[House Hearing, 116 Congress]
[From the U.S. Government Publishing Office]
SECURING U.S. ELECTION INFRASTRUCTURE AND PROTECTING POLITICAL
DISCOURSE
=======================================================================
HEARING
BEFORE THE
SUBCOMMITTEE ON NATIONAL SECURITY
OF THE
COMMITTEE ON OVERSIGHT
AND REFORM
HOUSE OF REPRESENTATIVES
ONE HUNDRED SIXTEENTH CONGRESS
FIRST SESSION
__________
MAY 22, 2019
__________
Serial No. 116-28
__________
Printed for the use of the Committee on Oversight and Reform
[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]
Available on: http://www.govinfo.gov
http://www.oversight.house.gov or
http://www.docs.house.gov
__________
U.S. GOVERNMENT PUBLISHING OFFICE
36-662 PDF WASHINGTON : 2019
--------------------------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Publishing Office,
http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center,
U.S. Government Publishing Office. Phone 202-512-1800, or 866-512-1800 (toll-free).
E-mail, [email protected].
COMMITTEE ON OVERSIGHT AND REFORM
ELIJAH E. CUMMINGS, Maryland, Chairman
Carolyn B. Maloney, New York Jim Jordan, Ohio, Ranking Minority
Eleanor Holmes Norton, District of Member
Columbia Justin Amash, Michigan
Wm. Lacy Clay, Missouri Paul A. Gosar, Arizona
Stephen F. Lynch, Massachusetts Virginia Foxx, North Carolina
Jim Cooper, Tennessee Thomas Massie, Kentucky
Gerald E. Connolly, Virginia Mark Meadows, North Carolina
Raja Krishnamoorthi, Illinois Jody B. Hice, Georgia
Jamie Raskin, Maryland Glenn Grothman, Wisconsin
Harley Rouda, California James Comer, Kentucky
Katie Hill, California Michael Cloud, Texas
Debbie Wasserman Schultz, Florida Bob Gibbs, Ohio
John P. Sarbanes, Maryland Ralph Norman, South Carolina
Peter Welch, Vermont Clay Higgins, Louisiana
Jackie Speier, California Chip Roy, Texas
Robin L. Kelly, Illinois Carol D. Miller, West Virginia
Mark DeSaulnier, California Mark E. Green, Tennessee
Brenda L. Lawrence, Michigan Kelly Armstrong, North Dakota
Stacey E. Plaskett, Virgin Islands W. Gregory Steube, Florida
Ro Khanna, California
Jimmy Gomez, California
Alexandria Ocasio-Cortez, New York
Ayanna Pressley, Massachusetts
Rashida Tlaib, Michigan
David Rapallo, Staff Director
Dan Rebnord, Subcommittee Staff Director
Amy Stratton, Clerk
Christopher Hixon, Minority Staff Director
Contact Number: 202-225-5051
------
Subcommittee on National Security
Stephen F. Lynch, Massachusetts, Chairman
Jim Cooper, Tennessee Jody Hice, Georgia, Ranking
Peter Welch, Vermont Minority Member
Harley Rouda, California Justin Amash, Michigan
Debbie Wasserman Schultz, Florida Paul Gosar, Arizona
Robin L. Kelly, Illinois Virginia Foxx, North Carolina
Mark DeSaulnier, California Mark Meadows, North Carolina
Stacey E. Plaskett, Virgin Islands Michael Cloud, Texas
Brenda L. Lawrence, Michigan Mark E. Green, Tennessee
C O N T E N T S
----------
Page
Hearing held on May 22, 2019..................................... 1
Witnesses
Mr. Christopher Krebs, Director, Cybersecurity and Infrastructure
Security Agency, U.S. Department of Homeland Security
Oral Statement............................................... 5
Mr. Adam Hickey, Deputy Assistant Attorney General, National
Security Division, U.S. Department of Justice
Oral Statement............................................... 7
Ms. Christy McCormick, Chairwoman, U.S. Election Assistance
Commission
Oral Statement............................................... 8
Ms. Ellen Weintraub, Chair, U.S. Federal Election Commission
Oral Statement............................................... 10
Mr. William F. Galvin, Secretary of the Commonwealth,
Massachusetts
Oral Statement............................................... 32
Mr. Nathaniel Gleicher, Head of Cybersecurity Policy, Facebook
Oral Statement............................................... 34
Mr. Kevin Kane, Public Policy Manager, Twitter
Oral Statement............................................... 36
Mr. Richard Salgado, Director, Law Enforcement and Information
Security, Google
Oral Statement............................................... 37
* The prepared statements for the above witnesses are available
at the U.S. House of Representatives Repository: https://
docs.house.gov.
INDEX OF DOCUMENTS
----------
The document listed below is available at: https://
docs.house.gov.
* Facebook Memo, "Hate Agents"; submitted by Rep. Hice
SECURING U.S. ELECTION INFRASTRUCTURE AND PROTECTING POLITICAL
DISCOURSE
----------
Wednesday, May 22, 2019
House of Representatives,
Subcommittee on National Security,
Committee on Oversight and Reform,
Washington, D.C.
The subcommittee met, pursuant to notice, at 2:03 p.m., in
room 2154, Rayburn House Office Building, Hon. Stephen Lynch
presiding.
Present: Representatives Lynch, Cummings, Cooper, Welch,
Rouda, Wasserman Schultz, Kelly, Sarbanes, Hice, Jordan, Amash,
Gosar, Foxx, Meadows, and Green.
Also present: Representative Sarbanes.
Mr. Lynch. The subcommittee will come to order.
Without objection, the Chair is authorized to declare a
recess of the committee at any time.
This hearing is entitled, ``Securing U.S. Election
Infrastructure and Protecting Political Discourse.''
I now recognize myself for five minutes to give an opening
statement.
Today we will examine the security of our Nation's election
infrastructure systems, as well as how the Federal Government
is working with private-sector partners to respond to malicious
attempts to unduly influence public opinion, sow discord, and
undermine confidence in our political institutions.
The purpose of today's hearing is not to re-litigate the
outcome of the 2016 Presidential election. Rather, our goal is
to safeguard the fundamental democratic principles underscored
by President Abraham Lincoln when he said that ``Elections
belong to the people.'' Indeed, no less than the integrity of
our democracy is now at stake.
In January 2017, the intelligence community released an
assessment that our democracy had come under attack by foreign
adversaries. With high confidence, our Nation's 17 intelligence
agencies unanimously found that ``Russian President Vladimir
Putin ordered an influence campaign in 2016 aimed at the U.S.
Presidential elections.'' The Russian effort included
clandestine intelligence operations coupled with blatant
meddling by Russian government agencies, state-funded media
organizations, third-party intermediaries, and paid social
media users, or trolls.
Special Counsel Robert Mueller's report, which followed his
nearly two-year independent investigation into Russian
interference, confirmed and augmented the intelligence
community's high confidence judgment. According to the Special
Counsel, ``The Russian Government interfered in the 2016
Presidential election in sweeping and systematic fashion.''
Thanks to the Special Counsel, we know that Russia's
interference campaign involved so-called ``active measures''
led by the St. Petersburg-based Internet Research Agency
designed to sow discord in the U.S. through information
warfare. Its primary components included the creation of
fictitious social media accounts, the purchase of online ads to
promulgate divisive political material, the deployment of
automated bots to amplify content, and the organization of
political rallies in the U.S. At the same time, Russia's
military agency, the GRU, perpetrated a hacking operation
targeting U.S. individuals, political committees, state
election boards, state secretaries of state, county
governments, and private manufacturers of election-related
software and voting machines. In response to these malign
activities, the Special Counsel criminally indicted 13 Russian
nationals, 12 military officers, and three Russian companies.
In its post-election review, Facebook alone estimated that
accounts controlled by the IRA may have reached 126 million
people prior to their deactivation in August 2017, including
nearly 30 million Americans.
Russian interference in U.S. elections has continued beyond
2016, with Iran, China, and other hostile state actors
following suit. In September 2018, the midterm elections, the
Department of Justice charged a Russian national with
conspiring to interfere in the 2018 midterm elections in
connection with her work as a chief accountant for ``Project
Lakhta,'' a social media influence campaign funded by the same
Russian oligarch already indicted by the Special Counsel for
financing the Internet Research Agency. On the eve of the
midterms, Facebook announced that it had suspended over 100
Facebook and Instagram accounts due to their potential
affiliation with the Internet Research Agency.
In submitting a classified intelligence community report on
foreign interference in December 2018, Director of National
Intelligence Dan Coats stated: ``Russia and other foreign
countries, including China and Iran, conducted influence
activities and messaging campaigns targeted at the United
States to promote their strategic interests.''
As we approach the 2020 Presidential election cycle, U.S.
intelligence officials and security experts have warned that
malign foreign influence operations will continue to evolve.
According to FBI Director Christopher Wray, Russia likely
viewed its influence activities in 2018 as a ``dress rehearsal
for the big show in 2020.'' In his 2019 Worldwide Threat
Assessment, DNI Director Coats added: ``We expect our
adversaries and our strategic competitors to refine their
capabilities and add new tactics as they learn from each
other's experiences, suggesting the threat landscape could look
very different in 2020 and future elections.''
The nonpartisan Brookings Institution predicts that foreign
state actors will increasingly rely on artificial intelligence
to conduct political warfare in the form of disinformation
campaigns that are almost impossible to detect. To this end,
our adversaries are refining the use of so-called ``deep
fakes.'' These are synthetically doctored audio, photos, and
videos that are highly believable, inexpensive to produce, and
have unlimited potential to go viral. Foreign influence
campaigns are also trending toward subtler and harder-to-detect
tactics, including by targeting specific audiences and
amplifying divisive organic content over the creation of fake
news and accounts, which are easier to identify.
In light of these threats, we must undertake a frank and
bipartisan assessment of the vulnerabilities that remain in our
electoral process.
While the Department of Homeland Security has established
multiple task forces to combat foreign election interference,
the DHS Inspector General reports that their effectiveness has
been undermined by dramatic staffing cuts, leadership turnover,
and a lack of coordination with state election officials.
Meanwhile, the Election Assistance Commission, which is
responsible for administering the $380 million in state grant
funding that Congress appropriated for election security in
2018, is experiencing a shortfall of technical expertise,
including the recent departure of its top technology official
in charge of testing and certifying voting systems.
Information sharing among intelligence agencies, state and
local governments, and private-sector technology companies has
markedly increased since 2016. However, there is still
significant room for improvement. The FBI's recent notification
to state and local officials in Florida that Russian operatives
had successfully hacked voter registration files in two
counties in 2016 came nearly three years after the breach and
over six months after the 2018 midterms.
Social media companies and Federal law enforcement agencies
also must continue to improve their ability to communicate
specific threat information and potential vulnerabilities in
real time.
Securing the integrity of our electoral process will
require a collective and renewed commitment on the part of the
public and private sectors to address these and other
challenges. Only then can we be confident that future elections
in the United States truly reflect the will of the American
people.
I now yield to the Ranking Member, the gentleman from
Georgia, Mr. Hice, for his opening statement.
Mr. Hice. Thank you very much, Mr. Chairman.
We all know that voting is a bedrock of our republic. It is
grounded in the principle of federalism and a fundamental right
we as Americans enjoy and take pride in. It is imperative that
our election systems are secured so that Americans can have
full confidence that their vote is heard on election day.
Not only are we here to discuss the importance of ensuring
the security of our election systems but also how we protect
political discourse on the social media platforms like
Facebook, Twitter, and YouTube leading into Americans casting
their vote.
The Federal agencies on our first panel, along with others,
play an important role in aiding state and local election
officials who are ultimately responsible for administering the
elections.
In January 2017, in order to reduce both cyber and physical
risk to state and local election systems and facilities, the
Department of Homeland Security designated our election systems
as a critical piece of our country's infrastructure. As a
result, state and local election officials can now receive a
wide range of services to reduce both cyber and physical risk
to their election systems and facilities.
Additionally, in March of last year, President Trump signed
the Consolidated Appropriations Act which provided another $380
million for grants disbursed by the Election Assistance
Commission to state and local election officials to improve
election administration. So I look forward to hearing from
Chairwoman McCormick more about the EAC's partnership with
state and local election officials and how they are putting
that money to good use.
Later this afternoon we will hear from Facebook, Twitter,
and Google representatives to understand the role of these
private-sector companies in safeguarding our political process.
These three entities have become such a centerpiece in the
discourse of our Nation and our politics. I think we are all
aware of that. Think about the presence and reach of social
media platforms today. Facebook has over 2.3 billion monthly
users, Twitter over 330 million, and Google over 2 billion.
These platforms obviously have a massive audience. Accordingly,
it is vital that these companies are fully transparent on their
platforms. These platforms should advance freedom of speech,
not censor it. Yet, we find again and again that some accounts
are suspended or banned for unclear reasons. So I look forward
to discussing how some accounts are banned or suspended for bad
content and who is making that determination, and why.
Additionally, social media companies should play an active
role in securing their platforms by limiting the spread of
misinformation, providing transparency of political
advertising, while also blocking and removing fake accounts
seeking to manipulate the public.
It is no secret that Russia, Venezuela, Iran and other
foreign adversaries seek to interfere in our political process.
These bad actors have and will likely seek to challenge the
credibility of our election system, the very fundamental part
of our republic. We must safeguard our systems and our
platforms and deter future attempts by all foreign adversaries.
It is my understanding that during 2018, Twitter challenged
about 425 million accounts that were suspected of engaging in
spam or platform manipulation. Of that amount, roughly 75
percent have been suspended or removed. Between October 2017
and March 2018, Facebook disabled 1.27 billion fake accounts.
I think it is important to note that there is a clear
distinction between content from foreign adversaries versus
content with which people disagree.
So we have a lot to unpack this afternoon. I look forward
to hearing from our witnesses on their roles and
responsibilities to safeguard and protect the integrity of our
elections, and I thank the Chairman, and I yield back.
Mr. Lynch. The gentleman yields back.
Without objection, the gentleman from Maryland, Mr.
Sarbanes, who is a full committee member and author of H.R. 1,
the For the People Act, which seeks to address some of the
issues that we raised today, shall be permitted to join the
subcommittee on the dais and be recognized for his questions of
the witnesses at the appropriate time.
Today we are joined by the Honorable Christopher Krebs,
Director, Cybersecurity and Infrastructure Security Agency,
U.S. Department of Homeland Security; Adam Hickey, Deputy
Assistant Attorney General, National Security Division, U.S.
Department of Justice; the Honorable Christy McCormick,
Chairwoman, U.S. Election Assistance Commission; and the
Honorable Ellen Weintraub, Chairwoman, U.S. Federal Election
Commission.
If the witnesses would please rise, I will begin by
swearing you in. Please raise your right hand.
[Witnesses sworn.]
Mr. Lynch. Let the record show that the witnesses answered
in the affirmative.
Thank you, and please be seated.
The microphones are sensitive, so please speak directly
into them. And without objection, your written statements will
be made part of the record.
With that, Mr. Krebs, you are now recognized to give an
oral presentation of your testimony.
STATEMENT OF CHRISTOPHER KREBS, DIRECTOR, CYBERSECURITY AND
INFRASTRUCTURE SECURITY AGENCY, U.S. DEPARTMENT OF HOMELAND
SECURITY
Mr. Krebs. Chairman Lynch, Ranking Member Hice, and members
of the subcommittee, good afternoon and thank you for the
opportunity to testify regarding the Department of Homeland
Security's efforts to secure the vote.
Cyber threats, particularly from nation-state actors,
remain one of the most strategic threats to the United States.
Perhaps the highest profile threats we face today are attempts
by nation-state actors to interfere in our democratic
elections.
Our goal has been for the American people to enter the
voting booth with confidence that their vote counts and is
counted correctly. I want to update this committee on the
progress made in working with the election community. Our
agency, the Cybersecurity and Infrastructure Security Agency,
or CISA, our mission is clear: to support election officials
and their private-sector partners consistent with the
Constitution, existing law, and electoral tradition.
At its core, elections are run at the state and local
level, but those officials shouldn't have to defend themselves
from nation-states on their own.
Since 2016, we have learned quite a bit. We have done
after-action reviews, the Department of Justice conducted an
investigation and issued indictments in some cases, Offices of
Inspectors General and the General Accountability Office and
multiple committees in Congress have or are investigating what
happened and how we can improve our efforts to secure
elections.
Over the last two years, in focused and oftentimes humbling
engagements, we have become partners with the election
community. For the 2018 election, alongside the Election
Assistance Commission, we worked with all 50 states, over 1,400
local and territorial election offices, six election
associations, and 12 election vendors.
Our approach is three-fold: first, making sure the election
community has the information they need to defend their
systems; second, making sure they have the technical support
and tools they need to defend their systems; and third,
building enduring partnerships to advance security efforts
together.
In 2018, we focused on building scalable, repeatable
mechanisms to dramatically grow our information-sharing
capabilities. The Election Infrastructure and Information
Sharing and Analysis Center, or EI-ISAC, was established. By
election day, the EI-ISAC had over 1,400 members, including all
50 states. This is the fastest growing ISAC of any critical
infrastructure sector. That ISAC now has over 1,600 local
jurisdictions participating.
We shared contextualized threat intelligence and actionable
information through our close partnerships with the
intelligence community and law enforcement. More importantly,
state and local election officials were sharing what they were
seeing on their own networks.
We also deployed intrusion detection capabilities, or
Albert sensors, to provide real-time detection capabilities of
malicious activity. By election day 2018, those sensors offered
protection to election infrastructure in voter registration
data bases for more than 92 percent of registered voters. For
reference, during the 2016 election, we were below 30 percent
of coverage. That is real improvement.
Second, we provided technical support and services to
election officials and vendors. Initially, we offered the
standard services, including vulnerability assessments that we
offer Federal agencies and other sectors. As we refined our
understanding of election official requirements, we shifted the
capabilities quicker, less intrusively, and can scale to more
jurisdictions.
This scalability is critical, because while our initial
efforts in 2016 were primarily targeted at state election
officials, we recognized the need to increase our support to
counties and municipalities who operate elections as well. Our
last-mile initiative sought to provide information customized
to the local county level.
While on the surface it seems simple, this initiative
provided no-cost, tailored information on cyber risks and a
checklist of cyber security action items.
The final area of focus has been on building enduring
partnerships toward a collective defense. It may seem mundane,
but governance, communications, coordination, training, and
planning are the critical foundational elements of our efforts
to secure the Nation's elections. These efforts and others
contributed to a secure 2018 election.
While 2018 is behind us, the 2020 election season is
already underway. We are clear-eyed that the threat to our
democratic institutions remains, and we must continue to press
for increased security and resilience of our election systems.
Over the next two years, CISA will focus on expanding
engagement at the local level. We will also continue to work
with election officials to improve both their and our
understanding of risk. With a better understanding of risk, we
can support efforts by election officials to obtain the
resources they need to secure their election systems.
We at CISA are committed to working with Congress to ensure
our efforts cultivate a safer, more secure and resilient
homeland.
Once again, thank you for the opportunity to appear before
the committee today, and I look forward to your questions.
Mr. Lynch. Thank you, Mr. Krebs.
Mr. Hickey, you are now recognized.
STATEMENT OF ADAM HICKEY, DEPUTY ASSISTANT ATTORNEY GENERAL,
NATIONAL SECURITY DIVISION, U.S. DEPARTMENT OF JUSTICE
Mr. Hickey. Good afternoon, Chairman Lynch, Ranking Member
Hice, and distinguished members of the subcommittee. Thank you
for the opportunity to testify on behalf of the Department of
Justice concerning our efforts to ensure the safety and
security of our Nation's election infrastructure and to combat
malign foreign influence.
By malign foreign influence, I am referring to covert
actions by foreign governments intended to affect U.S.
political sentiment and public discourse, sow divisions in our
society, or undermine confidence in our democratic
institutions. These can range from computer hacking that
targets election infrastructure or political parties to state-
sponsored media campaigns.
This issue, protecting the Nation's democratic processes,
has been and remains a top priority of the Department. Our
principal role here is the investigation and prosecution of
Federal crimes. But malign foreign influence efforts extend
beyond efforts to interfere with elections, and they require
more than mere law enforcement responses alone.
Recognizing that, we approach this issue the same way we
approach other national security threats, by using our own
legal tools, as well as supporting the tools and authorities of
others. And to the best of our ability, we try to prevent
crimes from occurring or disrupt them in progress, in part by
sharing information that enables people to protect themselves.
Reflecting the priority of these issues, last year the
Attorney General's Cyber Digital Task Force analyzed the types
of foreign influence operations that exist and lays out a
framework to guide our responses. Since the 2016 election, the
Department has taken a number of steps to combat malign foreign
influence and support secure elections.
First, as an intelligence-driven organization and member of
the intelligence community, the FBI can pursue tips and leads,
including from classified information, to identify,
investigate, and disrupt illegal foreign influence activities.
To that end, the FBI established the Foreign Influence Task
Force to lead its response to ensure information flow, resource
allocation, and coordination both within the Department and
among the Department, other Federal partners, and the private
sector.
Second, together with other agencies, through a series of
outreach and education efforts, we have been helping public
officials, candidates, and social media companies to harden
their own networks and platforms against malign foreign
influence operations.
Third, we have improved enforcement of the Foreign Agents
Registration Act, one of the statutory tools that helps ensure
transparency in the activities of foreign entities and
individuals. FARA enforcement makes it more difficult for those
entities and individuals to hide their role in activities
occurring in the United States.
Fourth, our investigations have led to a number of criminal
charges and other enforcement actions that have exposed malign
influence efforts by foreign states and their proxies. While we
work with other nations to obtain custody of foreign defendants
whenever possible, just the charges themselves help educate the
American public about the threats that we face.
Fifth, our investigations have supported the actions of
other U.S. Government agencies such as financial sanctions
imposed by the Secretary of the Treasury.
Finally, even outside the context of criminal charges, we
have used the information from our investigations both to warn
and to reassure potential victims and the general public alike
about malign foreign influence activities. Victim
notifications, defense of counterintelligence briefings, and
public safety announcements are traditional Department
activities, but they must be conducted with particular
sensitivity in the context of foreign influence and elections.
In some circumstances, exposure can be counter-productive or
otherwise imprudent.
Given those countervailing considerations, the Department
has adopted a public policy for evaluating whether and how to
disclose malign foreign influence activities, and among its
first principles, partisan political considerations must play
no role in our decisions.
Our adversaries will undoubtedly change their tactics as
technology changes, and we will need to be nimble in our
response. But the framework we developed last year will aid us
to respond, and I believe it will have staying power.
As you can see, the Department plays an important role in
combatting foreign efforts to interfere in our elections, but
there are limits to our role and the role of the Federal
Government more generally in combatting malign foreign
influence. Doing so effectively requires a whole-of-society
approach that relies on coordinated actions by government
agencies at various levels, support from the private sector,
and the active engagement of an informed public.
Thank you again for the invitation to testify today, and I
look forward to your questions.
Mr. Lynch. Thank you, Mr. Hickey.
Ms. McCormick, you are now recognized for five minutes.
STATEMENT OF CHRISTY MCCORMICK, CHAIRWOMAN, U.S. ELECTION
ASSISTANCE COMMISSION
Ms. McCormick. Good afternoon Chairman Lynch, Ranking
Member Hice, and members of the subcommittee. Thank you for the
opportunity to testify before you to detail the important work
of the U.S. Election Assistance Commission, better known as the
EAC, and our role in helping election officials secure
elections.
While 531 days remain until the 2020 Presidential election,
the first Federal Presidential primary is just seven months
away, and election officials across the Nation are
administering state and local elections now. As you know, the
EAC and its vital mission were established under the Help
America Vote Act of 2002. The EAC is the only Federal agency
solely devoted to supporting election officials in their work.
It is as needed today as it has been at any other time since it
was established.
One of the Commission's primary focuses is election
security, and I am pleased to have this opportunity to provide
more detail about our efforts in that regard. Before I do,
however, it is important to put that work into context.
Election security is only one component of election
administration. To demonstrate this, the EAC has developed a
wheel of competencies in which each section represents a
similar level of expertise and effort. The Election
Administrator Competency Wheel visualizes ongoing duties,
election preparation work, as well as responsibilities stemming
from election night and beyond. The 20 areas of competency
represented on the wheel are each important and require support
from our team, and many of these competencies play a direct
role in election officials' work to secure elections.
The EAC has worked diligently to help states secure their
elections, especially in the months leading up to last year's
election. The EAC expeditiously distributed newly appropriated
HAVA funds to the states, assisted our Federal partners in
establishing and managing the critical infrastructure
operational framework, continued to test and certify voting
systems, and highlighted and distributed important best
practices in election administration.
As the agency best positioned to communicate directly with
election officials across the country, the EAC also played an
early and leading role in establishing trust and open lines of
communication between state and local leaders and the Federal
Government entities that work on election security. The EAC
drove the development of the Election Security Working Group
that eventually became the subsector's Government Coordinating
Council, GCC, and played an integral role in establishing the
Sector Coordinating Council, SCC, comprised of private election
equipment manufacturers and vendors.
Beyond the GCC and SCC, the Commission has taken a
multifaceted approach to helping state and local election
officials strengthen their election security. This work
includes testing and federally certifying voting systems,
providing hands-on security and post-election audit trainings
across the country, producing security-focused resources,
disseminating security best practices information and
checklists to state and local election officials, as well as
hosting widely attended forums that feature security experts as
speakers.
The distribution of HAVA funds is another example of the
EAC's work related to election security. Last year, Members of
Congress provided $380 million in much needed and much
appreciated financial support to the states and territories
through the EAC. We know from state plans and expenditure
reports that most states are spending these funds on items that
will directly improve election security. In fact, at least 90
percent of the funds have been devoted to technological and
cyber security improvements, the purchase of new voting
equipment, and improvement to voter registration systems.
Through our more recent conversations with all 55 states
and territories that receive these funds, we believe that as of
April 30th, 2019, states have spent at least $108.14 million,
or 29 percent of the $380 million in grant funds. This
represents a 262 percent increase in spending from the last
reported spending levels in September of last year.
As states seek to invest these funds in purchasing new
voting equipment, election leaders are continuing to turn to
the EAC's testing and certification program as a key resource
in ensuring the Nation's voting systems are tested to confirm
the secure and accurate tabulation of ballots. This includes
seeking information about when the EAC will implement the next
iteration of the Voluntary Voting Systems Guidelines, which
will be known as VVSG 2.0.
The VVSG has historically consisted of principles,
guidelines, and requirements against which voting systems can
be tested to determine if the system meets required standards.
These guidelines are voluntary, and states may decide to adopt
them entirely or in part. Last year, the EAC's Technical
Guidelines Development Committee, as well as the EAC's Board of
Advisors and Standards Board recommended adoption of the
proposed guidelines and principles. Unfortunately, when one of
the commissioners left the EAC, we lost our quorum and were not
able to vote to move the guidelines forward. After Commissioner
Palmer and Commissioner Hublin were confirmed and a quorum was
restored, our first official act was to unanimously vote to
publish the principles and guidelines in the Federal Register
for a 90-day public comment period.
In April we held public hearings in Memphis and Salt Lake
City, and on Monday we held our third hearing at our office in
Silver Spring. The public comment period on the principles and
guidelines concludes on May 29th.
It is important to note that the EAC's participation in
critical infrastructure activities and its own security work
was a direct result of the personal involvement and direction
of the EAC's most senior staff, as well as the efforts of our
talented team of professionals. The EAC does not have full-time
employees devoted to these new components of providing election
security support.
As we provide for 2020 and beyond, the EAC looks forward to
working with Congress as we continue our efforts to help
America vote, including work to secure elections.
I am happy to answer any questions you may have following
today's testimony. Thank you.
Mr. Lynch. Thank you, Ms. McCormick.
Ms. Weintraub, you are now recognized for five minutes.
STATEMENT OF ELLEN L. WEINTRAUB, COMMISSIONER, U.S. FEDERAL
ELECTION COMMISSION
Ms. Weintraub. Thank you. Chairman Lynch, Ranking Member
Hice, and members of the committee, thank you for inviting me
to testify before you today, and thank you for convening this
hearing in this subcommittee, because the integrity of our
elections is a matter of national security. I welcome the
committee's forward-looking approach to the ongoing
cybersecurity and disinformation threats to our election
infrastructure, especially as we head into the 2020 elections.
I share your concerns about foreign threats to the integrity of
our country's elections.
And I bring some good news. The Commission yesterday
approved an advisory opinion that will allow Federal campaigns
to accept extensive cybersecurity assistance from a project
called Defending Digital Campaigns. They are bipartisan,
national security and tech savvy, and they can help protect
campaigns from foreign and domestic cyber and information
attacks. It is a big step for the FEC to allow a group like
this to assist campaigns. We allowed it because of the grave
dangers facing campaigns from hackers, and I hope every
campaign will take advantage of it.
I am also introducing a proposal at the FEC tomorrow to
allow the party committees to use their building funds to pay
for cybersecurity for themselves and their candidates. There is
a bill on that, but we could do it without legislation, and I
hope we will.
We know what happened in 2016. We know that our foreign
adversaries can and will repeat their cyber warfare if the U.S.
Government does not act boldly and decisively to defend this
Nation from such attacks. And make no mistake, our adversaries
do not seek partisan advantage. They seek chaos and discord.
They seek to undermine our democracy. Just because Russia's
attack involved ports on Facebook servers instead of a port in
the middle of the Pacific Ocean makes it no less of an attack
on our country.
Other witnesses today have and will tell you about how we
need to protect the physical infrastructure of our elections,
the brick and mortar electoral apparatus run by state and local
governments, and it is vital that we do so. But from my seat on
the Federal Election Commission, I work every day with another
kind of election infrastructure, the foundation of our
democracy, the faith that American citizens have that they know
who is influencing our elections, and that faith has been under
malicious attack from our foreign foes through disinformation
campaigns. That faith has been under assault by the corrupting
influence of dark money that may be masking illegal foreign
sources. That faith has been besieged by online political
advertising from unknown sources. That faith has been damaged
through cyber attacks against political campaigns ill-equipped
to defend themselves on their own.
That faith must be restored, but it cannot be restored by
Silicon Valley. Rebuilding this part of our elections
infrastructure is not something we can leave in the hands of
the tech companies, the companies that built the platforms now
being abused by our foreign rivals to attack our democracy.
Don't let the guys on the next panel tell you they got this;
they don't.
The U.S. Government needs to be the one who steps up to
meet this threat. I am doing what I can at the FEC. I revived
the Commission's efforts to clarify the rules about Internet
advertising disclosure. I have highlighted the dangers of
foreign election spending through corporations, LLCs, and dark
money groups. The Commission recently obtained record penalties
against a Super PAC and a domestic subsidiary that was
funneling money into our elections at the behest of foreign
owners. So this risk is not hypothetical.
But there is only so much I can do from my seat on the
Commission. Congress has more powerful tools available to it,
and I urge you to use every tool in your toolbox. There is
legislation already drafted that could help, bills like the
Honest Ads Act, the Deter Act, the Secure Elections Act. I
implore all Members of Congress, regardless of party and
regardless of chamber, to speak up now. Speak up, legislate,
pressure leadership to bring those bills to the floor.
And I urge you most of all to do something outside the
realm of election law, something that the FEC absolutely cannot
do. Congress and the White House must make it abundantly clear
to our foes that the costs of attacking America's elections far
outweigh the real or perceived benefits. If those who attack
our democracy pay no price for doing so, the damage they will
continue to wreak will swallow up any other reform we could
possibly enact.
In the best of all possible FEC worlds, I could crack down
on dark money. In the best of all possible FEC worlds, I could
provide greater transparency for online political debate. But
nothing that I do will matter unless Congress and the White
House convey with unmistakable clarity and unity that our
democracy is not to be messed with. We need to put partisanship
aside and speak with one voice, not as Democrats or Republicans
but as Americans. I hope this hearing will be a positive step
in that direction.
Thank you.
Mr. Lynch. Thank you.
I will now yield myself five minutes for questions.
Chairwoman McCormick, given the critical role that the
Election Assistance Commission plays in our democratic process,
your agency has been given a renewed sense of purpose and
urgency and attention. The Commission is finally back to having
a quorum after lacking one between December 2010 and January
2015, which is a sad statement in itself; and then again since
March 2018. The Commission was integral in distributing the
$380 million in funding that the Help America Vote Act provided
during the last few years. However, I do remain concerned that
the EAC may not be able to fill its important role in a timely
fashion as we approach the 2020 elections.
Last week, on May 15, you did speak before the Senate
Committee on Rules and Administration and testified that in
2009, the last time the EAC had a quorum--and this is a quote--
you said, ``Our budget was double what it is now.'' You also
testified that the EAC had 49 employees back then, and you have
22 right now.
So this is against the backdrop where I think the pressure
on you and the work that needs to be done has risen
exponentially, and you are trying to do this with less
resources and less people, and I know some of your tech people
left a short while ago and you are trying to in-board some
technical help.
I am worried. I am worried. I talked to some of my state
and county officials around the country, and they are nervous
about making the necessary improvements, getting the necessary
equipment and funding, training the necessary people on the new
systems, and having all that happen in a fluid fashion before
the elections in 2020.
So how are things going?
Ms. McCormick. Obviously, we are a very small agency and
quite underfunded, but I give a lot of kudos to our staff, who
work 80 hours a week each on all of the projects that we are
doing. We are stretched very thin, but we have met our mission,
and we have met it well. We have hired some new security and
technical people, and we are very excited to on-board them. The
person that we hired as our Director of Testing and
Certification is one of the country's experts on post-election
audits, and we have two more people starting who have between
them 26 years combined experience in testing and certification
of voting systems.
We have also hired last year a CIO who has expertise in
cybersecurity, and so we are rebuilding that team. We are doing
the best we can with the resources we have, but we have asked
for more appropriations, and we hope we will get them.
Mr. Lynch. I don't doubt that you are doing the best you
can under the circumstances. But if 2016 and 2018 are
indicators, and I think they are, you are going to face a
ramped-up assault in the coming months before the election.
What do you need? What do you need specifically, as
specifically as possible? I will hold my other questions until
later. But what do you need? What can we do to help you?
Ms. McCormick. People. We need people. We need more staff.
Our staff is strained to the breaking point at this point, and
we need depth. We have, in some cases, one person with no back-
up holding down jobs that need back-up in case something
happens. So we are asking for money so we can hire more staff
to meet the demands.
The EAC's mission has expanded since it was created under
HAVA. We didn't have the cybersecurity needs at the time. We
always worried about election security, but, of course, since
2016, this is an additional mission for our agency, and we have
stepped up in every way possible that we can, given the
resources that we have. But we would like to step up even
further.
Mr. Lynch. All right. There is some common ground here
between Democrats and Republicans. Can I ask you to work with
your top people and give me a budget of what you need to get
your job done? I know there are wider issues, but just narrowly
look at 2020, what you need to get your job done, the number of
people you need, to the degree possible a dollar figure that
will get it done. Think about technology, the equipment you
need, the whole shebang.
Ms. McCormick. Yes, we can do that. We already have given
that to Appropriations, so I can give that to you.
Mr. Lynch. We have to strip it down just to that, what you
actually need. I know there are a lot of other issues that are
out there, but my focus is the 2020 elections because of the
consequences. If we have a close election, God forbid, and
people are skeptical of the process, I have seen that happen in
other countries and it undermines the legitimacy of the
government that gets put in place, and I don't want to be one
of those countries in January 2021.
Ms. McCormick. I agree with you completely.
Mr. Lynch. Okay, I am going to yield to the Ranking Member,
Mr. Hice, for five minutes.
Mr. Hice. Thank you very much, Mr. Chairman.
Mr. Krebs, you are aware of the situation in Florida, the
voter registration breach in 2016?
Mr. Krebs. Yes, sir, I am aware of the incident in 2016 in
Florida.
Mr. Hice. As much as you can, to the extent that you can,
walk us through what happened.
Mr. Krebs. So I think the majority of this conversation
would require the FBI to be a part of the conversation as well.
The FBI was lead on briefing down in Florida, and I would defer
to Mr. Hickey as well.
Ultimately, I think what we at my agency are focusing on is
ensuring that any victim has the information they need to
secure and address the issues with their systems so that we can
understand what is happening within those systems and share the
techniques that the adversary may be using across those
systems.
Mr. Hice. Okay. I want to go there, but first let me go to
Mr. Hickey.
Can you just real briefly, a 30,000-foot view, tell us what
happened?
Mr. Hickey. Thank you, sir. The most I think I can say in
this forum without deferring to the FBI is that there were two
counties that experienced intrusions into their systems, and we
are confident based on what they have told us and our own work
that there is no evidence that we have seen that that had any
impact on the tabulation or counting or reporting of votes.
Mr. Hice. Okay. But the fact that the breach took place
obviously is concerning to every one of us in here.
So going back, Mr. Krebs, to you, between the FBI and DHS,
what steps are being taken to try to prevent this from
happening again?
Mr. Krebs. So, as I mentioned, the run up to 2018, we made
it a priority to work with every single state and as many of
the local jurisdictions as possible. I have to say that Florida
and Governor DeSantis just issued a press statement I think
earlier today about his review of the state's election systems.
But what we are finding is that Florida is probably one of our
best partners of any state in the union right now.
Of their 67 counties or their 67 election supervisor
jurisdictions, they are all working with us in one way, shape,
or form. The Albert sensors I mentioned, those intrusion
detection systems, 66 of 67 counties have them configured and
deployed right now, and the 67th is in the process of doing so
right now.
Mr. Hice. So with that, are you confident, relatively
confident, that that vulnerability is going to be removed for
2020?
Mr. Krebs. Well, the specific vulnerability or the issue
associated with the 2016 incident was addressed. What we are
doing is taking----
Mr. Hice. Was it addressed to the point that the problem
has been resolved?
Mr. Krebs. That is my understanding.
Mr. Hice. Okay.
Mr. Krebs. So what we have been doing is really focusing on
what happened in this case. We have made a significant
investment in outreach and engagement, best practices sharing.
Spear phishing campaign assessments are one of our top
priorities and just pushing awareness that with email come
potential risks. It is really educating supervisors and
election officials that there are things that they can do to
truly minimize their risk surface.
Mr. Hice. Why has the FBI not released or disclosed the
identity of the two counties?
Mr. Krebs. Again, I defer to the FBI on that, sir.
Mr. Hice. Mr. Hickey, any idea? I am just curious.
Mr. Hickey. I think what they would say is they are
following the process we follow any time you respond to the
victim of a computer intrusion, which is that we are there to
help them, and we leave it to them to make the decision about
who they are accountable to and how to report that information.
So whether it is a company or a county or a state, we are there
to provide assistance, and then they need to make decisions
about who they need to disclose that to.
Mr. Hice. I get that, but we have a right to know too. This
is something that took place in 2016. We are talking three
years ago. Evidently the issue has been addressed, the
vulnerability is being closed. We have the right to know. I
believe Congress has the right to know who was involved in that
as far as counties, and the American people need to know. So I
expect you to get back with us on this as best you can.
Ms. McCormick, let me go to you real quickly. Regarding the
money, I brought this up a little bit in my opening statement,
the $380 million that is available to help in the states, 80
percent of that is going to be spent. In what kind of concrete
ways or how are the states going to use this?
Ms. McCormick. About 58 percent of the money has been used
for hardening cybersecurity, hardening the infrastructure.
About 34 percent has been used to purchase new voting systems,
where needed. And then about six percent, seven percent used
for voter registration systems. So that adds up to a little
over 90 percent of the money so far. We expect that the states
will, straight-line projection, spend 85 percent of that money
by 2020.
Mr. Hice. Okay.
And one five-second question, Mr. Hickey. What do you
believe is our greatest threat to the election security? Is it
hacking? What is the greatest threat?
Mr. Hickey. It is how we respond to reports of hacking.
Hacking, sir, I think is inevitable. It is how we react to it.
Systems that are connected to the Internet, if they are
targeted by a determined adversary with enough time and
resources, they will be breached. So we need to be focusing on
resilience, and resilience is not just a matter of what Mr.
Krebs can tell you about the importance of auditing votes and
the like. It is also how we as a people respond when there is a
rumor or there is a report that there has been a breach. We
need to take a breath, we need to let the states evaluate it,
we need to let investigators respond, and we need to have
confidence in our elected representatives and our state
officials that they have this, because they deal with
contingencies and elections all the time.
If we undermine ourselves, the confidence in our systems,
we will be doing our adversary's work for them.
Mr. Hice. More than a 10-second question, but I appreciate
your answer.
I yield back, Mr. Chairman.
Mr. Lynch. The Chair now recognizes the gentleman from
Tennessee, Mr. Cooper, for five minutes.
Mr. Cooper. Thank you, Mr. Chairman.
Director Krebs, apparently you warned us earlier this year
that the 2020 election is, quote, ``the big game'' for foreign
adversaries looking to undermine our democracy. I want to
understand your analogy a little better. By ``big game,'' did
you mean an amusement or a plaything, or did you mean more like
big game, like we are an animal to be hunted?
Mr. Krebs. Sir, I think for the adversary, and this is
consistent with what Director Wray at the FBI has recently
said, that is the target, that is the big target, the 2020
election.
Mr. Cooper. So we are like the lion that is being hunted.
Mr. Krebs. I have not thought about it in a game hunting
sort of analogy, but this is the great competition.
Mr. Cooper. And unless it is a photo safari, the hunter
seeks to not only hunt but kill the lion, right? That is the
big game trophy that many hunters are pursuing.
Mr. Krebs. I am not a hunter myself, sir, but I think that
is probably right.
Mr. Cooper. I am concerned because my state, Tennessee, has
voting systems in most of our counties that have been judged
some of the most vulnerable in the country. The Center for
American Progress gave our state an F because so few of our
voting machines have any sort of paper trail capability for
voter verification or adequate audit procedures. So that means
roughly about 15 percent of our counties apparently do have
good machines; 85 percent do not. And yet our state has had on
hand for nearly 18 years some $27.5 million unspent that could
be used to acquire better voting machines. Davidson County, at
least, has recently decided to buy better voting machines,
which will be in place for the next election.
Ms. McCormick, what would you advise a state like Tennessee
to do with that $27.5 million that has been sitting there for
all these years just accumulating interest, even though that
money has been held while we were under attack from foreign
adversaries?
Ms. McCormick. Well, we work with Secretary of state
Hargett and with your elections coordinator, Mark Goins, and I
trust that they are on top of that issue. We do suggest best
practices, and one of those best practices is VDPAT on a voting
system or a paper ballot. But we also have to keep in mind, of
course, the voters with disabilities. I think that they are
aware of this problem, and I suspect that they are working to
fix the issue.
Mr. Cooper. So they are on top of the situation even though
we got an F from the Center for American Progress?
Ms. McCormick. Well, I can't speak for the Secretary or for
Mr. Goins, but I think that they are doing a fine job in
Tennessee. We do interact with them on a frequent basis.
Mr. Cooper. Were you aware that in 2018 hackers, apparently
from the Ukraine, shut down a county election commission
website during an election?
Ms. McCormick. I was not aware of that.
Mr. Cooper. Well, being on top of the situation can mean
various things, but presumably it would mean that websites
would remain open during an election and not be shut down by a
foreign potential adversary. Apparently no election data was
manipulated, but a site that has been hacked successfully could
be vulnerable.
Mr. Krebs knew exactly how many counties in Florida had
Albert sensors. Can you tell me how many counties in Tennessee
have an Albert sensor?
Mr. Krebs. Sir, I would have to come back with you and
brief specifically on the counties. But I will say that the
state has an Albert sensor, particularly Secretary Hargett's
operation.
Mr. Cooper. But as you mentioned, elections really run at
the county level, and you were very proud of the fact that 66
out of 67 Florida counties had Albert sensors, and you
commended Florida for doing such an excellent job. Can you
commend Tennessee in a similar fashion?
Mr. Krebs. Tennessee is a great partner. Every state runs
their elections a little bit differently. Some are top down,
some are bottom up, some are hybrid. Every state is going to
run things a little bit differently and have different
requirements. But Tennessee is a strong partner.
Mr. Cooper. Well, I know we are great and strong, but we
also want to be unhackable.
Mr. Krebs. Sir, I think that is certainly a noble
destination, but unhackable is not a realistic objective. What
we are looking for is----
Mr. Cooper. Well, less vulnerable to hacking----
Mr. Krebs. Absolutely.
Mr. Cooper [continuing]. at least at the Florida level,
which was two or three years late in discovering that they had
been hacked.
Mr. Krebs. Sir, again, on 2016 issues, everyone that we had
an understanding there was an issue was notified of the issue,
and the issue was addressed.
Mr. Cooper. But as Mr. Hice pointed out, we still don't
know which Florida counties were vulnerable. So apparently the
American people are not allowed to know.
I see that my time has expired.
Mr. Lynch. The gentleman yields back.
The Chair recognizes the gentleman, the doctor from
Tennessee, Dr. Green.
Mr. Green. Thank you, Mr. Chairman and Ranking Member Hice.
Thank you for today's hearing, and also let me thank our
witnesses for being here today.
I am equally concerned about this topic, but really almost
for other reasons. First, the discussion of the threat. Clearly
there are several threats to the security of our election
process. One, of course, is the cyber threat, domestic and
foreign hacking that might alter vote counts. Another, of
course, is local, focused on the polls themselves where
intentional or unintentional mistakes can result in the wrong
results, or worse, actual voter intimidation as seen in the
2017 special election in Philadelphia, where an election
official pled guilty to voter intimidation against anyone
voting for a non-Democrat. Philadelphia has seen many of those
cases.
Other such examples of manipulation should also be
considered, such as ballot harvesting. In Tennessee, we don't
even allow candidates and their campaigns within a certain
distance of the polling places so that individuals can be free
of the pressure right as they cast their ballot.
But in California, the candidates can just go to the
person's home with their ballot, pressure them, get their vote,
and turn it in for them. As the former Speaker of the House
said, that defies logic.
I would submit to you that our founders got it right on how
best to do government, and that is the best government is the
government that is closest to the people, and I think that is
also the case in elections.
Let me just share a little bit about what my state is
doing. While I deeply respect the gentleman, Mr. Cooper from
Davidson County, I have to disagree with him. I think Tennessee
and Secretary Hargett, and particularly the elections
commissioner, Mark Goins, are doing a fantastic job.
As I mentioned above, we don't allow candidates in
Tennessee to get anywhere near our polling sites. Further, all
the poll workers are divided amongst the parties, effectively
yielding an equal number of workers from each party at each
polling station. So local intimidation, like they are seeing in
Pennsylvania, is not happening in Tennessee.
As for cyber threats, our Secretary of State, Tre Hargett,
and the head of our elections, Mark Goins, have done a
spectacular job protecting the integrity of our elections. The
state offers regular online cybersecurity hygiene training for
election officials, including part-time election commissioners,
and even volunteers. The state provides onsite security scans
for our county election offices. Tennessee has conducted
statewide cyber-related election tabletop exercises, war-gaming
attacks and how to handle them.
Tennessee provides annual in-person cybersecurity hygiene
training led by experts such as Paul Connolly, the Chief
Information Officer from HCA, Healthcare Corporation of
America. Our state election commission provides each county
with hardware systems dedicated to interact with our statewide
voter registration data base. Our personnel are trained on
recommended best practices and guidelines for protecting
election infrastructure. As we speak, the state is in the
process of hiring more technical employees who assist counties
with cyber-related issues.
Tennessee doesn't need, nor do we desire, the Federal
Government's intrusion into our elections. It is clear the
agenda of the leadership of the majority party is to do just
that. They even, with H.R. 1, want to force California's
election systems onto the states, basically making a Federal
methodology and taking control from the states. It is their
biggest initiative. It is H.R. 1, usually the designation
reserved for the party's biggest push.
California-style elections on the rest of us, not an
option. The goal is clearly to empower a certain group of
people, a certain party. It is unacceptable.
Thank you, Mr. Chairman, for allowing me to share these
thoughts and the thoughts of the people of Tennessee.
Mr. Lynch. The gentleman yields back.
The Chair now recognizes the gentleman from California, Mr.
Rouda, for five minutes.
Mr. Rouda. Thank you, Mr. Chair.
To my esteemed colleague from Tennessee, I would like to
point out that California does not harvest ballots, contrary to
that false narrative being perpetuated. And I would also like
to point out that you conveniently forgot about the actual
ballot harvesting that was taking place in North Carolina's 9th
District, where we are having a special election to overturn
the Republican operatives who unduly influenced the outcome of
that election.
But I digress. We are here to talk about voting system
vulnerabilities, and I appreciate the witnesses coming here
today to help us better understand the challenges facing our
country and our voters and our democratic foundations.
Chair McCormick, I would like to talk to you a little bit
about the EAC guidelines. I know you are in the process right
now of going through and updating those guidelines. When were
those guidelines originally promulgated?
Ms. McCormick. The systems that are now certified were
certified under standards that were set in 2005.
Mr. Rouda. And there has been no upgrade to those
guidelines since then?
Ms. McCormick. We actually upgraded those guidelines in
2015, which we call the VVSG 1.1. But we have seen no
manufacturer bring a system into those updated requirements.
Mr. Rouda. Yet the I-phone that has been out since the
first rendition in 2007, I think we have had about 10 different
renditions since. So when you look at those guidelines, what is
your level of confidence in the guidelines providing the
appropriate guidance to make sure that our election systems are
safe and secure?
Ms. McCormick. It is a complicated procedure because we
still need to be sure that the manufacturers can design systems
that will meet those requirements, and that the jurisdictions
will have the funding to be able to buy those systems if they
come onto the market. So we need to make sure that the systems
are secure and accessible and reliable and usable, but also
that they are designed in such a way to take advantage of the
innovations that are in the market, but not so expensive that
they are unreachable by most jurisdictions. Funding is always
an issue when it comes to elections.
Mr. Rouda. And do you have 100 percent confidence that
these machines will secure our elections and there will be no
fraud?
Ms. McCormick. I don't believe there will be fraud on the
voting systems. You know, we can't 100 percent guarantee that
there can be no intrusions into the systems, but we are doing
our absolute highest and best to test and certify machines that
will be secure and will not be subject to fraud or manipulation
of the votes cast on them.
Mr. Rouda. Well, I am aware of the situation that took
place in Las Vegas, where we invited in a bunch of hackers to
try and get into voting machines who had a higher level of
success than anybody in the industry was anticipating, and that
should raise concerns for all of us.
Mr. Krebs, I would like to turn to you a little bit on this
as well, because I think you had stated earlier in your
testimony that you do not have 100 percent confidence that
hacking could not take place in our electronic voting machines.
Can you verify that I got that correctly?
Mr. Krebs. Yes, sir. One hundred percent security is not
the objective. It is resilience of the system. So even if you
do have a bad day, it is not a catastrophic day, that there is
resilience built into the system, that you can understand what
happened across the process and point back to good.
Mr. Rouda. As a guy who won a primary in Orange County,
California by 125 votes, I am always a little bit more
concerned about how sure we have to be in getting that vote
correct. If you look at the information that has been provided
by--let me make sure I get the institution correct--the Brennan
Center for Justice, that 12 states still use paperless
electronic voting machines that are at extreme risk, and there
has been discussion that we need to have paper ballots to act
as a back-up audit, or at least some sort of system within
these electronic machines to have a back-up audit, what is your
confidence level in that?
Mr. Krebs. So, we approach this problem set as IT security
advisers. So we bring a cybersecurity and an IT security
mindset to the issue. Auditability is a key tenet of
cybersecurity, of IT security. If you don't know what is going
on across the process, it is hard to guarantee an outcome and
verify the process.
So one of our top priorities working with the EAC is
encouraging and incentivizing auditability. It is getting these
systems, these systems that don't have paper out and systems
with paper in, and then implementing an audit process not just
on the back end but throughout the process.
Mr. Rouda. And one other quick question. If we are not
completely successful in that outcome, are we looking to going
back to analog, pen and paper?
Mr. Krebs. Pen and paper is already an option within the
system. Every jurisdiction, in their sovereign responsibility
of conducting elections in Article 1, Section 4, they can pick
that if they would like, but there are other factors to put
into the equation.
Mr. Rouda. Thank you.
Mr. Chair, I yield back.
Mr. Lynch. The gentleman yields.
The Chair now recognizes the gentle lady from North
Carolina, Ms. Foxx, for five minutes.
Ms. Foxx. Thank you, Mr. Chairman.
I want to thank our witnesses for being here today.
Chairwoman McCormick, in your opinion, are state and local
governments equipped to combat election interference?
Ms. McCormick. state and local election officials are doing
all they can right now, but they do need the assistance of the
Federal partners. I don't think it is fair to put all of the
onus on them when there are nation-states that are attempting
to interfere with our elections, and I know that with our
Federal partners we are trying to provide all the help we can
and assistance with resources and information and actual
physical support to the states and localities so that they can
secure their systems.
Ms. Foxx. Thank you. I would like to followup. Congress
established the EAC to develop guidance to meet the Help
America Vote Act, HAVA, adopt voluntary voting system
guidelines and serve as a national clearinghouse of information
on election administration. In the last Congress, the Senate
confirmed two new EAC commissioners, giving the EAC four
commissioners for the first time in about 10 years, and a
quorum after nine months without one.
Considering this, what are the top three priorities for
your commission to accomplish in the next six months?
Ms. McCormick. I would say to continue providing resources
that we can to the states for election security, providing
information on voter registration data bases and how to secure
them, and also provide any information we can on best practices
to the states and localities with regard to all of the other
issues in election administration, of which there are many.
Ms. Foxx. So the EAC provides voluntary best practices to
state and local governments to improve their systems. Could you
highlight the top three practices states and counties find most
helpful?
Ms. McCormick. That would be very difficult for me to do
because it is such a complicated and varied system throughout
the country. We have a patchwork, so different states and
localities rely on us for different needs. I can get back to
you on that, if you would like.
Ms. Foxx. Sure. Well, then, aside from additional funding,
which is what everybody always says they need, do you have any
examples of two or three--do you have two or three examples
from state and local officials that are the most concerning to
them?
Ms. McCormick. I think security is one of their top issues.
I think there is also a concern with natural disasters. We have
had a number of issues surrounding a number of events around
elections that have caused a great deal of concern. And I also
think that they are concerned about voter confidence, that our
voters can be assured that their votes are going to count and
count correctly.
Ms. Foxx. Thank you.
Mr. Chairman, I would just like to say, as a person who ran
for the school board in 1974 and lost by about 200 votes, and
then I ran again in 1976 and at the time we had an election for
the Registrar of Deeds in our county, and we had in 1976 an 85
percent turnout that year, and there were a couple of precincts
out in the far western part of our county that ran out of
ballots; and, like Mr. Green, we have in North Carolina equal
numbers of people from both parties there, and the two parties
agreed they would make some ballots so that the people who came
to vote wouldn't have any problem voting. So they made some
ballots, and the gentleman, who was a good friend of mine, I
liked him very much, who was running--a Democrat gentleman
running against a Republican woman for Registrar of Deeds, the
first time the seat had opened in over 50 years, and the
Democrats had owned it for 55 years. Anyway, he lost by 13
votes.
But all the election officials agreed it was all very clear
and we would have a hearing by the election board. So they
ordered a new election for him at the time because he lost by
13 votes. There was a new election for him only. All the rest
of the elections were certified. He lost by 1,300 votes.
I think, for the most part, our election officials locally,
for the most part, are very honest people, do the best that
they possibly can for the people, and I was frankly very proud
of the people in my county for getting together that day,
Democrats and Republicans, to make sure that everybody who
showed up at the polls had a chance to vote even though they
had run out of ballots.
Thank you very much.
Mr. Lynch. I thank the gentle lady for sharing that with
us.
I do want to note that I worry that state governments,
because this is a foreign threat, may not be adequately
equipped. So we don't encourage--we don't think of this as
Federal interference with states conducting--it is Federal
assistance and helping them, giving them grants so that they
can run the election the way you have described, the way they
see best. But I thank the gentle lady.
The Chair recognizes the gentleman from Vermont, Mr. Welch,
for five minutes.
Mr. Welch. Thank you. I thank the witnesses.
I have a question that I want to direct both to Mr. Krebs
and Mr. Hickey, and it is about the public statement that you
issued jointly in February 2019 concluding that there was ``no
evidence to date that any identified activities of a foreign
government or foreign agent had a material impact on the
integrity or security of election infrastructure of political/
campaign infrastructure used in the 2018 midterm election.''
Before issuing this joint statement, how many voting
machines used in November 2018 did DHS and DOJ forensically
examine for evidence of hacking? And if the answer is none,
don't you think such an unqualified statement is a bit of an
overstatement?
Mr. Hickey. Sir, as the statement lays out, we based what
we called the 1B report or that conclusion, which is the
bottom-line conclusion of the 1B report, on the report we were
given from the ODNI, which looked at what efforts were made by
foreign actors to interfere in a variety of ways, and then we
looked at those instances and looked to see whether there was
evidence of a material impact on infrastructure. So we didn't
set out to audit or to prove a negative. We looked at the
evidence that there was. There was evidence of efforts to
interfere, and we looked at and measured that effort and
determined it was not materially successful when it comes to
altering election infrastructure, campaign infrastructure.
Mr. Welch. Mr. Krebs?
Mr. Krebs. I concur with that. I would say we looked for
three sort of feeding elements of that assessment. One is, as
Mr. Hickey mentioned, from the intelligence community. The
second is from actually partnerships with state and local
officials, if they detected or noticed any anomalous activity.
Whether it was them or their vendors noticed anything, we would
certainly go and investigate that as a threshold matter. And
then third is our own ability to understand what is going on in
the ecosystem through our Albert sensors. If we had detected
anything, again threshold, then we would go do additional
engagement.
Mr. Welch. So your view is that even taking a random sample
to do forensic analysis of the machines themselves was not
important to provide a foundational basis for that very
explicit opinion?
Mr. Krebs. Auditing, as I think Mr. Hickey laid out,
auditing is not within the scope of the engagements that tied
into that assessment. We certainly offer auditing, forensic
auditing capabilities, to any jurisdiction that would request
it. Certainly, if they had noticed anything anomalous, we would
come in and offer that service.
Mr. Welch. You issued that report to the White House. My
understanding is that it is classified; is that correct?
Mr. Krebs. Ultimately the report, under the executive
order, does go to the National Security Council. Yes, sir.
Mr. Welch. And I know you didn't make the decision about
that classification, but I would object to that. Can you think
of any policy reason why what you found and what you reported
shouldn't be made known to all of the American people so that
they can judge for themselves, Mr. Hickey?
Mr. Hickey. Yes, sir, I think I can. As I mentioned, our
report piggybacks on a report by the intelligence community
which was a report on efforts they saw to interfere; attempts,
if you will. Presumably those attempts and our awareness of
them are derived from sources and methods that are sensitive,
and if we were to reveal what we knew about what foreign actors
had tried, we would necessarily be revealing what we don't know
that foreign actors have tried.
Mr. Welch. Well, that is not always the case, because
reports can be issued with scrubbing out the sources and
methods, because the point you make about sources and methods
is a valid point. Let's assume that your concern about sources
and methods could be addressed. Why not release the rest of the
information for the benefit of the public?
Mr. Hickey. Sir, as you mentioned, I was not the
classification authority. My intuition is that would be
impossible because the report doesn't actually contain the
source and method or methods itself. Most of the intelligence I
read doesn't tell me how the intelligence was collected. But
from reading it, an adversary would be able to discern, aha,
they have visibility here, or they have a human source there,
and what they don't know is this, that, and the other thing. So
they would be able to identify the most effective ways to
target us in the future, right? Because if it is not in the
report, they would probably draw the inference, oh, the
Americans didn't see that, so that is a good technique for the
future.
Mr. Welch. I thank the witnesses.
My time has expired, and I yield back.
Mr. Lynch. I thank the gentleman for yielding.
The Chair now recognizes the gentle lady from Illinois, Ms.
Kelly, for five minutes.
Ms. Kelly. Thank you, Mr. Chair.
In February 2019, the Department of Homeland Security's
Inspector General released an audit on the efforts of DHS to
secure our election infrastructure. While the IG report
credited the Department for taking some steps to lessen the
risk to U.S. election systems, the IG also found some troubling
gaps.
For example, according to the report, and I quote, ``DHS
has not completed the plans and strategies critical to
identifying emerging threats and mitigation activities and
establishing metrics to measure progress in securing the
election infrastructure.'' The Department had also not
incorporated election infrastructure into several of its key
security plans, including the DHS Cybersecurity Strategy and
the National Infrastructure Protection Plan. The IG noted that
senior leadership and staff turnover had, and I quote,
``hindered DHS' ability to accomplish such planning.''
Director Krebs, has DHS developed an election security
strategy, and has the President been informed?
Mr. Krebs. Ma'am, I think that Inspector General report, if
you look at the end of it and the recommendations they make,
they actually agreed that we had made the progress and were
just awaiting documentation.
The sector-specific plan, Chairwoman McCormick talked about
the Government Coordinating Council and the Sector Coordinating
Council, those two bodies, which bring together the
stakeholders across government at all levels of government and
the private sector, are part of the election infrastructure
ecosystem. So they are part of our joint effort to develop the
plan. That planning process--again, that sector-specific plan
that nests underneath the National Infrastructure Protection
Plan that you referenced--that is under development right now.
It is built on lessons learned from the 2018 process. It is a
consensus-based, collaborative document, and I look forward to
getting that wrapped up and will certainly push it up to the
National Security Council and Master Bolton, and I would hope
the President would take a look at it. Yes, ma'am.
Ms. Kelly. So is DHS working to incorporate election
infrastructure security into the other existing strategic
plans?
Mr. Krebs. The DHS cyber strategy that you referenced is
actually agnostic to any specific sector or any specific issue
set. It empowers subsequent tailoring of further plans against,
for instance, election infrastructure and that sector-specific
plan. It recognizes the role of the National Infrastructure
Protection Plan. It, too, is an umbrella document. It says
there are 16 sectors with sub-sectors, and each of those
sectors and sub-sectors has individual tailored plans with
metrics, with plans of action, and mechanisms and methodologies
for engaging the entire stakeholder set.
Ms. Kelly. Okay. And, Director Krebs, the President's
Fiscal Year 2020 budget proposal would cut funding for the
Cybersecurity Infrastructure Security Agency from its 2018 and
2019 Fiscal Year levels. This is especially troubling since
2020 is a Presidential election year, and we know Russia and
other malign actors are likely to target our infrastructure and
political discourse, as they did in 2016.
Did you or others in CISA ask for more funding from the
President before he released his budget proposal?
Mr. Krebs. So, we certainly contributed to the development
of that budget. It, as I see it for CISA, is a maintenance
budget that sustains operations as they exist now. With more,
of course, we could do more, just as Chairwoman McCormick
mentioned. I will note that that is the first budget released
under my authority as the Director of CISA. It reflects my
priorities. It reflects the fact that it is the first time in a
budget we have actually requested election-specific funding.
Prior, the $59.4, $8 million over 2018 and 2019, were
graciously provided by Congress, and we thank you for that.
This 2020 budget actually says we want to continue this. We
need to continue growing our capacity to help EAC, to help
state and local election officials boost their cybersecurity.
Ms. Kelly. Because I know people, you want to take--we want
to give you the world; you are probably going to take it. But
are you satisfied? Is it enough to do what you need to do?
Mr. Krebs. You know, with more, I can do more. As I
mentioned, $59.4 is the most I am aware of for any specific
sector or sub-sector within the Department of Homeland
Security's budget history. Just recently we released what is
known as the National Critical Functions Set, which breaks out
the 16 sectors into 55 different functions that underpin the
economy, public health and safety, national security. I think
with a cost buildup approach across those 55 sectors, there are
a lot of things we could do positively to improve the
cybersecurity and physical security, frankly, of this Nation.
Ms. Kelly. And with the money that you are getting, is
there anything you would have to cut or cut out or lessen?
Mr. Krebs. No, ma'am. I think in the 2020 budget, I think
what you are seeing is the rationalization of some Tier 1
acquisition programs, the life-cycle cost adjustments, and also
finding some efficiencies in other contracting programs. What I
am aiming to do is to push more resources out into the field
so, in part, I can minimize travel out of D.C. and have more
locally based assets. I can have the best tools, techniques,
and capabilities in the world, but if they are sitting in D.C.
and I don't have people out in the field to help carry them out
through the Secretaries of State, election directors, chief
security officers, whatever they are, then I am not optimized.
Ms. Kelly. Okay, thank you.
CISA and DHS have key roles to play in securing our
elections. Your Department needs to be ready, as you know, to
face down these threats and to help the states secure their
infrastructure. We will make sure you have the resources you
need to do so. It is important to all of us.
Mr. Krebs. Thank you, ma'am.
Mr. Lynch. The gentle lady yields back?
Ms. Kelly. Oh, sorry. Yes, I yield back.
Mr. Lynch. That is Okay.
The Chairman recognizes the gentleman from Maryland, Mr.
Sarbanes, for five minutes.
Mr. Sarbanes. Thank you, Mr. Chairman. Thank you for the
opportunity to participate today.
So, we all know what happened in the 2016 election. We know
what happened in the midterms in terms of attacks. We did a
pretty good job, from what I am hearing, of rebuffing those
attacks. But now we are looking down the barrel of the 2020
elections. Our intelligence community is obviously warning us
that we are going to be attacked again. In fact, FBI Director
Wray made the claim that he believes Russia treated the 2018
election as ``a dress rehearsal for the big show in 2020.'' So
the red lights are blinking, the alarm bells are going off. We
are under attack. It is clear to everybody.
Unfortunately, the attempts to elevate attention to this
and prepare for it in advance of 2020 have been met with
hostility by officials at the highest level of our government.
In fact, Mick Mulvaney was reported to have said that election
security ``wasn't a great subject and should be kept below
his''--meaning the President's--``level.'' And just last week
the Senate Rules Chairman, Roy Blunt, admitted that Senate
Majority Leader McConnell won't allow a vote on election
security legislation ``no matter the policy and no matter the
approach.''
When we passed the For the People Act in the House, House
Democrats essentially introduced a comprehensive set of
election security reforms that would protect the ballot box,
that would stymie disinformation campaigns, close loopholes
that allow foreign governments to intrude into our democracy.
Title 3 of H.R. 1 was just reintroduced by the Democrats as a
stand-alone bill that would address all of these important
issues and provide states and local governments with the
resources that you have described are necessary to make sure we
are ready for 2020.
So there are solutions that we have. We encourage and ask
our friends across the aisle to join us in this effort. This is
about American patriots, not Republicans or Democrats, fighting
back against these attacks on our democracy. So I thank you all
for being here.
I have a couple of questions, Commissioner Weintraub, for
you. Before I ask them, I did just want to say for the record I
have some significant concerns about the interpretive rule that
you announced earlier regarding the building fund account, both
as a matter of rulemaking authority within the FEC, but also as
a matter of policy. I definitely agree that we have to do more
to provide resources to our political parties to bolster their
cyber defenses, but I don't agree that the approach of relying
on big donors to do so, that that is the solution, and I am
going to offer some legislation that might pose an alternative
way forward and look forward to having a discussion with you
about that.
You said that we should not trust the next panel if they
tell us they got this. I hear you on that. I am a little
worried that, if the building fund is opened to big-donor
contributions, they might say with respect to that ``I got
this,'' if you get my drift. So that is the concern I have.
Let me ask you a couple of questions.
Ms. Weintraub. Could I comment on that, please?
Mr. Sarbanes. Well, let me get my questions in, and then if
you want to come back.
The Special Counsel chose not to prosecute campaign
officials for coordinating with the Russian government, and he
said his office's understanding of Federal law concerning
coordination was that you need an agreement, tacit or express.
But there is a definition of ``coordination'' in campaign
finance existing law, and McCain-Feingold expressly provided
that the FEC ``shall not require agreement or formal
collaboration to establish coordination.'' Is that your
understanding of existing campaign finance coordination law?
Ms. Weintraub. It is.
Mr. Sarbanes. Thank you very much.
Much has been made of the Special Counsel's inability to
value the opposition research that was solicited by campaign
officials, thereby informing the Special Counsel's decision to
not prosecute officials for an illegal solicitation of a
foreign government. In other words, they are saying we have no
way to figure out what the value of that is. But cash
contributions from foreign nationals are strictly prohibited
under existing campaign finance law. It could be one penny; it
is expressly and strictly prohibited.
So for purposes of the foreign national prohibition, does
the monetary value of an in-kind contribution matter, or should
Congress clarify that all in-kind contributions, much like cash
contributions, be prohibited? Do you think that would be a good
measure for us to undertake?
Ms. Weintraub. I believe that the current law is broad
enough to encompass in-kind contributions. However, I think
that clarification would be helpful, because my view of the law
is not always shared by my colleagues.
Mr. Sarbanes. Right. Well, hopefully we can undertake that
and make that clarification, and that will be another way of
protecting our elections going forward.
I have run out of time. I am sorry, but we can continue the
conversation offline.
I yield back.
Ms. Weintraub. Fair enough.
Mr. Lynch. The gentleman yields, and I thank you.
Ms. Weintraub, I would like to come back to that question.
I see the light bulb over your head and it seemed like you had
something you were eager to contribute, so I do want to give
you that opportunity. So just hold that thought.
Ms. Weintraub. Okay.
Mr. Lynch. The Chair now recognizes the gentleman from
Maryland, Mr. Cummings, for five minutes.
Mr. Cummings. Thank you very much.
Mr. Lynch. The Chairman of the full committee.
Mr. Cummings. Thank you.
Director Krebs, your Department is at the tip of the spear
when it comes to protecting our elections. One of my worries,
however, is that DHS and the Cybersecurity and Infrastructure
Security Agency do not have enough employees specifically
focused on securing our election infrastructure. According to
the DHS Inspector General report released in February 2019,
while DHS had one or two advisers to cover its 16 critical
infrastructure areas, the Department, and I quote, ``does not
have dedicated staff focused on election infrastructure.'' The
Inspector General's Office interviewed stakeholders who, and I
quote, ``expressed concerns about adequate DHS staffing, which
they reported hindered their ability to develop relationships''
with the Department.
How would you respond to that concern? Because it is a very
serious one.
Mr. Krebs. I think at a point in time it was absolutely
true. In 2016, I think the only people really in the Federal
Government that understood elections was Chairman McCormick and
her team and Chairman Weintraub. We came into this thing brand
new. Again, we are cybersecurity and physical security experts.
We still are. They are the election experts. We are the
security experts that come in and support.
So when you talk about the pointy tip of the spear, it is a
big, big spear. There are a lot of us on this team. So we
support state and local officials. We support the EAC. We
support the DOJ and FBI. This is a team effort.
At this point we have invested, with Congress'
appropriations, to support our election infrastructure team. I
have 17 full-time personnel dedicated to this issue, but I also
have the capability to reach into my entire organization and
draw any resource needed.
In the run-up to the 2018 midterm elections, in the month
prior to the election, I had over 550 individuals that were
working at the national, local, state level on elections. That
is pretty good. I can do better, I can do better. We can
continue to work with the EAC. We can continue to work with
state and locals. We can continue to invest in our people, and
our capabilities get more scalable, and that is my plan for
2020. We will have more full-time dedicated staff. I will have
more field staff to engage and ensure that 2020 is the most
secure election ever.
Mr. Cummings. So how many people will be permanent? Are
these basically temporary employees you are talking about
coming in, talking sort of seasonal?
Mr. Krebs. So DHS, keeping in mind DHS was established as a
bit of a surge organization, right? Whether it is a hurricane
or some other national emergency, we are able to surge
capabilities. So for 2018, we surged. We established task
forces. We cobbled together as many people as we could that had
relevant expertise. Over that time, we also institutionalized
as a program. So we have established since an election
infrastructure security program, an initiative, that is
dedicated permanent staff. My hope is by 2020 we will be well
over two dozen, pushing 30 personnel, dedicated full-time, but
able to draw on my field staff.
My field staff in the last two years, the demand signal for
election infrastructure support services has surged to the
point where it is basically a half-time job for my field team.
On the other half, they are doing school safety, houses of
worship, active shooter soft-target type work.
Mr. Cummings. Have you or your deputies asked CISA
employees to deploy to the U.S.-Mexico border?
Mr. Krebs. Yes, sir. As a matter of fact, the entire
Department asked that the components, whether it is TSA, FEMA,
anyone else, consider volunteering, or their personnel consider
volunteering to go down and help some of the logistic support
down at the border.
Mr. Cummings. So how many of your employees at CISA have
been sent to the border, and how many more are expected to be
sent?
Mr. Krebs. Across the agency, 10 have deployed, and I think
we have another 10 that are in an availability period where
they may deploy down, keeping in mind that across the agency I
have about 2,200 personnel. About 900 of them are cybersecurity
focused. Another 800 are physical security focused. I have some
communications specialists that are actual emergency
communications specialists, and I have mission support
personnel.
There will be risk-based decisions on people that deploy to
the border. If it is an election issue, if it is a critical
cyber operation, we will have conversations with supervisors
and understand whether that is something we need to reconsider.
Mr. Cummings. It sounds like they will be doing a number of
different jobs. Is that it? What will their responsibilities be
down there by the border?
Mr. Krebs. I would have to get back to you on the
specifics. Acting Secretary McAleenan testified this morning in
front of House Homeland and talked about this, but it is
logistical jobs. In some cases it is attorneys, it is driving.
The Federal Protective Service deployed some CDL drivers down.
So there are a number of logistics and support functions.
Mr. Cummings. If the Chairman would, just one last
question.
Are CISA employees appropriately trained and qualified to
provide security and support, the intake of migrants at our
southern border?
Mr. Krebs. Sir, again, I suggest that we work with the
Department legal team and the H.R. folks to figure out and
explain what the actual functions are. My understanding,
though, is that any person that goes to the border, whether it
is from TSA, FEMA, CISA, anywhere, is going to have the
appropriate training to do the function asked on the border.
Mr. Cummings. Thank you very much, Mr. Chairman.
Mr. Lynch. The gentleman yields back.
The gentleman yields momentarily to Mr. Hice, the Ranking
Member.
Mr. Hice. Thank you, Mr. Chairman.
Just a clarifying question, Mr. Krebs. Are you saying that
more resources are needed at the border? Because you are
sending people down there.
Mr. Krebs. Yes, sir. I think that is consistent with the
prior Secretary and the current Secretary's request.
Mr. Hice. Thank you for that clarification.
Mr. Lynch. The Chair recognizes the gentle lady from
Florida, Ms. Wasserman Schultz, for five minutes.
Ms. Wasserman Schultz. Thank you, Mr. Chairman.
In 2018, the White House eliminated the cybersecurity
coordinator position on the National Security Council.
Mr. Hickey, the National Security Council is responsible
for facilitating the implementation of Administration policy
and coordinating national security-related activities across
the interagency. Is that correct?
Mr. Hickey. That is my understanding, ma'am.
Ms. Wasserman Schultz. So would it be fair to describe the
National Security Council as a rudder that steers the U.S.
interagency?
Mr. Hickey. I don't know if they would like that analogy,
but they certainly play a critical coordinating role. They have
convening authority, and we meet with them frequently for that
reason.
Ms. Wasserman Schultz. Given the attitude of this
Administration, I agree, they probably wouldn't like that
description, but practically applied that is what they do;
correct?
Mr. Hickey. They play a critical coordinating function
across the interagency, yes.
Ms. Wasserman Schultz. Thank you.
Director Krebs, how has the absence of a cybersecurity
coordinator at the National Security Council affected the
Department's ability to coordinate its election security
activity strategically and effectively across the interagency?
Mr. Krebs. There is a PCC process established under NSPM-4
with specific election security coordination. So we do work
closely with the NSC, but it is also important to consider the
fact that under the operational authorities that I have, that
the DOJ, the FBI, the DIC, that DOD has, we are coordinating on
a daily basis on operations, and then those inform the actual
field activities. So I would not mistake the lack of a
coordinator for lack of coordination. It happens because it is
our job.
Ms. Wasserman Schultz. Mr. Krebs, the last time we spoke
was on May 1st, when you testified before the Appropriations
Subcommittee on Homeland Security, and at that hearing you
raised serious concerns about Russian operatives attempting to
influence our 2020 elections. I asked you then if the President
had received a briefing from you or anyone in your Department
on potential Russian interference in our elections in 2020, and
you said he had not received a briefing.
Administration officials have offered plenty of sound bites
suggesting the President is taking this issue seriously, so
today I would like to ask you again. It is May 22, three weeks
later. Has the President received a briefing from you or anyone
in your Department about threats of foreign influence in the
2020 election?
Mr. Krebs. Ma'am, I am going to take your word for it that
I said it that way.
Ms. Wasserman Schultz. You did.
Mr. Krebs. Okay. I am not privy to the President's daily
brief. He sees a range of intelligence----
Ms. Wasserman Schultz. I am asking if he has had a briefing
by you or anyone in your Department about threats--I mean, you
are responsible for election security--about threats----
Mr. Krebs. The DNI, ma'am, is responsible for working with
the President on intelligence matters. I am responsible for
helping state and locals protect their systems.
Ms. Wasserman Schultz. When I asked you at that meeting,
you said to your knowledge, you said the President did not have
a briefing on the threats potentially facing us in the 2020
election. Is that still true, to your knowledge?
Mr. Krebs. Certainly for me. Yes, ma'am, certainly for me.
Ms. Wasserman Schultz. Okay. Director Krebs, during a House
Homeland Security Subcommittee hearing on April 30th, you
described President Trump as, quote, ``the head coach for the
Administration's cybersecurity strategy.'' I played team
sports, so my question is if your head coach doubts the threat
of foreign interference, how does your team prepare your
defense, our defense, against our adversaries?
Mr. Krebs. Ma'am, as I discussed in that hearing, as I have
discussed with you in the Appropriations hearing, the President
supports the conclusions of the intelligence community
assessment of January 2017. He said that on the record several
times. So I have the guidance, I have the steerage I need from
the coach. We are executing. We are working closely with the
Department of Justice. We are working closely with the FBI. We
work closely with the intelligence community and the Department
of Defense. I have the guidance, I have the direction, I have
the strategy I need to be effective to support Chairwoman
McCormick and her constituents in the state and local election
community.
Ms. Wasserman Schultz. Okay. Well, President Trump has
repeatedly publicly expressed doubt about Russian foreign
interference in our elections. So how can we expect you and
your colleagues here to tackle these threats if you don't have
full buy-in from the White House, all the way to the top?
Mr. Krebs. Ma'am, again, he supports the intelligence
community assessment in 2017. I take him at his word. I have
what I need to go----
Ms. Wasserman Schultz. Reclaiming my time, I take him at
his word, because his words and deeds have demonstrated that he
doesn't think that there was Russian interference. He has said
that out loud. And his actions, particularly as it relates to
not taking it seriously enough to even bother to have an
election security briefing in advance of the 2020 elections, is
mind-blowing.
Mr. Krebs. Ma'am, again, I am not privy to every briefing,
every meeting he gets.
Ms. Wasserman Schultz. I know, but I am just going by your
answer to my question when I asked you, and I want to thank my
colleagues who raised rightful concerns today about the lack of
transparency regarding the hacking of two counties in
particular in Florida.
We received a briefing from the FBI, along with the rest of
our Florida delegation members, and while I can't share the two
counties that were hacked, I believe that investigators should
not be withholding that information from the real victims here,
the voters in those counties. The lack of transparency from top
to bottom in this Administration is stunning, and it diminishes
voters' confidence in our election system, makes voting less
likely, which unfortunately I think demonstrably has been shown
is this Administration's true interest.
Thank you. I yield back.
Mr. Lynch. The gentle lady yields back.
In concluding the business of this panel, Ms. Weintraub, I
want to just address a question to you, and I know you had
touched on this earlier in your opening remarks.
During the 2016 election, the Russian-based Internet
Research Agency conducted its disinformation campaign not only
by posting through fake accounts but also by purchasing ads on
various social media platforms. I believe in some cases they
paid in rubles, which should have been a tip.
Commissioner Weintraub, later today we will hear from
Twitter, Facebook, and Google, your friends over there. I know
you were throwing a little bit of shade on them earlier about
their efforts to increase political ad disclosures on their
sites. But given your role, your specific role with the Federal
Election Commission, I would like to hear your insights on this
issue.
Ms. Weintraub. Well, first of all, let me say that I do
think that the platforms are trying. They have taken steps and
they are able to move quickly in a way that I sometimes can't.
I have been trying to adopt new regulations on this, and it has
just been bogged down at the FEC in terms of not getting an
agreement from my colleagues on exactly what they are willing
to agree to. So that is a point of frustration for me.
But I think that the point that I am trying to make about
the platforms is that I really don't think this is something we
should leave entirely in the hands of the private sector,
because what they decide to do today they could take back
tomorrow and decide to do something less. So I think the
government has a role here to set standards and to make sure
that the platforms are complying with them, because it is an
awful lot of power that they have.
Mr. Lynch. Okay. Thank you very much.
I think this panel has suffered enough, and I want to thank
you for your attendance. If there are any further questions by
the members, obviously they can submit them in writing and we
will forward them to you, if you would be so kind as to answer
them in due course as rapidly as possible.
So this panel is recessed, and we would ask the next panel
to come forward, and we will continue with the hearing. Thank
you.
[Pause.]
Mr. Lynch. We now welcome our final witnesses on the second
panel and thank them for their testimony and their patience.
First of all, I would like to introduce the Honorable Bill
Galvin, Secretary of the Commonwealth of Massachusetts, a dear
friend and someone who I personally consider to be one of the
foremost experts on our election systems, and I think he has
done a remarkable job on behalf of our state where we have both
a very secure digital system as well as a paper back-up system,
which I think is commendable.
Richard Salgado, the Director of Law Enforcement and
Information Security with Google.
Nathaniel Gleicher, Head of Cybersecurity Policy with
Facebook.
And Kevin Kane, Public Policy Manager with Twitter.
If the witnesses would be so kind as to rise and raise your
right hand, I will begin by swearing you in.
[Witnesses sworn.]
Mr. Lynch. Let the record show that the witnesses have all
answered in the affirmative.
Thank you, and please be seated.
The microphones are sensitive, so please speak directly
into them.
Without objection, your written statements will be made a
part of the record.
And with that, Secretary Galvin, you are now recognized to
give an oral presentation of your testimony.
STATEMENT OF BILL GALVIN, SECRETARY OF THE COMMONWEALTH,
MASSACHUSETTS
Mr. Galvin. Thank you, Chairman Lynch and Ranking Member
Hice, and distinguished committee members of the Subcommittee
on National Security, for inviting me to testify today on the
safety and security of the Nation's election infrastructure and
the ongoing misinformation attempts to influence public opinion
and trust in our election system.
As you noted, my name is Bill Galvin, and I have been the
Secretary of the Commonwealth of Massachusetts since 1995.
During my tenure as Secretary, I have worked hard to ensure
elections in Massachusetts are fair, honest, and accurate. I am
proud of that effort. My office has successfully implemented a
statewide data base after passage of the National Voter
Registration Act and continues to make improvements to
implement state and Federal laws, including the Help America
Vote Act.
In recent years, however, new challenges have emerged. I
don't need to tell this committee what they are. I think you
have discussed it very thoroughly here. I am here today to
share with you the best practices we are using in Massachusetts
and explain the challenges we face and what must be done moving
forward.
Before addressing these topics, I think it is important to
note the differences in election administration throughout the
country and how this leads to unique challenges. Unlike the
majority of the country in which election administration is
county-based, in Massachusetts and the rest of New England, as
well as in Michigan and Wisconsin, elections are conducted on a
municipal level with local election officials in each of the
cities and towns. Local election officials in Massachusetts,
many of whom have responsibilities beyond elections such as
vital records, and some of whom are part-time, have varying
skills and expertise in security and overall information
technology knowledge, as well as varying access to the
resources likely available to county officials, such as onsite
technical help.
Our best practices are pretty basic. Voting equipment in
Massachusetts, all voters vote on paper ballots, and during my
administration that has been something I have insisted on. Some
ballots are hand counted, but most are tabulated through
scanners. Tabulators must be federally certified and then state
certified. Tabulators are not connected to the Internet, to
each other, or to any external device, either by Wi-Fi or hard
wire. Tabulators are required to undergo public logic and
accuracy testing before every election. Clerks test the
machines using the same ballot that will be used on election
day. Tabulators are locked into the ballot box throughout the
day. The keys to the ballot box and the tabulator are held by
the police officer present in every polling location. In the
event of a machine failure, voting continues and the ballots
are hand-counted in public view at the end of the night. In the
event of power failure, tabulators have a back-up that allows
them to continue to operate.
In the event of an emergency or machine failure, the paper
ballot can be hand-counted by poll workers. Voting can continue
despite the power failure or natural disaster or other
emergencies. Official results of the election are recorded by
hand and certified. Official returns of the votes are entered
into the statewide data base, and the official report must be
printed, signed, and certified by the clerk and transmitted by
mail.
Our statewide data base of voter registration is not on the
Internet. My office maintains and supports the statewide data
base voter registration system, VRIS. VRIS can only be accessed
through an isolated network that connects each of the local
election officials to my office. VRIS is not available via the
Internet, as I have said. Users can only access the statewide
data base using the work stations and equipment provided by my
office.
The network is monitored. Albert sensors throughout the DHS
are installed on the network. Each user has a unique username
and a complex password. Users have separate logins for
computers and for VRIS application on the computer. User
transactions are logged with a date and time of the action
taken.
The general cybersecurity is something that has always been
a concern. Even prior to the spotlight on cybersecurity in
2016, we had worked to develop our data network and keep it
secure. Prior to 2016, we contracted with independent vendors.
Since the threat emerged in 2016, efforts have increased,
including the addition of staff and tools to ensure the network
and infrastructure. Using the new HAVA funds, we have created a
robust cybersecurity team staffed by professionals. We use
proper protocols and passwords to make sure it is done.
I want to focus in the seconds that I have left on what I
think is the overarching issue that has to be dealt with, the
urgency of action. This election is now less than 18 months
away. If there is going to be any practical impact on what
happens in 2020 given the threats that have been discussed here
today, urgent action is needed, particularly at the level of
the EAC. Even in a state like mine, where equipment is used for
paper ballots, the need to process and certify new equipment is
urgent. The bureaucracy has to be streamlined. Action must be
taken now.
Given the amount of time left to acquire new equipment, to
train people on it, and to have it in service on election day
in 2020, there is no time. There is no time for bureaucracy. As
somebody who has successfully run bureaucracies now for almost
25 years, I will tell you that the only way to get that kind of
action is to demand time standards to make sure it is done.
Absent that effort, there will still certainly be problems
with equipment and with process in 2020, the very problems that
this committee has convened to hear about today. It is urgent
that this committee urge the Congress and the Administration
and the EAC and all the Federal bureaucracies that are here
today to take action and to take it now to support the State
officials involved.
Thank you very much for your attention.
Mr. Lynch. Thank you, Secretary Galvin.
Mr. Gleicher, you are recognized for five minutes.
STATEMENT OF NATHANIEL GLEICHER, HEAD OF CYBERSECURITY POLICY,
FACEBOOK
Mr. Gleicher. Chairman Lynch, Ranking Member Hice, and
members of the subcommittee, thank you for the opportunity to
appear before you today. My name is Nathaniel Gleicher, and I
am the Head of Cybersecurity Policy at Facebook. My work is
focused on addressing the serious threats we face to the
security and integrity of our networks and services. I have a
background in both computer science and law. Before coming to
Facebook, I prosecuted cybercrime at the U.S. Department of
Justice and built and defended computer systems and networks.
Facebook cares deeply about defending the integrity of the
democratic process. We don't want anyone using our tools to
undermine elections or democracy. We have dedicated substantial
resources to finding and removing malicious activity on our
platforms. In fact, we have more than 30,000 people working on
safety and security across the company, reviewing reported
content in more than 50 languages, 24 hours a day. That is
three times as many people as we had in 2017. And we have
nearly 40 different teams focused particularly on election work
across Facebook's family of apps.
We drive our election integrity efforts through a
combination of automated systems and expert investigative
teams. Our automated tools operate at scale, making any
attempted bad behavior more difficult, while our expert
investigators tackle the newest and fastest-moving threats.
This combination ensures that we can continually evolve our
responses as the threats change, identifying new trends early
and staying ahead of them as they develop.
We aren't perfect, and this is an ongoing challenge, but we
are improving every day.
Our election integrity efforts are focused on four major
areas: blocking and removing fake accounts; finding and
removing bad actors; limiting the spread of false news and
misinformation; and increasing transparency for political
advertising.
First, fake accounts are often behind harmful and
misleading content, and we work hard to keep them off Facebook.
In fact, we identify and remove millions of fake accounts from
the platform every day, many shortly after they have been
created.
Second, we focus on networks of deceptive behavior, which
we call coordinated inauthentic behavior, or CIB. This is when
networks of accounts, pages, or groups work together to mislead
others about who they are or what they are doing. When we
remove a network for engaging in CIB, it is because of the
deceptive behavior that the group engages in--for example,
using fake accounts to conceal their identity--not because of
the content they post, the actors they represent, or the views
they espouse.
We ban this kind of behavior so people trust the
connections they make on Facebook. And while we have made real
progress, it is an ongoing challenge because the actors engaged
in this behavior are determined and often well-funded. We have
to improve to stay ahead of them, including by building better
technology and working more closely with law enforcement,
security experts, and other companies.
Third, to combat false news, we follow a three-part
framework. We remove content that violates our community
standards. For content that doesn't directly violate our
community standards but still undermines the authenticity of
our platforms, like click bait or sensational material, we
reduce its distribution so fewer people see it, and we give
people more context about the information they see in News
Feed.
Finally, when it comes to political advertising,
transparency is critical. We work to ensure that people are
able to understand easily why they are seeing ads, who paid for
the ads, and what other ads that advertiser is running. We also
require election-or issue-related ads on Facebook and Instagram
to be labeled clearly, including a ``paid for by'' disclosure
from the advertiser at the top of every ad.
In support of all of these efforts, we opened our first
physical election operation center at our headquarters in Menlo
Park in advance of the U.S. midterms last year. We have a
dedicated team already focused on preparing for the 2020
election, and we will have an operation center set up to
support that effort.
We are proud of our ongoing work to protect the integrity
of our elections, but we know there is more to do. This is
fundamentally a security problem. As we continue to improve our
defenses, bad actors evolve their tactics. This is also a
whole-of-society challenge, which is why we focus on working so
closely with our colleagues in industry, in government, and in
civil society.
We will never be perfect, and we are up against determined
adversaries, but we are committed to doing everything we can to
strengthen our civic discourse and protect elections.
Once again, thank you very much for the opportunity to be
here today, and I look forward to answering your questions.
Mr. Lynch. Thank you, Mr. Gleicher.
Mr. Kane, you are recognized for five minutes.
STATEMENT OF KEVIN KANE, PUBLIC POLICY MANAGER, TWITTER
Mr. Kane. Chairman Lynch, Ranking Member Hice, and members
of the subcommittee, I am grateful for the opportunity to
appear before you today.
Twitter's purpose is to serve the public conversation, and
the public conversation occurring on Twitter is never more
important than during elections. I have provided more detail in
my written testimony but would like to briefly outline some of
the most important work we are doing to support the integrity
of our elections by fighting platform manipulation and
increasing transparency.
As the Internet evolves, so too do the challenges and
opportunities society faces. Following the 2016 U.S. elections,
Twitter's entire strategic posture changed. Collaborative
partnerships with peer companies, Federal agencies, law
enforcement, state governments, and civil society organizations
were key to our preparation ahead of the 2018 U.S. midterms.
Since January 2017, we have launched dozens of product and
policy improvements, expanded our enforcement and operations,
and strengthened our team structure, all designed to foster the
health of the service and protect the people who use Twitter.
We continue to promote the health of the public conversation by
countering all forms of platform manipulation. We define
platform manipulation as using Twitter to disrupt the
conversation by engaging in bulk, aggressive, or deceptive
activity.
We have made significant progress. In fact, in 2018 we
identified and challenged more than 425 million accounts
suspected of engaging in platform manipulation, of which
approximately 75 percent were ultimately suspended. We are
increasingly using automated and proactive detection methods to
find misuses of our platform before they impact anyone's
experience. More than half of the accounts we suspend are
removed within one week of registration, many within hours. We
will continue to improve our ability to fight manipulative
content before it affects the experience of people who use
Twitter.
In addition to our efforts to safeguard the platform, we
are committed to providing greater transparency around the
conversation regarding elections. We believe transparency is a
proven and powerful tool in the fight against misinformation
and disinformation campaigns. We have taken a number of actions
to disrupt foreign operations and limit domestic efforts at
voter suppression, and have significantly increased
transparency around these actions. We publicly released in
January a retrospective review of the activity that occurred on
Twitter regarding the 2018 U.S. midterm elections. Last fall's
midterms were the most tweeted about midterm elections in
history. Twitter facilitated a robust global conversation that
included more than 99 million tweets from the first primaries
in March through election day. I have provided a full copy of
our report, along with my submitted testimony, to be included
in the record.
Our commitment to transparency extends to providing a
unique archive of information operations to the public and
researchers. We have provided data and information on more than
9,600 accounts, including accounts originating in Russia, Iran,
and Venezuela, totaling over 25 million tweets. It is our
fundamental belief that these accounts and their content should
be available and searchable so members of the public,
governments, researchers, and the broad community can
investigate, learn, and build media literacy capabilities for
the future.
Information operations are nothing new and have been a tool
since before the dawn of social media. These operations
continue to adapt and change as the geopolitical terrain
evolves worldwide and as new technologies emerge. For our part,
we are committed to understanding how bad-faith actors use our
services.
We also have provided additional transparency with regard
to paid advertisements on Twitter. Last year we launched our
Ads Transparency Center where anyone, whether they have a
Twitter account or not, can search for all ads running on the
platform. You are able to find in our Ads Transparency Center a
significant level of detail associated with each ad, including
billing information, ad spend targeting, and impression data.
As I previously mentioned, partnerships are critical to
this work, including collaboration with Federal, state, and
local election officials. Since 2016, we continue to strengthen
relationships with law enforcement agencies, including the
Federal Bureau of Investigation's Foreign Influence Task Force
and U.S. Department of Homeland Security. Indeed, on election
day for the 2018 U.S. midterms, Twitter virtually participated
in an operation center convened by the U.S. Department of
Homeland Security.
In closing, our efforts enable Twitter to fight this threat
while maintaining the integrity of people's experiences on
Twitter and supporting the health of the conversation on our
service. Our work on this issue is not done, nor will it ever
be. I appreciate the opportunity to share our work with the
members of this subcommittee.
Mr. Chairman, I would like to thank you again for calling
this important hearing, and I look forward to your questions.
Mr. Lynch. Thank you, Mr. Kane.
Mr. Salgado, you are now recognized for five minutes.
STATEMENT OF RICHARD SALGADO, DIRECTOR OF LAW ENFORCEMENT AND
INFORMATION SECURITY, GOOGLE
Mr. Salgado. Chairman Jordan, Chairman Lynch, Ranking
Member Hice, and members of the committee, thank you for
inviting me to testify today about Google's efforts to promote
election integrity. I appreciate the opportunity to discuss our
efforts in this space.
My name is Richard Salgado. As the Director of Law
Enforcement and Information Security at Google, I work with
thousands of people across teams at Google to protect the
security of our networks and user data.
Google's mission is to organize the world's information and
make it universally accessible and useful. Efforts to undermine
the integrity of democratic elections are antithetical to that
mission.
In my testimony today, I will focus on four areas where we
are making progress to help ensure the integrity of elections.
First, we are working to empower people with information they
can trust when going to the polls. Second, we are helping
defend campaigns, candidates, and others from network attacks.
Third, we are combatting misinformation. And fourth, we are
improving transparency of election advertisements.
I will start by addressing a few of the ways we are helping
to empower people with information about their elections. We
created our search engine in 1998 with a mission of providing
greater access to information. To this end, Google aims to make
civic information more easily accessible and useful to people
globally.
In 2018, for example, we helped people in the U.S. access
authoritative information about registering to vote, locations
of polling places, and the mechanics of voting. We have
partnered with organizations like the Voting Information
Project and with the offices of 46 Secretaries of state to
achieve this goal. On election day, we serviced election
results for U.S. Congressional races directly in Search in over
30 languages.
We have also made voting information freely available
through the Google Civic Information API. Over 400 sites have
availed themselves of this API.
Google also offers a broad array of services and tools to
help campaigns, candidates, and election officials reduce the
likelihood of a successful security breach. We have multiple
internal teams that work together to identify malicious actors,
disable attacker accounts, secure victim accounts, and share
threat information with other companies and law enforcement
officials. In addition, Google's Threat Analysis Group, a
dedicated team of security professionals, further detects,
prevents, and mitigates government-backed threats, including
through the use of warnings to users when we believe they may
have been the targets of government-backed attacks.
In 2017, we unveiled the Advanced Protection Program, which
provides the strongest account protection that Google offers.
As part of that program, we have conducted extensive outreach
to promote the use of security keys, which protects users from
more sophisticated and targeted phishing campaigns.
Similarly, Google's safe browsing tool helps protect more
than 4 billion devices from phishing. Safe browsing hunts and
flags malicious extensions, helps block malicious ads, and
shows warnings about websites it considers dangerous or
insecure.
Separately, Google and Alphabet's Jigsaw Group have
partnered on Protect Your Election, a suite of tools to help
campaigns, candidates, and election-related websites protect
themselves online. The initiative includes Project Shield, a
free tool to mitigate the risk of distributed denial-of-service
attacks.
We also recognize that it is critically important to combat
misinformation in the context of democratic elections. This is
especially important when users are seeking accurate, trusted
information that will help them make critical decisions. We
have a natural, long-term incentive to prevent anyone from
interfering with the integrity of our products, and we have
worked hard to curb misinformation.
Our efforts include designing better ranking algorithms and
implementing tougher policies against misleading behavior, and
deploying multiple teams to identify and take action against
malicious actors.
At the same time, we have to be mindful that our platforms
reflect a broad array of sources and information, and there are
important free speech considerations. There is no silver
bullet, but we will continue to work to get it right.
We have also been working hard to make election advertising
more transparent. In 2017, we committed to making improvements
to this important area, and we have delivered on our
commitment. This includes a verification program for
advertisers purchasing U.S. Federal election ads, in-ad
disclosures of the name of the advertisers and, of course, a
transparency report for election ads.
Looking forward, we are thinking hard on how to bring more
transparency to election advertising online.
In conclusion, we appreciate that there is no panacea for
the challenges that lie ahead, and we commend the committee for
its efforts to ensure that we are collectively taking concrete
steps to protect the integrity of our elections. Google is
committed to building on our progress.
Thank you for the opportunity to address these issues, and
I look forward to your questions.
Mr. Lynch. Thank you.
There are currently seven votes scheduled on the floor.
There is no time remaining prior to votes commencing. There are
260 members not voting yet, among us as well. So we will recess
for those seven votes, and the committee will reconvene five
minutes after the last votes on the floor. Thank you.
[Recess.]
Mr. Lynch. Welcome back. We apologize for the delay with
votes on the floor.
I now yield myself five minutes for questioning.
Secretary Galvin, the Omnibus Appropriations Act, enacted
by Congress back in March 2018, included about $380 million for
grants distributed under HAVA, the Help America Vote Act, to
assist states in securing their voting systems against
malicious cyber-attacks and other vulnerabilities. HAVA marked
the first Federal appropriation for this purpose in over 10
years.
In July of last year, the U.S. Election Assistance
Commission announced that each of the 55 eligible states and
territories had already requested 100 percent of the newly
appropriated funds. According to the Election Assistance
Commission, the Commonwealth of Massachusetts applied for and
received nearly $8 million in grant funding. Is that correct?
Mr. Galvin. Yes.
Mr. Lynch. I think you are sort of a model situation where
we have a paper back-up system. I vote there, so I am well
aware of your system. Can you discuss some of the key election
components where you applied that money, and maybe some gaps
that continue to exist that could use some additional funding?
Mr. Galvin. Well, first of all, Mr. Chairman, we had a
pretty good system regarding our data base. Primarily it was on
the data base side, what we used the appropriation for. As I
mentioned during my regular testimony, we had vendors hired to
make sure to protect our system.
With the new moneys that were made available, we upgraded,
and as a result we were not subjected to attempted hacking in
2016, or so we were informed by Homeland Security.
Nevertheless, as I frequently have pointed out, while the focus
appropriately is on foreign action, it is also possible people
domestically could do it.
Mr. Lynch. Oh, sure.
Mr. Galvin. As you are well aware, we have many
institutions of higher learning in Massachusetts who have
students who think they are geniuses, and probably are. The
fact of the matter is, it is a challenge for them to think
about breaking into things like our system.
So what I did after getting the new funds was to upgrade
the quality of the security we had. We also have a specific
person on staff now who only deals with cybersecurity issues.
We continue to look forward to ways to implement our system.
The data base we created or we built is now approaching its
20th anniversary. We are going to have to replace all of it
after the 2020 election. So we are looking to ways to make it
more secure.
As I also mentioned in my affirmative testimony, because of
the network by which we operate in Massachusetts and other New
England states where we rely upon local communities and local
election officials, some of whom I don't appoint and have no
direct control over, we have to try to integrate them into our
system. So much of the funds have been used to try to do that,
to upgrade the quality of what they are doing at their local
level to protect against any sort of intervention there.
With regard to equipment, we are looking at ways that in
the future we can upgrade our equipment. One of the ways, for
instance, where EAC action would be very helpful is electronic
poll books. We are not allowing them to integrate with our
system right now because we do have security concerns about
them, but they could be helpful if there was a way to be
assured of the quality of the security that they would be
using, especially for things like early voting and other
aspects of our election system.
Mr. Lynch. Just to be clear, I know you testified that back
in 2016, the analysis that was done, there were no breaches in
Massachusetts.
Mr. Galvin. That we were informed of. There had been
attempts going back many years. We know something occurred, an
attempt, but there have been no successful breaches as far as
we know, and we----
Mr. Lynch. What about 2018? What about the midterms?
Mr. Galvin. Again, there were curious events that occurred
but no breaches as far as we know.
Mr. Lynch. Okay. I know this is an open forum, but to the
extent possible, can you describe key actions that
Massachusetts has taken to safeguard voting systems against
that kind of foreign interference?
Mr. Galvin. Again, as I mentioned, the key for us in terms
of the equipment is we use a paper ballot system, so we also
have the paper cards to fall back upon. So the only aspects of
the system that could be electronically hackable would be the
tabulators, which I mentioned again in my affirmative
testimony. They are tested all the time. If there is a failure
in the tabulator, we still have the cards to work with.
The data base for voter registration information is not on
the Internet, so we have kept it secure that way. We continue
to have concerns, like I mentioned the electronic poll book.
Some communities have used electronic poll books internally for
early voting and things like that, but we don't let them
connect it to our system.
So there are concerns we have about all of these things
that are going forward, and I don't think any of us can say we
have a perfect system, nothing bad could ever happen to us.
That is not true. We have to be vigilant.
One of my great concerns, I mentioned this earlier, about
the certification process is all of us at the local level,
state and local level that are dealing with election
administration are going to have to replace equipment. We need
the EAC to move on equipment as fast as possible. It is not
happening, and I think you brought that out today in the
testimony you received from them. That is the biggest problem
all of us have, no matter what kind of system you have right
now, anywhere in the United States.
Mr. Lynch. I do have one data point, that when we did the
analysis, 45 states have systems that are no longer
manufactured, no longer currently manufactured. That tells you
how--these are legacy systems that are completely outdated.
Mr. Galvin. We have communities--you are familiar with the
city of Lawrence, Massachusetts. They are a poor community.
They want to replace their equipment. They need to replace it,
and everything if paper ballot. But still, with the
technologies that are available, the ones they would like to
buy haven't been certified. We are concerned that if they were
to make an investment in the ones that are currently available
and certified, they may be replaced within the next few years,
during the life of the equipment they purchased, and not have
any money to replace them with. So it is a dilemma.
Specifically, I think we all see 2020 as having a very,
very large turnout. We had a big turnout last year. We are
going to have bigger turnouts in 2020. We all know that. And
given the awareness the public has about voter security, which
is a good thing for the most part, there is going to be
anxiety. So we want to make sure we allay that anxiety by
having the best equipment possible. Whatever state you are in,
whatever kind of system you have that the local officials are
trying to use, we want to give them the best equipment.
The problem right now is to make sure the bureaucracy
functions to effectively give local officials options when it
comes to equipment. That is not happening.
Mr. Lynch. Right. Thank you.
I now yield five minutes to the Ranking Member.
Mr. Hice. Thank you, Mr. Chairman.
I knew coming into this, quite frankly, that we were going
to hear the excellent work that these three companies are doing
to try to safeguard their users from foreign interference. I
get that.
My concern, though, is the active engagement from these
companies into the speech of users as a publisher rather than a
platform. Just last week, I believe it was, a Facebook memo
leaked that catalogued so-called ``hate agents,'' and of course
it included some conservative individuals, Candace Owens. In
fact, Mr. Speaker, I have a screenshot of that that I would ask
unanimous consent be added to the record.
Mr. Lynch. Without objection.
Mr. Hice. Thank you.
And I look at this with great concern. We have heard of it.
We have had hearings about this type of thing.
Mr. Gleicher, let me ask you, it has been confirmed from
Facebook that these ``hate agent'' lists exist, and you guys
are supposedly a neutral platform. But doesn't the existence of
these type of actions really create a type of election
interference that you are trying--at least you say that you are
trying to avoid?
Mr. Gleicher. Congressman, thank you for the question. So
the question that you are asking is an important one. Facebook
is a platform for ideas across the spectrum. Whenever we are
thinking about creating a new policy or changing the line in a
policy, one of the things that we do is we look at what effect
that might have, and in particular would it have any unintended
consequences.
So in this context, we developed a list of people who are
engaged in the public debate around white nationalism, white
separatism, people who might be affected by this policy change,
so that we could do the due diligence to understand what affect
the change in this policy would have. This was an internal list
so that we could do that type of analysis.
Ms. Owens was not affected by the policy, and----
Mr. Hice. She was initially. She got put back on, but she
was.
Mr. Gleicher. Congressman, these are actually two separate
points. So, she was on the list, along with a number of other
people, because we wanted to understand what affect the policy
would have.
Mr. Hice. So, look, if you are engaged in curation of
speech, you are de facto a publisher rather than a platform,
and that is part of the issue here. I understand there are
algorithms and all this kind of stuff, all these words you are
catching and all this kind of stuff. But the code also includes
de-boosting and shadow banning, and again there have been
multiple examples of that--Steven Crowder, Daily Caller, and
others. I mean, this goes on and on.
So doesn't even the algorithm itself indicate a bias that
has been placed into the algorithms?
Mr. Gleicher. Congressman, we are a platform for ideas. One
of the things that is most important for us is to ensure that
there is a space where people can speak safely and engage in
public debate, robust public debate.
Mr. Hice. And there is a problem with that, which makes the
whole platform issue in itself debatable, as opposed to being a
publisher.
Mr. Gleicher. I think one of the critical things in
creating a space for public debate is to ensure that when
statements cross the line into violence or threats or clearly
are hate speech, we are able to take action in that space to
ensure that people can engage in a discussion.
Mr. Hice. There is not that kind of conversation going on
with Steven Crowder and Daily Caller. I mean, therein lies the
problem. You can say what you want to say, but there are issues
where conservatives are the ones oftentimes, most of the time,
who are on the short end of this stick. One of your engineers,
DeRuvo--I don't know how to pronounce his last name, but he
actually made the statement, he said one strategy is to shadow
ban so that you have ultimate control. The idea of shadow
banning is that you ban someone and they don't know that they
have been banned, because they keep posting but no one sees it,
no one sees the content.
This is taking place, and it is inexcusable. We have got to
get to the bottom of it, and it doesn't stop there. There was a
report in May 2016 of stories of interest to conservative
readers on Facebook who were routinely suppressed by human news
curators. So there is both a problem with the human and the
artificial. Bias is the problem that has got to be addressed.
Mr. Gleicher. Congressman, we have a range of systems in
place to address conscious or unconscious bias, and I think by
combining--we have rigorous training programs and automated
systems, and most critically we have an appeals process because
we are not going to get every one of these right. We will make
mistakes.
Mr. Hice. Well, it has got to get right as we are coming
into another election cycle. We don't have time for appeal
after appeal after appeal. These issues are problematic now,
and I want to see--and my time has expired, but I want to see
the solutions that you are coming up with in the political
spectrum primarily directed against conservatives who do not
have a voice. And this is not just toward Facebook but it is
Twitter--we are seeing this kind of thing across the board. The
transparency, we can talk about all these fancy things that we
want to do, and I appreciate the effort that is being done, but
the transparency and the outcome has still got to be resolved
that this is indeed a platform and it is not a publisher where
speech in itself is being censored.
And with that, Mr. Chairman, I will yield. Thank you.
Mr. Lynch. The gentleman yields back.
The Chair now recognizes the gentle lady from Illinois, Ms.
Kelly, for five minutes.
Ms. Kelly. Thank you, Mr. Chair.
The Special Counsel's report detailed an extensive Russian
social media influence campaign during the 2016 Presidential
election, primarily coordinated by the Internet Research
Agency. As part of this operation, the IRA purchased political
advertisements on social media in the name of U.S. individuals
and organizations. The intent of these ad purchases was to,
quote, ``reach larger U.S. audiences.''
Facebook has reported that the IRA purchased over 3,500
political ads on its platform, totaling an estimated $100,000,
before the 2016 election. Google likewise discovered that
thousands of dollars in advertisements on YouTube, Google
Search, Gmail, and other company products were purchased by
accounts associated with the Russian government during the 2016
election cycle. Political ads were also purchased from Russian
Internet or physical addresses or using Russian currency.
Mr. Gleicher--is it Gleicher? What is it?
Mr. Gleicher. Gleicher.
Ms. Kelly. Okay, I want to say it correctly. Can you
briefly discuss the nature of these ads and give us an estimate
on how many times they were viewed?
Mr. Gleicher. Thank you, Congresswoman. One of the actually
most important things that we have done in the wake of 2016 is
a range of things to address the types of challenges you are
talking about, particularly political advertising and ways that
could be used by a foreign actor. I spoke in my opening
statement a little bit about some of our transparency tools,
but another piece that is important here is that we have
imposed additional registration requirements and verification
requirements, so that if someone wants to run political or
issue ads in advance of an election, they have to verify that
they are domestic actors, they have to provide an address, and
they have to provide identifying information about themselves
to tackle exactly the challenges you are talking about.
Ms. Kelly. So can you give me the nature of the ads and
give us an estimate of how many times they were viewed from
before? Do you know?
Mr. Gleicher. So, for the ads that were published around
the context of 2016 and 2017, we released those to Congress
with the ads and with some information about how many
impressions each received, and that information is public. I
don't have the specific numbers on me right now, but all of
that information has been made public.
Ms. Kelly. Okay. The purchase of political ads online has
remained a tool of foreign election interference. In September
2018, the Department of Justice charged a Russian national with
conspiring to interfere with the U.S. political system. As an
alleged accountant for a Russian foreign influence operation
known as Project Lakhta, the defendant spent over $60,000 on
Facebook ads and over $6,000 for ads on Instagram prior to the
2018 midterm elections.
Can you again--I missed your opening statement. Can you
briefly discuss the steps you have taken since 2016 to increase
transparency and accountability in online ad purchases?
Mr. Gleicher. Certainly, Congresswoman. So first, in the
context of transparency, what we have done is we have created
an ads library where any ad that is political in nature, that
is specifically about a particular candidate or involves a
political issue, will be visible in public for seven years.
People will be able to see who ran the ad, how much was spent
on it, the types of people who saw it, and in particular they
will be able to see if individuals or groups ran multiple ads.
So, for example, one could see if someone was running one
ad to one community saying their taxes would go up, and another
ad to a different community saying taxes would go down. That
type of transparency actually has already enabled a number of
researchers to identify mismatches and concerning trends. One
of our key goals has been to empower the public and researchers
to be able to see some of these patterns.
That is one piece of the work, and then the other piece is
that verification work that I described to you, and what is
most encouraging about that is we have seen instances of
foreign actors since those controls were in place trying to get
verified and then failing.
Ms. Kelly. That is good news.
In her statement, Federal Election Commission Chairwoman
Ellen Weintraub testified to how foreign adversaries can
contribute to a 501(c) organization that can, in turn,
contribute funds to a Super PAC without disclosing the foreign
source of money. Furthermore, a foreign-owned LLC can
contribute to a 501(c) or a Super PAC without those entities
ever disclosing the true owners of the LLC.
What additional steps do you think are needed to limit the
use of digital ads by hostile state actors to interfere in
elections? And you can answer, Mr. Kane can answer, or Mr.
Salgado, or all of you.
Mr. Kane. Ma'am, thank you very much for that question. It
is a very important point. Similar to Facebook and Twitter, we
have a very robust and rigorous process for those who seek to
purchase political ads. The process takes about a week, and if
an organization or an individual doesn't have an FEC I.D., it
involves the U.S. Postal Service and getting forms notarized.
We have built a lot of friction into the process to deter bad
actors.
Once an ad is certified to run political ads, it is
available and searchable. You do not have to have a Twitter
account to see what political ads are running, who paid for
them, and the impressions of their tweets and information like
that. That information is all available, and it is going to
stay up for an indefinite period of time.
Ms. Kelly. I am out of time, so I don't know if you want
Mr. Salgado to answer.
Mr. Salgado. I am certainly happy to answer that, as well.
We also have the same sort of verification process for election
ads that requires the proof of identity and the various numbers
that show that they are campaigns. We are very live time when
an ad is actually displayed. We have the ability for the user
to see who is behind the ad. So when it is displayed, it would
either be displayed underneath the ad saying who actually is
the purchaser of the ad, or they will be able to click through
and easily find it.
We also have a transparency report about the ads so that
even if you were never served an ad, you can actually go and
look at spends by different purchasers of ads and get a pretty
good deep dive into what sort of content is being displayed
through the different campaigns.
Mr. Lynch. The gentle lady yields.
The Chair now recognizes the full committee Ranking Member,
the gentleman from Ohio, Mr. Jordan, for five minutes.
Mr. Jordan. I thank the Chairman.
Mr. Kane, does Twitter shadow ban?
Mr. Kane. No, sir.
Mr. Jordan. Last summer, were there accounts, were there
Twitter accounts that were not being auto-suggested?
Mr. Kane. Yes, sir. There were approximately 600,000
accounts across the platform that were not auto-suggested. Once
you click Search, the accounts that you were searching for came
right up. But we identified that bug and fixed it within about
24 hours, and then publicly explained exactly what happened
with regard to that issue.
Mr. Jordan. Six-hundred thousand?
Mr. Kane. I apologize; 600,000. Yes, sir.
Mr. Jordan. How many total Twitter accounts are there?
Mr. Kane. Approximately--we have about 330 million monthly
active users.
Mr. Jordan. Three-hundred thirty million, but only 600,000
had this auto-suggest feature not work; is that right?
Mr. Kane. Yes, sir, that is my understanding.
Mr. Jordan. How many of those 600,000 were Members of
Congress?
Mr. Kane. I believe the number was approximately four.
Mr. Jordan. Do you know who those four were?
Mr. Kane. I believe one was your account. I believe
Congressman Meadows, Congressman Nunes, and I can't recall the
fourth off the top of my----
Mr. Jordan. Mr. Gaetz.
Mr. Kane. Yes, sir, that is correct.
Mr. Jordan. So only 600,000 out of 330 million. There are
435 members of the House, and 100 members of the Senate, 535
accounts. But four of them had this happen to them, and they
just happened to be four Republicans, four conservative
Republicans. Was that just an accident?
Mr. Kane. Yes, sir.
Mr. Jordan. Total accident.
Mr. Kane. Yes, sir, and that is exactly why we fixed the
problem.
Mr. Jordan. Okay. You can assure this committee that there
is no shadow banning that ever takes place with Twitter
accounts?
Mr. Kane. Yes, sir. Twitter does not shadow ban.
Mr. Jordan. Okay. So, I think you said earlier in your
opening testimony 99 million Tweets were sent last election
cycle; is that right?
Mr. Kane. Yes, sir. Between March and November of last
year, there was approximately 99 million tweets associated with
the U.S. midterms.
Mr. Jordan. So four Republican accounts had a problem with
them that made it difficult for people to access those accounts
during that timeframe; is that right?
Mr. Kane. Yes, sir. We provided to the committee--we
provided information in terms of the follower graphs over a
period of time, and we noticed no impact whatsoever in terms of
the amount of followers that each of those accounts received
over time.
Mr. Jordan. They grew?
Mr. Kane. Yes, sir.
Mr. Jordan. That is right, they did grow. They actually
grew during the time that you were actually making it difficult
for people to access those four accounts. What is interesting,
once you fixed the problem, they grew a lot faster. So there
may have been an impact.
Mr. Kane. Sir, it is difficult to determine. There were a
number of Members of Congress who were talking about that
issue, which could generate more interest and lead to more
followers. It is difficult to determine motives.
Mr. Jordan. Has it happened since?
Mr. Kane. Not that I am aware of, sir.
Mr. Jordan. Were there any Democrats that had their
accounts--the same thing happen to them?
Mr. Kane. Sir, with 600,000 accounts worldwide, that
accounts for a number of views across the ideological spectrum.
And so I feel very----
Mr. Jordan. No, no. I meant--fair enough. Democrat officer
holders.
Mr. Kane. I don't recall, but I would be happy to followup
for the record. I know that there was a few individuals who, at
the state level, were of the Democrat Party that were running.
I don't have those specific names, but I would be more than
happy to see what we can provide for the record.
Mr. Jordan. Mr.--is it Gleicher? Mr. Gleicher?
Mr. Gleicher. Yes, Congressman.
Mr. Jordan. I think earlier you said that you would, when
you have bad actors, they are removed, their comments or
whatever are taken down. Who defines who the bad actors are?
Mr. Gleicher. Thanks, Congressman. Specifically, there I
was talking about actors that we see who are engaged in
coordinated inauthentic behavior, which is the coordinated use
of fake accounts and other assets to manipulate people, and in
particular to deceive users about who they are or what their
purpose is.
Mr. Jordan. Okay.
Mr. Kane, same question. Bad actors on Twitter, who defines
who is a bad actor and who is not, and what happens with those
accounts, with those individuals?
Mr. Kane. Yes, sir. We have a number of policies to support
the conversational health of Twitter. We have clearly defined
policies on fake accounts. We have clearly defined policies on
spam. So it is a broad range of issues as we continue to focus
on improving the health of the conversation. It is not just one
particular area.
Mr. Jordan. Thank you.
Mr. Chairman, I yield back.
Mr. Lynch. The gentleman yields back.
The Chair now recognizes the gentleman from California, Mr.
DeSaulnier, for five minutes.
Mr. DeSaulnier. Thank you, Mr. Chairman. Thank you for this
hearing.
Mr. Galvin, thank you for your years of service. Given your
years and how diffuse our oversight is, and given what you have
heard today from these three companies that have a net worth
and financial resources greater than most states, how do we
hold them accountable? This is all nice to hear, but, quite
frankly, people don't trust the three of you the way they did
five or 10 years ago in your organizations. They don't trust
Congress very well, either.
So in a diffuse election process, how do you as an election
overseer, who has seen years of traditional miscommunication,
how do we make sure that we have the right oversight
nationally?
Mr. Galvin. Well, it is very hard. Obviously, at the same
time we want to protect people's freedom of speech, and it has
been a problem that pre-dates the particular manifestation that
this represents.
I think this hearing is a good start. As you know, a number
of national spokespersons and candidates for president have
suggested breaking up some of these entities. I am not sure
that is necessarily the solution, although it is a reasonable
suggestion to discuss.
I think I am very focused on the 2020 election because I
think that is going to be defining in terms of policy going
forward on elections. You are quite correct in saying that the
whole situation has changed dramatically, certainly over my
tenure. I think the question is what kind of scrutiny is going
to be provided, and the scrutiny is not simply over how they
use their platforms, it is going to be how people use them and
what they do about it.
I suppose the best solution immediately is disclosure. I
think the Congress going forward has a role to play in terms of
monitoring not only their activity but, as I mentioned earlier,
the activities of some of the bureaucracies that interact with
the states, and the activities of the states.
While the states are sovereign states when it comes to
election issues, nevertheless we want to make sure that states
are performing correctly and adequately in terms of equipment
and the maintenance of their data bases.
So I think in the short run--and I made a big point
earlier, and I will recite it again--we have 18 months now left
to this election, and the election is underway for all intents
and purposes. I think regular scrutiny and updates, whether it
is on equipment, preparation, certification, or conduct, is
necessary. There has to be some mechanism by which all of these
things are reviewed on a regular basis, and I think the
Congress can contribute to that, I really do. Whichever point
of view is represented, having that scrutiny out there for all
of us I think is going to be helpful to making sure the whole
process is transparent.
Mr. DeSaulnier. I appreciate that, Mr. Secretary.
To the three companies, as someone who moved from Boston to
San Francisco in the 1970's, I have been to all your
headquarters. I have been very proud of you as part of the
culture of San Francisco, but my relationship has soured
because of this and because of other things, and this is a real
defining time for all three of you, and I think you are all
aware of this, about trust.
In your innovation, we had an earlier hearing about facial
recognition, and all three of us were there, and I hear you are
inhibiting innovation if you are a policymaker and you question
tech companies at all. And now you are here. I wish there was a
way we could work with you so that we all were on the right
page.
Having said that, and this is directed to Mr. Kane, MIT has
done a study not long ago that looked at false rumors, negative
rumors on your platforms, all of social media, and how quickly
that goes out. There is something about human nature that likes
to--it is just like the car crash. There is certainly a lot of
research and books that have been written about how you make
money off of--I mean, in the newspaper business it used to be
``if it bleeds, it leads.'' Your models are much more
sophisticated.
So my question is there are human factors--the National
Labs study human factors for the Secret Service, for public
safety, and for NASA. We are learning more and more about how
the mind works. You folks are spending a lot of money on that,
to make more money.
How do we incorporate human factors as we anticipate, not
just identify, somebody who is on your platform or using your
infrastructure to affect democracy and elections? How do you
sort of go a step forward as related to the MIT study? The
quote I have here as part of that study, on the negative
effects and rumor cascades: ``This implies that misinformation
containment policies should also emphasize behavioral
intervention, like labeling, and incentives to dissuade the
spread of information, and looking into human factors in
neuroscience.''
So do you have any response, any of you, to that? Mr. Kane
to begin with.
Mr. Kane. Yes, sir. Thank you very much for that question.
Partnerships are absolutely vital for the work that we do to
better understand the current threat, which is always evolving,
and to help better inform our policies and product changes.
Just as recently as this week, Oxford released a study that
found, with regard to the conversations around the elections in
the EU, that less than four percent of tweets shared
information from low-quality content. I refer to the Oxford
study for their definition of low-quality news content. So we
are clearly making significant progress as we continue to fight
platform manipulation, as we continue to clean up the platform
and develop new policies around fake accounts and other areas
as well.
Mr. DeSaulnier. Mr. Kane, maybe I didn't communicate this
well, but the MIT report is more about you looking at
behavioral trends and human factors. You make money off of--all
of you, as I understand it, make money off of oftentimes when
people are upset. You may not be doing that deliberately. So in
this instance, you want to identify people who are spreading
false rumors.
So the MIT study, as I read it, is looking at that larger
tendency, that people like negative news. So the question was
what can you do about that, not specifically as to individual
cases but more globally.
Mr. Kane. Yes, sir. We are looking at developing four key
indicators to help measure conversational health. You can
measure the temperature of your body to gauge how healthy you
are, but we want to try to better measure the health of the
public conversation.
There are really four criteria: one is shared attention;
two being shared reality; three being variety of opinions; and
four being receptivity. So we are constantly working with the
research community to help better gauge how we can modify our
systems to support a healthy conversation.
Mr. DeSaulnier. Okay. I will just conclude. Thank you, Mr.
Chairman, for the indulgence.
For me, as somebody who respects innovation and respects
what you have done from a Bay Area perspective, all of us would
agree that if history looks back and looks at these companies
as contributing to the lack of trust in American democracy,
that is a hell of a legacy we will all live with.
Mr. Lynch. The gentleman yields.
Just using a little bit of traditional news time, I just
want to clarify shadow banning. You basically ban someone but
you don't let them know that you are banning them; right?
Mr. Kane. That is my understanding of the definition, and
that is a practice that Twitter does not do.
Mr. Lynch. So you shadow banned four Members of Congress?
Mr. Kane. No, sir. What occurred was in the auto-complete
feature in Twitter, when you go to type in the name of an
account that you want to see on Twitter, you had to click
Search to actually search for the content. Certain accounts
were not automatically suggested. You could easily find the
accounts you were looking for by clicking Search.
Mr. Lynch. But you couldn't find these four folks.
Mr. Kane. No, sir. You could by clicking Search.
Mr. Meadows. Mr. Chairman----
Mr. Lynch. Go ahead.
Mr. Meadows. Mr. Kane, listen, this is not our first rodeo
together. I assume you were----
Mr. Lynch. I am going to recognize you for five minutes.
Mr. Meadows. All right. Thank you.
So, Mr. Kane, you are sworn in, right?
Mr. Kane. Yes, sir, I am.
Mr. Meadows. So when you found the fact that we were not
auto-suggesting, as you would say, were we treated any
different than the other Members of Congress at that point?
Mr. Kane. Sir, when we found the feature, we worked to
immediately correct it.
Mr. Meadows. So you found it on your own?
Mr. Kane. Sir, I can't recall the exact source----
Mr. Meadows. You prepared for this. You knew I was going to
be here. So how did you find the problem, Mr. Kane?
Mr. Kane. Sir, my work is focused on the integrity of the
United States elections, and that is my primary----
Mr. Meadows. But you anticipated that you would have to
answer this question today; didn't you, Mr. Kane?
Mr. Kane. Oh, absolutely. Certainly. Yes, sir.
Mr. Meadows. Okay. So when you did your research and you
looked at this, at what point were four Members of Congress
treated different than the other 531 Members of Congress?
Mr. Kane. Sir, when this was brought to our attention, it--
--
Mr. Meadows. How was it brought to your attention?
Mr. Kane. I believe it was a media article that----
Mr. Meadows. So you didn't find it on your own, because
that is what you just told Mr. Jordan a few minutes ago, that
you found it on your own, because you found it the same way I
did, which was reading about it in Vice News. Didn't you find
it that way?
Mr. Kane. Sir, I believe so, and that was my----
Mr. Meadows. Okay, but you didn't tell Mr. Jordan that. You
indicated that you found it and fixed it in 24 hours.
Mr. Kane. Sir, that was certainly not my intent to indicate
that at all. When it was brought to our attention, it was
promptly fixed----
Mr. Meadows. Okay, and how was it brought to your
attention? You raised your right hand.
Mr. Kane. Yes, sir.
Mr. Meadows. How was it brought to your attention?
Mr. Kane. Yes, sir. If I recall correctly, it was media
reports. I am certainly happy to go back----
Mr. Meadows. So how long did it go on before the media
reported it?
Mr. Kane. Sir, I am going to have to go back to our team to
make sure we provide----
Mr. Meadows. So it is your sworn testimony that you don't
know the answer to that question today?
Mr. Kane. Sir, that is correct. I don't have that specific
information available.
Mr. Meadows. That is not the question I asked. When you
found the problem, did you analyze how long it had been going
on with Members of Congress? Did your Twitter team figure out
how long it had been going on?
Mr. Kane. Sir, I am going to have to check with our team to
make sure we give you a complete answer on that.
Mr. Meadows. All right. So let me go on a little bit
further, then. If indeed this is the case, how often do you
change your algorithms?
Mr. Kane. Sir, we are constantly working to improve our
systems to support the conversational health, particularly in
response to----
Mr. Meadows. How do you define what conversational health
is?
Mr. Kane. Sir, as I indicated in the previous----
Mr. Meadows. I got those four things.
Mr. Kane. Yes, sir.
Mr. Meadows. Who is the determinant of that?
Mr. Kane. Sir, this is why we are working with outside
researchers, to help us with----
Mr. Meadows. Because Mr. Galvin suggested that maybe you
ought to be broken up. Listen, what you are finding is the
wild, wild west, and I am all for the wild, wild west and
freedom. But the minute that you start putting your hand on the
scale of freedom and justice to tilt it one way or another,
quite frankly, we have to act as Members of Congress. It may be
two very different motives; but, Mr. Kane, let me just say
this, is you know that four conservative members were treated
differently with Twitter. Do you not know that?
Mr. Kane. Sir, I am well aware that four conservative
members of the U.S. Congress did not have their accounts auto-
completed.
Mr. Meadows. And so when did you fix the problem? What was
the day?
Mr. Kane. I don't recall the exact date. I believe it was
last May or June. I don't recall the exact day.
Mr. Meadows. All right. Can you get back with us?
Mr. Kane. Yes, sir, I can.
Mr. Meadows. Because--and you can let us know how long that
practice had been going on?
Mr. Kane. Yes, sir. We will certainly do whatever we can to
provide any additional information above and beyond what we had
released publicly----
Mr. Meadows. That is not the question I asked.
Mr. Kane. Yes, sir.
Mr. Meadows. I said obviously if you have all these
wonderful analytics that are going to find Russians, you can
figure out how long----
Mr. Kane. Yes, sir.
Mr. Meadows [continuing]. the auto-populate for four
Members of Congress----
Mr. Kane. Yes, sir. You have my commitment to work with you
and your staff to make sure we provide a complete answer.
Mr. Meadows. All right. So here is the other thing that I
want to go back to, Mr. Kane, because the problem that I have
with this is the Chairman is talking about shadow banning, and
you say that you don't do it. We don't know what you do and
what you don't do; because, quite frankly, it took Vice News,
who is normally no friend of conservatives, to actually report
on this, and that is when we found out about it, that is when
you say you found out about it.
Are you aware of any current Twitter employees or previous
Twitter employees who have shared information with the public
on how to affect the Twitter followers and engagement of people
that are on Twitter?
Mr. Kane. Sir, as I sit here today, I have no knowledge of
that.
Mr. Meadows. All right. Have you investigated that
internally?
Mr. Kane. Sir, I have not. I am happy to----
Mr. Meadows. Has your team investigated it? You are here
testifying for Twitter.
Mr. Kane. Yes, sir.
Mr. Meadows. So I assume you are speaking for Twitter as a
whole----
Mr. Kane. Yes, sir.
Mr. Meadows [continuing]. not for Mr. Kane.
Mr. Kane. Yes, sir, and not that I am aware of, but I am
happy to followup----
Mr. Meadows. So you haven't looked at whether you have
actually either a current or previous employee has tried to
manipulate information by allowing people to understand your
algorithms maybe a little bit more intimately than a Member of
Congress?
Mr. Kane. Sir, I have no knowledge of that, and that is why
I want to make sure I followup with you, to provide a complete
answer.
Mr. Meadows. Mr. Gleicher, let me come to you. You said
earlier about you have an automated algorithm that will stop
certain types of speech, and then you have individuals, I
think, when I came in. Is that correct?
Mr. Gleicher. Congressman, at the beginning what I was
talking about, we have an automated system to detect and remove
fake accounts, accounts that----
Mr. Meadows. Yes, but I am talking about content.
Mr. Gleicher. If we are engaged with content and we do have
algorithms that help surface content, and for certain specific
types of content--for example, terrorist content--algorithms
will take care of that----
Mr. Meadows. I get that. So let me go back. We are talking
about free speech, campaigns, all that kind of stuff. Why
would, on any of your platforms, why would Marsha Blackburn's
campaign thing that had to do with a life issue have been
banned, or at least withdrawn? Was that on Facebook?
Mr. Gleicher. Congressman, in that context, we have humans
that review when we are taking a content action. It depends a
little bit on whether it is advertising or organic. But one of
the things that we have seen very clearly is we are not going
to be perfect. We make mistakes.
Mr. Meadows. Okay. But here is the thing. When you are
taking down political campaign ads, every minute matters. And
for you to have someone back there assuming--so you are
admitting you made a mistake with Ms. Blackburn.
Mr. Gleicher. We make mistakes, Congressman.
Mr. Meadows. You answered a question I didn't ask. Did you
make a mistake by taking down now Senator Blackburn's ad? Did
Facebook make a mistake? Yes or no?
Mr. Gleicher. We did not, Congressman.
Mr. Meadows. Oh, so it is----
Mr. Gleicher. We didn't take it down, Congressman. My
apologies. I am not fully aware of the details of this specific
incident.
Mr. Meadows. So when did it--if you didn't take it down,
who did? Are you saying that your automated system took it
down? Turn around and talk to your counsel so you can give me
an honest answer, I guess.
Mr. Gleicher. Thank you, Congressman.
I am not aware of us taking down an ad by Marsha Blackburn,
from Marsha Blackburn's office, sir.
Mr. Meadows. All right. Will you go back and research that?
Mr. Gleicher. Surely.
Mr. Meadows. They pick up on stuff that comes from the
left, we pick up on stuff from the right, banning of Candace
Owens, other people. When you do that, let me just tell you,
the days of freelancing on this and having somebody stick their
finger up and figure out whether they are going to take them,
they are over, I am here to tell you. And even if it takes
extreme measures, you have now collided with a bipartisan issue
for different reasons, and we will make sure that we do that.
So actually, I guess, Mr. Kane, you should have spoken up.
It was Twitter that took it down, wasn't it?
Mr. Kane. Yes, sir, and we publicly apologized for that.
Mr. Meadows. All right. So you made a mistake.
Mr. Kane. We did.
Mr. Meadows. So who made the decision to take it down?
Mr. Kane. I don't have the specific name of the individual.
Mr. Meadows. So you have individuals making determinations
on political ads?
Mr. Kane. Yes, sir, we do.
Mr. Meadows. Okay. So let me just tell you--I will say the
same to you. The days are over with, and you had better come up
with a plan to this Chairman on how you are going to fix it,
how you are going to stop Russians, how you are going to make
sure that we are fair with all of this, because I can tell you
it is a real problem.
I appreciate the gentleman's generosity with the clock.
Mr. Lynch. The gentleman yields back.
The Chair now recognizes the gentleman from Arizona, Mr.
Gosar, for five minutes.
Mr. Gosar. Thank you, Mr. Chairman.
We are going to stay on the same topic, because as a
business you have some responsibilities. So let's go into this.
An algorithm is only as good as the people that design it.
Is that true, Mr. Kane?
Mr. Kane. I would agree with that assessment. Yes, sir.
Mr. Gosar. How about you, Mr. Salgado?
Mr. Salgado. I think that is essentially true.
Mr. Gosar. How about you, Mr. Gleicher?
Mr. Gleicher. I would agree.
Mr. Gosar. Okay. So let me ask you a question. I want each
one of you to describe the typical person creating an
algorithm.
Mr. Gleicher, describe age, where they are at, mindset,
background, education.
Mr. Gleicher. Congressman, we have a pretty diverse team.
The teams that work on our algorithms are based in cities
around the world. I know engineers that----
Mr. Gosar. Okay, so let me ask you a question. Young? Under
30?
Mr. Gleicher. Congressman, I have worked with engineers
that are quite young. I have worked with engineers that are
older----
Mr. Gosar. I am asking for a typical individual with
algorithms. I am very aware of algorithms. I have a science
background. I have a big math background, so I am very aware of
this. So give me a typical portfolio of that person. Describe
that person for me.
Mr. Gleicher. I don't have a specific description for the
sort of median individual who works on these, Congressman, but
I would say I personally have worked with a number of our
engineers, a wide range of our engineers, on some of the
algorithmic work, and I see engineers that are older, younger,
from a range of different backgrounds. Diversity is----
Mr. Gosar. For the majority of them, they are younger.
Mr. Gleicher. I can't speak to that, sir.
Mr. Gosar. How about you, Mr. Kane?
Mr. Kane. Very similar to Facebook. We have a very diverse
work force. We have engineers around the world. I don't have
any specific data with regard to average age. I am more than
happy to look into that and followup----
Mr. Gosar. And education, I am looking for education too.
Mr. Salgado, how about you?
Mr. Salgado. I am not aware of the demographics of the
engineers who work on the algorithm.
Mr. Gosar. Well, the reason I ask you that is that when you
have something of this magnitude that is this influential, you
want to know that work force. You want to know the cross-
sectional application.
So my question comes back to doesn't it bother you that
this is a key component that you ought to be looking at, their
political bias? Wouldn't you agree, Mr. Gleicher?
Mr. Gleicher. Sorry. Could you restate the question?
Mr. Gosar. Yes. This is that position that you ought to
know that this person is unbiased. True?
Mr. Gleicher. Congressman, I have found that everyone has
some form of bias or unconscious bias.
Mr. Gosar. Oh, there you go. Now, I am glad that you
brought that up. Now that you know that everybody has an
inherent bias, what is your correction factor? You were talking
to Mr. Meadows in that regard. You couldn't give us how long it
was because you didn't do the proper followup.
So let me ask you again. What does that background--what do
you do to assert that there is no bias with those algorithm
people?
Mr. Gleicher. Thank you, Congressman. What I would say is
the first step is we recognize that everyone walking into a
system like this and building systems is going to have some
bias. We try to build systems to manage that, exactly as you
are saying.
Mr. Gosar. What is your review process?
Mr. Gleicher. A couple of things that we do. First, we
have--we make all the guidelines that the algorithms are
implementing public so people can see what the rules are and
can understand when we take action and when we don't.
Second, we have an appeals process so that if we make
mistakes, then they can be reviewed and we can take action to
resolve them quickly.
And I would say the third, which is particularly important,
is we have a wide range of partnerships, people that we work
with and consult with on the consequences of algorithmic
developments or other steps that we are taking, to make sure
that we are understanding the consequences of what these steps
might be.
Mr. Gosar. Mr. Kane, do you want to address that?
Mr. Kane. Sir, very similar to our colleagues at Facebook.
We are all human, but Twitter's purpose is to serve the public
conversation, not just any particular segment of the
conversation but the broader conversation.
Mr. Gosar. I get it, we are all human. But once again, when
the impetus is that this is a key position that has dramatic
influence as to how and who is implicated by that, wouldn't you
agree with me that this is a core part that you would really
want to focus on?
So, for example, if I am a surgeon, to err is human, so I
want to minimize my chances of error over and over and over
again. So I surround myself with good people. I make sure that
they are up to par on protocols. You should be doing the same
thing. That is what I am getting at, and it seems like there is
a failure here. So please keep describing what you are talking
about.
Mr. Kane. Yes, sir. Our teams are consistently working to
improve our product and make sure that it is, in fact, serving
the public conversation. There are a number of actions that we
take to constantly work this. I can say for every policy or
product decision, going into the room I do not know who is a
Democrat, who is a Republican, who is an Independent. Those
views don't matter when we are building and designing our
systems.
We are here to support the public conversation. That is
what we seek to do every day, and I am very proud of the work
my colleagues do.
Mr. Gosar. Well, once again, we saw a problem here. To me,
having been alerted, if you had followed good business
protocols here, you would have discovered this before being
advised that it was happening. That is my process here.
Mr. Salgado, how about you?
Mr. Salgado. It is similar for Google. There is no place
for political bias in the algorithms, and we make sure that
that is the case. So in addition to the 200-plus factors that
go into our Search algorithm, for example, we also have raters
who actually check actual Search results against guidelines of
what we expect--the quality, the relevance, the authoritative
Search ranking. Where we see a problem, we are able to adjust
the algorithm. So it is a combination of good engineering with
very discrete and detailed, nuanced Search algorithm components
with human review and results, and as a result of this we make
changes to the algorithm thousands of times in a year. So it is
very carefully calibrated and changes with the times and with
trends, and with the culture.
Mr. Gosar. Would the Chairman indulge me for one last
question?
So, for the last couple of Congresses--this is coming back
to you, Mr. Galvin--I pushed legislation that would prohibit
foreign nationals from cheating our system and would amend the
Federal Election Act of 1971 to require the disclosure of the
credit verification or the CVD and billing address for all
online contributions. For those that still use cash, the CVD is
that 3-digit code on the back of the credit card. As technology
advances, we must continue to stay ahead of the curve,
thwarting those who wish to inappropriately influence our
political process.
Do you think this is a good recommendation?
Mr. Galvin. I already said I think transparency is the goal
here, whether it is the issues you have been speaking to with
the social media or the election operations itself. Certainly
when it comes to campaign contributions, that is clearly the
case. The Chair of the FEC talked about dark money earlier
before you were here in her testimony and her answers to
questions.
So I think whatever perspective you are coming from,
whatever part of the overall issue of conducting the election,
both the campaign and the election itself, I think we need to
have as much transparency as possible, and I think the Congress
has a key role to play in providing that, because there is no
other entity that is going to have a greater ability to look
into and find out what is going on. No other entity could get
all of the mix of players that you have had here today, the
regulators, the government officials, the private officials
together in a public forum. That has to continue. This can't be
a one-time-only show.
Mr. Gosar. Thank you.
Mr. Chairman, I really would like to see the answers as to
that documentation on how, who, and what the overview is of all
those who create the algorithms, please. Thank you.
Mr. Lynch. If I understand the request from the gentleman
from Arizona, you want them to substantiate in each of those
instances where you said they need to go back. Any of the three
of you, we expect answers in that regard.
Mr. Kane. Yes, sir.
Mr. Lynch. Okay. So let me ask, we have had an opportunity
to interview in various committees the Chief Operating Officer,
Sheryl Sandberg with Facebook, and she said with respect to the
Russian interference back in 2016 she admitted we were too slow
to act on this, we should have seen it, we were slow to act on
it. And then post-election reviews conducted by Twitter and
Google, they had similar assessments. They reported that
Russian activity was more widespread than previously known.
The actions of meaningful information-sharing between your
companies and the intelligence community was problematic in
that instance. In April 2019, former Facebook Chief Security
Officer Alex Stamos also told a reporter, quote, ``One of the
biggest problems was a lack of cooperation between the public
and the private sectors in 2016. It was nobody's job.''
So, Secretary Galvin, do you ever hear from these folks? I
mean, I know you got an assessment after 2016 that you weren't
hacked successfully, and again in 2018 that was the assessment.
But as far as regular communications in the run-up to
elections, any----
Mr. Galvin. No, my office has not.
Mr. Lynch. Okay. How are things going in terms of
information-sharing now, now that we have had these experiences
in 2016 and 2018, with the intelligence community, and
especially the FBI?
Mr. Gleicher. Congressman, from our perspective I would
just say that one of the really encouraging developments as we
led into 2018 was the increased collaboration among industry
with government and, quite frankly, with cybersecurity experts
in civil society. In the 48 hours before the election, we in
particular received a tip from law enforcement about a group of
accounts that they believed were linked to Russian actors that
we should look into. We took that information, we were able to
run a six-hour investigation into it and remove it from the
platform, which meant that the next day, literally on the eve
of the vote, when Russian actors tried to trumpet those
accounts, they had already been removed and the message had
already been sent that government and the company were working
together.
We also had some important instances where we worked
closely with our colleagues here, including a recent take-down
involving networks based in Iran where we actually worked with
Twitter and both of us were able, because of the collaboration,
to identify larger scopes of those networks and do a more
aggressive take-down.
Mr. Lynch. Mr. Kane?
Mr. Kane. I was just going to echo those sentiments. The
relationship is very strong right now. We absolutely recognize
the valuable partnerships that we have with the intelligence
and law enforcement communities. It is strong now. We are
looking at how can we improve those relationships moving
forward in advance of 2020.
Mr. Lynch. Mr. Salgado?
Mr. Salgado. I concur with the statements of my colleagues
here. We have very well-established routine information-sharing
arrangements, security-to-security among the companies and with
law enforcement, much more solid ground than we were on in
2016.
Mr. Lynch. Okay. Let me go back to the instance where Mr.
Meadows and Mr. Jordan, Mr. Gaetz and--who else?--Mr. Nunes
were treated differently than others, their accounts. How did
that happen? Explain it to me. Was this an algorithm that sort
of swept them up, or were there individuals that actually
identified their accounts and then altered them in some
fashion?
Mr. Kane. Sir, we explained all this information publicly.
But to summarize, what had occurred was for a number of the
followers of these accounts that had been perhaps in violation
of some rules in the past, that is what impacted that auto-
search function. As soon as we realized the problem, again, we
immediately fixed it within 24 hours. I was on the phone with
the head of our product. Our CEO was certainly made aware, and
we prioritized shipping a fix and explaining everything
publicly very quickly, and that is exactly what we did.
Mr. Lynch. Okay. But it was Vice News that picked it up; is
that correct?
Mr. Kane. It is my understanding. Yes, sir.
Mr. Lynch. That worries me. That worries me that--I mean,
certainly, I probably didn't agree with anything that those
members were----
Mr. Meadows. Oh, certainly not.
[Laughter.]
Mr. Lynch. But still, it is free speech. Right now we have
257 million Americans with smart phones, and everyone is mobile
right now. So the scale of what can happen if you make a
mistake, as you conceded, is enormous. So that cannot happen,
that cannot happen.
Mr. Kane. Yes, sir, I completely agree.
Mr. Lynch. Yes, especially in the campaign context. That
hurts our credibility as well. There are enough conspiracy
theorists out there to damage the integrity just domestically,
never mind foreign interference.
Let's see, I have a minute-and-a-half left.
So, changing algorithms or platforms can reduce visibility
of some disinformation. But in the end, it is up to the user to
believe or not believe a particular piece of content, and that
was a report that we got from the Rand Corporation regarding
the disinformation chain of Russian influence.
I know in Finland they are getting bombarded in their
election from Russia because of the proximity there, and they
are engaged in sort of an education program, starting in their
grade schools, to basically, I guess, build resilience among
their population, their people, their kids, so that they are
much more judicious and selective and scrutinizing in terms of
the social media information that they are confronted with.
Is there any--it seems to me very difficult to do something
like that, but what are your thoughts on that?
Mr. Kane. Sir, media literacy is a vital component to
fighting misinformation and disinformation online. Twitter
partners with a number of media literacy groups worldwide. We
believe it is absolutely essential, and we are absolutely
committed to promoting media literacy, and anything that we can
do to work with this committee to expand media literacy
programs, we are certainly happy to do so.
Mr. Lynch. I didn't know if it was something you were--this
is your world, and I would look to you to come up with the
ideas, not Congress. This is your world. You created some of
this problem, so it would be good if we got some direction from
you in terms of what would work best.
Mr. Kane. Yes, sir, and you have my commitment to do that.
Mr. Lynch. Okay. I am going to yield to the gentleman.
Mr. Meadows. I thank the Chairman.
Just one followup question for the three of you.
CDA 230; do you think that is a good law?
Mr. Gleicher. Congressman, from my perspective, CDA 230
gives us the space to be able to take action against hate
speech and situations where content or activity on the platform
might threaten the safety of users, and it also gives our users
the space to debate and engage in the public discussion the way
they would like. I think it is an important component of
enabling the type of robust public discourse that we would like
to see on our platforms.
Mr. Meadows. Mr. Kane, the same question.
Mr. Kane. I have the same identical answer as my colleague
from Facebook. I completely agree with how he phrased it.
Mr. Meadows. Mr. Salgado?
Mr. Salgado. Absolutely, it is essential to promote free
speech.
Mr. Meadows. All right. I thank the gentleman for his
courtesy. I yield back.
Mr. Lynch. My pleasure.
I would like to thank our witnesses.
I see the gentleman from Tennessee, Mr. Cooper, has
arrived, and I would yield--do you need a minute to gather your
thoughts? Okay, you are good to go.
Mr. Cooper. Thank you, Mr. Chairman. I apologize for being
late.
I am from a small state. There was a Twitter account that
had 150,000 followers. It was listed early in the Mueller
report. The account was called Tennessee--GOP. It was a Russian
bot.
What are we to think of things like that? Have you no
algorithms to expose that? It was eventually cleared out, but
in August 2017, long after the damage had been done, and long
after lots of prominent people had retweeted what was on that
robot site. It wasn't just a bot, it was a Russian robot--IRA,
St. Petersburg. We have our own little Petersburg in Tennessee,
but it is a small country village. It is not a major Russian
city.
So you said in your testimony that you get rid of deceptive
stuff, and it all sounded good, but can you commit to getting
rid of all the bots, all the deep fakes?
Mr. Kane. Yes, sir. With regard to malicious automation, as
I mentioned, Twitter identified and challenged 425 million
accounts in 2018 suspected of engaging in malicious automation.
I note for the first half of 2018, we identified and challenged
approximately 232 million accounts. For the second half, that
number went down to 194 million.
We also, in the first half of 2018, we had 3.6 million
reports of suspected spam. That number went down to 3.1
million. So we had half-a-million fewer reports.
So what we are seeing is that we are doing a much better
job at disrupting these networks. We are doing a much better
job at disrupting them early during the sign-up process, and we
continue to improve our machine learning to focus on the
conversation on the platform and cleanup malicious automation.
Mr. Cooper. But you understand the different standard at
work here. The billionaire founders of these companies, who
should be rewarded for their amazing creativity, they don't
keep their money in a bank that uses its best efforts to
protect their wealth. They put their money in a bank that
doesn't lose any of it, ever. Different standard, because they
would be upset if just a few thousand dollars were missing. So
there is a completely different standard here.
I know this is a new technology, and we have to adjust. But
just think of your founders and how careful they are, and why
can't we have a safer, better standard? Because this isn't a
Democratic site that was hugely embarrassing. This was a
Republican site. It doesn't matter which party it is. Bots
should not influence elections, especially Russian bots.
Mr. Kane. I absolutely agree with you, and that is why we
are also expanding our partnerships with both the RNC and the
DNC and with Director Krebs' organization.
Mr. Cooper. In the business world there is bank security.
There are things like guarantees, warranties, money-back
refunds. We are not hearing any of that sort of certainty that
most regular people are used to.
I would be happy to yield to the gentleman from North
Carolina.
Mr. Meadows. Well, I think the gentleman makes a perfect
point. We are talking about best efforts. Actually, you are
bigger than most of the big banks.
Mr. Cooper. Completely.
Mr. Meadows. So there has to be some kind of punitive
measure.
I yield back.
Mr. Cooper. A final thing. Is there a button I don't know
about on Google where I can go back and get the default
setting, like the original Search before it has been corrupted
by all my prior searches? I know you can eliminate some
history, but on the laptop there is a default button where you
can go back to the factory settings. I would love brand-new,
fresh, virginal Google.
I needed a black toilet for my house because it was built
in the 1950's and they had a black toilet in there. For years
afterwards, all I have been seeing are black toilet
advertisements.
[Laughter.]
Mr. Cooper. This is wrong. We went ahead and got a white
toilet. Why are we plagued with this? Why isn't there a default
button?
Mr. Meadows. It was wrong from the beginning.
[Laughter.]
Mr. Cooper. I agree, but my wife picked the house. It
wasn't me.
[Laughter.]
Mr. Cooper. People are so deeply offended by this, and it
may seem trivial but just a simple button to say the original
Google, that is the one I bought.
Mr. Salgado. I will take that back as a feature request. As
perhaps some IT Desk help here, I would suggest you clear your
cookies on your laptop and you may no longer be served those
ads. I am not sure that has anything to do with Google, but I
am happy to take that suggestion back. Thank you.
Mr. Lynch. Okay. In closing, I just want to say that if you
listen to FBI Director Wray, he has said that looking at the
data from 2018, the midterms, that he felt that the Russians
and others were using that as sort of a prep or--I forget the
term he used, but as a practice session for the big show in
2020 and that we should expect a major onslaught in the run-up
to 2020.
If we go back to the banking analogy, if we were banks, I
would ask them to do stress tests on their systems, and that is
what I would like you to do. Is there a way that we can stress
test what we might expect the activity might be in the run-up
to the election in 2020 so that we have a certain comfort level
with whether or not we are going to be able to defend the
integrity of our electoral system?
My fear is that we will have a really close election and
that the losing party will point to breaches or inconsistencies
or hacks to disavow the results. We have seen that happen in
other countries. Afghanistan is a good example. But there were
millions of ballots that were falsified. But still, to this
day, the dispute over that election undermines the credibility
in some provinces of the sitting Prime Minister. I don't want
us to be one of those countries in January 2021.
I want to thank you all. I know Secretary Galvin has a 7:30
flight, so whatever assistance I can give to get you to the
airport on time. We appreciate all of your testimony, so I want
to thank our witnesses for their testimony today.
Without objection, all members will have five legislative
days within which to submit additional written questions for
the witnesses, through the Chair, which will be forwarded to
the witnesses for response. I ask our witnesses to please
respond promptly, as you are able.
This hearing is now adjourned. Thank you.
[Whereupon, at 6:29 p.m., the subcommittee was adjourned.]
[all]