Assigned to GOV FOR COMMITTEE
ARIZONA STATE SENATE
Fifty-Fifth Legislature, Second Regular Session
FACT SHEET FOR S.B. 1642
election management system; security
Purpose
Requires, by the 2022 primary election, a county recorder or other officer in charge of
elections to have a dedicated special purposes election management system (EMS) gateway
computer. Prescribes specifications for an EMS gateway computer.
Background
All components of a voting system must be certified by the Secretary of State prior to use
in any election for federal, state or county office (A.R.S. § 16-442). A voting system is the total
combination of mechanical, electromechanical or electronic equipment that is used to define
ballots, cast and count votes, report or display election results and maintain and produce any audit
trail information, which includes electronic voting equipment and an EMS used to tabulate ballots
(52 U.S.C. § 21081; EPM Ch. 4 (1)).
Components of an electronic voting system may not be connected to the internet, any
wireless communication device or any external network, except for electronic poll books. An EMS
must be a stand-alone system attached only to components inside an isolated network and may
only be installed on a computer that contains only an operating system, the EMS software,
data/audio extractor software and any necessary security software. Hardware components of the
electronic voting system must be sealed with tamper-resistant or tamper-evident seals once
programmed, which must be logged as corresponding with particular voting equipment. The
computer operating area, where the computer containing the EMS is located, must be located in a
separate room at a central counting place (EPM Ch. 4 (III) and Ch. 10 (II)(C)).
There is no anticipated fiscal impact to the state General Fund associated with this
legislation.
Provisions
1. Requires, by the 2022 primary election, a county recorder or other officer in charge of elections
to have a dedicated special purpose EMS gateway computer that may only be used when
necessary to download data:
a) from an internet-connected system, including downloading ballot language or ballot files,
onto a memory stick or other removable memory device for uploading to the EMS gateway
computer; or
b) from the EMS gateway computer, including election results files, to a memory stick or
other similar device for uploading to an internet-connected system.
2. Prohibits a computer other than the designated EMS gateway computer from being used as an
internet-connected system for the prescribed purposes. FACT SHEET
S.B. 1642
Page 2
3. Prohibits an EMS gateway computer from being used for any non-prescribed purpose.
4. Requires an EMS gateway computer to:
a) only be connected to a network when necessary, such as to upload to or download from the
internet or to install necessary software updates;
b) be disconnected from the network before any transfer of data to or from a memory stick or
other device that was or will be connected to the EMS gateway computer;
c) have endpoint protection software that protects the computer from malware, viruses,
ransomware, incursions and other cybersecurity risks, with installed scanning capability;
and
d) be physically secured by the officer in charge of elections or their designee in compliance
with applicable requirements for other election equipment.
5. Prohibits an EMS gateway computer from:
a) being used for any purpose other than moving necessary election data in to or out of the
computer; and
b) have any software installed other than endpoint protection and a web browser.
6. Requires an EMS gateway computer's operating system, browser and endpoint protection
software to have the most recent updates and security patches installed.
7. Requires security to be the most important criteria when selecting a web browser for an EMS
gateway computer.
8. Requires a firewall applicable to an EMS gateway computer operating system to be enabled so
that:
a) incoming connections, unnecessary outbound ports and the use of an unsecured hypertext
transfer protocol are prohibited; and
b) connections are allowed only to specified internet protocol addresses such as the EMS
vendor download site and the SOS's site used for election night reporting.
9. Requires, if present on an EMS gateway computer, all wireless connections and functions and
cellular functions to be disabled.
10. Prohibits a wireless mouse or wireless keyboard from being used on an EMS gateway
computer.
11. Requires the default administrator account on an EMS gateway computer to be disabled and
customized administrator accounts with specific powers and privileges to be created to provide
persons with administrator access only the powers and privileges necessary for the person's
specific job duties.
12. Requires normal operation of an EMS gateway computer, such as when not conducting system
configuration or maintenance that requires administrator access, to be conducted without
administrator rights to ensure that non-administrators cannot install unauthorized software or
otherwise have access to the operating system or internal file structures. FACT SHEET
S.B. 1642
Page 3
13. Requires any physical port, plug, door or other method of physical or electronic access to an
EMS gateway computer to be secured in a manner to prevent unauthorized access to the
computer.
14. Becomes effective on the general effective date.
Prepared by Senate Research
February 9, 2022
MH/slp