Cal. Code Regs. Tit. 2, § 20158 - System Requirements

(a) The electronic poll book shall not be connected to a voting system at any time.

(b) The electronic poll book shall demonstrate that it accurately processes all activity as prescribed in the vendor's application packet.

(c) The electronic poll book shall be capable of operating for a period of at least two hours on backup power, such that no data is lost or corrupted nor normal operations interrupted. When backup power is exhausted, the electronic poll book shall retain the contents of all memories intact.

(d) The electronic poll book shall be compatible with:

(1) All voter registration election management systems used in the State of California, including any software system (middle ware) used to prepare the list of voters for the equipment.

(2) Any hardware attached to the electronic poll book (e.g. bar code scanners, signature capture devices, transport media, printers, etc.).

(e) An electronic poll book shall contain all of the following voter registration data:

(1) Name.

(2) Address.

(3) District/Precinct.

(4) Party preference.

(5) Voter status.

(6) Whether or not the voter has been issued a vote by mail ballot.

(7) Whether or not the vote by mail ballot has been recorded as accepted by the elections official.

(8) Whether or not the voter's identification must be verified.

(f) The electronic poll book shall encrypt all voter registration data at rest and in transit, utilizing a minimum of Advanced Encryption Standard (AES) 256-bit data encryption, based on recognized industry standards.

(g) The electronic poll book shall provide reliable transmission of voter registration and election information.

(h) The electronic poll book shall have the capability to store a local version of the electronic list of registered voters to serve as a backup.

(i) The electronic poll book shall produce a list of audit records that reflect all actions of the system, including in-process audit records that display all transactions. Such audit records shall be able to be exported in non-proprietary, human readable format.

(j) The electronic poll book shall enable a poll worker to easily verify that the electronic poll book:

(1) Has been set up correctly.

(2) Is working correctly so as to verify the eligibility of the voter.

(3) Is correctly recording that a voter has voted.

(4) Has been shut down correctly.

(k) After the voter has been provided with a ballot, the electronic poll book shall permit a poll worker to enter information indicating that the voter has voted at the election. The electronic poll book shall have the capability to transmit this information to every other electronic poll book in the county utilizing the same list of registered voters.

(l) The electronic poll book shall permit voter activity to be accurately uploaded into the county's voter registration election management system.

(m) During an interruption in network connectivity of an electronic poll book, all voter activity shall be captured and the electronic poll book shall have the capacity to transmit that voter activity upon connectivity being restored.

(n) If the electronic poll book uses an electronic signature capture device, the device shall:

(1) Produce a clear image of the electronic signature, capable of verification.

(2) Retain and identify the signature of the voter.

(o) The electronic poll book shall have the capacity to transmit all information generated by the voter or poll worker as part of the process of receiving a ballot, including the time and date stamp indicating when the voter voted, and the electronic signature of the voter, where applicable, to the county's voter registration election management system.

(p) The Secretary of State recommends electronic poll books not be enabled or installed with any technologies delineated in the Institute of Electrical and Electronics Engineers' (IEEE) 802.11 wireless local area network (LAN) standards. However, should an electronic poll book be enabled or installed with a wireless technology, the following shall be utilized:

(1) A minimum of 256-bit data encryption.

(2) A minimum of Wireless Protected Access (WPA) 2 security enabled.

(3) Compliance with Payment Card Industry Data Security Standards (PCI DSS) version 3.2, which is hereby incorporated by reference.

(4) A dedicated wireless access point (WAP) or connection utilized only by county employees or elections officials, void of public or guest access.

(5) Devices equipped with one or more of the following:

i. Biometric authentication.

ii. Multi-factor authentication.

iii. Compliance with current PCI DSS version 3.2 password requirements, which is hereby incorporated by reference.

iv. Remote wipe technology set to automatically clear a device upon eight failed login attempts.

(q) Jurisdictions utilizing a wide area network (WAN) to transmit voter registration data from an electronic poll book to a centralized location shall utilize one of the following:

(1) A dedicated leased line.

(2) A hardware virtual private network (VPN).

(3) A dedicated cellular connection void of public or guest access.

(r) The electronic poll book shall be reviewed for accessibility.

Notes

Cal. Code Regs. Tit. 2, § 20158

1. New section filed 5-16-2018; operative 5-16-2018 pursuant to Government Code section 11343.4(b)(3) (Register 2018, No. 20).

Note: Authority cited: Section 12172.5, Government Code; and Section 2550, Elections Code. Reference: Section 2550, Elections Code.

1. New section filed 5-16-2018; operative 5/16/2018 pursuant to Government Code section 11343.4(b)(3) (Register 2018, No. 20).