skip to main content

H.R. 6073 (114th): Election Infrastructure and Security Promotion Act of 2016

The text of the bill below is as of Sep 20, 2016 (Introduced).

Source: GPO

I

114th CONGRESS

2d Session

H. R. 6073

IN THE HOUSE OF REPRESENTATIVES

September 20, 2016

(for himself, Mr. David Scott of Georgia, Mr. Honda, Mr. Cohen, Mr. Conyers, Mr. Rush, and Mr. Bishop of Georgia) introduced the following bill; which was referred to the Committee on House Administration, and in addition to the Committees on Science, Space, and Technology, and Homeland Security, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned

A BILL

To direct the Secretary of Homeland Security to conduct research and development to mitigate the consequences of threats to voting systems, to amend the Help America Vote Act of 2002 to require the voting systems used in elections for Federal office to comply with national standards developed by the National Institute of Standards and Technology for operational security and ballot verification, to establish programs to promote research in innovative voting system technologies, and for other purposes.

1.

Short title; table of contents

(a)

Short title

This Act may be cited as the Election Infrastructure and Security Promotion Act of 2016.

(b)

Table of contents

The table of contents of this Act is as follows:

Sec. 1. Short title; table of contents.

Title I—Election Infrastructure and Security

Sec. 101. Definition of critical infrastructure.

Sec. 102. Designation of voting systems as critical infrastructure.

Sec. 103. Voting system threat and research and development.

Title II—National Standards for Voting System Security

Sec. 201. Development of standards.

Sec. 202. Requiring States to comply with standards in administration of elections for Federal office.

Sec. 203. Incorporation of standards into certification and testing of voting systems.

Title III—National Standards for Transparency and Verification of Ballot Counting

Sec. 301. Development of standards.

Sec. 302. Requiring States to comply with standards in administration of elections for Federal office.

Title IV—Research and Development

Sec. 401. Innovative election technology research and development.

I

Election Infrastructure and Security

101.

Definition of critical infrastructure

In this title, the term critical infrastructure has the meaning given such term in section 1016 of the Critical Infrastructure Protection Act of 2001 (42 U.S.C. 5195c(e)).

102.

Designation of voting systems as critical infrastructure

The Secretary of Homeland Security, acting through the Assistant Secretary of the National Protection and Programs Directorate, shall—

(1)

designate voting systems used in the United States as critical infrastructure;

(2)

include threats of compromise, disruption, or destruction of voting systems in national planning scenarios; and

(3)

conduct a campaign to proactively educate local election officials about the designation of voting systems as critical infrastructure and election officials at all levels of government of voting system threats.

103.

Voting system threat and research and development

(a)

In general

In furtherance of local election official preparedness and response, the Secretary of Homeland Security, acting through the Under Secretary for Science and Technology, and in consultation with other relevant agencies and departments of the Federal Government and relevant State and local election official operators of election infrastructure, shall conduct research and development to mitigate the consequences of voting systems threats.

(b)

Scope

The scope of the research and development under subsection (a) shall include the following:

(1)

An objective scientific analysis of the risks to critical election infrastructures from a range of threats.

(2)

Determination of the voting system assets and infrastructures that are at risk from intrusion, compromise, disruption or destruction.

(3)

An evaluation of emergency planning and response technologies that would address the findings and recommendations of experts, including those of a Commission to Assess the Threat to the United States from election administration or voting system attack.

(4)

An analysis of technology options that are available to improve the resiliency of critical infrastructure to voting system threats.

(5)

The restoration and recovery capabilities of critical infrastructure under differing levels of damage and disruption.

(c)

Comprehensive plan

(1)

In general

The Secretary of Homeland Security shall prepare and submit to the Committee on Homeland Security of the House of Representatives and the Committee on Homeland Security and Governmental Affairs of the Senate a comprehensive plan to protect and prepare the critical infrastructure of the voting systems used in the United States against threats, including from acts of terrorism.

(2)

Plan requirements

The comprehensive plan shall—

(A)

be based on findings of the research and development conducted under subsection (a);

(B)

be developed in consultation with the relevant Federal sector-specific agencies (as defined under Homeland Security Presidential Directive for critical infrastructures); and

(C)

be developed in consultation with State and local election officials.

(3)

Updates

The Secretary shall update the plan required under this subsection biennially.

II

National Standards for Voting System Security

201.

Development of standards

(a)

Development

The Director of the National Institute of Standards and Technology shall develop standards for ensuring the operational security of the voting systems used in elections for Federal office, including the physical and cybersecurity of such systems and security requirements for the personnel who operate such systems.

(b)

Contents of Standards

In developing standards under this title, the Director shall ensure the following:

(1)

The standards shall set forth specific, evidence-based security requirements for the operation of each individual component of voting systems, including components for marking ballots, scanning ballots, aggregating vote tallies from vote counters, and electronic poll books.

(2)

The standards shall set forth specific, evidence-based requirements for the interoperability of the components, based on data standards established by the National Institute of Standards and Technology.

(3)

No system or device upon which ballots or votes are cast or tabulated shall be connected to the Internet at any time through any publicly accessible network.

(4)

No system or device upon which ballots or votes are cast or tabulated shall contain, use, or be accessible by any wireless, power-line, or concealed communication device.

(c)

Deadline; updates

(1)

Deadline for initial standards

The Director shall develop the standards under this title not later than 1 year after the date of the enactment of this Act.

(2)

Updates

The Director may update the standards under this title at such times as the Director considers appropriate.

202.

Requiring States to comply with standards in administration of elections for Federal office

Section 301(a) of the Help America Vote Act of 2002 (52 U.S.C. 21081(a)) is amended by adding at the end the following new paragraph:

(7)

Compliance with security standards

In operating the voting system, the State shall comply with the applicable standards developed by the Director of the National Institute of Standards and Technology under title II of the Election Infrastructure and Security Promotion Act of 2016 for ensuring the operational security of voting systems.

.

203.

Incorporation of standards into certification and testing of voting systems

Section 231(a) of the Help America Vote Act of 2002 (52 U.S.C. 20971(a)) is amended by adding at the end the following new paragraph:

(3)

Ensuring compliance with operational security standards

The testing and certification of voting system hardware and software carried out under this subtitle shall test whether voting systems are in compliance with the applicable standards developed by the Director of the National Institute of Standards and Technology under title II of the Election Infrastructure and Security Promotion Act of 2016 for ensuring the operational security of voting systems, including testing whether the components of voting systems meet the component-specific security requirements and the system interoperability requirements under such standards.

.

III

National Standards for Transparency and Verification of Ballot Counting

301.

Development of standards

(a)

Development

The Director of the National Institute of Standards and Technology shall develop standards for ensuring that the process by which ballots are counted in elections for Federal office is transparent and permits voters to verify that votes in such elections are counted correctly.

(b)

Contents of standards

In developing standards under this title, the Director shall ensure the following:

(1)

Election officials will provide the public with sufficient evidence to verify the results of an election for Federal office, including through the establishment of tracking procedures that permit members of the public to track the ballots counted in the election, so long as such procedures ensure the anonymity of the individuals who cast the ballots.

(2)

All of the data used or produced by the relevant components of a voting system used in an election for Federal office.

(3)

Election officials shall make all of the relevant components of a voting system used in an election for Federal office available to other parties (such as other officials of the State, research organizations, and institutions of higher education) to duplicate the testing procedures used to certify the use of the system for use in such elections.

(c)

Deadline; updates

(1)

Deadline for initial standards

The Director shall develop the standards under this title not later than 1 year after the date of the enactment of this Act.

(2)

Updates

The Director may update the standards under this title at such times as the Director considers appropriate.

(d)

Relevant components defined

In this section, the term relevant components means, with respect to a voting system, each component of the system which is involved with counting ballots and producing a tally of the ballots cast, including the source code, build tools, build procedure documentation, test plans, test fixtures, and software and hardware specifications.

302.

Requiring States to comply with standards in administration of elections for Federal office

Section 301(a) of the Help America Vote Act of 2002 (52 U.S.C. 21081(a)), as amended by section 202, is amended by adding at the end the following new paragraph:

(8)

Compliance with transparency and ballot verification standards

In operating the voting system, the State shall comply with the applicable standards developed by the Director of the National Institute of Standards and Technology under title III of the Election Infrastructure and Security Promotion Act of 2016 for ensuring that the process by which ballots are counted in elections for Federal office is transparent and permits voters to verify that votes in such elections are counted correctly.

.

IV

Research and Development

401.

Innovative election technology research and development

(a)

In general

The National Science Foundation, in cooperation with the Defense Advanced Research Projects Agency, shall establish an election technology innovation research and development program. Such program—

(1)

shall support the development of hardware and software technologies and systems for marking ballots, scanning ballots, aggregating tallies from counters, and electronic poll books; and

(2)

may also support research and development on other elements of technology for voting, election administration, auditing, and other election-critical operations.

(b)

Requirements

The National Science Foundation shall, to the extent practicable and in consultation with the Election Assistance Commission and the National Institute of Standards and Technology, ensure that technologies developed through assistance provided under this section—

(1)

conform to any applicable standards and guidelines for design and for data interoperability established by the National Institute of Standards and Technology; and

(2)

are made available for use by Federal, State, and local governments at no cost.