WA bill gives elections access to nonprofit that aided in social media suppression

The Washington State Legislature has enacted a bill forcing county election officials to provide unrestricted system access to a New York state-based nonprofit that aided government agencies in coordinated social media suppression efforts with other states regarding election and COVID-19 “misinformation.”

“Most troubling is that that it sits and operates outside of our firewall,” Grant County Director of Central Services Tom Gaines said at a Feb. 14 public hearing. “We have no idea what it does, except what they tell us. It may be benign but the way it’s (the bill) been framed….only validates our concerns.”

Sponsored by Sen. Javier Valdez, D-Seattle, Senate Bill 5843 requires all 39 counties to use an operating system prescribed by the Secretary of State’s Office known as “Albert sensors” to detect cybersecurity threats. It cleared the Senate in a 46-3 vote on Feb. 2, but received more opposition during the House's Feb. 27 vote, with 58 in favor and 37 opposed.

Under the bill, county election officials would also be responsible for reporting to SOS any malicious activity or breach in security. Additionally, the bill gives SOS the authority to certify county election results if the county itself refuses to do so “without cause.”

The Albert sensor hardware, which would be required under the bill, is widely used in county elections offices across the country run by Democrats and Republicans alike. All but three counties in the state utilize it.

It's managed by the Center for Internet Security, a New York state-based nonprofit that receives federal funding and collaborates with both federal and state agencies. It also coordinated the Elections Infrastructure Information Sharing & Analysis Center. According to records acquired by the investigative outlet Arizona Capitol Oversight, the center was relaying censorship requests on behalf of the Arizona Secretary of State’s Office to social media platforms in response to posts about elections.

In 2023, a federal judge in Louisiana implicated CIS, the Biden administration and others in a "a role similar to an Orwellian ‘Ministry of Truth’" in a case regarding federal efforts to censor certain COVID-19 related content.

A proposed House amendment would have made CIS liable “for any malicious activity directly attributable to the intrusion detection system,” but it was rejected. Another proposed House amendment would have allowed counties the ability to choose from a variety of intrusion detection systems, but it was rejected, with Rep. Chris Sterns, D-Auburn saying it would “gut the bill” and “turn it into a study.”

Meanwhile, the bill calls for the removal from office any official who ”provides unauthorized access to a person or entity to physical locations or electronic or physical access to election software or hardware used in any element of conduct of an election.” A proposed amendment requiring the person be convicted first of committing the offense was rejected by the House.

“We deserve our day in court, not just one person being able to take us out of office,” Rep. Leonard Christian, R-Spokane Valley, told colleagues on the House floor.

Rep. Sharlett Mena, D-Tacoma, opposed the amendment claiming that existing state law already requires a conviction before removing a person from office. “We don’t need to fix what is not broken.”

Speaking in support of the bill on Feb. 27 prior to a Senate floor vote, Sen. Joe Nguyen, D-White Center, told colleagues that “I do believe our democracy stands at a crossroads. I think it’s [the bill] a very stark reminder of our democracy and how fragile it can be. Having a process and a mechanism in place to ensure we can protect our voters, our residents…is critical for the success of Washingtonians going forward.”

Testifying in support of the bill at a Feb. 14 public hearing in the House State Government & Tribal Affairs Committee, Assistant Secretary of State Kevin McMahan said that the bill ensures that if cyber attacks affect a county’s election system, SOS and the State Attorney General’s Office would be brought in “to put in additional layers of protection.”

Lincoln County Commissioner Rob Coffman told the State Government & Tribal Affairs Committee that “it may have good intentions but it’s simply bad legislation. Counties need to use services that allow them to maintain control over their data, who sees it, and where it goes.” He also said that in 2022 the county experienced a ransomware attack when they were still using Albert sensors, but CIS never reported the attack to them.

He added that liability for security breaches “must fall squarely on the state. If the state wishes to usurp that constitutional authority from counties…then that newly acquired authority must also come with some very board responsibilities.”