BILL ANALYSIS                                                                                                                                                                                                    Ó



                                                                  AB 829
                                                                  Page  1

          Date of Hearing:   April 9, 2012

                  ASSEMBLY COMMITTEE ON ELECTIONS AND REDISTRICTING
                                  Paul Fong, Chair
                  AB 829 (Fong) - As Introduced:  February 21, 2013
           
          SUBJECT  :   Election management systems.

           SUMMARY  :   Requires a copy of the source code of an election  
          management system to be deposited into an approved escrow  
          facility.  Specifically,  this bill :  

          1)Defines an "election management system," for the purposes of  
            this bill, as a system that is used by a county in the state  
            of California to track voter registration or voter  
            preferences, including, for example, a voter's vote by mail  
            status.  

          2)Requires the vendor of an election management system, no later  
            than January 31, 2014, and annually thereafter, to cause an  
            exact copy of the source code for each component of the  
            election management system, including complete build and  
            configuration instructions and related documents for compiling  
            the source code into object code, to be deposited into an  
            approved escrow facility.  Requires the vendor to place source  
            codes into escrow for each version of the election management  
            system in use in a county in the state. 

          3)Requires the Secretary of State (SOS) to adopt regulations  
            relating to the following:

             a)   The definition of source code components of an election  
               management system, including the source code for all  
               firmware and software of the election management system.   
               Requires the firmware and software to include commercial  
               off-the-shelf or other third-party firmware and software  
               that is available and able to be disclosed by the vendor of  
               the election management system;

             b)   Specifications for the escrow facility, including  
               security and environmental specifications necessary for the  
               preservation of the election management system source  
               codes;

             c)   Procedures for submitting the election management system  







                                                                  AB 829
                                                                  Page  2

               source codes;

             d)   Criteria for access to the election management system  
               source codes; and,

             e)   Requirements that the vendor include the build and  
               configuration instructions and documents in the materials  
               deposited in escrow, so that a neutral third party may  
               create, from the source codes in escrow, executable object  
               codes identical to the code installed on the elections  
               management system.

          4)Permits the SOS reasonable access to the materials placed in  
            escrow, under the following circumstances:

             a)   In the course of an investigation or prosecution  
               regarding the election management system equipment or  
               procedures; 

             b)   Upon a finding by the SOS that an escrow facility or  
               escrow company is unable or unwilling to maintain materials  
               in escrow in compliance with the provisions of this bill;  
               and, 

             c)   For any other purpose deemed necessary to fulfill duties  
               as required under existing law.

          5)Permits the SOS to seek injunctive relief requiring the  
            elections officials, approved escrow facility, or any vendor  
            or manufacturer of an election management system to comply  
            with the provisions of this bill.  Provides the venue for a  
            proceeding under this bill will be exclusively in Sacramento  
            County.

           EXISTING LAW  :

          1)Requires an exact copy of the approved source code for each  
            component of a voting system and a ballot marking system,  
            including the complete build and configuration instructions  
            and related documents for compiling the source code into  
            object code, to be deposited into an approved escrow facility.  
             

          2)Requires the SOS to adopt regulations relating to the  
            following:







                                                                  AB 829
                                                                  Page  3


             a)   The definition of the source codes for a voting system  
               and a ballot marking system;

             b)   Specifications for the escrow facility, including  
               security and environmental specifications necessary for the  
               preservation of voting system and ballot marking system  
               source codes;

             c)   Procedures for submitting voting system and ballot  
               marking system source codes; and, 

             d)   Criteria for access to voting system and ballot marking  
               system source codes.

          3)Permits the SOS reasonable access to the materials placed in  
            escrow under the following circumstances:

             a)   In the course of an investigation or prosecution  
               regarding vote counting or ballot marking equipment or  
               procedures;

             b)   Upon a finding by the SOS that an escrow facility or  
               company is unable or unwilling to maintain materials in  
               escrow in compliance with state law;

             c)   In order to consider the examination and approval of a  
               voting system or a ballot marking system;

             d)   In order to verify that the software on a voting system,  
               voting machine, vote tabulating device, or a ballot marking  
               system is identical to the approved version; and,

             e)   For any other purpose deemed necessary to fulfill  
               requirements under existing law.

          4)Permits the SOS to seek injunctive relief requiring the  
            elections officials, approved escrow facility, or any vendor  
            or manufacturer of a voting machine, voting system, vote  
            tabulating device, or ballot marking system, to comply with  
            existing law.  Requires the venue for a proceeding to be  
            exclusively in Sacramento County.  

           FISCAL EFFECT  :   Unknown








                                                                  AB 829
                                                                  Page  4

           COMMENTS  :   

           1)Purpose of the Bill  :  According to the author:

               Each county elections office uses an election management  
               system to perform critical functions during the conduct of  
               an election.  For instance, election management systems are  
               used to track voter registration and voter preferences,  
               such as a voter's vote by mail status.  Consequently,  
               election management systems, much like voting systems, play  
               a critical role in the conduct of an election.  

               Existing law requires voting system vendors to place their  
               source code in an escrow facility.  This requirement  
               ensures the security of the voting system and protects  
               these systems from unauthorized tampering.  In addition,  
               this requirement was created with a practical purpose in  
               mind  to ensure that state and local jurisdictions have  
               access to voting system materials if the vendor who  
               produced that system goes out of business.

               AB 829 protects the integrity of our state's elections by  
               mirroring the source code requirements already in place for  
               voting system vendors.  Additionally, AB 829 ensures state  
               and local jurisdictions have reasonable access to the  
               source code material placed in escrow in order to  
               investigate potential election law violations and to ensure  
               counties can continue to conduct elections if a vendor goes  
               out of business.  

           2)Top-to-Bottom Review and Access to Source Code History  :  In  
            2007, the SOS conducted a "top-to-bottom review" (TTBR) of  
            several voting machines certified for use in California.  The  
            purpose of the review was "to determine whether currently  
            certified voting systems provide acceptable levels of  
            security, accessibility, ballot secrecy, accuracy and  
            usability under federal and state standards."

          One of the key components of the TTBR was a review of the source  
            code of each voting system.  At the time, state law only  
            required the source code for a ballot tally software program  
            to be deposited in an escrow facility.  However since 2004, it  
            had been the practice of the SOS to require voting system  
            vendors to provide all voting system source codes to the SOS  
            upon request as a condition of voting system certification.   







                                                                  AB 829
                                                                  Page  5

            Additionally, as part of the voting system certification  
            process, voting system vendors are now required to provide the  
            SOS with a copy of the source code for all software and  
            firmware components of the voting system.  Similar to the  
            process undertaken as part of the TTBR, all new voting systems  
            that are submitted for certification to the SOS undergo a  
            source code review.

          However, during the TTBR one voting system vendor initially did  
            not provide the SOS with a copy of the source code for review.  
             After the SOS attempted to retrieve the source code for that  
            voting system from the escrow facility in which it had been  
            placed, the vendor provided the voting system source code to  
            the SOS. 

           3)History of the Escrow Requirement  :  While the requirement that  
            the source code from a voting system be placed in escrow  
            primarily has become a tool in ensuring the security of voting  
            systems, that requirement was created with an additional  
            practical purpose in mind - ensuring that state and local  
            jurisdictions would have access to voting system materials if  
            the vendor who produced that system went bankrupt.

          As part of the voluntary standards for computerized voting  
            systems that were adopted by the Federal Elections Commission  
            (FEC) in 1990, the FEC recommended that states adopt  
            procedures for escrowing voting system software and  
            documentation for all voting systems.  As part of the  
            implementation plan for the 1990 voting system standards, the  
            FEC noted that the escrow process contained multiple benefits,  
            including that jurisdictions would have "guaranteed access to  
            all deposit materials as a last resort in the event a vendor's  
            business fails."  The FEC also noted that, in the event of an  
            election dispute or litigation, the escrow process would allow  
            for "verification of software used in an election against the  
            clean archival copy" of the source code that was placed in the  
            escrow facility.

          California enacted its requirement that voting system source  
            code be deposited with an escrow facility by AB 986  
            (Mountjoy), Chapter 235, Statutes of 1989.  According to a  
            floor analysis of that bill, the requirement was adopted, in  
            part, in anticipation of the "adoption . . . of voluntary  
            federal standards which [would] require an escrow system for  
            software programs."  







                                                                 AB 829
                                                                  Page  6

           
           4)Previous Legislation  :  SB 1376 (Perata), Chapter 813, Statutes  
            of 2004, allowed the SOS to have "reasonable access" to the  
            source code placed in escrow under certain specified  
            circumstances and allowed the SOS to seek injunctive relief  
            requiring any vendor or manufacturer of a voting machine,  
            voting system, or vote tabulating device to comply with the  
            requirements relating to the placing of source codes in  
            escrow, among other provisions.

          AB 2758 (Krekorian), Chapter 198, Statutes of 2008, required a  
            copy of the source code for all components of a voting  
            systems, instead of just for the ballot tally software, to be  
            placed into an escrow facility.  

          AB 1929 (Gorell), Chapter 694, Statutes of 2012, established  
            processes and procedures for the review and approval of ballot  
            marking systems, including requiring the source code for all  
            ballot marking systems be deposited into an approved escrow  
            facility.   

           REGISTERED SUPPORT / OPPOSITION  :   

           Support                                   Opposition
           
          Secretary of State Debra Bowen (Sponsor)     None on file.
          California Association of Clerks and Election Officials
          California Common Cause

           
          Analysis Prepared by  :    Nichole Becker / E. & R. / (916)  
          319-2094