This glossary contains election terms including those used in the next Voluntary Voting System Guidelines (VVSG) requirements and glossary, and in the NIST Common Data Format (CDF) specifications. The glossary is being built via a joint effort by The Democracy Fund, the VVSG Election Modeling public working group, NIST, and other individuals in the election community. The Democracy Fund in particular has recognized that a glossary of common election terms would help states and others working in elections to all “speak the same language.” The glossary provides synonyms and as much as is possible, descriptions of how a term’s meaning may differ depending on its usage across different states and territories.
The process of granting or denying specific requests to:
Measurable characteristics that indicate the degree to which a system is available to, and usable by, individuals with disabilities. The most common disabilities include those associated with vision, hearing, mobility, and cognition.
Formal recognition that a laboratory is competent to carry out specific tests or calibrations.
Programmed device that creates credentials necessary to begin a voting session using a specific ballot style. Examples include electronic poll books and card activators that contain credential information necessary to determine the appropriate ballot style for the voter.
A physical separation between systems that requires data to be moved by some external, manual procedure.
The ballot or accompanying information is said to be in an alternative format if it is presented in non-standard ballot language and format. Examples include, but are not limited to, languages other than English, Braille, ASCII text, large print, recorded audio.
equal-and-even cumulative voting,
Storage media that is designed to preserve content for an extended period of time with minimal data corruption or loss.
A device that improves or maintains the capabilities of people with disabilities (such as no vision, low vision, mobility, or cognitive). These devices include headsets, keypads, software, sip-and-puff, and voice synthesizers.
Encryption system that uses a public and private key pair for cryptographic operation. The private key is generally stored in a user’s digital certificate and used typically to decrypt or digitally sign data. The public key is used typically to encrypt the data or verify its digital signatures. The keys could be used interchangeably as needed, that is, a public key can be used to decrypt data and the private key can be used to encrypt the data.
Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system. Audit trails may include event logs, paper records, error messages, and reports.
The software logic that
The concrete presentation of the contents of a ballot appropriate to the particular voting technology being used. The contents may be rendered using various methods of presentation (visual or audio), language, or graphics.
A device that:
electronic ballot marker
A question that appears on a ballot with options, usually in the form of an approval or rejection.
The process of varying the order of listed candidates within a contest. This allows each candidate to appear first on the list of candidates an approximately equal number of times across different ballot styles or election districts.
Ballot data that has been put into contest order for a particular precinct and considers a particular set of voter situations. Voter situations include party affiliation (for closed primaries), and age of the voter (in states that permit 17-year-olds to vote in primary elections), among others.
An optical, machine-readable representation of data as a sequence of bars and spaces that conform to accepted standards. Linear (1d) barcode standards include UPC, EAN and 128. QR is an example of a 2d barcode standard.
Device used to scan barcodes and convert the encoded information into a usable format. Barcode readers are used to scan codes on a variety of election materials including ballots, driver’s licenses, voter ID cards, voter information packets, envelopes, and other election documents.
A vote variation in which the candidate with the most votes wins. In single-seat contests, the voter may only select one contest option. In multi-seat contests for n seats, the voter may select up to n contest options.
A collection of paper ballots gathered as a group for tabulation or for auditing.
An electronic voting device that:
central-count optical scanner,
high-speed optical scanner
Quantitative point of reference to which the measured performance of a system or device may be compared.
An issued ballot without any selections made.
(Of a software program or logical design) Function, method, operation, subroutine, procedure, or analogous structural unit that appears within a module.
Testing of a voting system performed by a testing authority (such as the EAC or a state) to ensure that the system meets the requirements defined in the standards being tested against in the manner specified in its product documentation.
Data or information in its encrypted form.
Partisan primary election in which the voter receives a ballot containing only those party-specific contests pertaining to the political party with which the voter is affiliated, along with non-party-specific contests presented at the same election. Unaffiliated voters may be permitted to vote only on non-party-specific contests.
Standard and practice of creating and storing data in a common, described format that can be read by other systems.
Format used for usability test reporting. The format is described in ISO/IEC 25062:2006 “Common Industry Format (CIF) for Usability Test Reports,” one of a group of usability standards. CIF is the format required for usability test reporting.
Element within a larger voting system.
Prevention of unauthorized disclosure of information.
A continuous process of recording and maintaining consistent and reliable records pertaining to an organization’s hardware and software composition, including software version control and hardware updates.
Fulfilling specified requirements by a product, process, or service.
Process of testing device or system of devices against the requirements specified in one or more standards. The outcomes of a conformance test are generally a pass or fail result, possibly including reports of problems encountered during the execution.
A single decision or set of associated decisions being put before the voters (for example, the option of candidates to fill a particular public office or the approval or disapproval of a constitutional amendment). This term encompasses other terms such as “race,” “question,” and “issue” that are sometimes used to refer to specific kinds of contests. It does not refer to the legal challenge of an election outcome.
A votable choice that appears under a contest.
ballot marking target area,
ballot selection position,
Subset of application logic that is responsible for vote recording and tabulation.
Action taken to eliminate the causes of an existing deficiency or other undesirable situation in order to prevent it from recurring.
A cryptographic algorithm that computes a numerical hash value based on a data file or electronic message. It should be infeasible in practice to find two distinct data files or messages that will result in the same numerical hash value. The numerical value can be considered to be a fingerprint of the file or message. Colloquially known as a hash, hash function, or digital fingerprint. Hashes provide integrity protection.
Discipline that embodies the principles, means, and methods for transforming data to hide their semantic content, prevent their unauthorized use, prevent their undetected modification, or establish their authenticity.
A vote variation used in n-seat contests where a voter is permitted to distribute n votes to one or more contest options. Two major variations are used in American elections, one of which may result in fractional votes.
Measures taken to protect computer systems and data from attack and unauthorized access or use.
Cryptographic process of transforming encrypted data back into its pre-encryption form.
Also called the “Castle” approach. Multiple levels of logical and physical security measures that deny a single point of security failure in a system. Examples include the combined use of passwords, encryption, lock-and-key access, security seals, and logs.
Physical apparatus and any supporting supplies, materials, and logic that together form a functional unit that performs assigned tasks as an integrated whole.
A data set used to identify the holder of the certification and to verify, using a PKI, the authenticity of the certificate. It typically includes the holder’s private key and is used for cryptographic operations such as digitally signing or encrypting data.
A cryptographic operation where the private key is used to digitally sign an electronic document and the public key is used to verify the signature. Digital signatures provide data authentication and integrity protection.
A vote-capture device that allows:
in-person absentee voting
early vote center
Election Assistance Commission, created by the Help America Vote Act (HAVA) to assist the states regarding HAVA compliance and to distribute HAVA funds to the states. The EAC is also charged with creating voting system guidelines and operating the federal government’s first voting system certification program. The EAC is also responsible for maintaining the National Voter Registration form, conducting research, and administering a national clearinghouse on elections that includes shared practices, information for voters, and other resources to improve elections.
The act of confirming the final official results of a jurisdiction’s election. This event occurs after results from valid ballots are tallied from all sources (election day, absentee voting, early voting, provisional ballots, etc.) and results are validated and approved by those legally responsible.
A geographical area to which a practical authority has been granted to administer elections for political or administrative offices. Areas of jurisdiction apply to local, state, and federal levels. States, counties, cities, towns, and townships are all examples of jurisdictions.
Set of processing functions and databases within a voting system typically used to:
Any person who is involved with administering or conducting an election, including government personnel and temporary election workers. This may include any county clerk and recorder, election judge, member of a canvassing board, central election official, election day worker, member of a board of county commissioners, member or secretary of a board of directors authorized to conduct public elections, representative of a governing body, or other person engaged in the performance of election duties as required by the election code.
A system that:
election night reporting
Any person who interacts with those coming to vote. This includes any poll worker, election day worker, early voting worker, or other temporary staff engaged in supporting the voting or vote counting process.
The delivery of ballot and voter information packets electronically. The MOVE Act requires each state to provide for the electronic delivery (via fax, email, or an Internet-supported application) of ballots and related information from the local election office to the registered UOCAVA voter.
Subsystem within a voting system which communicates ballot information to a voter in video, audio, or other alternative format which allows the voter to select contest options using vocalization or physical actions.
The return of a voted ballot or voter information packet using electronic means. This can be by fax, email, or through the use of an Internet supported application. Sometimes referred to as “Internet Voting.”
Device that partially automates the process of checking in voters, assigning them the correct ballot style, and marking voters who have been issued a ballot. May be used in place of a traditional paper poll book. E-poll books can be stand alone at the precinct with a separate copy of the registration list or can be networked into a central voter registration system. They can check and update voter records in real time.
The universe of all voters who, if they cast a ballot, would have the legal right to have eligible contests on that ballot tabulated. This would include those who do not appear in the list of eligible voters because they live in a same-day registration or no registration state and did not or could not register ahead of time.
Cryptographic process of transforming data (called “plaintext”) into a form (called “ciphertext”) that conceals the data’s original meaning to prevent it from being known or used. Encryption provides confidentiality protection.
Approval by a political party, for example, as the candidate that the party fields in a particular contest or as the candidate that should receive straight party votes. In some states, more than one party may endorse a candidate or contest option.
An alternative visual display format supporting personal choices such as text size, color contrast, and preferred language.
Coding system that allows data being read or transmitted to be checked for errors and, when detected, corrects those errors.
Ratio of the number of errors that occur to the volume of data processed.
An attack on a system where the attacker is using some means to bypass security controls in order to attain a higher privilege level on the target system.
Refers to processing a ranked choice voting contest on a cast ballot, when that ballot becomes inactive and cannot be advanced in the tabulation for a contest because there are no further valid rankings on the ballot for continuing contest options.
Mark that falls wholly or partially inside a contest option position.
A text-based language used to organize and present information on the World Wide Web.
A mark on a paper ballot that appears to be unrelated to the act of indicating a voter’s selection. Examples include: a mark made unintentionally by a voter that is obviously not related to making a selection; a hesitation mark, a dot within or outside of the contest option position made by resting a pen or pencil on the ballot; written notes or identifying information not related to indication of the voter’s selection; or printing defects.
Looking at voting system reliability, a failure is an event that results in:
Ratio of the number of failures that occur to the volume of data processed.
Flaw in design or implementation that may result in the qualities or behavior of the voting system deviating from the qualities or behavior that are anticipated, including those specified in the VVSG or in manufacturer-provided documentation.
Standards for federal computer systems developed by NIST. These standards are developed when there are no existing industry standards to address federal requirements for system interoperability, portability of data and software, and computer security.
(n) Result of a formal evaluation by a test lab or accredited expert.
A gateway system designed to prevent unauthorized access to a private network or intranet that is connected to the internet. A firewall can be implemented in either hardware or software, or a combination of both.
A specific class of software encoded directly into a hardware device that controls its defined functions and provides the low-level control for the computer’s specific hardware (such as the firmware that initially boots an operating system).
Exhaustive verification of every system function and combination of functions cited in the manufacturer’s documentation. The FCA verifies the accuracy and completeness of the system’s Voter Manual, Operations Procedures, Maintenance Procedures, and Diagnostic Testing Procedures.
Test performed to verify or validate the accomplishment of one or more functions.
A system designed to capture, store, manipulate, analyze, manage, and present all types of spatial or geographical data. GIS systems are used to validate voting district boundaries and may be integrated with the voter registration system.
Counting ballot sheets and/or selections on ballot sheets by human examination.
The physical, tangible, mechanical, or electromechanical components of a system.
Act passed by the U.S. Congress in 2002 to make sweeping reforms to the nation’s voting process. HAVA addresses improvements to voting systems and voter access that were identified following the 2000 election.
Statement by a manufacturer indicating the capabilities, features, and optional functions as well as extensions that have been implemented.
implementation conformance statement
Voting that occurs in an official location under the supervision of election workers.
Without assistance from an election worker or other person.
The mechanism by which a selection for a specific contest option automatically selects other linked contest options. An example is a straight party selection that causes indirect selections for all contest options of the identified party.
Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide integrity, confidentiality, and availability.
Examination of a product design, product, process, or installation and determination of its conformity with specific requirements.
Activities involving handling of cryptographic keys and other related security parameters (such as passwords) during the entire life cycle of the keys, including their generation, storage, establishment, entry and output, zeroization, and revocation.
Systems engineering concept that identifies the phases that a system passes through, from concept to retirement. There are different concerns and activities associated with each phase of the life cycle.
Equipment and system readiness tests whose purpose is to detect malfunctioning devices and improper election-specific setup before the equipment or systems are used in an election. Election officials conduct L&A tests prior to the start of an election as part of the process of setting up the system and the devices for an election according to jurisdiction practices and conforming to any state laws.
Condition signifying that, for a given input, a computer program will satisfy the program specification and produce the required output.
A vote variation which requires the winning candidate to receive more than half of the votes cast. If no candidate wins an outright majority, a runoff election may be held between the top two vote-getters.
Software or firmware intended to perform an unauthorized process that will have adverse impact on the confidentiality, integrity, or availability of a system. For example, a virus, worm, Trojan horse, or other code-based entity that infects a host. Spyware and some forms of adware are also examples of malware.
Entity with ownership and control over a voting system submitted for testing.
An intentional mark in a contest selection position of a paper ballot that does not meet the requirements for a reliably detectable selection, and therefore requires human adjudication. A marginal mark may be determined to indicate a selection, depending on state law.
A member of a uniformed service in active service, including army, navy, air force, marine corps, coast guard and merchant marine, and their spouses and dependents.
Ratio of the misfeed total to the total ballot volume.
A structural unit of a software program that serves a specific function for the program or that serves to make the program modular in structure for the purposes of easier understanding and maintenance.
Authentication mechanism requiring two or more of the following:
Vote variation in which the voter is entitled to allocate a fixed number of votes (N) over a list of M contest options or write-in options, with the constraint that at most 1 vote may be allocated to a given contest option. This usually occurs when multiple seats are concurrently being filled in a governing body such as a city council or school board where candidates contend for at-large seats. The voter is not obliged to allocate all N votes. 1-of-M is N-of-M voting where N = 1.
Federal organization tasked with assisting in the development of voting system standards. NIST develops and maintains standards for a wide array of technologies. NIST scientists assist the EAC in developing testable standards for voting systems.
Memory in which information can be stored indefinitely with no external power applied.
Document providing further guidance and explanation on the requirements and procedures of the EAC’s Voting System Certification or Voting System Testing Lab (VSTL) programs. NOCs may be issued in response to a clarification request from a Voting System Test Lab or an EAC registered manufacturer. EAC may also issue NOCs when it determines general clarifications are necessary.
Operational test conducted on voting devices during an election by real voters to establish confidence that the voter verifiable paper record is produced correctly when assistive technology is used. Devices subjected to observational testing are used for normal collection of votes; the votes collected are included in the election tally.
A position established by law with certain associated rights and duties.
Partisan primary election in which the voter may choose a political party at the time of voting and vote in party-specific contests associated with that party, along with non-party-specific contests presented at the same election. Some states require voters to publicly declare their choice of party at the polling place, after which the election worker provides or activates the appropriate ballot. Other states allow the voters to make their choice of party within the privacy of the voting booth.
Computer software with its source code (human readable code) made available with a license in which the copyright holder provides the rights to study, change, and distribute the software to anyone and for any purpose. Open source software may:
A U.S. citizen who is living outside of the United States and is eligible to vote in their last place of residence in the United States.
A single piece of paper that forms part of a paper ballot. Paper ballots may contain multiple sheets.
Contest where eligibility to vote in that contest is restricted based on political party affiliation or lack of any affiliation. The affiliation might be the registered affiliation of the voter or it might be an affiliation declared at the time of voting.
Selecting contest options across multiple contests in a predetermined pattern intending to signal one’s identity to someone else. The possibility of pattern voting can be an issue for publishing Cast Vote Records (CVR) because it may compromise voter privacy if there are enough selections in each published CVR to make it likely a selection pattern might be unique.
An evaluation method that enables researchers to search for vulnerabilities in a system.
Any information about an individual maintained by an agency, including:
Inspection by a voting system test lab (VSTL) that compares the voting system components submitted for certification testing to the manufacturer’s technical documentation and confirms that the documentation submitted meets the national certification requirements. Includes witnessing the executable system being built to ensure that the certified release is built from the tested components.
Physical address of a polling place.
A property of a voting system that is designed and deployed to enable voters to obtain a ballot, and mark, verify, and cast it without revealing their ballot selections or selections of language, display and interaction modes to anyone else. This does not preclude the ability of a voter to request assistance under state law.
The secret part of an asymmetric key pair that is typically used to digitally sign or decrypt data.
Standard that specifies requirements to be fulfilled by a product or a group of products, to confirm it can perform its intended task.
A vote variation used in multi-seat contests where the votes allowed in the contest are distributed to the selected candidates proportionally depending on the number of selections. This may result in candidates receiving fractional votes.
Public part of an asymmetric key pair that is typically used to verify digital signatures or encrypt data.
A set of roles, policies, and procedures used to establish greater trust in the authenticity of a digital certificate and for use in creating, managing, distributing, using, storing, and revoking digital certificates.
An optical, 2-D machine-readable representation of data that conform to the accepted standard.
Quick Response code
instant run-off voting,
Cast ballot that has been successfully accepted and initially processed.
Vote variation that allows voters to remove elected representatives from office before their terms of office expire. The recall may involve not only the question of whether a particular officer should be removed, but also the question of naming a successor in the event that there is an affirmative vote for the recall.
Recorded ballot that can be individually retrieved and included or excluded from further processing.
Re-examination, and possibly retesting, of a voting system that was modified after being previously certified. The object of recertification is to determine if the system as modified still conforms to the requirements.
Self-contained, time-stamped, archival record, such as a printout or analogous electronic file that is produced at a specific time and subsequently protected from modification.
Ratio of the report total error to the report total volume.
The ability to recover gracefully from error conditions and unexpected circumstances. For example, manually marked paper preserves evidence of exceptions that can advise both adjudication and audit to achieve better interpretation of original voter intent.
The process of identifying the risks to system security and determining the probability of occurrence, the resulting impact, and safeguards that would mitigate this impact.
Post-election tabulation audit procedure for checking a sample of ballots (or voter verifiable records) that is guaranteed to have a large, pre-specified chance of correcting the reported outcome if the reported outcome is wrong (that is, if a full hand-count would reveal an outcome different from the reported outcome).
Election to select a winner following a primary election or a general election, in which no candidate in the contest received the required minimum percentage of the votes cast. The two candidates receiving the most votes for the contest in question proceed to a runoff election.
An inquiry into the potential existence of security flaws in a voting system. Includes an analysis of the system’s software, firmware, and hardware, as well as the procedures associated with system development, deployment, operation, and management.
Management, operational, and technical controls (that is, safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information.
A metric associated with the amount of work (that is, the number of operations) that is required to break a cryptographic algorithm or system.
Human readable computer instructions that, when compiled or interpreted, define the functionality of a programmed device. Source code can be written by humans or by computers.
A targeted attack by hackers, using bogus emails, that attempts to get the victim to provide login information or personal information to the hackers. Spear Phishing attempts may appear to originate from legitimate, known sources, such as organizational IT or known vendors.
A document that provides requirements, specifications, guidelines, or characteristics that can be used consistently to ensure that materials, products, processes, and services are fit for their purpose.
Explicit voter selection that overrides or supplements the vote selections made by a straight party voting option. Straight party overrides may be subject to state election rules for how they work or whether they are allowed.
The portion of a street between two consecutive cross streets that can be assigned to a precinct.
Software that aids in developing, maintaining, or using other software, for example, compilers, loaders and other utilities.
secret key cryptography
Administrative unit that is the entire scope within which the voting system is used (for example, a county). The system extent corresponds to the top-level reporting context for which the system generates reports.
Inductive coil used in some hearing aids to allow reception of an audio band magnetic field signal instead of an acoustic signal. The magnetic or inductive mode of reception is commonly used in conjunction with telephones, auditorium loop systems, and other systems that provide the required magnetic field output.
Process of totaling votes.
Tactile controls are discernable or perceptible by touch using hands, feet, or other parts of the body. (Does not include touch screens.) Dual switches are a form of tactile controls that can be used by voters with minimal use of their hands.
Procedure used to determine one or more characteristics of a given product, process, or service according to a specified procedure for conformity assessment. A test may be an operational test or a non-operating test (for example, an inspection).
Specified technical procedure for performing a test, procedures by which tests are derived, or a combination of these.
Document created prior to testing that outlines the scope and nature of testing, items to be tested, test approach, resources needed to perform testing, test tasks, risks, and schedule.
Implementation of a set of operational tests for a particular object (such as a specific voting system) or class of objects (such as all voting systems that can interpret the language in which the test data are expressed).
Software, firmware, or hardwired logic that is neither application logic nor COTS. This includes, for example, general-purpose software developed by a third party that is either customized (for example, ported to a new platform, as is Windows Embedded Compact), not widely used, or source-code generated by a COTS package.
Something a user possesses and controls, typically a key or password, that is used to authenticate an identity.
An urban area that has a name, defined boundaries, and local government, and that is generally larger than a village and smaller than a city. Term used in New England, New York, and Wisconsin to refer to the equivalent of the civil township in these states.
A widely used unit of local government in the United States, subordinate to a county, with some form of local government for which it generally conducts elections.
Occurs when the number of voter selections in a contest is less than the maximum number allowed for that contest or when no selection is made. The number of undervotes is equal to the number of votes lost, for example, if one selection is made in a vote for 3 out of 5 candidates contest, the number of undervotes or votes lost is two.
An overseas voter or an active duty member of the U.S. military, either within or outside the United States, including any accompanying spouse and family members who are eligible to vote in their last place of residence in the United States. The Uniformed and Overseas Citizens Absentee Voting Act is commonly referred to as UOCAVA.
Effectiveness, efficiency, and satisfaction with which a specified set of users can achieve a specified set of tasks in a particular environment. Usability in the context of voting refers to voters being able to cast valid votes as they intended quickly, without errors, and with confidence that their contest selections were recorded correctly. It also refers to the usability of the setup and operation of voting equipment in the polling place.
See contest option vote.
Process of evaluating a system or component during or at the end of the development process to determine whether it satisfies specified requirements.
A display format in which contest options and other information are displayed on screen or paper for perception using sight.
Indication of support for a particular contest option.
Voting style or feature, including but not limited to the following: approval voting, baseline voting, cumulative voting, N-of-M voting, proportional voting, ranked choice voting, score voting and super majority voting.
Method of voting by which eligible voters are mailed ballots and information packets by the local election jurisdiction. Voters may be able to return their marked ballots by mail, bring them to an election office, or drop them off in secure drop boxes.
A standard for counting ballots that aims to ensure that ballots are counted in accordance with the goals of the voter, using written rules for both human processes and machine algorithms to ensure that all ballots marked in a similar way are counted in the same way.
An electronic voting device that:
precinct-count optical scanner
Entire array of procedures, people, resources, equipment, and locations associated with conducting elections.
The executable code and associated configuration files needed for the proper operation of the voting system.
Privately owned testing laboratories that test voting systems (and other election systems) for conformance to the Voluntary Voting System Guidelines (VVSG) or to other requirements, including individual state requirements. VSTLs are periodically reviewed for conformance to National Voluntary Laboratory Accreditation Program (NVLAP) administered by the National Institute for Standards and Technology (NIST).
A wireless networking technology that uses radio waves to provide high-speed Internet network connections.
A network that connects computers across metropolitan, regional, and national boundaries. The internet is an example of a WAN.
Connectivity using electro-magnetic waves instead of wire connections.
A type of contest option that allows a voter to specify a candidate, usually not already listed as a contest option. Depending on election jurisdiction rules, in some cases only previously approved names will be considered as valid write-in contest selections.