HB 626 - AS INTRODUCED
2025 SESSION
25-0617
08/02
HOUSE BILL 626
SPONSORS: Rep. McFarlane, Graf. 18; Rep. Kuttab, Rock. 17; Rep. Spillane, Rock. 2; Rep. Popovici-Muller, Rock. 17; Sen. Murphy, Dist 16
COMMITTEE: Election Law
-----------------------------------------------------------------
ANALYSIS
This bill directs the secretary of state to implement a vulnerability disclosure program for certain election systems and gives the cyber security committee oversight therefor.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Explanation: Matter added to current law appears in bold italics.
Matter removed from current law appears [in brackets and struckthrough.]
Matter which is either (a) all new or (b) repealed and reenacted appears in regular type.
25-0617
08/02
STATE OF NEW HAMPSHIRE
In the Year of Our Lord Two Thousand Twenty Five
Be it Enacted by the Senate and House of Representatives in General Court convened:
1 Secretary of State; Chief Election Officer; Duty to Investigate System Vulnerabilities. Amend RSA 652:23 to read as follows:
652:23 Chief Election Officer.
I. The secretary of state shall be the chief election officer for the state. The secretary of state shall provide information regarding voter registration procedures and absentee ballot procedures for all voters, including absent uniformed services voters, absent voters temporarily residing outside the United States, and federal ballot only voters domiciled outside the United States. Instructional and informational materials published by the secretary of state for clerks to provide such voters shall include information on how to communicate electronically with election officials.
II. Within 180 days of the effective date of this paragraph, the secretary of state shall implement and operate a public vulnerability disclosure program which substantially meets or exceeds the recommendations contained within the publication "Guide to Vulnerability Reporting for America's Election Administrators" published by the Cybersecurity and Infrastructure Security Agency of the United States Department of Homeland Security, to make it easier for security researchers and the general public to report security vulnerabilities appropriately. The scope of the program shall include at least all of the secretary’s information technology systems which bear on the integrity of the voter registration and election processes, including the centralized voter registration database and the user interfaces used by voters, town clerks, ballot clerks, and supervisors of the checklist relative to elections and voter registration. The secretary shall work with the cybersecurity advisory committee established in RSA 21-R:16, and such committee shall be responsible for the oversight of the public vulnerability disclosure program.
2 New Paragraph; Cybersecurity Advisory Committee; Duties. Amend RSA 21-R:16 by inserting after paragraph III the following new paragraph:
IV. The committee shall oversee the public vulnerability disclosure program operated by the secretary of state pursuant to RSA 652:23, II.
3 Effective Date. This act shall take effect upon its passage.
| Date | Body | Type |
|---|---|---|
| Jan. 28, 2025 | House | Hearing |
| Feb. 4, 2025 | House | Exec Session |
Jan. 29, 2025: Executive Session: 02/04/2025 10:10 am LOB 306-308
Jan. 22, 2025: Public Hearing: 01/28/2025 11:20 am LOB 306-308
Jan. 16, 2025: Introduced (in recess of) 01/09/2025 and referred to Election Law HJ 3