March 13, 2023
Senate Committee on Rules
Oregon State Legislature
900 Court St. NE
Salem, OR 97301
Sent via email
Dear Committee Members,
On behalf of Verified Voting, I write in support of Senate Bill 166,1 specifically regarding its election security and integrity measures. Verified Voting is a nonpartisan nonprofit organization, founded in 2004 by a group of computer scientists, whose mission is to strengthen democracy for all voters by promoting the responsible use of technology in elections.
As you know, the United States confronts unprecedented security threats to election systems— and to public confidence in election outcomes. In January 2017, the Department of Homeland Security officially designated election infrastructure as a subset of the government facilities sector, clarifying that election infrastructure qualifies as critical infrastructure.2 This designation recognizes that the United States’ election infrastructure is of such vital importance to the American way of life that its incapacitation or destruction would have a devastating effect on the country. And those systems are under constant attack.
In 2016, Russia targeted election systems in all 50 states3 and in 2022, cybersecurity experts warned that the conflict in Ukraine has increased the likelihood that Russia will continue to tamper with U.S. elections.4
These reports paint a grim picture for our election security and more must be done to protect our election infrastructure from cyber attacks.
S.B. 166 attempts to position Oregon election officials in the best possible cybersecurity posture. Requiring election security plans to include “[c]ybersecurity procedures for the process of casting and tallying ballots”5 that are in alignment with best practices from the federal agencies tasked with protecting election infrastructure means Oregon will be a leader when it comes to securing elections.
In recent years, some states have proposed expanding electronic ballot return as a solution for certain classes of voters so we call attention to an elections risk assessment published by four federal agencies—the Federal Bureau of Investigation (FBI), the Department of Homeland Security’s Cybersecurity Infrastructure Security Agency (CISA), the U.S. Election Assistance Commission (EAC), and the National Institute for Standards and Technology (NIST)—in which they explicitly recommend paper ballot return as a best practice to protect voters and also protect election systems.6
As a vote-by-mail state for more than 20 years, Oregon is already heeding such advice. Given the recommendations in the risk assessment, and the language in this bill, we urge the State of Oregon to resist any proposal to expand electronic ballot return, should such proposals arise.
At a time when our elections are under constant attack, S.B. 166 is a common-sense proposal that will elevate Oregon’s election security posture and we therefore request your support by voting in favor of it.
Senior Policy & Advocacy Associate
cc: Secretary of State Shemia Fagan
- S.B. 166, 2023 Leg., 82nd Sess. (Or. 2023).
- Statement by Secretary Jeh Johnson on the Designation of Election Infrastructure as a Critical Infrastructure Subsector (Jan. 6, 2017), https://www.dhs.gov/news/2017/01/06/statement-secretary-johnson-designation-election- infrastructure-critical.
- S. Rep. No. 116-290, vol. 1, at 8, 12, 20 (2019), available at https://www.intelligence.senate.gov/sites/default/files/documents/Report_Volume1.pdf.
- Ines Kagubare, Midterms Raise fears of Russian Cyberattacks, The Hill (Apr. 14, 2022), https://thehill.com/policy/cybersecurity/3266872-midterms-raise-fears-of-russian-cyberattacks/.
- S.B. 166, supra note 1 at 3.
- U.S. Cybersecurity and Infrastructure Security Agency, Federal Bureau of Investigation, National Institute of Standards and Technology and the U.S. Election Assistance Commission, Risk Management for Electronic Ballot Delivery, Marking, and Return 1 (2020), available at https://s.wsj.net/public/resources/documents/Final_%20Risk_Management_for_Electronic- Ballot_05082020.pdf?mod=article_inline.