Arizona 2023 Regular Session

Arizona Senate Bill SCR1037 Compare Versions

Version 1 (Old)

Version 2 (New)

Old	New		Differences
1	1		Senate Engrossed presidential electors; constitutional appointments (now: elections; systems; equipment) State of Arizona Senate Fifty-sixth Legislature First Regular Session 2023 SENATE CONCURRENT RESOLUTION 1037 A Concurrent Resolution supporting the manufacture of voting system components in the United States. (TEXT OF BILL BEGINS ON NEXT PAGE)
	2	+
	3	+
	4	+
	5	+
2	6
3	7
4	8
5	9		Senate Engrossed presidential electors; constitutional appointments (now: elections; systems; equipment)
6	10		State of Arizona Senate Fifty-sixth Legislature First Regular Session 2023
7	11		SENATE CONCURRENT RESOLUTION 1037
8	12
9	13		Senate Engrossed
10	14
11	15
12	16
13	17		presidential electors; constitutional appointments
14	18
15	19		(now: elections; systems; equipment)
	20	+
	21	+
16	22
17	23
18	24
19	25
20	26
21	27
22	28
23	29		State of Arizona
24	30
25	31		Senate
26	32
27	33		Fifty-sixth Legislature
28	34
29	35		First Regular Session
30	36
31	37		2023
32	38
33	39
34	40
35	41
36	42
37	43
38	44
39	45		SENATE CONCURRENT RESOLUTION 1037
40	46
41	47
42	48
43	49
44	50
45	51
46	52
47	53		A Concurrent Resolution
48	54
49	55
50	56
51	57		supporting the manufacture of voting system components in the United States.
52	58
53	59
54	60
55	61
56	62
57	63		(TEXT OF BILL BEGINS ON NEXT PAGE)
58	64
59	65
60	66
61	67		Whereas, public functions such as voting should be open to the public and transparent except to preserve voter anonymity; and Whereas, recognizing the vital role of elections in national security, in 2017 the United States Department of Homeland Security designated election infrastructure as critical infrastructure of the United States; and Whereas, supply chain risks related to manufacturing, assembling and testing critical infrastructure items, including computerized voting machines, can be mitigated by appropriate standards and actions adopted by the United States government; and Whereas, computerized voting machines and systems used in this state contain electronic components that are manufactured, assembled or tested in foreign nations that pose a threat to the United States and include unsecure components in computerized devices that can and have been used to infiltrate, exfiltrate and manipulate data as discussed in various publications; and Whereas, actual breaches of computerized devices and computer systems have been discovered at the United States Department of Defense, thousands of government contractors and agencies and Fortune 100 companies, illustrating the threat to computerized systems, including computerized voting machines as noted by the United States Cybersecurity and Infrastructure Security Agency and various media outlets; and Whereas, the United States Senate Intelligence Committee held a hearing on March 21, 2018 relating to potential foreign interference in the 2016 election; and Whereas, at the March 21, 2018 meeting Election Systems and Software denied selling voting machines with remote access software, a fact Election Systems and Software later admitted was true in a letter to Senator Ron Wyden; and Whereas, Election Systems and Software represented to its customers and potential customers that its DS200 voting system was "fully certified and compliant with United States Election Assistance Commission guidelines" even if used with a modem, a critical access point by which unauthorized access can be made; and Whereas, the United States Election Assistance Commission issued a letter to Election Systems and Software dated March 20, 2020 stating that Election Systems and Software misrepresented that its voting machines with modems complied with the United States Election Assistance Commission requirements and required Election Systems and Software to correct its misrepresentations; and Whereas, on June 3, 2022, the United States Cybersecurity and Infrastructure Security Agency issued an advisory warning identifying nine critical security vulnerabilities in the Dominion ImageCast X devices and any voting machine components having a direct or indirect connection to that device; and Whereas, the Dominion ImageCast X devices and any voting machine components having a direct or indirect connection to that device are used in sixteen states, including this state; and Whereas, the United States Cybersecurity and Infrastructure Security Agency issued a June 3, 2022 advisory warning in direct response to the findings of a recognized computer science expert, Dr. J. Alex Halderman, who had twelve weeks to examine this voting system; and Whereas, before the United States Cybersecurity and Infrastructure Security Agency's warning, Dr. Halderman filed multiple sworn declarations in federal court attesting that: 1. Certain security failures could be exploited to steal or alter votes while evading all known safety procedures such as logic and accuracy tests and risk-limiting audits; and 2. Dominion ignored Dr. Halderman's requests to meet to seek a remedy for these security failures; and 3. It would take many months for Dominion to try to fix these security failures and obtain United States Election Assistance Commission and state-level approvals for such changes; and Whereas, Dr. Halderman filed a twenty-five thousand word report with a federal district court detailing the critical security failures related to United States Cybersecurity and Infrastructure Security Agency's June 3, 2022 advisory warning; and Whereas, Dominion has a copy of that report and has not made or sought the court's permission to make that report available to the public; and Whereas, the presence of the security failures identified in the United States Cybersecurity and Infrastructure Security Agency's advisory warning would directly prevent computerized voting systems' compliance with voting systems standards; and Whereas, although the United States Cybersecurity and Infrastructure Security Agency stated in that advisory that it has "no evidence that these vulnerabilities have been exploited in any election," there is no indication that the United States Cybersecurity and Infrastructure Security Agency or officials in this state ever investigated whether computerized voting machines in this state have been exploited through these known vulnerabilities or any other vulnerabilities; and Whereas, the United States Cybersecurity and Infrastructure Security Agency's June 3, 2022 advisory warning identified thirteen defensive measures that have not been undertaken in this state; and Whereas, computerized voting machines used in this state are unsecure, lack full public transparency and deprive voters of the right to know that their votes are counted and reported in an accurate, auditable, legal and transparent process; and Whereas, on November 3, 2021, the Tennessee Secretary of State's office reported to the United States Election Assistance Commission that an "anomaly" was observed during a municipal election in Williamson county, Tennessee, which used Dominion tabulators for a municipal election; and Whereas, the Tennessee anomaly caused the scanners to mislabel valid ballots as provisional, and therefore did not include these ballots in the poll report totals; and Whereas, after conducting a formal investigation of the Tennessee anomaly, the United States Election Assistance Commission issued a report on March 31, 2022 concluding that the "anomaly" was likely rooted in "erroneous code" present in Dominion's system; and Whereas, there was no conclusion in the United States Election Assistance Commission report on how the "erroneous code" came to be on the voting machine, or how such code was not detected in the certification process or other safety testing procedures; and Whereas, instances of computerized voting machine failures to accurately record vote totals have repeatedly occurred since 2002 and continue to occur to this day; and Whereas, because of the lack of transparency and detailed public postelection audits of computerized voting machines, there is no way to tell how many times inaccurate election results have been wrongly certified; and Whereas, the United States government employs open source technology to foster transparency; and Whereas, the source code used to read and tabulate ballots in computerized voting machines used in elections in this state for federal office is not open source and not openly available to the public to evaluate that code for malicious activity; and Whereas, Article I, Section 4, Clause 1 of the United States Constitution empowers state legislatures, including the legislature of this state, to prescribe the "Times, Places and Manner" of conducting federal elections; and Whereas, the definition of "manner" is at the sole discretion of the legislature; and Whereas, Article II, Section 1, Clause 2 of the United States Constitution empowers state Legislatures, including the legislature of this state, to direct the manner of appointing electors for President and Vice President of the United States. Therefore Be it resolved by the Senate of the State of Arizona, the House of Representatives concurring: That no voting system or component or subcomponent of a voting system or component, including firmware software or hardware, assemblies and subassemblies with integrated circuits or on which any firmware or software operates, may be used or purchased as the primary method for casting, recording and tabulating ballots used in any election held in this state for federal office unless: 1. All components have been designed, manufactured, integrated and assembled in the United States from trusted suppliers, using trusted processes accredited by the Defense Microelectronics Activity as prescribed by the United States Department of Defense; and 2. The source code used in any computerized voting machine for federal elections is made available to the public; and 3. The ballot images and system log files from each tabulator are recorded on a secure write-once, read-many media with clear chain of custody and posted on the Secretary of State's website free of charge to the public within twenty-four hours after the close of the polls; and 4. The legislature transmits this resolution to the secretary of state.
62	68
63	69		Whereas, public functions such as voting should be open to the public and transparent except to preserve voter anonymity; and
64	70
65	71		Whereas, recognizing the vital role of elections in national security, in 2017 the United States Department of Homeland Security designated election infrastructure as critical infrastructure of the United States; and
66	72
67	73		Whereas, supply chain risks related to manufacturing, assembling and testing critical infrastructure items, including computerized voting machines, can be mitigated by appropriate standards and actions adopted by the United States government; and
68	74
69	75		Whereas, computerized voting machines and systems used in this state contain electronic components that are manufactured, assembled or tested in foreign nations that pose a threat to the United States and include unsecure components in computerized devices that can and have been used to infiltrate, exfiltrate and manipulate data as discussed in various publications; and
70	76
71	77		Whereas, actual breaches of computerized devices and computer systems have been discovered at the United States Department of Defense, thousands of government contractors and agencies and Fortune 100 companies, illustrating the threat to computerized systems, including computerized voting machines as noted by the United States Cybersecurity and Infrastructure Security Agency and various media outlets; and
72	78
73	79		Whereas, the United States Senate Intelligence Committee held a hearing on March 21, 2018 relating to potential foreign interference in the 2016 election; and
74	80
75	81		Whereas, at the March 21, 2018 meeting Election Systems and Software denied selling voting machines with remote access software, a fact Election Systems and Software later admitted was true in a letter to Senator Ron Wyden; and
76	82
77	83		Whereas, Election Systems and Software represented to its customers and potential customers that its DS200 voting system was "fully certified and compliant with United States Election Assistance Commission guidelines" even if used with a modem, a critical access point by which unauthorized access can be made; and
78	84
79	85		Whereas, the United States Election Assistance Commission issued a letter to Election Systems and Software dated March 20, 2020 stating that Election Systems and Software misrepresented that its voting machines with modems complied with the United States Election Assistance Commission requirements and required Election Systems and Software to correct its misrepresentations; and
80	86
81	87		Whereas, on June 3, 2022, the United States Cybersecurity and Infrastructure Security Agency issued an advisory warning identifying nine critical security vulnerabilities in the Dominion ImageCast X devices and any voting machine components having a direct or indirect connection to that device; and
82	88
83	89		Whereas, the Dominion ImageCast X devices and any voting machine components having a direct or indirect connection to that device are used in sixteen states, including this state; and
84	90
85	91		Whereas, the United States Cybersecurity and Infrastructure Security Agency issued a June 3, 2022 advisory warning in direct response to the findings of a recognized computer science expert, Dr. J. Alex Halderman, who had twelve weeks to examine this voting system; and
86	92
87	93		Whereas, before the United States Cybersecurity and Infrastructure Security Agency's warning, Dr. Halderman filed multiple sworn declarations in federal court attesting that:
88	94
89	95		1. Certain security failures could be exploited to steal or alter votes while evading all known safety procedures such as logic and accuracy tests and risk-limiting audits; and
90	96
91	97		2. Dominion ignored Dr. Halderman's requests to meet to seek a remedy for these security failures; and
92	98
93	99		3. It would take many months for Dominion to try to fix these security failures and obtain United States Election Assistance Commission and state-level approvals for such changes; and
94	100
95	101		Whereas, Dr. Halderman filed a twenty-five thousand word report with a federal district court detailing the critical security failures related to United States Cybersecurity and Infrastructure Security Agency's June 3, 2022 advisory warning; and
96	102
97	103		Whereas, Dominion has a copy of that report and has not made or sought the court's permission to make that report available to the public; and
98	104
99	105		Whereas, the presence of the security failures identified in the United States Cybersecurity and Infrastructure Security Agency's advisory warning would directly prevent computerized voting systems' compliance with voting systems standards; and
100	106
101	107		Whereas, although the United States Cybersecurity and Infrastructure Security Agency stated in that advisory that it has "no evidence that these vulnerabilities have been exploited in any election," there is no indication that the United States Cybersecurity and Infrastructure Security Agency or officials in this state ever investigated whether computerized voting machines in this state have been exploited through these known vulnerabilities or any other vulnerabilities; and
102	108
103	109		Whereas, the United States Cybersecurity and Infrastructure Security Agency's June 3, 2022 advisory warning identified thirteen defensive measures that have not been undertaken in this state; and
104	110
105	111		Whereas, computerized voting machines used in this state are unsecure, lack full public transparency and deprive voters of the right to know that their votes are counted and reported in an accurate, auditable, legal and transparent process; and
106	112
107	113		Whereas, on November 3, 2021, the Tennessee Secretary of State's office reported to the United States Election Assistance Commission that an "anomaly" was observed during a municipal election in Williamson county, Tennessee, which used Dominion tabulators for a municipal election; and
108	114
109	115		Whereas, the Tennessee anomaly caused the scanners to mislabel valid ballots as provisional, and therefore did not include these ballots in the poll report totals; and
110	116
111	117		Whereas, after conducting a formal investigation of the Tennessee anomaly, the United States Election Assistance Commission issued a report on March 31, 2022 concluding that the "anomaly" was likely rooted in "erroneous code" present in Dominion's system; and
112	118
113	119		Whereas, there was no conclusion in the United States Election Assistance Commission report on how the "erroneous code" came to be on the voting machine, or how such code was not detected in the certification process or other safety testing procedures; and
114	120
115	121		Whereas, instances of computerized voting machine failures to accurately record vote totals have repeatedly occurred since 2002 and continue to occur to this day; and
116	122
117	123		Whereas, because of the lack of transparency and detailed public postelection audits of computerized voting machines, there is no way to tell how many times inaccurate election results have been wrongly certified; and
118	124
119	125		Whereas, the United States government employs open source technology to foster transparency; and
120	126
121	127		Whereas, the source code used to read and tabulate ballots in computerized voting machines used in elections in this state for federal office is not open source and not openly available to the public to evaluate that code for malicious activity; and
122	128
123	129		Whereas, Article I, Section 4, Clause 1 of the United States Constitution empowers state legislatures, including the legislature of this state, to prescribe the "Times, Places and Manner" of conducting federal elections; and
124	130
125	131		Whereas, the definition of "manner" is at the sole discretion of the legislature; and
126	132
127	133		Whereas, Article II, Section 1, Clause 2 of the United States Constitution empowers state Legislatures, including the legislature of this state, to direct the manner of appointing electors for President and Vice President of the United States.
128	134
129	135		Therefore
130	136
131	137		Be it resolved by the Senate of the State of Arizona, the House of Representatives concurring:
132	138
133	139		That no voting system or component or subcomponent of a voting system or component, including firmware software or hardware, assemblies and subassemblies with integrated circuits or on which any firmware or software operates, may be used or purchased as the primary method for casting, recording and tabulating ballots used in any election held in this state for federal office unless:
134	140
135	141		1. All components have been designed, manufactured, integrated and assembled in the United States from trusted suppliers, using trusted processes accredited by the Defense Microelectronics Activity as prescribed by the United States Department of Defense; and
136	142
137	143		2. The source code used in any computerized voting machine for federal elections is made available to the public; and
138	144
139	145		3. The ballot images and system log files from each tabulator are recorded on a secure write-once, read-many media with clear chain of custody and posted on the Secretary of State's website free of charge to the public within twenty-four hours after the close of the polls; and
140	146
141	147		4. The legislature transmits this resolution to the secretary of state.
142		-
143		-	PASSED BY THE HOUSE MARCH 30, 2023. PASSED BY THE SENATE MARCH 6, 2023. FILED IN THE OFFICE OF THE SECRETARY OF STATE APRIL 3, 2023.
144		-
145		-
146		-
147		-
148		-
149		-
150		-
151		-	PASSED BY THE HOUSE MARCH 30, 2023.
152		-
153		-
154		-
155		-	PASSED BY THE SENATE MARCH 6, 2023.
156		-
157		-
158		-
159		-	FILED IN THE OFFICE OF THE SECRETARY OF STATE APRIL 3, 2023.