Stella Anderson's Motion To Enforce Cyber-Security for Voting in North Carolina

Text of the motion made by Stella Anderson at the conclusion of last Thursday's state Board of Elections (SBOE) meeting. The purpose and the effect of her motion were discussed here, also last Thursday, and the particulars of the 3-2 vote that passed it.

It's technical and specific in forcing the state to verify certain safety checks on electronic voting machines:

State Board staff shall provide documentation of the State’s post-EAC testing/examination to meet each of the following requirements of G.S. 163A-1115 (e):The State Board’s (or independent expert’s) review of the vendors’ source code in the following required areas of focus:

• Security

• Application vulnerability

• Application code

• Wireless security

• Security policy and processes

• Security/privacy program management

• Technology infrastructure and security controls

• Security organization and governance

• Operational effectiveness

If documentation is unavailable, please provide the rationale, or waiver granted.

• Provide documentation of source code delivery placed in escrow (when delivered, current custody).

• State Board staff shall also provide a response to the following: NCSBE’s Elections Systems Certification Program – 3.4.1.1 states “The voting system or equipment must meet the requirements contained in the most recent version or versions of the Voluntary Voting System Guidelines (VVSG) currently accepted for testing and certification by the U.S. Election Assistance Commission (EAC).” Why would NCSBE certify equipment EAC-certified under VVSG 1.0 (2005), rather than VVSG 1.1 (2015)?