On January 17, motivated by last year’s national intelligence community assessment that Ohio was one of the 21 states targeted by Russian hackers during the 2016 presidential election, State Rep. Kathleen Clyde (D-Kent), a candidate for Ohio Secretary of State, introduced two bills aimed at securing Ohio’s elections from cyber hacking and foreign interference. This is the latest cybersecurity legislation introduced in Ohio, coming on the recent heels of Senate Bill No. 220, which would provide a "legal safe harbor" to Ohio businesses that maintain government- and industry-recognized cybersecurity standards. Taken together, these bills show that cybersecurity will be an issue to watch in Columbus for both Ohio citizens and businesses in 2018.

The first bill, the Elections Cybersecurity Act (H.B. 466), would establish a Director of Elections Cybersecurity and an Elections Cybersecurity Council to advise the Secretary of State on securing Ohio’s elections and preventing future cyber threats. The Council would consist of a cross-section of election officials, voting advocates, and cybersecurity experts, and it would advise the Secretary of State on best practices, potential privacy and security weaknesses, and legislation in other states. See H.B. 466, proposed Ohio Rev. Code § 3501.054.

The Ballot Security and Verification Act (H.B. 467) would codify the current Secretary of State’s directive requiring counties to conduct audits of election results. See H.B. 467, proposed Ohio Rev. Code § 3505.331. The bill would also require counties to use voting equipment that produces paper ballots that have been marked and double-checked by voters. See H.B. 467, proposed § 3506.022. The new equipment would allow voters to mark their ballots by either a touch screen or pencil and look over their selections before casting their ballots. Rep. Clyde intends to call on the legislature to help counties with the cost of the new machines.

Ohio is just one of the many states considering measures to beef up election security to guard against cyberattacks. In November, Colorado completed its first-ever statewide election audit that allowed officials to double-check a sample of paper ballots against digital tallies to determine whether results were tabulated correctly. In Virginia, just weeks before the November gubernatorial election, the Board of Elections moved to discontinue touchscreen voting machines in favor of machines that produce a paper trail. On the federal level, Sen. Martin Heinrich (D-N.M.) and Susan Collins (R-Maine) recently introduced the Securing America’s Voting Equipment Act (S. 2035) to protect elections against future interference. The bill includes a measure authorizing grants for states to upgrade outdated voting technology and shore up their digital security.

Both H.B. 466 and H.B. 467 were assigned to the Government Accountability and Oversight Committee for consideration on January 24. For additional information on H.B. 466 and H.B. 467, contact Rep. Clyde at 614.466.2004. Government Accountability and Oversight Committee Chair Rep. Louis W. Blessing III (R-Colerain Township) can be reached at 614.466.9091.

The Tucker Ellis Privacy and Data Security Group continues to stay abreast of developments in privacy and data security at the state, national, and international levels by monitoring legal, technological, and industry changes, our relationships with experts in those areas, and membership in organizations focused on these topics. We will continue to provide updates on all related legislation and relevant topics throughout 2018.