After an uptick in public records requests, the agency confirmed with the state Attorney General’s office that it was within its rights to withhold certain sensitive information.
South Carolina’s State Election Commission (SEC) has been told by the state Attorney General’s office it is within its legal right to withhold cybersecurity documentation requested by the public.
SEC Spokesperson Chris Whitmire told StateScoop Wednesday the agency reached out to the AG’s office to clarify its legal rights when it comes to retaining sensitive cybersecurity information following an increase in public records requests. The office responded by saying the SEC has authority to withhold such documentation if it reveals vulnerabilities in the state’s security infrastructure.
“The SEC places a high value on transparency and security as both are necessary for the conduct of good elections,” Whitmire said. “Recent requests for information related to cybersecurity plans and infrastructure placed the agency in the dilemma of trying to balance these core principles.”
The agency’s legal authority to keep such details secret from the public does not require a FOIA exemption, since such exemptions can be overruled by a governing body, Whitmire said.
The SEC is still expected to release financial information about cybersecurity products and services purchased, however. It is also required by law to inform the public about breaches that disclose personally identifying data.
Whitmire said the SEC has not been specifically targeted yet by attackers, but that it must contend with common cybersecurity and malware attacks on a daily basis, like all government bodies.
The call for release of sensitive government data underpins a more widespread issue. The Michigan House of Representatives passed legislation this year that provides an exemption for release of cybersecurity information and the bill’s bipartisan support could lead to passage in the Senate.
Amid claims that Russian hackers meddled in the 2016 presidential election, security surrounding voting systems captured the public’s attention and prompted the Department of Homeland Security to notify 21 states that hackers had focused their attacks at their election systems — yet South Carolina was not among those publicly named.