Election Security Spotlight – Chain of Custody is Crucial for Election Offices
Chain of Custody is Crucial for Election Offices
Chain of custody refers to the process or paper trail documenting the control or transfer of equipment and materials, such as voting machines or ballots. While commonly thought of for physical pieces of equipment, chain of custody also applies to digital materials such as electronic transmissions or records. This includes the transfer of digital information to ensure the integrity and confidentiality of information are not compromised. It is critical to always know where this equipment is and who is handling it at any given time - a loss of physical or digital control can create unmanageable risks, result in election offices being unable to provide assurance a machine or system has not been tampered with, and undermine established public processes.
While the exact methods of how the transfer is documented may differ (paper v. electronic, locks, seals, etc.), all election offices should have a procedure for documenting the movement of election materials. Election offices should continuously test and audit this procedure, incorporating best practices ( consistent with legal requirements) to further strengthen both the process and the documentation. Post-election audits, and pre-election logic and accuracy tests, may be able to “organically” test this process.
Why chain of custody is critical
A documented chain of custody helps ensure transparency of the election process and the integrity of election equipment. A break in the chain of custody is defined by the Cybersecurity Infrastructure and Security Agency (CISA) as time when the control of equipment (such as election equipment and materials) “is uncertain and during which actions taken … are unaccounted for or unconfirmed.” This could result in election offices being unable to guarantee equipment has not been tampered with. In some cases where chain of custody cannot be meaningfully reestablished, equipment may be decommissioned and replaced - a time-consuming and costly undertaking.
Physical access to some equipment provides the highest risk that an adversary will be able to find a vulnerability; in addition to being a direct security risk, breaking chain of custody can, in and of itself, result in future vulnerabilities. Therefore, election offices should have clearly documented procedures for chain of custody in place before any election to ensure that all steps are properly followed.
The disclosure of the underlying technology that makes up election systems also increases the risk that an adversary could detect a vulnerability. Patch levels, configurations of systems and software, and other information about the makeup of election systems could be used by attackers looking to find a way to compromise the system. For example, the disclosure of a system’s IP address could give an attacker attempting to compromise a system a specific target.
With the rise in election offices being asked to turn over voting equipment for third party audits, documentation of the handling of voting equipment and ballots provides evidence that all necessary procedures were followed during the election period. It is also crucial that election offices understand chain of custody, and what they are legally required to do when asked to turn over records or equipment. Those requesting access to the equipment should carefully consider whether the request will break chain of custody and potentially introduce risk to the election process.
Best Practice Resources That You Can Use
Below is a list of resources of industry best practices and legal compliance that election officials can reference. These checklists and guidance documents can be incorporated into existing chain of custody procedures, or used as a basis to build one. Election officials should first and foremost follow all applicable federal, state, and local laws related to chain of custody.
- Review state-specific requirements first.
- Department of Justice (DOJ)'s “Federal Law Constraints on Post-Election 'Audits.'”
Contains information on “how states must comply with federal law when preserving and retaining election records” as well as outlining “the criminal penalties associated with the willful failure to comply with those requirements.”
- Election Assistance Commission (EAC)'s “Chain of Custody Best Practices”.
Includes “best practices, checklists, and sample forms for maintaining a proper chain of custody related to the successful operation of an election.”
- *CISA’s “Chain of Custody and Critical Infrastructure Systems"
Defines chain of custody, “highlights the potential impacts and risks resulting from a broken chain of custody,” and includes “five actionable steps for securing chain of custody for … physical and digital assets.”
For additional technical resources on best practices for handling digital forensic evidence, see the following resources. Note that these are technical resource materials and not legal guidance. Election officials are encouraged to discuss these with their IT partners.
- *The UNODC Education for Justice Program’s “Handling of digital evidence" teaching guide.
Examines the way digital evidence is identified, particularly digital forensics.
- *The National Institute of Standards and Technology’s Special Publication 800-86 “Guide to Integrating Forensic Techniques into Incident Response.
A starting point for developing a forensic capability in conjunction with guidance provided by legal advisors, law enforcement officials, and organizational management.