[House Hearing, 116 Congress] [From the U.S. Government Publishing Office] ELECTION SECURITY ======================================================================= HEARING BEFORE THE COMMITTEE ON HOUSE ADMINISTRATION HOUSE OF REPRESENTATIVES ONE HUNDRED SIXTEENTH CONGRESS FIRST SESSION __________ MAY 8, 2019 __________ Printed for the use of the Committee on House Administration [GRAPHIC NOT AVAILABLE IN TIFF FORMAT] Available on the Internet: https://www.govinfo.gov/committee/house-administration __________ U.S. GOVERNMENT PUBLISHING OFFICE 38-641 WASHINGTON : 2020 -------------------------------------------------------------------------------------- COMMITTEE ON HOUSE ADMINSTRATION ZOE LOFGREN, California, Chairperson JAMIE RASKIN, Maryland RODNEY DAIVS, Illinois SUSAN A. DAVIS, California Ranking Member G. K. BUTTERFIELD, North Carolina MARK WALKER, North Carolina MARCIA L. FUDGE, Ohio BARRY LOUDERMILK, Georgia PETE AGUILAR, California C O N T E N T S ---------- MAY 8, 2019 Page Election Security................................................ 1 OPENING STATEMENTS Chairperson Zoe Lofgren.......................................... 1 Prepared statement of Chairperson Lofgren.................... 4 Hon. Rodney Davis, Ranking Member................................ 7 Prepared statement of Ranking Member Davis................... 9 WITNESSES Larry Norden, Deputy Director, Brennan Center's Democracy Program 11 Prepared statement of Mr. Norden............................. 13 Marian Schneider, President, Verified Voting Foundation.......... 26 Prepared statement of Ms. Schneider.......................... 28 Joseph Lorenzo Hall, Chief Technologist and Director, Center for Democracy and Technology....................................... 37 Prepared statement of Mr. Hall............................... 39 Hon. Jocelyn Benson, Secretary of State, State of Michigan....... 48 Prepared statement of Hon. Benson............................ 50 Hon. John Merrill, Secretary of State, State of Alabama.......... 57 Prepared statement of Hon. Merrill........................... 59 SUBMISSIONS FOR THE RECORD Hon. Rodney Davis, Ranking Member, statement..................... 83 ELECTION SECURITY ---------- WEDNESDAY, MAY 8, 2019 House of Representatives, Committee on House Administration, Washington, DC. The Committee met, pursuant to call, at 2:17 p.m., in Room 1310, Longworth House Office Building, Hon. Zoe Lofgren [Chairperson of the Committee] presiding. Present: Representatives Lofgren, Raskin, Davis of California, Butterfield, Fudge, Davis of Illinois, Walker, and Loudermilk. Staff Present: Khalil Abboud, Deputy Staff Director; Sean Jones, Legislative Clerk; David Tucker, Parliamentarian; Tanya Sehgal, Senior Elections Counsel; Veleter Mazyck, Chief of Staff to Representative Fudge; Lauren Doney, Communications Director and Deputy Chief of Staff to Representative Raskin; Julie Tagen, Chief of Staff to Representative Raskin; Brandon Mendoza, Senior Legislative Aide to Representative Davis of California; Lisa Sherman, Chief of Staff to Representative Davis of California; Kyle Parker, Senior Policy Advisor to Representative Butterfield; Evan Dorner, Legislative Assistant to Representative Aguilar; Joy Yunji-Lee, Minority Counsel; Courtney Parella, Minority Communications Director; Jesse Roberts, Minority Counsel; Cole Felder, Minority General Counsel; Jen Daulby, Minority Staff Director; and Susannah Johnston, Legislative Assistant to Representative Loudermilk. The Chairperson. Good afternoon. The Committee on House Administration will come to order. We do thank the witnesses for being here with us today. This Committee is charged with overseeing the administration of Federal elections, and this hearing will help us fulfill that responsibility by documenting the scope of current election security challenges. Before we proceed, I offer this background on today's troubling state of affairs. It is documented that foreign agents, specifically Russians, attempted to interfere in American elections in 2016. The fact of Russian interference in the 2016 election was confirmed by eight credible national entities, the Central Intelligence Agency, the Office of Director of National Intelligence, the FBI, the National Security Agency, the Department of Justice, the Department of Homeland Security, and the House Intelligence Committee and the Senate Intelligence Committee. There was not only consensus among American intelligence officials, both Democrats and Republicans agree that attempts were made by Russia to compromise the integrity of American elections. On July 17, 2018, then House Speaker Paul Ryan said to reporters: They did interfere in our elections; it is really clear. Senate Majority Leader Mitch McConnell referred to indisputable evidence of Russia's attempt to influence the 2016 election. Senate Majority Leader McConnell further stated: ``We understand the Russian threat, and I think that is the widespread view here in the United States among members of both parties.'' More details of foreign interference in our election became known through the release of Special Counsel Robert Mueller's report which detailed the following, quote: ``GRU officers, the main military foreign intelligence service of Russia, also targeted individuals and entities involved in the administration of the elections.'' Victims included U.S. State and local entities, such as State boards of election, secretaries of state, and county governments, as well as individuals who worked for those entities. The GRU also targeted private technology firms responsible for manufacturing and administering election-related software and hardware, such as voter regulation software and electronic polling stations. In June 2017, then Democratic Leader Pelosi created the Congressional Task Force on Election Security in response to then the inaction on the topic. Despite our clear responsibilities under House Rules, not a single hearing was held in this Committee on this topic in the last Congress. In February 2018, the Task Force released its report, recommending reforms that could significantly advance election security. Among some of the proposed reforms are replacement of paperless voting machines with paper ballot voting systems, risk-limiting audits, upgraded information technology infrastructure, including voter registration databases with ongoing maintenance, and requirements that election technology vendors secure their voting systems. Intelligence community pre-election threat assessments, in coordination with Federal and State officials is important, and it also prioritized State-level cybersecurity training. Congress has not done enough to tackle this problem. The risk posed by the vulnerabilities previously exploited remain. Despite the overwhelming evidence showing these vulnerabilities, the White House has failed to take these issues seriously and to direct resources towards securing election infrastructure. Last summer, in remarks before the National Association of the Secretaries of State, former Homeland Security Secretary Kirstjen Nielsen said that there was, quote, ``no indication that Russia is targeting the 2018 U.S. midterms at a scale or scope to match their activities in 2016 but that she ``consistently observed malicious cyber activity from various actors against U.S. election infrastructure.'' She also said that, quote, ``there is little doubt that adversaries and non-State actors continue to view elections as a target for cyber and influence operations.'' Now, according to The New York Times, Homeland Security Secretary Nielsen eventually gave up her efforts to organize a White House meeting of Cabinet Secretaries to coordinate a strategy to protect next year's elections. As a result, the issue did not gain urgency or widespread attention that only a President can command, and it meant that many Americans remained unaware of the latest versions of Russian interference. In spite of inaction, the Election Assistance Commission, in cooperation with the Department of Homeland Security, has been successful at building relations with State officials and providing valuable resources as part of the critical infrastructure designation. But in the face of increasing threats, their efforts must expand. However, such expansion is only possible if Congress increases resources. Today, the EAC is operating with only half the budget and fewer than half the staff it had 10 years ago when threats were less grave. This already under resourced agency is only further stymied by the administration's strenuous efforts to avoid acknowledging our vulnerability and the need to secure our elections from foreign threats, facts accepted as plain by both legislative branch and national intelligence agencies. This is unacceptable, and several things must change. States need money to be able to replace their paperless voting machines and outdated IT infrastructure. States and localities also face the daunting task of training hundreds, if not thousands, of election officials, IT staff, and poll workers on cybersecurity and risk mitigation. Another significant vulnerability comes from election technology vendors. Many States purchase their voting systems from third-party vendors who have little financial incentive to prioritize election security and are not subject to regulations requiring them to use cybersecurity best practices, nor are they necessarily voluntarily adhering to these best practices. In July of 2018, it was revealed that ES&S, one of the Nation's largest voting machine makers had installed remote access software on election management systems, although it had not admitted about this fact to the press. This fact was only uncovered through an inquiry by Senator Ron Wyden, who characterized this remote access software installation as, quote, ``the worst decision for security, short of leaving ballot boxes on a Moscow street corner.'' In addition, election vendors are not currently required to inform any Federal agency or State election official in the event of a cyber-attack. Federal action is needed now to grasp the scope of the problem and to innovate concrete solutions that can be implemented before the next Federal election cycle in 2020. This goal will be a primary focus of this Committee moving forward. No matter your side of the aisle, the oath of upholding democracy as citizens and elected leaders in this Nation is fundamental, and that is why I am glad to convene this hearing today, especially recognizing our new Ranking Member Rodney Davis' avowed commitment to advancing election security so that every voter can feel that her vote is accurately counted and safe from the influence of those who wish to see our great democratic experiment fail. And with that goal in mind, I would recognize Mr. Davis for his opening statement. [The statement of the Chairperson follows:] [GRAPHICS NOT AVAILABLE IN TIFF FORMAT] Mr. Davis of Illinois. Thank you, Madam Chairperson, and thank you for your leadership of this Committee and your bipartisan leadership on this issue. Election security is one of the most important issues that this Committee is tasked with and I take the responsibility of ensuring fair and secure elections extremely serious. I know that my colleagues on this Committee share--we share in this sentiment. We know that at least 21 States were targeted by a foreign state actor prior to the 2016 U.S. election and we know that Russia undertook a misinformation campaign during the same election. I think I can safely say that everyone on this panel finds that troubling, but we must also factually say that no votes were changed in the 2016 election and that through the tremendous effort of local, State, and Federal officials, the 2018 midterm elections, with record midterm turnout, were secure--with record voter participation, once again. In fact, we saw the highest turnout in a midterm election in the last 50 years. As we discuss election security today, it is important to note that many of the best practices used to protect our elections are noncontroversial. And I want to take a moment to clearly demonstrate what I am for. I am for an election system remaining--I am for election systems remaining as critical infrastructure. I am for helping our election technology vendors secure their voting systems. I am for ensuring our election officials, both at the State and Federal level receive security clearances in a timely manner. I am for empowering the Election Assistance Commission to lead our Federal support to State and local officials. I am for the Department of Homeland Security lending their expertise to State and local officials when appropriate. We must also recognize that our States and the Federal Government have taken significant steps to carry out these practices and services. We can take a look at my home State of Illinois, which has invested in a new Cyber Navigator Program that helps counties detect and defend themselves against cybersecurity attacks. I believe we can cannot lose sight of what Chris Krebs, the Director of the Department of Homeland Security Cybersecurity and Infrastructure Security Agency, said before the House Homeland Security Committee earlier this year. Director Krebs said, quote: ``Local officials know their system and what they need to do to conduct a successful election, end quote, and State and local officials should remain in control of their elections.'' As I have said many times, I believe that partisanship is the greatest threat to our elections. Election security cannot be a partisan exercise, but what we saw during the markup and passage of H.R. 1 was purely partisan. Too much is at stake to make this about party. If this hearing is an effort by my colleagues to take a bipartisan look at election security, I welcome it. We have important work to do here. However, I will not support any attempt today to waste an opportunity to work together and strengthen our election security for an attempt to make the nightly news with a partisan political agenda. I look forward to learning from our witnesses today on best practices that States are implementing to combat foreign interference and secure our Nation's elections. I look forward to hearing more about the tremendous effort of the Election Assistance Commission, the Department of Homeland Security, our two secretaries of state, representing the rest in the Nation, and most importantly, our local officials, where we see the safest, fairest, and the most secure elections being administered many, many times throughout the decade. I welcome all of the guests today and the witnesses. I look forward to hearing from you. Madam Chairperson, I yield back. [The statement of Mr. Davis of Illinois follows:] [GRAPHIC NOT AVAILABLE IN TIFF FORMAT] The Chairperson. Thank you, Mr. Davis. And other Members are welcome to submit their opening statements for the record. I would now like to introduce our distinguished panel of witnesses. Under the rules of this Committee, you have five minutes to present your oral testimony. However, your full written testimony will be made part of the record. There is a light system in the front. When you are down to one minute, it goes yellow from green. And when it is red, your time is up, and we would ask you to sum up. Let me introduce each witness, and then we will begin. First, we have Lawrence Norden, who is the Deputy Director of the Brennan Center's Democracy Program. Mr. Norden has worked at the Brennan Center for some time, authoring several nationally recognized reports on election security. He served as chair of the Ohio Secretary of State's bipartisan election summit. He is the lead author of the book ``Machinery of Democracy: Protecting Elections in the Electronic World.'' He has written extensively on the influence of money in New York State politics. He is a graduate of the University of Chicago and the NYU School of Law. Next, we have Marian Schneider, who is the President of Verified Voting. She brings a strong grounding in the legal and constitutional elements governing voting rights in elections, as well as experience in election administration at the State level. She has served as a special advisor to Pennsylvania Governor Tom Wolf on election policy. Throughout her career, she has focused on the intersections of civil rights and election law. She received her Juris Doctor degree from George Washington University where she was a member of the Law Review and earned her Bachelor's of Arts degree cum laude from the University of Pennsylvania. Next, we have Joseph Lorenzo Hall, the Chief Technologist and Director of the Internet Architecture Project at the Center for Democracy and Technology. His work has focused on the intersection of technology, law, and policy, working to ensure that technical considerations are appropriately embedded into legal and policy arguments. He also leads CDT's internet architecture project. Thank you very much for that. He has received numerous awards I cannot read them all, but prior to joining CDT in 2012, he was a post-doc research fellow at NYU, and he was at Princeton University, as well as the University of California, where he received his Ph.D. in information systems. His Ph.D. thesis used electronic voting as a critical case study in digital government transparency. Next, we have Jocelyn Benson who is the Secretary of State of Michigan. We appreciate so much that you have made your way here. She was sworn in as Michigan's 43rd Secretary of State, January 21st, 2019, after being elected last November to a four-year term. Her focus for the department is customer service excellence. She is an expert on civil rights law, education law, and election law. She served as Dean of Wayne State University Law School in Detroit. When she was appointed dean at age 36, she became the youngest woman in U.S. history to lead a top-100 accredited law school. She continues to serve as Vice Chair of the advisory board for the Levin Center at Wayne Law which she founded with former Senator Carl Levin. Prior to her election, she served as CEO of the Ross Initiative in Sports for Equality, otherwise known as RISE. She is the founder of the nonpartisan Michigan Center for Election Law. She earned a Bachelor of Arts from Wellesley College, a Master of Philosophy from Oxford University, and a law degree from Harvard Law School. Finally, but certainly not least, we have John H. Merrill, the Secretary of State of Alabama. We are so grateful that you would make time to be here with us today. Secretary of State Merrill grew up in Heflin. He is an Eagle Scout. He was a graduate of the University of Alabama, where he served as president of the Student Government Association as an undergraduate. He was elected to represent the people of District 62 in the State House of Representatives with 87 percent of the vote, the highest percentage garnered by a candidate in any contested House race that year. He served as Secretary Treasurer of the House Republican caucus and was a member of the powerful Rules Committee, Economic Development and Tourism. He has been awarded the Silver Beaver by the Black Warrior Council of the Boy Scouts of America, as well as the Sunlight Foundations Award for the most effective Republican member of the Alabama House of Representatives. He was elected in November of 2014, as Alabama Secretary of State, with 65 percent of the vote, winning 53 of Alabama's 67 counties and was inaugurated Alabama's 53rd Secretary of State in 2015. He is active in his community, his church, and active also with the National Association of Secretaries of State, and we look forward to hearing from him and from all of you. We will start first with you. STATEMENTS OF LARRY NORDEN, DEPUTY DIRECTOR, BRENNAN CENTER'S DEMOCRACY PROGRAM; MARIAN SCHNEIDER, PRESIDENT, VERIFIED VOTING FOUNDATION; JOSEPH LORENZO HALL, CHIEF TECHNOLOGIST AND DIRECTOR, CENTER FOR DEMOCRACY AND TECHNOLOGY; THE HONORABLE JOCELYN BENSON, SECRETARY OF STATE, STATE OF MICHIGAN; AND THE HONORABLE JOHN MERRILL, SECRETARY OF STATE, STATE OF ALABAMA STATEMENT OF LARRY NORDEN Mr. Norden. Thank you, Chairperson Lofgren, Ranking Member Davis, Members of the Committee for this opportunity to testify today. Chairperson Lofgren has recounted the scope of Russian attacks against our election infrastructure in 2016, but there are several reasons to believe we could face even more serious threats in 2020. We have seen the kind of damage a well-planned attack by Russian operatives can do against election infrastructure in Ukraine, Bulgaria, and elsewhere, where attackers have deleted critical election files, shut down websites, and even inserted a virus designed to declare the wrong result. Worse, there are other nation-states we need to worry about. U.S. intelligence agencies have warned of potential attacks by China, North Korea, and Iran, and, indeed, the Chinese are alleged to have launched attacks against Indonesia and Australia just this year. The good news is that we have made significant progress to secure our elections since 2016. Most importantly, policymakers and election officials are acutely aware of the threats to our election infrastructure. There is better information sharing and resources sharing between Federal, State, and local agencies. In the last 2 years, more resources have been made available to secure our election infrastructure, not least of which was $380 million in HAVA grants that Congress provided in 2018. The vast majority of which has been allocated to critical security measures. Despite this progress, there is far more to be done. First, we must replace aging and insecure voting machines. In a recent survey by the Brennan Center, local officials in 31 States told us that they must replace their equipment before the 2020 election, but two-thirds of those officials said that they did not have adequate funds to do so and this was after Congressional funds were appropriated. Too often these systems use outdated software that no longer receive security patches, and election officials are forced to turn to eBay for replacement parts because those parts are no longer manufactured. A particularly urgent security issue is phasing out paperless machines in the 11 States that still use them. Second, we need implementation of robust post-election audits--a comparison of paper ballots to software totals that will provide a high level of confidence in the election outcome and that will correct a wrong voting outcome. Only 21 States currently have voter records for--paper records for every vote and conduct post-election audits, precertification, and only two conduct risk-limiting audits, which provide the high level of confidence that I mentioned. The good news is that several States used the HAVA money that was appropriated to pilot risk-limiting audits in the last year, and several jurisdictions would like to do more of those this year. And we certainly should be doing everything we can in the coming months and years to ensure that these are conducted nationwide. Third and finally, we must provide ongoing long-term support for maintaining and improving election cybersecurity. The Mueller report is a reminder that the election infrastructure we need to protect goes far beyond voting machines. The Brennan Center has long advocated that all States implement a process of continuous cybersecurity vulnerability assessments and mediation. While we estimate that the costs of these kinds of assessments should be no more than a few million dollars a year, obviously the cost of securing vulnerabilities that are identified by such assessments will cost more. Local election offices are on the front lines in defending our election infrastructure against attacks, but often have the least amount of IT or cybersecurity support. Routine, ongoing funding of programs like the one Ranking Member Davis mentioned, the Illinois Cyber Navigator Program, which directs personnel and resources to local offices, would help close that security gap. It is cliche to say that this is a race without a finish line. Funding election security should be a shared responsibility among local, State, and the Federal level, but only Congress has the power to ensure that responsibility is shared by providing matching grants for State and local governments. I am hopeful to see a continued commitment from Congress to partner in this effort. Thank you. [The statement of Mr. Norden follows:] [GRAPHICS NOT AVAILABLE IN TIFF FORMAT] The Chairperson. Thank you very much. Ms. Schneider. STATEMENT OF MARIAN SCHNEIDER Ms. Schneider. Chairperson Lofgren, Ranking Member Davis, and Members of the committee, thank you so much for the invitation to testify here today. My name is Marian Schneider, and I am the President of Verified Voting, a nonprofit, nonpartisan organization. Verified Voting's mission is to strengthen democracy for all voters by promoting the responsible use of technology in elections. We are here today to talk about bolstering election security. Ninety-nine percent of the votes cast in this country are counted by computers, and election administration depends on computers throughout the process. 2016 demonstrated what many of us in this space have long believed, that the threat to our computerized voting systems was not merely theoretical but real and persistent. We must, as a Nation, adopt clear solutions that will change the destructive narrative that election hacking can alter election outcomes. In our written testimony, we describe threats and solutions for the larger election ecosystems. For voting systems, however, the clear solution is to replace aging and vulnerable voting machines with systems that use a voter-marked paper ballot. Voters mark the paper either with a pen or a computer ballot marking device with assistive features for voters who need them, creating a verifiable record. Then the ballot is scanned and retained in a secure ballot box. We leverage the computer speed to count ballots quickly, but it is imperative to check that the computer has counted the ballots properly. In the best-practice scenario, as Mr. Norden mentioned, we can check election outcomes by auditing, selecting a random sample of ballots to check the reported results and gather sufficient evidence that the outcome is correct. While there are different types of auditing, Verified Voting and other experts urge widespread adoption of risk- limiting audits as the most efficient and reliable way of checking the election results. Such audits have a predetermined large chance of leading to a full hand recount if the reported results were incorrect, thus limiting the risk that a wrong outcome will stand. Verified Voting board members and staff have been involved with every stage of RLA development, from its inception to working with election officials, other groups, and several States to pilot risk-limiting audits. From 2015 to 2017, I served as Deputy Secretary for Elections Administration in the Pennsylvania Department of State, overseeing both elections and information technology. I have firsthand experience trying to strengthen the cybersecurity of election infrastructure in advance of a Presidential election. I drafted directives for counties to harden their systems, strengthen voter registration database backup protocols, invited the Department of Homeland Security to conduct penetration testing, and initiated a disaster recovery plan for a statewide, election-night-return website. And I worked with heroic, local election officials trying to keep up with the changing threat environment with next to no resources. From that experience, I urge Congress to support State and local jurisdictions by providing immediate and sustained investment in the security of our elections. The consensus among the intelligence community is that future attacks on American elections are inevitable. This is a given. It is not whether a system will be attacked but when. Safeguarding systems requires that we assume such breaches will occur or have already. The best practice demands a multilayered approach built around the concept of resiliency. Election systems are resilient if jurisdictions can monitor, detect, and recover from either an intentional attack or a programming error. Resilient voting systems are those that use voter-marked paper ballots, coupled with the risk-limiting audits. Paper ballots and audits are the disaster recovery plan for our voting systems. A significant number of States have moved toward paper- based systems over the years. Verified Voting tracks this movement on its website and so that is a general recognition of the best practices that we are talking about today. The main barrier to the remaining States is the cost. We call on Congress for the financial investment for jurisdictions to replace aging and vulnerable voting systems, to fund technical and material support to conduct risk-limiting audits, and to fund enhanced security measures for all aspects of election infrastructure. We also urge investment in the research needed to build better election systems, using open-source software and research into the best methods to ensure voters check their choices before casting their ballots and research that marries security with more universally useable and accessible systems. Our Nation's election infrastructure is vitally important to our democracy. We must continue the progress begun in the last two years to ensure that our election systems and voting processes are resilient in the face of attack or disaster. With support from Congress, the goal is in reach. Thank you. [The statement of Ms. Schneider follows:] [GRAPHICS NOT AVAILABLE IN TIFF FORMAT] The Chairperson. Thank you very much. Mr. Hall. STATEMENT OF JOSEPH LORENZO HALL Mr. Hall. Chairperson Lofgren, Ranking Member Davis, and Members of the Committee, thank you for the opportunity to speak with you today. My name is Joseph Lorenzo Hall. I am the Chief Technologist at the Center for Democracy and Technology. For 25 years, CDT has been a leader in protecting digital civil liberties and democratic principles online. My Ph.D. work at UC Berkeley focused on voting machines, and I have served on a number of State-level independent reviews of voting systems. Today I will talk first about what we saw in 2018, and then CDT's five priorities for election security as we head into 2020. While 2018 did not see the cybersecurity attacks on election systems that we saw in 2016, a number of attacks did target campaigns and campaign infrastructure. The midterms were just not a juicy target for attackers, at least not as attractive as 2016 or 2020 election cycles. The issues we did see with election systems in 2018 involved isolated but systemic issues more easily explained as failures rather than attacks. For example, in Johnson County, Indiana, a misconfigured computer server caused electronic pollbooks to crash across the entire county. No one could vote for four hours. In a case of election deejaa vu, a serious ballot design flaw likely contributed to tens of thousands of missing votes in a Florida U.S. Senate contest. We were in many ways lucky and thankful that we didn't see attacks like those of 2016, but we still have a long way to go in terms of hardening elections. CDT believes the following five priorities are crucial going into 2020: First, Congress must prioritize the replacement of dangerously outdated voting technologies. We learned after the Help America Vote Act of 2002 that elections are one area of civic life that we cannot fully digitize. To enable meaningful recounts and post-election audits, we must have software-independent, voter-verifiable paper records. Very simply, it is time for a paper mandate in elections for Federal office. Or at least some very attractive incentives designed to replace paperless systems. Second, Congress should limit the use of paperless remote voting systems. There are some contexts, such as uniformed and overseas voting, where jurisdictions allow email, fax, or even internet voting, occasionally disguised as remote ballot- marking systems. These systems do not have a paper record backing up those votes, and they may even expose jurisdictions to increased risks of cyberattack. Rather than allowing, for example, any absentee voter to use these systems as some jurisdictions do, paperless remote voting should be limited to only those who could not otherwise vote in another manner. Third, Congress should promote the research, development, and implementation of risk-limiting audits. Yes, that is a wonky term, risk-limiting audits, but you can think of them as low-cost recounts. In a risk-limiting audit, paper ballots are randomly selected and compared to their digital equivalent until there is enough evidence that, if you did a full recount of those paper records, you would know that the outcome of the race wouldn't change. And as mentioned, only a few States currently permit these kinds of audits, are engaged in pilot projects, and to encourage more, Congress should provide incentives for two things: research and development to make them more precise and useable, and then pilot projects with published reports which would greatly help others along this journey. Fourth, Congress should commit to long-term funding of the U.S. election infrastructure. The ongoing evolution of election administration desperately needs a stable and long-term source of funding. Without this, elections will continue to be threadbare and a natural target for attackers that want to affect our economy, our society, and our democracy. The down payment in ongoing funding contemplated in the Election Security Act, now part of H.R. 1, is a good start. Finally, Congress must increase the budget of the U.S. Election Assistance Commission. The EAC now has a full complement of sitting Commissioners. It is preparing right now--preparing election officials and voting system testing for 2020, and it is in the process of finalizing version 2.0 of the Federal voting system standards, the VVSG. It is a very busy time for the EAC right now. The last time there was this level of activity at the EAC was in 2010 when its budget was roughly twice what it is now. In summary, replace paperless voting systems, incentivize risk-limiting audits, and fund election infrastructure and security. Thank you very much. [The statement of Mr. Hall follows:] [GRAPHICS NOT AVAILABLE IN TIFF FORMAT] The Chairperson. Thank you very much. Ms. Benson. STATEMENT OF THE HONORABLE JOCELYN BENSON Ms. Benson. Chairperson Lofgren, Ranking Member Davis, and Members of the Committee, thank you for holding this hearing and for the invitation to testify. Securing our election infrastructure against efforts to thwart or undermine the will of our voters is essential to the survival of our democratic system. I am honored to offer my perspective as Michigan's chief election officer on this critical challenge. As this Committee proceeds, I encourage you to seek further input from State and especially local election administrators. Now more than ever, the Federal Government's role as a partner with us securing our elections is necessary if our work at any level is to succeed. The role best manifests itself in three forms: one, investment and resources, much of which we have heard today; two, setting standards and establishing protections at the local level; and, three, setting and establishing a cooperative and bipartisan tone. As you know, in recent years, we have seen unprecedented threats to our election system, including some from sophisticated foreign-government-aligned entities. From this very highest level of government, we need acknowledgement of the past, present, and future threats posed by foreign state actors, and through that, the marshaling of bipartisan support and cooperation to build a sustainable and secure election infrastructure in every State. The threats to the security of our elections did not begin in 2016 and we know for certain that they will not end in 2020. Only through a unified approach and long-term commitment and investment can we adequately support the infrastructure we need to provide a voting system in which all Americans will rightly place their trust. Part of that unified approach must be a commitment to providing a predictable stream of funding and other resources. Many of the issues we have discussed today can only be addressed partially at the local level and temporarily with the tools that we have at our disposal. In many cases, election officials know what they need to do, but they cannot afford to do it. The Federal Government has taken positive steps, such as significantly improving Federal, State, and local coordination, and making more funding available, but we need to do much more. Michigan's election system provides a useful example. We are unique in the extent to which our election administration responsibility is shared among over 1,500 local municipalities, each one running their own elections. This decentralized system helps safeguard against systemwide problems but also means we have many links in the chain. Local officials are often on the front lines of defense, and investment in their work is critical if we are going to secure all our elections. With that in mind, investing in the infrastructure at the local level, providing support to local clerks, supporting poll workers as well with increased accountability with local officials who don't take advantage of the resources or otherwise fail to run elections in a way that ensures security and integrity of election results is critical. To ensure we are implementing best practices and leaving no stone unturned in Michigan, I also formed a security task force composed of local officials, election specialists, and national experts in technology and data security, including a liaison from the Department of Homeland Security. Our goal is for Michigan's elections to be among the most secure in the country and to pilot best practices, like risk-limiting audits, that we hope can drive national reform. While we await our Michigan panel's final recommendations later this year, their initial discussion has already focused on securing and protecting several areas of vulnerabilities. I describe these in greater detail in my written testimony but will highlight a few key points here. First, voter registration databases. Following the 2016 election, we learned of attempts to compromise our voter registration databases in other States, some successful. If outside actors were able to manipulate registration records successfully, they could disrupt elections and put voters at risk. Protections against this potential is critical. In Michigan, we have taken steps to modernize and safeguard our voter registration database, the backbone of our election administration system. And it is also important to have protections at the local level in the event of a registration problem. Michigan has joined the growing list of States that allow voters to register on election day and vote that same day. In yesterday's elections alone, 400 voters took advantage of that freedom, and they would not have voted without it. In Michigan, someone missing from a list on election day can now reregister at a clerk's office and vote. This is an important safeguard also to threats to challenge our voter registration databases. In addition, voting technology is critical to upgrade, and I also want to emphasize that simple investments in voting technology is incomplete without a recognition that that technology will continually evolve, and upgrades and sustainable sources of funding for those upgrades are critical. Finally, support from Congress and the Federal Government will be critical to ensuring this and many other issues are addressed, and I am encouraged by the bipartisan spirit of cooperation among election officials in our State and in our country, particularly when it comes to election security. Tomorrow, Secretary Merrill, a Republican, and myself, a Democrat, are leading a bipartisan group of Secretaries of State to visit Selma, Alabama, where Congressman John Lewis and many others put their lives on the line for the right to vote. Through this leadership, we, as secretaries of state, hope to show bipartisan support and cooperation is possible, and we hope to strengthen and unify our commitment to a free and fair election system. And I encourage you to join us in this spirit of bipartisan cooperation. Thank you. [The statement of Ms. Benson follows:] [GRAPHICS NOT AVAILABLE IN TIFF FORMAT] The Chairperson. Thank you very much. Good for you. And Secretary of State Merrill. STATEMENT OF THE HONORABLE JOHN MERRILL Mr. Merrill. Thank you, Madam Chairperson, Ranking Member Davis, distinguished Members of the Committee, I am honored to be with you today. I am John Merrill and I have the privilege to serve as Alabama's 53rd Secretary of State. Alabamians have an extraordinary amount of experience with effective and ineffective election administration. At one time, our laws were written to reduce or eliminate minority participation in the electoral process. My team and I work diligently each day to ensure the right to vote and the opportunity to receive a free government-photo-issued ID are extended to each and every eligible U.S. citizen that is a resident of our State. Since I have been Secretary of State of Alabama, we have broken every record in the history of the State for both voter registration and voter participation. I will get to those numbers in a few minutes, but I think that it is essential to impress upon the Committee and members of the body and my fellow citizens of the United States that we cannot solve one crisis by pretending it is another. We must work collectively to strengthen our cybersecurity to protect the integrity of the electoral system from foreign influence. However, we should not present a narrative to citizens that only one system can ensure an equal right to vote. As I previously stated, my goal as Alabama Secretary of State is to ensure that each and every eligible U.S. citizen that is a resident of our State is registered to vote and has a photo ID. During my time as Alabama Secretary of State, my team and I have changed the paradigm for voting in the State of Alabama. Since January 19, 2015, we worked with notable Alabamians, local officials, interested parties, key communicators, and concerned citizens to encourage voter registration and voter participation. The results are staggering. Since January 19, 2015, we have registered 1,249,422 new voters. We now have a record 3,479,068 registered voters. I am very, very proud of that because we have led the Nation per capita in those numbers since I have been the Secretary. You also need to know that we have got 30 of our 67 counties that have electronic pollbooks which expedites the check-in process and offers greater security for voters to participate in the process. As a part of our efforts to ensure voter integrity, we have worked to secure six convictions on voter fraud, and we have had two elections that have been overturned. We will continue to document, investigate, and prosecute those individuals and their attempts on disrupting the electoral process for others. We have created Alabama's first Braille voter guide and other applications for absentee ballots printed and regular ballots printed in Braille. In 2016, we created a committee to author and pass legislation and make it easier for folks to regain the right to vote after being convicted of disqualifying felonies. My legislative team is currently working with Alabama State Senator Rodger Smitherman, a Democrat, to pass legislation, to make it easier for Alabamians to cast an absentee ballot, including those Alabamians that are incarcerated but not convicted of disqualifying felonies while they remain incarcerated. Our director of relations is currently working with a team of election analysts and other third-party groups to build an active pilot program for the most effective manner which we can conduct post-election audits. We have worked to secure election systems that do not connect to our State and local internet networks for potential breaches of internet connectivity. We have expanded training provided by the Office of the Secretary of State to make sure that cybersecurity is included. All these efforts are designed to ensure that we have made sure that we are providing the safest and securest election procedures in our State. We have broken every record in the history of the State for voter participation in the last four major elections that we have had as well. We also have an electronic, election-night-reporting system, which has been exceptional and has been a model that other States have used. As a matter of fact, when we had our special U.S. Senate election on December 12, 2017, we accommodated more than 500,000 unique voters and users who were monitoring the system at one time. The work that we completed in advance of the election with our State and Federal partners to ensure that the system was secure and could be able to withstand cybersecurity attacks has been notable and has been successful. All we are trying to do is to make it easy to vote and hard to cheat. There is a number of ways that we have continued to do that. I think the most important thing for me to close with is by sharing that we continue to work with our private and public partners, and the effort that Secretary Benson and I have put together to ensure that we are trying to do the best we can to have a bipartisan effort to help people understand where we are today in our elections process and where we hope to be in the future. We think the best way to do that is by understanding each other, each other's needs, what our common goals are, and how we hope to move forward for the future. Thank you so much. [The statement of Mr. Merrill follows:] [GRAPHICS NOT AVAILABLE IN TIFF FORMAT] The Chairperson. Thank you very much. And thanks to all the witnesses. Now is the time when Members of the Committee may ask questions of the witnesses for five minutes apiece. I will turn first to our Ranking Member, Mr. Davis, for questions that he may have. Mr. Davis of Illinois. Well, thank you again to all the witnesses for your testimony. I want to start with Mr. Hall. Assuming the supply chain is secure, do you believe that ballot-marking devices with a voter-verified receipt is a reasonably secure method of voting? Mr. Hall. Absolutely. One of the things we struggle with here is to make a system a hundred percent secure is impossible. Mr. Davis of Illinois. Okay. Mr. Hall. What we try to do is make them as secure as we can. Certain ballot-marking devices, they are not all created equal. I have my favorite, which is created by a government, the county of L.A., Los Angeles County. But I do think that, especially if we can make sure that voters understand that it is their civic duty to make sure they look at that piece of paper that is the ballot of record, that it is a secure and reasonable system. Mr. Davis of Illinois. Okay. What, in your opinion, would the sample size be for a risk-limiting audit in a State like Florida with a 10,000-vote margin in a statewide race? Mr. Hall. The example I typically use--I don't know the details about Florida, but for example, in a State like California, a 1-percent-margin race, typically to get around 95 percent confidence, you need to sample 400 ballots from the entire State. So this is why risk-limiting audits are so awesome because they give you the best leverage off of counting the fewest ballots to know, if you did a recount, it wouldn't change. Mr. Davis of Illinois. But do you think the risk-limiting audits would result in more statewide recounts? Mr. Hall. I like to think of these as statistical recounts. You get the answer you would get from a recount without having to do the recount. I am hoping--I doubt that would be the case, if you were going to go to a recount before, that you would probably go to a recount under these systems as well. Mr. Davis of Illinois. Okay. It wouldn't work in my 2,000- vote margin of victory, huh? Mr. Hall. It depends on a number of factors. It is hard for me to say without doing the math---- Mr. Davis of Illinois. Sample size of, like, two. Mr. Hall. Yeah. Probably not. Mr. Davis of Illinois. Hopefully I can get my wife and kids. So, could State-canvas systems already in place be modified for risk-limiting audits? Mr. Hall. This depends on a bunch of technical factors. The best risk-limiting audits right now are what we call ballot- comparison risk-limiting audits, where a single ballot is compared with the digital record that it corresponds with. Those are only feasible right now with what are called central count optical scan systems, and so it depends on the specifics of the locality---- Mr. Davis of Illinois. Okay. Mr. Hall [continuing]. Whether or not they are--we are working on making it work for everything, but it is going to take a little while. Mr. Davis of Illinois. Well, that gets me to my next question. How does the Center for Democracy and Technology through its support of Voting Works hope to impact the current market for voting systems and election support? Mr. Hall. Voting Works is--nonprofits will incubate other nonprofits when they don't have their 501(c)(3) status, and that is what we are doing at the Center for Democracy and Technology. Voting Works aims to be a nonprofit, open-source, voting-system vendor, which is very different than all the other election manufacturers on the market. We hope that by building things that people can take and use and build on, that through that work, it will spread good things rather than keeping things proprietary and keeping things secret. Mr. Davis of Illinois. Okay. Mr. Norden, do you believe that an equal protection claim under the Voting Rights Act would exist in relation to post-election audits? Mr. Norden. I am not sure I understand the question. Are you saying that if a jurisdiction didn't conduct post-election audits, would there be an equal protection claim? Mr. Davis of Illinois. What I am saying is, if they did a risk-limiting audit and a jurisdiction made the claim, would you believe that if it was compared to another neighboring jurisdiction, that the--that the equal protection claim under the VRA would exist in relation to the post-election audits? Mr. Norden. I guess what I would say, this is the first time I have ever confronted that question, so I would have to think about it, but it would not immediately occur to me that somebody could bring an equal protection claim for how post- election audits were conducted. Mr. Davis of Illinois. Okay. Yeah, I would like you to think about it and get back to me---- Mr. Norden. I am happy to do that. Mr. Davis of Illinois [continuing]. If you could. Okay. And then to the entire panel and whomever wants to answer, what, if anything, do you know about the U.S. Department of Defense Advanced Research Project Agency's effort to create a federally supported hardware architecture for voting? And do you believe the Federal Government should be pursuing a more aggressive role in the design and deployment of elections technology for State and local adoption, and if so, why or why not? Mr. Merrill. My answer is no, and the reason is because that should be left up to the local States to be able to purchase the equipment that they think is important for them to use. And, frankly, I feel like the free market is the one that ought to determine what the availability of that equipment is and what should be purchased and what should not as long as it meets the standards. Mr. Davis of Illinois. Okay. Ms. Benson. Ms. Benson. I would actually--I would welcome that type of investment at the Federal level. The work that we have done already with the Department of Homeland Security has been very helpful because of the additional resources and expertise they bring to the table. I do think it would need to be a partnership with States and local election officials who have unique things to share as to what the infrastructure should look like, but certainly I could only imagine that it would help our efforts to secure our elections if we had that level of infrastructure, investment, and support. Mr. Merrill. And to be clear, we are still friends. Mr. Davis of Illinois. So are we. Mr. Merrill. But I am not for universal adoption. Mr. Hall. So, quickly, the work that DARPA is doing is to create secure hardware and to use voting as a really challenging application on top of that. And the cool thing about that is it will be usable by anyone later down the line who could actually take that and turn it into a product, rather than a research demonstration system, so I am very hopeful that this will benefit everyone in a way that doesn't force them but allows them to see that secure hardware is a really important part of securing systems in general. Mr. Davis of Illinois. Thank you. The Chairperson. Thank you. I will recognize myself for five minutes because I want to follow up on this DARPA issue. I had understood, perhaps incorrectly, that they were also--DARPA was also looking at open-source software. Is that correct, Mr. Hall? Mr. Hall. As far as I understand it--and I am not involved in the project--there is a hardware component. There is the software that runs on the chip that they are making, and then there is the software around the application of voting itself. So there are a bunch of pieces in there. I am pretty sure that all those pieces are going to be freely and publicly available under generous copyright licensing terms. And I think that is-- -- The Chairperson. Does anyone else, any of the other witnesses--we have reached out to DARPA, and they thought it was best not to be a witness at this hearing. But do you know, Mr. Norden? No? So I think we need to know more about that because it seems to me that we have had a problem in the country with proprietary software systems refusing to tell anybody what their system is not disclosing, and so the victims ultimately are the American voter, but also election officials can't know what the problems are even if they should be concerned about what had happened, and having open-source material available to elections officials is one way to avoid that. I would like to follow--or perhaps you don't know, Mr. Hall, but some of the software experts in my home, Silicon Valley, were critical about the DARPA effort, that it wasn't sufficiently open source to their liking. Do you know anything about that? Mr. Hall. I am not familiar with it. I would have to follow up. The Chairperson. I think we need to pursue it with DARPA then. Let me ask you this, Mr. Hall, or anyone else, Mr. Norden, how should political campaigns, which are fast-paced, nimble, in a rush, bolster their cybersecurity, particularly if resources are scarce? Usually, oftentimes, it is the last thing the candidates are thinking about. What are best practices for campaigns? Mr. Hall. Many of the best practices for campaigns are very similar to the best practices for election officials, or you can even think of a campaign as really a rock 'n' roll startup. They only last for, like, 18 months, and it has a ton of money and has to get rid of it really quickly. The things that can really help the campaigns are what I call of systems-level protection. So, for example, hardware keys for two-factor authentication, where it is not just a password that you have, but you actually have to have something on your key chain that you stick in and push a button. Those things, and then hardening their communications infrastructure. So there have been a lot of attacks on email systems of campaigns and things like that. These are things that we can deal with. The problem is a campaign's security is not the thing that they get awards for doing well, right? They get someone elected. And so---- The Chairperson. Right. Mr. Hall [continuing]. A lot of us have been trying to change the mentality and say: Look, security is just as much a first-class citizen in your enterprise as it is---- The Chairperson. Well, especially if it has an impact on whether you get elected, so---- Mr. Hall. Absolutely. The Chairperson. Mr. Norden, you have written books and articles on this subject. Describe, if you can, what hacking into election systems, whether it is voter registration databases, the voting machines themselves, what could happen on election day? What is the worst case--what keeps you awake at night on this? Mr. Norden. Oh, gosh. Look, you know, in many ways, we know--we know some of the bad things that can happen by looking at what has happened in other nations, but we also know just what has happened not by malicious act but by mistake here in the United States. And I often say that anything that can happen through error is kind of the opposite side of the coin of what can happen maliciously. We have seen, for instance, when electronic pollbooks fell, what kind of chaos that can cause at the polls, how it can keep people from voting, how it can cause lines for hours. And so that is certainly something that I worry about, and I am concerned that we don't have Federal standards, unlike for voting machines. I think when HAVA was written, electronic pollbooks weren't in as wide use as they are today. Thirty-four States use them today. And we don't have those kind of baseline--you know, the voting machine guidelines are voluntary. If we had something like that at the Federal level, I think that could be a baseline for States. We have information--a lot of these electronic pollbooks use wireless components. They have information that is on the cloud. So that is something that worries me, of course. And same thing with--and that is an example of the kind of thing that you would be worried about with registration databases also, changing information so that when people show up at the polls, they are unable to vote. There is a lot that we should be doing, and I think we can be doing, to protect against that, making sure that we have contingency plans. And then, lastly, of course, the real--the nightmare--the big nightmare scenario is that somehow somebody changes votes on a voting machine or for election night reporting, and I do think that is why having paper backups of every vote, being able to go back and, detect it through audits, and then recover. And I think that is important even if there isn't an attack. They are so--you know, when we talk about foreign interference, we are often focused on election infrastructure. There is a whole social media disinformation element to this that Mr. Davis mentioned. There can be a lot that is done there to undermine confidence in the vote, and having paper backups, doing audits, I think, is one way to combat that. The Chairperson. Thank you very much. Before calling on the gentleman from Georgia, I will say, we had very strongly held divergent views on various elements of H.R. 1, but I don't think there was any disagreement on a partisan basis that we want every vote cast by Americans to be counted as cast, and that we don't want to become victims of an attack from any source. I think there is bipartisan agreement on that. The gentleman from Georgia is recognized. Mr. Loudermilk. Thank you, Madam Chairperson. It is a very important hearing we have here, and I have got a couple questions, especially regarding the voting machines. I come from a technology background. I have an IT background. Also, early in my career, I had a job spying on Russia, in the Air Force. I bring a cybersecurity aspect to this as well. Long-time advocate for a paper backup. But what I am hearing, it seems counterproductive to some things I have advocated for in the past because I have seen the advantage of computer-based voting is the efficiency, especially when it comes to post- election. I can remember the first elections I was involved in, as a volunteer. You were up till midnight, 1 or 2 o'clock in the morning, in Georgia, waiting for results to come in. People are sitting at the courthouse waiting for counts to be done. We brought electronic voting in. A lot of times you know within a half hour to an hour by the time the polls close. But then we have the problem of, I would get calls from Republicans that the machines were changing my vote as I voted to all Democrats, and you get the same thing from the other side. What I heard from a lot of you is to not use a paper backup but use a predominantly paper ballot system with a computerized backup, which seems to be backwards to me from what would be the most efficient use, which would be, utilize computerized voting because of the efficiency. We already have a lot of long lines and the initial counting, but have the machine produce a paper verification that the voter then verifies that piece of paper is what they cast on the machine, that is then filed and used as a backup. I would like to hear, Mr. Hall, what are your thoughts on that? Because to me that actually reduces the human error, multiple marks made on a page for the same candidate, hanging chads, all that, is that the voter is then verifying that the computer did take what they said--the way they voted, and then that would be used for your recount. Mr. Hall. Yes, and so what I would say is, we have come a long way since around 2000 in that the machines we use now and that we are advocating for are what we call software independent. And what I mean by that is that no change in the vote total is--I am misstating the definition, but essentially think of it as, if something were to mess with the vote totals, you would still have an independent way of coming at the actual result. And so now these ballot-marking devices, they don't keep any state, to use a nerd word. Now, they don't keep the totals themselves. They use a different machine, like an optical scan machine, to suck the ballot in and actually do the counting. And so you have the benefit of using technology---- Mr. Loudermilk. Right. Mr. Hall [continuing]. For doing all of the navigation. You have a computer counting the thing, and you still have a paper ballot backup for the auditing. Mr. Loudermilk. So you have an IT-based device that actually casts the paper ballot, and a different device that actually counts it, and you have a backup. Mr. Hall. It depends on the model, but yes, that is basically correct. Mr. Loudermilk. Okay. Ms. Schneider. Ms. Schneider. So, the way you described the paper ballot working is actually the way that it does work with an optical scanner. You are still getting the efficiency of the computer when it comes to ballots, and you can still have that speed, although we should consider whether speed is the value we want on election night, but you still have that speed by having the computer scanners, even if you mark a ballot by a pen or pencil. And I do want to point out that with ballot marking devices, it is critically important, especially if they are used for all voters, there are two critical important things: One, there has to be enough. You have to know how many voters can vote on a single device during the course of one election day; and two, there has to be a process, a deliberate process, especially for those who are not using the assistive features to deliberately verify that their choices are correctly reflected, because there could be mistakes, or there could be malware that could impact that ballot, and so you have to--that is a process. That is a process issue on top of a security issue. Mr. Loudermilk. So let me make sure. You are talking about actually using a physical ballot that I mark. Ms. Schneider. Right. Mr. Loudermilk. Like the standardized tests that we used to do in school. Ms. Schneider. That is correct. Mr. Loudermilk. Does that not open up for human error that takes us back to the hanging chad days of the 2000 Presidential election? Ms. Schneider. We use paper ballots in my home county. I will tell you a story. In the State House race in my county, the margin of victory was about two dozen votes. It happened twice, in 2006, and, again, in 2016. And about 23,000 ballots were counted in that race. There was a full hand recount of those races, and the ambiguous ballots that you would talk about where you might dispute the voters' intent were not enough to change the outcome. Mr. Loudermilk. But if we could, Mr. Hall, you seem to be agreeing with me in that aspect as it does open up the chance for human error but doing it the way we were discussing would pretty much alleviate that. Is that true? Mr. Hall. Yes. And I think this is where we differ a little bit on the panel in the sense that at CDT, we believe that using the computer interface to improve navigation to reduce errors is a really important part. You do need to have enough of them. You have to pay for them. They are really expensive. And, so, those kinds of balancing features come into the ultimate decision of whether or not you should purchase those kinds of machines, but we believe that you should use technology when it does things really well and then ground it, you know, have it in something like paper when there is an important security element that you can't otherwise do. It is like an ``air gap.'' Mr. Norden. I would just quickly like to add one thing. The Brennan Center doesn't take a position on ballot marking devices versus optical scan and filling out these ballots, but I do want to make one point. Most people at this point in the United States are voting on these paper ballots now, and the scanner, as a computer, can be very helpful in preventing the kind of problems that you are talking about. In fact, the new technology makes it much less likely that somebody makes a mistake that they can't catch. The scanner now will notify a voter if it can't read their vote, will notify a voter if they voted in too many contests. So, the kind of hanging chad problem that you are talking about because of that technology is much, much, much less frequent. We have statistics on this, much, much less frequent than we saw with punch card ballots. Mr. Loudermilk. I see my time expired, but maybe if we have a second round, Madam Chairperson, I will follow up. The Chairperson. Sure. The gentlelady from California, Mrs. Davis, is recognized. And as I have to attend a meeting I cannot get out of, so I am going to ask her to take the chair. Mrs. Davis of California [presiding]. Thank you. I was going to thank Madam Chair, but I want to thank all of you for being with us today. I appreciate it very much. I want to ask you, please, Mr. Hall, if you could walk us through the process, or maybe it is even the lack of a process, on how the NSA lets State election officials know about emerging threats, or vulnerabilities that they have discovered in State election infrastructure? And I will go on for just a second and be a little bit more specific. Is there a formal system already in place for when the NSA or the broader intel community is supposed to communicate with State election officials? From what I understand, there is something that has been created called the Vulnerabilities Equities Policies and Process, but it doesn't appear that it has the kind of proactive warning that private industry or State election officials can do anything with, or at least it doesn't seem to notify them in real time so they can respond. Mr. Merrill. Madam Chairperson, obviously you didn't ask that question, but not to overstep, I think it is important---- Mrs. Davis of California. Sir, let me ask Mr. Hall first, okay? Mr. Merrill. Yes, ma'am. Just to let you know, we didn't receive any notification from anybody at any time. Mrs. Davis of California. Okay. No. That is part of how we deal with this, yeah. Mr. Merrill. Yes, ma'am. Mr. Hall. Okay. So there were two things in your question. The first is how State and local election officials are notified of potential attacks on their systems. This is a pretty well-orchestrated thing. I don't know the full details, but I can give you a high level overview, and if you ask me in Q&A format, I can follow up in more detail. Essentially, the NSA does, and the CIA do things, and not in the United States, to figure out who may be attacking our systems. The FBI does a little bit of that, too, domestically. If something were to happen where someone foreign was targeting our systems with cyber-attacks, presumably, the FBI would be notified, and either DHS or FBI, probably FBI, would notify the State and local election officials. In some cases, that went to governors or CIOs who may not be in the path. They may not have been directly plugged into that disclosure path. I think that is changing now with clearances for the State officials, because often, if you don't have a clearance, you can't accept this kind of stuff. So it is cleaning up a little bit. I still think that I am seeing, for example, there is a problem--if you are a victim, when DHS notifies you, they are not going to announce to the world what happened to you. It is up to you as the victim to disclose that, or it is going to come out in the press at some point. That thing--I think there needs to be something, like a couple of years or a year after something--someone gets notified such that that stuff becomes public. The Vulnerabilities Equities Process is something I can describe. It is a little different in that it is more about flaws that our defenders find, or offensive people find in commercial products that they can then decide when to disclose to the commercial entity to fix them. And I haven't seen that touch the voting systems sphere yet. It would be interesting if it did. I would love to know about that. Mrs. Davis of California. Yes. Thank you. Really, I respect your response there. What we are trying to figure out is, is there a way to have clearances and then the issue is, what do you do? If you think about it, say you get that information a few days before an election, and it is very serious. Mr. Hall. That is very tough. Mrs. Davis of California. What do you do? Mr. Hall. It depends on the nature of the information. For example, if you are told that someone installed malware on one of your machines, and it hopes to spread to your other machine, because they know exactly what the machine is, hopefully, you can quarantine that machine. But often, it is more likely there has been someone in your network for six months. We have no idea of what kind of access they had. You need to look at everything. That can be a real, real challenge for local elections. Mrs. Davis of California. So part of it, perhaps, may be-- and if you all want to respond, just the vulnerabilities that you may learn about, but that may not necessarily translate into something that you can act on, in real time. So that is something that--I think we all need to be thinking about that and how we can be helpful to you as election officials. I wonder, Secretary Benson, if you were to suspect a foreign intelligence hack, who would you turn to? Where would you go from there? Ms. Benson. We have contacts, you know, with DHS and multiple different agencies, so we would contact, you know, whether--regardless of the potential threat, and we are in, and I am in, frequent contact with those officials. In fact, we have a DHS liaison at Masterson who serves on my election security task force, so we are in frequent communication. That is something I established early on in my tenure to ensure that we are, in real time, learning of threats, and then, you know through security clearance. Mrs. Davis of California. Any ideas that you all have discussed that you think, perhaps, we need to know about in terms of how you can have a better relationship in this way? Ms. Benson. I think it is a proactive one on the part of the Federal Government, as well as the Secretaries of State, that perhaps standards and expectations from Congress can establish. But it is something that an individual leader will take seriously, but I think encouraging us to develop that relationship and then ongoing communication and a statewide response system is important. Mrs. Davis of California. Okay. Thank you very much. I am sorry. Mr. Butterfield. It looks like it is your turn. Mr. Butterfield. Thank you very much. I know the Chairperson is not in the room, but I want to begin by thanking her for holding today's hearing. This topic is extremely important. It appears to be a bipartisan issue that we are talking about, and one that is very dear to my heart. The Mueller report that we have heard so much about has a revelation that I want to make a reference. The Mueller report stated, quote, ``In August of 2016, the GRU officers,'' and, of course, we all know that is the Russian foreign intelligence agency, ``targeted employees of,'' and then there is a redaction, ``a voting technology company that develops software used by numerous U.S. counties to manage voter rolls and installed malware on the company network.'' Further, the report goes on to describe a separate spear- phishing operation conducted by GRU operatives that enabled access to the network of at least one Florida county government. And now, I am just finding out that in my Congressional district in North Carolina, a poll book product provided by an election vendor catastrophically failed on Election Day in 2016. Now, that failure occurred in six precincts in Durham, North Carolina on Election Day. And one of those precincts was forced to close one hour and a half at lunchtime during one of the busiest times for voters. There has been reporting that the voting technology company identified in the report, that is the Mueller report, who suffered a cyber intrusion in August of 2016, is the same vendor whose poll books catastrophically failed on Election Day in my district. The intrusions described in the Mueller report demonstrate just how important today's hearing is, and how robust action is urgently needed from this Congress to ensure the security and integrity of our election system. We know Russia interfered in our elections in 2016 and will likely try it again next year. And so, the question is then presented: What is this Congress going to do about it? Let me start with you, Mr. Norden. Was the attack in 2016, in your opinion, a well-planned Russian attack, or was it basically spontaneous? Mr. Norden. Thank you for the question, Mr. Butterfield. That is something I have thought a lot about. If you look at the reports of what the Russians did, actually, the attacks on election infrastructure almost look like an afterthought. They happened months after the hacking of political campaigns, at least reported what we know, months after the hacks on political campaigns, and years after the first disinformation campaign that we saw from the Russians. I do have concerns that--this is one of the reasons why I am concerned that the threat we face in 2020 is greater. The Russians will now have had four years to gain whatever they learned and given what we know that they have done in other countries, I would be concerned that there is potentially a much more aggressive action. Mr. Butterfield. Let me talk about election vendors for a moment, if I can. Can you quantify for me the number of election vendors throughout the country? Is it a small number? Mr. Norden. Well, that is a very difficult question to answer, because election vendors are central to so many aspects of the elections we run. We often think about just voting machines, and there are three main voting machine vendors and a couple of other smaller ones, but then there are vendors that produce electronic poll books. There are vendors that, for some local election offices, create their websites. Mr. Butterfield. Is there a registry anywhere of election vendors? Mr. Norden. Not that I am aware of. Mr. Butterfield. What regulatory oversight does the Federal Government have over an election vendor? Do we have any oversight? Mr. Norden. So, I mean, at the moment there--one thing that I talk about is there are more Federal regulations of ballpoint pens than there are of our election infrastructure. There hasn't been, as far as I am concerned, as much oversight as there should be of election vendors. We don't necessarily know who owns the election vendors. We don't know who works for them. Mr. Butterfield. Are you a proponent for more oversight? Mr. Norden. Absolutely. Absolutely. I think we need more information about who the vendors are, who works for them, what kind of security processes they have in place. And I certainly think a basic thing that we deserve is if election vendors are aware of a cyber attack on them, that they should be required to report that to the Federal authorities, to anybody that is using their products, and that currently doesn't exist right now. There is no requirement for that. Mr. Butterfield. That was going to be my next question. Yes. Ms. Schneider. Ms. Schneider. Thank you. I wanted to answer your other question regarding the number of vendors. The reason it is so difficult to determine that number is because there are 8,000 jurisdictions who administer elections, and for many of those jurisdictions who are very small, they outsource or contract with vendors to perform many steps in the election administration, and so, the real oversight need is for these third-party vendors. They may not be voting system manufacturers, but they may provide services and exactly the kind of vendors that you are talking about from the Mueller report where there is no oversight or regulation of those vendors, and no standard that they have to adhere to in terms of cybersecurity. Mrs. Davis of California. Thank you. Thank you for your response. Ms. Fudge. Ms. Fudge. Thank you very much and thank you all for being here. As you may know, we have been traveling the country a bit just getting data and information about voting irregularities, voter suppression, et cetera. I want to start with the two elected officials that are sitting here. We have heard so much as we have traveled the country. I am from Ohio, by the way, a State that thought that our machines were so awful, we got rid of them, but South Carolina bought them. This is true. South Carolina bought all the machines we got rid of because they were not effective. To go back to your point, there is no regulation. I am trying to determine from the two of you what do I tell people who have no confidence in our system? What do I tell people who believe that there is no integrity, that don't believe that their votes count? I have people who are afraid now to vote absentee, but then they come to the polls and see long lines, and they are afraid to do that, too. They look at these electronic books and they can't find their name, and when they do, their signatures just may have dotted their ``I'' differently, and they tell them they can't vote. What do I tell people who have no confidence in the system? What the state is of voting--what is the state of affairs of voting in the United States today? Ms. Benson. I think you tell them, one, that we have much-- one, I completely agree that focusing on ensuring voters have confidence in the security and accessibility of our elections is a critical component to making our democracy work. And I think why it is so important that we have a partnership at the State level with Federal Government, and why the Federal Government can set important standards and play an important leadership role, just as it has historically with the Voting Rights Act. It is setting the standards and expectations that States must meet in order to protect everyone's right to vote. In addition to that, I think factually, and what you have heard today, is that we are further ahead than we were five years ago, two years ago, ten years ago in securing our elections, but as we have moved forward, threats have emerged as well and evolved. And so what we need more of that we haven't had before is a stronger Federal and State partnership, and even Federal-State-local paper partnership where we are collaborating on a bipartisan basis to ensure that we are leaving no stone unturned in promoting the accessibility of the vote and the security of the vote. Those ongoing communications, that ongoing partnership, is important, and that is part of what we have tried to do at the State level among our Secretaries. Mr. Merrill. Yes, ma'am. I think it is real important to note some of the things we have already introduced. First of all, in our State, we made a concerted effort to ensure that people know that their vote needs to be cast for the candidate of their choice, but in order to do that, you have to be a registered voter, so we made it a campaign effort to ensure that all eligible people in our State are registered to vote. 96 percent of all eligible African Americans in the State of Alabama are registered to vote, 91 percent of all eligible Caucasian Alabamians are registered to vote, and 94 percent of all eligible Alabamians are registered to vote. Ms. Fudge. But that doesn't tell them that their vote counts. Mr. Merrill. No. But, when they go to all 2,499 locations in our State and they see a line, one of the ways we try to reduce that is by introducing electronic poll books. Now, Madam Chairperson, I really want to revisit that question about standardization. Ms. Fudge. Okay, but this is my time. I am trying to get answers to my questions. Mr. Merrill. I just want to make sure she knows. Ms. Fudge. Okay. Just hold one second for me. Mr. Merrill. Yes, ma'am. Ms. Fudge. Ms. Schneider, you talked about the cost of trying to assist States. What do you think it would cost to have a fair election in every State in the country because they have machines that are not going to be easily hacked, that they have a paper trail? What does that cost? Ms. Schneider. Well, I think that there have been published estimates of the cost, but in the Secure Election Act from last session, and in the security part of the H.R. 1, the $1.2 billion that is allocated for this purpose is a good start. We know--I can speak specifically for Pennsylvania where 83 percent of the counties in Pennsylvania had unverifiable and vulnerable systems, and the estimate for just Pennsylvania was close to $100 million to replace just those systems. So, I think that the first thing is an influx of investment right now, and then sustainable funding going forward. Ms. Fudge. All I can say is that I am more concerned now than when you came in about how easily our systems are compromised, and the fact that States don't have the resources to ensure to every one of their citizens that their vote is going to count. Thank you so much, all of you. Mrs. Davis of California. Thank you. Mr. Raskin. Mr. Raskin. Thank you, Madam Chairperson. Thanks to the witnesses. It seems as if the cyber age has made political democracy more vulnerable, and our elections more susceptible to attack and manipulation. We know from the Mueller report that there was a sweeping and systematic campaign by Russian operatives to destabilize and change the course of the American election. One part of it was pumping ideological poison into the American body politic through Facebook and Twitter and other social media. Another part was the cyber espionage of the DNC, the DCCC, and the Clinton campaign in order to release emails into the election. And the third part of it was the direct efforts to hack into State election systems. We also know from the intelligence community today that the same bad actors have not gone away and are planning a return engagement with the American people in 2020. And there might be other bad actors now who have decided to enter the sport, given the spotty defenses and response of the American Government. The good news, I think, is that there is a good deal of expert consensus as to what needs to be done to better secure our elections, and I just want to see if all of you all agree with these points. The first is that we should get rid of paperless voting machines and move to voting systems with voter marked paper ballots. Is that something that there is consensus on? Okay. It looks--let the record show I think everybody is nodding their heads. Secondly, we need to update and replace out-of-date computer software in States that are still using antiquated and obsolescent systems. Everybody agrees with that, yes? Ms. Benson. Yes, but we need to do so in way that carries a sustainable funding source because updating it now means it will be out of date in five years. Mr. Raskin. Good. That is a strong point. We have got to be thinking long term, not short term, in terms of all of these remedies. We need to adopt post-election audits in order to determine whether there are strange things going on. Does everybody agree with that? Yes. And then the Federal Government ought to provide greater cybersecurity resources to help thousands of different electoral jurisdictions across the country fortify their cyber defenses and defend the integrity of our elections. Does that sound right to everybody? Okay. So how would we characterize where the States are in terms of developing their responses in order to be ready and secure for the 2020 elections? Is there somebody who would be willing to state where they think that the State elections are, the systems are? Ms. Benson. Ms. Benson. I will start. Mr. Raskin. Please. Ms. Benson. I think that a partnership, a strong partnership with State and local officials and the Federal Government is key, and frankly, the Federal Government has both the leadership, a standard establishing role, and an educational role to play for many State and local officials who come to the jobs, perhaps new to the area, and could benefit significantly from ongoing educational awareness and training to the point where if there is a problem identified, you are not simply telling us the problem, you are providing us with the tools, resources, and education to fix it. Mr. Raskin. And in some sense, America's problems are unique here, because we have such a decentralized system of electoral administration. In most countries, certainly our neighbors, Mexico and Canada and the European countries, there are national electoral commissions. I think in Mexico, there is even like a national electoral supreme court. But there are national electoral commissions whose sole job, as professional nonpartisan entities, is to administer elections fairly. And we don't have anything like that, right? We have got the Federal Election Commission whose sole jurisdiction is campaign finance and is almost completely dysfunctional even with respect to that. We don't have a national electoral administration, so we depend on the States and the counties and the cities to do it, right? Mr. Merrill. Congressman, if we did not allow that to happen the way that it is, according to the 10th Amendment, so those decisions are best made at the local level, at the State level. It would be a lot easier to infiltrate the system and to prepare it to be compromised. Mr. Raskin. You think it is easier to defend 8,000 different systems than one system? Mr. Merrill. I think it is easier to defend an individual State system than it is if you just knew that on one particular day, using one set of equipment that is used in the entire Nation---- Mr. Raskin. But can you imagine if America's military defense was provided by the 51 different jurisdictions. Mr. Merrill. Yes, sir, but we are not talking about the defense. Mr. Raskin. It is an analogy, yes. Mr. Merrill. Well, but it is not an accurate one, in my estimation, based on what we are trying to do. That is why I think we need to make sure that equipment is approved, equipment is evaluated, and equipment is documented and recorded as to its effectiveness in election administration. Mr. Raskin. Okay. I yield back. Thank you. Mrs. Davis of California. Thank you both. We are going to do another round here quickly, so I want to turn to the Ranking Member, Mr. Davis. Mr. Davis of Illinois. I know everybody is excited for the second round, right? Mr. Merrill, you were making a point earlier and were not able to finish that point. I would like to give you some time to do that if you want. Mr. Merrill. Well, there are a couple of things, Congressman. One of the things I think it is important to note, the gentlelady from Ohio, who has since had to be excused, I think it is important to note that according to all reports that we received from Homeland Security, from counterintelligence, from the Central Intelligence Agency, from the FBI, there was never an incident or occurrence in any of the 50 States in the Union where tabulation changes occurred during the 2016 election. I think that is very important to note. It is very important to recognize that fact, that the Russians did, indeed, infiltrate our systems, but primarily through social media, and through influencing people in their decision making. When it comes to the administration of the elections, no votes were changed. No equipment was touched. There have been no changes occur to the votes that were cast for those candidates. The other thing that I wanted to talk about, Congressman, in relation to election equipment. What we could really benefit from in Alabama, in Michigan, in all other States in the Union is to have a centralized effort to evaluate the effectiveness of election equipment, whether it be for voter registration purposes, whether it be for voter administration purposes, electronic poll books. And as a member of the Election Assistance Commission Standards Board, one of the things I have advocated for is that we need to have the EAC be a central repository where they could evaluate the effectiveness of equipment. And if they noted failures, or failures were recorded, they could come back and say in a report, much like Consumer Reports used to do for all of us that are old enough to remember it where they don't recognize, or recommend, that a specific vendor be selected, but they say this is what we know about the successes. This is what we know about the failures. And in doing so, it puts us in a better position when we are trying to determine if this is a specific group we need to do business with, or a product that we need to purchase. Mr. Davis of Illinois. All right. Well, I agree with your earlier statement. Facts matter, statistics matter and help us determine how we effectively spend taxpayer dollars to ensure that we have the fairest, safest, most secure election systems. Secretary Merrill, you worked with DHS going up into the 2018 elections, right? Mr. Merrill. Yes, sir, and still do today. Mr. Davis of Illinois. What were your thoughts initially about DHS coming in and helping? Mr. Merrill. I was a little bit irritated. Part of it was because when we were told by Secretary Johnson before the elections in 2016 that the Department of Homeland Security was going to take over the elections process, that is a real concern, because that is not an area that those individuals have been trained to take over and to help us be able to effectively administer the elections. What we need is support, and we need assistance, and when possible, funding to assist us in that area. But for the Federal Government to come over and to overreach and to take over the administration of the elections at all levels, first, I don't think it is appropriate. Secondly, I don't think it is constitutional. Mr. Davis of Illinois. So that was your worry in 2016? Mr. Merrill. Yes, sir. Mr. Davis. But right now, what are your thoughts about 2018? Mr. Merrill. Yes, sir. It has continued to improve, because one of the things that we have seen is, they have wanted to work with us, and we made our position known to Secretary Johnson and through the Obama administration, and then to President Trump and through Secretary Nielsen. We have found them to be very receptive to our request. I have had, in the last 15 months, two private meetings with Secretary Nielsen and with other team members. We have visited with her and other people in Homeland Security to talk about the issues that have been so important and so relevant to us. They have been very receptive, very responsive. They have offered assistance. They have offered assistance at the State and local level in Alabama. I know they have done that in other States as well. Mr. Davis of Illinois. They haven't come in and required you to do things? Mr. Merrill. No, sir. They said that we are available. If you would like to enter into an agreement with us, we would be supportive, but not what we would consider overreach where they come in to take over the system. Mr. Davis of Illinois. How many of your colleagues that are secretaries of state, or in my State of Illinois, it would be the State Board of Elections. How many do you think would be receptive to mandatory Federal assistance? Mr. Merrill. Not very many. I think there is some that would be interested in having a stronger partnership than we have if they could get certain benefits from it. But we think, and when I say ``we,'' I am talking about the colleagues that I am the closest to. Much like Thomas Jefferson suggested that that government which governs best governs least. That is the sum of good government. Mr. Davis of Illinois. Well, Mr. Secretary, thanks for your response. I have no idea why my red light speeds up faster than everyone else's, but it always happens that way, so I yield back. Mrs. Davis of California. Thank you. I will recognize myself for five minutes and just follow up with this discussion a little bit, because, you know, it is possible to think about a time when a jurisdiction, when the State doesn't have proper cybersecurity systems, and in that case, what are we looking at? Should there be a role for the Federal Government to make sure that their system is not as vulnerable to hacking as perhaps a neighboring State? Mr. Merrill. Yes, ma'am. And one of the things that I would suggest that, much like the appropriation that we just received from the EAC, if there were certain expectations about the way that a block grant of resources could be received by the State and be utilized by that State in certain areas to make sure that certain purchases were being made, or certain systems were being implemented to prevent vulnerabilities or to keep certain vulnerabilities from being exposed, that would be very helpful to us. But for certain things to be introduced, as it was in H.R. 1, to say that you must have these things in place, you must do these and have an unfunded mandate, that is not good for any State, no matter whether you have a great deal of resources in your statement or you are limited with your resources. Mrs. Davis of California. So it sounds like you are talking about some enforcement capability in some areas, but not in others. Anybody else want to comment on that quickly? Ms. Benson. Yes. I would like to offer the alternative perspective. With all due respect to my good friend, Secretary Merrill, I am coming at this as a long-time academic and voting rights scholar. I feel very strongly that there is a leadership role for the Federal Government to play. It is in partnership and in collaboration with the State and local governments, as I have said repeatedly today, but the Federal Government cannot, and should not, abdicate its role as it has historically to set the standards and expectations that all States must meet. I think it is the basic Constitutional imperative of equal protection, and it takes into consideration that while every State does have unique challenges, there are some standards of expectations that, especially if we are receiving Federal funding, I think many of us, myself included, would be comfortable working with the Federal Government in seeking to meet. It is a dance to determine how deep and specific those standards should be, and I acknowledge that, but I don't think that is a reason to not have basic data-driven, fact-based solutions, and bars that States should strive to meet if they are receiving Federal assistance. Mr. Davis. Thank you. Yes, please. Ms. Schneider. I just wanted to share with you my experience in 2016 with the Department of Homeland Security. At that time, they offered their services free of charge to State and local jurisdictions who wished to receive them, and we were able to engage with the Department of Homeland Security to run a penetration test and assessment of our networks before the 2016 election, which we were very grateful for, and we think that that is the kind of partnership that should occur, and I think that they need adequate resources to offer those services to every jurisdiction who would like them. And to your earlier question before about whether you get notification, there is the multi-State information sharing association from the Center for Internet Security, that it does go to the State CIOs, but we did receive that in Pennsylvania, and if it was unclassified, it was filtered down, and also, through the Pennsylvania Emergency Management Association. Mrs. Davis of California. Okay. Thank you very much. And that was in real time, you are suggesting. Was it a week from the occurrence, or right away? Ms. Schneider. No. If they were unclassified, they were right as they occurred. Mrs. Davis of California. Okay. Great. Thank you. I wonder if you could, just for a moment, think about whether you believe that there is anything that voters should be doing to make our systems more secure? Is there an educational piece that we have not addressed in this country? Ms. Schneider. There is one thing that voters could do right before or at any point in the election cycle, is to check their registration, and make sure that their information is correct, their address is correct, their polling place is correct, because if there has been an attack or tampering in the registration system, you can detect it and correct it in advance. Mr. Hall. And I would say check your ballot to make sure that the thing you cast reflects your intent and volunteer to be a poll worker. This is a vast volunteer force, and it is the pinnacle, I think, of civic duty, you know, spending 16 hours counting your fellow citizens' votes. Mrs. Davis of California. Thank you. And that is particularly in areas where there is a very diverse community, we need to have people come forward who understand language and culture and a whole host of other things. Thank you very much. I appreciate all of you for being here, and I am going to turn to Mr.---- Mr. Merrill. Madam Chairperson, if I may add to that in response to your question. One of the things we have done is try to encourage non-voters to become poll workers. We are passing legislation now in Alabama, it has already passed both chambers, to allow 16- and 17-year-olds to be able to work the polls which can increase civic responsibility. Mrs. Davis of California. Thank you. Appreciate that as well. Mr. Loudermilk, do you have an extra question? Mr. Loudermilk. Thank you, Madam Chairperson. I want to shift away from voting, because I would really love to continue that conversation, and I think Mr. Hall and I could have a good conversation on that. I think we see eye to eye on this. I want to move over to the cybersecurity aspect of it now, and from my background in cybersecurity, any breach at some, or at least the majority of breaches at some level, have human error involved in it. There is usually some aspect, and a lot of times, it is a failure to act. It is with a patch or it is with something--at Equifax, it was failure to actually have a patch. And Mr. Hall is right. You cannot create a 100 percent secure system. When I was working in intelligence in the Air Force, we commissioned a vendor to create a completely secure system. They came pretty close. It was very secure, but it was so slow, nobody could use it. So it is always--it is a balance there. I do want to say something, and Mr. Merrill brought up a good point. It is from my experience of working in IT, it is always more secure to have multiple vendor systems over a single vendor system which if that is compromised, then everybody has--the bad guy has 100 percent access to everything. But you have to have a set of standards that the vendors operate by, and I think that is a role that we can play as a recommended set of standards still leaving the 10th Amendment, the States authority to conduct and operate their elections. But if you are going to use certain types of systems, they should meet these standards. I think that is clear. But back to the cybersecurity aspect. Is anyone on the panel familiar with OODA loop? OODA. O-O-D-A. A little bit surprised because that is used in cybersecurity. It is a cycle of decision making that you use to defeat an adversary in a fast-paced, multi-faceted environment. It is OODA. It means---- Mr. Hall. Observe something, detect, act? Mr. Loudermilk. It is observe, orient, detect or decide and act. It basically means you are always observant. You are watching to see what is going on which is happening in our cybersecurity realm right now. You orient yourself to what the threat is or multiple threats coming in. You make a decision of what you are going to do to counter that decision, and you act. And these loops are going continually, and it is used today. The NSA uses it. The CIA uses it. It was developed by an actual Air Force Colonel, so you know, give a few kudos to the Air Force there. Most cyber risk and breaches come from the last aspect of that, a failure to act. It is you orient, you observe, you decide, and in the case of Equifax, they didn't act to put a patch in. When we go to the 2016 election, and I will open this up to anybody, because I am still trying to figure out why we did what we did. I don't know if you are familiar with Michael Daniel. Michael Daniel was the cybersecurity czar in the previous administration. When the administration was given evidence that the Russians were actively trying to attack our cybersecurity, or our election systems, when it came to the acting, he was given the order by the National Security Advisor, Susan Rice, to stand down and not do anything. This was testified before the Senate in 2018 by Michael Daniel, that he received the order to not act to counter the Russians' attempts to interfere with our election system. Can anybody answer why, and maybe that would have a failure to act on the part of the Obama administration? Mr. Hall. The only thing I can think of is concern with ongoing operations that might have revealed something, but, you know, given that democracy hangs in the balance, I am not sure. I don't know enough about the specifics to say one way or the other. Mr. Loudermilk. I think we could have evolved a lot of stuff, resolved a lot of stuff, had there been the act which is a standard process in cybersecurity. And one last question for you, Mr. Merrill. War Eagle or Roll Tide? Mr. Merrill. My friend, look. There is only two words that you can say. Roll Tide. Mr. Loudermilk. All right. Thank you. I yield back. Mrs. Davis of California. Thank you. Mr. Raskin. Mr. Raskin. Thank you, Madam Chairperson. Ms. Benson, I just want to follow up with you about a point you were making before. First, there are a number of provisions in our Constitution which confer power on Congress and the Federal Government to regulate elections, right? Ms. Benson. Yes. Mr. Raskin. For example, the Congress has to guarantee to the people of the States a Republican form of government. Also, there is a specific provision which allows Congress to legislate in the electoral field, right? And under the supremacy clause, it clearly is supreme to the States. And as well, there are the enforcement provisions of a number of amendments in the Bill of Rights, and that is how we have made great progress in our country. Certainly, we would not be where we are in terms of voting with all the problems that we have without the Voting Rights Act of 1965, and that was passed under Section 5 of the 14th Amendment, right? Ms. Benson. Yes. Mr. Raskin. Is there any serious debate about the Congressional role in trying to make sure that everybody's voting rights are vindicated, and everybody's votes are counted? Ms. Benson. I think in Section 2 of the 14th Amendment, I think whether it is the Help America Vote Act, the National Voter Registration Act, the Voting Rights Act of 1965, the myriad of other Federal laws that have been enacted since the inception of our democracy, our democracy is better because of the congressional role in enforcing a basic standard of expectations of protections for all of our citizens. Mr. Raskin. And to just tease that out for a moment, haven't the greatest threats to people's voting rights started at the local and State level? Obviously, we have got this new threat of global interference with people's voting rights, but traditionally in our country, haven't the greatest threats arisen locally? Ms. Benson. History does show us that some of greatest threats have emerged locally, and some of the greatest successes and protections for voting rights have also emerged locally when States and local governments have gone beyond what the Federal Government has expected as a standard. I want to make that point as well, but, yes, certainly there is a critical role for the Federal Government to play. Mr. Raskin. Yes. I mean, the States have certainly led in terms of the expansion of the franchise, and we know lots of States extended women the right to vote, for example, before the 19th Amendment---- Ms. Benson. And language protections. Mr. Raskin [continuing]. Was adopted. And language protections and extending the right to vote to African Americans. And so that is definitely the case, that we have seen a lot of forward movement in the States that lead to national changes. But in the dynamics of Federalism, Congress has played an essential role in securing people's right to vote. And I think given the new cyber threats to voting security, Congress cannot abdicate that role, and Congress should be really in the forefront of trying to assist the States in making sure that we are fortifying our defenses, so there is not an open door for the kinds of activities that we saw in 2016. Ms. Benson. It is a critical role for the Federal Government to play. Also, in acknowledging and being a partner with us, and you know, fully funding the Election Assistance Commission and other existing agencies can go a long way in that regard as well. Mr. Raskin. Okay. Madam Chairperson, I yield back to you. Thanks so much. Mrs. Davis of California. Thank you very much. I might just follow up. Fully funding it and providing some authority so that they can do something about it, correct? I think everybody would agree with that. Ms. Benson. And I also want to emphasize as you have seen today, the importance of talking to more State and local officials, because I think you will see multiple different perspectives and opinions, and through that, I think you can develop some Federal expectations and standards. Mrs. Davis of California. Thank you very much. I want to thank all of you for your valuable testimony here, for appearing, and for being very helpful. I also want to let you know that members have five legislative days to revise and extend their remarks, and written statements may be made part of the record. If they have questions, we ask you to please respond in writing as soon as possible. I think there is a deadline on that but respond quickly so they can be made part of the record. Thank you very much. If there are no objections, this hearing is adjourned. [Whereupon, at 4:00 p.m., the Committee was adjourned.] [GRAPHIC NOT AVAILABLE IN TIFF FORMAT]