How the County of Santa Clara Protects our Votes
Beginning with the 2020 elections, County of Santa Clara voters have a more modern voting experience under the Voter’s Choice Act. In-person voting takes place at larger Vote Centers established throughout the County, equipped with updated voting technology.
Learn how to use the voting system
Broken down into three categories, the information below is an overview of how the County protects our votes using certified voting systems and following security regulations, security practices at the Registrar of Voters main office and at our community Vote Centers, ballot drop-box security features and regulations, and key security rules in place during ballot processing. You may also find our list of frequently asked questions about election security and administration helpful.
Key Voting System Security Regulations
Federal and State Certification is Required
Before a state can use a voting system to conduct a federal election (for elected offices like President and Congress), it must be tested and certified by the United States Election Assistance Commission (EAC). For more information on the EAC as well as voting systems used in the United States and how they are tested at the federal level, visit the Election Assistance Commission.
In California, before a voting system can be used in any election, it must be certified by California’s Secretary of State’s Office of Voting Systems Technology Assessment, meeting certain standards for functionality and security. This applies to voting equipment used by a voter at a Vote Center (or polling place) and the vote tabulating equipment the election official uses to centrally tabulate Vote by Mail, Provisional, and Conditional Voter ballots.
California’s strenuous voting system certification program requires months of review and testing, including source code review, volume tests, security testing and attempts to “break into” the voting system, and tests to provide accessibility for voters with physical and language assistance needs. For more information on the State’s certification process and standard requirements, visit the Office of Voting Systems Technology Assessment.
At minimum, voting systems in California must:
- Meet or exceed federal standards (as approved by the US Election Assistance Commission)
- Preserve the secrecy of the ballot
- Be safe from fraud or manipulation
- Be accessible to those with physical or language assistance needs
- Use paper ballots that remain intact and readable for the maximum retention period of eight (8) years
- Enable the election official to conduct a risk-limit audit using ballot level review
- Must not allow a voter to produce and leave the voting booth with a copy of their voted ballot
Information on California’s current Risk-Limit Audit regulations can be found in Sections 20110 – 20126 of the California Code of Regulations.
In addition, California also mandates certified systems meet a minimum of three key security factors:
- No part of the voting system shall be connected to the Internet at any time
- No part of the voting system shall receive or transmit election data electronically through exterior communication networks or telephones
- No part of the voting system shall receive or transmit wireless communications or wireless data transfers
County Elections Officials Must Test and Audit Systems Every Election
Before using voting equipment in any election, the Registrar of Voters (ROV) must:
- Perform a full system hardware and software review on every unit for physical integrity, functionality, and a diagnostic test of hardware
- Before each election, perform a series of tests (also known as, “pre-election logic and accuracy testing” and/or “pre-lat”) on all voting hardware and software to confirm that all ballot tabulating and vote recording devices operate accurately
- Certify that the software to be used in the election functions correctly and is the same software delivered by the secretary of state
- Follow procedures approved by the secretary of state for programming, deploying and using voting equipment during every election
- Place and inspect both permanent and removable tamper-evident security seals on all voting equipment
- Not permit any system be connected to the internet, nor electronically receive or transmit any data via an exterior network of any type
- Use a minimum two-factor authentication (verification to log-in) process for accessing systems and data
- Follow the Uniform Vote Counting Standards adopted in California
- If voting system hardware leaves the ROV’s possession, for upgrade or replacement for example, chain of custody documents and a repeat of the initial hardware and software testing are required
Before finalizing and officiating the election results, the Registrar of Voters (ROV) must conduct the Official Canvass, which includes:
- Inspecting all supplies returned from each Vote Center
- Reconciling the signatures from all E-pollbooks with the number of ballots cast at all Vote Centers
- Reconciling all ballots counted, spoiled, canceled or invalid with the number of votes recorded by the system
- Confirming the number of write-in votes recorded for qualified write-in candidates
- Conducting a public manual tally of the ballots tabulated by the voting system
- If necessary, conducting an automatic recount according to the County’s Automatic Recount Policy
For more information on the canvass and automatic tallies, including a link to the ROV’s Canvass Procedure Manual, learn about how your vote Is counted.
Key Registrar of Voters’ Central Location Security Practices
The ROV has safeguards in place to be sure that data, systems and machines and all other election assets are protected and stored in a secure manner. Chain of custody procedures and documentation allow the ROV to keep track of and secure all ballots and devices throughout the entire voting period, including during transport from the ROV’s headquarters out to all Vote Centers and Ballot Drop-off Locations. Storage of and access to ballots, poll books and other devices is restricted to only authorized staff.
The ROV’s security practices include:
- Conduct criminal background checks and train all employees on ROV’s mission, vision and values
- Each employee must take the Constitutional “Oath of Office” prior to commencing work duties
- Each employee has their own unique log-in identification that requires multiple points of matching information to access data systems
- Employee log-in identification credentials are updated every six months
- At no time may a personal memory device or drive be connected to County-owned devices
- Each employee’s identification badge must always be worn and visible
- Identification badge is required to physically access the ROV work-area, with additional limited access to areas containing secure data, voted ballots or other critical election materials
- Unprocessed voted ballots locked in secure rooms and/or enclosed behind locked security fence
- Security cameras placed in all areas where ballot envelopes are opened and voted ballots are processed for tabulation (counting)
- Two-person rule during election-period and while working with/transporting ballots and election and voting technologies
- Sheriff deputy security each night and weekend during voting period and through canvass, with additional deputies stationed on Election Day
Key Vote Center Physical Security Practices
The number and location of Vote Center locations is determined by the county elections official and is based upon the number of voters and needs of the county. This process is thoroughly reviewed with the public as a part of the creation of the Election Administration Plan required by the Voter’s Choice Act voting model in County of Santa Clara. The security of a location was a factor for consideration during the selection process.
During a countywide election, the ROV will deploy systems and equipment to multiple satellite Vote Center voting locations. Documented chain of custody requirements enables more control of election assets throughout the entire voting period and leads to more secure and documented transport between voting locations and the ROV. Daily Election Officer procedures, implementing new security devices, physical security seals that provide evidence of tampering or attempt at removal, and associated documentation permit stronger control over key election assets and data while in service throughout the County.
Below is a quick list of some of the key security activities in place at Vote Centers:
- New security carts transport and store important items such as voting machines, ballot marking devices, ballot card activators, electronic pollbooks, unused ballots and ballot containers
- Permanent and removable tamper-evident security seals cover specified points on each voting machine, card activator, and ballot on-demand printer and must be checked by the Election Officers daily
- Chain of custody documents show date and time of delivery and retrieval of voting equipment and ballots, the Vote Center location, the name of the staff delivering and receiving items, and voting equipment and tamper-evident serial numbers
- No less than two people (the “two-person rule”) transport voted ballots and election materials from Vote Centers to the ROV’s headquarters
- Containers secured with tamper-evident seals and chain of custody documents used to transport voted ballots and election results cartridges
- Election Officers are trained for emergencies and for recognizing and reporting suspicious activity
- Other daily procedures, such as revealing ballot containers are empty and secure before voted ballots can be deposited, recording counters and security seals, and auditing unused ballot stock at the opening and closing of a Vote Center are also performed
Key Vote by Mail Ballot Drop-Off Location Security Rules
The number and location of ballot drop boxes is determined by the county elections official and is based upon the number of voters and needs of the county. This process is thoroughly reviewed with the public as a part of the creation of the Election Administration Plan required by the Voter’s Choice Act voting model used in County of Santa Clara. The security of a location was a factor for consideration during the selection process.
The physical structure of the box is designed under strict State regulations. In general, ballot drop boxes shall:
- Be constructed to prevent physical damage and unauthorized entry
- Be constructed of durable material that can withstand vandalism, attempts at unauthorized removal, and inclement weather
- Have an opening slot that prevents tampering or removing ballots and minimizes the ability for liquid to be poured or rainwater to seep in
- Be designed to show physical evidence that tampering has taken place, and be locked and/or sealed with a tamper-evident seal
- Be securely fastened (to the ground or post) to prevent moving or tampering, or any attempt to damage the box or voted ballots inside
- Remain locked and unavailable to voters until the 29th day prior to the election
- Be confirmed empty before any ballots can be deposited
- Be sealed at the close of polls with tamper-evident seals to prevent late ballots from being deposited
In addition to the above the election official must follow chain of custody and reconciliation procedures, employ no less than two authorized ballot retrievers to obtain ballots, use secure receptacles that have seals can be verified, and establish specified times and dates when ballots must be retrieved.
View current state regulations relating to ballot collection procedures, including documenting chain of custody
Key Security Rules for Ballot Processing
The Registrar of Voters has internal procedures that staff must follow when processing Vote by Mail, Provisional, and Conditional Voter Ballots.
Key ideas are:
- New security lined vote by mail return envelopes designed to increase security and protect your voted ballot
- Chain of custody and ballot tracking from both official ballot drop-off and United States Postal Service locations back to ROV
- Voted ballots remain securely stored during each stage of processing
- Access to voted ballots is limited to authorized personnel, requires a minimum of two people and complete chain of custody documentation
- Different categories of ballot envelopes (vote by mail, provisional, conditional) are processed in separate areas, until ballot tabulation
- All ballots in each category further isolated during processing allowing physical separation of processed vs. unprocessed
- Following the two-person rule whenever voted ballots are accessed and/or processed, and through final sealing and storage
- Tamper evident security containers used for storing voted ballots through legally mandated retention periods