[House Hearing, 114 Congress]
[From the U.S. Government Publishing Office]
CYBERSECURITY: ENSURING THE INTEGRITY OF THE BALLOT BOX
=======================================================================
HEARING
BEFORE THE
SUBCOMMITTEE ON
INFORMATION TECHNOLOGY
OF THE
COMMITTEE ON OVERSIGHT
AND GOVERNMENT REFORM
HOUSE OF REPRESENTATIVES
ONE HUNDRED FOURTEENTH CONGRESS
SECOND SESSION
__________
SEPTEMBER 28, 2016
__________
Serial No. 114-165
__________
Printed for the use of the Committee on Oversight and Government Reform
[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]
Available via the World Wide Web: http://www.fdsys.gov
http://www.house.gov/reform
__________
U.S. GOVERNMENT PUBLISHING OFFICE
26-124 PDF WASHINGTON : 2017
----------------------------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Publishing Office,
http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center,
U.S. Government Publishing Office. Phone 202-512-1800, or 866-512-1800 (toll-free).
E-mail, [email protected].
COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM
JASON CHAFFETZ, Utah, Chairman
JOHN L. MICA, Florida ELIJAH E. CUMMINGS, Maryland,
MICHAEL R. TURNER, Ohio Ranking Minority Member
JOHN J. DUNCAN, Jr., Tennessee CAROLYN B. MALONEY, New York
JIM JORDAN, Ohio ELEANOR HOLMES NORTON, District of
TIM WALBERG, Michigan Columbia
JUSTIN AMASH, Michigan WM. LACY CLAY, Missouri
PAUL A. GOSAR, Arizona STEPHEN F. LYNCH, Massachusetts
SCOTT DesJARLAIS, Tennessee JIM COOPER, Tennessee
TREY GOWDY, South Carolina GERALD E. CONNOLLY, Virginia
BLAKE FARENTHOLD, Texas TAMMY DUCKWORTH, Illinois
CYNTHIA M. LUMMIS, Wyoming ROBIN L. KELLY, Illinois
THOMAS MASSIE, Kentucky BRENDA L. LAWRENCE, Michigan
MARK MEADOWS, North Carolina TED LIEU, California
RON DeSANTIS, Florida BONNIE WATSON COLEMAN, New Jersey
MICK, MULVANEY, South Carolina STACEY E. PLASKETT, Virgin Islands
KEN BUCK, Colorado MARK DeSAULNIER, California
MARK WALKER, North Carolina BRENDAN F. BOYLE, Pennsylvania
ROD BLUM, Iowa PETER WELCH, Vermont
JODY B. HICE, Georgia MICHELLE LUJAN GRISHAM, New Mexico
STEVE RUSSELL, Oklahoma
EARL L. ``BUDDY'' CARTER, Georgia
GLENN GROTHMAN, Wisconsin
WILL HURD, Texas
GARY J. PALMER, Alabama
Jennifer Hemingway, Staff Director
Troy Stock, Information Technology Subcommittee Staff Director
William Marx, Clerk
David Rapallo, Minority Staff Director
------
Subcommittee on Information Technology
WILL HURD, Texas, Chairman
BLAKE FARENTHOLD, Texas, Vice Chair ROBIN L. KELLY, Illinois, Ranking
MARK WALKER, North Carolina Minority Member
ROD BLUM, Iowa GERALD E. CONNOLLY, Virginia
PAUL A. GOSAR, Arizona TAMMY DUCKWORTH, Illinois
TED LIEU, California
C O N T E N T S
----------
Page
Hearing held on September 28, 2016............................... 1
WITNESSES
Mr. Andy Ozment, Assistant Secretary for Cybersecurity and
Communications, U.S. Department of Homeland Security
Oral Statement............................................... 5
Written Statement............................................ 8
Mr. Thomas Hicks, Commissioner, Chairman, U.S. Election
Assistance Commission
Oral Statement............................................... 12
Written Statement............................................ 14
The Hon. Brian P. Kemp, Secretary of State, State of Georgia
Oral Statement............................................... 21
Written Statement............................................ 23
Mr. Andrew W. Appel, Eugene Higgins Professor of Computer
Science, Princeton University
Oral Statement............................................... 27
Written Statement............................................ 29
Mr. Lawrence Norden, Deputy Director, Democracy Program, Brennan
Center for Justice, New York University School of Law
Oral Statement............................................... 38
Written Statement............................................ 40
APPENDIX
Letter for the Record regarding federal voter registration
submitted by Ranking Member Cummings........................... 84
Article for the Record titled, ``States Ask Feds for
Cybersecurity Scans Following Election Hacking Threats,''
submitted by Mr. Lieu.......................................... 88
Checklist for Securing Voter Registration Data, submitted by Mr.
Hurd........................................................... 91
Letter for the Record regarding possible Trump connections to
cyber attacks, submitted by Ranking Member Cummings............ 93
Open letter from the National Association of Secretaries of
State, submitted by Mr. Hurd................................... 99
Statement for the Record of the Electronic Privacy Information
Center, submitted by Mr. Hurd.................................. 102
CYBERSECURITY: ENSURING THE INTEGRITY OF THE BALLOT BOX
----------
Wednesday, September 28, 2016
House of Representatives,
Subcommittee on Information Technology,
Committee on Oversight and Government Reform,
Washington, D.C.
The subcommittee met, pursuant to call, at 2:03 p.m., in
Room 2154, Rayburn House Office Building, Hon. Will Hurd
[chairman of the subcommittee] presiding.
Present: Representatives Hurd, Blum, Gosar, Cummings,
Kelly, Connolly, and Lieu.
Also Present: Representatives Carter and Hice.
Mr. Hurd. The Subcommittee on Information Technology will
come to order and, without objection, the chair is authorized
to declare a recess at any time. I'd like to inform everybody,
we will probably be interrupted by votes sometime between 2:30
and 3:00. So we'll get through as much of this hearing as we
can and then likely reconvene after that vote series, which I
think is a short series.
Thank you all for being here and good afternoon. We're here
to talk about voting. Voting is the cornerstone of American
democracy and a fundamental right of all Americans. Our
existence as a democratic republic is only made possible and
legitimate through free and fair elections. Each American's
voice should be heard, but to ensure that, we must protect the
ballot box. Like everything else in the digital age, however,
voting can be vulnerable to hacking. There are about 10,000
election jurisdictions nationwide that administer elections,
and even within States, counties use different systems and
different technologies to conduct elections.
While no longer on the table for this election cycle, State
and local election officials, including Secretary Kemp, who is
here today, have expressed concern that classifying the
election system as critical infrastructure would effectively be
a Federal takeover of what has always been a local process. The
purpose of this hearing is to examine the threats posed by the
entities seeking to disrupt, undermine, or in any way alter the
results of this election. But I also hope to initiate and
foster discussion about what designating the election system as
critical infrastructure would entail.
I thank the witnesses for being here today and for their
efforts as fellow citizens to ensure that November's elections
are free and fair.
I would like to now recognize the ranking member of the
full committee, Mr. Cummings, for opening remarks.
Mr. Cummings. Thank you very much, Mr. Chairman, and I
thank you for your courtesy. And I thank you and Ms. Kelly for
this hearing.
I want to thank all of the witnesses that are here today.
The focus today on the risk of election integrity posed by
cyber threats is a very important one, but that is only a
fraction of the risk to our elections. Efforts to hinder
eligible voters' access to the ballot box also pose an urgent
threat to our elections, to voter rights, and to our very
democracy.
In January, Election Assistance Commission Executive
DirectorBrian Newby, who I see sitting in the audience today,
wrote to Alabama, Georgia and Kansas, giving the appearance
that he had the unilateral authority to allow these States to
change the Federal voter registration form to require proof of
citizenship. Mr. Newby's invalid act led to the
disenfranchisement of at least, Mr. Chairman, tens of thousands
of Kansas voters alone and who knows how many more in other
States.
Chairman Hicks, as the vice chairman at the time, you
stated that Mr. Newby acted unilaterally and that the
Commission has, quote, ``affirmed that agency staff does not
have the authority to make policy decisions,'' end of quote. I
simply could not agree more. This is why I have been
investigating this matter with Ranking Member Robert Brady of
the Committee on House Administration, and Assistant Democratic
Leader Jim Clyburn. Thankfully, a Federal Court has issued an
injunction halting and reversing Mr. Newby's invalid action.
However, that litigation is ongoing, and I worry about the
voters who have already been turned away, perhaps never to be
able to vote in this election. Chairman Hicks, Mr. Newby, Mr.
Tatum, we are sending you another letter today that outlines
our findings thus far.
I ask unanimous consent that the letter be entered into the
record, Mr. Chairman.
Mr. Hurd. Without objection, so ordered.
Mr. Cummings. Thank you very much.
We learned that Mr. Newby conducted no written analysis
regarding the impact of his decision on the ability of eligible
voters to register to vote. He also conducted no cost-benefit
analysis to compare the potential for voter fraud with the
potential for eligible voter disenfranchisement. He also
claimed that he had been unaware until recently that proof of
citizenship laws could have a disproportionate impact on people
of color. I would invite him to read the case of John Doe v.
North Carolina. While a lengthy decision, it makes it clear
that it is a major problem with regard to people of color not
being able to vote.
In light of these findings, we seek additional information,
but we also requested that Mr. Newby rescind his unilateral and
invalid decision. Mr. Newby, I find your action to be shameful,
and I hope you will swiftly rescind it.
But this is not the only threat to our right to vote. In
2013, the Supreme Court in Shelby County v. Holder struck down
a crucial part of the Voting Rights Act that required some
States to seek preclearance from the Department of Justice
before changing their election laws.
Mr. Norden, your organization, the Brennan Center, has been
tracking the voting restriction laws passed since Shelby. In
fact, 14 States will have new voting restrictions in place this
fall for the first time in a Presidential election, literally
stopping American citizens from voting. These include photo ID
requirements, which have been shown time and time again to
unduly burden young voters, women, the elderly, people with
disabilities, low-income voters, and the homeless. Passed
almost exclusively by Republican legislatures, these laws have
been proven to have racially discriminatory intent.
I am almost finished, Mr. Chairman.
In July, a Federal appeals court struck down the voter
restrictions in North Carolina, finding that they, and I quote,
listen to this, ``target African Americans with almost surgical
precision'' and, quote, ``were enacted with racially
discriminatory intent in violation of the Equal Protection
Clause,'' end of quote.
We can fix this harmful lapse in our democracy by updating
the Voting Rights Act in bills with bipartisan support and have
proposed that we do so immediately. However, Republicans in
Congress refuse to bring any of these bills to the floor for a
vote. It is truly shameful, and as a Nation, we are better than
that. I urge my colleagues to move this crucial legislation.
The integrity of our democracy is at stake.
And, with that, Mr. Chairman, I thank you for your
courtesy, and I yield back.
Mr. Hurd. I thank the ranking member.
And now I would like to recognize the gentlelady from
Illinois and my friend, Ms. Kelly, the ranking member of the
Subcommittee on Information Technology, for her opening
remarks.
Ms. Kelly. Thank you, Mr. Chairman.
Last week, after receiving classified briefings on threats
to the upcoming election, Senator Dianne Feinstein and
Representative Adam Schiff accused Russia of, and I quote,
``making a serious and concerted effort to influence the U.S.
election.''
Recently, Director of National Intelligence James Clapper
also cited a long history of Russia's efforts to influence
elections abroad. The Director said that Russia's apparent
efforts to compromise U.S. elections, quote, ``shouldn't come
as a big shock to people,'' but attempts to influence the
outcome of our election are not just limited to foreign
government.
According to law enforcement and the FBI, cyber attacks in
August against voter registration databases in my State of
Illinois and Arizona were most likely criminally motivated,
possibly targeting voters' personally identifiable information.
To know that my own State suffered this attack is extremely
troubling, not only because of the threat of identity theft,
but because of what hackers do once they have access to those
databases. For example, perhaps they could change a voter's
listed party affiliation in a way that affects primary
elections, or they perhaps modify voter addresses to invalidate
registration. We must address these questions and do absolutely
everything we can to defend against future attacks. In today's
hearing, we will be addressing the crucial question: How secure
is the electoral infrastructure from any cyber attacks,
regardless of the source?
According to security experts, a massive attack against the
infrastructure as a whole is not the biggest cyber
vulnerability in our election process. Rather, it is the
individual voting machines that pose some of the greatest risk.
According to a 2015 report from the Brennan Center for Justice,
many voting machines were designed and engineered in the 1990s
or early 2000s. These machines were designed before the
Internet base of sort of advanced cyber risks that now are all
too common in our current threat environment.
For example, in 2015, Virginia's Board of Elections
decertified a voting system used in 24 percent of precincts
after finding that an external party could access the machine's
wireless feature to, quote, ``record voting data or inject
malicious data.''
But beyond cyber attacks, these machines are also
vulnerable to operational failures like crashes and glitches.
As one security expert at Rice University put it, and I quote:
``These machines, they barely work in a friendly environment.''
As we examine this upcoming election and beyond, we must
consider what sorts of investment we must make to our voting
infrastructure. Today's hearing will provide us with an
opportunity to learn just how vulnerable our elections might be
to hackers and what our local, State, and Federal Government
can do to protect our electoral processes.
But I must also add that I hope that we have more hearings
on the topic of the right to vote and the access of the ballot
box. Far too many States across this country have enacted
troubling voter suppression laws since the Supreme Court
decision in Shelby County v. Holder, and I have been deeply
disappointed at the lack of interest across the aisle in
addressing this issue. We must repair the damage done to the
Voting Rights Act with legislation, and that must be a top
priority. To preserve the integrity of our ballot box, we must
also protect citizens' access to it.
Mr. Chairman, thank you again for holding this important
hearing.
Mr. Hurd. Thank you.
And I will hold the record open for 5 legislative days for
any members who would like to submit a written statement.
And the chair notes the presence of our colleague
Congressman Buddy Carter of Georgia. We appreciate your
interest in this topic and welcome your participation today.
I ask unanimous consent that Congressman Carter be allowed
to fully participate in today's hearing.
Without objection, so ordered.
We will now recognize our panel of witnesses. I am pleased
to welcome Dr. Andy Ozment, Assistant Secretary for
Cybersecurity and Communications at the U.S. Department of
Homeland Security; Commissioner Thomas Hicks, Chairman of the
U.S. Election Assistance Commission; Dr. Andrew Appel, the
Eugene Higgins Professor of Computer Science at Princeton
University; and Mr. Lawrence Norden, deputy director of the
Democracy Program at the Brennan Center for Justice at the New
York University School of Law.
I am now pleased to recognize my colleague, the gentleman
from Georgia, Mr. Carter, to introduce our remaining
distinguished witness.
Mr. Carter. Well, thank you, Mr. Chairman.
It is definitely an honor today to welcome the secretary of
state from the State of Georgia, my friend Brian Kemp, who
preceded me in Georgia's State Senate. And I served in the
house while he served in the senate, and then I moved over to
the senate to try to clean up the mess that he and Tom Price
left. But, nevertheless, we got that done.
Brian Kemp was elected the 27th secretary of state of
Georgia in January of 2010. He has done an outstanding job in
cutting wasteful spending and implementing zero-based
budgeting. He currently serves as co-chair of the National
Association of Secretaries of State Elections Committee and is
a member of the DHS Election Infrastructure Cybersecurity
Working Group. He is a native of Athens, Georgia--Go Dogs--and
he and his lovely wife Marty have three beautiful daughters.
And we are just glad to have him here and proud to have him
representing us as our secretary of state in Georgia.
Mr. Hurd. Thank you, Mr. Carter.
Welcome to you all.
And pursuant to committee rules, all witnesses will be
sworn in before you testify. So please rise and raise your
right hands.
Do you solemnly swear or affirm that the testimony you are
about to give will be the truth, the whole truth, and nothing
but the truth? Thank you and please be seated.
Let the record reflect the witnesses answered in the
affirmative.
In order to allow time for discussion, please limit your
testimony to 5 minutes, and your entire written statement will
be made part of the record.
I would now like to recognize Dr. Ozment for his opening
remarks.
WITNESS STATEMENTS
STATEMENT OF ANDY OZMENT
Mr. Ozment. Thank you. Chairman Hurd, Ranking Member Kelly,
Ranking Member Cummings, members of this committee, thank you
for today's opportunity to discuss cybersecurity and our
election infrastructure.
At the core of our American values is the fundamental right
of all citizens to make their voice heard by having their vote
counted. Ensuring the integrity of our electoral process is of
vital national interest and one of our highest priorities as
citizens in a democratic society. Increasingly, some parts of
the Nation's election infrastructure leverage information
technology for efficiency and convenience.
Like other systems, reliance on digital technologies could
introduce new cybersecurity risks. However, the dispersed and
diverse nature of our election infrastructure provides inherent
resilience and presents real challenges to attempts at
affecting the integrity of election results.
Our election system is run by State and local governments
in thousands of jurisdictions across the country. Importantly,
State and local officials have already been working,
individually and collectively, to reduce risks and ensure the
integrity of their elections.
Consistent with our longstanding work with State and local
governments, we at DHS are partnering with election officials
to share information about cybersecurity risks and to provide
voluntary resources from the Department upon request.
Addressing cybersecurity challenges such as these is not new
for our Department. Our National Cybersecurity and
Communications Integration Center, or NCCIC, provides support
to State and local customers, such as election officials, as
part of its daily operations.
In August, Secretary Johnson hosted a phone call with
election officials from across the country that included
representatives from other Federal agencies to discuss the
cybersecurity of election infrastructure. The Secretary offered
assistance from DHS' NCCIC to assist State and local election
officials in securing their systems. The NCCIC provides the
same assistance on an ongoing basis to public and private
sector partners upon request. The assistance is voluntary and
does not entail regulation, binding directives, or any kind of
Federal takeover. The DHS role is limited to support only.
Through engagements with State and local officials, we are
offering three types of assistance: best practices, information
sharing, and incident response. In support of best practices,
DHS has offered two different types of risk assessments to
State and local government officials:
First, cyber hygiene scans on Internet-facing systems
provide State and local officials with recurring reports that
identify any vulnerabilities and provide mitigation
recommendations.
Second, our cybersecurity experts can go on site to conduct
risk and vulnerability assessments. These assessments are more
thorough, and DHS provides the customer with a full report of
vulnerabilities and recommended mitigations following the
testing.
DHS will continue to share relevant information on cyber
incidents through multiple avenues. For example, DHS has
published best practices for securing voter registration
databases and addressing potential threats to election systems.
More broadly, the NCCIC works with the Multi-State Information
Sharing and Analysis Center, or MS-ISAC. The MS-ISAC provides
threat and vulnerability information to State and local
government officials. It was created by DHS to support State,
local, tribal, and territorial governments and is partially
grant-funded by DHS. The MS-ISAC has a representative colocated
with the NCCIC to enable regular collaboration and access to
information and services for State chief information officers.
During this election season, DHS' NCCIC is prepared to
provide incident response assistance to help State and local
officials identify and remediate any possible cyber incidents.
In the case of an attempted compromise affecting election
infrastructure, the NCCIC will share technical information with
other States, to assist their ability to defend their own
systems from similar malicious activity.
Moving forward, we must recognize that the nature of risk
facing our electoral infrastructure will continue to evolve.
DHS has, therefore, established an experts group comprised of
academics, independent researchers, and Federal partners. This
group will continually evaluate emerging risks and ensure that
State and local officials have the information and assistance
needed to secure the infrastructure in their jurisdiction.
Before closing, I want to reiterate that we have confidence
in the overall integrity of our electoral system, because our
voting infrastructure is fundamentally resilient. It is
diverse, subject to local control, and has many checks and
balances built in. As the risk environment evolves, the
Department will continue to support State and local partners by
providing information, assistance with best practices, and
tools upon request.
Thank you for the opportunity to testify, and I look
forward to any questions.
[Prepared statement of Mr. Ozment follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
Mr. Hurd. Thank you, Dr. Ozment.
Mr. Hicks, you are now recognized for 5 minutes for your
opening remarks.
STATEMENT OF THOMAS HICKS
Mr. Hicks. Good afternoon, Mr. Chairman, and members of the
Subcommittee on Information Technology and Committee on
Oversight and Government Reform.
My name is Thomas Hicks, and I am Chairman of the United
States Election Assistance Commission, or EAC. The EAC is a
four-member bipartisan commission. The EAC's mission is to
guide, assist, and direct the effective administration of
Federal elections, through funding, innovation, guidance, and
information. The EAC was charged with three duties: one,
develop and administer a voting machine testing and
certification program; two, develop and administer a national
clearinghouse for election administration information; and
three, distribute HAVA grants to States to allow them to
purchase new, more secure voting machines and systems.
Since our inception, the EAC has carried its charge. Forty-
seven of 50 States use EAC's voluntary voting machine testing
and certification program in part or in whole. We produce the
most comprehensive election administration survey in the
country, and we produce volumes of materials designed to help
election administrators run their elections more effectively
and efficiently. Among other things, these materials help the
States understand and react to the current cybersecurity
threats against their voting systems. State and local election
officials run the elections, and we support them.
I am here today to testify on three items: First and
foremost, our elections are secure. The American election
administration system inherently protects our elections and its
vast size and complexity. Voters should have confidence that
their voices will be counted accurately when they cast them.
Second, there may be headlines related to cyber attacks and
data breaches, but these headlines are not representative of
our voting machines. Unlike the systems in the headlines, our
voting machines are not connected to the Internet. Third, the
EAC works every day to help ensure the security of our
elections.
First, the security that is inherent in our election system
because our system is vast and complex. Since States and
territories run elections, the American election administration
system is actually compiled of more than 50 administrative
systems. Each State has developed its own processes for
conducting Federal, State and local elections. These States and
territories are made up of thousands of election jurisdictions.
Often, these jurisdictions operate autonomously but report to
the States.
What is important to identify in today's hearing is that
there is no single or uniform national election administration
system that manages elections. This means that there is no
national system that a hacker or bad actor can infiltrate to
affect the American elections as a whole.
The complexity of our American election assistance system
both deters attacks and allows election officials to ensure the
integrity of the election in the event of an attack. The
complexity deters potential attackers from attempting to access
American elections, because the number of resources that one
would need to complete such an attack may be prohibitively
high. There are thousands of individuals operating, often
autonomously. A bad actor would have to figure out how to
successfully access a significant portion of these parts.
Additionally and perhaps most importantly, voting machines are
not connected to the Internet. So a bad actor would have to
access these systems in person. The amount of resources
required to carry out this attack would be immense.
That is not to say that no one will ever try to access
American elections. Recent events in Arizona and Illinois
remind us that this is not true. The breaches in Arizona and
Illinois exemplify another strength in our election system.
Because the State administers its own elections, the breaches
in these States did not compromise the system in other States.
Instead of causing a national crisis, the breaches notified
election officials across the country that they should be on
high alert.
With this new information, election officials across the
country started administrating system security checks and
doublechecked in their places and procedures. The EAC took
action as well. Upon learning of these attacks, we sent a
security system, testing guides, and other voting machine
security information to election officials. At the EAC, we have
been focused on election security since our inception as an
agency, and we reacted quickly, and we realize that the current
events demand our help. Both our voluntary voting system
guidelines and our best practices focus is on ensuring the
security of our elections.
This year, we have also created a new initiative to help
election administrators better administer their elections this
fall. It's called Be Ready 16. Through Be Ready 16, we
distributed voting training material, current information, and
guides to election officials throughout the country. We also
integrated topics, such as election security, into our public
meetings and roundtables. We are proud of our Be Ready 16, but
it is just one example of many ways we support election
officials.
In conclusion, I am here to communicate one message. That
message is that our elections are secure. They are secure
because the American election administration system inherently
protects them. There are threats to our elections, but the
voters have confidence that their votes will be counted
accurately and recorded accurately when they cast them.
I thank you for your time, Mr. Chairman, Ranking Member,
and other members of this committee, and I look forward to your
questions.
[Prepared statement of Mr. Hicks follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
Mr. Hurd. Thank you, Mr. Hicks.
Secretary Kemp, you are now recognized for 5 minutes for
your opening remarks.
STATEMENT OF BRIAN P. KEMP
Mr. Kemp. Good afternoon. And I want to thank
Representative Carter for that fine introduction, and thank the
committee and Chairman Hurd for inviting me to discuss election
security, the safeguards on our elections, and then my
perspective as the top elections official in Georgia, the
eighth largest State in the Union.
As Georgia's secretary of state, I currently serve as co-
chair of the National Association of Secretaries of State
Elections Committee. And within the last 3 weeks, I have agreed
to serve on the Department of Homeland Security's elections
infrastructure cyber working group organized by Secretary Jeh
Johnson.
Recent events, including the hack of the DNC database as
well as successful cyber attacks against voter registration
databases in Arizona and Illinois, have rightfully caused great
alarm among the public as well as elections officials. However,
it is imperative that we as a Nation respond the correct way to
these attacks. Administering elections is a great but unique
responsibility. The foundation of our republic rests on the
trust that Americans have in the way that we elect
representatives in our government. If that trust is eroded, our
enemies know that they will create fissures in the bedrock of
American democracy. We cannot allow this to happen. The D.C.
response to these attacks has been to take steps toward
federalizing aspects of elections, election systems, and
standardizing security measures. There is a better way to face
these attacks and future potential threats than what has
currently been proposed by DHS with designating election
systems critical infrastructure.
In discussing election security, it is important to
understand the difference between the components of an
election. The system is comprised of campaign systems,
registration and reporting systems, as well as voting systems.
Campaign systems are databases not held by the States, such as
databases held by national parties. Attacks on these systems
don't disrupt activities in the State's jurisdictions, although
they can cause harm, as recently seen by the attack on the DNC.
Registration and reporting systems are held by the States,
but they do not impact the true canvass results in an election.
These systems manage the voter registration rolls and report
unofficial results on election night. Although these systems
are more prone to attack than the voting system, because many
are Web-based platforms, attacks on these systems cannot change
the votes that are cast. These systems are also tested
regularly, have redundancies, failsafes, and backups.
Finally, voting systems are the actual equipment used on
election day. They are nonnetwork pieces of hardware that do
not connect to the Internet. They are tested by vendors, by
States, and by the EAC. Even before they are deployed, they are
tested again by local technicians to ensure their security and
accuracy.
In looking toward November, it is important for us to
address the types of threats that may come against the Nation's
elections. I view these threats in three different categories:
First, there are threats that undermine the confidence in the
outcome of the election. This has already started among
conspiracy theorists, campaigns, and members of the media.
Senator Feinstein was mentioned earlier about Russia's
influence. This narrative will likely continue through
canvassing and beyond. Although elections officials must be
cognizant of these narratives and respond to them as needed,
this threat cannot create actual harm to the system or the
results of the election.
Second, there are threats that disrupt elections. These
threats could be cyber attacks on Web-based systems, but they
more commonly occur with threats of physical violence, verbal
altercations, or misinformation distributed at polling
locations. In my view, this is far more likely to occur than a
coordinated hacking of each individual voting unit in the
United States. This type of threat is also not only more
probable to occur but also would have a greater chilling effect
on election participation.
The third type of threat is altering the outcome of the
election. This requires an attack on the voting system itself.
However, the voting system is layered with combinations of
physical and technical security to address these concerns. The
voting system is the most secure system in the election space.
It is not networked. It's not on the Internet. And it's tested
many times in many different ways as well as having overlapping
physical security features to defeat cyber attacks as well as
physical attacks. This threat would require far too much
coordination, planning, and ability to physically manipulate
thousands of machines at thousands of locations across the
United States. Although it is possible, it is not probable, and
there is no evidence it has ever occurred in a U.S. election.
As I stated moments ago, Secretary Johnson responded to
this threat of cyber attack when he publicly began considering
designating the election system critical infrastructure. This,
as you can be made aware or you could suggest, caught many
elections officials by surprise, and rightfully so. The
suggestion from the agency, completely regarding--unfamiliar
with the election space raised the level of public concern
beyond what was necessary. This decision has been criticized by
elections officials and cybersecurity experts alike and really
addresses one of my main concerns and is why I am so glad to be
here today to answer your questions as we proceed. Thank you.
[Prepared statement of Mr. Kemp follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
Mr. Hurd. Thank you, Secretary Kemp.
Votes have been called, and what we'll do is we'll get to
Dr. Appel's, get through your opening statement, and then we
will adjourn for votes and then come back and finish with Mr.
Norden and the questions.
So, Dr. Appel, you are recognized for 5 minutes.
STATEMENT OF ANDREW W. APPEL
Mr. Appel. My name is Andrew Appel. I am professor of
computer science at Princeton University. In this testimony, I
don't represent my employer. I am here to give my own
professional opinions as a scientist but also as an American
citizen who cares deeply about protecting our democracy.
My research is in software verification, computer security,
technology policy and election machinery. As I will explain, I
strongly recommend that, at a minimum, the Congress seek to
ensure the elimination of direct-recording electronic voting
machines, sometimes called touchscreen machines, immediately
after this November's election and that the Congress require
that all elections be subject to sensible auditing after every
election to ensure that systems are functioning properly and to
prove to the American people that their votes are counted as
cast.
There are cybersecurity issues in all parts of our election
system: before the election, voter registration databases;
during the election, voting machines; after the election, vote-
tabulation/canvassing/precinct-aggregation computers. In my
opening statement, I will focus on voting machines. The other
topics are addressed in a recent report I have coauthored
entitled ``10 Things Election Officials Can Do to Help Secure
and Inspire Confidence in This Fall's Elections.''
In the U.S., we use two kinds primarily of voting machines:
optical scanners that count paper ballots and touchscreen
voting machines, also called direct-recording electronic. Each
voting machine is a computer running a computer program.
Whether that computer counts the votes accurately or makes
mistakes or cheats by shifting votes from one candidate to
another depends on what software is installed in the computer.
We all use computers, and we've all had occasion to install
new software. Sometimes it's an app we purchase and install on
purpose. Sometimes it's a software upgrade sent by the company
that made our operating system. Installing new software in a
voting machine is not really much different from installing new
software in any other kind of computer. Installing new software
is how you hack a voting machine to cheat.
In 2009, in the courtroom of the Superior Court of New
Jersey, I demonstrated how to hack a voting machine. I wrote a
vote-stealing computer program that shifts votes from one
candidate to another. Installing that vote-stealing program in
a voting machine takes 7 minutes per machine with a
screwdriver. I did this in a secure facility, and I am
confident my program has not leaked out to affect real
elections. But, really, the software I built was not rocket
science. Any computer programmer could write the same code.
Once it's installed, it could steal elections without detection
for years to come. Voting machines are often delivered to
polling places several days before the election, to elementary
schools, churches, firehouses. In these locations, anyone could
gain access to a voting machine for 10 minutes. Between
elections, the machines are routinely opened up for maintenance
by county employees or private contractors. Let's assume they
have the utmost integrity, but still in the U.S. we try to run
our elections so that we can trust the election results without
relying on any one individual.
Other computer scientists have demonstrated similar hacks
on many models of machine. This is not just one glitch in one
manufacturer's machine; it's the very nature of computers.
So how can we trust our elections when it's so easy to make
the computers cheat? Forty States already know the answer. Vote
on optical scan paper ballots. The voter fills in the bubble
next to the name of their preferred candidate, then takes this
paper ballot to the scanner right there in the precinct and
feeds it in. That opscan voting machine has a computer in it,
and we can't 100 percent prevent that computer from being
hacked, but that very paper ballot marked by the voter drops
into a sealed ballot box under the opscan machine. Those
ballots can be recounted by hand in a way we can trust.
Unfortunately, there's still about 10 States that primarily use
paperless touchscreen voting computers. There's no paper ballot
to recount. After the voter touches the screen, we have to rely
on the computer; that is, we have to rely on whatever program
is installed in the computer that day to print out the true
totals when the polls close.
So what must we do? In the near term, we must not connect
the voting machines to the Internet. The same goes for those
computers used to prepare the electronic ballot definition
files before each election that are used to program the voting
machines; that is, we must not connect the voting machines,
even indirectly, to the Internet. Many able and competent
election administrators already follow this best practice. I
hope that all 9,000 or 10,000 counties and States that run
elections follow this practice and other security best
practices, but it's hard to tell whether they do consistently.
These and other best practices can help protect against
hacking of voting machines by people in other countries through
the Internet, but they can't protect us from mistakes, software
bugs, miscalibration, insider hacking, or against local
criminals with access to the machines before or after
elections. So what we must do as soon as possible after
November is to adopt nationwide what 40 States have already
done, paper ballots marked by the voter, countable by computer,
but recountable by hand.
In 2000, we saw what a disastrously unreliable technology
those punch-card ballots were. So, in 2002, the Congress
outlawed punch-card ballots, and that was very appropriate. I
strongly recommend that the Congress seek to ensure the
elimination of paperless touchscreen voting machines
immediately after this November's election.
[Prepared statement of Mr. Appel follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
Mr. Hurd. Thank you, Dr. Appel. The committee stands in
recess until immediately following votes.
[Recess.]
Mr. Hurd. The Subcommittee on Information Technology will
come to order.
Thank you all for the indulgence. I think we have one more
opening remark, and then we'll get to the question and answer.
Mr. Norden, bring us back in. You're recognized for 5
minutes for your opening statement.
STATEMENT OF LAWRENCE NORDEN
Mr. Norden. Thank you, Chairman Hurd, Ranking Member Kelly,
and members of the subcommittee, for inviting me to testify
today. For those who don't know, the Brennan Center at NYU Law
School is a think tank and public advocacy group, a nonprofit,
that works on issues of democracy and justice. And I have led
the Brennan Center's work on election technology and security
for over a decade.
There are two points I want to convey today. The first is
that real threats to our election integrity needs to be treated
with the utmost seriousness. Among other things, that means
that we need to distinguish between genuine threats and
sensationalistic rhetoric. Second, the biggest danger, I
believe, to the integrity of our election this November are
attempts to undermine public confidence in the election.
Specifically, as we have heard from others, attempted attacks
against voting machines are highly unlikely to have widespread
impact on vote totals this November. However, attacks or
malfunctions that could undermine public confidence are much
easier.
I want to echo what some of the other witnesses said today.
It's important when we talk, when we have public discussions
about election systems and security that we distinguish between
the different kinds of systems that there are. Campaign email
servers are obviously very different than voter registration
databases, which are very different than voting machines.
On the topic of voter registration databases, Mr. Ozment
and Secretary Kemp I think did a very good job talking about
the kinds of steps that are being taken to make them secure.
The good news is, when it comes to the integrity of our
elections, there are relatively straightforward steps to ensure
that any attack or hack against voter registration databases
should not prevent people from voting. Most importantly,
regular backups of these systems should allow us to reconstruct
lists, if--and I should emphasize this has not happened
anywhere as far as I know--if data is changed on those
registration databases. And as far as I know, every State does
this.
On the issue of voting machines, a lot of ground has
already been covered about why they are different than
registration databases; that voting machines should never be
connected to the Internet, that we have a decentralized system
with 10,000 election jurisdictions using different machines,
having different rules. And I agree with all that. The one
thing I would add is, that was not noted, is the vast majority
of people this November will vote either on a paper ballot that
is read by a scanner or will vote on a machine that has a paper
trail that they can review, and by my estimates about 80
percent of Americans will do so. And that can serve as an
important deterrent and should provide voters with confidence
that there is a check to ensure that their votes have been
accurately recorded. These facts and others that are detailed
in my testimony and that others have mentioned make it highly
unlikely that there could be a successful widespread attack to
change vote totals.
Having said this, I want to talk about the problem of aging
equipment in the United States. I do believe that if this is
not addressed, it can do real damage to voter confidence and,
therefore, the integrity of our elections. And this is
particularly true now when there are discussions of Russian
hacks and rigged elections so much in the public discourse.
In 2015, I oversaw a yearlong study that looked at this. We
found that 42 States are using voting machines that are over a
decade old this November, and that's perilously close to the
end of projected lifespans for these machines, particularly
those designed and engineered in the 1990s. I want to be clear
that that's a rather blunt tool to measure when systems need to
be replaced. I'm not saying that every machine, when it reaches
10 years old or 15 years old, is suddenly going to stop
working.
Before I came into this hearing today, I saw a 1965 Ford
Mustang running, and it looked like it was running perfectly;
and obviously the kind of maintenance and investment that is
put into machinery can allow it to work much longer. And
Georgia is a great example of this. They have a project with
Kennesaw State where they really invest in their equipment, and
they're using machines that most other jurisdictions have had
to replace, because they put that investment into them.
But the interviews that we conducted with election
officials in all 50 States make it clear that there are real
challenges and they're growing with aging equipment. Failures
of systems during voting lead to long lines and lost votes.
Outdated hardware and software means that election officials
struggle to find replacement parts. We talked to a number of
officials who have to go to Ebay to find critical parts, like
dot matrix printer ribbons, decades-old storage devices, analog
modems. And more than one official described their system as
essentially jerry-rigged to hold it together. And, of course,
these older systems that I'm talking about did not go through
the kind of more rigorous Federal certification system that we
have now for security, and as Dr. Appel noted, are
disproportionately paperless.
Replacing this equipment is a major issue. In 32 States, we
spoke to election officials who said they wanted to replace
their equipment before the next Presidential election of 2020.
In 21 States, election officials told us they didn't know where
they would get their money. More recently, we interviewed about
250 local election officials, and about a clear majority said
they either needed to or should replace their equipment before
2020, and 80 percent of those said that they didn't know where
they would get the money for that.
So I will close on that point. Thank you.
[Prepared statement of Mr. Norden follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
Mr. Hurd. Thank you, Mr. Norden.
And I'm going to recognize myself now for 5 minutes of
questions. And my first question is actually for all five of
you gentlemen, and we'll start with you, Mr. Norden, and go
down the line. And first off, I appreciate you all's written
testimony. I appreciate you all's oral testimony as well. We
are in such an important time and, you know, there is decades'
worth of experience sitting at this table looking at this
important issue, and I think you give the American people some
comfort.
And so my first question, I think this is a yes or no
question to all of you all. On 8 November, can a cyber attack
change the outcome of our national elections? Mr. Norden.
Mr. Norden. I'm confident that that will not be the case.
Mr. Hurd. Dr. Appel?
Mr. Appel. I think it's----
Mr. Hurd. Secretary Kemp?
Mr. Kemp. No.
Mr. Hurd. Mr. Hicks?
Mr. Hicks. No.
Mr. Hurd. Dr. Ozment?
Mr. Ozment. No.
Mr. Hurd. Excellent.
Dr. Appel, Mr. Appel, excuse me, when you did your research
in hacking the equipment, that was done in a controlled
environment. Is that correct?
Mr. Appel. It was done inside the State Police
headquarters.
Mr. Hurd. Was it one machine or were you able to access
multiple machines?
Mr. Appel. We had two machines per study.
Mr. Hurd. Were they connected or did you have to access
them each individually?
Mr. Appel. These machines don't connect to any network.
Mr. Hurd. So none of the machines connect to each other. Is
that correct?
Mr. Appel. The kind of machine that I hacked that we use in
New Jersey do not connect to any network.
Mr. Hurd. And they did not connect to any network, so that
means they're not facing the Internet as well?
Mr. Appel. That's right. In particular, the kinds of
machines that we use in New Jersey, and the same machines are
used in Louisiana, I don't know of any practical way to hack
them through any kind of network. The only way I know that they
can be hacked is by someone with physical access to them.
Mr. Hurd. So there's no practical way to hack these voting
machines unless you have physical access. And then if you have
physical access, you have to have physical access to each box
because none of the boxes are actually connected, nor are they
connected to the Internet?
Mr. Appel. That's true for many kinds of touch screen
voting machines, but not for all kinds that are in use today.
Mr. Hurd. And, Secretary Kemp, I just want to clarify that.
And I guess this question to you as your role as the vice
chairman of the Association of Secretaries of State. There are
no voting systems that connect to the Internet, correct?
Mr. Kemp. Well, Commissioner Hicks might can back me up on
this, but I know our systems are not. I wouldn't want to speak
for every State in the country, but I would feel very confident
in saying the vast majority, probably all are not connected to
the Internet.
Mr. Hurd. Mr. Hicks, do you have any opinions on that.
Mr. Hicks. From what we've determined, no voting machines
are connected to the Internet.
Mr. Hurd. So let's take one municipality, one voting
district. They probably have how many machines? Is there an
average number, you know, 5 to 10, 5 to 25, in one voting
location? Let's take a voting location.
Mr. Kemp. Well, I think in Georgia, it would depend on the
jurisdiction. Certainly, in a precinct in Fulton County you
could have, you know, I would say, over 100 machines. In a
smaller, rural county, you may have 5 to 10.
Mr. Hurd. And so, Mr. Appel, in that scenario, an attacker
would actually have to have access to all 100 in the one county
in order to manipulate the records?
Mr. Appel. In Georgia, that's not the case. The machines
used in Georgia have been demonstrated to be hackable through a
virus that's carried on ballot definition cartridges, very much
like the Stuxnet virus was inserted into nuclear centrifuges in
Iran.
Mr. Hurd. But in that auditing system, in the auditing of
these machines, we look at that. Is that correct?
Mr. Appel. I'm sorry. Can you repeat the question?
Mr. Hurd. So in those machines that have that vulnerability
in the auditing process, isn't that scanned? Don't we scan for
that?
Mr. Appel. It's difficult to scan for that vulnerability in
the sense of if you ask a machine to report what software is
loaded in it, if it's fraudulent software, it will lie. So the
AccuVote TS machines used in Georgia and in a few counties in
other States are particularly vulnerable to this kind of virus
that can be carried to the machines even if the criminal
attacker doesn't touch the machines or is not even in the same
State with the machines. The touch screen voting machines used
in most other States, I don't know of any such way to hack them
through a virus carried on cartridges.
Mr. Hurd. Dr. Ozment, do you have any opinions on that? And
when you provide best practices and information sharing to
folks that request your assistance, is this the type of
vulnerability that you all notify folks of?
Mr. Ozment. You know, I think it's a good opportunity for
me to elaborate on my answer. First, we have to always be
vigilant. In the field of cybersecurity, we can never relax. We
have no indication that adversaries are planning cyber
operations against U.S. election infrastructure that would
change the outcome of the election in November. And we have
overall confidence in the system.
You know, individual parts of the election system are more
or less vulnerable. You can never eliminate all
vulnerabilities, but the overlapping layers of the system are
what give us confidence, the fact that there is a wide variety
of machines in use, a wide variety of procedures across
jurisdictions, many checks and balances, physical controls, and
the devices are not connected to the Internet.
So I cannot speak to the security of an individual device.
What I can speak to is that, overall, we view the security of
the overall system as robust. We can never relax obviously, and
that's one reason that we are offering voluntary assistance to
State and local governments.
Mr. Hurd. Thank you, gentlemen.
Now I'd like to recognize the gentleman from California,
Mr. Lieu, for 5 minutes of questions.
Mr. Lieu. Thank you, Mr. Chair.
Earlier this year, Donald Trump asked Russia to hack an
American citizen. We know from later media reports that Russia
has hacked the Democratic National Committee, as well as the
Democratic Congressional Campaign Committee, and other entities
for the purpose of influencing American elections.
And my question for you, Dr. Ozment, is what steps is DHS
taking to try to prevent Russia or other foreign entities from
influencing the American election this November?
Mr. Ozment. Thank you. Without speaking as to the source of
the intrusions into the DNC and DCCC, I do want to talk about
some of what we're offering to State and local government
officials.
First, we're offering them best practices. For example, we
recently published a document on best practices for securing
voter registration systems. We're also offering to scan their
Internet-connected systems. So voter registration systems
primarily, possibly tabulation for results reporting, and we're
offering to scan these regularly for any vulnerabilities. And
we will provide a weekly report on any vulnerabilities we
detect and recommendations for mitigating them. We call that
cyber hygiene scanning.
We're also offering to do more in-depth risk and
vulnerability assessments. That would require us to send people
onsite to do a much more detailed assessment of systems. We
have local field-deployed personnel called cybersecurity
advisers and protective security advisers. These individuals
are available to provide assistance and advice to State and
local governments.
And then finally, we've offered physical and protective
security tools, training, and resources. All of those are
available to State and local government officials. And then, of
course, more broadly, we have the multistate ISAC, an entity
that we have funded for well over a decade to help support
State and local governments in their cybersecurity practices.
Mr. Lieu. Thank you.
Commissioner Hicks, thank you for your testimony. My
understanding, from the main thrust of your testimony, is that
because we've got 50 States, thousands of different
jurisdictions, the American elections system is complex,
diverse, and robust, because it's really hard to hack all of
that. My view is they don't have to hack 50 States. In a close
Presidential election, they just need to hack one swing State,
or maybe one or two, or maybe just a few counties in one swing
State. So I do sort of challenge your premise that just because
we've got 50 States, somehow we are robust.
And my question is, is there a focus on these swing States
to make sure that in States that potentially are close, that we
do everything we can to make sure that the integrity of the
elections are protected?
Mr. Hicks. Thank you for that question, Congressman. The
EAC and the rest of the election community is focused on all
the States, not just the swing States, because we feel that all
the votes are valuable in that sort of realm. The basic premise
of this is that if someone goes into a polling place and
attempts to influence the election, that's still a Federal
crime, and they should be prosecuted. So we're basically asking
for people to serve as poll workers so they can be vigilant and
serve as people who are on the front lines of seeing these
sorts of things.
But to answer your question, you would still need a
tremendous amount of people to go into any polling place to try
to influence an election that way, even if it could be done,
and we don't believe that it can be done.
Mr. Lieu. Thank you. As a recovering computer science
major, I keep in mind that folks hacked computers well before
the existence of the Internet, and we've had troubling reports
of how these voting machines can be hacked quite easily.
And, Mr. Appel, you, yourself, hacked a voting machine. Are
you aware of Symantec also hacking voting machines?
Mr. Appel. Who?
Mr. Lieu. Symantec Corporation.
Mr. Appel. No.
Mr. Lieu. For research purposes.
Mr. Appel. No, but----
Mr. Lieu. Okay. Then let me just put this in for the record
so people understand. So there was a Bloomberg article dated
September 19 saying, ``States Ask Feds for Cybersecurity Scans
Following Election Hacking Threats.'' I'm just going to read
this.
``In a recent simulation, Symantec Corporation said its
workers were able to easily hack into an electronic voting
machine. It was possible to switch votes as well as change the
volume of data, said Samir Kapuria, senior vice president and
general manager of Symantec's cybersecurity group.''
And, Mr. Chair, if I could enter this into the record.
Mr. Hurd. Without objection, so moved.
Mr. Lieu. Can you explain how you hacked the machine and if
there's any reason why we would want a machine with no paper
ballots? Wouldn't we always want a backup in case something was
hacked?
Mr. Appel. Yes. I'll be happy to explain. The machine that
I hacked is called the Sequoia AVC Advantage. It's now called
the Dominion AVC Advantage. It's in use in almost all of New
Jersey and in all of Louisiana and a few counties of
Pennsylvania and other States.
The computer program that counts the votes on this machine
is in a read-only memory that's mounted in a socket on the
motherboard. To hack this machine, you have to remove that
memory chip from its socket and install a memory chip on which
you've prepared a cheating program. The cheating program that I
prepared has an extra 100 lines of code basically that when the
polls are about to close, it goes in there and changes some
votes stored in the machine. And there is an electronic log of
all votes cast, so it changes the log too.
So to install that, the attacker doesn't need to be a
computer scientist. The attacker just needs to have a bunch of
copies of this memory chip with the program on it. And for each
voting machine, unscrew 10 screws to remove the panel that
covers the motherboard, pry out the ROM chip containing the
legitimate program, and install the ROM chip containing the
fraudulent program.
Other kinds of voting machines store their computer program
that counts the votes in flash memory, and this can be updated
under the control of whatever computer program happens to be
running in the voting machine. These voting machines, typically
the generation developed in the 1990s and after, can be hacked
without actually physically changing any hardware in the
machine just by installing a software upgrade memory card in
the same slot that one would normally install the ballot
definition.
And this particular attack was demonstrated by my colleague
at Princeton, Professor Felten, in about 2007, working with two
of his graduate students. But it's not just us at Princeton.
There are many kinds of voting machines, and the same kinds of
hacks are applicable to all voting machines and have been
demonstrated at several other universities, including the
University of Connecticut, Johns Hopkins, Michigan, and others.
Mr. Lieu. Thank you.
Mr. Hicks. Congressman, can I just add a little bit to
this? One of the things I want to make sure that it's clear and
when the Help America Vote Act came about, is that one of the
reasons that the paper trail is not universal is that it
doesn't allow for people with disabilities to basically be able
to verify their vote and handle that paper. So someone who has
a dexterity disability is not able to use that. But there are
machines that allow for verification of ballots and are able to
be used by those with disabilities.
So if Congress decides in the next session to look at
reforming the Help America Vote Act, I would really encourage
to make sure that the folks with disabilities are not left
behind with the paper trail issue.
Mr. Lieu. Can I just briefly respond? You know, we launched
a rocket, delivered payload to space station that landed on a
barge. They've designed voting machines that actually you can
have both a paper ballot and some sort of electronic input and
have both. So it's not like it can't be done, and my
understanding is L.A. County is about to do that. So my hope is
that we don't have any more machines without paper ballots.
Thank you.
Mr. Hurd. Thank you.
I'd now like to recognize Congresswoman Kelly for her line
of questions.
Ms. Kelly. Thank you so much. I mentioned in my opening
statement about hackers attacking the voter registration
databases in Illinois and Arizona. So I'd like to take a moment
to understand what these attacks are and what they are not.
Dr. Ozment, was the cyber attack on the voting machines or
was it on voter registration databases?
Mr. Ozment. Thank you, Representative. The cyber attacks
that you're referring to in Arizona and Illinois were attacks
on voter registration systems, and they seem to have been
intended to just copy the data on those systems, possibly for
the purposes of selling personal information. So we have not
seen intrusions intended to in any way impact individuals'
votes in actual voting.
Ms. Kelly. Why are these more vulnerable than the actual
machines?
Mr. Ozment. Voter registration systems are more commonly
connected to the Internet, in part to ease that registration
process, and so because they are connected to the Internet,
they are obviously more susceptible to cyber intrusions.
Ms. Kelly. And it seems like all of you in various answers
are saying that it would be difficult for a hacker to succeed
in accessing the U.S. election system and rigging the results
in an undetected way, that you all seem to feel like that. Is
that correct?
Mr. Ozment. That's correct. Because of the different layers
of security in the system, even though individual parts of the
system may be vulnerable, we overall have confidence in the
system.
Ms. Kelly. And what is DHS doing to help States secure
these databases?
Mr. Ozment. We recently released a best practices document
focusing particularly on voter registration systems to help
States secure those systems. Also, our cyber hygiene
vulnerability scanning that we offer to States will be
particularly helpful for those systems because many of them are
Internet connected. So we have a whole host of resources
available to State governments that are applicable both to
their voter registration systems and to other systems, even
systems outside of the voting process.
Ms. Kelly. And is it correct there are at least 40 States
with the network defense device similar to the Einstein censor
used by Federal agencies?
Mr. Ozment. The majority of States--I don't know the exact
number--absolutely take advantage of a service that we offer
through the MS-ISAC, which provides network protection for
those States.
Ms. Kelly. And is it at the same protection level as the
Federal? Is the State as good as the Federal?
Mr. Ozment. You know, it's a different capability than the
Federal system, just suited to the networks that State and
local governments offer. There's one key difference. One of the
Federal systems can take advantage of classified information
that is not currently available through the multistate ISAC for
State and local governments. We have made that available in a
different way for State and local governments.
But what I can say is overall we have made all of those
protections available to State and local governments through
one mechanism or another.
Ms. Kelly. And, Mr. Hicks, what is your agency doing to
help States secure their election systems?
Mr. Hicks. If we're talking about voter registration
systems, one of the things that I would like to include in the
record is the EAC has a checklist for securing voter
registration data, and that lists out a number of things,
basically, from access control to auditability to making sure
that we document everything and everyone who has access to that
system. And I would like to make that available for the record.
Mr. Hurd. Without objection, so moved.
Ms. Kelly. And, Mr. Norden, can you briefly describe how
voting machines are vulnerable and how widespread the problem
is?
Mr. Norden. Yeah. Well, I would echo the comments that were
already made about the fact that because voting machines aren't
on the Internet, that certainly is an important distinction to
be made between machines that we're voting on on election day
and things like a registration database, which is generally
connected to the Internet.
In terms of vulnerabilities, again I would say my concern
mostly is about, for voting machines, is mostly about the fact
that this equipment around the country is getting very old, and
as the equipment gets older, we are more likely to see
failures. We see things.
And, again, I am particularly worried about this in the age
of social media. We saw this a little bit in 2012, but with
touch screen machines, there are often, as machines age, more
calibration problems. In Virginia, there was an instance where
the glue between the screen and the machine itself was just
degrading, and as a result, the kind of thing that happens is
somebody--I'm sure you've seen the videos of this before--
somebody selects one candidate, another candidate shows up. I
think that's not very good for voter confidence. And when
that's posted on YouTube, as it inevitably is, the more and
more that we see of these things, again, especially in the
context of hearing about hacks to voting systems, that can be a
very dangerous thing. And that machine has to get taken out of
service.
You get long lines. There was a study from researchers at
Harvard and MIT that estimated between 500,000 and 700,000
people were not able to vote in 2012 because of long lines. I
think that's a huge risk to the integrity of our elections.
Ms. Kelly. This might just be a guess on your part, but
how--or if anybody else knows--how old are the oldest machines
that are still being used?
Mr. Norden. They're probably among the oldest in New
Jersey. I would say, actually, ironically, I think some of the
oldest machines probably have less of a need of replacement
than some of the newer systems that we bought, because systems
particularly bought just after the Help America Vote Act was
passed that were designed in the '90s are essentially laptops
from the 1990s, and those were not built to last much longer
than 10 or 15 years.
Ms. Kelly. Dr. Appel, anything to add?
Mr. Appel. Yeah. I think some of the oldest electronic
voting machines in use in this country date from the late
1980s. Some of those machines are still reliable in the sense
of not breaking down. My concern with the machines is more, you
know, can they be hackable without a paper trail that could let
you recover the correct result of the election?
Mr. Hicks. Congresswoman, one of the things that the EAC is
doing now is we're working on our next iteration of our
voluntary voting system guidelines. And so these guidelines
will be an update since the last ones, the last full ones that
were done, which were done before the iPhone was invented. So
we want to make sure that we incorporate the new technologies
that are here today in looking towards tomorrow. So we're
asking for anyone to join our public working groups to give
their input to make sure that the next standards that we do are
basically the best standards we put out.
Mr. Kemp. I would just add, I know we've been kind of
singled out with our voting equipment being fairly old, early
2000s, but I would just remind the Representatives that this
isn't equipment that we're using every day like you use your
phone or your laptop or your desktop. This is equipment that's
used two or three, maybe four times a year. We have policies
and procedures in the State where the counties have certain
ways that they have to care for the equipment, and they have
held up well. So I think it's just important to realize that as
well.
Even though the technology may be old, it doesn't mean it's
bad, and the equipment is wearing well. We actually do an
assessment after every election, the Center for Elections at
Kennesaw State does. We have a less than 1 percent failure rate
on our elections equipment. So, you know, if that changes, that
will certainly raise a red flag to us, but right now we have
not seen that.
Ms. Kelly. We have made it a point--I'll give him the
credit--of not just having hearings to have hearings. And we
always ask how can Congress help make things better. But where
do you think--and any of you can answer this--where should the
priority be in investing in our election systems to make sure
they're secure and the public does have the confidence, and how
can Congress help?
Mr. Hicks. I spent 11 years as a staffer here on the hill
and I know the difficulty that Members face in terms of making
sure that things are done correctly, but also having a
financial responsibility to that. I think that my role now at
the EAC is one to give Congress as best advice as I can to move
things forward.
And so, you know, in my own opinion, I'm looking at voting
machines like a fire truck. Fire trucks are still going to be
out there. They need to be used. They need to be--you know, if
there's a fire, they're going to have to be used. But until a
new fire truck can be purchased, you have to use that old one.
And so what can you do? And so what we're doing at the EAC is
making sure that we give the best guidance in terms of managing
those things. So on our Web site we have 10 things to do on
managing aging voting equipment.
And so in the future, I would say that if Congress wants to
look at this to look at how much will it cost to replace these
machines if we're going to do that, but also to look at other
aspects of it. To say, you know, do we want to start talking
about this third rail of, you know, using our own devices to
cast ballots and things like that. But also we want to make
sure that we look at military and overseas voters as well
because they don't have these same options of using the
equipment that we have here, and looking at disability groups,
but also looking at our aging population as well. So there's a
lot of things, and I would be happy to come up here any time to
discuss any of those topics.
Ms. Kelly. Anything?
Mr. Kemp. Well, I think--that's a really good question, by
the way, and I think there's a couple of things that come to
mind for me. I would encourage Congress to let the States
remain flexible in what systems that they're using. I think
there's great value in that. I know the National Conference of
State Legislatures agree with that assessment as well. But I
would also urge you to work with the National Association of
Secretaries of State.
I know Commissioner Hicks and his colleagues have been to
many of our meetings, winter meetings that we have in D.C., and
I think I can pretty much 100 percent speak on behalf of the
organization that we'd love to have any Member of Congress or
even do maybe a session during that winter meeting where you
can hear a different perspective, because it is different. I
mean, one size does not fit all in elections. What we're doing
in Georgia is going to differ greatly from what, you know, Jim
Condos may be doing in Vermont, or what's going on in
California, and we would welcome and encourage that.
Ms. Kelly. I used to be a State rep, and I know Jesse White
really well.
Mr. Hurd. Thank you. And the chair notes the presence of
our colleague, Congressman Jody Hice, from Georgia. We
appreciate your interest in this topic and welcome your
participation today.
And I ask unanimous consent that Congressman Hice be
allowed to fully participate in today's hearing.
Without objection, so ordered.
And, Mr. Hicks, I know you have a time deadline, but I
think we should be done by that deadline, but I'd like to now
recognize Congressman Hice for 5 minutes.
Mr. Hice. Thank you very much, Chairman. I appreciate you
letting me be a part of this.
And, Secretary Kemp, I just want to say hello to you. It's
always great to have some Georgians up here, and it's an honor
to have you, sir. Thank you for participating. And all our
witnesses today, thank you for being here.
Secretary Kemp, let me just go with you. The broader
question here, of course, that we are all concerned about and
well should be is that of voter fraud, regardless of how it
shows its face. Can you explain some of the steps that Georgia
has taken in particular to prevent voter fraud across the
board?
Mr. Kemp. Well, thank you, Congressman. It's great to see
you as well as Representative Carter.
We have really done a lot. I know I've spoken a lot about
our voting system not being connected to the Internet. We have
got all kind of policies and procedures about how we tie the
number of votes on a specific machine that is counted with our
paper tape inside the machine back to the signed voter
verification of the voter when they come in the precinct. So I
want to assure people that there is a way that we can tie that
down.
But we've also seen, and it hasn't really been talked a lot
about here today, but, you know, there's fraud that happens
with paper ballots as well. We've seen it in many local
jurisdictions with absentee ballots. We've had elections that
have been overturned because of things of that nature, people
manipulating the paper absentee ballot process in Georgia,
especially in a local election, a municipal election, where,
you know, literally 5 to 10 votes could sway an election.
But one of the things that we've done in Georgia, I think,
besides having really good State laws and State election board
rules on how the counties should handle the statewide voting
system and training in that regard to protect the integrity of
the election, we've also, as Commissioner Hicks said earlier
today, we've asked for the public's help, not only as poll
workers or poll watchers, but we've got a stop voter fraud
hotline and an email that we monitor.
Unlike some other jurisdictions across the country, we
actually have a law enforcement division in the Secretary of
State's office. Any complaint that we get, any complaint, it
can be something as serious as potential vote buying, to
something maybe as small as there's a handicap lift that wasn't
working correctly at a precinct or there's not enough parking
or there's long lines, we'll respond to every single one of
those cases or look into those to see if it warrants an
investigation.
So we encourage Georgians that may see something improper,
if they feel like their vote hasn't been cast properly, if
somebody was manipulating them in a precinct, whatever it is,
to report that to us, and we strategically put our
investigators and inspectors around the State during the early
voting advance period and on election day where we can respond
very quickly. So we have a lot of ways that we try to stop
voter fraud.
But contrary to some people not believing it happens, it
actually does. And when that does happen, we bring those
individuals or counties, if they're not following the rules and
procedures, to the State election board, and we have a due
process that we go through. And we've actually had, you know,
candidates that have paid heavy fines and have committed to
never run for office again because of the actions that we've
taken. So that's something, you know, and we treat every case
the same, you know, when it comes to that.
Mr. Hice. What about specifically when it involves
electronic voting machines? I'm sure there are glitches from
time to time. When someone offers a complaint due to a machine,
what's your process?
Mr. Hicks. Well, as you can imagine, that's something
that's high on our radar, so we'll send somebody out. I mean,
if we have an equipment problem, there's a couple actions we
can take. We can send an investigator. We have emergency
preparedness plans where, especially on big elections like
we'll be having November the 8th, where we've coordinated with
State Patrol and Department of Public Safety to have a
helicopter and a trooper at the Kennesaw State election center.
So let's say we have a server go out, which we had happen
in a county. You know, if you don't get on that quickly and the
results don't come in quickly, then the public starts to ask
the question, why is that happening? So we now have the ability
to either fly or drive with a law enforcement official,
equipment. Or we've had times where we've had a failure with
the voting equipment. We've had to send a technician out there
to help maybe get a memory card out of there or something of
that nature.
So there's a lot of steps that we take to investigate, you
know, also before the election to prevent those things
happening, but also to make sure public confidence stays intact
by responding quickly to those type things.
Mr. Hice. Thank you, Mr. Chairman. I yield back.
And, Mr. Secretary, thank you. Always great to see you.
Mr. Hurd. I'd like to now recognize my friend and the
Congressman from the great State of Georgia, Buddy Carter, for
his 5 minutes.
Mr. Carter. Well, thank you, Mr. Chairman, and thank all of
you for being here. This is obviously a very important subject
that all of us are concerned with.
Secretary Kemp, again, it's good to see you. Thank you for
being here. Thank you for your work in the State of Georgia. We
appreciate all of your efforts in making sure that our
elections are run in a safe and effective manner, and you're
doing a great job and we appreciate it. I appreciate the
opportunity to have worked with you in the General Assembly and
have fond memories of that.
I wanted you to provide us some insight in your position as
Secretary of State--and you also, as I understand, serve as co-
chair of the National Association of Secretaries of State's
Election Committee, and also as a member of the new DHS
Election Infrastructure Cybersecurity Working Group.
Cybersecurity is something we talk a lot about up here. I also,
as the chairman also, he and I both serve on Homeland Security,
and we are very concerned about cybersecurity.
Mr. Secretary, can you briefly describe your role as a
member of the DHS Election Infrastructure Cybersecurity Working
Group? Can you tell me basically what you all do?
Mr. Kemp. Well, it's a relatively new task force, if you
will, that was created by Secretary Johnson and DHS so that we
can have collaboration between the States and the Department of
Homeland Security, and I certainly applaud that. I've had some
people ask me why I would serve on that when I was so critical
of the critical infrastructure definition, but I do. I feel
very strongly that that's a designation that should not be put
on election systems, but I also feel strongly that there are
ways that we can collaborate as Secretary of State or State
elections officials with a lot of different branches of the
Federal Government to make sure that we're prepared, that we're
informed, and that we can better protect our system.
So the Working Group right now really has just been a
series of phone calls to go over what DHS has rolled out for
States that need or may want to voluntarily take advantage of
some of the things that have been talked about, the cyber
hygiene scanning and other things. And right now, from all I
know, unless we have some sort of other event pop up, that's
probably about all that's going to happen before the election,
other than the States knowing that they can reach out to DHS
directly.
From the State of Georgia's perspective, we're already
doing a lot of the things that have been offered, so we don't
have the need for the assistance. It's not that we're not
grateful for it being out there, it's just something that, you
know, thankfully, we have been working on this issue, like you
were saying, cybersecurity, for 3 years. And I know all of
State government has as well. And we see that every day, not
only in the Secretary of State's office, but all across State
government in the State of Georgia, and we're part of an
information sharing analysis center as well in Georgia that's
going through the Technology Authority, GTA.
Mr. Carter. Okay. Let me shift gears here for just a
second. It's my understanding, the U.S. Election Assistance
Commission, it's my understanding that the National Association
of Secretaries of State has called for the elimination of that
on several occasions. In fact, just recently, the most recent I
should say, is probably in July of 2015. As the Secretary of
State of Georgia, have you had any interactions with the EAC?
Mr. Kemp. I have. You know, I was one of those, for full
disclosure, that supported a resolution. I think it was several
years ago. Mr. Hicks may have a better memory of that than me,
because I felt like the usefulness of the organization, the
time had passed. But to answer your question, yes, I have had
dealings with the EAC. They're part of this working group, and
I will say they've been very responsive in their role.
Mr. Carter. So have they improved? I mean, are you now--do
you now think that they're beneficial?
Mr. Kemp. Well, I wouldn't want to go that--well, I
definitely think they're beneficial. I have different thoughts
about that that maybe in another setting I could spell out a
little more detailed. But they've certainly been responsive in
this issue.
Mr. Carter. So should we eliminate them or should we just
transfer some of that work to another group?
Mr. Kemp. I'm of the belief that we can do a lot of that at
the State level.
Mr. Carter. Mr. Hicks----
Mr. Kemp. But I want to say it's been--I've been grateful
that we have commissioners that have now been appointed to the
EAC where they can work on certain things that are required at
this time.
Mr. Carter. Mr. Hicks.
Mr. Hicks. I want to thank Secretary Kemp for his support.
One of the things, when I--one of the reasons I spent 11 years
up here was I spent 4-1/2 years as a nominee waiting for my
confirmation.
Mr. Carter. Four-and-a-half years?
Mr. Hicks. I'm the longest serving Obama nominee, and I was
finally confirmed in December of 2014.
Mr. Carter. Who does the confirmation?
Mr. Hicks. The Senate Rules Committee. But it was the full
Senate.
Mr. Carter. We're doing all we can. I feel your pain. We
have to deal with them too.
Mr. Hicks. But overall, the Election Assistance Commission
sat without commissioners for almost 3 years and then sat
without a general counsel or an executive director, so a lot of
that work wasn't getting done. So when my fellow commissioners
and I were confirmed, we hit the ground running. And so I think
that, you know, most of the Secretaries of State have changed
their tune to figure that we are more valuable now.
But our role is to the States and locals and other
stakeholders like the voters themselves, and so I think that
now we are proving that we are valuable and hopefully will
continue to do that.
Mr. Carter. Well, great.
Again, gentlemen, thank you for what you do. This is
extremely important, and we all recognize that and all
appreciate your work and your diligence in this.
Thank you, Mr. Chairman. I yield back.
Mr. Hurd. The gentleman yields back the balance of his
time.
I'd now like to recognize the ranking member, Mr. Cummings.
Mr. Cummings. Thank you very much, Mr. Chairman.
This summer, there were reports that Russia was attempting
to compromise our elections by hacking into election systems.
This is a very grave issue that threatens the foundation of our
democracy. On Monday, Ranking Member Diane Feinstein in the
Senate Intelligence Committee and Ranking Member Adam Schiff of
the House Intelligence Committee issued a joint statement. They
said, and I quote, ``Based on briefings we have received, we
have concluded that the Russian intelligence agencies are
making a serious and concerted effort to influence the United
States election,'' end of quote. They issued the statement
after careful consultation with the intelligence community, our
intelligence community.
Now, Dr. Ozment, I assume you have no reason to question
the accuracy of this statement. Is that right?
Mr. Ozment. Sir, the executive branch has not attributed
these incidents to any entity, and the FBI is leading an
ongoing law enforcement investigation of these breaches.
Mr. Cummings. Here is what I don't understand. For some
reason, Donald Trump keeps defending Russia against these
hacking allegations. In fact, in Monday night's debate, he said
he doesn't know if it was Russia. It could be China. It could
be a 400-pound person in bed, he said. Frankly, his statements
seemed ridiculous to me. Not only has Mr. Trump defended
Russia, he has encouraged Russia to conduct the hacking.
Dr. Ozment, DHS plays a key role in helping States protect
their election systems against cyber attacks. Is that right? Is
that right, sir?
Mr. Ozment. Sir, we are there to support State and local
governments in defending their systems. That's right.
Mr. Cummings. Well, this morning, FBI Director James Comey
told the House Judiciary Committee, and I quote, ``There's no
doubt that some bad actors have been poking around,'' end of
quote.
Here's my question, without disclosing any classified
information, have you seen any uptick in probing attacks by
foreign adversaries over the past 3 months?
Mr. Ozment. Sir, I don't think we have a concrete answer
for that question. What I'll tell you is, obviously, you know,
there are two incidents in Arizona and Illinois that resulted
in breaches of voter registration systems. And what I'll say
applies only to voter registration systems and, therefore, does
not impact the actual casting of a vote.
As part of our response to that, we and others in the
Federal Government have shared information with State and local
governments, essentially Be on the Lookouts, which are called
cyber indicators. State and local governments are using that to
more carefully monitor their systems. Any time you more
carefully monitor a system, you're going to see more bad guys
poking and prodding at it, because they're always poking and
prodding. What I can tell you is that I think it's safe to say
that voter registration systems that are online will always be
the subject of interest from bad guys, whether for stealing
personal information by criminals or other nefarious purposes.
And that's why we think it's important that State and local
governments constantly focus on the security of those systems,
and we have published guidelines to help them secure those
systems.
Mr. Cummings. On August 30, 2016, I sent a letter with
ranking members of the Committees on Judiciary, Foreign
Affairs, and Homeland Security, asking whether the FBI is
investigating troubling connections between members of the
Trump inner circle and the Russian interests.
I ask unanimous consent that this letter be made a part of
the record, Mr. Chairman.
Mr. Hurd. Without objection, so ordered.
Mr. Cummings. Dr. Ozment, earlier this morning, FBI
Director Comey was asked about this letter before the House
Judiciary Committee. Comey said that the FBI is trying to
figure out, quote, ``just what mischief is Russia up to in
connection with our election.'' He also said he would not
inform Congress, at least at this stage, about any interviews
with individuals working for Mr. Trump who were listed in this
letter, because he does not comment on ongoing investigations.
I want to ask you specific questions about this, but
generally, does DHS work with the FBI to investigate illegal
acting by foreign adversaries?
Mr. Ozment. So, in July, the President released
Presidential Policy Directive 41 that laid out the role of DHS
and the FBI in investigating cyber incidents. And you can think
about it as a significant cyber incident being the equivalent
of an arson in the real world. And when you have an arson, you
want both the firefighters and the cops to show up. In this
analogy, the FBI are the cops. They're the lead what we call
threat responders, the lead law enforcement agency. My
organization are the lead firefighters. So we focus on helping
the victim and taking information to share with other victims
and help them--or other potential victims and help them protect
themselves. So we do collaborate closely with the FBI, but it's
the FBI in the lead role for ascertaining who is the
perpetrator and bringing that perpetrator to justice.
Mr. Cummings. One last question: Again, generally, if you
come across evidence that anyone in the United States was aware
of these illegal actions or even collaborated with foreign
adversaries, would you work with prosecutors and FBI
investigators?
Mr. Ozment. If at any time we come across any evidence of a
crime, unless we are prohibited from sharing that, we would
immediately share it with law enforcement agencies.
Mr. Cummings. Chairman, I yield back. Thank you.
Mr. Hurd. Thank you, Ranking Member.
And, Mr. Hicks, I want to say thank you for your time and
contribution to this hearing. I know you have to slip away, and
if you do, please go ahead.
Mr. Hicks. I can't leave when my own Congressman just
showed up. So I don't know if I--I can take the 5 minutes to
see if he has questions for me.
Mr. Hurd. Great.
Well, with that, I would like to recognize my friend from
the Commonwealth of Virginia, Mr. Connolly, for 5 minutes.
Mr. Connolly. I know Mr. Hicks is not flying home.
Mr. Hicks. I'm actually going to Iceland.
Mr. Connolly. My daughter was just there. She was hiking.
Thank you, Mr. Chairman.
And thank you to the panel.
And good luck, Mr. Hicks. Enjoy Iceland.
Last month, the Department of Homeland Security Secretary
Jeh Johnson said, and I quote: ``We should carefully consider
whether our election system, our election process is critical
infrastructure, like the financial sector, like the power
grid.''
Mr. Ozment, what did Mr. Johnson mean by that?
Mr. Ozment. So, first, I should note that DHS has not
formally designated the electoral system as critical
infrastructure. We are focused right now in the immediate term
on providing whatever resources and assistance we are able to
provide to States and local governments and whichever resources
and assistance they want from us.
You know, longer term, I think that's a conversation that
we want to have with State and local governments. Under our
authorities, there are additional capabilities that we can
provide to those governments if we designate the system as
critical infrastructure. That includes additional protections
we can put on information. If, for example, we wanted to get in
a conversation with both State and local governments and
vendors, we could better protect the information that those
vendors provide to us. We have--we can better prioritize the
resources that we want to give to them, and it improves our
ability to, for example, offer clearances to folks involved in
this process.
I would like to highlight that if we were to make that
designation, it does not give us any regulatory powers. All of
our resources and assistance would still be voluntary, you
know, and the State and local governments would remain in
charge of elections.
Mr. Connolly. So if, however, we did declare it critical
infrastructure, I think Mr. Appel said there were 12 States
that still use touchscreen technology. Is that correct?
Mr. Appel. Some States use touchscreens in some of their
counties and not others. So I said approximately 10 States,
based on the preponderance of the use of----
Mr. Connolly. So if we declare it critical infrastructure,
we might be able to provide some assistance if those States
chose to move to the, you know, paper/electronic kind of
ballot.
Mr. Ozment. We can offer assistance now, and I think it
would help us in our ability to offer assistance. But we would
not, for example, be able to replace their systems. We wouldn't
be able to offer that type of assistance.
Mr. Connolly. Mr. Kemp, I want to make sure I understood
your testimony. I thought I heard you say that elections should
be governed strictly by States and localities and that it was
not really the business of the Federal Government. Am I getting
your testimony correctly?
Mr. Kemp. Well, it's a constitutional duty of the States to
run elections.
Mr. Connolly. Isn't also, however, a concern of the Federal
Government that Federal elections have some uniformity to them?
For example, the Voting Rights Act.
Mr. Kemp. Well, I certainly understand your point, but I
think the whole argument of critical infrastructure, just like
Mr. Ozment just said, protecting vendors' information really
goes against the open process that we have now at the State
level where, like when we test our voting equipment, it's
advertised in the local legal organ. You know, the local
newspaper editor or reporter can come watch that process that
the local election boards do, and any citizen.
And I think the idea of federalizing our elections to where
we have a one-size-fits-all voter registration system or
mandating that States use a certain voting system or one type
of voting system creates all kinds of problems and, quite
honestly, I think would make our system--make the system more
vulnerable, not less.
Mr. Connolly. Well, so are you saying that, from your point
of view, the 50 different State systems plus tens of thousands
of localities is just fine, and we shouldn't even look at it at
the Federal level?
Mr. Kemp. Well, I wouldn't say that you shouldn't look at
it and everything is just fine. There's certainly jurisdictions
out there that do better than others. We have that in the State
of Georgia. But I believe that we're better suited as a State
to provide solutions for that than the Federal Government is.
Mr. Connolly. Well, what about the Voting Rights Act? I
mean, that was an argument used back in the 1950s and 1960s for
the Federal Government to keep its nose out of State
jurisdiction. Frankly, if the Federal Government hadn't passed
the Voting Rights Act, people would have still been
disenfranchised, including in your home State and mine.
Mr. Kemp. I would say that the Voting Rights Act is still
intact.
Mr. Connolly. Yes, but it's an example of the opposite of
what you're asserting. It was an example of federalizing
something to protect the franchise, because the States weren't
doing it. In fact, States were actively suppressing votes. You
don't deny that, do you?
Mr. Kemp. Well, I'm not sure I understand what that has to
do with the election system.
Mr. Connolly. Well, I'm dealing with your assertion of the
principle that we shouldn't federalize any aspect of this. And
I'm arguing that the Voting Rights Act is a clear exception to
your principle and that perhaps the Federal Government in
Federal elections, at least, has an interest that overrides the
State interest when it comes to protecting, at the cyber level,
the integrity of the results.
Mr. Kemp. Well, that's certainly your opinion. Mine
differs.
Mr. Connolly. I yield back, Mr. Chairman.
Mr. Hurd. Thank you, Mr. Connolly.
I now would like to ask unanimous consent to submit two
letters for the record: One from the National Association of
Secretaries of State. It is an open letter from the Nation's
secretaries of state to Congress talking about how we can work
together to share the facts about cybersecurity in our
elections. The second letter is from the Electronic Privacy
Information Center about this hearing.
Without objection, so ordered.
Mr. Hurd. Mr. Hicks, one of the things that you said, one
of the three points that the EAC is responsible for is
providing grants. Is there grant money available to help
upgrade aging equipment?
Mr. Hicks. Most of that money has already been accounted
for, so there is no money available to replace voting
equipment.
Mr. Hurd. Thank you.
And, Dr. Ozment, I just want to be clear. This conversation
about designating voting systems as critical infrastructure,
that is off the table for this election. Is that correct?
Mr. Ozment. It's not what we're focused on in the near
term. We really in the next 3 months--voting has started. You
know, voting is occurring in a number of jurisdictions across
the U.S. For the next few months, we're focused on how we can
help State and local governments.
Mr. Hurd. And I would like to end with my takeaways from
this, is that pieces of our voting system are vulnerable, but
it's really hard to hack our voting systems. There are some
that need to be upgraded. We should never rest on outdated
legacy systems and that we should be looking at how we solve
this problem working together and that there's resources within
DHS for our States to voluntarily ask for. And this is not
forcing any particular program on an individual State.
And what I'd like to do in my remaining 3 minutes, I'd love
to go down the line and everybody take 30 seconds and give your
final points. This is an important topic. I appreciate you all
being here, and this is your last conversation with the
American people.
So let's start with you, Mr. Norden, and work our way
backwards.
Mr. Norden. Thank you, Chairman Hurd.
I guess I would emphasize two things. What I said earlier,
I think, one of the most important things that we can do is
ensure that there is confidence in the system. I think that the
issues of access and confidence and integrity of our voting
system are all interdependent and linked. Too often, access and
integrity are presented as oppositional.
I do think that there is a role for Congress after this
election to start thinking about what investments the Federal
Government can make to ensure that there is confidence in the
system, through research grants for innovation and for
replacing some of the oldest equipment that really is a
challenge.
And one last point I want to make is, because so many
States are leaving it to counties to purchase this equipment,
we really are starting to see a kind of two-tiered system in
this country, with counties with less money, less resources--
they're often rural counties--are left without being able to
invest and replace their equipment. And we're talking, yes,
about local elections but also Federal elections, of course.
Mr. Hurd. Thank you, Mr. Norden.
Mr. Appel, 30 seconds.
Mr. Appel. After the election, I think it would be a very
good thing for the Congress to find a way to assist and
encourage those 10 States that still primarily use paperless
touchscreen machines to switch to optical scan machines. I
would say also that there are many safeguards in our American
elections which we haven't explicitly discussed in this
hearing, and those have to do with the inherent transparency of
the canvassing process in many States, in most States, where
the results are announced in each precinct of how many votes
each candidate got in the precinct. And the challengers, the
party challengers, and any interested citizen can see for
themselves that those numbers add up to what the election
officials are reporting in the precinct-by-precinct totals. And
that's a safeguard against hacking of the computers in county
central that might be adding up those precincts.
So we should encourage measures that election
administrators are already taking to make transparent the
process of reporting the precinct-by-precinct numbers in a way
that we can see that they add up.
Mr. Hurd. Excellent. Thank you, sir.
Secretary Kemp.
Mr. Connolly. Would the chairman yield for one second?
Just to Mr. Appel's point, we had an election in Virginia
for a State attorney general. And because we had a paper trail,
we were able to see an anomaly in absentee ballots cast, that
clearly there was an anomaly in one congressional district. And
sure enough, there was a ballot box that had accidentally been
put aside because of a malfunction, and the votes had not been
counted. It actually made the difference in terms of who won;
it was that dispositive. So what Mr. Appel is saying I think is
really critical in terms of getting accurate results in our
elections throughout the country.
Mr. Appel. I'll just add that the kind of transparency you
get from that makes it so that you don't have to be a
cybersecurity expert to understand that anomaly and correct it.
Mr. Hurd. Secretary Kemp.
Mr. Kemp. Chairman Hurd, thank you for having me today,
members of the committee. I appreciate the opportunity to be
here.
I think, in my 30 seconds, I would just encourage you to
continue to collaborate with the secretaries of states,
Lieutenant Governors, and other election officials back home
and ask them what they're doing, what they're doing to prepare.
I would encourage all American citizens to do that as well. I
think they'll be very pleasantly surprised to see the
preparations that are going on all across this country to make
sure we have secure, accessible, and fair elections in Georgia.
And I certainly would appreciate any more collaboration that we
can have with this committee or other Members of Congress and
the National Association of Secretaries of State to work
together in the future.
Mr. Hurd. Mr. Hicks.
Mr. Hicks. Saturday marked the 45 days before the election,
and on that day ballots were sent out to our men and women
overseas so that they can start casting their ballots back.
Early voting is going to start soon for many States. And one of
the messages and the message that I want to make sure is clear
today is that our elections are secure.
We on our Web site and throughout the Nation when we've
gone around this country have talked about our Be Ready 16
campaign to talk to States about how they can secure their
elections, how to make sure that the ballots are being counted
accurately and so forth. And, you know, come November 8, we
know that we will have an election and that election will be
secure.
Mr. Hurd. Dr. Ozment.
Mr. Ozment. We must be vigilant, as we must always be in an
area where there are cyber threats. Particularly, as many
States upgrade their voting systems over the next 4 years, we
must build those systems to have more cybersecurity that stops
not just the attacks of today but the attacks of the future,
when they'll still be used in 2030 or 2040.
But overall and right now, we have confidence in the
integrity of our electoral system. We have no indication that
adversaries are planning cyber operations against U.S. election
infrastructure that would change the outcome of this election.
We believe that the diversity and many different levels of
checks and balances in our electoral systems are sufficient
that we should all have confidence in the integrity of the
system and the election.
Mr. Hurd. Thank you, Dr. Ozment.
Now I'd like to recognize Ranking Member Cummings for 5
minutes.
Mr. Cummings. Thank you very much.
Again, I am concerned very much about the cyber situation,
but I'm also concerned about African Americans and Hispanics
and so many others who have been blocked from voting. I think
that I will go to my grave trying to do everything in my power
to make sure that everybody has an opportunity to vote. My
foreparents were denied it over and over again, and I'm seeing
a lot of the same things happening today.
Mr. Kemp, you are secretary of state for Georgia, which is
one of the three States that were allowed to modify the Federal
form to require proof of citizenship in your State, based on
the unilateral decision of Brian Newby, the EAC Executive
Director. I understand that you submitted a request for this
modification. But in addition to that, did you or anyone in
your office have communications with Mr. Newby or anyone else
at the EAC relating to this request?
Mr. Kemp. I have to look back and see if that was the case
before or after. I know we had written letters asking for this
issue to be treated like the EAC had treated previous
instances, where we could simply treat the Federal form the
same way that we treat the State form in our State.
Mr. Cummings. Can you please provide this committee with
the copies of all email or other communications between you or
anyone in your office and anyone at the EAC about this issue?
Would you do that for us, please, sir?
Mr. Kemp. We can do that.
Mr. Cummings. Thank you.
Mr. Kemp, what evidence did you submit to the EAC
demonstrating that the modification you requested was necessary
for the administration of elections in Georgia?
Mr. Kemp. Well, we were simply trying to, as I said
earlier, match the State form with the Federal form.
Mr. Cummings. Will you provide the committee with all
documents relating to that issue also?
Mr. Kemp. We certainly can look into that.
Mr. Cummings. No, that's not what I asked you. I said,
would you provide us with the documents, sir?
Mr. Kemp. Well, I wouldn't be able to answer that question,
but I can certainly look into that and get back to you.
Mr. Cummings. I'd like you to provide to the committee any
and all documents that you and your office have relating to any
analysis you did regarding the impact on eligible voters that
your request would have. Did you look into that?
Keep in mind in North Carolina what they did is they
systematically figured out when black people vote; they figured
out how they vote; and then they, with precision--with
precision--made sure that they did everything in their power to
stop them from voting.
And so I just want to make sure that we have the
documentation. I'm sure whatever you did is proper, but I'd
just like to know. It would be congressional malpractice on my
part, as a son of people who could not vote, to sit here and
have you all here and not address this issue. So I'd just like
to have the documents. That's all. I'm sure you've got
justification.
Mr. Kemp. Well, Representative, it's really a pretty simple
thing that we were trying to do. We were simply trying to make
the Federal form have the same questions as the State form.
But I will tell you, as the State of Georgia, under my
administration and leadership, we have implemented online voter
registration where anybody that has a driver's license or a
State-issued ID card can register to vote 24 hours a day, 7
days a week. And we've had over 360-some thousand people that
have used that system.
Right now, we have a Student Ambassadors Program that we
started last year with a pilot of 14 high schools around the
State and 150 kids. It's now ballooned to over 800 students in
any kind of high school that you can imagine across the State
of Georgia. We have over 102 high schools where we're actually
teaching students in the school to register their peers to
vote.
So I can assure you if anybody that meets the requirements
and wants to register to vote in Georgia, they can easily do
so.
Mr. Cummings. I'm glad to hear that. I just have two more
questions. The Court of Appeals for the D.C. Circuit
temporarily halted and reversed the unilateral action by the
EAC Executive Director. However, prior to that, do you know how
many voters in Georgia had tried to register using the Federal
form and were turned away because they did not provide proof of
citizenship?
Mr. Kemp. I wouldn't be able to answer that question.
Mr. Cummings. And how long will you need to get back to us
on that? Can you get that information?
Mr. Kemp. I'll have to check on that and get back to you.
Mr. Cummings. Mr. Chairman, as I said, I am just concerned.
When Justice Ginsburg was talking about Texas, I think it was
in the Shelby case, and she was saying that 600,000 Texans
would not be able to vote, I mean, if we want to have an
emergency, that's what the emergency ought to be about. Every
single person, I don't care whether they're Tea Party, Green
Party, Democrat, or Republican, I will fight for their right to
vote.
And I just want to thank you, Mr. Chairman, for your
courtesy. And I look forward to your responses, Secretary of
State Kemp.
Mr. Kemp. Let me just make one point. While we were asking
for the form to be changed, we never stopped taking the Federal
forms.
Mr. Cummings. But can you understand--and I'm almost
finished, Mr. Chairman. But can you understand why African
American people, Hispanics, and others might be upset when
people are--I'm not saying you--when people are blocking them
from voting, when they're paying taxes and working hard and
doing everything they're supposed to do and not be able to
vote? I mean, can you understand it?
Mr. Kemp. Well, I can understand it, but I can assure you
that that's not happening in Georgia. Actually, we've seen
minority participation increase in our State.
Mr. Cummings. Thank you.
Mr. Hurd. I'd like to thank our witnesses for taking the
time to appear before us today.
If there's no further business, without objection, the
subcommittee stands adjourned.
[Whereupon, at 4:54 p.m., the subcommittee was adjourned.]
APPENDIX
----------
Material Submitted for the Hearing Record
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
[all]