(a) The Secretary of State may seek all of the following relief for an unauthorized change in hardware, software, or firmware in a remote accessible vote by mail system certified or conditionally approved in California:
(1) A civil penalty from the offending party or parties, not to exceed ten thousand dollars ($10,000) per violation. For purposes of this subdivision, each remote accessible vote by mail system component found to contain the unauthorized hardware, software, or firmware shall be considered a separate violation. A penalty imposed pursuant to this subdivision shall be apportioned 50 percent to the county in which the violation occurred, if applicable, and 50 percent to the office of the Secretary of State for purposes of bolstering remote accessible vote by mail system security efforts.
(2) Immediate commencement of proceedings to withdraw certification or conditional approval for the remote accessible vote by mail system in question.
(3) Prohibiting the manufacturer or vendor of a remote accessible vote by mail system from doing elections-related business in the state for one, two, or three years.
(4) Refund of all moneys paid by a local agency for a remote accessible vote by mail system or a part of a remote accessible vote by mail system that is compromised by an unauthorized change or modification, whether or not the remote accessible vote by mail system has been used in an election.
(5) Any other remedial actions authorized by law to prevent unjust enrichment of the offending party.
(b) (1) The Secretary of State may seek all of the following relief for a known but undisclosed defect, fault, or failure in a remote accessible vote by mail system or part of a remote accessible vote by mail system certified or conditionally approved in California:
(A) Refund of all moneys paid by a local agency for a remote accessible vote by mail system or part of a remote accessible vote by mail system that is defective due to a known but undisclosed defect, fault, or failure, whether or not the remote accessible vote by mail system has been used in an election.
(B) A civil penalty from the offending party or parties, not to exceed fifty thousand dollars ($50,000) per violation. For purposes of this subdivision, each defect, fault, or failure shall be considered a separate violation. A defect, fault, or failure constitutes a single violation regardless of the number of remote accessible vote by mail system units in which the defect, fault, or failure is found.
(C) In addition to any other penalties or remedies established by this section, the offending party or parties shall be liable in the amount of one thousand dollars ($1,000) per day after the applicable deadline established in Section 19290 until the required disclosure is filed with the Secretary of State.
(2) A penalty imposed pursuant to subparagraph (B) or (C) of paragraph (1) shall be deposited in the General Fund.
(c) Before seeking any measure of relief under this section, the Secretary of State shall hold a public hearing. The Secretary of State shall give notice of the hearing in the manner prescribed by Section 6064 of the Government Code in a newspaper of general circulation published in Sacramento County. The Secretary of State also shall transmit written notice of the hearing, at least 30 days prior to the hearing, to each county elections official, the offending party or parties, any persons that the Secretary of State believes will be interested in the hearing, and any persons who request, in writing, notice of the hearing.
(d) The decision of the Secretary of State to seek relief under this section shall be in writing and state his or her findings. The decision shall be open to public inspection.
(Amended by Stats. 2016, Ch. 75, Sec. 19. (AB 2252) Effective January 1, 2017.)