Commissioners request Albert Sensor bill veto

Several years ago, the Washington Secretary of States provided to counties, at no cost, a device called an Albert Sensor. Albert is an intrusion detection device that was provided to counties with the narrative that it will help secure our elections. The installation of these devices required that counties enter into a contract with a third-party, non-governmental organization (NGO) called Center for Internet Security (CIS) located in New York. The premise was that CIS would monitor county networks and report any malicious activities back to the counties. (Lincoln County was a victim of a ransomware attack in 2020 with the device installed. There was no notification from CIS of the attack.)

These devices are connected via a direct network tap inside the county network. Data is then transmitted offsite and monitored for threats, or so they claim. The problem is that the county has no control over where the data goes, who sees it or what’s done with it. There is no way to verify, because NGO’s are not subject to the Freedom of Information Act. Counties are just supposed to “trust” them.

Lincoln County, along with two other Eastern Washington counties, decided to remove the Albert Sensors from their network. After doing extensive research and in consultation with their IT Specialists, they felt that the risks far outweighed any claimed benefits. The Secretary of State, irritated by counties refusing Albert, recently introduced legislation to make the installation of an Albert Sensor mandatory. Further, the bill makes those who refuse guilty of a class C felony and stipulates their removal from office.

This legislation, SB 5843, has passed both the Senate and the House and is awaiting the Governor’s signature. Lincoln County has sent the following letter to the Governor, requesting that he veto this very bad legislation.

Dear Governor Inslee,

We are writing to express our grave concerns over the recent passage of Senate Bill 5843 and to urge you, as the Governor of Washington State, to exercise your constitutional authority to veto this legislation.

Foremost, the county elected officials in the State of Washington share a common desire for safe and secure elections. While the title of SB 5843 suggests a commitment to enhancing the security of elections, our analysis reveals that the bill may inadvertently compromise the constitutional autonomy counties have over their Central Services Departments.

Specific Concerns: SB 5843 mandates counties to install and maintain an intrusion detection system to monitor their network; while we support election security and monitoring systems, we believe it is a violation of the Washington State Constitution for the State to compel a County to enter into contracts with a private entity to provide that service. Under SB 5843, each County must contract with a Secretary of State approved vendor, and, in this case, the Secretary of State only approved a single vendor, the Center for Internet Security, effectively mandating the installation of an Albert Sensor device.

Following strict legal review, it is our opinion that the requirements outlined in SB 5843 coupled with the Secretary of State’s approval of a single vendor constitutes a de-facto infringement upon the authority granted to Counties under RCW 36.92.010. Forcing County Legislative Authorities, under duress, to cede control of their networks to a non-governmental organization located in another state entirely, not only subverts the Constitutional autonomy granted to counties, but also endangers the IT security of the residents of the State as a whole. The lack of control over data access, visibility, and handling by a remote third party with no requirement for transparency raises significant concerns about the security and confidentiality of sensitive personal information.

Verification of Claims: The Center for Internet Security claims to only analyze metadata and search for known cyber threats. However, there is no transparent method for verification of the claim, leaving County IT staff and other stakeholders unable to independently confirm the accuracy of these assertions. This lack of transparency raises concerns about potential cybersecurity vulnerabilities introduced by the bill.

Additionally, it has come to our attention that the Center for Internet Security is under investigation by the House Homeland Security Subcommittee on Oversight, Investigations and Accountability, and the House Judiciary Select Subcommittee on the Weaponization of the Federal Government. The fact that the single Vendor approved by the Washington Secretary of State is under investigation by two separate Congressional oversight committees.

Due Process Concerns: The language in SB 5843 provides no recourse for due process. Individuals responsible for county networks, if found noncompliant, face severe penalties, including accusations of a class C felony and removal from office. This absence of due process contravenes the principles of fairness and justice enshrined in our legal system.

In conclusion, this legislation, with its potential Constitutional infringement on county autonomy, lack of due process, and likely conflicts with existing statutes and legal precedent, requires careful reconsideration to ensure the continued integrity and security of our elections.

We appeal to you to scrutinize the legal foundations of this legislation and we urge you to exercise your authority as Governor to veto Senate Bill 5843.

Thank you for your attention to this matter, and we trust that you will carefully consider our concerns in making your decision.

— Rob Coffman is the District 3 representative on the Lincoln County Board of Commissioners. He can be reached at rcoffman@co.lincoln.wa.us.