South Carolina election commission permitted to withhold cybersecurity documents
South Carolina’s State Election Commission (SEC) has been told by the state attorney general’s office that the commission has the legal right to withhold cybersecurity documentation requested by the public.
SEC spokesperson Chris Whitmire told StateScoop on Wednesday the agency reached out to the AG’s office to clarify its legal rights when it comes to retaining sensitive cybersecurity information following an increase in public records requests. The office responded by saying the SEC has authority to withhold such documentation if it reveals vulnerabilities in the state’s security infrastructure.
“The SEC places a high value on transparency and security as both are necessary for the conduct of good elections,” Whitmire said. “Recent requests for information related to cybersecurity plans and infrastructure placed the agency in the dilemma of trying to balance these core principles.”
While typically an agency would need a FOIA exemption to withhold information, a governing body can offer the same authority, Whitmire said.
The SEC is still expected to release financial information about cybersecurity products and services purchased, however. It is also required by law to inform the public about breaches that disclose personally identifying data.
Whitmire said the SEC has not been specifically targeted yet by attackers, but that it must contend with common cybersecurity and malware attacks on a daily basis, like all government bodies.
The call for release of sensitive information about digital infrastructure comes as other states are confronting the issue of how to protect it. The Michigan House of Representatives passed legislation this year that provides an exemption for release of cybersecurity information and the bill’s bipartisan support could lead to passage in the Senate.
Amid claims that Russian hackers meddled in the 2016 presidential election, security surrounding voting systems captured the public’s attention and prompted the Department of Homeland Security to notify 21 states that hackers had scanned their election systems for vulnerabilities. South Carolina was not among those publicly named.