Author: Kim Strach, Executive Director
This numbered memo summarizes directives regarding certain devices and data handling ahead of early voting and Election Day. Please share this numbered memo with your county IT office and work closely with them to ensure appropriate implementation of these procedures and compliance with your county’s particular IT policies.
Laptops
Laptops may contain critical security information, including SEIMS access and proxy/VPN access that allows the laptop to access county networks remotely. It is critically important that CBEs secure those laptops.
Limiting Access
- Login credentials must be traceable to individuals. CBEs shall limit access to authorized persons. Laptop login credentials must vary (you may not have one username/password or generic usernames/passwords for all laptops).
- Shorten screen lock-out times. Set short screen lock times. Lock down the workstation with a short timeout period to ensure that computers or laptops are not accessible when not currently in use.
- Logout when unattended. Prior to leaving a laptop unattended, the laptop must be logged out and locked down to prevent unauthorized access.
- Block remote access. Remote access to laptops with SOSA or any SEIMS application is not permitted. This means that you may not give another person the ability to access SOSA or a SEIMS application from another computer.
- Secure laptop locations. Laptops shall not be left unattended in public spaces. All locations with laptops must be locked unless attended by CBE staff or elections officials.
Securing Data
- Encrypt hard drive. You must encrypt the entire hard drive on any laptop containing SOSA software or other SEIMS programs. Encryption helps ensure data is secure if the laptop is stolen, returned, or recycled without proper wiping.
- Follow county IT policies. Comply with all applicable county information technology computer or laptop policies and procedures.
Third-Party Access
- Block remote access. Under no circumstances may the CBE authorize remote access or control by any third party or vendor to any system or device that contains a SEIMS application. Remote access includes but is not limited to desktop control, drag-and-drop file transfer and any connection that authorizes a third party to control a device with SOSA or any SEIMS application loaded, or which will have SOSA or any SEIMS application loaded.
- Protect access by agreement. Some counties rent laptops rather than maintain their own stock for precincts and early voting. Any use of a third-party laptop service must:
- Be covered by data protection/confidentiality agreements approved by your county attorney;
- Provide for the encryption of all devices;
- Provide for the destruction of all data once the device is returned;
- Ensure adherence to all policies contained in this numbered memo.
Network Connectivity
- If network connectivity is required to any State election server, that communication pathway must be secured by either:
- A point-to-site encrypted VPN from the device to the network location of the state election server; or
- A site-to-site VPN, which may be used only if the SOSA laptops are the only devices on the network site connecting to the site with the state election server.
- If network connectivity is required at the site with SOSA installed, counties should opt for a wired connection. Wireless connectivity is only allowed if SSIDs are not broadcasted, strong passwords are used, and wireless encryption is implemented.
Traceability
- Ensure SOSA usernames trace to one (and only one) SOSA user. Sharing user accounts and generic user accounts are prohibited.
Clearing Devices After Election
- Desktops and laptops with SOSA or other electronic poll book data installed shall be properly erased after each election, unless they are needed for an investigation. If these devices need to be retained, they must be physically secured and the chain of custody maintained. CBEs must ensure compliance with any directive of the State Board Office regarding retention of desktops and laptops, as that data could become important to an investigation.
- Portable data storage devices (ex. USB sticks) should not be recycled.
USB Sticks
USB sticks and any device connected to voting equipment and laptops should be securely maintained. The below guidance addresses the use of USB sticks during the coming election and thereafter:
Mock Election
- Counties should need only one USB drive to transfer all files from your Unity PC to SEIMS for the Mock Election. Perform your logic and accuracy (L&A) testing as instructed and generate all files/reports (ASCIIs, Block Style Reports, etc. — you will need to rename them appropriately), which may then be copied onto a single USB drive.
One-Stop
- Best practice is to use one USB drive per SOSA machine per day to transfer data from the site to the office. At minimum, you will need one USB drive per site to transfer data back out to those SOSA machines.
Election Night
- On Election Night you will need several USB drives, one for each ASCII file you transfer to your SEIMS workstation to import into Election Reporting. How many such transfers you perform will depend on many factors, but you must be sure to use a clean USB drive each time.
After You Have Used the USB Drive
- Do not delete the data on the USB drive.
- Place the USB drive in a coin envelope, write the precinct or voting location, and then sign, date, and seal the envelope. You may use pre-printed labels for this purpose.
- For Mock Election Records:
- The USB drive has become a “record of machine testing” and thus falls under the category of “Voting Machine Lists, Testing Records, and Certifications” for the purposes of records retention:
- (a) Destroy in office inventories, warranties, and registration data after the voting systems are no longer in use and have been disposed of as authorized by the SBE.
- (b) Destroy certifications and machine testing related records 5 years after the certification of the election the machine was tested for.
- (c) Destroy in office remaining records when superseded or obsolete.
- The USB drive has become a “record of machine testing” and thus falls under the category of “Voting Machine Lists, Testing Records, and Certifications” for the purposes of records retention:
- For Election Night and One Stop records:
- The USB drive is now considered an “list documenting registered electors and votes cast” and thus falls under the category of “Poll List/Registration List/Roster/Authorization to Vote (ATV)” for the purposes of records retention:
- Federal Election: Destroy in office 22 months after certification records concerning a primary, general, or special election involving federal offices.
- Non-Federal Election: Destroy in office 2 months after certification records concerning a primary, general, or special election not involving federal offices.
- The USB drive is now considered an “list documenting registered electors and votes cast” and thus falls under the category of “Poll List/Registration List/Roster/Authorization to Vote (ATV)” for the purposes of records retention:
- When the USB drives meet their retention requirement date, delete all data from and reformat the drives. Best practice is to destroy all records that have met their retention requirements at the same time. If you choose not to destroy the USB drives, it is necessary to securely wipe the data on that drive before repurposing a stick for non-election purposes (this may require reformatting and other measures). USB drives cannot be reused for voting processes.
Paper Poll Book Backups Election Day
Counties are to maintain paper poll book back-ups on Election Day in case electronic poll books fail. This scenario occurred in one of our counties in 2016 and some precincts did not have a paper poll book. Staff had to undertake emergency measures to deploy needed paper back-ups across the county on short notice and under difficult circumstances.
Stylus for Touch-Screen Voting Machines
It remains best practice for all counties using touch-screen voting machines to provide a stylus for use by the voter. Styluses must be purchased off the shelf. Alternatively, the eraser end of unsharpened pencils has been used as a cost-effective means to help ensure voters’ selections are recorded without incident.
Required Cybersecurity Training
Cyberattacks represent a very real threat to the integrity and transparency of our elections. Protecting against online threats begins with understanding how these attacks occur and protecting ourselves from these attacks. It is critical that every employee understand cybersecurity and how to protect themselves and their office from attack.
Our Agency is instituting a mandatory online security awareness training program for all employees at county boards of elections. Our security awareness training will be provided by Security Mentor (securitymentor.com), in conjunction with the training department of the N.C. State Board of Elections and Ethics Enforcement. The training is easy to access, completely web-based, and is relevant, fun, and interactive.
All county directors and staff of county boards of elections must complete this training prior to the beginning of one-stop early voting. If you have not provided staff information requested by Ted Fitzgerald, please do so no later than noon, Thursday, Oct. 4. The training department will provide more detailed information on when and how to access the training modules in a separate email after the Thursday deadline.
Together we will do everything possible to secure our elections. Thank you for your commitment.