EAC Election Equipment Disposal Checklist
There are security risks associated with the disposal, sale, or destruction of computer equipment and storage devices. Election officials must practice due diligence to properly account for all election equipment in their inventory. All election offices should develop an Incident Response Plan to monitor, detect, respond to, and mitigate incidents, such as a break in the chain of custody of equipment in their inventory, should they occur. The Cybersecurity and Infrastructure Security Agency (CISA) Cyber Incident Detection and Notification Planning Guide for Election Security provides guidance for developing a basic cyber incident response plan. The Department of Homeland Security’s Incident Handling Overview for Election Officials provides guidance on steps for handling cyber incidents. Although both guides focus on cyber incidents, the principles apply broadly to incidence response readiness.
Before disposing of, selling, or destroying any voting equipment or election technology, election officials should work with their Information Technology/Information Security support team to ensure that all necessary back-ups are made, and procedures are followed, and they comply with all laws and contractual obligations.
Chain of Custody and Inventory Control
It is critical to maintain a complete and accurate inventory of all election equipment, including ballot scanners and tabulators, ballot marking devices, communication equipment, supervisor or administrator devices such as smart cards, servers and workstations, and removable storage media. Prior to disposing of any election equipment, election officials should ensure they have a complete inventory of all election equipment. This inventory should contain at a minimum:
- Equipment – maintain a list of equipment, serial numbers, and quantity in each physical location, such as the election office, warehouse or storage facility.
- Machine Checkout – inventory control should track equipment when it is (1) being released and returned for an election, (2) released and returned for a demonstration, and (3) accepted from or returned to the vendor for maintenance or repair.
- Usage History – maintain a history of elections for which each piece of equipment has been tested and used.
- Maintenance History – maintain a history of routine or preventive maintenance tasks completed on each individual device.
- Repair History – maintain a history of repairs to individual devices.
- Disposal – maintain a history of disposal for each device that includes (1) the entity or persons, method, and date when data was wiped from the device, (2) who oversaw each step in the disposal process, and (3) a record of each disposed device with the date of disposal, how it was disposed and who authorized the disposition.
Voting Technology Purchased with HAVA Funds
Equipment purchased with Help America Vote Act (HAVA) funds can be disposed of either collectively as a system or individually as components, as long it meets the guidelines outlined in Common Rule requirements for disposition of equipment purchased with federal funds (41 CFR 105-71.132 or 2 CFR 200.313).
Items of equipment with a current per-unit fair market value in excess of $5,000 may be sold with the funds credited to the state/local HAVA election accounts in an amount calculated by multiplying the current market value or proceeds from sale by the HAVA (Federal and Matching Funds) share in the cost of the equipment.
In cases where the titleholder fails to take appropriate disposition actions, the EAC retains the right to direct states to take excess and disposition actions.
States and local jurisdictions can continue to use equipment purchased with HAVA funds for its original purpose for as long as needed, even if the EAC award used to purchase the equipment has been closed. Equipment may also be used for other federally supported activities currently or previously funded by a federal agency. Additionally, equipment can be traded-in for replacement equipment for same purposes.
Without prior approval from the EAC, equipment purchased with HAVA funds with a current per unit fair market value of less than $5,000, may be traded-in, sold or scrapped on an as needed basis with no further obligation to the EAC beyond recording disposition in the appropriate equipment inventory log.
The final record retention period for equipment replacement or disposition begins on the date the State submits its final Federal Financial Report (FFR) to the EAC and continues for three years. For equipment replacement or disposal after the end of the award period, the three-year record retention period begins from the time the equipment is traded-in or disposed of and continues for three additional years.
For more information about disposal, sale or destruction of election equipment purchased with HAVA funds, contact the Office of Grants Management at: [email protected].
Disposal and Destruction of Election Equipment
Prior to the disposal of any voting system, all equipment should be sanitized, which is the process of removing all data from a device. Solely deleting the files on the device is not sufficient as it does not remove the files from memory. Deleted files remain on the device and can still be recovered. Therefore, all equipment should be taken back to the condition of a non-functioning piece of hardware with no software or firmware remaining on the equipment. For more detailed information on determining how to sanitize election technology, see the Clearing and Sanitization Matrix from Defense Security Service in NIST Special Publication 800-88 Revision 1.
Election officials must practice due diligence to properly sanitize and dispose of election equipment. This involves at a minimum:
- Determining if their Information Technology/Information Security support team has a process for wiping data from memory before disposing of or selling equipment. Election officials should follow all requirements set forth by their jurisdiction. For jurisdictions without a pre-defined process, the Cybersecurity & Infrastructure Security Agency's (CISA) Security Tips (ST18-005) provides guidance on wiping data and disposal of electronic devices.4For computer equipment, there are tools that overwrite every sector of a hard drive multiple times that meet the Department of Defense security standards for wiping data (DOD 5220.22-M, Data Wipe Method).
- Confirming the destruction and disposal process with their voting system manufacturer (vendor) to make sure it is sufficient for meeting the requirements of the technology and equipment to which it is applied. If replacing old equipment with new equipment from the same vendor, consider including a requirement in the contract that the vendor take back the old equipment.
- Verifying there are no legal or contractual obligations that must be met before disposing of or selling any of the election equipment.
A jurisdiction may determine that it would be best to outsource the destruction and disposal of the election equipment. When utilizing this option, it is recommended that the jurisdiction exercise due diligence, including only using a disposal company that is certified by a recognized trade association or similar third party. Also, the jurisdiction should require a certificate of destruction stating that all data stored on the election equipment has been properly wiped and all hardware has been appropriately discarded. There may be local or state laws concerning electronic waste disposal and environmental or public health hazards.