Transcription
United States Election Assistance CommissionCertificate of ConformanceDominion Voting SystemsDemocracy Suite 5.5The voting system identified on this certificate has been evaluated at an accredited voting system testing laboratory for conformance to the Voluntary Voting System Guidelines Version 1.0 (VVSG 1.0) . Componentsevaluated for this certification are detailed in the attached Scope of Certification document. This certificateapplies only to the specific version and release of the product in its evaluated configuration. The evaluationhas been verified by the EAC in accordance with the provisions of the EAC Voting System Testing and Certification Program Manual and the conclusions of the testing laboratory in the test report are consistent withthe evidence adduced. This certificate is not an endorsement of the product by any agency of the U.S. Government and no warranty of the product is either expressed or implied.Product Name: Democracy SuiteModel or Version:5.5Name of VSTL:Pro V&VEAC Certification Number:DVS-DemSuite5.5Date Issued: September 14, 2018Executive DirectorU.S. Election Assistance CommissionScope of Certification Attached
Manufacturer: Dominion Voting Systems (DVS)System Name: Democracy Suite 5.5Certificate:DVS-DemSuite5.5Laboratory: Pro V&VStandard: VVSG 1.0 (2005)Date:September 14, 2018Scope of CertificationThis document describes the scope of the validation and certification of the system definedabove. Any use, configuration changes, revision changes, additions or subtractions from thedescribed system are not included in this evaluation.Significance of EAC CertificationAn EAC certification is an official recognition that a voting system (in a specific configuration orconfigurations) has been tested to and has met an identified set of Federal voting systemstandards. An EAC certification is not: An endorsement of a Manufacturer, voting system, or any of the system’s components. A Federal warranty of the voting system or any of its components. A determination that a voting system, when fielded, will be operated in a manner thatmeets all HAVA requirements. A substitute for State or local certification and testing. A determination that the system is ready for use in an election. A determination that any particular component of a certified system is itself certified foruse outside the certified configuration.Representation of EAC CertificationManufacturers may not represent or imply that a voting system is certified unless it hasreceived a Certificate of Conformance for that system. Statements regarding EAC certification inbrochures, on Web sites, on displays, and in advertising/sales literature must be made solely inreference to specific systems. Any action by a Manufacturer to suggest EAC endorsement of itsproduct or organization is strictly prohibited and may result in a Manufacturer’s suspension orother action pursuant to Federal civil and criminal law.System Overview:The D-Suite 5.5 Voting System is a paper-based optical scan voting system with a hybridpaper/DRE option consisting of the following major components: The Election ManagementSystem (EMS), the ImageCast Central (ICC), the ImageCast Precinct (ICP), the ImageCast X (ICX)DRE w/ Reports Printer, ImageCast X (ICX) DRE w/ voter-verifiable paper audit trail (VVPAT), andthe ImageCast X ballot marking device (BMD). The D-Suite 5.5 Voting System configuration is amodification from the EAC approved D-Suite 5.0 system configuration.1 P a g e
Language capability:System supports Alaska Native, Apache, Bengali, Chinese, English, Eskimo, Filipino, French,Hindi, Japanese, Jicarilla, Keres, Khmer, Korean, Navajo, Seminole, Spanish, Thai, Towa, Ute,Vietnamese, and Yuman.Democracy Suite 5.5 System Diagram2 P a g e
Components Included:This section provides information describing the components and revision level of the primarycomponents included in this Certification.Voting System Software Components:System ComponentEMS Election Event Designer (EED)EMS Results Tally and Reporting (RTR)EMS Application ServerEMS File System Service (FSS)EMS Audio Studio (AS)EMS Data Center Manager (DCM)EMS Election Data Translator (EDT)ImageCast Voter Activation (ICVA)EMS Adjudication (ADJ)EMS Adjudication ServicesSmart Card Helper Service (SCHS)Election FirmwareFirmware UpdaterFirmware ExtractorKernel (uClinux)Boot Loader (COLILO)Asymmetric Key GeneratorAsymmetric Key Exchange UtilityFirmware Extractor (Technician Key)ImageCast Central ApplicationICX ApplicationSoftware orFirmware 25.5.3-00025.5.3-00025.5.3.00025.5.10.25Voting System Platform:Operating System or COTSCommentsWindows 10 ProWindows 10 ProWindows Server 2012 R2Windows 10 ProWindow 10 ProWindows 10 ProWindows Server 2012 R2Windows 10 ProWindows 10 ProWindows 10 ProWindows 10 ProWindows 10 ProWindows 10 ProuClinuxuClinuxuClinuxModified COTSModified COTSuClinuxuClinuxuClinuxWindows 10 ProAndroid 5.1 (ICX Prime)Android 4.4 (ICX Classic)EMSEMSEMS2012 R2 StandardOperating System orCOTSUnmodified COTS10 ProfessionalUnmodified COTS.NET Framework3.5Unmodified COTSMicrosoft Visual J#2.0Unmodified COTSMicrosoft Visual C 2013 Redistributable2013Unmodified COTSMicrosoft Visual C 2015 Redistributable2015Unmodified COTSJava Runtime Environment7u80Unmodified COTSJava Runtime Environment8u144Unmodified COTSSystem ComponentMicrosoft Windows ServerMicrosoft ICPICPICPICPICCICXCommentsEMS Server SWComponentEMS Client/ServerSW ComponentEMS Client/ServerSW ComponentEMS Client/ServerSW ComponentEMS Client/ServerSW ComponentEMS Client/ServerSW ComponentEMS Client/ServerSW ComponentEMS Client/ServerSW Component3 P a g e
2016 StandardOperating System orCOTSUnmodified COTSMicrosoft SQL Server 201 Service Pack 22016 SP1Unmodified COTSMicrosoft SQL Server 2016 SP1 Express2016 SP1Unmodified COTSCepstral Voices6.2.3.801Unmodified COTSArial Narrow Fonts2.37aUnmodified COTSMaxim iButton Driver4.05Unmodified COTSAcrobatDCUnmodified COTS2010Unmodified COTSOpen XML SDK 2.0 for Microsoft Office2.0Unmodified COTSInfragistics NetAdvantage Win Forms2011.1Infragistics NetAdvantage WPF 2012.1TX Text Control Library for .NETSOXNLogiTextSharpOpenSSLOpenSSL FIPS Object ModuleSQLiteLameSpeexGhostscriptOne Wire API for .NETAvalon-framework-cvs-20020806BatikFopMicrosoft Visual J# 2.0 RedistributablePackage – Second Edition (x64)Entity frameworkSpreadsheetlightOpen XML SDK 2.0 for Microsoft OfficeOpen SSLOpenSSL FIPS Object ModuleZlibuClinuxGoogle Text-to-Speech EngineZxing Barcode ScannerSoundTouchICX Prime Android 5.1.1 ImageICX Classic Android 4.4.4 ImageOpenSSL FIPS Object Module2011 Vol. 1Unmodified COTSEMS Client/ServerSW ComponentEMS Client/ServerSW ComponentEMS Client/ServerSW ComponentEMS Client/ServerSW ComponentEMS Client/ServerSW ComponentEMS Client/ServerSW ComponentEMS Client/ServerSW ComponentEMS Client/ServerSW ComponentEMS Client/ServerSW ComponentEMS SW Platform2012 Vol. 116.014.3.11.0.0.5055.0.51.0.2K2.0.14 (Cert 0.20-52.0Unmodified COTSUnmodified COTSUnmodified COTSUnmodified COTSUnmodified COTSUnmodified COTSUnmodified COTSUnmodified COTSUnmodified COTSUnmodified COTSUnmodified COTSUnmodified COTSUnmodified COTSUnmodified COTSUnmodified COTSUnmodified COTSEMS SW PlatformEMS SW PlatformEMS SW PlatformEMS SW PlatformEMS SW PlatformEMS SW PlatformEMS SW PlatformEMS SW PlatformEMS SW PlatformEMS SW PlatformEMS SW PlatformEMS SW PlatformEMS SW PlatformEMS SW PlatformEMS SW PlatformEMS SW Platform6.1.33.4.32.0.5022.01.0.2K2.0.10 (Cert 0 (Cert 2473)Unmodified COTSUnmodified COTSUnmodified COTSUnmodified COTSUnmodified COTSUnmodified COTSModified COTSUnmodified COTSModified COTSModified COTSModified COTSModified COTSUnmodified COTS1.0.2KUnmodified COTSEMS SW PlatformEMS SW PlatformEMS SW PlatformICPICPICPICPICX SWICX SWICX SWICX SWICX SWICX SW BuildLibraryICC SW BuildSystem ComponentMicrosoft SQL Server 2016StandardAdobe Reader DCMicrosoft Access Database EngineOpenSSLVersionComments4 P a g e
System ComponentOpenSSL FIPS Object Module1-Wire Driver (x86)1-Wire Driver (x64)Canon DR-G1130 DriverCanon DR-G1130 TWAIN DriverVisual C 2013 Redistributable (x86)Machine Configuration File (MCF)Device Configuration File (DCF)VersionOperating System orCOTS2.0.10 (Cert 1747)Unmodified COTS4.054.051.2 SP61.2 SP612.0.305015.5.10.20 20180806Unmodified COTSUnmodified COTSUnmodified COTSUnmodified COTSUnmodified COTSProprietary5.4.01 20170521ProprietaryHardware Components:System ComponentImageCast Precinct (ICP)ImageCast Precinct (ICP)ICP Ballot BoxICP Ballot BoxICP Ballot BoxICX UPS Inline EMI FilterICX Tablet (Classic)ICX Tablet (Classic)ICX Tablet (Prime)Thermal PrinterThermal PrinterServerServerServerICC Workstation HWICC Workstation HWICC Workstation HWICC ScannerICC ScannerClient Workstation HWClient Workstation HWClient Workstation HWICX PrinterICX PrinterMonitorMonitorMonitorCD/DVD ReaderiButton ProgrammerUPSNetwork 0aValue 15” Tablet (SID-15V)aValue 21” Tablet (SID-21V)aValue 21” Tablet (HID-21V)Proprietary ProprietaryProprietaryCOTSCOTSCOTSSII RP-D10KFI VRP3COTSCOTSDell PowerEdge R630Dell PowerEdge R640Dell Precision T3420Dell OptiPlex 7440 All in OneDell OptiPlex 9030 All In OneDell OptiPlex 3050 All In OneCanon imageFormula DR-G1130Canon imageFormula DR-M160IIDell Precision T3420Dell Latitude E7450Dell Latitude e3480HP LaserJet Pro Printer M402dnHP LaserJet Pro Printer M402dneDell Monitor KM632Dell Monitor P2414HbDell Ultrasharp 24” Monitor U2414HDell DVD Multi Recorder GP60NB60Maxim iButton ProgrammerDS9490R# with DS1402APC Smart-UPS SMT1500Dell OTSCOTSCOTSCOTSCOTSCOTSCOTSHardware VersionCommentsLibraryICC SW BuildLibraryICC Runtime SWICC Runtime SWICC Runtime SWICC Runtime SWICC Runtime SWICX ConfigurationFileICP and ICCConfiguration FileCommentsPrecinct ScannerPrecinct ScannerBallot BoxBallot BoxBallot BoxEMI FilterBallot Marking DeviceBallot Marking DeviceBallot Marking Device orDirect RecordingElectronicReport PrinterVoter-verifiable paperaudit trail (VVPAT)Standard ServerStandard ServerExpress ServerCentral Count ScannerCentral Count ScannerCOTSCOTS5 P a g e
System ComponentNetwork SwitchNetwork SwitchNetwork SwitchSip and PuffHeadphones4-way Joystick ControllerRocker (Paddle) SwitchFootswitchesCF Card ReaderCF Card Dual-Slot ReaderCF Card ReaderCF Card ReaderCF Card ReaderATIATIACS PC-LinkedSmart Card ReaderSystem LimitationsHardware VersionDell X1018Dell X1026Dell PowerConnect 2808Enabling Devices Sip and PuffCyber Acoustics ACM-70S26Enablemart #88906ABLENET Jelly Bean Twist 10033400IOGEAR SDHC/microSDHC0U51USC410Lexar USB 3.0Hoodman Steel USB 3.0 102015Lexar Professional CFR1Kingston FCR-HS4ATI handsetATI-USB handsetACR39UProprietary orCOTSCOTSCOTSCOTSCOTSCOTSModified yProprietaryCOTSThis table depicts the limits the system has been tested and certified to meet.LimitingComponentBallot positionsBallotPrecincts in an electionEMSContests in an electionEMSCandidates/Counters in an electionEMSCandidates/Counters in a precinctBallotCandidates/Counters in a tabulatorTabulatorBallot Styles in an electionTabulatorBallot IDs in a tabulatorTabulatorContests in a ballot styleBallotCandidates in a contestBallotBallot styles in a precinctTabulatorNumber of political partiesTabulator“vote for” in a contestBallotSupported languages in an electionTabulatorNumber of write-insBallot* Reflects the system limit for a ballot printed in landscape.** Reflects the system limit for a ballot printed in portrait.CharacteristicLimit292*/462**1000; 2501000; 25010000; 2500240*/462**10000; 25003000; entBothStandard; ExpressStandard; ExpressStandard; ExpressBothStandard; ExpressStandard; ExpressBothBothBothBothBothBothBothBoth6 P a g e
Functionality2005 VVSG Supported Functionality DeclarationFeature/CharacteristicVoter Verified Paper Audit TrailsVVPATAccessibilityForward ApproachParallel (Side) ApproachClosed PrimaryPrimary: ClosedOpen PrimaryPrimary: Open Standard (provide definition of how supported)Primary: Open Blanket (provide definition of how supported)Partisan & Non-Partisan:Partisan & Non-Partisan: Vote for 1 of N racePartisan & Non-Partisan: Multi-member (“vote for N of M”) board racesPartisan & Non-Partisan: “vote for 1” race with a single candidate andwrite-in votingPartisan & Non-Partisan “vote for 1” race with no declared candidates andwrite-in votingWrite-In Voting:Write-in Voting: System default is a voting position identified for write-ins.Write-in Voting: Without selecting a write in position.Write-in: With No Declared CandidatesWrite-in: Identification of write-ins for resolution at central countPrimary Presidential Delegation Nominations & Slates:Primary Presidential Delegation Nominations: Displayed delegate slates foreach presidential partySlate & Group Voting: one selection votes the slate.Ballot Rotation:Rotation of Names within an Office; define all supported rotation methodsfor location on the ballot and vote tabulation/reportingStraight Party Voting:Straight Party: A single selection for partisan races in a general electionStraight Party: Vote for each candidate individuallyStraight Party: Modify straight party selections with crossover votesStraight Party: A race without a candidate for one partyStraight Party: “N of M race (where “N” 1)Straight Party: Excludes a partisan contest from the straight party selectionCross-Party Endorsement:Cross party endorsements, multiple parties endorse one candidate.Split Precincts:Split Precincts: Multiple ballot stylesSplit Precincts: P & M system support splits with correct contests and ballotidentification of each splitSplit Precincts: DRE matches voter to all applicable ESNOYESYESYESYESYESEqual time rotationYESYESYESYESYESYESYESYESYESYES7 P a g e
Feature/CharacteristicSplit Precincts: Reporting of voter counts (# of voters) to the precinct splitlevel; Reporting of vote totals is to the precinct levelVote N of M:Vote for N of M: Counts each selected candidate, if the maximum is notexceeded.Vote for N of M: Invalidates all candidates in an overvote (paper)Recall Issues, with options:Recall Issues with Options: Simple Yes/No with separate race/election.(Vote Yes or No Question)Recall Issues with Options: Retain is the first option, Replacementcandidate for the second or more options (Vote 1 of M)Recall Issues with Options: Two contests with access to a second contestconditional upon a specific vote in contest one. (Must vote Yes to vote in2nd contest.)Recall Issues with Options: Two contests with access to a second contestconditional upon any vote in contest one. (Must vote Yes to vote in 2ndcontest.)Cumulative VotingCumulative Voting: Voters are permitted to cast, as many votes as thereare seats to be filled for one or more candidates. Voters are not limited togiving only one vote to a candidate. Instead, they can put multiple votes onone or more candidate.Ranked Order VotingRanked Order Voting: Voters can write in a ranked vote.Ranked Order Voting: A ballot stops being counting when all rankedchoices have been eliminatedRanked Order Voting: A ballot with a skipped rank counts the vote for thenext rank.Ranked Order Voting: Voters rank candidates in a contest in order ofchoice. A candidate receiving a majority of the first choice votes wins. If nocandidate receives a majority of first choice votes, the last place candidateis deleted, each ballot cast for the deleted candidate counts for the secondchoice candidate listed on the ballot. The process of eliminating the lastplace candidate and recounting the ballots continues until one candidatereceives a majority of the voteRanked Order Voting: A ballot with two choices ranked the same, stopsbeing counted at the point of two similarly ranked choices.Ranked Order Voting: The total number of votes for two or morecandidates with the least votes is less than the votes of the candidate withthe next highest number of votes, the candidates with the least votes areeliminated simultaneously and their votes transferred to the next-rankedcontinuing ONONO8 P a g e
Feature/CharacteristicProvisional or Challenged BallotsProvisional/Challenged Ballots: A voted provisional ballots is identified butnot included in the tabulation, but can be added in the central count.Provisional/Challenged Ballots: A voted provisional ballots is included in thetabulation, but is identified and can be subtracted in the central countProvisional/Challenged Ballots: Provisional ballots maintain the secrecy ofthe ballot.Overvotes (must support for specific type of voting system)Overvotes: P & M: Overvote invalidates the vote. Define how overvotes arecounted.Yes/NoYESNOYESYESOvervotes: DRE: Prevented from or requires correction of overvoting.Overvotes: If a system does not prevent overvotes, it must count them.Define how overvotes are counted.YESYESOvervotes: DRE systems that provide a method to data enter absenteevotes must account for overvotes.UndervotesUndervotes: System counts undervotes cast for accounting purposesBlank BallotsTotally Blank Ballots: Any blank ballot alert is tested.N/ATotally Blank Ballots: If blank ballots are not immediately processed, theremust be a provision to recognize and accept themYESTotally Blank Ballots: If operators can access a blank ballot, there must be aprovision for resolution.YESNetworkingWide Area Network – Use of ModemsWide Area Network – Use of WirelessLocal Area Network – Use of TCP/IPLocal Area Network – Use of InfraredLocal Area Network – Use of WirelessFIPS 140-2 validated cryptographic moduleCommentOvervotes cause awarning to the voterand can be configuredto allow voter tooverride.If allowed via voteroverride, overvotes aretallied separately.YESYESNONOYESNONOYESPrecinct voters receive awarning; both precinctand central scanners willwarn on blank ballots.Blank ballots areflagged. These ballotscan be manuallyexamined and then bescanned and acceptedas blank; or precinctvoter can override andaccept.Operators can examinea blank ballot, re-mark ifneeded and allowed,and then re-scan it.Client/server only9 P a g e
Feature/CharacteristicUsed as (if applicable):Precinct counting deviceCentral counting deviceYes/NoYESYESCommentImageCast PrecinctImageCast CentralBaseline Certification Engineering Change Orders (ECO)ECO #100306100316100323COTS-1015ComponentICP PCOS-320C &ICP PCOS-321CICP PCOS-320C &ICP PCOS-321CICP PCOS-320C &ICP PCOS-321CICX Tablet (Classic)DescriptionAdjusted footprint of L1 surface mount inductor to improve fit of part.Added clip to hold the DSD cable in place to prevent pinching the cableduring assembly and to improve the speed of the assembly process.Replaced side door hinge to eliminate pre-installation prep work thatwas required and reduce the cost of assembly.New BIOS from manufacturer to provide power up when AC applied.10 P a g e
EMS Audio Studio (AS) 5.5.12.1 Windows 10 Pro EMS EMS Data Center Manager (DCM) 5.5.12.1 Windows Server 2012 R2 . Microsoft Windows 10 Professional Unmodified COTS EMS Client/Server . SW Component Microsoft Visual C 2015 Redistributable 2015 Unmodified COTS EMS Client/Server SW Component Java Runtime Environment 7u80 Unmodified COTS EMS .
