California Code of Regulations

Title 2. Administration

Division 7. Secretary of State

Chapter 6. Escrow of Source Codes

Article 1. General Purpose

20610. Application of Regulations.

These regulations shall apply to every election, all or any portion of which is conducted under the authority of the Elections Code.

Note: Authority cited: Section 12172.5, Government Code; and Sections 2501 and 19212, Elections Code. Reference: Sections 2500, 2501 and 19212, Elections Code.

20611. Reasons for Placing Source Code into Escrow.

Voting system source code(s), ballot marking system source code(s), and election management system source code(s) (hereinafter: 'source code') shall be placed in escrow in order to:

  1. Protect and enhance the integrity of elections;
  2. Create a record of all versions, including changes or modifications of the source code materials placed in escrow;
  3. Create a record of all applications for access to the source code materials placed in escrow; and
  4. Unless otherwise superseded by a contract between a vendor and an election jurisdiction, preserve the necessary source code information to permit the election jurisdiction to continue the use and maintenance of the source code in the event the vendor is unable, or otherwise fails, to provide maintenance. At no time shall this be construed as a way for either the vendor or the county to violate a contractual obligation to gain access to source code.

Note: Authority cited: Section 12172.5, Government Code; and Sections 2501 and 19212, Elections Code. Reference: Sections 2500, 2501 and 19212, Elections Code.

20612. Placement in Escrow Required.

  1. The source code for any voting system or ballot marking system intended for use by an election jurisdiction in California must be placed in an approved escrow facility. If the source code has not been placed in an approved escrow facility, no voting system or ballot marking system derived from that source code may be used in any California election conducted pursuant to the Elections Code.
  2. The election management system source code intended for use by an election jurisdiction in California must be placed in an approved escrow facility annually or after each major release.

Note: Authority cited: Section 12172.5, Government Code; and Sections 2501 and 19212, Elections Code. Reference: Sections 2500, 2501 and 19212, Elections Code.

20613. Escrow Facility Must be Approved.

For purposes of this chapter, no escrow facility, including any which may have been providing such services for any vendor prior to the effective date of these regulations, may serve as an escrow facility for purposes of these regulations after the effective date without having first been approved by the Secretary of State pursuant to these regulations.

Note: Authority cited: Section 12172.5, Government Code; and Sections 2501 and 19212, Elections Code. Reference: Sections 2500, 2501 and 19212, Elections Code.

Article 2. Definitions

20620. Voting System, Ballot Marking System, and Election Management System.

A "voting system" means a mechanical, electromechanical, or electronic system and its software, or any combination of these used for casting a ballot, tabulating votes, or both. This includes the software that defines the election definition files, ballot layout and structure, results reporting, and event logging. "Voting system" does not include a ballot marking system.

A "ballot marking system" means a mechanical, electromechanical, or electronic system and its software that is used for the sole purpose of marking a ballot for a military or overseas voter and is not connected to a voting system at any time.

An "election management system" is an electronic system that is used by a county in California to track voter registration or voter preferences, including, but not limited to, a voter's vote-by-mail status.

Note: Authority cited: Section 12172.5, Government Code; and Sections 2501 and 19212, Elections Code. Reference: Sections 2500, 2501 and 19212, Elections Code.

20621. Source Code(s).

"Source code" is the version of a computer program in which the programmer's original programming statements are expressed in a source language (e.g. C++, C#, Visual Basic, Java, etc.) which must be compiled or assembled and linked into equivalent machine-executable object code, thereby resulting in an executable software program. For the purpose of escrow:

  1. "Voting system source code(s)" for casting a ballot, tabulating votes, or both, including the software that defines the election definition files, ballot layout and structure, results reporting, and event logging. "Voting system source code(s)" also includes complete build and configuration instructions, related documents for compiling the source code into object code, and documentation for which commercial off-the-shelf products and versions are compatible with the voting system for each version of the voting system in use in a county in the state.
  2. "Ballot marking system source code(s)" consists of the computer program or programs for all components for the ballot marking system. "Ballot marking system source code(s)" also includes complete build and configuration instructions, related documents for compiling the source code into object code, and documentation for which commercial off-the-shelf products and versions are compatible with the ballot marking system for each version of the ballot marking system in use in a county in the state.
  3. "Election management system source code(s)" consists of the computer program or programs for all components of the election management system. "Election management system source code(s)" also includes complete build and configuration instructions, related documents for compiling the source code into object code, and documentation for which commercial off-the-shelf products and versions are compatible with the election management system for each version of the election management system in use in a county in the state. In the instance that an election management system vendor does not use build and configuration instructions and related documents for compiling the source code into object code because it uses commercial off-the-shelf compilers or standard industry procedures for compiling the source code, such documentation is not required. A document describing this shall be provided with the escrowed source code.

Note: Authority cited: Section 12172.5, Government Code; and Sections 2501 and 19212, Elections Code. Reference: Sections 2500, 2501 and 19212, Elections Code.

20622. Escrow.

"Escrow" is the process by which a third party having no direct or indirect financial interest with a vendor holds, for safekeeping, the source code, including all changes or modifications and new or amended versions. A financial interest would exist if the third party, for instance, included a vendor's stocks in its portfolio.

Note: Authority cited: Section 12172.5, Government Code; and Sections 2501 and 19212, Elections Code. Reference: Sections 2500, 2501 and 19212, Elections Code.

20623. Escrow Facility.

"Escrow facility" is the physical location in which the source code may be stored. No election jurisdiction may act as an escrow facility to store its own source code.

Note: Authority cited: Section 12172.5, Government Code; and Sections 2501 and 19212, Elections Code. Reference: Sections 2500, 2501 and 19212, Elections Code.

20624. Escrow Company.

"Escrow company," for the purposes of this chapter, is any business certified by the Secretary of State to store source code.

Note: Authority cited: Section 12172.5, Government Code; and Sections 2501 and 19212, Elections Code. Reference: Sections 2500, 2501 and 19212, Elections Code.

20625. Escrow Agreement.

An "escrow agreement" is a contract or subagreement to hold each source code in escrow. The contract may be a master contract with separate subagreements to hold each source code in escrow or an individual contract entered into for each source code placed in escrow.

Note: Authority cited: Section 12172.5, Government Code; and Sections 2501 and 19212, Elections Code. Reference: Sections 2500, 2501 and 19212, Elections Code.

20626. Vendor.

A “vendor” is any person, group, organization, company, or entity, whether or not incorporated, who sells, leases, or grants use of, with or without compensation, a voting system, ballot marking system or an election management system for use by jurisdictions that conduct elections subject to these regulations. The term "vendor" includes election jurisdictions that provide or maintain a voting system, ballot marking system or an election management system for their own use or for the use of others.

Note: Authority cited: Section 12172.5, Government Code; and Sections 2501 and 19212, Elections Code. Reference: Sections 2500, 2501 and 19212, Elections Code.

Article 3. The Secretary of State

20630. Consider all Applications.

The Secretary of State shall consider all applicants for certification as an escrow company and shall certify, in writing, those that meet the minimum requirements set forth in these regulations.

Note: Authority cited: Section 12172.5, Government Code; and Sections 2501 and 19212, Elections Code. Reference: Sections 2500, 2501 and 19212, Elections Code.

20631. Review Procedures.

Prior to any approval, the Secretary of State shall review, for conformance with these regulations, the procedures proposed by each applicant escrow company for operation of its escrow facilities.

Note: Authority cited: Section 12172.5, Government Code; and Sections 2501 and 19212, Elections Code. Reference: Sections 2500, 2501 and 19212, Elections Code.

20632. Escrow Company Must be Certified and Escrow Facility Must be Approved.

No escrow facility may be used for escrow of any source code until certification has been granted to the escrow company and approval of the escrow facility for such use is received by the escrow company and displayed pursuant to Section 20661, subsection (a), of this chapter.

Note: Authority cited: Section 12172.5, Government Code; and Sections 2501 and 19212, Elections Code. Reference: Sections 2500, 2501 and 19212, Elections Code.

20633. Review and Processing of Applications for Certification or Approval.

  1. Within ten working days after receipt of an application for certification as an escrow company or approval of an escrow facility, the Secretary of State shall inform the applicant in writing whether the application is complete and accepted for filing or that it is deficient and what specific information or documentation is required to complete the application.
  2. Within thirty working days of receipt of a completed application, the Secretary of State will inform the applicant whether the application for certification or approval has been approved or denied.

Note: Authority cited: Section 12172.5, Government Code; and Sections 2501 and 19212, Elections Code. Reference: Sections 2500, 2501 and 19212, Elections Code.

20634. Periodic Inspections of Escrow Facilities.

  1. To ensure compliance with these regulations, the Secretary of State shall cause periodic inspections during normal business hours, with or without prior notice, of facilities used to escrow source code(s) and of such records maintained as required by this chapter.
  2. The Secretary of State reserves the right to inspect any facility for which a new application for approval is made.

Note: Authority cited: Section 12172.5, Government Code; and Sections 2501 and 19212, Elections Code. Reference: Sections 2500, 2501 and 19212, Elections Code.

20635. Action if Facility not in Compliance.

If the Secretary of State determines that any escrow facility is not in compliance with these regulations and other applicable law, he or she shall:

  1. Withdraw approval of the escrow facility to store one or more source code(s); and,
  2. Order the temporary removal of source code(s) from such facility, and the transfer of such source code(s) to facilities which are in compliance.

Note: Authority cited: Section 12172.5, Government Code; and Sections 2501 and 19212, Elections Code. Reference: Sections 2500, 2501 and 19212, Elections Code.

20636. Procedure to Withdraw Approval from Escrow Facility.

  1. No action to withdraw approval of a facility to store source code shall commence until the Secretary of State has mailed a written 30-day notice. The notice shall be sent to the escrow company, the escrow facility, and the vendor(s) storing source code(s) at the facility.
  2. Within ten days of the date of mailing of the 30-day notice, a representative of the escrow facility may request an administrative hearing with the Secretary of State to appeal the determination of non-compliance. The escrow facility shall notify the vendor that a hearing has been requested. If the vendor has received notice of request for administrative hearing, he or she shall notify the election jurisdiction, no later than three days after receipt of such notice, that a hearing has been requested and shall send copies of such notification(s) to the Secretary of State.
  3. Any vendor receiving a notice pursuant to subdivision (a) shall within 10 days of the date of the notice advise in writing any election jurisdiction using a voting system, ballot marking system or an election management system derived from the source code which has been placed in escrow that the Secretary of State will conduct an administrative hearing. The vendor shall notify the affected election jurisdiction(s) that a hearing has been requested.
  4. Within ten days of receipt of the request for an administrative hearing, the Secretary of State shall schedule the hearing and notify the representative of the escrow facility, the vendor, and other interested parties.
  5. Within five days after the administrative hearing, the Secretary of State shall notify the representative of the escrow facility, the vendor, and other interested parties of the decision on the appeal.

Note: Authority cited: Section 12172.5, Government Code; and Sections 2501 and 19212, Elections Code. Reference: Sections 2500, 2501 and 19212, Elections Code.

20637. Escrow Company to Comply when Escrow Facility Approval Withdrawn.

Once the Secretary of State has issued an order to remove or transfer the source code and materials, the escrow company shall comply with the order within 24 hours of receipt of the order.

Note: Authority cited: Section 12172.5, Government Code; and Sections 2501 and 19212, Elections Code. Reference: Sections 2500, 2501 and 19212, Elections Code.

20638. List of Certified Escrow Companies and Approved Escrow Facilities.

The Secretary of State shall send to each county chief elections official, to each certified escrow company, to each approved escrow facility, and to each vendor of a voting system, ballot marking system, and election management system source code, a complete list of all certified escrow companies and their facilities approved for use in California no later than January 30 of each year, and within ten days of any change affecting the list.

Note: Authority cited: Section 12172.5, Government Code; and Sections 2501 and 19212, Elections Code. Reference: Sections 2500, 2501 and 19212, Elections Code.

Article 4. The Vendor

20640. Separation of Vendor Interests from Escrow Company.

The vendor, its officers, and directors, shall not hold or exercise any direct or indirect financial interest(s) in the escrow company.

Note: Authority cited: Section 12172.5, Government Code; and Sections 2501 and 19212, Elections Code. Reference: Sections 2500, 2501 and 19212, Elections Code.

20641. Vendor Certification of Deposit.

  1. Within five working days of any submission of source code materials, each vendor shall certify to each affected election jurisdiction, with a copy to the Secretary of State, that they have placed their source code or codes in escrow. The certification shall include a description of submitted materials sufficient to distinguish them from all other submissions.
  2. The certification shall state:
    1. That all source code information and materials required by these regulations and other applicable law are included in the deposit.
    2. The name of the certified escrow company and the location of the approved escrow facility where the source code materials have been placed in escrow.
  3. Any election jurisdiction which thereafter may desire to contract for use of a voting system, ballot marking system, or an election management system shall be provided with a copy of the certificate as a condition precedent to the execution of the contract.

Note: Authority cited: Section 12172.5, Government Code; and Sections 2501 and 19212, Elections Code. Reference: Sections 2500, 2501 and 19212, Elections Code.

20642. Requirements for Submission.

The vendor shall submit the source code, as defined in section 20621 of these regulations, to a certified escrow company for placement in an approved escrow facility.

Note: Authority cited: Section 12172.5, Government Code; and Sections 2501 and 19212, Elections Code. Reference: Sections 2500, 2501 and 19212, Elections Code.

20643. Updates to Submission.

  1. Once used in any election, no source code materials in escrow may be changed or modified. Except as specified in this section, change or modification requires that a new escrow be established.
  2. Once used in any election, the unchanged source code shall be retained, at a minimum, for the period of retention required by the Elections Code for other election materials at the same election.

Note: Authority cited: Section 12172.5, Government Code; and Sections 2501 and 19212, Elections Code. Reference: Sections 2500, 2501 and 19212, Elections Code.

20644. Deposit Software Modifications into Escrow.

  1. Prior to being used in any election, the vendor shall submit all voting system or ballot marking system source code changes or modifications into escrow in the same manner and under the same conditions in which the source code materials originally were placed in escrow
  2. Annually or within 10 working days of a major release of an election management system, the vendor shall submit all source code changes or modifications into escrow in the same manner and under the same conditions in which the election management system source code materials originally were placed in escrow.
  3. Within five working days of the submission to the escrow facility of the changed or modified source code, the vendor shall notify each affected election jurisdiction as provided for in Section 20641, with a copy to the Secretary of State, that the source code placed in escrow has been changed or modified.

Note: Authority cited: Section 12172.5, Government Code; and Sections 2501 and 19212, Elections Code. Reference: Sections 2500, 2501 and 19212, Elections Code.

Article 5. The Escrow Company

20650. Minimum Requirements for Certification.

A certified escrow company shall:

  1. Be authorized by the Secretary of State to operate its escrow facilities.
  2. Submit a copy of every escrow agreement to the Secretary of State. The copy shall be submitted by the escrow company within ten days of the date the escrow agreement is signed.
  3. For every submission of an escrow agreement, maintain records which sufficiently identify and describe the materials deposited in escrow to determine compliance with the agreement between the vendor and the escrow company. The escrow company shall not be required to verify the content of the materials submitted.
  4. Notify, in writing, the Secretary of State within five days of the initial deposit of source code. The notice shall include the name of the vendor and a list describing each of the items comprising the initial submission.
  5. Notify, in writing, the Secretary of State within five days of the termination of any escrow agreement.
  6. Notify, in writing, the Secretary of State within five days of the change of the name of the company or the name of the escrow facility, together with the address, phone number, and name of the contact person for the company and/or facility.

Note: Authority cited: Section 12172.5, Government Code; and Sections 2501 and 19212, Elections Code. Reference: Sections 2500, 2501 and 19212, Elections Code.

20651. Separation of Interest of Escrow Company with Vendor.

The escrow company, its officers, and directors, shall not hold or exercise any direct or indirect financial interest(s) in the vendor.

Note: Authority cited: Section 12172.5, Government Code; and Sections 2501 and 19212, Elections Code. Reference: Sections 2500, 2501 and 19212, Elections Code..

20652. Escrow Company Certification and Escrow Facility Approval Required.

Applications for certification as an escrow company and for approval of each escrow facility shall be made in writing to the Secretary of State on the Escrow Company and Facility Application (2014) incorporated herein.

Note: Authority cited: Section 12172.5, Government Code; and Sections 2501 and 19212, Elections Code. Reference: Sections 2500, 2501 and 19212, Elections Code.

20653. Approval for Additional Facilities Required.

Applications for approval of an escrow facility not included in the original application shall be made in writing to the Secretary of State on the Escrow Company and Facility Application (2014).

Note: Authority cited: Section 12172.5, Government Code; and Sections 2501 and 19212, Elections Code. Reference: Sections 2500, 2501 and 19212, Elections Code.

20654. Term of Certification.

Certification remains valid until surrendered by the escrow company or until revoked by the Secretary of State.

Note: Authority cited: Section 12172.5, Government Code; and Sections 2501 and 19212, Elections Code. Reference: Sections 2500, 2501 and 19212, Elections Code.

Article 6. The Escrow Facility

20660. Location of Approved Escrow Facilities.

Each approved escrow facility shall be physically located within the State of California.

Note: Authority cited: Section 12172.5, Government Code; and Sections 2501 and 19212, Elections Code. Reference: Sections 2500, 2501 and 19212, Elections Code.

20661. Escrow Facility to Post Notice of Approval.

  1. The approved escrow facility shall post a copy of the approval in its business office. The approval shall be posted in a place conspicuous to the public and must also be located so that it is easily readable by members of the public doing business at the escrow facility.
  2. No source code shall be placed in escrow in the facility until the approval is posted according to this section.

Note: Authority cited: Section 12172.5, Government Code; and Sections 2501 and 19212, Elections Code. Reference: Sections 2500, 2501 and 19212, Elections Code.

20662. Requirements for Escrow Facilities.

For all source code materials each escrow facility shall:

Note: Authority cited: Section 12172.5, Government Code and Section 19103, Elections Code. Reference: Section: 19103, Election Code.

  1. Provide a secure and safe environment in which humidity, temperature, and air filtration are controlled on a 24-hours-a-day, 7-days-a-week basis. The humidity shall be maintained between 35 and 45 percent and the temperature shall be maintained between 60 and 72 degrees Fahrenheit.
  2. Maintain storage away from electrical, magnetic, and other fields which could potentially damage computer media over time.
  3. Have backup capability to maintain the properly secured environment in the event of power outages or natural disasters.
  4. Maintain physical security of the escrow facility with controlled and restricted access to source code materials placed in escrow.
  5. The source code materials placed in escrow shall be secured in a single container and no other material shall be placed in that container.

20663. Continued Approval of Escrow Facility.

Approval remains valid until surrendered by the escrow company or until revoked by the Secretary of State.

Note: Authority cited: Section 12172.5, Government Code; and Sections 2501 and 19212, Elections Code. Reference: Sections 2500, 2501 and 19212, Elections Code.

Article 7. Access to and Review of Materials in Escrow

20670. Conditions for Access to Materials Placed in Escrow.

No access to materials placed in escrow shall occur except as specified in (a), (b) or (c) of this section.

  1. Upon an order of an appropriate court in the course of an investigation or prosecution regarding vote counting equipment, voter registration or procedures. The court order shall specify the procedures for reviewing the materials in escrow, including, but not limited to, the name of each person permitted to review the materials, the person or persons responsible for guaranteeing that the materials are not tampered with or otherwise altered, and the time, place, and other conditions under which the materials may be reviewed.
  2. Upon a finding by the Secretary of State that an escrow facility or escrow company is unable or unwilling to maintain materials in escrow in compliance with these regulations.
  3. The Secretary of State may, in furtherance of these regulations, for cause at any time, audit source code materials placed in escrow with an approved escrow facility or a facility for which approval has been withdrawn pursuant to these regulations, for purposes of verifying the contents.

Note: Authority cited: Section 12172.5, Government Code; and Sections 2501 and 19212, Elections Code. Reference: Sections 2500, 2501 and 19212, Elections Code.

20672. Integrity of Materials Placed in Escrow.

No person having access to the voting system, ballot marking system, or election management system source code materials shall interfere with or prevent the escrow representative from monitoring the security and the integrity of the source code materials.

Note: Authority cited: Section 12172.5, Government Code; and Sections 2501 and 19212, Elections Code. Reference: Sections 2500, 2501 and 19212, Elections Code.

Article 8. The Escrow Agreement

20680. Vendor Agreement for Escrow Deposits.

A vendor may enter into a written agreement with any certified escrow company for deposit of each source code.

Note: Authority cited: Section 12172.5, Government Code; and Sections 2501 and 19212, Elections Code. Reference: Sections 2500, 2501 and 19212, Elections Code.

20681. Minimum Terms Required in Agreement.

The terms of the agreement between the vendor and the escrow company shall include, but not be limited to, the following elements:

For the purposes of this section "object" or "objection" means the delivery by certified mail of an affidavit or declaration to the escrow company by the vendor, with a copy to the election jurisdiction which is demanding access and a copy to the Secretary of State. The objection shall state that an access condition either has not occurred or no longer exists. Upon receipt of the objection, the escrow company shall not permit access and shall continue to store the deposit pursuant to the escrow agreement.

Note: Authority cited: Section 12172.5, Government Code; and Sections 2501 and 19212, Elections Code. Reference: Sections 2500, 2501 and 19212, Elections Code.

20682. State Not Liable for Any Costs or Any Other's Actions.

Neither the Secretary of State nor the State of California shall be responsible for any of the fees claimed by the vendor, election jurisdictions, or the escrow company to establish the escrow contract. Further, neither the Secretary of State nor the State of California is a party to the agreement and shall not incur any liability for the actions of the parties involved in this escrow agreement.

Note: Authority cited: Section 12172.5, Government Code; and Sections 2501 and 19212, Elections Code. Reference: Sections 2500, 2501 and 19212, Elections Code.