BILL NUMBER: AB 852 INTRODUCED BILL TEXT INTRODUCED BY Assembly Member Krekorian (Principal coauthor: Assembly Member Levine) FEBRUARY 22, 2007 An act to add Section 19213.5 to the Elections Code, relating to voting systems. LEGISLATIVE COUNSEL'S DIGEST AB 852, as introduced, Krekorian. Voting system certification: vendors. Existing law prohibits the Secretary of State from approving any voting system or part of a voting system, unless it fulfills specified state law requirements and regulations. Existing law also requires the secretary to study and adopt regulations governing the use of voting machines, voting devices, vote tabulating devices, and any software used for each. This bill would prohibit the secretary, as of June 30, 2008, from approving a voting system for use in an election until its operation and specifications are publicly disclosed. The bill would also require a vendor applying for voting system certification, as of June 30, 2008, to comply with specified conditions and also require the secretary to place specified information on the secretary's Web site by that date. It would require the secretary, no later than June 30, 2008, to establish a public review process that allows any member of the public to review voting system software based on the information required to be disclosed pursuant to these provisions. Voting systems already certified by the state would be required to comply with the disclosure requirements on or before January 1, 2012. Vote: majority. Appropriation: no. Fiscal committee: yes. State-mandated local program: no. THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS: SECTION 1. The Legislature finds and declares all of the following: (a) Current state law requires that the vote counting process be publicly observable. Current state law does not provide, however, a means for the public to provide oversight of vote tabulation by electronic voting systems. Electronic voting system vendors are not required to disclose voting system hardware specifications and the manufacturer-created computer software that is installed in the device is secret and proprietary. The people of California must have the right to know how their votes are counted. All details of election administration must be made freely available to the entire public in a regular and systematic way. (b) Vendors shall be required to disclose relevant technical details of the hardware and software contained within the voting system for which they are applying for state certification. The Secretary of State shall manage a process whereby the public can obtain technical information free of charge, including computer source code, relevant to voting systems under review for certification as well as systems that have obtained state certification. SEC. 2. Section 19213.5 is added to the Elections Code, to read: 19213.5. (a) For purposes of this section, the following terms have the following meanings: (1) "COTS" means a common off-the-shelf component that is manufactured in large quantities and is widely available for use in any electronic device. (2) "General purpose COTS devices" means a COTS component intended for use in any electronic device, voting system, or otherwise. (3) "Voting system" means any computerized machinery used in a public election to present one or more contests to voters, to obtain voter choices, to verify voter choices, to store voter choices, to communicate voter choices via digital or analog means of transmission, to tabulate voter choices, or to present partial or full results of one or more contests. (4) "Voting system-specific" means a hardware or software component manufactured specifically for use in a voting system. (5) "Vendor" means any person, partnership, corporation, or other entity that offers a voting system, whether for money or not, to the state, to any county, or city of the state, or to any governmental agency. (6) "Source code" means computer instructions written by programmers. (7) "Open source" means publicly disclosed source code licensed under a free or open source software license certified by the Open Source Initiative (OSI) as conforming to their Open Source Definition (OSD). The Secretary of State may approve an open source license for voting systems not certified by OSI; however, in that event, the secretary shall make findings that the license meets the OSD. (8) "Compiler" refers to software that translates human-readable source code into digital computer commands. (9) "Compiler script" refers to vendor specific instructions used in the compilation of source code. (10) "Checksums" refer to the results of error correction tests performed by voting system software. (b) By June 30, 2008, the Secretary of State shall not approve a voting system for use in any election until all details of its operating system and specifications are publicly disclosed. A voting system certified prior to June 30, 2008, shall comply with the disclosure requirements of this section on or before January 1, 2012. (c) By June 30, 2008, an application for voting system certification in this state shall be subject to both of the following: (1) The public's right to inspect and test the voting system, to retain test materials, test results, and to freely publish the same openly. (2) A promise to refrain from exerting any copyright, trade secret, or other rights that it may have to hinder any member of the public from exercising the rights under paragraph (1) of this subdivision. (d) The Secretary of State shall require reasonable notice of public testing and that the tests be performed in a manner that does not burden the vendor with significant costs beyond those of making the voting system available. (e) The materials to be made freely available to the public include all of the following: (1) All voting system specific source code. (2) Detailed instructions for building the software from source code, including name and version of compiler used, compilation scripts, and checksums. (3) Any vendor-authored proprietary binaries used in the compilation of source code for voting systems. (4) Voting system-specific hardware, complete specifications, drawings, and schematics. (5) General purpose COTS components described in detail, including versions and dates of manufacture. (f) By June 30, 2008, the Secretary of State shall establish and maintain a Web page on the Internet to provide all of the following: (1) Free download of materials pertaining to each voting system certified or under consideration for certification. (2) A system for acquiring and processing input from the public. (3) A reporting system to inform the public on findings, problems reported, problem resolution, and comments from the Secretary of State, the public, and vendors. (4) Standards used by the Secretary of State for evaluating voting systems, including test plans and specific test cases employed. (g) The Secretary of State, no later than June 30, 2008, shall establish a public review process that allows any member of the public to review voting system software based on the information required to be disclosed pursuant to this section. (h) For products submitted for state certification that are open source for all unmodified COTS components, the Secretary of State may, at his or her discretion, elect to forego the federal certification requirement and certify the product using a special process established by the secretary for this purpose. (i) Any member of the public shall have access to other elections information, including: (1) All information necessary to validate elections must be produced by the voting system and its accompanying elections procedures. (2) When information to validate the election is requested, it must be provided before recount and contest periods have expired. (3) The information must be provided in a usable and cost-effective manner. (4) There will be no restrictions imposed by proprietary claims, nor shall access to information be exclusively placed outside of governmental custody. (5) Validating information must include proof that hardware and software certified for use is the same claimed to have been used.