Transcription
United States Election Assistance CommissionCertificate of ConformanceDominion Voting SystemsDemocracy Suite 4.14BThe voting system identified on this certificate has been evaluated at an accredited voting system testinglaboratory for conformance to the 2005 Voluntary Voting System Guidelines (2005 VVSG) . Componentsevaluated for this certification are detailed in the attached Scope of Certification document. This certificateapplies only to the specific version and release of the product in its evaluated configuration. The evaluationhas been verified by the EAC in accordance with the provisions of the EAC Voting System Testing and Certification Program Manual and the conclusions of the testing laboratory in the test report are consistent withthe evidence adduced. This certificate is not an endorsement of the product by any agency of the U.S. Government and no warranty of the product is either expressed or implied.Product Name: Democracy SuiteModel or Version:4.14BName of VSTL:Wyle LaboratoriesEAC Certification Number:Date Issued: 1/7/2014DVS-DemSuite4.14BChief Operating Officer & Acting Executive DirectorU.S. Election Assistance CommissionScope of Certification Attached
Manufacturer: Dominion VotingSystem Name: Democracy Suite 4.14BCertificate:DemSuite4.14BLaboratory: Wyle LaboratoriesStandard: VVSG 1.0 (2005)Date:January 6, 2014Scope of CertificationThis document describes the scope of the validation and certification of the system definedabove. Any use, configuration changes, revision changes, additions or subtractions from thedescribed system are not included in this evaluation.Significance of EAC CertificationAn EAC certification is an official recognition that a voting system (in a specific configuration orconfigurations) has been tested to and has met an identified set of Federal voting systemstandards. An EAC certification is not: An endorsement of a Manufacturer, voting system, or any of the system’s components. A Federal warranty of the voting system or any of its components. A determination that a voting system, when fielded, will be operated in a manner thatmeets all HAVA requirements. A substitute for State or local certification and testing. A determination that the system is ready for use in an election. A determination that any particular component of a certified system is itself certified foruse outside the certified configuration.Representation of EAC CertificationManufacturers may not represent or imply that a voting system is certified unless it hasreceived a Certificate of Conformance for that system. Statements regarding EAC certification inbrochures, on Web sites, on displays, and in advertising/sales literature must be made solely inreference to specific systems. Any action by a Manufacturer to suggest EAC endorsement of itsproduct or organization is strictly prohibited and may result in a Manufacturer’s suspension orother action pursuant to Federal civil and criminal law.System Overview:The Dominion Democracy Suite 4.14B Voting System is a modification to the certifiedDemocracy Suite 4.0 Voting System. The full Dominion Democracy Suite 4.0 Voting Systemdescription can be found in the EAC Certificate of Conformance dated May 10, 2012. Thepurpose of this modification is to introduce the upgrade from the EAC certified DemocracySuite 4.14 (DemSuite-4-14) and Democracy Suite (DemSuite4-14-A) to the Democracy Suite4.14B system.The Dominion Democracy Suite 4.14B Voting System includes the modifications listed below:1. Acclaimed Contest Behavior: ImageCast Evolution and ImageCast Precinctapplication software has been updated to change the system’s behavior when1 P a g e
handling “acclaimed contests,” during voting of an audio ballot. An AcclaimedContest is a contest where the number of candidates is equal to or less the the“Vote For” number.2. Engineering Change Orders (ECOs): ECOs that have been integrated into the latestproduction build of the ImageCast Evolution (ICE) precinct ballot and the ImageCastEvolution ballot box.The Dominion Voting Systems Democracy Suite 4.14B System is a paper-based optical scan votingsystem. The certified system consists of four major components:1. The Election Management System (EMS)2. ImageCast Evolution (ICE) precinct scanner with optional ballot marking capabilities3. ImageCast Precinct (ICP) precinct scanner4. ImageCast Central (ICC) central count scannerThe Dominion Voting System Technical Data Package was the source for much of the summaryinformation that follows in this section.Election Management SystemThe Dominion Voting Systems Democracy Suite 4.14B EMS consists of eight componentsrunning as either a front-end/client application or as a back-end/server application. Below is alist and brief description of each. Democracy Suite 4.14B EMS Election Event Designer client application - integrateselection definition functionality and represents a main pre-voting phase end-userapplication. Democracy Suite 4.14B EMS Results Tally and Reporting client application – integrateselection results acquisition, validation, tabulation, reporting and publishing capabilitiesand represents a main post-voting phase end-user application. Democracy Suite 4.14B EMS Audio Studio client application - represents an end-userhelper application used to record audio files for a given election project. As such, it isutilized during the pre-voting phase of the election cycle. Democracy Suite 4.14B EMS Data Center Manager client application - represents asystem level configuration application used in EMS back-end data center configuration. Democracy Suite 4.14B EMS Application Server application - represents a server sideapplication responsible for executing long running processes, such as rendering ballots,generating audio files and election files. Democracy Suite 4.14B EMS Network Attached Storage (NAS) Server application –represents a server side file repository for election project file based artifacts, such asballots, audio files, reports, log files, and election files. Democracy Suite 4.14B EMS Database Server application - represents a server sideRDBMS repository of the election project database which holds all the election projectdata, such as districts, precincts, candidates, contests, ballot layouts, tabulators, votetotals, and poll status. Democracy Suite 4.14B EMS Election Data Translator (EDT) – Exports and Imports datain a format suitable for rapid interaction with Election Event Designer (EED)2 P a g e
The EMS platform was tested in two deployable physical hardware configurations:EMS Express hardware configuration - all EMS software components were installed on a singlephysical PC or laptop. This is a stand-alone configuration.EMS Standard hardware configuration - the EMS server components were installed on a singlephysical server, in addition to the Local Area Network (LAN) switch devices, while the EMSclient components were installed on one or more physical PCs or laptops.All system components were interconnected in a client-server local LAN environment. ImageCast Evolution (ICE) precinct scanner with optional ballot marking capabilities. TheDominion Democracy Suite ImageCast Evolution system employs a precinct-level opticalscan ballot counter (tabulator) in conjunction with an external ballot box. This tabulatoris designed to mark and/or scan paper ballots printed on standard or secure paperstock, interpret voting marks, communicate these interpretations back to the voter(either visually through the integrated LCD display or audibly via integratedheadphones), and upon the voter’s acceptance, deposit the ballots into the secureballot box. The unit also features an Audio Tactile Interface (ATI) which permits voterswho cannot negotiate a paper ballot to generate a synchronously human and machinereadable ballot from elector-input vote selections. The ATI can also accept input fromsip and puff and other personal assistive technologies. In this sense, the ImageCastEvolution acts as a ballot marking device.ImageCast Precinct (ICP) precinct scanner. The ImageCast Precinct Ballot Counter is aprecinct-based optical scan ballot tabulator that is used in conjunction with ImageCastcompatible external ballot boxes. The system is designed to scan marked paper ballotsprinted on standard or secure paper stock, interpret voter marks on the paper ballotand safely store and tabulate each vote from each paper ballot. In addition, theImageCast Precinct supports enhanced accessibility voting which may be accomplishedvia an Audio Tactile Interface (ATI) connected to the ImageCast unit. The ATI can alsoaccept input from sip and puff and other personal assistive technologies.ImageCast Central (ICC) central count scanner. The Dominion Democracy Suite ICC BallotCounter system is a high-speed, central ballot scan tabulator based on Commercial offthe Shelf (COTS) hardware, coupled with the custom-made ballot processing applicationsoftware. It is used for high speed scanning and counting of paper ballots. Centralscanning system hardware consists of a combination of two COTS devices used togetherto provide the required ballot scanning processing functionality:o Canon DR-X10C Scanner: used to provide ballot scanning and image transfers tothe local ImageCast Central Workstation.o ImageCast Central Workstation: a COTS computer used for ballot image andelection rules processing and results transfer to the EMS Datacenter. TheImageCast Central Workstation is COTS hardware which executes software forboth image processing and election rules application.3 P a g e
Mark definition: 50% or more of the target area marked consistently provides markrecognition. The manufacturer recommends black ink for marking ballot selections.Tested Marking Devices: Sharpie brand markers, black inkLanguage capability: This voting system supports: Alaska Native, Aleut, Athabascan, Chinese,English, Eskimo, Filipino, French, Japanese, Korean, Spanish, and Vietnamese. Additionally, thefollowing Native American languages are supported: Apache, Jicarilla, Keres, Navajo, Seminole,Towa, Ute, and Yuman.Components Included:This section provides information describing the components and revision level of the primarycomponents included in this Certification.System ComponentImageCast PrecinctImageCast PrecinctImageCast EvolutionImageCast CentralSoftware or ware Version320A320C410ACanon DR-X10COperating Systemor COTSuClinuxuClinuxUbuntu linuxCOTSCommentsWindows 74 P a g e
N/A (applicationsoftware)Operating Systemor COTSWindows Server2008 R2Dell PowerEdgeR610 or T610Windows Server2008 R2Server HardwareDell PowerEdgeR620 or T620Windows Server2008 R2Server HardwareDell PowerEdgeR720 or T720Windows Server2008 R2Client HardwareDell PrecisionT1500Windows 7ProfessionalClient HardwareDELL Latitudee6530Windows 7Professional x64ICC WorkstationHardwareDELL Inspiron2305Windows 7Professional x64ICC WorkstationHardwareDELL Optiplex9010 All in OneWindows 7Professional x64ICC WorkstationHardwareDELL Optiplex9010 All in OneWindows 7Professional x64Rocstor GuardianCOTSSystem ComponentDemocracy Suiteelectionmanagement systemServer HardwareNAS disk arraySoftware or FirmwareVersion4.14.23Hardware VersionCommentsProcessor: IntelXeon E5-2620 2.4GHz, Memory: 8x4GB 1333MHzDDR3, Hard DriveCapacity: 2x 500GBProcessor: IntelXeon E5-2620 2.0GHz, Memory: 2x4GB 1333MHzDDR3, Hard DriveCapacity: 2x 500GBProcessor: IntelXeon E5-2620 2.0GHz, Memory: 2x4GB 1333MHzDDR3, Hard DriveCapacity: 2x 500GBProcessor: Intel Corei7-860 2.8GHz, Memory: 4x1GB 1333MHzDDR3, Hard DriveCapacity: 500 GBProcessor: Intel Corei5-3210M 2.5 GHz,Memory: 8GB16000MHz DDR3,Hard DriveCapacity: 500GBProcessor: AMDAthlon II X2 240e2.8GHz, Memory: 8GBDual Channel1333MHz DDR3,Hard DriveCapacity: 1 TBProcessor: Intel Corei7-3770 3.9 GHz,Memory: 8GB16000MHz DDR3,Hard DriveCapacity: 500GBProcessor: Intel Corei7-3220 339 GHz,Memory: 4x 1GB1333MHz DDR3,Hard DriveCapacity: 500GB4TB or 8TB size5 P a g e
System ComponentSoftware or FirmwareVersionAdditional datastorageiButton (SHA-1) withUSBReader/WriterLCD monitorAudio AdapterPCI SoftwareUSB softwareNetwork switchMouseKeyboardCompact FlashReader/WriterAccessible TactileInterface (ATI)HeadphoneseSATA PCI cardSip and PuffDisposable Sip andPuff MouthpiecesFootswitch PairCompact Flash cardsSoundwave 7.1Soundwave 7.1 USBHardware Version4RMRocstorCommander 2UEor Hawker HXUSB R/W:DS9490R# withDS1402-RP8 iButton: DS1963SDELL 1909W orDELL N445N orDELL 2007PF orDELL E1713SSoundwave 7.1USB AudioAdapter5-Port Switch: DLink DES-1105 orD-LinkDGS-1058-Port Switch: DLink DGS-2208 orD-Link DGS-108Dell or MicrosoftKensington,Microsoft, or IBMSanDisk or GGIGear1.10Operating Systemor COTSCommentsCOTS500GB or TSCOTSCOTSSony, CyberAcoustics, orRadio ShackCOTSSIIG, IncCOTSOriginInstruments orEnabling DevicesOriginInstruments orEnabling DevicesEnabling DevicesSanDiskCOTSCOTSCOTSCOTSCOTSTamper Evident SealsCOTSVarious lengths tofit the ballotWith rollerballUSB enabledCOTSMachine Tape rollsBallot Privacy SleevesFor audio adapterAlso can use DGS108 if 8-port neededSony MDR-G45LP;Cyber AcousticsACM-70; RadioShack 33-276-01eSATA II PCIe ProCardOrigin InstrumentsAirVoter or EnablingDevices #972Origin InstrumentsAC-310 or EnablingDevices #970K#971SanDisk SDCFAA orSDCFABAvailable fromDominion VotingAvailable fromDominion VotingAvailable fromDominion Voting6 P a g e
System ComponentSoftware or FirmwareVersionMachine cleaning kitHardware VersionOperating Systemor COTSFor ImageCastPrecinct,Evolution, andCentralCommentsAvailable fromDominion VotingSystem LimitationsThis table depicts the limits the system has been tested and certified to meet.CharacteristicBallot positionsPrecincts in an electionContests in an electionCandidates/Counters in an electionCandidates/Counters in a precinctCandidates/Counters in a tabulatorBallot Styles in an electionContests in a ballot styleCandidates in a contestBallot styles in a precinctNumber of political parties“vote for” in a contestSupported languages in an electionNumber of write-insBallot positionsPrecincts in an electionContests in an electionCandidates/Counters in an electionCandidates/Counters in a precinctCandidates/Counters in a tabulatorBallot Styles in an electionContests in a ballot styleCandidates in a contestBallot styles in a precinctNumber of political parties“vote for” in a contestSupported languages in an electionNumber of write-insLimitingComponentThe rEMSTabulatorTabulatorTabulatorTabulatorThe tandard ConfigurationStandard ConfigurationStandard ConfigurationStandard ConfigurationStandard ConfigurationStandard ConfigurationStandard ConfigurationStandard ConfigurationStandard ConfigurationStandard ConfigurationStandard ConfigurationStandard ConfigurationStandard ConfigurationStandard ConfigurationThe rTabulatorTabulatorTabulatorThe s ConfigurationExpress ConfigurationExpress ConfigurationExpress ConfigurationExpress ConfigurationExpress ConfigurationExpress ConfigurationExpress ConfigurationExpress ConfigurationExpress ConfigurationExpress ConfigurationExpress ConfigurationExpress ConfigurationExpress ConfigurationLimitCommentFunctionality2005 VVSG Supported Functionality DeclarationFeature/CharacteristicVoter Verified Paper Audit TrailsVVPATAccessibilityYes/NoCommentN/A7 P a g e
Feature/CharacteristicForward ApproachParallel (Side) ApproachClosed PrimaryPrimary: ClosedOpen PrimaryPrimary: Open Standard (provide definition of how supported)Primary: Open Blanket (provide definition of how supported)Partisan & Non-Partisan:Partisan & Non-Partisan: Vote for 1 of N racePartisan & Non-Partisan: Multi-member (“vote for N of M”) board racesPartisan & Non-Partisan: “vote for 1” race with a single candidate andwrite-in votingPartisan & Non-Partisan “vote for 1” race with no declared candidates andwrite-in votingWrite-In Voting:Write-in Voting: System default is a voting position identified for write-ins.Write-in Voting: Without selecting a write in position.Write-in: With No Declared CandidatesWrite-in: Identification of write-ins for resolution at central countPrimary Presidential Delegation Nominations & Slates:Primary Presidential Delegation Nominations: Displayed delegate slates foreach presidential partySlate & Group Voting: one selection votes the slate.Ballot Rotation:Rotation of Names within an Office; define all supported rotation methodsfor location on the ballot and vote tabulation/reportingStraight Party Voting:Straight Party: A single selection for partisan races in a general electionStraight Party: Vote for each candidate individuallyStraight Party: Modify straight party selections with crossover votesStraight Party: A race without a candidate for one partyStraight Party: “N of M race (where “N” 1)Straight Party: Excludes a partisan contest from the straight party selectionCross-Party Endorsement:Cross party endorsements, multiple parties endorse one candidate.Split Precincts:Split Precincts: Multiple ballot stylesSplit Precincts: P & M system support splits with correct contests and ballotidentification of each splitSplit Precincts: DRE matches voter to all applicable races.Split Precincts: Reporting of voter counts (# of voters) to the precinct splitlevel; Reporting of vote totals is to the precinct levelVote N of M:Vote for N of M: Counts each selected candidate, if the maximum is notexceeded.Vote for N of M: Invalidates all candidates in an overvote YESYESYESYESYESEqual time rotationYESYESYESYESYESYESYESYESYESN/AYESYESYES8 P a g e
Feature/CharacteristicRecall Issues, with options:Recall Issues with Options: Simple Yes/No with separate race/election.(Vote Yes or No Question)Recall Issues with Options: Retain is the first option, Replacementcandidate for the second or more options (Vote 1 of M)Recall Issues with Options: Two contests with access to a second contestconditional upon a specific vote in contest one. (Must vote Yes to vote inYes/NoCommentYESNONOnd2 contest.)Recall Issues with Options: Two contests with access to a second contestndconditional upon any vote in contest one. (Must vote Yes to vote in 2contest.)Cumulative VotingCumulative Voting: Voters are permitted to cast, as many votes as thereare seats to be filled for one or more candidates. Voters are not limited togiving only one vote to a candidate. Instead, they can put multiple votes onone or more candidate.Ranked Order VotingRanked Order Voting: Voters can write in a ranked vote.Ranked Order Voting: A ballot stops being counting when all rankedchoices have been eliminatedRanked Order Voting: A ballot with a skipped rank counts the vote for thenext rank.Ranked Order Voting: Voters rank candidates in a contest in order ofchoice. A candidate receiving a majority of the first choice votes wins. If nocandidate receives a majority of first choice votes, the last place candidateis deleted, each ballot cast for the deleted candidate counts for the secondchoice candidate listed on the ballot. The process of eliminating the lastplace candidate and recounting the ballots continues until one candidatereceives a majority of the voteRanked Order Voting: A ballot with two choices ranked the same, stopsbeing counted at the point of two similarly ranked choices.Ranked Order Voting: The total number of votes for two or morecandidates with the least votes is less than the votes of the candidate withthe next highest number of votes, the candidates with the least votes areeliminated simultaneously and their votes transferred to the next-rankedcontinuing candidate.Provisional or Challenged BallotsProvisional/Challenged Ballots: A voted provisional ballots is identified butnot included in the tabulation, but can be added in the central count.Provisional/Challenged Ballots: A voted provisional ballots is included in thetabulation, but is identified and can be subtracted in the central countProvisional/Challenged Ballots: Provisional ballots maintain the secrecy ofthe ballot.NONONONONONONONOYESNOYES9 P a g e
Feature/CharacteristicOvervotes (must support for specific type of voting system)Overvotes: P & M: Overvote invalidates the vote. Define how overvotes arecounted.Yes/NoCommentYESOvervotes cause awarning to the voterand can be configuredto allow voter tooverride.Overvotes: DRE: Prevented from or requires correction of overvoting.Overvotes: If a system does not prevent overvotes, it must count them.Define how overvotes are counted.N/AYESOvervotes: DRE systems that provide a method to data enter absenteevotes must account for overvotes.UndervotesUndervotes: System counts undervotes cast for accounting purposesBlank BallotsTotally Blank Ballots: Any blank ballot alert is tested.N/ATotally Blank Ballots: If blank ballots are not immediately processed, theremust be a provision to recognize and accept themYESTotally Blank Ballots: If operators can access a blank ballot, there must be aprovision for resolution.YESIf allowed via voteroverride, overvotes aretallied separately.YESYESNetworkingWide Area Network – Use of ModemsWide Area Network – Use of WirelessLocal Area Network – Use of TCP/IPLocal Area Network – Use of InfraredLocal Area Network – Use of WirelessFIPS 140-2 validated cryptographic moduleUsed as (if applicable):Precinct counting deviceYESCentral counting deviceYESNONOYESNONOYESPrecinct voters receive awarning; both precinctand central scanners willwarn on blank ballots.Blank ballots areflagged. These ballotscan be manuallyexamined and then bescanned and acceptedas blank; or precinctvoter can override andaccept.Operators can examinea blank ballot, re-mark ifneeded and allowed,and then re-scan it.Client/server onlyImageCast Precinct andEvolutionImageCast Central10 P a g e
Baseline Certification Engineering Change Order’s (ECO)This table depicts the ECO’s certified with the voting system (please see the Test Report foradditional geCast EvolutionBallot BoxImageCast EvolutionBallot BoxImageCast EvolutionBallot BoxImageCast EvolutionBallot BoxImageCast EvolutionBallot BoxImageCast EvolutionBallot BoxImageCast EvolutionBallot BoxImageCast EvolutionBallot BoxImageCast EvolutionBallot BoxImageCast EvolutionImageCast EvolutionImageCast Evolution100116ImageCast Evolution100121ImageCast Evolution100125ImageCast Evolution100127100129ImageCast EvolutionImageCast Evolution100131ImageCast Evolution100139ImageCast Evolution100146ImageCast 9100180DescriptionUpdated materials, dimensions and assembly permanufacturer recommendations.Plastic Ballot Box cable update based on first articles review.Updated tolerances based on vendor feedback.Updated design for new production run.Updated Bill of Materials.Updated Bill of Materials.Updated Bill of Materials.Released parts for production.Changed screws on Lid assembly.Updated Plastic drawings for color change on some of theplastic parts.Updated plastic part tools for manufacturability.Added alternate vendor to inductor component.Updated Bill of Material, documentation, and some materialspecifications.Changed sheet metal parts, removed screw from BOM,updated plastic drawings.Added drop-in replacement components for PCB assemblyparts. Changed manufacturer for some fabricated parts (metaland transport Mylar).Updated remaining parts for production test proceduredocuments. Minor wiring harness improvements formanufacturability.Corrections to vendor part metadata.Added new Memory Module to replace part nearobsolescence.Minor updates to plastic parts and documentation. Addedpackaging. Changed one iButton Ring to yellow.Release to production sub-assembly sheet metal parts andApproved Manufacturer List corrections.Replaced wiring harness. Added transient voltage protectionto docking cable. Updated shaft drawings per vendor'srequest. Replaced screw type.11 P a g e
ECO#Component100151ImageCast Evolution100160100162ImageCast EvolutionImageCast Evolution100170ImageCast Evolution100171ImageCast Evolution100172ImageCast EvolutionDescriptionAdded thumb screws to rear access door. Updated drawingswith vendor recommended changes. Combined the thermalprinter and harness into one ordering PN.Replaced screw that had become obsolete.Updated some tolerances on plastic and sheet metal partdrawings. Added reference to consumable kit formanufacturing planning.Updated CF0 card programming procedure. Added Loctite tomounting foot screws.Added tie wrap and wire saddle to prevent cables fromrubbing on edge of side frame. Added second label for baseBill of Material revision number and IR sensor firmwareversion number.Added pad printing to ballot input slot area to improveusability for voters. Trimmed length of EMI gasket part.12 P a g e
running as either a front-end/client application or as a back-end/server application. Below is a list and brief description of each. Democracy Suite 4.14B EMS Election Event Designer client application - integrates election definition functionality and represents a main pre -voting phase end-user application.
