29A.12 - Voting systems.

29A.12.005 - "Voting system."

As used in this chapter, "voting system" means:

  1. The total combination of mechanical, electromechanical, or electronic equipment including, but not limited to, the software, firmware, and documentation required to program, control, and support the equipment, that is used:

    1. To define ballots;

    2. To cast and count votes;

    3. To report or display election results from the voting system;

    4. To maintain and produce any audit trail information; and

    5. To perform an audit under RCW 29A.60.185; and

  2. The practices and associated documentation used:

    1. To identify system components and versions of such components;

    2. To test the system during its development and maintenance;

    3. To maintain records of system errors and defects;

    4. To determine specific system changes to be made to a system after the initial qualification of the system; and

    5. To make available any materials to the voter such as notices, instructions, forms, or paper ballots.

[ 2018 c 218 § 5; 2013 c 11 § 21; 2004 c 267 § 601; ]

29A.12.010 - Authority for use.

At any primary or election in any county, votes may be cast, registered, recorded, or counted by means of voting systems that have been approved under RCW 29A.12.020.

[ 2003 c 111 § 301; 1990 c 59 § 17; 1967 ex.s. c 109 § 12; 1965 c 9 § 29.33.020; prior: 1913 c 58 § 1, part; RRS § 5300, part. 1913 c 58 § 18; RRS § 5318; ]

29A.12.020 - Inspection and test by secretary of state—Report.

The state auditor shall inspect, evaluate, and publicly test all voting systems or components of voting systems that are submitted for review . The state auditor shall determine whether the voting systems conform with all of the requirements of this title, the applicable rules adopted in accordance with this title, and with the most current version of the best practices for securing election systems as established and published by the federal cybersecurity and infrastructure security agency. The state auditor must issue a report within 30 days providing details of this review, that includes the state auditor's findings and recommendations. The state auditor shall transmit a copy of the report of any examination under this section, within thirty days after completing the examination, to the secretary of state and the county auditor of each county.

29A.12.030 - Submitting system or component for examination.

The manufacturer or distributor of a voting system or component of a voting system may submit that system or component to the state auditor for examination .

29A.12.040 - Independent evaluation.

The state auditor may contract with experts in software, hardware, network, cybersecurity, mechanical**,** or electrical engineering or data processing to assist in examining a voting system or component. The manufacturer or distributor who has submitted a voting system for testing shall pay the state auditor a deposit to reimburse the cost of any contract for consultation under this section and for any other unrecoverable costs associated with the examination of a voting system or component by the manufacturer or distributor who submitted the voting system or component for examination.

29A.12.050 - Approval required—Modification.

If voting systems or devices or vote tallying systems are to be used for conducting a primary or election, only those that have the approval of the secretary of state or had been approved under this chapter or the former chapter 29.34 RCW before March 22, 1982, may be used. Any modification, change, or improvement to any voting system or component of a system that does not impair its accuracy, efficiency, or capacity or extend its function, may be made without reexamination or reapproval by the secretary of state under RCW 29A.12.020.

[ 2003 c 111 § 305; 1990 c 59 § 21; 1982 c 40 § 4; ]

29A.12.060 - Maintenance and operation.

The county auditor of a county in which voting systems are used is responsible for the preparation, maintenance, and operation of those systems and may employ and direct persons to perform some or all of these functions.

[ 2003 c 111 § 306; 1990 c 59 s 22; 1965 c 9 § 29.33.130; prior: 1955 c 323 § 2; prior: 1935 c 85 § 1, part; 1919 c 163 § 23, part; 1915 c 114 § 5, part; 1913 c 58 § 10, part; RRS § 5309, part; ]

29A.12.070 - Acceptance and vulnerability tests.

An agreement to purchase or lease a voting system or a component of a voting system is subject to that system or component passing:

  1. An acceptance test sufficient to demonstrate that the equipment is the same as that certified by the state auditor and that the equipment is operating correctly as delivered to the county; and

  2. A logic and accuracy test and vulnerability test conducted by an independent private sector vendor certified by the federal cybersecurity and infrastructure security agency, separate from the manufacturer or distributor of the system being tested, with participation by the state auditor and local elections officials.

29A.12.080 - Requirements for approval.

No voting device shall be approved by the state auditor unless it passes a logic and accuracy test, vulnerability test, and:

  1. Secures to the voter secrecy in the act of voting;

  2. Remains disconnected from the internet and other mechanisms that could allow remote access to the voting systems or network;

  3. Permits the voter to vote for any person for any office and upon any measure that he or she has the right to vote for;

  4. Correctly registers all votes cast for any and all persons and for or against any and all measures; and

  5. Has been tested and certified by an independent private sector vendor certified by the federal cybersecurity and infrastructure security agency separate from the manufacturer or distributor of the system being tested, with participation by the state auditor and local elections officials. A county auditor has the authority to conduct an additional test and certification of the voting devices by an independent third party and have the cost reimbursed by the secretary of state.

29A.12.085 - Paper record.

Beginning on January 1, 2006, all direct recording electronic voting devices must produce a paper record of each vote that may be accepted or rejected by the voter before finalizing his or her vote. This record may not be removed from the voting center, and must be human readable without an interface and machine readable for counting purposes. If the device is programmed to display the ballot in multiple languages, the paper record produced must be printed in the language used by the voter. Rejected records must either be destroyed or marked in order to clearly identify the record as rejected. Paper records produced by direct recording electronic voting devices are subject to all the requirements of chapter 29A.60 RCW for ballot handling, preservation, reconciliation, transit, and storage. The paper records must be preserved in the same manner and for the same period of time as ballots.

[ 2011 c 10 § 22; 2005 c 242 § 1; ]

29A.12.101 - Requirements of tallying systems for approval.

  1. The state auditor shall not approve a vote tallying system unless it:

    1. Correctly counts votes on ballots ;

    2. Ignores votes marked for any office or issue where more than the allowable number of votes have been marked, but correctly counts the properly voted portions of the ballot;

    3. Accumulates a count of the specific number of ballots tallied for each precinct, total votes by candidate for each office, and total votes for and against each issue of the ballot in that precinct;

    4. Produces precinct and cumulative totals in printed form; and

    5. Has been tested and certified by an independent private sector vendor certified by the federal cybersecurity and infrastructure security agency, separate from the manufacturer or distributor of the system being tested.

  2. The state auditor shall inspect, evaluate, and publicly test all voting systems or components of voting systems that are submitted for review. The state auditor shall determine whether the voting systems conform with all of the requirements of this title, the applicable rules adopted in accordance with this title, and with the most current version of the best practices for securing election systems as established and published by the federal cybersecurity and infrastructure security agency.

29A.12.110 - Record of programming—Devices sealed.

In preparing a voting device for a primary or election, a record shall be made of the programming installed in each device. Except where provided by a rule adopted under RCW 29A.04.611, after being prepared for a primary or election, each device shall be sealed with a uniquely numbered seal. The programmed memory pack for each voting device must be sealed into the device during final preparation and logic and accuracy testing. Except in the case of a device breakdown or error in programming, the memory pack must remain sealed in the device until after 8:00 p.m. on the day of the primary, special election, or general election.

[ 2011 c 10 § 23; 2003 c 111 § 311; 1990 c 59 § 25; ]

29A.12.120 - Counting center personnel—Instruction, requirements.

  1. Before each state primary or general election at which voting systems are to be used, the county auditor shall instruct all counting center personnel who will operate a voting system in the proper conduct of their voting system duties.

  2. The county auditor may waive instructional requirements for counting center personnel who have previously received instruction and who have served for a sufficient length of time to be fully qualified to perform their duties. The county auditor shall keep a record of each person who has received instruction and is qualified to serve at the subsequent primary or election.

  3. No person may operate a voting system in a counting center at a primary or election unless that person has received the required instruction and is qualified to perform his or her duties in connection with the handling and tallying of ballots for that primary or election.

[ 2013 c 11 § 23; 2011 c 10 § 24; 2003 c 111 § 312; 1990 c 59 § 29; 1977 ex.s. c 361 § 69; ]

29A.12.130 - Tallying systems—Programming tests.

At least three days before each state primary or general election, the office of the state auditor shall provide for the conduct of tests of the programming for each vote tallying system to be used at that primary or general election. The test must verify that the system will correctly count the vote cast for all candidates and on all measures appearing on the ballot at that primary or general election. The test shall verify the capability of the vote tallying system to perform all of the functions that can reasonably be expected to occur during conduct of that particular primary or election. If any error is detected, the cause shall be determined and corrected, and an errorless total must be produced before the primary or election.

Such tests must be observed by at least two representatives from each major political party and must be open to candidates, the press, and the public. The county auditor and any political party observers shall certify that the test has been conducted in accordance with this section. Copies of this certification shall be retained by the secretary of state**, the state auditor,** and the county auditor. All programming materials, test results, and test ballots must be made available for audit under section 2 of this act.

29A.12.140 - Operating procedures.

The state auditor may publish recommended procedures for the operation of the various vote tallying systems that have been approved. These procedures allow the office of the state auditor to restrict or define the use of approved systems in elections.

29A.12.150 - Recording requirements.

The state auditor shall not certify under this title any voting device or machine for use in conducting a primary or general or special election in this state unless the device or machine correctly records on a separate ballot the votes cast by each elector for any person and for or against any measure and such separate ballots are available for audit purposes after such a primary or election.

29A.12.160 - Blind or visually impaired voter accessibility.

  1. At each voting center, at least one voting unit certified by the state auditor shall provide access to individuals who are blind or visually impaired.

  2. For purposes of this section, the following definitions apply:

    1. "Accessible" includes receiving, using, selecting, and manipulating voter data and controls.

    2. "Nonvisual" includes synthesized speech, Braille, and other output methods.

    3. "Blind and visually impaired" excludes persons who are both deaf and blind.

29A.12.180 - Disclosure of security breaches by manufacturer or distributor.

  1. A manufacturer or distributor of a voting system or component of a voting system that is certified by the state auditor shall disclose to the state election audit board in the case of a general election, secretary of state , state auditor, attorney general**, and county auditors of counties affected,** any breach of the security of its system immediately following discovery of the breach if:

    1. The breach has, or is reasonably likely to have, compromised the security, confidentiality, or integrity of an election in the state or nation; or

    2. Personal information of residents in any state was, or is reasonably believed to have been, acquired by an unauthorized person as a result of the breach and the personal information was not secured. For purposes of this subsection, "personal information" has the meaning given in RCW 19.255.010.

  2. Notification under subsection (1) of this section must be made in the most expedient time possible and without unreasonable delay.

29A.12.190 - Decertification.

  1. The state auditor may decertify a voting system or any component of a voting system and withdraw authority for its future use or sale in the state if, at any time after certification, the state auditor determines that:

    1. The system or component fails to meet the standards set forth in applicable federal cybersecurity and infrastructure security agency standards;

    2. The system or component was materially misrepresented in the certification application;

    3. The applicant has installed unauthorized modifications to the certified software or hardware; or

    4. There is a legitimate concern that a system or component would compromise the security of elections in the state. The state auditor shall submit a written report of the concerns to the state election audit board during a general election, secretary of state, and county auditors of affected counties. The secretary of state and state auditor shall post a working link to the state auditor's report on their respective websites. The link must be predominantly displayed on the top one-third of the website.

  2. The state auditor may decertify a voting system or any component of a voting system and withdraw authority for its future use or sale in the state if the manufacturer or distributor of the voting system or component thereof fails to notify the secretary of state and state auditor of any security breach in accordance with the notification requirements in RCW 29A.12.180.

29A.12.200 - Security breach identification and reporting.

  1. The secretary of state and state auditor must annually consult with the state chief information officer and each county auditor to identify instances of security breaches of election systems or election data.

  2. To the extent possible, the secretary of state and state auditor must identify whether the source of a security breach, if any, is a foreign entity, domestic entity, or both.

  3. By December 31st of each year, the state auditor with the consultation of the secretary of state must submit a report to the state election audit board for the general election of the current year, governor, state chief information officer, and the chairs and ranking members of the appropriate legislative committees from the senate and house of representatives that includes information on any instances of security breaches identified under subsection (1) of this section and options to increase the security of the election systems and election data, and to prevent future security breaches. The report, and any related material, data, or information provided pursuant to subsection (1) of this section or used to assemble the report, may only be distributed to, or otherwise shared with, the individuals specifically mentioned in this subsection (3), as well as county auditors for audit purposes, and an independent private sector vendor certified by the federal cybersecurity agency separate from the manufacturer or distributer of the voting system being used in the current election.

  4. For the purposes of this section:

    1. "Foreign entity" means an entity that is not organized or formed under the laws of the United States, or a person who is not domiciled in the United States or a citizen of the United States.

    2. "Security breach" means a breach of the election system or associated data where the system or associated data has been penetrated, accessed, or manipulated by an unauthorized person.

29A.12.XXX - TBD

**

  1. [Empty]

    1. The county auditor shall capture a forensic image of all voting systems used in a primary, special election, or general election and retain the image for at least 22 months after certification of the primary, special election, or general election. Forensic images must be captured using current industry best practices, including best practices around the use of technology such as write-blocking technology to prevent future alteration of the drive contents captured in the forensic image.

    2. A forensic image must be captured:

      1. Immediately before the special election, primary, or general election ballot scanning process begins;

      2. After all special election, primary, or general election ballots have been processed and tallied but before certification of the special election, primary, or general election; and

      3. No later than 24 hours after certification of the special election, primary, or general election.

  2. The forensic image must be created using write-blocking technology, or more advanced technology if available, to prevent future alteration of the drive contents captured in the forensic image.

  3. Software upgrades to voting systems are prohibited beginning 30 days prior to the special election, primary, or general election, and ending 90 days after certification of the special election, primary, or general election.

  4. A full forensic audit of the forensic images must be conducted in accordance with section 2 of this act.

  5. As used in this section:

    1. "Forensic image" means a copy of unaltered electronic information capturing all the ones and zeros and all the data contained on any and all devices, including but not limited to: Networking, analyzing, monitoring, storage to include all types of internal and external or data devices, routing, switching, and firewall devices, that are involved in any way with the process of an election. A forensic image must capture the deleted space on the drive and account for any recent formatting, deleted files or data, hidden files or data, and file or data fragments.

    2. "Voting system" has the same meaning as in RCW 29A.12.005.

[ 2021 c XXX § 5; ]**

29A.12.XXX - TBD

** The secretary of state and state auditor shall ensure that election practices within the state adhere to the most current version of the best practices for securing election systems as established and published by the federal cybersecurity and infrastructure security agency and to the state auditor's recommendations. The state auditor must review and verify that these published best practices have been used and these standards have been properly met.

[ 2021 c XXX § 26; ]**

Created by @tannewt. Contribute on GitHub.