Sec. 7. Voting system cybersecurity requirements
1,788 words·~8 min read·
/bill/116/s/1472/is/section-7A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Section 301(a) of the Help America Vote Act of 2002 ( 52 U.S.C. 21081(a) ) is amended by adding at the end the following new paragraph: The voting system tabulates ballots by hand or through the use of an optical scanning device that meets the requirements of subparagraph (B). Except as provided in subparagraph (C), the requirements of this subparagraph are as follows: The device is designed and built in a manner in which it is mechanically impossible for the device to add or change the vote selections on a printed or marked ballot.
The device is capable of exporting its data (including vote tally data sets and cast vote records) in a machine-readable, open data standard format required by the Commission, in consultation with the Director of the National Institute of Standards and Technology. The device consists of hardware that— is certified under section 2216 of the Homeland Security Act; and demonstrably conforms to a hardware component manifest describing point-of-origin information (including upstream hardware supply chain information for each component) that— has been provided to the Commission, the Director of Cybersecurity and Infrastructure Security, and the chief State election official for each State in which the device is used; and may be shared by any entity to whom it has been provided under item
(aa)with independent experts for cybersecurity analysis. The device utilizes technology that prevents the operation of the device if any hardware components do not meet the requirements of clause (iii). The device operates using software— for which the source code, system build tools, and compilation parameters— have been provided to the Commission, the Director of Cybersecurity and Infrastructure Security, and the chief State election official for each State in which the device is used; and may be shared by any entity to whom it has been provided under item
(aa)with independent experts for cybersecurity analysis; and that is certified under section 2216 of the Homeland Security Act. The device utilizes technology that prevents the running of software on the device that does not meet the requirements of clause (v). The device utilizes technology that enables election officials, cybersecurity researchers, and voters to verify that the software running on the device— was built from a specific, untampered version of the code that is described in clause (v); and uses the system build tools and compilation parameters that are described in clause (v). The device contains such other security requirements as the Director of Cybersecurity and Infrastructure Security requires. The Director of Cybersecurity and Infrastructure Security, in consultation with the Director of the National Institute of Standards and Technology, may waive one or more of the requirements of subparagraph
(B)(other than the requirement of clause
(i)thereof) with respect to any device for a period of not to exceed 2 years. Information relating to any waiver granted under clause
(i)shall be made publicly available on the Internet. Each State and jurisdiction shall be required to comply with the requirements of this paragraph for the regularly scheduled election for Federal office in November 2024, and for each subsequent election for Federal office. . Section 301(a) of the Help America Vote Act of 2002 ( 52 U.S.C. 21081(a) ), as amended by subsection (a), is amended by adding at the end the following new paragraphs: No system or device upon which ballot marking devices or optical scanners are configured, upon which ballots are marked by voters (except as necessary for individuals with disabilities to use ballot marking devices that meet the accessibility requirements of paragraph (3)), or upon which votes are cast, tabulated, or aggregated shall contain, use, or be accessible by any wireless, power-line, or concealed communication device. Each State and jurisdiction shall be required to comply with the requirements of this paragraph for the regularly scheduled election for Federal office in November 2020, and for each subsequent election for Federal office. No system or device upon which ballot marking devices or optical scanners are configured, upon which ballots are marked by voters, or upon which votes are cast, tabulated, or aggregated shall be connected to the Internet or any non-local computer system via telephone or other communication network at any time. Each State and jurisdiction shall be required to comply with the requirements of this paragraph for the regularly scheduled election for Federal office in November 2020, and for each subsequent election for Federal office. . Section 301(a) of the Help America Vote Act of 2002 ( 52 U.S.C. 21081(a) ), as amended by subsections
(a)and (b), is amended by adding at the end the following new paragraph: In the case of a voting system that uses a ballot marking device, the ballot marking device shall be a device that— is not capable of tabulating votes; except in the case of a ballot marking device used exclusively to comply with the requirements of paragraph (3), is certified in accordance with section 232 as meeting the requirements of subparagraph (B); and is certified under section 2216 of the Homeland Security Act as meeting the requirements of clauses
(iii)through
(viii)of section 301(a)(7)(B). A ballot marking device meets the requirements of this subparagraph if, during a double-masked test conducted by a qualified independent user experience research laboratory (as defined in section 232(b)(4)) of a simulated election scenario which meets the requirements of clause (ii), there is less than a 5 percent chance that an ordinary voter using the device would not detect and report any difference between the vote selection printed on the ballot by the ballot marking device and the vote selection indicated by the voter. A simulated election scenario meets the requirements of this clause if it is conducted with— a pool of subjects that are— diverse in age, gender, education, and physical limitations; and representative of the communities in which the voting system will be used; and ballots that are representative of ballots ordinarily used in the communities in which the voting system will be used. Each State and jurisdiction shall be required to comply with the requirements of this paragraph for the regularly scheduled election for Federal office in November 2022, and for each subsequent election for Federal office. . Subtitle B of title II of the Help America Vote Act of 2002 ( 52 U.S.C. 20971 et seq.) is amended by adding at the end the following new section: Any State or jurisdiction which intends to use a ballot marking device (other than a ballot marking device used exclusively to comply with the requirements of section 301(a)(3)) in an election for Federal office may submit an application to the Commission for testing and certification under this section. An application under subsection
(a)shall be submitted not later than 18 months before the date of the election for Federal office in which the ballot marking device is intended to be used and shall contain such information as the Commission requires. Upon receipt of an application for testing under this section, the Commission shall contract with a qualified independent user experience research laboratory for the testing of whether the ballot marking device intended to be used by the State or jurisdiction meets the requirements of section 301(a)(10)(B). Any contract described in paragraph
(2)shall require the qualified independent user experience research laboratory to— not later than 30 days before testing begins, submit to the Commission for approval the protocol for the simulated election scenario used for testing the ballot marking device; use only protocols approved by the Commission in conducting such testing; and submit to the Commission a report on the results of the testing. For purposes of this section: The term qualified independent user experience research laboratory means a laboratory accredited under this subsection by the Election Assistance Commission in accordance with standards determined by the Commission, in consultation with the Director of the National Institute of Standards and Technology and the Secretary of Homeland Security. A laboratory shall not be accredited under this subsection unless such laboratory demonstrates that— no employee of, or individual with an ownership in, such laboratory has, or has had during the 5 preceding years, any financial relationship with a manufacturer of voting systems; and any group of individuals conducting tests under this section collectively meet the following qualifications: Experience designing and running user research studies and experiments using both qualitative and quantitative methodologies. Experience with voting systems. The Commission shall submit for approval to an independent review board established under paragraph
(3)the following: Any protocol submitted to the Commission under subsection (b)(3)(A). Any report submitted to the Commission under subsection (b)(3)(C). Not later than the date that is 12 months before the date of the election for Federal office in which a State or jurisdiction intends to use the ballot marking device, the independent review board shall report to the Commission on whether it has approved a report submitted under paragraph (1)(B). An independent review board established under this paragraph shall be composed of 5 independent scientists appointed by the Commission, in consultation with the Director of the National Institute of Standards and Technology. The members of the independent review board— shall have expertise and relevant peer-reviewed publications in the following fields: cognitive psychology, experimental design, statistics, and user experience research and testing; and may not have, or have had during the 5 preceding years, any financial relationship with a manufacturer of voting systems. The Commission shall make public— any protocol approved under this subsection; any report submitted under subsection (b)(3)(C); and any determination made by an independent review board under paragraph (2). If— a ballot marking device is determined by the qualified independent user experience research laboratory to meet the requirements of section 301(a)(7); and the report submitted under subsection (b)(3)(C) is approved by a majority of the members of the independent review board under subsection (d)(2), then the Commission shall certify the ballot marking device. The Commission may not charge any fee to a State or jurisdiction, a developer or manufacturer of a ballot marking device, or any other person in connection with testing and certification under this section. . Section 202(2) of the Help America Vote Act of 2002 ( 52 U.S.C. 20922(2) ) is amended by inserting and ballot marking devices after hardware and software ). The heading for subtitle B of title II of such Act is amended by inserting . ; ballot marking devices The table of contents for the Help America Vote Act of 2002 ( 52 U.S.C. 30101 et seq.) is amended— by inserting ; Ballot Marking Devices at the end of the item relating to subtitle B of title II; and by inserting after the item related to section 231 the following: Sec. 232. Testing and certification of ballot marking devices. .
Connectionstraces to 4
Traces to 4 documents
Citation graph
cites case law
Cites 4Cited by 0 across 0 sources