 |
ARIZONA STATE SENATE
Fifty-Fifth Legislature, Second Regular Session
election management system; security
Purpose
Requires, by the 2022 primary election, a county recorder or other officer in charge of elections to have a dedicated special purposes election management system (EMS) gateway computer. Prescribes specifications for an EMS gateway computer.
Background
All components of a voting system must be certified by the Secretary of State prior to use in any election for federal, state or county office (A.R.S. § 16-442). A voting system is the total combination of mechanical, electromechanical or electronic equipment that is used to define ballots, cast and count votes, report or display election results and maintain and produce any audit trail information, which includes electronic voting equipment and an EMS used to tabulate ballots (52 U.S.C. § 21081; EPM Ch. 4 (1)).
Components of an electronic voting system may not be connected to the internet, any wireless communication device or any external network, except for electronic poll books. An EMS must be a stand-alone system attached only to components inside an isolated network and may only be installed on a computer that contains only an operating system, the EMS software, data/audio extractor software and any necessary security software. Hardware components of the electronic voting system must be sealed with tamper-resistant or tamper-evident seals once programmed, which must be logged as corresponding with particular voting equipment. The computer operating area, where the computer containing the EMS is located, must be located in a separate room at a central counting place (EPM Ch. 4 (III) and Ch. 10 (II)(C)).
There is no anticipated fiscal impact to the state General Fund associated with this legislation.
Provisions
1. Requires, by the 2022 primary election, a county recorder or other officer in charge of elections to have a dedicated special purpose EMS gateway computer that may only be used when necessary to download data:
a) from an internet-connected system, including downloading ballot language or ballot files, onto a memory stick or other removable memory device for uploading to the EMS gateway computer; or
b) from the EMS gateway computer, including election results files, to a memory stick or other similar device for uploading to an internet-connected system.
2. Prohibits a computer other than the designated EMS gateway computer from being used as an internet-connected system for the prescribed purposes.
3. Prohibits an EMS gateway computer from being used for any non-prescribed purpose.
4. Requires an EMS gateway computer to:
a) only be connected to a network when necessary, such as to upload to or download from the internet or to install necessary software updates;
b) be disconnected from the network before any transfer of data to or from a memory stick or other device that was or will be connected to the EMS gateway computer;
c) have endpoint protection software that protects the computer from malware, viruses, ransomware, incursions and other cybersecurity risks, with installed scanning capability; and
d) be physically secured by the officer in charge of elections or their designee in compliance with applicable requirements for other election equipment.
5. Prohibits an EMS gateway computer from:
a) being used for any purpose other than moving necessary election data in to or out of the computer; and
b) have any software installed other than endpoint protection and a web browser.
6. Requires an EMS gateway computer's operating system, browser and endpoint protection software to have the most recent updates and security patches installed.
7. Requires security to be the most important criteria when selecting a web browser for an EMS gateway computer.
8. Requires a firewall applicable to an EMS gateway computer operating system to be enabled so that:
a) incoming connections, unnecessary outbound ports and the use of an unsecured hypertext transfer protocol are prohibited; and
b) connections are allowed only to specified internet protocol addresses such as the EMS vendor download site and the SOS's site used for election night reporting.
9. Requires, if present on an EMS gateway computer, all wireless connections and functions and cellular functions to be disabled.
10. Prohibits a wireless mouse or wireless keyboard from being used on an EMS gateway computer.
11. Requires the default administrator account on an EMS gateway computer to be disabled and customized administrator accounts with specific powers and privileges to be created to provide persons with administrator access only the powers and privileges necessary for the person's specific job duties.
12. Requires normal operation of an EMS gateway computer, such as when not conducting system configuration or maintenance that requires administrator access, to be conducted without administrator rights to ensure that non-administrators cannot install unauthorized software or otherwise have access to the operating system or internal file structures.
13. Requires any physical port, plug, door or other method of physical or electronic access to an EMS gateway computer to be secured in a manner to prevent unauthorized access to the computer.
14. Becomes effective on the general effective date.
Prepared by Senate Research
February 9, 2022
MH/slp