How do we ensure the security of the election process? There are multiple aspects that affect security, such as Chain of Custody, election computer security, physical security of election materials and artifacts. Below is a brief discussion of these areas and how they can be addressed.
Cybersecurity refers to the protection and access control around the machines used in the voting process such as the actual voting machines, ballot processing, and any devices containing election data. Again, the EAC has published documents that provide further details, but the following is a list of some basic concepts that should be adhered to.
- All machines should be secured with unique accounts per user, using passwords that follow standard best practices
- Any machines holding voting data shall not be connected to an external network of any kind
- All systems will have up to date security patches
- All systems will have anti-virus software with current anti-virus definitions
- All data on a system shall be wiped using DoD recommended process prior to the installation of system images
- Any media used for transferring data should be wiped using DoD data erasure guidelines
- Voting systems should electronic poll books
- Any equipment used in prior elections that fails to meet existing guidelines should be decertified
- Require states to submit detailed information to the EAC 120 days before a general election regarding how they plan to use voting systems.
- All voting machines used for federal elections are manufactured in the United States
Physical Security ensures that all election materials (ballots, machines, etc) are protected from any action which might subvert the integrity of the election process. This covers procedures such as securing materials when being left unattended. Physical and digital monitoring of said materials, and a complete record of the chain of custody.
Chain of custody is the process to ensure that there has been no tampering of any kind with election artifacts (ballots, etc). This entails an unbroken log showing the state of a ballot at each step in its life after being received by election officials. The U.S. Election Assistance Commission has published a document of Chain of Custody Best Practices, some of the key data that should be included within such a log are:
- Who currently has access to this item?
- What makes this item unique (description, serial number, physical condition, etc.…)?
- When and where is this item being transferred (time, date, location)?
- Who is transferring this item?
- What is the condition of the item to be delivered?
- Who witnessed this transfer?
- When and where did the item arrive?
- What is the condition of the item upon receipt?