SECOND REGULAR SESSION
SENATE BILL NO. 816
102ND GENERAL ASSEMBLY
INTRODUCED BY SENATOR CARTER.
3095S.01I KRISTINA MARTIN, Secretary
AN ACT
To repeal section 115.225, RSMo, and to enact in lieu thereof one new section relating to electronic
voting systems, with an effective date.
Be it enacted by the General Assembly of the State of Missouri, as follows:
Section A. Section 115.225, RSMo, is repealed and one new 1
section enacted in lieu thereof, to be known as section 115.225, 2
to read as follows:3
115.225. 1. Before use by election authorities in 1
this state, the secretary of state shall approve the marking 2
devices and the automatic tabulating equipment used in 3
electronic voting systems and may promulgate rules and 4
regulations to implement the intent of sections 115.225 to 5
115.235. 6
2. No electronic voting system shall be approved 7
unless it: 8
(1) Permits voting in absolute secrecy; 9
(2) Permits each voter to vote for as many candidates 10
for each office as a voter is lawfully entitled to vote for; 11
(3) Permits each voter to vote for or against as many 12
questions as a voter is lawfully entitled to vo te on, and no 13
more; 14
(4) Provides facilities for each voter to cast as many 15
write-in votes for each office as a voter is lawfully 16
entitled to cast; 17 SB 816 2
(5) Permits each voter in a primary election to vote 18
for the candidates of only one party ann ounced by the voter 19
in advance; 20
(6) Permits each voter at a presidential election to 21
vote by use of a single mark for the candidates of one party 22
or group of petitioners for president, vice president and 23
their presidential electors; 24
(7) Accurately counts all proper votes cast for each 25
candidate and for and against each question; 26
(8) Is set to reject all votes, except write -in votes, 27
for any office and on any question when the number of votes 28
exceeds the number a voter is lawfully en titled to cast; 29
(9) Permits each voter, while voting, to clearly see 30
the ballot label; 31
(10) Has been tested and is certified by an 32
independent authority that meets the voting system standards 33
developed by the Federal Election Commission or i ts 34
successor agency. The provisions of this subdivision shall 35
not be required for any system purchased prior to August 28, 36
2002; 37
(11) Is developed, owned, and maintained by a business 38
entity registered in the United States and owned by United 39
States citizens. If the business entity is publicly held, 40
the board of directors and the majority stockholders shall 41
be United States citizens. The business entity shall not be 42
a subsidiary of any multinational firm and shall have its 43
principal place of business located within the United States; 44
(12) Meets the requirements of subsection 10 of this 45
section. 46
3. The secretary of state shall promulgate rules and 47
regulations to allow the use of a computerized voting 48
system. The procedures shall provide for the use of a 49 SB 816 3
computerized voting system with the ability to provide a 50
paper audit trail. Notwithstanding any provisions of this 51
chapter to the contrary, such a system may allow for the 52
storage of processed ballot materials in an electr onic form. 53
4. Any rule or portion of a rule, as that term is 54
defined in section 536.010, that is created under the 55
authority delegated in this section shall become effective 56
only if it complies with and is subject to all of the 57
provisions of chapter 536 and, if applicable, section 58
536.028. This section and chapter 536 are nonseverable and 59
if any of the powers vested with the general assembly 60
pursuant to chapter 536 to review, to delay the effective 61
date or to disapprove and annul a rule are s ubsequently held 62
unconstitutional, then the grant of rulemaking authority and 63
any rule proposed or adopted after August 28, 2002, shall be 64
invalid and void. 65
5. If any election authority uses any touchscreen 66
direct-recording electronic vote -counting machine, the 67
election authority may continue to use such machine. Upon 68
the removal of such voting machine from the election 69
authority's inventory because of mechanical malfunction, 70
wear and tear, or any other reason, the machine shall not be 71
replaced and no additional direct -recording electronic vote - 72
counting machine shall be added to the election authority's 73
inventory. Such machines shall not be used beginning 74
January 1, 2024. Equipment that is designed for 75
accessibility shall provide a paper ballot audit trail. 76
6. (1) Each election authority that controls its own 77
information technology department shall, once every two 78
years, allow a cyber security review of their office by the 79
secretary of state or alternatively by an entity that 80
specializes in cyber security reviews. Each political 81 SB 816 4
subdivision that controls the information technology 82
department for an election authority shall, once every two 83
years, allow a cyber security review of the information 84
technology department by the s ecretary of state or 85
alternatively by an entity that specializes in cyber 86
security reviews. The secretary of state shall, once every 87
two years, allow a cyber security review of its office by an 88
entity that specializes in cyber security reviews. For 89
purposes of this section, an entity specializes in cyber 90
security review if it employs one or more individuals who: 91
(a) Have at least five years management experience in 92
information security or five years' experience as an 93
information security ana lyst; 94
(b) Have worked in at least two of the domains listed 95
in paragraph (c) of this subdivision that are covered in the 96
exam required by such paragraph; and 97
(c) Have attained an information security 98
certification by passing an exam that cov ers at least three 99
of the following topics: 100
a. Information technology risk management, 101
identification, mitigation, and compliance; 102
b. Information security incident management; 103
c. Information security program development and 104
management; 105
d. Risk and control monitoring and reporting; 106
e. Access control systems and methodology; 107
f. Business continuity planning and disaster recovery 108
planning; 109
g. Physical security of election authority property; 110
h. Networking security; or 111
i. Security architecture application and systems 112
development. 113 SB 816 5
(2) If an election authority or political subdivision 114
fails to have a cyber security review as required by this 115
subsection, the secretary of state may publish a notice of 116
noncompliance in a newspaper within the jurisdiction of the 117
election authority or in electronic format. The secretary 118
of state is also authorized to withhold funds from an 119
election authority in violation of this section unless such 120
funding is a federal mandate or part of a federal and state 121
agreement. 122
7. The secretary of state shall have authority to 123
require cyber security testing, including penetration 124
testing, of vendor machines, programs, and systems. Failure 125
to participate in such test ing shall result in a revocation 126
of vendor certification. Upon notice from another 127
jurisdiction of cyber security failures or certification 128
withholds or revocation, the secretary of state shall have 129
authority to revoke or withhold certification for ve ndors. 130
The requirements of this section shall be subject to 131
appropriation for the purpose of cyber security testing. 132
8. The secretary of state may designate an 133
organization of which each election authority shall be a 134
member, provided there is no membership fee and the 135
organization provides information to increase cyber security 136
and election integrity efforts. 137
9. All audits required by subsection 6 of this section 138
that are conducted by the secretary of state shall be solely 139
paid for by state and federal funding. 140
10. (1) As used in this subsection, the following 141
terms mean: 142
(a) "Corresponding source", for an electronic voting 143
system in object code form, all the source code needed to 144
generate, install, and, for an executable electronic voting 145 SB 816 6
system, run the object code and to modify the electronic 146
voting system, including scripts to control those 147
activities. "Corresponding source" does not include the 148
electronic voting system's system libraries, general -purpose 149
tools, or generally available free programs that are used 150
unmodified in performing those activities but are not part 151
of the work. "Corresponding source" includes interface 152
definition files associated with source files for the 153
electronic voting system, the so urce code for shared 154
libraries, and dynamically linked subprograms that the 155
electronic voting system is specifically designed to 156
require, such as by intimate data communication or control 157
flow between those subprograms and other parts of the 158
electronic voting system; 159
(b) "Object code", any non -source form of an 160
electronic voting system; 161
(c) "Source code", the preferred form of the 162
electronic voting system for making modifications to it; 163
(d) "Standard interface", an interface that ei ther is 164
an official standard defined by a recognized standards body, 165
or, in the case of interfaces specified for a particular 166
programming language, one that is widely used among 167
developers working in that language; 168
(e) "System libraries", a catal og of an executable 169
electronic voting system, including anything, other than the 170
electronic voting system as a whole, that is included in the 171
normal form of packaging a major component but is not part 172
of that major component and serves only to enable u se of the 173
electronic voting system with that major component or to 174
implement a standard interface for which an implementation 175
is available to the public in source code form. As used in 176
this paragraph, a "major component" is a major essential 177 SB 816 7
component including, but not limited to, a kernel or window 178
system of the specific operating system on which the 179
executable electronic voting system runs, a compiler used to 180
produce the electronic voting system, or an object code 181
interpreter used to run it. 182
(2) Any software, or hardware containing software or 183
firmware, used in an electronic voting system in this state 184
shall have the full corresponding source code of the 185
software or firmware made publicly available by the 186
secretary of state at no cost, upon request of any resident 187
or citizen of this state. The full corresponding source 188
code provided shall exactly match the code necessary to 189
recreate any object code currently being used or deployed by 190
the state or any of its political subdivisions f or election 191
tabulation purposes. Additionally, the full corresponding 192
source code for any software or firmware used for election 193
tabulation purposes in prior elections shall be retained by 194
the secretary of state and made available upon request for a 195
period of ten years after the certification of the results 196
of the relevant election. 197
(3) The corresponding source shall not be required to 198
include anything that users can regenerate automatically 199
from other parts of the corresponding source. 200
(4) The corresponding source for an electronic voting 201
system in source code form is that same electronic voting 202
system. 203
Section B. The repeal and reenactment of section 1
115.225 of this act shall become effective January 1, 2025. 2