies
delineated in the Institute of Electrical and Electronics Engineers' (IEEE)
802.11 wireless local area network (LAN) standards. However, should an
electronic poll book be enabled or installed with a wireless technology, the
following shall be utilized:
(1) A minimum of
256-bit data encryption.
(2) A
minimum of Wireless Protected Access (WPA) 2 security enabled.
(3) Compliance with Payment Card Industry
Data Security Standards (PCI DSS) version 3.2, which is hereby incorporated by
reference.
(4) A dedicated wireless
access point (WAP) or connection utilized only by county employees or elections
officials, void of public or guest access.
(5) Devices equipped with one or more of the
following:
i. Biometric
authentication.
ii. Multi-factor
authentication.
iii. Compliance
with current PCI DSS version 3.2 password requirements, which is hereby
incorporated by reference.
iv.
Remote wipe technology set to automatically clear a device upon eight failed
login attempts.
(q) Jurisdictions utilizing a wide area
network (WAN) to transmit voter registration data from an electronic poll book
to a centralized location shall utilize one of the following:
(1) A dedicated leased line.
(2) A hardware virtual private network
(VPN).
(3) A dedicated cellular
connection void of public or guest access.
(r) The electronic poll book shall be
reviewed for accessibility.
Notes
Note: Authority cited: Section 12172.5, Government Code; and Section 2550, Elections Code. Reference: Section 2550, Elections Code.
The following state regulations pages link to this page.
State regulations are updated quarterly; we currently have two versions available. Below is a comparison between our most recent version and the prior quarterly release. More comparison features will be added as we have more versions to compare.