California Lawmakers Clear Bill to Create Election Security Office

Gov. Jerry Brown will now decide whether the legislation to create a special cybersecurity team within the Secretary of State’s Office will become law.

by Samantha Young / August 16, 2018
Shutterstock

If there’s false or misleading information circulating about California’s voting system, the state’s registered voters could get an email warning them about it in November.

It’s part of the new authority lawmakers have given the California Secretary of State’s Office as part of its stepped-up cybersecurity mission.

AB 3075 cleared its final legislative hurdle Monday when the state Assembly voted 57-19 to create the Office of Elections Cybersecurity within the Secretary of State’s Office. The bill codifies into law a new cybersecurity office that lawmakers set aside $2 million for in the fiscal 2017-18 state budget. It now heads to Gov. Jerry Brown’s desk for his signature, and assuming he signs it, state election officials say it will be staffed before the November elections.

Under the bill, the cybersecurity office will have three employees responsible for combating potential cyberattacks, as well as coordinating with federal, state and local agencies to share information and develop best practices to protect against threats to election security.

The office will also monitor social media websites and rebut misleading information intended to suppress voter participation or disrupt the vote — a key priority of Democratic lawmakers angered by reports that Russian hackers sought to subvert the 2016 presidential election.

“The Secretary of State has never had marketing dollars,” Deputy Secretary of State Jesse Melgar told Techwire. “It’s the first time we will have a budget to promote good information and link to Secretary of State websites.”

The bill drew little debate, but a bloc of lawmakers voted no after one Republican lawmaker questioned whether the Secretary of State's Office, led by an elected official, should be allowed to run a “campaign-orientated communication” process as part of state elections.

“Protecting our elections from hacking is important; however, adding this new government agency to do so is not,” Assemblyman Matthew Harper, R-Huntington Beach, argued during the floor debate. “We do not need to add to the bureaucracy to protect our election system. We should not give the Secretary of State the authority to decide subjectively what is false or misleading information in the election.”

Although there has been no evidence that California’s election systems have been tampered with, Secretary of State Alex Padilla, who supports the bill, says California’s cyberdefenses must become more sophisticated.

“It’s no longer just securing voting machines,” Padilla told a DefCon security conference in Las Vegas on Friday. “It’s also state and county databases and even the information voters are consuming.”

California lawmakers this summer also set aside $134 million in the state budget for counties to modernize aging voting equipment, as well as $1 million to create the Office of Enterprise Risk Management, which will be staffed with three cybersecurity IT employees.

This story was originally published by Techwire.