BILL NUMBER: AB 852	INTRODUCED
	BILL TEXT


INTRODUCED BY   Assembly Member Krekorian
   (Principal coauthor: Assembly Member Levine)

                        FEBRUARY 22, 2007

   An act to add Section 19213.5 to the Elections Code, relating to
voting systems.


	LEGISLATIVE COUNSEL'S DIGEST


   AB 852, as introduced, Krekorian. Voting system certification:
vendors.
   Existing law prohibits the Secretary of State from approving any
voting system or part of a voting system, unless it fulfills
specified state law requirements and regulations. Existing law also
requires the secretary to study and adopt regulations governing the
use of voting machines, voting devices, vote tabulating devices, and
any software used for each.
   This bill would prohibit the secretary, as of June 30, 2008, from
approving a voting system for use in an election until its operation
and specifications are publicly disclosed. The bill would also
require a vendor applying for voting system certification, as of June
30, 2008, to comply with specified conditions and also require the
secretary to place specified information on the secretary's Web site
by that date. It would require the secretary, no later than June 30,
2008, to establish a public review process that allows any member of
the public to review voting system software based on the information
required to be disclosed pursuant to these provisions. Voting systems
already certified by the state would be required to comply with the
disclosure requirements on or before January 1, 2012.
   Vote: majority. Appropriation: no. Fiscal committee: yes.
State-mandated local program: no.


THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS:

  SECTION 1.  The Legislature finds and declares all of the
following:
   (a) Current state law requires that the vote counting process be
publicly observable. Current state law does not provide, however, a
means for the public to provide oversight of vote tabulation by
electronic voting systems. Electronic voting system vendors are not
required to disclose voting system hardware specifications and the
manufacturer-created computer software that is installed in the
device is secret and proprietary. The people of California must have
the right to know how their votes are counted. All details of
election administration must be made freely available to the entire
public in a regular and systematic way.
   (b) Vendors shall be required to disclose relevant technical
details of the hardware and software contained within the voting
system for which they are applying for state certification. The
Secretary of State shall manage a process whereby the public can
obtain technical information free of charge, including computer
source code, relevant to voting systems under review for
certification as well as systems that have obtained state
certification.
  SEC. 2.  Section 19213.5 is added to the Elections Code, to read:
   19213.5.  (a) For purposes of this section, the following terms
have the following meanings:
   (1) "COTS" means a common off-the-shelf component that is
manufactured in large quantities and is widely available for use in
any electronic device.
   (2) "General purpose COTS devices" means a COTS component intended
for use in any electronic device, voting system, or otherwise.
   (3) "Voting system" means any computerized machinery used in a
public election to present one or more contests to voters, to obtain
voter choices, to verify voter choices, to store voter choices, to
communicate voter choices via digital or analog means of
transmission, to tabulate voter choices, or to present partial or
full results of one or more contests.
   (4) "Voting system-specific" means a hardware or software
component manufactured specifically for use in a voting system.
   (5) "Vendor" means any person, partnership, corporation, or other
entity that offers a voting system, whether for money or not, to the
state, to any county, or city of the state, or to any governmental
agency.
   (6) "Source code" means computer instructions written by
programmers.
   (7) "Open source" means publicly disclosed source code licensed
under a free or open source software license certified by the Open
Source Initiative (OSI) as conforming to their Open Source Definition
(OSD). The Secretary of State may approve an open source license for
voting systems not certified by OSI; however, in that event, the
secretary shall make findings that the license meets the OSD.
   (8) "Compiler" refers to software that translates human-readable
source code into digital computer commands.
   (9) "Compiler script" refers to vendor specific instructions used
in the compilation of source code.
   (10) "Checksums" refer to the results of error correction tests
performed by voting system software.
   (b) By June 30, 2008, the Secretary of State shall not approve a
voting system for use in any election until all details of its
operating system and specifications are publicly disclosed. A voting
system certified prior to June 30, 2008, shall comply with the
disclosure requirements of this section on or before January 1, 2012.

   (c) By June 30, 2008, an application for voting system
certification in this state shall be subject to both of the
following:
   (1) The public's right to inspect and test the voting system, to
retain test materials, test results, and to freely publish the same
openly.
   (2) A promise to refrain from exerting any copyright, trade
secret, or other rights that it may have to hinder any member of the
public from exercising the rights under paragraph (1) of this
subdivision.
   (d) The Secretary of State shall require reasonable notice of
public testing and that the tests be performed in a manner that does
not burden the vendor with significant costs beyond those of making
the voting system available.
   (e) The materials to be made freely available to the public
include all of the following:
   (1) All voting system specific source code.
   (2) Detailed instructions for building the software from source
code, including name and version of compiler used, compilation
scripts, and checksums.
   (3) Any vendor-authored proprietary binaries used in the
compilation of source code for voting systems.
   (4) Voting system-specific hardware, complete specifications,
drawings, and schematics.
   (5) General purpose COTS components described in detail, including
versions and dates of manufacture.
   (f) By June 30, 2008, the Secretary of State shall establish and
maintain a Web page on the Internet to provide all of the following:
    (1) Free download of materials pertaining to each voting system
certified or under consideration for certification.
   (2) A system for acquiring and processing input from the public.
   (3) A reporting system to inform the public on findings, problems
reported, problem resolution, and comments from the Secretary of
State, the public, and vendors.
   (4) Standards used by the Secretary of State for evaluating voting
systems, including test plans and specific test cases employed.
   (g) The Secretary of State, no later than June 30, 2008, shall
establish a public review process that allows any member of the
public to review voting system software based on the information
required to be disclosed pursuant to this section.
   (h) For products submitted for state certification that are open
source for all unmodified COTS components, the Secretary of State
may, at his or her discretion, elect to forego the federal
certification requirement and certify the product using a special
process established by the secretary for this purpose.
   (i) Any member of the public shall have access to other elections
information, including:
   (1) All information necessary to validate elections must be
produced by the voting system and its accompanying elections
procedures.
   (2) When information to validate the election is requested, it
must be provided before recount and contest periods have expired.
   (3) The information must be provided in a usable and
cost-effective manner.
   (4) There will be no restrictions imposed by proprietary claims,
nor shall access to information be exclusively placed outside of
governmental custody.
   (5) Validating information must include proof that hardware and
software certified for use is the same claimed to have been used.