BILL ANALYSIS �Ó
AB 829
Page 1
Date of Hearing: April 9, 2012
ASSEMBLY COMMITTEE ON ELECTIONS AND REDISTRICTING
Paul Fong, Chair
AB 829 (Fong) - As Introduced: February 21, 2013
SUBJECT : Election management systems.
SUMMARY : Requires a copy of the source code of an election
management system to be deposited into an approved escrow
facility. Specifically, this bill :
1)Defines an "election management system," for the purposes of
this bill, as a system that is used by a county in the state
of California to track voter registration or voter
preferences, including, for example, a voter's vote by mail
status.
2)Requires the vendor of an election management system, no later
than January 31, 2014, and annually thereafter, to cause an
exact copy of the source code for each component of the
election management system, including complete build and
configuration instructions and related documents for compiling
the source code into object code, to be deposited into an
approved escrow facility. Requires the vendor to place source
codes into escrow for each version of the election management
system in use in a county in the state.
3)Requires the Secretary of State (SOS) to adopt regulations
relating to the following:
a) The definition of source code components of an election
management system, including the source code for all
firmware and software of the election management system.
Requires the firmware and software to include commercial
off-the-shelf or other third-party firmware and software
that is available and able to be disclosed by the vendor of
the election management system;
b) Specifications for the escrow facility, including
security and environmental specifications necessary for the
preservation of the election management system source
codes;
c) Procedures for submitting the election management system
�
AB 829
Page 2
source codes;
d) Criteria for access to the election management system
source codes; and,
e) Requirements that the vendor include the build and
configuration instructions and documents in the materials
deposited in escrow, so that a neutral third party may
create, from the source codes in escrow, executable object
codes identical to the code installed on the elections
management system.
4)Permits the SOS reasonable access to the materials placed in
escrow, under the following circumstances:
a) In the course of an investigation or prosecution
regarding the election management system equipment or
procedures;
b) Upon a finding by the SOS that an escrow facility or
escrow company is unable or unwilling to maintain materials
in escrow in compliance with the provisions of this bill;
and,
c) For any other purpose deemed necessary to fulfill duties
as required under existing law.
5)Permits the SOS to seek injunctive relief requiring the
elections officials, approved escrow facility, or any vendor
or manufacturer of an election management system to comply
with the provisions of this bill. Provides the venue for a
proceeding under this bill will be exclusively in Sacramento
County.
EXISTING LAW :
1)Requires an exact copy of the approved source code for each
component of a voting system and a ballot marking system,
including the complete build and configuration instructions
and related documents for compiling the source code into
object code, to be deposited into an approved escrow facility.
2)Requires the SOS to adopt regulations relating to the
following:
�
AB 829
Page 3
a) The definition of the source codes for a voting system
and a ballot marking system;
b) Specifications for the escrow facility, including
security and environmental specifications necessary for the
preservation of voting system and ballot marking system
source codes;
c) Procedures for submitting voting system and ballot
marking system source codes; and,
d) Criteria for access to voting system and ballot marking
system source codes.
3)Permits the SOS reasonable access to the materials placed in
escrow under the following circumstances:
a) In the course of an investigation or prosecution
regarding vote counting or ballot marking equipment or
procedures;
b) Upon a finding by the SOS that an escrow facility or
company is unable or unwilling to maintain materials in
escrow in compliance with state law;
c) In order to consider the examination and approval of a
voting system or a ballot marking system;
d) In order to verify that the software on a voting system,
voting machine, vote tabulating device, or a ballot marking
system is identical to the approved version; and,
e) For any other purpose deemed necessary to fulfill
requirements under existing law.
4)Permits the SOS to seek injunctive relief requiring the
elections officials, approved escrow facility, or any vendor
or manufacturer of a voting machine, voting system, vote
tabulating device, or ballot marking system, to comply with
existing law. Requires the venue for a proceeding to be
exclusively in Sacramento County.
FISCAL EFFECT : Unknown
�
AB 829
Page 4
COMMENTS :
1)Purpose of the Bill : According to the author:
Each county elections office uses an election management
system to perform critical functions during the conduct of
an election. For instance, election management systems are
used to track voter registration and voter preferences,
such as a voter's vote by mail status. Consequently,
election management systems, much like voting systems, play
a critical role in the conduct of an election.
Existing law requires voting system vendors to place their
source code in an escrow facility. This requirement
ensures the security of the voting system and protects
these systems from unauthorized tampering. In addition,
this requirement was created with a practical purpose in
mind to ensure that state and local jurisdictions have
access to voting system materials if the vendor who
produced that system goes out of business.
AB 829 protects the integrity of our state's elections by
mirroring the source code requirements already in place for
voting system vendors. Additionally, AB 829 ensures state
and local jurisdictions have reasonable access to the
source code material placed in escrow in order to
investigate potential election law violations and to ensure
counties can continue to conduct elections if a vendor goes
out of business.
2)Top-to-Bottom Review and Access to Source Code History : In
2007, the SOS conducted a "top-to-bottom review" (TTBR) of
several voting machines certified for use in California. The
purpose of the review was "to determine whether currently
certified voting systems provide acceptable levels of
security, accessibility, ballot secrecy, accuracy and
usability under federal and state standards."
One of the key components of the TTBR was a review of the source
code of each voting system. At the time, state law only
required the source code for a ballot tally software program
to be deposited in an escrow facility. However since 2004, it
had been the practice of the SOS to require voting system
vendors to provide all voting system source codes to the SOS
upon request as a condition of voting system certification.
�
AB 829
Page 5
Additionally, as part of the voting system certification
process, voting system vendors are now required to provide the
SOS with a copy of the source code for all software and
firmware components of the voting system. Similar to the
process undertaken as part of the TTBR, all new voting systems
that are submitted for certification to the SOS undergo a
source code review.
However, during the TTBR one voting system vendor initially did
not provide the SOS with a copy of the source code for review.
After the SOS attempted to retrieve the source code for that
voting system from the escrow facility in which it had been
placed, the vendor provided the voting system source code to
the SOS.
3)History of the Escrow Requirement : While the requirement that
the source code from a voting system be placed in escrow
primarily has become a tool in ensuring the security of voting
systems, that requirement was created with an additional
practical purpose in mind - ensuring that state and local
jurisdictions would have access to voting system materials if
the vendor who produced that system went bankrupt.
As part of the voluntary standards for computerized voting
systems that were adopted by the Federal Elections Commission
(FEC) in 1990, the FEC recommended that states adopt
procedures for escrowing voting system software and
documentation for all voting systems. As part of the
implementation plan for the 1990 voting system standards, the
FEC noted that the escrow process contained multiple benefits,
including that jurisdictions would have "guaranteed access to
all deposit materials as a last resort in the event a vendor's
business fails." The FEC also noted that, in the event of an
election dispute or litigation, the escrow process would allow
for "verification of software used in an election against the
clean archival copy" of the source code that was placed in the
escrow facility.
California enacted its requirement that voting system source
code be deposited with an escrow facility by AB 986
(Mountjoy), Chapter 235, Statutes of 1989. According to a
floor analysis of that bill, the requirement was adopted, in
part, in anticipation of the "adoption . . . of voluntary
federal standards which [would] require an escrow system for
software programs."
�
AB 829
Page 6
4)Previous Legislation : SB 1376 (Perata), Chapter 813, Statutes
of 2004, allowed the SOS to have "reasonable access" to the
source code placed in escrow under certain specified
circumstances and allowed the SOS to seek injunctive relief
requiring any vendor or manufacturer of a voting machine,
voting system, or vote tabulating device to comply with the
requirements relating to the placing of source codes in
escrow, among other provisions.
AB 2758 (Krekorian), Chapter 198, Statutes of 2008, required a
copy of the source code for all components of a voting
systems, instead of just for the ballot tally software, to be
placed into an escrow facility.
AB 1929 (Gorell), Chapter 694, Statutes of 2012, established
processes and procedures for the review and approval of ballot
marking systems, including requiring the source code for all
ballot marking systems be deposited into an approved escrow
facility.
REGISTERED SUPPORT / OPPOSITION :
Support Opposition
Secretary of State Debra Bowen (Sponsor) None on file.
California Association of Clerks and Election Officials
California Common Cause
Analysis Prepared by : Nichole Becker / E. & R. / (916)
319-2094