Security Features in Hart Intercivic’s Verity Voting System (Voting Equipment)
Non-standard physical connections are used for external ports on Verity devices. The use of non-standard port connections prevents unauthorized users from inserting any standard or commercial off-the-shelf cables or devices. In addition, the physical ports use non-standard wiring, which prevents any non-Verity device from being recognized.
In addition, keyed locks are used to prevent unauthorized access to the vDrive compartment, ballot box and device cases. As an added security measure, tamper-evident seals are also fastened on locations that store ballots and vote data.
Security Features in Verity Workstations (i.e., Verity Build, Verity Central, Verity Count)
Verity workstations are designed differently from regular computer workstations. The only features and functions available to the user are certified Verity software applications – and nothing else. So, it’s like an airport “kiosk,” and like voting devices themselves—when you power the computer on, it automatically boots into its own secure environment, and there is nowhere else to navigate to. Under normal operation, import and export of data from the Verity workstation is accomplished using removable USB media (i.e., a vDrive).
Verity workstations were designed this way to prioritize security. Multiple security mechanisms prevent the modification of software or internal configurations, thus maintaining the integrity and purity of the certified installed software. All Verity Voting software applications are installed in a secure “kiosk” mode that disallows user access to the operating system of the workstation on which the application is installed.
The Verity system uses a “trust list” to block all unauthorized applications from running on the system. Use of a trust list limits the applications that are permitted to run on a system. If a particular application attempts to execute on a system that uses a trust list, the system checks the application against a list of permitted applications (the ‘trust list’). Verity is also configured to hash check all executables, without exception, against that list. Anything that fails validation is prevented from running. In short, if the application is not on the list, Verity won’t allow it to run. This method allows the Verity system to protect itself both against the threats that exist today, as well as those that may exist in the future, without the need for the computer to be updated via the Internet or any other means.
Security Features in vDrives
vDrives are used to securely transfer exported election definitions to Verity devices, and ballots – as Cast Vote Records (CVRs) – between Verity Voting components. vDrives are created in Verity Build and can only be used in the specific election for which they were created. CVRs are written to vDrives from Verity Scan devices and the Verity Central Workstation. These vDrives are used for final tabulation in the Verity Count Workstation. In addition to recording CVRs, vDrives also securely store the required information and logs to allow for successful auditing of the election either directly or through the data transferred to Verity Count tabulation software and available in Verity Count reports.
vDrives utilize digital signature files to provide a clear chain of custody and ensure data integrity. The digital signatures on each vDrive provide confirmation that the contents are provably unaltered, as well as confirmation that the contents come from a verifiable, trusted source (the certified voting system). If a vDrive’s contents were changed outside of the Verity system, then the vDrive would be recognized as invalid if attempting to read it into any Verity device or software, and the vDrive would be rejected.