OLYMPIA — Secretary of State Kim Wyman’s election-security legislation, Senate Bill 6412, received a hearing in the Senate State Government, Tribal Relations and Elections Committee recently.

The bill aims to bolster election security on four fronts — eliminate cyber threats by removing risky electronic ballot-return methods, improve third-party ballot collection, provide post-election security through statistical audits, and appropriate $1.8 million in order to draw nearly $9 million in federal matching funds to augment security. Sen. Hans Zeiger, R-Puyallup, is sponsoring the bill.

“These critical election security improvements cannot wait. Cyber criminals are relentless, and in this upcoming, momentous election cycle, voters need to have confidence that our systems are secure and their information will remain protected,” said Wyman. “The race to secure our elections has no finish line, but Senate Bill 6412 propels elections officials in the right direction for 2020 and beyond.”

Testifying in support of the bill was Kirstin Mueller, election-security issue chair for the League of Women Voters of Washington.

“Over the last few years, detailed cybersecurity reports have been released, outlining what each state can do to improve the security of their elections. These reports have many recommendations in common – ensure a secure chain of custody of voted ballots, require paper ballots that voters have marked by hand or with the use of an assistive device, perform statistically based post-election audits that can catch and correct incorrect election outcomes, and keep all elements of voting and tabulation away from the internet. This legislation improves Washington’s election security in all of these critical areas,” Mueller said. “We believe this bill provides the right balance of access and security, and it protects organizations like the League, who want to help, by providing a way to track ballots.”

An element of the bill garnering attention is the attempt to rollback electronic ballot return methods for military and overseas voters. With King Conservation District and a couple of Washington counties exploring vote-by-app and other electronic return methods, Wyman said the time has come to heed warnings from trusted cyber experts and remove vulnerabilities that exist with electronic return.

“I have yet to meet a cybersecurity expert, including those with the Department of Homeland Security, the Washington National Guard, Microsoft, and others, who believe electronic ballot return is a good idea,” said Wyman. “As an election official who is entrusted to keep our infrastructure and voter information secure, I cannot in good conscience ignore their advice.”

Voters covered by the federal Uniformed and Overseas Citizens Absentee Voting Act (UOCAVA) are mailed a paper ballot to their military or overseas address at least 45 days before the election. They can also download and print a ballot beginning 45 days before an election and place it in the mail. Special absentee ballots are available for UOCAVA voters 90 days before an election, when required. Since UOCAVA ballots can be counted up until the very end of the election, Washington’s UOCAVA voters are provided with more than nine weeks to print their ballots, make their choices, and return them via mail to county election officials.

Josh Benaloh, the senior principal cryptographer at Microsoft Research, also testified in support of the bill, noting the critical nature of protecting ballots from cyber intrusion.

Benaloh, who works on the company’s Defending Democracy Program, has dedicated much of his research to election integrity. In addition to his 1987 doctoral dissertation, titled “Verifiable Secret-Ballot Elections,” Benaloh’s work has been published in a variety of academic publications, including the National Academies of Science, Engineering, and Medicine 2018 report, “Securing the Vote – Protecting American Democracy,” and a 2015 U.S. Vote Foundation report on end-to-end verifiable internet voting.

“Internet voting without the safeguards [described in these reports], which is what we’re seeing right now in King Conservation District, is the least secure, most vulnerable form of voting in current use with one exception – ballot return by email or fax. In all of these cases, the contents of ballots can be changed by malware on a voter’s device or on the receiving end, but in the case of email and fax, ballots can also be altered in transmission. It is very likely that altered ballots will never be detected by voters or elections officials. People will never know,” he said.

The Secretary of State’s Office does not have the authority to oversee conservation district elections as they are governed under a statute separate from the secretary of state’s purview.