Subtitle V of Title 9 of the Official Compilation of Codes, Rules and Regulations of the State of New York is hereby amended by repealing Part 6209, and by adding thereto a new Part, to be Part 6209, to read as follows:

 

                                                                  SUBTITLE V

 

                                                                     Part 6209

 

                                                     Voting Systems Standards

                                                                             

 

Section 6209.1 Definitions.  The terms used in this part shall have the significance herein defined unless another meaning is clearly apparent in language or content.

 

1.  Acceptance Test means a test conducted by the county board and the State Board, to demonstrate that each voting system delivered, when installed in the user's environment, meets all functional requirements and contains exactly the same components as the voting system of that type, which received certification from New York State, including but not limited to all hardware, programming (whether in the form of software, firmware, or any other kind), all files, all file system hierarchies, all operating system parts, all off-the-shelf hardware and programming parts and any other components.   

 

2.   Audio Voting Feature means a device that allows blind or visually-impaired persons, or persons with limited reach and/or hand dexterity, the ability to cast their vote.

 

3.   Auxiliary Components means any device, materials or equipment which is used to give assistance or aid to the actual voting device but is not a permanent or enclosed part of the voting device.

 

4.  Ballot Configuration (Layout) means the positioning on and/or linkage within the ballot (whether on a DRE or other display screen, or on paper), of all political party names and emblems, and names and emblems of all independent bodies, office titles, ballot proposals, and candidate names, and spaces for write-in candidates, in accordance with the requirements of the Election Law as to order and rotation.

 

5.  Calibration Test means a test prepared and conducted to determine and/or verify that the correct Sensitive Areas of a voting system, and their level of sensitivity function on an ongoing basis in the same manner as the certified system.   

 

6.  Canvass means a compilation of election returns and validation of the outcome that forms the basis of the official results by political subdivision. 

 


7.  Central Count Paper-Based System means a voting system that uses an optical scan technology to record and tabulate votes from multiple election districts at a county board office, including all absentee, emergency, affidavit and other such paper ballots.

 

8.  County Board means a county’s Board of Elections, including the Board of Elections in the City of New York.

 

9.  DRE means a direct recording electronic voting system in which, through a touch-screen, push-button, or other electronic mechanism, a vote is immediately recorded onto electronic media, by means of a ballot display provided with mechanical or electro-optical components, or an ultrasonic, capacitative or other touch screen, which is activated by the voter.  Styles include bubble switch ballot overlay and touch-screen- style machines.  

 

10.  Election Assistance Commission (EAC) is the commission established by the Help America Vote Act of 2002, which serves as a national clearinghouse for information and the review of procedures with respect to the administration of federal elections.

 

11.   Election Configuration means the file or files created by the election management software including but not limited to the following data used to program polling place and central count voting systems: definition of jurisdictional information (e.g., counties, local legislative, congressional or election districts),  both electronic and paper ballot content and artwork (e.g., ballot text, voting positions), definition of races (e.g., elected offices, candidates, number to vote for, propositions, or other types that control voting in other races on the ballot, definition of voter groups (e.g., by party, absentee, non-absentee), ballot styles, linkage of candidates to their respective parties and races, linkage of races to their respective jurisdictions, linkage of ballot text to database labels to produce results reports, and allocation of trans-district vote tallies to their constituent districts for reporting purposes.

 

12.  Election Management Software (EMS) means the software used by the voting system to describe ballot layout, collect and report election results, and maintain audit trails.

 

13.  Environmental Conditions means the effect of natural environmental conditions such as: temperature, humidity, dust and induced environmental conditions such as handling, storage or transportation which may affect the operation of the system and/or equipment.

 

14.   Escrow Account means an account and/or a secure facility held by a third party, which shall be approved by the State Board, for the purpose of taking custody of all materials required to be put in escrow by statute or by these voting system standards.   

 

15. Firmware means a computer program stored in read-only memory (either programmable or non-programmable), that becomes a permanent part of the computing device that is not subject to change or modification without review by the State Board.  

 

16.   Hardware means the actual voting or ballot counting device.

 


17.  Header Card (or Header Sheet) means a marksense card or sheet upon which appears printed information used to identify a particular batch of ballots, usually those for a single election district.  It is placed at the beginning of the batch for vote tabulation to ensure that the votes cast on those ballots are correctly attributed.  Cards placed at the end of a particular batch of ballots are called End Cards.

 

18.  Maintenance Log means a written and/or electronic record which contains all information relating to performance of scheduled and non-scheduled maintenance on a voting system, all service visits performed by the vendor or manufacturer, and other maintenance or service performed by any other provider of service, including county and state board employees.

 

19.   Marksense means a system by which votes are recorded by means of marks made in voting response fields designated on one or both faces of a ballot or ballot cards.  Marksense systems may use an optical scanner or similar sensor to read the ballots.  Also known as Optical Scan.

 

20.  Modification means any change in the software, firmware or hardware, data storage location of files, or any other component of the voting system, and shall require re-examination of certified system or equipment by the State Board.

 

21.  Optical Scan Voting System means a voting system in which a voter records his or her vote by placing a mark in a designated voting response field on a paper ballot or card, which is read and tabulated using optical-scan technology or a mark-sense system that reads the paper ballot or card by scanning the ballot and interpreting the contents.  Styles include precinct-based and central-count paper-based systems.

 

22.  Operational Manual means a manual of all procedures involved in every phase of the operation and use of the voting system by board of elections personnel, including but not limited to unpacking and acceptance testing, storing, installing all programming, operations testing, preparing for an election, servicing and maintaining, trouble-shooting and repairing, packing and shipping to poll sites, and returning to the county board’s facilities, and including all operational procedures for the set-up of the ballot, opening of the polls, use for voting, closing the polls, and canvassing the count. 

 

23.   Paper-based Voting Systems means any electronic or computerized ballot counting system or equipment which tabulates and reports votes cast on paper ballots.

 

24.  Pneumatic Switch means a device which allows persons with certain disabilities the ability to cast their vote.

 


25.  Pre-qualification test means a predetermined set of tests of the total voting system throughout the election process including votes and vote totals prepared by the State Board.  Such votes shall be entered into the voting system in the same manner as they will be entered by voters during an election.  If a voting system offers several methods for votes to be entered, such as touch-screen, push-button, or other electronic mechanism, a key pad and/or pneumatic switch for voters with disabilities, or alternate language displays, then the pre-determined set of votes shall be entered separately using each method and language display.  The results of the casting of said votes and all voting system logs shall be extracted from the system as though during normal use in an election, and the results and logs shall be compared to the predetermined results of the test votes and vote totals prepared by the State Board.

 

26.   Printout means the printed copy of zero totals, candidate names and offices and other information produced by the voting equipment prior to the official opening of the polls and the tabulation of votes cast for each candidate and question, the names of candidates and the offices for each candidate and other information provided after the official closing of the polls.

 

27.   Resident vote tabulation means the manufacturer's internal firmware which shall permanently reside on the voting system’s central processing unit, registering, accumulating, and storing votes and ballot images.

 

28.   Resident memory means the internal memory of the voting system that stores election results and ballot images but is prohibited from storing executable code on removable media. 

 

29.   Software means any programming instructions used by the vote counting system, including but not limited to system programs and application programs.  System programs include but are not limited to the operating system, control programs, communication programs, database managers, and device drivers.  Application programs include but are not limited to, any program that processes the data.   

 

30.   Source Code means the computer program in its original form, as written by the programmer.  Source Code is not executed by the computer directly, but is converted into machine language by compilers, assemblers and interpreters. 

 

31.   State Board means the New York State Board of Elections.

 

32.   Tactile Discernible Controls means a voting feature which allows persons with limited reach and/or hand dexterity, the ability to cast their vote, for example: raised buttons of different shapes and colors, large or raised numbers or letters, and light pressure switches.


33.   Test Deck means a pre-audited group of ballots prepared for each election.  The ballots are voted with a pre-determined number of valid votes for each candidate, each write-in position, and each voting option on every proposal that appears on the ballot as certified by the county board.  The deck includes one or more ballots that have been improperly voted, or which are voted in excess of the number allowed by law, and one or more ballots on which no votes are cast, in order to test the ability of the system to recognize and/or notify of an under or overvote.  It also includes one or more ballots on which two or more votes are cast for a candidate whose name appears on the ballot more than once for the same office in order to test the ability of the system to count only the first of such votes for the candidate.  If there is more than one ballot style for an election, a separate test deck is created for each ballot style. 

 

34.   Testing laboratory means a certified private or public laboratory used to perform tests on the voting systems and related equipment.

 

35.   Vendor shall include any manufacturer, company or individual who seeks to sell voting systems and/or services for such systems in New York State.

 

36.   Voting Position means the specific voting response area on the face of the displayed ballot where a selection is made for a candidate or proposal.

a.  Ballot Position means the area on the ballot or ballot display occupied by one candidate or position on an issue, including the area devoted to the candidate name or position on the issue and the sensitive area, as defined immediately below.

b.  Sensitive Area means the area on the ballot or ballot display which may be pressed, touched, or marked in order to cast a vote which, in some cases, may be the entire position, while in other cases it may be limited to the voting target (as defined immediately below) on a paper ballot or push button on a full-face DRE machine.

c.   Voting Target means the area of a paper ballot which the voter is asked to mark in order to cast a vote; typically an oval, square or a fragmented arrow.  

 

37.  Voting System means the total combination of mechanical, electro-mechanical, or electronic equipment, and any ancillary equipment and all software, firmware, and documentation required to program, control, and support the equipment, all of which is used to define ballots, cast and count votes, report and/or display election results, and maintain and produce any audit trail information.

 

38.  Voting System Supporting Software means the vendor-supplied software used to configure and control the election day tabulation and accumulation of election results. 

 

39.   VVPAT means a voter verifiable paper audit trail.

 

 

Section 6209.2 Polling Place Voting System Requirements

 

A.  In order for a polling place voting system to be considered by the State Board for certification, it must comply with the mandates of New York State Election Law, and  meet the Election Assistance Commission’s 2005 Voluntary Voting System Guidelines to the extent that they are consistent with state law and these regulations.  Such polling place voting systems shall meet the following requirements:

 


(1) Provide a full ballot display on a single surface, except that proposals may appear on the reverse side of any paper ballot, and that such ballot display is easily visible under typical lighting found in a poll site.

 

(2)  For jurisdictions within the State of New York that have been identified by the U.S. Department of Justice, as requiring that ballots be provided in alternate languages, pursuant to Section 203 of the Voting Rights Act, 42 USC 1973aa-1a.  Voting systems must be able to recognize and interpret alternate language ballots. 

 

(3) Provide a device that produces and retains a voter-verifiable permanent paper record, pursuant to statute, which the voter can review and/or correct prior to the casting of their vote.  In the case of a paper-based voting system, the ballot marked by the voter shall constitute the paper record referred to in Section F. The paper record shall allow a manual audit and allow for preservation in accordance with the provisions of Election Law, Section 3-222.

 

(4) Provide a device or means by which the record of the votes cast on the machine can be printed and visually reviewed after the polls are closed.

 

(5) Provide a battery power source in the event that the electric supply used to make the voting system equipment function, is disrupted.  The battery power source shall operate the system and allow for the casting of votes for a period not less than 2 hours, to ensure that the system can shut down and preserve the integrity of votes cast prior to the power failure, and can resume functionality when power is provided or restored without significant or intrusive power-up procedures.  Such batteries must be rechargeable and have minimum five-year life when used under normal conditions.  In the event of a power failure, the equipment shall perform a normal shut-down not less than one hour before battery power is depleted, and shall notify the election inspector that the system will do so.

 

(6) The system shall contain software and hardware required to perform a diagnostic test of system status, and a means of simulating the random selection of candidates and casting of ballots in quantities sufficient to demonstrate that the system is fully operational and that all voting positions are operable.     

 

(7) The system shall incorporate multiple memories, including resident vote tabulation, storage of results and ballot images in resident memory, serving as a redundant means of verifying or auditing election results and ballot images, and further, the system shall be required to alert the election day worker that memory capacity is about to be reached. 

 

(8) In a DRE voting system, the system must prevent voters from overvoting and indicate to the voter specific contests or ballot issues for which no selection or an insufficient number of selections has been made.  In a paper-based voting system, the system must indicate to the voter specific contests or ballot issues for which an overvote or undervote is detected. 

 


(9)  The voting system shall provide a method for write-in voting and shall report the number of votes cast in each contest in write-in voting positions.

 

(10) The voting system shall be capable of accumulating and reporting a count of the number of ballots tallied for an election district and votes cast for each candidate, and the total vote for or against each ballot proposal, and shall be capable of separating and tabulating those election district totals to produce a report of the total of ballots tallied by groups of election districts such as legislative districts or wards.

 

B.  In addition to the requirements of subdivision (A) of this section, fully-accessible voting equipment certified by the State Board shall meet the following requirements for usability by voters who are disabled:

 

(1) The voting system or equipment shall be equipped with a voting device with tactile discernible controls, pursuant to Election Law Section 7-202.  Such controls shall allow persons with limited reach and/or hand dexterity, the ability to cast their vote, and shall include, for example: raised buttons of different shapes and colors, large or raised numbers or letters, and light pressure switches.

 

(2) The voting system or equipment shall be equipped with an audio voting feature, pursuant to Election Law Section 7-202.  The audio feature shall be able to be used either independently or simultaneously with the on-screen display.

 

(3) The voting system or equipment shall be capable of being equipped with a pneumatic switch, pursuant to Election Law Section 7-202.  

 

C.  Standards for noise level

 

(1) Voting systems or equipment to be certified by the State Board shall be constructed in a manner so that noise levels of the system or equipment during operation will not interfere with the duties of the election inspectors or the voting public.

 

(2) The noise level of write-in components of the system or equipment shall be so minimal that it will be virtually impossible under normal conditions for someone at the table used by the inspectors of elections to determine that a write-in vote is being cast or has been cast.

 

D.  Standards for voter privacy

 

(1) Voting systems or equipment shall be constructed so that no one within the polling site will be able to see how a voter is casting a vote. 

 

(2) Curtains, screens, shields or other privacy devices shall be designed so as to allow any voter, either electronically or manually, to open, close or otherwise use the device with ease when entering and exiting the system or equipment.

 


E.  Environmental Standards

 

The voting system shall be designed to protect against dust and moisture during storage and transportation.  Testing shall be similar to the procedure of MIL-STD-810F, Method 510.4,  for dust, and MIL-STD-810F, Method 506.4 for moisture.  These tests are intended to evaluate exposure to these elements when the system or equipment  is in a non-operating configuration and the equipment or system’s required protective cover is in place.

 

F.  Voter Verified Paper Audit Trails (VVPAT)

 

(1) The voting system shall print and display a paper record of the voter’s ballot choices prior to the voter making the ballot choices final.  In the case of a paper-based voting system, the ballot marked by the voter shall constitute the paper record referred to in this Section F.

 

(a) The paper record shall constitute a complete record of ballot choices that can be used in audits of the accuracy of the voting systems electronic records, in audits of the election results, and in full recounts.

 

(b) In the case of a DRE voting system, the paper record shall contain all information stored in the electronic record.

 

(c) The voting system shall be capable of showing the information on both the display screen and the paper in a font size of 3.0mm, and should be capable of showing the information in at least two font ranges, a) 3.0-4.0 mm and b) 6.3-9.0 mm, under control of the voter.

 

(d) In the case of a DRE voting system, the paper and electronic display of the voter’s selections shall be presented and positioned so as to allow the voter to easily read and compare the two.

 

(e) If the paper record cannot be displayed in its entirety, a means for moving the paper to show all paper record contents shall be provided.

 

(2)  There shall be instructions for performing the verification process made available to the voter in a location on the voting system.

 

(3) The voting system shall display, print, and store a paper record in any of the alternative languages chosen for making ballot selections.  Candidate names and other markings not related to the ballot selection on the paper record shall appear in English.

 

(4)  The voting system shall allow the voter to approve or reject the paper record, in the case of DRE systems, marking the ballot as such in the presence of the voter.

 


(a) Any DRE voting system shall provide a means to reconcile the number of rejected paper records with the number of occurrences of rejected electronic selections, and procedures shall be in place to address any discrepancies.

 

(b) Prior to reaching the maximum number of ballots allowed pursuant to statute, any DRE voting system shall display a warning message to the voter indicating the voter may reject only one more ballot, and that the third ballot shall become the ballot of record.

 

(5)  In case of conditions that prevent voter review of the paper record, there shall be a means for the voter to notify an election official, and in the case of a DRE voting system, shall cause an error message to be displayed and shall prevent the recording of the electronic record.

 

(6) In the case of a DRE voting system, procedures by which an election official can be notified and prescribed actions can be taken to address discrepancies if a voter indicates that the electronic and paper records do not match, shall be documented.

 

(7)  The voting system shall not record the electronic record as being approved by the voter until the paper record has been stored.

 

(8)  Vendor documentation shall include procedures for returning a voting system to correct operation after a voter has used it incompletely or incorrectly; this procedure shall not cause discrepancies between the tallies of the electronic and paper records.

 

(9) The voter’s privacy and anonymity shall be preserved during the process of recording, verifying, and auditing ballot choices.

 

(a) The privacy and anonymity of the voter’s verification of ballot choices and the creation and storage of these choices, both electronically and on paper record,  shall be maintained. 

 

(b) The privacy and anonymity of voters whose paper records contain any of the alternative languages chosen for making ballots selections shall be maintained.

 

(c) Information for the purposes of auditing the electronic or paper records that may permit a voter to reveal his or her ballot choices shall be displayed so as not to be memorable to the voter.

 

(10)  The voting system’s ballot records shall be structured and contain information so as to support highly precise audits of their accuracy.

 

(a) All cryptographic software in the voting system shall have been approved by the U.S. Government’s Crypto Module Validation Program (CMVP) as applicable.

 


(b) This information shall contain, but not be limited to, the voting site/election district, type of election, ballot style, and whether the system is operating in a “test” mode.

 

(11) In the case of a DRE voting system, the electronic and paper records shall be linked by including a unique identifier within each record that can be used to identify each record uniquely and correspond the two accordingly. 

 

(12)  The voting system shall generate and store a digital signature for each electronic record.  

 

(13)  The electronic records shall be able to be exported for auditing or analysis on standards-based and/or information technology computing platforms.

 

(a) The exported electronic records shall be in an open, non-proprietary format. 

(b) The voting system shall export the records accompanied by a digital signature of the collection of records, which shall be calculated on the entire set of electronic records and their associated digital signatures.

 

(c)  The voting system vendor shall provide documentation as to the structure of the exported records and how they shall be read and processed by software. 

 

(d) The vendor shall provide a software program that will display the exported records and such software may include other capabilities, such as providing vote tallies and indications of undervotes.

 

(14)  The voting system printers shall be physically secure from tampering.

 

(a)  The voting system shall communicate with its printers over a standard, publicly documented printer port using a standard communication protocol.

 

(b)  The paper path between the printing, viewing and storage of the paper record shall be protected and sealed from access except by authorized election officials.

 

(c)  The printer shall not be permitted to communicate with any other system or machine other than the single voting system to which it is connected.

 

(d)  The printer shall only be able to function as a printer: it cannot store information or contain or provide any services that are not essential to system function, (e.g., provide copier or fax functions) or have network capability.

 

(e) Printer access to replace consumables such as ink or paper shall only be granted if it does not compromise the sealed printer paper path.

 


(f) Prior to the opening of polls on election day, poll workers shall demonstrate that the ballot storage devices are empty.  The storage devices shall then be sealed and no further access shall be provided to polling place workers.

 

(g)  Tamper-evident seals or physical security measures shall protect the connection between the printer and the voting machine, so that the connection cannot be broken or interfered with without leaving extensive and obvious evidence.

 

(15)  The voting system’s printers shall be highly reliable and easily maintained.

 

(a)  The voting system should include a printer port to which a commercial off-the-shelf printer which complies with sub-section F(14) above, could be attached for the purposes of printing paper records and any additional records.

 

(b)  The voting system shall detect errors and malfunctions such as paper jams or low supplies of consumables such as paper and ink that may prevent paper records from being correctly displayed, printed and stored.

 

(c)  If an error or malfunction occurs, the voting equipment attached to the defective printer shall suspend voting operations and shall present a clear indication to the voter and election workers of the error or malfunction.

 

(d)  There shall be adequate supplies of consumable items such as paper and printer ink on hand to operate from opening to closing of polls.

 

(i)  Printing devices should contain paper and ink of sufficient capacity so as not to require reloading or opening equipment covers or enclosures and circumvention of security features, or reloading shall be able to be accomplished with minimal disruption to voting and without circumvention of security features such as seals.

 

(ii)  Printer consumables shall be stored within the temperature and humidity ranges specified by the manufacturer and shall be stored in State Board-approved containers to protect them from sustaining any damage.

 

(e) The vendor shall make recommendations as to appropriate numbers of printers to be used in conjunction with the number of voting systems being utilized.  A sufficient number of replacement printers shall be available.

 

(16)  Vendor documentation shall include procedures for investigating and resolving malfunctions including but not limited to misreporting of votes, unreadable paper records, paper jams, low ink, mis-feeds and power failures.

 

(17)  Vendor documentation shall include procedures for ensuring, in the case of malfunctions, that electronic and paper records are correctly recorded and stored.

 


(18)  Protective coverings intended to be transparent on voting system devices shall be maintainable via a predefined cleaning process.  If the coverings become damaged such that they obscure the paper record, they shall be replaced.

 

(19)  The paper record shall be sturdy, clean, and of sufficient durability to be used for manual auditing and recounts conducted manually.  The paper record shall be able to be stored and remain fully readable without degradation for 22 months within the temperature and humidity ranges specified by the manufacturer, but at a minimum temperature range of at least from -20 degrees to 140 degrees Fahrenheit, and at a humidity as high as 98%. 

 

G.  Any submitted voting system’s software shall not contain any code, procedures or other material which may disable, disarm or otherwise affect in any manner, the proper operation of the voting system, or which may damage the voting system, any hardware, or any computer system or other property of the State Board or county board, including but not limited to ‘viruses’, ‘worms’, ‘time bombs’, and ‘drop dead’ devices that may cause the voting system to cease functioning properly at a future time. 

 

H.  Any submitted voting system shall provide methods through security seals or device locks to physically secure against attempts to interfere with correct system operations.  Such physical security shall guard access to machine panels, doors, switches, slots, ports, peripheral devices, firmware, and software. 

 

I.  The system shall provide a means by which the ballot definition code may be positively verified to ensure that it corresponds to the format of the ballot face and the election configuration.

 

Section 6209.3    Additional Requirements for Voting Systems

 

A.  In addition to voting system requirements provided for elsewhere in these rules and regulations, paper-based systems shall:

 

(1) Allow the voter, at their choice, to vote a new ballot or submit the ballot ‘as is’.

 

(2)  An over-vote in one or more office or ballot proposals shall not prevent the counting of all other offices or ballot proposals contained on the ballot.

 

(3)  In the case of candidates who appear on one or more party lines, the system shall be capable of correctly counting the vote according to provisions of Election Law §9-112.

 

B.  Ballot specifications:

 

(1) As to the printing and arrangement of ballots, all ballots shall meet the requirements as to form and content provided in section 7-121 of the Election Law, and:


(2) ballots shall be printed in black print on a white background or on backgrounds of different colors to identify different types of ballots (i.e., emergency, affidavit, etc) or in the case of a primary, to identify ballots for each political party according to the color assigned to such party pursuant to law, and

 

(3) coding which is both machine readable and manually readable shall be used to identify different ballot styles, and

 

(4) ballots used in the paper-based voting system shall be able to be counted by hand as well as be counted by machine, and 

 

(5) The types of ballots used and their form, type size and arrangement must be approved by the State Board of Elections.

 

C.  For all paper-based voting systems, the system shall count a mark on a ballot that is in a:

 

(1) Sensitive Area for a candidate whose name is on the ballot;

 

(2) Sensitive Area designated for write-in voting for a write-in candidate; or

 

(3) Sensitive Area for a ballot proposal.

 

D.  With regard to the central counting of absentee, affidavit, emergency and special ballots, the requirements of 6209.2 (F)(1)(c-e),and (F)(2) not consistent with this section shall not apply.

 

Section 6209.4  Application Process

 

A.  The Election Operations Unit shall forward an application form within one week from the date of receipt of a request from a vendor, together with a copy of applicable rules and regulations and a pre-qualification test format for both a general and primary election ballot program.

 

B.  Said vendor shall return completed ballot layouts based upon the pre-qualification test format to the Election Operations Unit.  Upon approval of the layouts, the vendor shall program such system or equipment and complete the pre-qualification tests for both ballot programs provided, and enter the simulated votes upon said system or equipment for each election program.

 

C.  The completed application shall be returned by the vendor applicant, with a printout of tabulated votes from the primary and general election pre-qualification tests as cast on the voting system equipment which the applicant requests to have certified.  The pre-qualification test programs shall be retained by the applicant for use in the certification process.


D.  The application and printouts shall be reviewed to determine if the voting system shall be considered for certification and the applicant shall be notified of such determination. 

 

E.  No application shall be deemed to be filed until all documentation required by these rules has been submitted to the State Board or its designee.

 

F.  A certified or bank check in the amount of $5,000 shall accompany such application, and be applied towards the actual cost of the examination. 

 

G.  Fees for the examination of a voting system shall be assessed against the vendor by the State Board based upon the cost to the State Board for examination of such voting system by an outside contractor, laboratory or other authorized examiner. 

 

H.  A vendor submitting an application shall affirm that;

 

(1)  the submitted voting system complies with all applicable rules adopted by the State Board, and with all applicable 2005 Federal Voting System Guidelines not inconsistent with state law or these regulations, and is suitable for use by voters;

 

(2)  the vendor will quote and provide a statewide, uniform price for each unit of the voting system’s equipment, and;

 

(3)  the submitted voting system’s software does not contain any code, procedures or other material (including but not limited to ‘viruses’, ‘worms’, ‘time bombs’, and ‘drop dead’ devices that may cause the voting system to cease functioning at a future time), which may disable, damage, disarm or otherwise affect the proper operation of the voting system, any hardware, or any computer system or other property of the State Board or county board;

 

(4)  any submitted voting system provides methods through security seals or device locks to physically secure against attempts to interfere with correct system operations.  Such physical security shall guard access to machine panels, doors, switches, slots, ports, peripheral devices,  firmware, and software. 

 

I.  All vendors shall submit with their application forms, sworn affidavits from the president, chief executive officer or chief operating officer of the vendor, disclosing any contributions made within the United States by any of those officers, by the vendor itself, or by any controlling shareholder to any political party or candidate for any office, within two years prior to the date the application is submitted.  After the submission of any application forms, or after the submission of any such affidavit, a vendor must submit to the Election Operations Unit, an affidavit at the end of each calendar quarter (March 31, June 30, September 30 and December 31), disclosing whether or not any new contribution has been made.   The submission of such affidavits shall be required throughout the period during which the system is certified in New York.   

 


J.  All vendors shall submit with their application forms, information regarding past or pending court cases involving their voting systems or its major components, any evidence of fraud, faulty systems, or failure to correct past problems.

 

 

Section 6209.5 Submission of Voting Systems Equipment.

 

A.  Voting systems considered for certification by the State Board shall be delivered to the State Board or its designee.  Such equipment shall include documentation, operation manual(s), auxiliary components and equipment used to program ballot layout, and any other additional equipment used in the operation of said voting system.

 

B.  Vendors submitting systems or equipment for certification must also provide additional systems to be used by the State Board for  the purposes of the Voter Demonstration Test.  See Section 6209.6(G)(8).

 

C.  If the voting systems equipment is certified by the State Board, the specific system or equipment and components examined by the State Board shall become the property of the State Board for as long as the system or equipment is in use in the State or for such shorter period as the State Board shall so determine.  Voting systems or equipment not certified shall be disposed of pursuant to the vendor’s direction.

 

D.  The applicant shall provide service and normal maintenance of said system or equipment after certification and shall supply to the State Board, at no cost, any modification to the system or equipment for upgrading of any feature during the period that said system or equipment is offered for sale and use in the State.

 

E.  The vendor shall provide, either at the time of submission or no later than the completion of certification testing by the State Board, a list of system proprietary and non-proprietary consumables, extended warranties, services, and other such items as may be considered by county boards for purchase, with the exception of programming, as county boards are prohibited from contracting with a vendor for programming services.  Such list shall become a component of the contract.

 

G.  The vendor shall disclose, in the application for certification, any pecuniary interest in or any direct or indirect control over any testing laboratory as defined herein or which may be used in connection with the certification or acquisition of any voting system.

 


H.   Vendors shall make available to the State Board, in a quantity to be determined by the State Board, voting systems for the purpose of conducting a usability test, which will establish the minimum number of voting machines required in each polling place and the maximum number of voters that can vote on one voting machine during the course of an ordinary 15-hour election day.  The ballots to be used for this test shall include both primary and general election ballots, with ample candidate selection options and ballot proposal selections.  For the purposes of the usability test, voting shall occur by utilizing all the devices which a  voter may use to make their selections.  If a vendor has previously performed a usability test on the same or similar voting system which meets the requirements of this section, the State Board may consider the findings of same.  Whenever the State Board is satisfied that a voting machine or system’s usability analysis has provided adequate and accurate information relative to the requirements of Election Law Section 7-203.2, then the State Board may, in its discretion, accept such documentation as satisfaction of the usability test required by these regulations.

 

I.  For voting systems which are not PC-based, vendors shall submit recommendations for acceptance and maintenance testing to ensure that the firmware in systems purchased and used by county boards is identical to certified firmware.

 

Section 6209.6 Examination Criteria

 

A.  State Board testing and examination shall be performed in an open and public venue.  Testing shall be performed in conformity with written procedures adopted by the State Board.  Such procedures and the test reports of the State Board and its ITA, shall be available for public inspection at the office of the State Board, and at its website. Each tested system shall, at a minimum, conform to the EAC’s  2005 Voluntary Voting System Guidelines, to the extent that they are consistent with State Law and these Regulations.

 

B.  The State Board or its designee, as part of its examination, may at its discretion, submit the voting system for analysis by a testing laboratory.

 

C.  Whenever the State Board is satisfied that a voting machine or system has been proven to meet the Environmental Standards of subdivision (E) of Section 6209.2 of these regulations; and the vendor is able to provide documentation for the State Board’s testing authority to establish that those standards have been met; then the State Board may, in its discretion, accept such documentation as satisfaction of the tests required by these regulations.

 

D.  All laboratory testing shall be conducted or verified by independent testing authorities appropriately certified by the National Association of State Election Directors, the EAC or approved by the commissioners of the State Board.

 

(1)  Software and Hardware Qualification Tests

 

    Qualification of voting system software and hardware shall consist of a series of tests, code analyses, and inspection tests performed at the federal and state levels, to verify that the software and hardware meet  design requirements and that characteristics are correctly described in the documentation items.  Qualification shall also include a Functional Configuration Audit and a Physical Configuration Audit.

 

(2)  Functional Configuration Audit

 


      A functional configuration audit shall be performed to verify that the software complies with the Software Specification (as defined in subparagraph (B)(2)(B)(1) below) and applicable laws and regulations.  Federal qualification test data may be used in partial fulfillment of this requirement; however, the State Board or its designee shall perform or supervise the performance of additional tests, or order additional laboratory testing, to verify system performance in all operating modes, including but not limited to disability access and alternate language modes and to validate the vendor's test data reports.  The Functional Configuration Audit shall be performed in a facility selected by the State Board.

 

(a) Vendor Responsibility

 

        The vendor shall provide a list of all documentation and data required to be included as part of the independent review, and vendor technical personnel shall be available to the State Board during the performance of the Functional Configuration Audit.

 

(b) Technical Data

 

        The vendor shall provide the following technical data:

 

                        (i) copies of all procedures used for module or unit testing, integration testing and system testing;

 

(ii) copies of all test cases generated for each module and integration test and sample ballot formats or other test cases used for system;

 

(iii) records of all tests performed by the procedures listed above, including error correction and retest.

 

                        (c) Audit Procedure

 

        The State Board, with the assistance of an independent testing authority, shall subject each voting system to a complete functional test, including but not limited to actual use testing of all components used by voters to enter or review votes.  Additionally, the State Board and its independent testing authority shall review the vendor's test procedures and test results.

 

        This review shall include an assessment of the adequacy of test cases and input data to exercise all system functions and to detect program logic and data processing errors if such be present.

        The review shall also include an examination of all test data which is to be used as a basis for qualification.

 

(3)  Physical Configuration Audit

 


The Physical Configuration Audit is an examination of the software configuration against its technical documentation to establish a configuration baseline for approval.  The Physical Configuration Audit shall include an audit of all drawings, specifications, technical data and test data associated with the system hardware and this audit shall establish the system hardware baseline associated with the software baseline.  All subsequent changes to the software or hardware shall be subject to re-examination.

 

(a) Vendor Responsibility

 

                The vendor shall provide a list of all documentation and data required to be audited by the State Board.  Vendor’s technical personnel shall be available to the State Board during the performance of the Physical Configuration Audit.

 

(b) Technical Data

 

        The vendor shall provide the following technical data:

 

(i) identification of all items which are to be a part of the software release;

 

(ii) identification of all hardware which interfaces with the software;

 

(iii) configuration baseline data for all hardware included within the system;

 

(iv) copies of all software documentation which is intended for distribution to users, including program listings, specifications, operator manual, user manual and software maintenance manual;

 

(v) proposed user acceptance test procedure and acceptance criteria;

 

(vi) an identification and explanation of any changes between the Physical Configuration Audit and the configuration submitted for the Functional Configuration Audit.

 

(c) Audit Procedure

 


        Required data items include draft and formal documentation of the vendor's software development program which are relevant to the design and conduct of Qualification Tests.  The vendor shall identify all documents, or portions of documents, which the vendor asserts contain proprietary information not approved for public release.  The State Board or its designee shall agree to use any proprietary information contained therein solely for the purpose of analyzing and testing the software and shall refrain from disclosing proprietary information to any other person or agency without the prior written consent of the vendor or a Court order.  The State Board or its designee shall review the vendor's source code and documentation to verify that the software conforms to the documentation, and that the documentation is sufficient to enable the user to install, validate, operate and maintain the voting system.  The review shall also include an inspection of all records of the baseline version against the vendor's release control system to establish that the configuration, being qualified, conforms to the engineering and test data.

 

E.  Functional Tests, Security Tests and Simulated Voting

 

Prior to certifying a voting system, the state board shall designate an independent expert to review, all source code made available by the vendor pursuant to this section and certify only those voting systems compliant with these Regulations. At a minimum, such review shall include a review of security, application vulnerability, application code, wireless security, security policy and processes, security/privacy program management, technology infrastructure and security controls, security organization and governance, and operational effectiveness, as applicable to that voting system. 

 

(1) For all systems or equipment, functional tests shall consist of the validation of equipment functional performance, and shall be performed in an open and public venue, in conformity with written procedures adopted by the State Board.

 

(2) All votes entered shall use the identical interfaces as would be used by the actual voters during the actual voting process.  By way of explanation, touch-screen votes, or votes cast via alternative accessible devices such as tactile-discernible key pads or pneumatic switches shall be used as the voter would use them rather than casting simulated votes via any of these processes into the voting system using any type of diagnostic input cartridge. 

 

(3) Functional tests of voting system software which runs on general purpose data processing equipment shall include all tests similar to those in procedures which are necessary to validate the proper functioning of the software and its ability to control the hardware environment.  The tests shall also validate the ability of the software to detect and act correctly upon any error conditions which may result from hardware malfunctions.  Detection capability may be contained in the software, the hardware or the operating system.  It shall be validated by any convenient means up to and including the introduction of a simulated failure (power off, disconnect a cable, etc.) in any equipment associated with vote processing.

 

(4) Each system shall be submitted for electronic and technical security and integrity analysis by independent certified security experts, who shall be given full unrestricted access to production units of the system, for such analysis.  Whenever the vendor is able to provide documentation for the State Board and its testing authority, to establish that the standards of this section of these regulations have been met; then the State Board may, in its discretion, accept such documentation as satisfaction of the tests required by these regulations.

 


(5)    Functional tests for the following types of equipment shall be required:

 

(a) Standard commercial, off-the-shelf production models of general purpose data processing equipment (PC’S, printers, etc.) shown to be compatible with these requirements and with the voting system.

 

(b) Production models of special purpose data processing equipment (scanners, bar code readers, etc.) having successfully performed in elections use and having been shown to be compatible with the voting system.

 

F.  Software, Hardware, Operating and Support Documentation

 

(1) Software Qualification

 

      The following system software and firmware vendor data items shall be submitted as a precondition of certification of acceptability for elections use. 

 

            (2) Vendor Documentation

 

      Complete product documentation shall be provided to the State Board for voting systems, their components and all auxiliary devices.  This documentation shall be sufficient to serve the needs of the voter, the operator, maintenance technicians, and other appropriate county board personnel.  It shall be prepared and published in accordance with standard industrial practice for electronic and mechanical equipment such documentation shall include:

 

(3) Software Specification

 

        The Software Specification shall contain and describe the vendor's design standards and conventions, environment and interface specifications, functional specifications, programming architecture specifications, and test and verification specifications.  Vendor must also provide document identification, an abstract of the specification, configuration control status and a table of contents.  The body of the specification shall contain the following material:

 

(a) System Overview

 

The vendor shall identify the system hardware and the environment in which the software will operate and the general design and operational considerations and constraints which have influenced the design of the software.

 

(b) Program Description

 


The vendor shall provide descriptions of the software system concept, the array of hardware in which it operates, the intended operating environment, the specific software design objectives and development methodology and the logical structure and algorithms used to accomplish the objectives.

 

(c) Standards and Conventions

 

The vendor shall provide information which can be used as a partial basis for code analysis and test design.  It should include a description and discussion of the standards and conventions used in the preparation of this specification and in the development of the software.

 

(d) Specification Standards and Conventions

 

The vendor shall identify all published and private standards and conventions used to document software development and testing.  Vendor internal procedures shall be provided as attachments to this Software Specification.

 

(e) Test and Verification Standards

 

The vendor shall identify any standards or other documents which are applicable to the determination of program correctness and acceptance criteria.

 

(f) Quality Assurance Standards

 

The vendor shall describe all standards or other documents which are applicable to the examination and testing of the software, including standards for flowcharts, program documentation, test planning and test data acquisition and reporting.

 

(g) Operating Environment

 

The vendor shall provide a description of the system and subsystem interfaces at which inputs, outputs and data transformations occur.  It shall contain or make reference to all operating environment factors which influence the software design.

 

(h) Hardware Constraints

 

The vendor shall identify and describe the hardware characteristics which influence the design of the software, such as:

 

(i) the logic and arithmetic capability of the processor,

 

(ii) memory read/write characteristics,

 

(iii) external memory device characteristics

 

(iv) peripheral device interface hardware data I/O device protocols, and


(v) operator controls, indicators and displays.

 

(i) Software Environment

 

The vendor shall identify all compilers, assemblers, or other software tools to be used for the generation of executable code and a description of the operating system or system monitor.  This section shall also contain an overview of the compile-time interaction of the voting system software with library calls and linking.

 

(j) Interface Characteristics

 

The vendor shall describe the interfaces between executable code and system input-output and control hardware.

 

(k) Software Functional Specification

 

The vendor shall provide a description of the overall functions which the software performs in the context of its mode or modes of operation.  The vendor shall also describe the capabilities and methods for detecting and handling exceptional conditions, system failure, data input/output errors, error logging and audit record generation and security monitoring and control.

 

(l) Configurations and Operating Modes

 

The vendor shall describe the various software configurations and operating modes of the system; such as preparation for opening of the polling place, vote recording and/or vote processing, closing of the polling place and report generation.  For each software function or operating mode, a definition of the inputs (characteristics, tolerances or acceptable ranges) to the function or mode, how the inputs are processed and what outputs are produced (characteristics, tolerances or acceptable ranges) shall be provided.

 

(m) External files

 

In the event that external files are used for data input or output, the definition of information context and record formats shall be provided.  The vendor shall also describe the procedures for file maintenance, access privileges and security.

 

(n) Security

 


Security requirements and security provisions of the system’s software shall be identified for each system function and operating mode.  The voting system must be secure against attempts to interfere with correct system operation.  The vendor shall identify each potential point of attack.  For each potential point of attack, the vendor shall identify the technical safeguards embodied in the voting system to defend against attack, and the procedural safeguards that the vendor has recommended be followed by the election administrators to further defend against that attack.  Each defense shall be classified as preventative, if it prevents the attack in the first place; detective if it allows detection of an attack; or corrective if it allows correction of the damage done by an attack. Security requirements and provisions shall include the ability of the system to detect, prevent, log and recover from the broad range of security risks identified.  These procedures shall also examine system capabilities and safeguards claimed by the vendor to prevent interference with correct system operations.  The State Board, with the assistance of its ITA, shall conduct tests to confirm that the security requirements of these Regulations have been completely addressed.  Notwithstanding any other provisions of these Regulations, the State Board shall determine whether all or a portion of such security requirements and security provisions shall be available for public inspection, but shall exclude any information which compromises the security of the voting system.

 

(o) Programming Specifications

 

The vendor shall provide an overview of the software design, structure and implementation algorithms.  Whereas the Functional Specification of the preceding section provides a description of what functions the software performs and the various modes in which it operates, this section should be prepared so as to facilitate understanding of the internal functioning of the individual software modules.  Implementation of functions shall be described in terms of software architecture, algorithms and data structures and all procedures or procedure interfaces which are vulnerable to degradation in data quality or security penetration shall be identified.

 

(p) Test and Verification Specifications

 

The vendor shall provide a description of the procedures used during software development to verify logical correctness, data quality and security.  This description shall include existing standard test procedures, special purpose test procedures, test criteria and experimental design and validation criteria.  In the event that this documentation is not available, the Qualification Test agency shall design test cases and procedures equivalent to those ordinarily used as a basis for  verification (see below).

 

(q) Qualification Test Specification

 

The vendor shall provide a description of the specification for verification and validation of overall software performance, including acceptance criteria for control and data input/output, processing accuracy, data quality assessment and maintenance, exceptional handling and security.  The specification shall identify specific procedures by means of which the general suitability of the software for elections use can be assessed and demonstrated.  The vendor's specification and procedure shall be used to establish the detailed requirements of the tests described in "Laboratory Environmental Test Procedures for Hardware and Software" of this Standard.

 

(r) Acceptance Test Specification


The vendor shall provide a description of the specification for installation, acceptance and readiness verification.  This specification shall identify specific procedures by means of which the capability of the software to accommodate actual ballot formats and format logic, and pre-election logic, accuracy and security test requirements of using jurisdictions may be assessed and demonstrated.  The vendor's specification shall be used to establish the detailed requirements of the tests described in "Laboratory Environmental Test Procedures for Hardware and Software" of this standard performed to evaluate the adequacy of the vendor's procedures and it shall be suitable for inclusion in the regulations and procedures of user counties  when preparing for the conduct of actual elections.

 

(s) Appendices

 

The vendor shall provide  descriptive material and data supplementing the various sections of the body of the Software Specification.  The content and arrangement of appendices shall be at the discretion of the vendor.  Topics recommended for amplification and treatment in appendix form include:

 

(i) Glossary: Provide a listing and brief definition of all software module names and variable names with reference to their locations in the software structure.  Include abbreviations, acronyms and terms which are either not commonly used in data processing and software development or which are used in an uncommon semantic context.

(ii) References:  Provide a list of references to all related vendor documents, data, standards and technical sources used in software development and testing.

 

 (iii) Program Analysis:  Provide the results of software configuration analysis, algorithm analysis and selection, timing studies and hardware interface studies reflected in the final software design and coding.

 

(iv) Security Analysis:  Provide a detailed description of the penetration analysis performed to preclude intrusion by unauthorized persons and fraudulent manipulation of elections data.  Identify security policies and measures and selection criteria for audit log data categories.

 

(4) Operator Information

 

This documentation shall include a physical description of the equipment sufficient to identify all features, controls and displays.  It shall include a complete procedure for energizing the equipment, for testing and verifying operational status and for identifying all abnormal equipment states.  It shall include a complete operating procedure for inserting ballots to be tabulated, for controlling the tabulation process, for monitoring the status of the equipment, for recovering from error conditions and for preparing output reports.  It shall also include troubleshooting instructions. 

 


The documentation shall also include a description of the relationship of the Sensitive Area, Voting Target, and Ballot Position.  For paper-based systems, this description shall include a description of the nature of the marks the system will and will not count as votes, for example, the types of marks made with each of a variety of pens and pencils that should be counted and that should not be counted.  For DRE voting systems, this description shall include a description of the nature of the voter action required to cast a vote in the Sensitive Area, for example, the force and duration of contact required.  

 

(5) Maintenance Information

 

(a) This documentation shall contain a complete physical and functional description of the equipment and a theory of operation which fully describes the electrical and mechanical function of the equipment, how the processes of ballot handling and reading are performed, how data are handled in the processor and memory sections, how data output is initiated and controlled, how power is converted or conditioned and how test and diagnostic information is acquired and used.

 

(b) A complete parts and materials list shall be provided which contains sufficient descriptive information to identify all parts by type, size, value or range and manufacturer's designation.

 

(c) Technical illustrations and schematic representations of electronic circuits shall be provided with indications of all test and adjustment points and the nominal value and tolerance or waveform to be measured.  Fault detection, isolation and correction procedures or logic diagrams shall be prepared for all operational abnormalities identified by design analysis and operating experiences.

 

(6) Logistics, Facilities and Training

 

The vendor shall identify all operating and support requirements of the system or component.  These requirements include material, facilities and personnel, including furnishings, fixtures, and utilities which will be required to support system operation, maintenance and storage.

 

(7) Maintenance Training and Supply

 

(a) The vendor shall identify all corrective and preventive maintenance tasks, including  the calibration of the system, as appropriate,  and the level at which they shall be performed.  Levels of maintenance shall include operator tasks, maintenance personnel tasks and factory repair.

 

(b) Operator tasks shall be limited to the activation of controls to identify irrecoverable error conditions and to the replenishment of consumables such as printer ribbons, paper and the like.


(c) Maintenance personnel tasks shall include all field maintenance actions which require access to internal portions of the equipment.  They shall include the conduct of tests to localize the source of a malfunction; the adjustment, repair or replacement of malfunctioning circuits or components and the conduct of tests to verify restoration to service.

 

(d) Factory repair tasks shall be minimized, and repairs shall be made on site whenever reasonably possible.  Factory repairs shall only include complex and infrequent maintenance functions which require access to proprietary or to specialized facilities and equipment which cannot be obtained by the county board.

 

(e)  The vendor shall identify by function all personnel required to operate and support the system.  For each functional category, the number of personnel and their skills and skill levels shall be specified.

 

(f)  The vendor shall specify requirements for the training of each category of operating and support personnel, including but not limited to voters, poll workers, and elections staff.  The vendor shall prepare all materials required in the training activity and shall provide or otherwise arrange for the provision of as many qualified instructors as are necessary to properly and fully train said personnel in each category. 

 

(g)  The vendor shall recommend a standard complement of supplies, spares and repair parts which will be required to support system operation.  This list shall include the identification of these materials and their individual quantities and sources from which they may be obtained.  The vendor shall supply, at vendor's expense, any special tools required to repair or maintain the equipment.

 

(h) The vendor shall provide complete instructions for all methods of voting which voters may use to cast their vote, including instructions on entering and changing votes, write-in voting, verifying votes and accepting the cast votes.  Written and audio instructions shall be provided in each language in which voting shall occur within the state.   

(8)     Usability Test

 


Vendors shall make available to the State Board, in a quantity to be determined by the State Board, voting systems for the purpose of conducting a usability test, which will establish the minimum number of voting machines required in each polling place and the maximum number of voters that can vote on one voting machine during the course of an ordinary 15-hour election day.  The ballots to be used for this test shall include both primary and general election ballots, with ample candidate selection options and ballot proposal selections.  For the purposes of the usability test, voting shall occur by utilizing all the devices which a  voter may use to make their selections.  If a vendor has previously performed a usability test on the same or similar voting system which meets the requirements of this section, the State Board may consider the findings of same.  Whenever the State Board is satisfied that a voting machine or system’s usability analysis has provided adequate and accurate information relative to the requirements of Election Law Section 7-203.2, then the State Board may, in its discretion, accept such documentation as satisfaction of the usability test required by these regulations.

 

(9)       Voter Demonstration Test

 

(a)  The purpose of this test is to provide, in a simulated election day environment, a public demonstration of the usability and accuracy of such systems or machines

 

(b)   Vendor must submit, in a quantity to be determined by the State Board, additional voting systems or equipment that have been submitted for certification.  These additional systems or equipment will be returned to the vendor upon the completion of voter demonstration testing.

 

(c)   The State Board shall make available to the public, all non-proprietary documentation submitted by the vendor.

 

(10)     Certification

 

(a) The State Board shall escrow a complete copy of all certified software that is relevant to functionality, setup, configuration, and operation of the voting system, including but not limited to, a complete copy of the source and executable code, build scripts, object libraries, application program interfaces, and complete documentation of all aspects of the system including, but not limited to, compiling instructions, design documentation, technical documentation, user documentation, hardware and software specifications, drawings, records, and data.  Documentation shall include a list of programmers responsible for creating the software and a sworn affidavit that the source code includes all relevant program statements in low-level and high-level languages.  The State Board may require that additional items be escrowed.  If any vendor contracts to escrow additional items, those items shall be subject to the provisions of this section.

 

(b) The vendor shall immediately notify the state board of any change in any item required to be escrowed by subdivision (a) of this subsection, and shall provide an updated version for deposit.

 

(c) The chief executive officer of the vendor shall sign a sworn affidavit that the source code and other material in escrow is the same being used in its voting systems in the State. The chief executive officer shall have an ongoing obligation to ensure the statement is true. 

 

(d) The vendor shall promptly notify the state board and each county board using its voting system of any decertification of the same system in any state, of any defect in the same system known to have occurred anywhere, and of any relevant defect known to have occurred in similar systems.


 

(e) Upon completion of testing, reports shall be produced by the ITA and State Board staff, and a recommendation either for or against certification shall be made to the State Board’s commissioners. 

 

(f)  If the State Board determines that a system meets the requirements of these Regulations, and is determined to be suitable for use by voters, it shall certify such system.  A notice of provisional certification shall be prepared and forwarded to the vendor, forthwith.  The vendor shall ensure that the voting system’s software has been escrowed as set forth in Election Law Section 7-208, and the vendor has updated any affidavit and complied with the affidavit requirements, as set forth in Section 6209.4(H) of these regulations.

 

(g)  Upon compliance with the provisions set forth above, a Notice of Certification shall be awarded to the vendor.  Notice of such Certification shall also be provided to all county boards.

 

(h)  If the State Board fails to certify a system, the vendor shall be so notified. 

(i)  Once a certified system is selected for purchase by a county board, that system’s software shall be provided to the county board by the State Board, and not the vendor.

 

Section 6209.7 Modifications and Re-examination

 

A.  Any prospective modification to a previously certified voting system shall be submitted to and approved by the State Board before such modification is made.

 

B.  No modification of previously certified voting systems equipment shall be used in any election until such modification has been approved by the State Board.

 

C.  Prospective modification shall be reviewed by the State Board or by an examiner or testing laboratory selected by the State Board in accordance with the fee schedule established by section 7-201 of the Election Law.

 

D.  Upon completion of a review of such prospective modification, the State Board may cause a re-examination of the entire voting system, or within its discretion, grant continuation of certification pursuant to the provisions of section 7-201 of the Election Law.

 

Section 6209.8   Rescission of Certification

 


A.  If at any time subsequent to the State Board's approval of a voting system, the State Board determines that the voting system fails to fulfill the criteria prescribed by statute and these rules, the State Board shall notify any purchasers and vendors of that particular voting system’s failure, post such notice on its website, and give notice by mail to the chairs of all political parties and interested persons who have previously requested notification of such information, that the State Board's approval or certification of that system in New York State is to be withdrawn.

 

B.  Failure of a vendor, its officers and its controlling shareholders to file affidavits as required in Section 6209.4(I) may result in the rescission of certification.  Notice of such failure shall be in writing and shall specify the reasons why the approval or certification of the system is being rescinded. 

 

C.  At the State Board’s discretion and depending on the reason for recision, a notice may also provide for a 30-day period within which the vendor must correct deficiencies, and shall further specify the date on which the rescission is to become effective.

 

D.  Any vendor or purchaser of such voting system, and any interested person or organization, may request in writing that the State Board reconsider its decision to rescind approval or certification of the voting system.

 

E.  Upon receipt of such request to reconsider, the State Board shall hold a public hearing for the purpose of reconsidering the decision to rescind the approval or certification, and shall give published notice of such hearing at least two weeks in advance, including posting it prominently on its website and giving notice by mail to public advocacy organizations which have requested such notification or requested that the State Board reconsider its decision.  Any interested party shall be given the opportunity to submit testimony or documentation in support of or in opposition to the Board's decision to rescind approval or certification.

 

F.  The State Board may affirm or reverse its decision.  Should the State Board affirm its decision, such vendor may be prevented from submitting a new application form for a period of two years following the date of the final decision.

 

Section 6209.9  Contracts

 

A.  In addition to complying with all statutory requirements, all contracts for the purchase of voting systems by county boards, hereinafter to be designated ‘purchaser’,  shall include the following requirements:

 

(1) Training

 

Vendors of voting systems shall provide for sufficient training of boards of elections personnel in the following:

 

(a) training prior to delivery of voting systems and equipment on procedures for unpacking, assembling and acceptance testing of such equipment;

 


(b) training for proper use of such equipment including maintenance, storage and transportation procedures;

 

(c) the vendor shall provide complete operations manuals (including operations manuals for any auxiliary features, programming, hardware, telecommunications systems and central vote tabulating systems) upon delivery of voting systems equipment to a jurisdiction.  Such manuals shall include one copy of procedures to be followed by inspectors at polling places.  The vendor shall permit this copy to be reproduced and distributed by the county board at its training school for election inspectors or the vendor shall supply as many copies of the procedures as required by purchaser for such distribution;

 

(d) the vendor shall assist in the training of all elections personnel (including election inspectors) during the first two elections, to include a general election, in which the system or equipment is used.  Such assistance relating to the number of people and the hours of assistance shall be identified in the executed contract. 

 

(e) sufficient training for county board personnel in the use of the vendor’s voting system’s supporting software, procedures to be used to accomplish ballot face layout and ballot programming, and all other features of the software.

 

(2) Service provisions                                 

 

(a) The contract shall identify the obligations of the vendor to promptly rectify any problems identified through testing any or all of the voting systems equipment delivered to the purchaser.

 

(b) The vendor shall, without additional cost, provide to the purchaser a five-year guarantee of parts and service, that such voting systems equipment shall be kept in good working order and that other statutory requirements are met.  Shipping costs for any factory repairs or part replacement will be incurred by the vendor. 

 

(c) The vendor shall provide to the purchaser of said voting systems  equipment a detailed listing of proper maintenance, storage and transportation procedures to be carried out by each purchaser.

 

(d) The vendor and the purchaser shall agree in writing as to the proper maintenance procedures to be implemented on each piece of equipment and shall further agree in writing as to the obligations of each party for servicing and maintenance procedures.

 

(e) The vendor must correct any problems or defects in the voting equipment or voting systems within a commercially reasonable time period.  If the time for resolving problems or defects is insufficient to allow for adequate resolution prior to use in an election, an alternate machine or unit shall be provided by the vendor, and such machine or unit shall be subjected to the acceptance testing requirements of these Regulations. 


(f) The vendor shall provide the purchaser with the criteria necessary for the proper operation of the voting system or equipment at a polling place.

 

(3) Polling site survey

 

(a) The vendor, together with the purchaser, shall survey the present polling places in a jurisdiction to which its voting system or equipment has been sold, to determine whether or not such polling places meet environmental conditions for the proper operation of the voting system or equipment.  This provision shall apply to those polling places which are in use at the time of the proposed sale.

 

(b) If any polling places are not compatible, the vendor shall advise the jurisdiction purchasing the voting system or equipment on the methods or procedures that the said jurisdiction may use to remedy any such problem.

 

(4) Additional Requirements   

 

(a) delivery deadline for a minimum of 10% (ten percent) of the systems or machines ordered by a county shall be not less than six months prior to the first election in which said units shall be used.  The deadline for the delivery of the balance of systems or machines ordered shall be not less than three months prior to the first election in which they are to be used or if the contract is for ten or less units, the delivery deadline is not less than one month prior to such election;

 

(b) acceptance testing requirements;

 

(c) storage and maintenance responsibilities; and

 

(d) shipping delivery guidelines and requirements.

 

(e) a list of system proprietary and non-proprietary consumables, extended warranties, services, and other such items as may be considered by county boards for purchase, with the exception of programming, as county boards are prohibited from contracting with a vendor for programming services.       

 

B.  A vendor entering into a contract shall affirm that;

 

(1)  the submitted voting system complies with all applicable rules adopted by the State Board, and with all applicable 2005 Federal Voting System Guidelines;

 

(2)  the vendor will quote and provide a statewide, uniform price for each unit of the voting system’s equipment;

 


(3)  the submitted voting system’s software does not contain any code, procedures or other material (including but not limited to ‘viruses’, ‘worms’, ‘time bombs’, and ‘drop dead’ devices that may cause the voting system to cease functioning at a future time), which may disable, damage, disarm or otherwise affect the proper operation of the voting system, any hardware, or any computer system or other property of the State Board or county board, and;

 

(4)  any submitted voting system provides methods through security seals or device locks to physically secure against attempts to interfere with correct system operations.  Such physical security shall guard access to machine panels, doors, switches, slots, ports, peripheral devices,  firmware, and software.

 

C.  The Vendor shall post a bond or letter of credit to cover any and all expenses, costs, and damages, including but not limited to all costs of inspecting or testing a voting system that does not meet the standards contained in these Regulations and all costs incurred in conducting any new election resulting from any breach of the warranties and representations required to be made anywhere in these Regulations, or in the New York State Election Law.  Said bond or letter of credit shall be set by the State Board.  

 

D.   For purposes of the initial purchases of voting machines and systems, pursuant to the federal Help America Vote Act of 2002, and the state Election Reform and Modernization Act of 2005, all contracts entered by the State Board or county boards with vendors, must comply with Office of General Services (OGS) regulations on Purchasing Procedures and Purchases from Preferred Sources, found in NYCRR Title 9, Subtitle G, Subchapter A, Part 250, section 250.0 through and including section 250.11.

 

Section 6209.10 Acceptance Testing

 

A.  County boards, under the supervision of the State Board, shall conduct a public acceptance test on each unit of any voting system purchased by such county.  Such acceptance testing shall begin within seventy-two hours of delivery of the equipment from the vendor to the purchaser and shall be completed prior to the use of the equipment in any election.

 

B.  Such testing shall be conducted under the supervision of the State Board in accordance with the testing requirements and formats provided by the State Board.  This test may consist in part, of the original certification test deck as utilized by the State Board in the certification of the system.

 

C.  Acceptance testing for voting systems shall include the comparison of software installed on the delivered system to certified software, via the use of a Secure Hash Signature Standard (SHS) validation program, contained in Federal Information Processing Standards Publication 180-2 issued by the National Institute Standards Technology.

 


D.  Acceptance testing for non-PC-based voting systems shall include testing to be prescribed  by the State Board at the time of system selection, pursuant to 6209.5(i) of these Regulations, to verify that the voting system delivered to the county board is identical to the system certified by the State Board.

 

E.  The results of acceptance testing shall be both documented and attested to by the county board and the State Board, and the documentation placed in the maintenance log for the system, and on file with the State Board.

 

F.  If the acceptance test reveals any impropriety or fault in the ballot counting system’s equipment, the vendor must make corrections to such improper or faulty equipment within 15 days from the date of such acceptance testing.

 

G.  The State Board, upon its review of the acceptance testing of such system’s  equipment may, at its discretion, rescind certification of said equipment in the State of New York in accordance with the provisions of Section 6209.8 of these regulations. 

 

Section 6209.11      Temporary Provision

 

Notwithstanding any other regulation, no voting machine certified after May 1, 2006 may be used in any election until the State Board adopts regulations for routine maintenance and testing, voting system operations procedures, and central count procedures.