Electronic Poll Book Security
Insecure about electronic poll book security? You don't have to be.
“Numerous witnesses before the Commission testified to the extraordinary value that they have derived from the use of electronic poll books.”
The American Voting Experience: Report and Recommendations of the Presidential Commission on Election Administration.
Innovations in election technology benefit jurisdictions throughout the United States on a daily basis. Yet, such technology can keep election officials like you up at night. What you don’t know can cost you time, money and even an election. When a vendor tells you that they provide “the highest level of security,” what does that really mean to you? While this article takes you through security considerations when purchasing an electronic poll book (ePollbook), much of the information can be applied to other elections technology systems as well.
First, let’s define what you need to be secure against when purchasing an ePollbook or other elections software and hardware. There are four primary threats:
- Purposeful Attacks or Viral Intrusions. This includes hackers, malware and viruses. These invasions may be directed specifically to your jurisdiction or intended for multiple sectors.
- At-the-Polls Trouble Makers. These are the individuals who try to “outsmart” the system. Some are trying to influence an election outcome while others are “testing” your security to see what they can slip past you. Others may try to steal equipment or data.
- Human Error. Unlike the trouble makers, these problems are caused by well-meaning pollworkers or other employees who simply make a mistake or just don’t know that their actions could compromise security.
- Outdated Technology. The hardware and operating software you purchase has a determined lifespan. Depending on what you purchase, your security updates range from around a year to more than 10 years. When you stop receiving security updates, your entire system is vulnerable.
Security Against Threats
Here are several priority questions to ask your current and potential vendors who supply elections technology products and services. These questions can protect you from attacks, intrusions, trouble-makers, human error or outdated technology.
Ask: How do you protect our data from attacks?
Giving an outside company access to your data can feel like you’re handing over your newborn to the babysitter for the first time. You want to ensure that your data is safe and secure from strangers throughout the elections process. This is quite important if you are considering live connectivity.
The first concern should be protection of the entire database provided to the vendor. Where is this data stored? Who has access to the data? If it is stored on Internet servers, are these privately controlled servers or public servers? The advantage to Cloud computing is that your data is stored on multiple servers for reliability and speed. Unfortunately, that also means that the data is not specifically under anyone’s direct control. You may decide this is an acceptable risk, but it is a risk you should understand.
For data stored on the electronic poll books, how is that data protected from unwanted access? You want the pollworker account in your ePollbooks to be “hardened” to avoid accidental or malicious tampering. As part of the hardening process, you want the vendor to fully test the software—trying to break into the system and work to prevent that possibility. Ask if the vendor’s facility and applications are PCI compliant. This involves securing their data center, software and facility. Detailed security procedures should be present as well as mandatory background checks on all employees. One way to evaluate this risk is to ask the vendor how they would access the data on their device. Then ask how to secure against that.
In addition to protecting the physical data, it is important to consider protecting the transmission of data. There are several options for providing data security within connected environments, including:
- SSL Security (Secure Sockets Layer). This protocol creates a secure connection between a client and the server to send data. The cryptographic system uses two keys to encrypt data. So, for instance, all traffic between your ePollbook and server would be SSL encrypted.
- Software VPN (Virtual Private Network). VPN, a private communications network, allows confidential communication within a company or by several companies and organizations. A software VPN is easier to set-up, but often requires more interaction from the pollworker to Login to the VPN.
- Hardware VPN. This type of VPN provides greater security and ease-of-use for the pollworker but requires that each polling place have a VPN router, which adds to the cost and the complexity of the initial set-up.
- VWPN (Verizon Wireless Private Network). A VWPN can be used in conjunction with other technologies as well. This type of network provides isolation and can help prevent issues with public networks including some DDOS (Distributed Denial of Service).
Ask: What do you offer to limit user access?
Find out what control methods are in place for accessing software and data. You want role-based security, so clarify what type of restrictions and permissions users are granted. You want multiple levels of authentication within your ePollbook including machine-level, application-level and connection-level authentication. Separate passwords with differing security levels can be issued to personnel based on their authority level and function. Role-based security allows you to determine which functions are available to each user.
Ask: What happens if someone misplaces or steals our ePollbook?
This is a good concern to consider, but we also have to remember that paper poll books have this same risk. In fact, it is a greater risk with a paper poll book because there is no electronic backup of signatures, check-in’s, etc. Nonetheless, it is important to consider this risk. The first thing is to consider what data is stored on the electronic poll book. In many cases, the voter rolls are public data anyway and could be obtained from your office or the State Board of Elections. So the greater concern would be any sensitive data that is not publicly available such as DOB, Driver’s License, SSN, etc. It is important to ensure that such information is encrypted on the device. So that even if an ePollbook is stolen, there is no breach of voter privacy. The other measure has to do with destroying or recovering stolen voter data. Some vendors may be able to have the data self-destruct after the election. And many hardware devices include software for tracking stolen equipment such as LoJac®.
Ask: How long will this product receive security updates?
This is actually one of the most important questions and is surprisingly rarely raised. New threats, exploits and viruses are constantly being discovered which cause operating system vendors to put out regular security patches to the system. Without these patches, a system can quickly be breeched by hackers. Any consumer products such as iPads and Android tablets will have a relatively short window of security updates, because the manufacturers assume you will replace the device every 1 to 2 years. These devices are designed as personal entertainment devices and are not built for on-going organizational security. Windows, on the other hand, is built for business and routinely has security updates for their operating systems for 10 or more years. This is one of the risks to take into account as you consider any technology purchase.
Electronic poll books and other innovative technologies can save your jurisdiction money, enhance your constituents’ voting experience and make every aspect of your election process much smoother. Don’t let your insecurities about security keep you from implementing time and money-saving technology. Instead, arm yourself with the right questions, gather the information and act on the facts.