EscrowED: Escrow Required for Election Software in Colorado

The following is an explanation of the sections of the Colorado Revised Statutes regarding the handling, escrowing, and management of election software and setup records. This legislation aims to ensure transparency, security, and accountability in the use of electronic systems for voting and tabulating election results. Let’s delve into a comprehensive analysis of each section and its implications.

1-7-510. Election Software Code – Escrow – Definitions

(1) Definitions

This subsection provides definitions crucial for understanding the subsequent sections. It defines “election setup records” as electronic records generated by election tabulation software during the setup process, encompassing ballot definitions, tabulation instructions, and other relevant functions.

(2) Deposit of Election Setup Records

Here, the legislation mandates that designated election officials deposit a copy of the election setup records with the secretary of state no later than seven days before the election. This ensures that the state has access to the necessary information to verify and authenticate the election setup.

(3) Reporting and Modification

If any modifications or alterations are made to the election setup records after submission, the designated election official must promptly report these changes to the secretary of state and deposit the modified records no later than noon on the day of the election. This provision ensures that any changes are documented and accounted for, maintaining the integrity of the electoral process.

(4) Retention Period

The secretary of state is tasked with retaining the election setup records for six months, after which they are returned to the designated election official. This retention period allows for post-election audits and investigations if necessary.

(5) Use and Security

The legislation strictly limits the use of election setup records deposited with the secretary of state, specifying that they can only be utilized as directed by the secretary of state or by court order. Moreover, it mandates secure storage of the storage medium containing these records, emphasizing the importance of safeguarding sensitive electoral data.

(6) Rule Promulgation

The secretary of state is empowered to promulgate rules in accordance with relevant statutes to implement the provisions outlined in this section. This grants the flexibility to adapt to evolving technological and procedural requirements in electoral administration.

(7) Non-Public Records

Election setup records deposited with the secretary of state are deemed non-public records for the purposes of the relevant state statutes. This provision underscores the confidentiality and restricted access to these records to prevent unauthorized disclosure or tampering.

1-7-511. Election Software – Voting Equipment Providers – Escrow – Definitions

(1) Escrow Requirement for Voting System Providers

When a voting system provider submits electronic or electromechanical voting systems for certification, they are required to place a copy of the election software and supporting documentation in escrow with the secretary of state or an approved independent escrow agent. Subsequent changes to the software must also be escrowed, ensuring that the state has access to the latest versions of election software for verification and validation purposes.

(2) Affidavit Requirement

A key accountability measure, this subsection mandates that an officer of the voting system provider sign a sworn affidavit affirming that the election software in escrow is identical to the software being used in the state’s voting systems. This affidavit must be continuously valid, emphasizing the ongoing responsibility of the provider to maintain software integrity.

(3) Additional Requirement for Certification

In addition to escrowing with the state, voting system providers must deposit a copy of the election software with the national software reference library, enhancing transparency and facilitating national oversight of election software.

(4) Rulemaking Authority

Similar to the previous section, the secretary of state is granted rulemaking authority to establish procedures for compliance with the escrow requirements outlined in this section. This enables the state to enforce consistent standards across voting system providers.

(5) Definition of Election Software

This subsection defines “election software” as the software controlling various aspects of the electoral process, including setup, voting, tabulation, and reporting. This comprehensive definition clarifies the scope of software subject to escrow requirements.

(6) Non-Public Records

Consistent with the previous section, election software and supporting documentation placed in escrow are designated as non-public records, ensuring confidentiality and restricted access.

1-7-512. Voting System Providers – Duties

(1) Provider Responsibilities

Voting system providers contracting with political subdivisions in the state must adhere to several obligations, including notifying the secretary of state of any hardware, firmware, or software installations or changes. They must also escrow copies of certified election software and promptly report any defects or changes to the secretary of state and designated election officials.

(2) Rulemaking Authority

The secretary of state is granted rulemaking authority to establish procedures for voting system providers to fulfill their obligations under this section, ensuring consistent compliance and enforcement.

(3) Definition of Election Software

Similar to previous sections, this subsection provides a definition of “election software,” reinforcing the comprehensive scope of software subject to regulatory oversight.

Why Escrow?

These sections of the Colorado Revised Code underscore the critical importance of software escrow in the context of electoral processes. Software escrow refers to the practice of depositing a copy of the source code, executables, or other materials related to software with a trusted third party, who holds it in escrow until certain conditions are met. This mechanism serves as a safeguard against unforeseen events such as the bankruptcy or failure of the software provider, ensuring continuity of service and access to essential software components.

Let’s analyze the implications of these provisions and why software escrow is necessary in the context of election software:

Ensuring Integrity and Transparency

The sections mandate the deposit of election setup records and election software with the secretary of state or an approved escrow agent. This requirement ensures that essential components of the electoral process, including ballot definitions, tabulation instructions, and election software, are securely stored and accessible in case of emergencies or disputes. By depositing these materials in escrow, election officials can maintain the integrity and transparency of the electoral process, as any modifications or alterations must be promptly reported and documented.

Mitigating Risks and Ensuring Continuity

Software escrow mitigates the risks associated with relying on proprietary election software provided by third-party vendors. In the event of the vendor’s bankruptcy, acquisition, or failure to support the software, access to the source code and related materials stored in escrow allows election officials to continue operating the voting systems without interruption. This mitigates the risk of electoral disruptions and ensures the continuity of service, safeguarding the democratic process.

Accountability and Verification

The requirement for voting system providers to deposit election software in escrow, along with supporting documentation, enhances accountability and verification. By signing a sworn affidavit affirming the integrity of the deposited software, voting system providers are held accountable for ensuring that the software used in voting systems is consistent with the certified version. This accountability mechanism promotes transparency and trust in the electoral process, as election officials and the public can verify the authenticity of the software used in elections.

Regulatory Compliance and Standardization

The sections empower the secretary of state to promulgate rules and establish procedures for compliance with software escrow requirements. This regulatory framework ensures consistency and standardization across voting system providers, enhancing the effectiveness of software escrow practices. By prescribing the manner and procedures for depositing, maintaining, and verifying escrowed software, the regulations facilitate compliance and enforcement, thereby strengthening the integrity of the electoral process.

Protection of Sensitive Information

The designation of election setup records and election software as non-public records underscores the importance of protecting sensitive information related to the electoral process. By restricting access to these records and software, the sections mitigate the risk of unauthorized disclosure or tampering, safeguarding the confidentiality and security of electoral data. This protection of sensitive information is essential for maintaining public trust and confidence in the electoral process.

Conclusion

These sections outline a comprehensive framework for the escrowing, management, and oversight of election software and setup records. By requiring the deposit of election setup records and software escrow, mandating reporting of modifications, and defining provider responsibilities, the legislation aims to enhance the transparency, security, and integrity of the electoral process. Additionally, the designation of election records and software as non-public records underscores the importance of confidentiality and restricted access to sensitive electoral data. Through rulemaking authority, the secretary of state is empowered to adapt and enforce regulations to ensure consistent compliance and accountability across voting system providers. Overall, these provisions contribute to the trustworthiness and credibility of electronic voting systems in electoral administration.

Read more here: https://www.sos.state.co.us/pubs/info_center/laws/Title1/Title1Article7.html



About PRAXIS Technology Escrow, LLC

PRAXIS Technology Escrow offers comprehensive solutions tailored to meet the specific needs of government agencies, including its automated escrow deposit system and Software as a Service (SaaS) escrow services. Let’s explore how PRAXIS addresses the requirements highlighted in the quoted material:

Automated Escrow Deposit System: PRAXIS provides government agencies with an automated escrow deposit system that streamlines the escrow process and automatically ensures timely deposit of software source code and IP. This system allows agencies to securely deposit their software assets into escrow accounts, reducing administrative burden and minimizing the risk of delays in escrow deposit.

SaaS Escrow Services: As government agencies increasingly adopt Software as a Service (SaaS) solutions, PRAXIS offers specialized escrow services tailored to protect SaaS applications and data. This includes escrow agreements that encompass SaaS subscriptions, ensuring that agencies retain access to critical software functionalities and data in the event of service interruptions or vendor disruptions.

Customized Escrow Agreements: PRAXIS works closely with government agencies to develop customized escrow agreements that address their unique requirements and security concerns. This includes specifying release terms, security protocols, and access controls to ensure that escrowed software assets are protected and accessible only to authorized personnel.

Dedicated Support and Service: PRAXIS provides government agencies with dedicated support and service throughout the escrow process, serving as a trusted partner in safeguarding their software investments. This includes ongoing monitoring, verification, and maintenance of escrowed assets to ensure their availability and integrity over time.

Proven Experience and Expertise: With a track record of excellence in technology escrow services, PRAXIS brings proven experience and expertise to government agencies seeking to mitigate risks associated with software acquisition. PRAXIS understands the unique challenges facing government agencies and is committed to delivering tailored solutions that meet their needs effectively.

In conclusion, PRAXIS Technology Escrow offers government agencies comprehensive solutions designed to meet their specific needs and requirements. By leveraging PRAXIS’s automated escrow deposit system, SaaS escrow services, customized escrow agreements, dedicated support, and proven expertise, government agencies can enhance their resilience to software vendor disruptions and ensure the continuity of critical operations. As government agencies continue to embrace technology to fulfill their missions, PRAXIS stands ready to support them in safeguarding their software investments and mitigating risks associated with technology acquisition.