Sec. 202. Voting system cybersecurity requirements
884 words·~4 min read·
/bill/116/s/2238/is/section-202A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Section 301(a) of the Help America Vote Act of 2002 ( 52 U.S.C. 21081(a) ), as amended by section 104 and section 105, is further amended by adding at the end the following new paragraph: The voting system tabulates ballots by hand or through the use of a ballot tabulation device that meets the requirements of subparagraph (B). Except as provided in subparagraph (C), the requirements of this subparagraph are as follows: The device is designed and built in a manner in which it is mechanically impossible for the device to add or change the vote selections on a printed or marked ballot.
The device is capable of exporting its data (including vote tally data sets and cast vote records) in a machine-readable, open data standard format required by the Commission, in consultation with the Director of the National Institute of Standards and Technology. The device consists of hardware that— is certified under section 2216 of the Homeland Security Act; and demonstrably conforms to a hardware component manifest describing point-of-origin information (including upstream hardware supply chain information for each component) that— has been provided to the Commission, the Director of Cybersecurity and Infrastructure Security, and the chief State election official for each State in which the device is used; and may be shared by any entity to whom it has been provided under item
(aa)with independent experts for cybersecurity analysis. The device utilizes technology that prevents the operation of the device if any hardware components do not meet the requirements of clause (iii). The device operates using software— that is certified under section 2216 of the Homeland Security Act; and for which the source code, system build tools, and compilation parameters— have been provided to the Commission, the Director of Cybersecurity and Infrastructure Security, and the chief State election official for each State in which the device is used; and may be shared by any entity to whom it has been provided under item
(aa)with independent experts for cybersecurity analysis. The device utilizes technology that prevents the running of software on the device that does not meet the requirements of clause (v). The device utilizes technology that enables election officials, cybersecurity researchers, and voters to verify that the software running on the device— was built from a specific, untampered version of the code that is described in clause (v); and uses the system build tools and compilation parameters that are described in clause (v). The device contains such other security requirements as established by the Director of Cybersecurity and Infrastructure Security, in consultation with the Director of the National Institute of Standards and Technology and the Technical Guidelines Development Committee. The Director of Cybersecurity and Infrastructure Security, in consultation with the Director of the National Institute of Standards and Technology, may waive one or more of the requirements of subparagraph
(B)(other than the requirement of clause
(i)thereof) with respect to any device for a period of not to exceed 2 years. Information relating to any waiver granted under clause
(i)shall be made publicly available on the internet. Each State and jurisdiction shall be required to comply with the requirements of this paragraph for the regularly scheduled election for Federal office in November 2024, and for each subsequent election for Federal office. . Section 301(a) of such Act ( 52 U.S.C. 21081(a) ), as amended by section 104, section 105, and subsection (a), is further amended by adding at the end the following new paragraphs: No system or device upon which ballot marking devices or ballot tabulation devices are configured, upon which ballots are marked by voters (except as necessary for individuals with disabilities to use ballot marking devices that meet the accessibility requirements of paragraph (3)), or upon which votes are cast, tabulated, or aggregated shall contain, use, or be accessible by any wireless, power-line, or concealed communication device. Each State and jurisdiction shall be required to comply with the requirements of this paragraph for the regularly scheduled election for Federal office in November 2020, and for each subsequent election for Federal office. No system or device upon which ballot marking devices or ballot tabulation devices are configured, upon which ballots are marked by voters, or upon which votes are cast, tabulated, or aggregated shall be connected to the internet or any non-local computer system via telephone or other communication network at any time. Each State and jurisdiction shall be required to comply with the requirements of this paragraph for the regularly scheduled election for Federal office in November 2020, and for each subsequent election for Federal office. . Section 301(a) of such Act ( 52 U.S.C. 21081(a) ), as amended by section 104, section 105, and subsections
(a)and (b), is further amended by adding at the end the following new paragraph: In the case of a voting system that uses a ballot marking device, the ballot marking device shall be a device that— is not capable of tabulating votes; and is certified under section 2216 of the Homeland Security Act as meeting the requirements of clauses
(iii)through
(viii)of section 301(a)(9)(B). Each State and jurisdiction shall be required to comply with the requirements of this paragraph for the regularly scheduled election for Federal office in November 2022, and for each subsequent election for Federal office. .
Connectionstraces to 1
Traces to 1 document
U.S. Code
Citation graph
cites case law
Sec. 202
Voting system cybersecurity requirements
Cites 1Cited by 0 across 0 sources