Voting Systems.
A "voting system" is the total combination of mechanical, electromechanical, or electronic equipment including the software, firmware, and documentation required to program, control, and support the equipment that is used to define ballots, cast and count votes, report or display election results, and maintain and produce any audit trail information. The Secretary of State (Secretary) must inspect, publicly test, and certify all voting systems, or components of a system, prior to its use in the state.
Voting System Security.
A manufacturer or distributor of a voting system or component that is certified by the Secretary must immediately disclose to the Secretary and Attorney General any breach of its system security if:
Voting System Security Reporting.
The Secretary must annually consult with the Washington State Fusion Center, the State Chief Information Officer, and each county auditor to identify instances of security breaches of election systems or data. The Secretary must identify whether the source of the breach is a foreign or domestic entity, to the extent possible. Each year, the Secretary must submit a report to the Governor, State Chief Information Officer, Washington State Fusion Center, and appropriate legislative committees that includes information on any security breaches and options to increase security of the election systems and prevent future breaches.
Shared Voter Registration System.
The Secretary maintains a centralized statewide voter registration list that is the official list of eligible voters for all elections in the state. Voter registration information received by each county auditor is electronically entered into the database.
Voting Centers.
County auditors must open a voting center for each primary, special election, and general election. Each voting center must provide, among other things, ballot materials and in-person voter registration.
No person may interfere with a voter attempting to vote in a voting center. Interference with a voter attempting to vote is punishable as a gross misdemeanor.
Any person who willfully defaces, removes, or destroys any supplies or materials that the person knows are intended for use in a voting center is guilty of a class C felony.
Any person who tampers with or damages or attempts to damage any voting machine or device, prevents the correct operation of a voting machine, or any unauthorized person who makes or has in his or her possession a key to a voting machine, is guilty of a class C felony.
Ballot Counting Observers.
Washington permits voting by mail. The county auditor or county canvassing board processes returned ballots. County auditors must request that observers be appointed by the major political parties to be present during the processing of ballots at the counting center.
Election Certification.
Ten days after a special election, 10 days after a presidential primary, 14 days after a primary, and 21 days after a general election, a county canvassing board must complete the canvass and certify the results. The county canvassing board must execute a certificate of the results of the election signed by all members of the board or their designee. Failure to certify the returns, if they can be ascertained with reasonable certainty, is punishable as a class C felony.
Election Staff.
Every person with election duties who willfully neglects or refuses to perform such duties, or who, in the performance of such duty, fraudulently violates any of the provisions of law relating to the duty is guilty of a class C felony and must forfeit the person's office.
Ballots.
A person who knowingly destroys, alters, defaces, conceals, or discards a completed voter registration form or signed ballot declaration is guilty of a gross misdemeanor. Any person who intentionally fails to return another person's completed voter registration form or signed ballot declaration to the proper state or county elections office by the applicable deadline is guilty of a gross misdemeanor.
Conviction of a Public Officer.
The conviction of a public officer of any felony or malfeasance in office requires, in addition to any other penalty imposed, the forfeiture of the individual's office. The individual is disqualified from holding any public office in the state.
Penalties.
Class C felonies may be subject to a prison sentence not to exceed five years, a fine not to exceed $10,000, or both. Gross misdemeanors may be subject to a prison sentence not to exceed 364 days, a fine not to exceed $5,000, or both.
Voting System Security.
Every county must install and maintain an intrusion detection system that passively monitors its voting system network at all times for malicious traffic and is supported by a qualified and trained security team with access to cyber-incident response personnel who can assist the county in the event of a malicious attack. The system must support the unique security requirements of state, local, tribal, and territorial governments and possess the ability to receive cyber intelligence threat updates to stay ahead of evolving attack patterns.
A county auditor or county information technology director participating in the shared voter registration system operated by the Secretary of State (Secretary) or operating a voting system that is certified by the Secretary must immediately disclose any malicious activity or information technology (IT) system security breach to the Secretary and Attorney General if:
Voting System Security Reporting.
For purposes of the Secretary of State's annual report on election security breaches, "domestic entity" is defined as an entity organized or formed under the laws of the United States, a person domiciled in the United States, or a citizen of the United States.
Certification of Election Results.
If the county canvassing board refuses to certify election results without cause, the Secretary of State may examine the records, ballots, and results of the election and certify the results of the election within two business days after the certification deadline.
Violations and Penalties.
Class C Felonies.
While observing the processing of ballots, observers may not touch any ballots, ballot materials, or election systems. Unauthorized physical contact or access to ballots or election systems is a violation punishable as a class C felony.
Any person who willfully defaces, removes, or destroys any supplies or materials that the person knows are intended for use in a voting center, election office, ballot counting area, ballot storage area, or election system including materials and systems meant for enabling a voter to prepare the voter's ballot is guilty of a class C felony.
Any person who willfully and without authority accesses or assists another person or entity with unauthorized access to a voting center, election office, ballot counting area, ballot storage area, or any election system, or provides unauthorized access to these locations to another person or entity, whether electronic or physical access, is guilty of a class C felony.
Any unauthorized person who accesses or assists another person or entity with unauthorized access to a voting center, election office, ballot counting area, ballot storage, or an election system, voting machine, or device to be used in a primary, special, or general election is guilty of a class C felony.
Every person charged with the performance of any duty under state or local election laws, who provides unauthorized access to a person or entity to physical locations or electronic or physical access to election software or hardware used in any element of conduct of an election is guilty of a class C felony and must forfeit their office.
Gross Misdemeanors.
No person may interfere with the operation of a voting center. Interference includes unauthorized access or handling of ballots and access to voting equipment or election systems. Unauthorized access includes access by elected officials and county staff in a manner not required by their job function. Interference with the operation of a voting center is punishable as a gross misdemeanor.
A person who knowingly destroys, alters, defaces, conceals, or discards a voted ballot is guilty of a gross misdemeanor. Any person who intentionally fails to return another person's voted ballot to the proper state or county elections office by the applicable deadline is guilty of a gross misdemeanor.
(In support) The Federal Bureau of Investigation and Cybersecurity and Infrastructure Security Agency recently reiterated to the Secretary of State that nation-states and criminals are trying to exploit state, local, tribal, and territorial government infrastructure. In the last six months, there have been many attacks. A passive sensor would notify a county of a breach and counties would have a team that could respond to an attack. The Secretary of State would know to put in additional levels of protection to protect VoteWA when attacks occur. The bill closes a loophole by addressing domestic attacks. The Secretary of State would be able to certify election results if a county refuses to certify an election without cause.
(Opposed) The bill would be mandating installation of the Albert sensor system and is targeting three counties. The requirement conflicts with county authority. Local governments are not inept and have professional expertise. Local governments choose systems that work best for their specific needs. Local information technology staff are the local experts. Counties should have control over their data and who see it. The state would need to create a new authority to have the Secretary of State prescribe these requirements. Local governments should not have liability if required to have certain security components. County security systems are secure and counties take data security seriously. There are many questions about the Albert system. Counties have limited information on what the Albert system does. Counties have to ask permission to make any changes under that system, which is an affront to local control. Counties look for innovative ways to make sure data is safe.
(In support) Kevin McMahan, Office of the Secretary of State.