Voting System Security Technology
Security and auditability are of paramount importance to Hart InterCivic. The Hart Voting System and the Verity Voting system are regulated, tested and certified at both the federal and state levels. They have both been proven to be secure and accurate, successfully capturing and reporting millions and millions of votes across nearly 800 jurisdictions representing over 26 thousand precincts and nearly 30 million registered voters.
Security comes not only from hardware/software technology features, but also from the people who use the systems and the procedures they follow. Hart provides training courses for system operators and election officials, which includes security topics, physical device configuration, and data transfer. Hart encourages jurisdictions to utilize best practices to mitigate risks. Some include:
- Employing a chain of custody processes throughout all pre/during/post-election activities, physical numbered and logged security seals on devices, and experienced trusted election workers on staff
- Conducting Acceptance Testing upon receipt of equipment
- Pre‐Election Logic and Accuracy Testing (conduct as provided under your respective State law)
- Post- Election auditing by inspecting the precinct totals and comparing to the cumulative totals
For more information on election security operational best practices, click here.
Hart voting systems incorporate a well-defined, end-to-end defense-in-depth (multi-layer) security strategy across all software and hardware elements.
To be awarded certification at the federal level, by the EAC, and to attain state certification, which is required in many states, voting systems must meet or exceed established security standards. Certified voting systems adhere to standards designed to ensure that systems accurately record votes the way they are cast. Security standards include protections against tampering or manipulation and cover requirements for physical security of the equipment and ballots, features that prevent connection to the internet or a network during the voting period, auditing capabilities and more.
Hart’s current voting system – Verity Voting – reflects the very latest best practices in system security. Across all software elements and across all devices, Verity puts security first. Verity also supports the most sophisticated and thorough post-election audit processes.
- Hart systems are designed, engineered and manufactured in the United States of America.
- Hart systems, including devices and workstations, have never included remote access software (such as pcAnywhere); Hart voting systems HAVE NEVER been and WILL NEVER be remotely accessible by Hart or by anyone else.
- Hart systems use application whitelisting, a more effective form of anti-virus, that prevents any unauthorized program, application or code from running on any voting system device or workstation.
- Cast vote record data is digitally signed using NIST-compliant FIPS 140-2 cryptographic modules.
- Data is stored in multiple redundant locations, ensuring no loss of data and easy detection of any attempts to manipulate data.
- Voting devices and workstations operate in “kiosk” mode, ensuring the user can only access those parts of the system which are required for election operation.
- Two-factor authentication is required to ensure access to critical functions is limited to authorized users; role-based profiles ensure that users may only access those parts of the system which they need to do their job.
- Hart systems support the most rigorous post-election audits.
- Throughout all phases of operation, all Verity system components maintain complete audit logs. Every Verity application thoroughly logs all user authorization/authentication, data entry, user interaction, vote adjudication and system events
- Election managers can print or export audit logs from each application, using easy-to-use report ﬁltering to access precise information, for audits
Verity Physical Security Features
External cards, drives or other devices can NOT be inserted by voters into any Hart voting device, nor can executable code be hidden and run from voting system media cards.
Verity devices utilize specific physical features to prevent physical tampering. Access controls include:
- Keyed locks
- Tamper-evident seals
- Non-standard ports that only fit Hart-proprietary cables and devices and prevent insertion of standard, commercial-off-the-shelf cables
- Non-standard electrical wiring in strategic areas
- Two-factor authentication devices to secure access to critical election management functions
Hart recommends our customers deploy strong Chain of Custody processes including all pre-election programming, transport to polling locations, set up and operation within a polling location, pack-up and transport back to central office and storage between elections.
Hart Voting System (HVS) Security
For those jurisdictions using the Hart Voting System, election officials and voters benefit from specific features designed to deliver high performance and reliable security, resulting in a high degree of confidence:
- Security has been a fundamental design concept for the Hart Voting System from the beginning.
- The Hart Voting System includes both physical and electronic intrusion detection controls, such as standard election seals and time-stamped transaction logs that record every system action related to the voting process.
- The Hart Voting System provides:
- Digital encryption to protect data.
- Multiple memory storage of cast ballot data.
- Self-contained components that are not externally networked.
- Thorough audit logs that provide transparency.
- Malicious code, or any executable software, cannot be run off of the data card from the polling place. The technology simply doesn’t support this scenario.
- Once a vote is cast on the eSlate system, multiple copies of the electronic ballot are saved simultaneously in different locations (on the eSlate, on the JBC and on the MBB which is inserted in the JBC), making lost data or undetectable fraud virtually impossible.
- The eSlate’s SELECT Wheel™ interface does not require calibration like older touch screen systems. There is no chance of false touches due to ballot images that are misaligned with touch sensors.
- The eSlate has no external openings that could create a breach in the system’s security that might provide access for creative hackers or others seeking to tamper, subvert, or vandalize the system or the election.
- The system’s eSlate® device allows the voter to double-check the ballot before casting it.
- Each of the vote records can be verified and audited for security and accuracy.
- The eScan provides triple redundancy of the voter’s choices: on the MBB flash memory card, within the eScan memory, and on the original marked paper ballot.
- The scanned paper ballots are secured in a locked ballot box connected to the eScan.
- The eScan also provides an electronic audit log that records all actions performed on the device with a date-time stamp.
- The audit log can be printed out as needed by the jurisdiction.
Neither Hart system is ever, in any way, connected to any of the following:
- Intranet or in-ofﬁce networks
- Voter rolls/registration
- Voter personal data
- Other county election office applications
- Campaign/donor information
- Party/campaign volunteer information or schedules
- Voter communications regarding times/locations for early or Election Day voting
- Email systems
Altogether, these features are part of securing elections, making sure that every vote is accurately recorded, the voting process is transparent to voters, and results are auditable. Security is a key element in providing fair and accurate elections for all voters.