Feb 25, 2021 Representative Jesse Young Legislative Update
Yesterday, Feb. 24, the state House of Representatives voted on House Bill 1068. Unfortunately, the bill, which would exempt election security information from public records disclosure, passed the House floor. I voted no!
This legislation is presented as a “solution” to help protect our elections from cyber attacks. However, it will leverage a long-debunked security ideology (security by ignorance) in an attempt to take away your rights. It will not make state systems more secure; it will give us a false sense of security.
“As a software engineer with decades of global experience in this very industry, I can tell you this is a bad bill and it's dangerous.
There's a concept that's been well debunked in the global security industry for decades now. It's the concept of security by ignorance, which is if you have a gap in your security profile in the private sector, you try hiding it somewhere and hope that someone doesn't come along and exploit that problem.
I've witnessed this firsthand during my time consulting in Silicon Valley and around the globe. The concept of security by ignorance does not work because the hackers know how to exploit it and are constantly probing anyway. It's far better to have citizen oversight that helps reveal problems before they're exploited than trust in false premise.
This is simple; evil doesn't disappear because you close your eyes, and this concept of removing citizen transparency to 'protect' us is just that: willfully closing our eyes to evil. The notion that somehow shielding elections from citizen oversight is going to prevent paid professional hackers that already know how to exploit things, and that somehow security by ignorance is going to help us by removing transparency, is a farce.
It will not make us safer in the state. It will not build trust in our elections and unite us, and it will not secure these systems. Security by ignorance was debunked 20 years ago. Why are we still debating this issue now?
This is a very, very bad bill because it tries to assume we are safe if we hide weaknesses somewhere else. That's not how hackers work. Ninety-two percent of the traffic that hits our state servers is illicit. That means only 8 percent is meant to allow us to conduct our business, because we are constantly being bombarded by hackers from all over the world.
This is a bad precedent that we are setting and what it actually does is shield us from being able to review when someone like the state auditor makes a very critical mistake with regards to our private data.
This is not making us more secure. It would not have protected us from the gaffes the state auditor recently had with people's data. It would not have protected us from the gaffe the Employment Security Department had over the summer with the Nigeria scandal. And it will not protect us in theuture.
What it will do is give us a false sense of security, and that's exactly the environment that hackers want to operate in.
Why didn't the secretary of state support creating a select group of legislators and citizens to come in and oversee this and look at some of the data to ensure it works. Instead, they tell us that unless we take away citizens' rights to review, we won't be safe and therefore they are justified in trying to take away access and rights of the people. It is absurd.
I don't know if I'm more embarrassed or ashamed of the secretary of state and county auditors, but nonetheless, it is a bad bill and it's not good for the citizens of Washington. We should have voted this down, but I will continue to fight against it. I can only hope the Senate is smart enough to fix it or stop it cold.”
This is an important issue that could get overlooked with so many other policies being worked on this session. But I wanted to make sure you knew about it because it would negatively impact you. I will continue to fight against it.
Thank you for your support. Please continue reaching out to me and sharing your concerns. You can contact me by phone and email, as well as via Zoom. I can also be reached in-district at 360-480-5970. I'm here to represent you.