AN ACT Relating to security breaches of election systems or election data including by foreign entities; adding a new section to chapter 29A.12 RCW; and creating a new section.

NEW SECTION. Sec. 1. The legislature finds that public confidence in state elections systems and election data are of paramount consideration to the integrity of the voting process. The legislature also finds that recent events have revealed an intentional and persistent effort by foreign entities to influence election systems and other cyber networks. Therefore, the legislature intends to: Examine the state's electoral systems and processes in order to determine whether our election systems have been compromised; take appropriate measures to identify whether foreign entities were responsible for the intrusions; and restore the security and integrity of the state's digital infrastructure regarding elections.

(1) The secretary of state must annually consult with the attorney general, state chief information officer, and each county auditor to identify instances of security breaches of election systems or election data.

(2) To the extent possible, the secretary of state must identify whether the source of a security breach, if any, is a foreign entity, domestic entity, or both.

(3) By December 31st of each year, the secretary of state must submit a report to the governor, lieutenant governor, state chief information officer, attorney general, and the chairs and ranking members of the appropriate legislative committees from the senate and house of representatives that includes information on any instances of security breaches identified under subsection (1) of this section and options to increase the security of the election systems and election data, and to prevent future security breaches. The report, and any related material, data, or information provided pursuant to subsection (1) of this section or used to assemble the report, may only be distributed to, or otherwise shared with, the individuals specifically mentioned in this subsection (3).

(a) "Foreign entity" means an entity that is not organized or formed under the laws of the United States, or a person who is not domiciled in the United States or a citizen of the United States.

(ii) A breach of the election system or associated data where the system or associated data has been penetrated, accessed, or manipulated by an unauthorized person.