[House Hearing, 116 Congress]
[From the U.S. Government Publishing Office]
ELECTION SECURITY
=======================================================================
HEARING
BEFORE THE
COMMITTEE ON HOUSE
ADMINISTRATION
HOUSE OF REPRESENTATIVES
ONE HUNDRED SIXTEENTH CONGRESS
FIRST SESSION
__________
MAY 8, 2019
__________
Printed for the use of the Committee on House Administration
[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]
Available on the Internet:
https://www.govinfo.gov/committee/house-administration
__________
U.S. GOVERNMENT PUBLISHING OFFICE
38-641 WASHINGTON : 2020
--------------------------------------------------------------------------------------
COMMITTEE ON HOUSE ADMINSTRATION
ZOE LOFGREN, California, Chairperson
JAMIE RASKIN, Maryland RODNEY DAIVS, Illinois
SUSAN A. DAVIS, California Ranking Member
G. K. BUTTERFIELD, North Carolina MARK WALKER, North Carolina
MARCIA L. FUDGE, Ohio BARRY LOUDERMILK, Georgia
PETE AGUILAR, California
C O N T E N T S
----------
MAY 8, 2019
Page
Election Security................................................ 1
OPENING STATEMENTS
Chairperson Zoe Lofgren.......................................... 1
Prepared statement of Chairperson Lofgren.................... 4
Hon. Rodney Davis, Ranking Member................................ 7
Prepared statement of Ranking Member Davis................... 9
WITNESSES
Larry Norden, Deputy Director, Brennan Center's Democracy Program 11
Prepared statement of Mr. Norden............................. 13
Marian Schneider, President, Verified Voting Foundation.......... 26
Prepared statement of Ms. Schneider.......................... 28
Joseph Lorenzo Hall, Chief Technologist and Director, Center for
Democracy and Technology....................................... 37
Prepared statement of Mr. Hall............................... 39
Hon. Jocelyn Benson, Secretary of State, State of Michigan....... 48
Prepared statement of Hon. Benson............................ 50
Hon. John Merrill, Secretary of State, State of Alabama.......... 57
Prepared statement of Hon. Merrill........................... 59
SUBMISSIONS FOR THE RECORD
Hon. Rodney Davis, Ranking Member, statement..................... 83
ELECTION SECURITY
----------
WEDNESDAY, MAY 8, 2019
House of Representatives,
Committee on House Administration,
Washington, DC.
The Committee met, pursuant to call, at 2:17 p.m., in Room
1310, Longworth House Office Building, Hon. Zoe Lofgren
[Chairperson of the Committee] presiding.
Present: Representatives Lofgren, Raskin, Davis of
California, Butterfield, Fudge, Davis of Illinois, Walker, and
Loudermilk.
Staff Present: Khalil Abboud, Deputy Staff Director; Sean
Jones, Legislative Clerk; David Tucker, Parliamentarian; Tanya
Sehgal, Senior Elections Counsel; Veleter Mazyck, Chief of
Staff to Representative Fudge; Lauren Doney, Communications
Director and Deputy Chief of Staff to Representative Raskin;
Julie Tagen, Chief of Staff to Representative Raskin; Brandon
Mendoza, Senior Legislative Aide to Representative Davis of
California; Lisa Sherman, Chief of Staff to Representative
Davis of California; Kyle Parker, Senior Policy Advisor to
Representative Butterfield; Evan Dorner, Legislative Assistant
to Representative Aguilar; Joy Yunji-Lee, Minority Counsel;
Courtney Parella, Minority Communications Director; Jesse
Roberts, Minority Counsel; Cole Felder, Minority General
Counsel; Jen Daulby, Minority Staff Director; and Susannah
Johnston, Legislative Assistant to Representative Loudermilk.
The Chairperson. Good afternoon. The Committee on House
Administration will come to order. We do thank the witnesses
for being here with us today. This Committee is charged with
overseeing the administration of Federal elections, and this
hearing will help us fulfill that responsibility by documenting
the scope of current election security challenges.
Before we proceed, I offer this background on today's
troubling state of affairs. It is documented that foreign
agents, specifically Russians, attempted to interfere in
American elections in 2016. The fact of Russian interference in
the 2016 election was confirmed by eight credible national
entities, the Central Intelligence Agency, the Office of
Director of National Intelligence, the FBI, the National
Security Agency, the Department of Justice, the Department of
Homeland Security, and the House Intelligence Committee and the
Senate Intelligence Committee.
There was not only consensus among American intelligence
officials, both Democrats and Republicans agree that attempts
were made by Russia to compromise the integrity of American
elections. On July 17, 2018, then House Speaker Paul Ryan said
to reporters: They did interfere in our elections; it is really
clear.
Senate Majority Leader Mitch McConnell referred to
indisputable evidence of Russia's attempt to influence the 2016
election. Senate Majority Leader McConnell further stated: ``We
understand the Russian threat, and I think that is the
widespread view here in the United States among members of both
parties.''
More details of foreign interference in our election became
known through the release of Special Counsel Robert Mueller's
report which detailed the following, quote: ``GRU officers, the
main military foreign intelligence service of Russia, also
targeted individuals and entities involved in the
administration of the elections.'' Victims included U.S. State
and local entities, such as State boards of election,
secretaries of state, and county governments, as well as
individuals who worked for those entities. The GRU also
targeted private technology firms responsible for manufacturing
and administering election-related software and hardware, such
as voter regulation software and electronic polling stations.
In June 2017, then Democratic Leader Pelosi created the
Congressional Task Force on Election Security in response to
then the inaction on the topic. Despite our clear
responsibilities under House Rules, not a single hearing was
held in this Committee on this topic in the last Congress.
In February 2018, the Task Force released its report,
recommending reforms that could significantly advance election
security. Among some of the proposed reforms are replacement of
paperless voting machines with paper ballot voting systems,
risk-limiting audits, upgraded information technology
infrastructure, including voter registration databases with
ongoing maintenance, and requirements that election technology
vendors secure their voting systems.
Intelligence community pre-election threat assessments, in
coordination with Federal and State officials is important, and
it also prioritized State-level cybersecurity training.
Congress has not done enough to tackle this problem. The risk
posed by the vulnerabilities previously exploited remain.
Despite the overwhelming evidence showing these
vulnerabilities, the White House has failed to take these
issues seriously and to direct resources towards securing
election infrastructure.
Last summer, in remarks before the National Association of
the Secretaries of State, former Homeland Security Secretary
Kirstjen Nielsen said that there was, quote, ``no indication
that Russia is targeting the 2018 U.S. midterms at a scale or
scope to match their activities in 2016 but that she
``consistently observed malicious cyber activity from various
actors against U.S. election infrastructure.''
She also said that, quote, ``there is little doubt that
adversaries and non-State actors continue to view elections as
a target for cyber and influence operations.''
Now, according to The New York Times, Homeland Security
Secretary Nielsen eventually gave up her efforts to organize a
White House meeting of Cabinet Secretaries to coordinate a
strategy to protect next year's elections. As a result, the
issue did not gain urgency or widespread attention that only a
President can command, and it meant that many Americans
remained unaware of the latest versions of Russian
interference.
In spite of inaction, the Election Assistance Commission,
in cooperation with the Department of Homeland Security, has
been successful at building relations with State officials and
providing valuable resources as part of the critical
infrastructure designation. But in the face of increasing
threats, their efforts must expand. However, such expansion is
only possible if Congress increases resources.
Today, the EAC is operating with only half the budget and
fewer than half the staff it had 10 years ago when threats were
less grave. This already under resourced agency is only further
stymied by the administration's strenuous efforts to avoid
acknowledging our vulnerability and the need to secure our
elections from foreign threats, facts accepted as plain by both
legislative branch and national intelligence agencies. This is
unacceptable, and several things must change.
States need money to be able to replace their paperless
voting machines and outdated IT infrastructure. States and
localities also face the daunting task of training hundreds, if
not thousands, of election officials, IT staff, and poll
workers on cybersecurity and risk mitigation.
Another significant vulnerability comes from election
technology vendors. Many States purchase their voting systems
from third-party vendors who have little financial incentive to
prioritize election security and are not subject to regulations
requiring them to use cybersecurity best practices, nor are
they necessarily voluntarily adhering to these best practices.
In July of 2018, it was revealed that ES&S, one of the
Nation's largest voting machine makers had installed remote
access software on election management systems, although it had
not admitted about this fact to the press. This fact was only
uncovered through an inquiry by Senator Ron Wyden, who
characterized this remote access software installation as,
quote, ``the worst decision for security, short of leaving
ballot boxes on a Moscow street corner.''
In addition, election vendors are not currently required to
inform any Federal agency or State election official in the
event of a cyber-attack. Federal action is needed now to grasp
the scope of the problem and to innovate concrete solutions
that can be implemented before the next Federal election cycle
in 2020. This goal will be a primary focus of this Committee
moving forward. No matter your side of the aisle, the oath of
upholding democracy as citizens and elected leaders in this
Nation is fundamental, and that is why I am glad to convene
this hearing today, especially recognizing our new Ranking
Member Rodney Davis' avowed commitment to advancing election
security so that every voter can feel that her vote is
accurately counted and safe from the influence of those who
wish to see our great democratic experiment fail. And with that
goal in mind, I would recognize Mr. Davis for his opening
statement.
[The statement of the Chairperson follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
Mr. Davis of Illinois. Thank you, Madam Chairperson, and
thank you for your leadership of this Committee and your
bipartisan leadership on this issue.
Election security is one of the most important issues that
this Committee is tasked with and I take the responsibility of
ensuring fair and secure elections extremely serious. I know
that my colleagues on this Committee share--we share in this
sentiment.
We know that at least 21 States were targeted by a foreign
state actor prior to the 2016 U.S. election and we know that
Russia undertook a misinformation campaign during the same
election. I think I can safely say that everyone on this panel
finds that troubling, but we must also factually say that no
votes were changed in the 2016 election and that through the
tremendous effort of local, State, and Federal officials, the
2018 midterm elections, with record midterm turnout, were
secure--with record voter participation, once again. In fact,
we saw the highest turnout in a midterm election in the last 50
years.
As we discuss election security today, it is important to
note that many of the best practices used to protect our
elections are noncontroversial. And I want to take a moment to
clearly demonstrate what I am for. I am for an election system
remaining--I am for election systems remaining as critical
infrastructure. I am for helping our election technology
vendors secure their voting systems. I am for ensuring our
election officials, both at the State and Federal level receive
security clearances in a timely manner. I am for empowering the
Election Assistance Commission to lead our Federal support to
State and local officials. I am for the Department of Homeland
Security lending their expertise to State and local officials
when appropriate.
We must also recognize that our States and the Federal
Government have taken significant steps to carry out these
practices and services. We can take a look at my home State of
Illinois, which has invested in a new Cyber Navigator Program
that helps counties detect and defend themselves against
cybersecurity attacks. I believe we can cannot lose sight of
what Chris Krebs, the Director of the Department of Homeland
Security Cybersecurity and Infrastructure Security Agency, said
before the House Homeland Security Committee earlier this year.
Director Krebs said, quote: ``Local officials know their system
and what they need to do to conduct a successful election, end
quote, and State and local officials should remain in control
of their elections.''
As I have said many times, I believe that partisanship is
the greatest threat to our elections. Election security cannot
be a partisan exercise, but what we saw during the markup and
passage of H.R. 1 was purely partisan. Too much is at stake to
make this about party. If this hearing is an effort by my
colleagues to take a bipartisan look at election security, I
welcome it. We have important work to do here. However, I will
not support any attempt today to waste an opportunity to work
together and strengthen our election security for an attempt to
make the nightly news with a partisan political agenda.
I look forward to learning from our witnesses today on best
practices that States are implementing to combat foreign
interference and secure our Nation's elections. I look forward
to hearing more about the tremendous effort of the Election
Assistance Commission, the Department of Homeland Security, our
two secretaries of state, representing the rest in the Nation,
and most importantly, our local officials, where we see the
safest, fairest, and the most secure elections being
administered many, many times throughout the decade. I welcome
all of the guests today and the witnesses. I look forward to
hearing from you.
Madam Chairperson, I yield back.
[The statement of Mr. Davis of Illinois follows:]
[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]
The Chairperson. Thank you, Mr. Davis.
And other Members are welcome to submit their opening
statements for the record.
I would now like to introduce our distinguished panel of
witnesses.
Under the rules of this Committee, you have five minutes to
present your oral testimony. However, your full written
testimony will be made part of the record. There is a light
system in the front. When you are down to one minute, it goes
yellow from green. And when it is red, your time is up, and we
would ask you to sum up. Let me introduce each witness, and
then we will begin.
First, we have Lawrence Norden, who is the Deputy Director
of the Brennan Center's Democracy Program. Mr. Norden has
worked at the Brennan Center for some time, authoring several
nationally recognized reports on election security. He served
as chair of the Ohio Secretary of State's bipartisan election
summit. He is the lead author of the book ``Machinery of
Democracy: Protecting Elections in the Electronic World.'' He
has written extensively on the influence of money in New York
State politics. He is a graduate of the University of Chicago
and the NYU School of Law.
Next, we have Marian Schneider, who is the President of
Verified Voting. She brings a strong grounding in the legal and
constitutional elements governing voting rights in elections,
as well as experience in election administration at the State
level. She has served as a special advisor to Pennsylvania
Governor Tom Wolf on election policy. Throughout her career,
she has focused on the intersections of civil rights and
election law. She received her Juris Doctor degree from George
Washington University where she was a member of the Law Review
and earned her Bachelor's of Arts degree cum laude from the
University of Pennsylvania.
Next, we have Joseph Lorenzo Hall, the Chief Technologist
and Director of the Internet Architecture Project at the Center
for Democracy and Technology. His work has focused on the
intersection of technology, law, and policy, working to ensure
that technical considerations are appropriately embedded into
legal and policy arguments. He also leads CDT's internet
architecture project. Thank you very much for that. He has
received numerous awards I cannot read them all, but prior to
joining CDT in 2012, he was a post-doc research fellow at NYU,
and he was at Princeton University, as well as the University
of California, where he received his Ph.D. in information
systems. His Ph.D. thesis used electronic voting as a critical
case study in digital government transparency.
Next, we have Jocelyn Benson who is the Secretary of State
of Michigan. We appreciate so much that you have made your way
here. She was sworn in as Michigan's 43rd Secretary of State,
January 21st, 2019, after being elected last November to a
four-year term. Her focus for the department is customer
service excellence. She is an expert on civil rights law,
education law, and election law. She served as Dean of Wayne
State University Law School in Detroit. When she was appointed
dean at age 36, she became the youngest woman in U.S. history
to lead a top-100 accredited law school. She continues to serve
as Vice Chair of the advisory board for the Levin Center at
Wayne Law which she founded with former Senator Carl Levin.
Prior to her election, she served as CEO of the Ross Initiative
in Sports for Equality, otherwise known as RISE. She is the
founder of the nonpartisan Michigan Center for Election Law.
She earned a Bachelor of Arts from Wellesley College, a Master
of Philosophy from Oxford University, and a law degree from
Harvard Law School.
Finally, but certainly not least, we have John H. Merrill,
the Secretary of State of Alabama. We are so grateful that you
would make time to be here with us today. Secretary of State
Merrill grew up in Heflin. He is an Eagle Scout. He was a
graduate of the University of Alabama, where he served as
president of the Student Government Association as an
undergraduate. He was elected to represent the people of
District 62 in the State House of Representatives with 87
percent of the vote, the highest percentage garnered by a
candidate in any contested House race that year. He served as
Secretary Treasurer of the House Republican caucus and was a
member of the powerful Rules Committee, Economic Development
and Tourism. He has been awarded the Silver Beaver by the Black
Warrior Council of the Boy Scouts of America, as well as the
Sunlight Foundations Award for the most effective Republican
member of the Alabama House of Representatives. He was elected
in November of 2014, as Alabama Secretary of State, with 65
percent of the vote, winning 53 of Alabama's 67 counties and
was inaugurated Alabama's 53rd Secretary of State in 2015. He
is active in his community, his church, and active also with
the National Association of Secretaries of State, and we look
forward to hearing from him and from all of you.
We will start first with you.
STATEMENTS OF LARRY NORDEN, DEPUTY DIRECTOR, BRENNAN CENTER'S
DEMOCRACY PROGRAM; MARIAN SCHNEIDER, PRESIDENT, VERIFIED VOTING
FOUNDATION; JOSEPH LORENZO HALL, CHIEF TECHNOLOGIST AND
DIRECTOR, CENTER FOR DEMOCRACY AND TECHNOLOGY; THE HONORABLE
JOCELYN BENSON, SECRETARY OF STATE, STATE OF MICHIGAN; AND THE
HONORABLE JOHN MERRILL, SECRETARY OF STATE, STATE OF ALABAMA
STATEMENT OF LARRY NORDEN
Mr. Norden. Thank you, Chairperson Lofgren, Ranking Member
Davis, Members of the Committee for this opportunity to testify
today. Chairperson Lofgren has recounted the scope of Russian
attacks against our election infrastructure in 2016, but there
are several reasons to believe we could face even more serious
threats in 2020. We have seen the kind of damage a well-planned
attack by Russian operatives can do against election
infrastructure in Ukraine, Bulgaria, and elsewhere, where
attackers have deleted critical election files, shut down
websites, and even inserted a virus designed to declare the
wrong result.
Worse, there are other nation-states we need to worry
about. U.S. intelligence agencies have warned of potential
attacks by China, North Korea, and Iran, and, indeed, the
Chinese are alleged to have launched attacks against Indonesia
and Australia just this year.
The good news is that we have made significant progress to
secure our elections since 2016. Most importantly, policymakers
and election officials are acutely aware of the threats to our
election infrastructure. There is better information sharing
and resources sharing between Federal, State, and local
agencies. In the last 2 years, more resources have been made
available to secure our election infrastructure, not least of
which was $380 million in HAVA grants that Congress provided in
2018. The vast majority of which has been allocated to critical
security measures.
Despite this progress, there is far more to be done. First,
we must replace aging and insecure voting machines. In a recent
survey by the Brennan Center, local officials in 31 States told
us that they must replace their equipment before the 2020
election, but two-thirds of those officials said that they did
not have adequate funds to do so and this was after
Congressional funds were appropriated. Too often these systems
use outdated software that no longer receive security patches,
and election officials are forced to turn to eBay for
replacement parts because those parts are no longer
manufactured. A particularly urgent security issue is phasing
out paperless machines in the 11 States that still use them.
Second, we need implementation of robust post-election
audits--a comparison of paper ballots to software totals that
will provide a high level of confidence in the election outcome
and that will correct a wrong voting outcome. Only 21 States
currently have voter records for--paper records for every vote
and conduct post-election audits, precertification, and only
two conduct risk-limiting audits, which provide the high level
of confidence that I mentioned.
The good news is that several States used the HAVA money
that was appropriated to pilot risk-limiting audits in the last
year, and several jurisdictions would like to do more of those
this year. And we certainly should be doing everything we can
in the coming months and years to ensure that these are
conducted nationwide.
Third and finally, we must provide ongoing long-term
support for maintaining and improving election cybersecurity.
The Mueller report is a reminder that the election
infrastructure we need to protect goes far beyond voting
machines. The Brennan Center has long advocated that all States
implement a process of continuous cybersecurity vulnerability
assessments and mediation. While we estimate that the costs of
these kinds of assessments should be no more than a few million
dollars a year, obviously the cost of securing vulnerabilities
that are identified by such assessments will cost more.
Local election offices are on the front lines in defending
our election infrastructure against attacks, but often have the
least amount of IT or cybersecurity support. Routine, ongoing
funding of programs like the one Ranking Member Davis
mentioned, the Illinois Cyber Navigator Program, which directs
personnel and resources to local offices, would help close that
security gap.
It is cliche to say that this is a race without a finish
line. Funding election security should be a shared
responsibility among local, State, and the Federal level, but
only Congress has the power to ensure that responsibility is
shared by providing matching grants for State and local
governments. I am hopeful to see a continued commitment from
Congress to partner in this effort. Thank you.
[The statement of Mr. Norden follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
The Chairperson. Thank you very much.
Ms. Schneider.
STATEMENT OF MARIAN SCHNEIDER
Ms. Schneider. Chairperson Lofgren, Ranking Member Davis,
and Members of the committee, thank you so much for the
invitation to testify here today. My name is Marian Schneider,
and I am the President of Verified Voting, a nonprofit,
nonpartisan organization. Verified Voting's mission is to
strengthen democracy for all voters by promoting the
responsible use of technology in elections.
We are here today to talk about bolstering election
security. Ninety-nine percent of the votes cast in this country
are counted by computers, and election administration depends
on computers throughout the process. 2016 demonstrated what
many of us in this space have long believed, that the threat to
our computerized voting systems was not merely theoretical but
real and persistent. We must, as a Nation, adopt clear
solutions that will change the destructive narrative that
election hacking can alter election outcomes.
In our written testimony, we describe threats and solutions
for the larger election ecosystems. For voting systems,
however, the clear solution is to replace aging and vulnerable
voting machines with systems that use a voter-marked paper
ballot. Voters mark the paper either with a pen or a computer
ballot marking device with assistive features for voters who
need them, creating a verifiable record. Then the ballot is
scanned and retained in a secure ballot box.
We leverage the computer speed to count ballots quickly,
but it is imperative to check that the computer has counted the
ballots properly. In the best-practice scenario, as Mr. Norden
mentioned, we can check election outcomes by auditing,
selecting a random sample of ballots to check the reported
results and gather sufficient evidence that the outcome is
correct.
While there are different types of auditing, Verified
Voting and other experts urge widespread adoption of risk-
limiting audits as the most efficient and reliable way of
checking the election results. Such audits have a predetermined
large chance of leading to a full hand recount if the reported
results were incorrect, thus limiting the risk that a wrong
outcome will stand.
Verified Voting board members and staff have been involved
with every stage of RLA development, from its inception to
working with election officials, other groups, and several
States to pilot risk-limiting audits.
From 2015 to 2017, I served as Deputy Secretary for
Elections Administration in the Pennsylvania Department of
State, overseeing both elections and information technology. I
have firsthand experience trying to strengthen the
cybersecurity of election infrastructure in advance of a
Presidential election. I drafted directives for counties to
harden their systems, strengthen voter registration database
backup protocols, invited the Department of Homeland Security
to conduct penetration testing, and initiated a disaster
recovery plan for a statewide, election-night-return website.
And I worked with heroic, local election officials trying to
keep up with the changing threat environment with next to no
resources. From that experience, I urge Congress to support
State and local jurisdictions by providing immediate and
sustained investment in the security of our elections.
The consensus among the intelligence community is that
future attacks on American elections are inevitable. This is a
given. It is not whether a system will be attacked but when.
Safeguarding systems requires that we assume such breaches will
occur or have already. The best practice demands a multilayered
approach built around the concept of resiliency. Election
systems are resilient if jurisdictions can monitor, detect, and
recover from either an intentional attack or a programming
error. Resilient voting systems are those that use voter-marked
paper ballots, coupled with the risk-limiting audits. Paper
ballots and audits are the disaster recovery plan for our
voting systems.
A significant number of States have moved toward paper-
based systems over the years. Verified Voting tracks this
movement on its website and so that is a general recognition of
the best practices that we are talking about today. The main
barrier to the remaining States is the cost. We call on
Congress for the financial investment for jurisdictions to
replace aging and vulnerable voting systems, to fund technical
and material support to conduct risk-limiting audits, and to
fund enhanced security measures for all aspects of election
infrastructure.
We also urge investment in the research needed to build
better election systems, using open-source software and
research into the best methods to ensure voters check their
choices before casting their ballots and research that marries
security with more universally useable and accessible systems.
Our Nation's election infrastructure is vitally important
to our democracy. We must continue the progress begun in the
last two years to ensure that our election systems and voting
processes are resilient in the face of attack or disaster. With
support from Congress, the goal is in reach. Thank you.
[The statement of Ms. Schneider follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
The Chairperson. Thank you very much.
Mr. Hall.
STATEMENT OF JOSEPH LORENZO HALL
Mr. Hall. Chairperson Lofgren, Ranking Member Davis, and
Members of the Committee, thank you for the opportunity to
speak with you today. My name is Joseph Lorenzo Hall. I am the
Chief Technologist at the Center for Democracy and Technology.
For 25 years, CDT has been a leader in protecting digital civil
liberties and democratic principles online. My Ph.D. work at UC
Berkeley focused on voting machines, and I have served on a
number of State-level independent reviews of voting systems.
Today I will talk first about what we saw in 2018, and then
CDT's five priorities for election security as we head into
2020.
While 2018 did not see the cybersecurity attacks on
election systems that we saw in 2016, a number of attacks did
target campaigns and campaign infrastructure. The midterms were
just not a juicy target for attackers, at least not as
attractive as 2016 or 2020 election cycles. The issues we did
see with election systems in 2018 involved isolated but
systemic issues more easily explained as failures rather than
attacks.
For example, in Johnson County, Indiana, a misconfigured
computer server caused electronic pollbooks to crash across the
entire county. No one could vote for four hours. In a case of
election deejaa vu, a serious ballot design flaw likely
contributed to tens of thousands of missing votes in a Florida
U.S. Senate contest. We were in many ways lucky and thankful
that we didn't see attacks like those of 2016, but we still
have a long way to go in terms of hardening elections.
CDT believes the following five priorities are crucial
going into 2020: First, Congress must prioritize the
replacement of dangerously outdated voting technologies. We
learned after the Help America Vote Act of 2002 that elections
are one area of civic life that we cannot fully digitize. To
enable meaningful recounts and post-election audits, we must
have software-independent, voter-verifiable paper records. Very
simply, it is time for a paper mandate in elections for Federal
office. Or at least some very attractive incentives designed to
replace paperless systems.
Second, Congress should limit the use of paperless remote
voting systems. There are some contexts, such as uniformed and
overseas voting, where jurisdictions allow email, fax, or even
internet voting, occasionally disguised as remote ballot-
marking systems. These systems do not have a paper record
backing up those votes, and they may even expose jurisdictions
to increased risks of cyberattack. Rather than allowing, for
example, any absentee voter to use these systems as some
jurisdictions do, paperless remote voting should be limited to
only those who could not otherwise vote in another manner.
Third, Congress should promote the research, development,
and implementation of risk-limiting audits. Yes, that is a
wonky term, risk-limiting audits, but you can think of them as
low-cost recounts. In a risk-limiting audit, paper ballots are
randomly selected and compared to their digital equivalent
until there is enough evidence that, if you did a full recount
of those paper records, you would know that the outcome of the
race wouldn't change. And as mentioned, only a few States
currently permit these kinds of audits, are engaged in pilot
projects, and to encourage more, Congress should provide
incentives for two things: research and development to make
them more precise and useable, and then pilot projects with
published reports which would greatly help others along this
journey.
Fourth, Congress should commit to long-term funding of the
U.S. election infrastructure. The ongoing evolution of election
administration desperately needs a stable and long-term source
of funding. Without this, elections will continue to be
threadbare and a natural target for attackers that want to
affect our economy, our society, and our democracy. The down
payment in ongoing funding contemplated in the Election
Security Act, now part of H.R. 1, is a good start.
Finally, Congress must increase the budget of the U.S.
Election Assistance Commission. The EAC now has a full
complement of sitting Commissioners. It is preparing right
now--preparing election officials and voting system testing for
2020, and it is in the process of finalizing version 2.0 of the
Federal voting system standards, the VVSG. It is a very busy
time for the EAC right now. The last time there was this level
of activity at the EAC was in 2010 when its budget was roughly
twice what it is now.
In summary, replace paperless voting systems, incentivize
risk-limiting audits, and fund election infrastructure and
security. Thank you very much.
[The statement of Mr. Hall follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
The Chairperson. Thank you very much.
Ms. Benson.
STATEMENT OF THE HONORABLE JOCELYN BENSON
Ms. Benson. Chairperson Lofgren, Ranking Member Davis, and
Members of the Committee, thank you for holding this hearing
and for the invitation to testify. Securing our election
infrastructure against efforts to thwart or undermine the will
of our voters is essential to the survival of our democratic
system. I am honored to offer my perspective as Michigan's
chief election officer on this critical challenge.
As this Committee proceeds, I encourage you to seek further
input from State and especially local election administrators.
Now more than ever, the Federal Government's role as a partner
with us securing our elections is necessary if our work at any
level is to succeed. The role best manifests itself in three
forms: one, investment and resources, much of which we have
heard today; two, setting standards and establishing
protections at the local level; and, three, setting and
establishing a cooperative and bipartisan tone.
As you know, in recent years, we have seen unprecedented
threats to our election system, including some from
sophisticated foreign-government-aligned entities. From this
very highest level of government, we need acknowledgement of
the past, present, and future threats posed by foreign state
actors, and through that, the marshaling of bipartisan support
and cooperation to build a sustainable and secure election
infrastructure in every State.
The threats to the security of our elections did not begin
in 2016 and we know for certain that they will not end in 2020.
Only through a unified approach and long-term commitment and
investment can we adequately support the infrastructure we need
to provide a voting system in which all Americans will rightly
place their trust. Part of that unified approach must be a
commitment to providing a predictable stream of funding and
other resources.
Many of the issues we have discussed today can only be
addressed partially at the local level and temporarily with the
tools that we have at our disposal. In many cases, election
officials know what they need to do, but they cannot afford to
do it. The Federal Government has taken positive steps, such as
significantly improving Federal, State, and local coordination,
and making more funding available, but we need to do much more.
Michigan's election system provides a useful example. We
are unique in the extent to which our election administration
responsibility is shared among over 1,500 local municipalities,
each one running their own elections. This decentralized system
helps safeguard against systemwide problems but also means we
have many links in the chain. Local officials are often on the
front lines of defense, and investment in their work is
critical if we are going to secure all our elections.
With that in mind, investing in the infrastructure at the
local level, providing support to local clerks, supporting poll
workers as well with increased accountability with local
officials who don't take advantage of the resources or
otherwise fail to run elections in a way that ensures security
and integrity of election results is critical.
To ensure we are implementing best practices and leaving no
stone unturned in Michigan, I also formed a security task force
composed of local officials, election specialists, and national
experts in technology and data security, including a liaison
from the Department of Homeland Security. Our goal is for
Michigan's elections to be among the most secure in the country
and to pilot best practices, like risk-limiting audits, that we
hope can drive national reform.
While we await our Michigan panel's final recommendations
later this year, their initial discussion has already focused
on securing and protecting several areas of vulnerabilities. I
describe these in greater detail in my written testimony but
will highlight a few key points here.
First, voter registration databases. Following the 2016
election, we learned of attempts to compromise our voter
registration databases in other States, some successful. If
outside actors were able to manipulate registration records
successfully, they could disrupt elections and put voters at
risk. Protections against this potential is critical. In
Michigan, we have taken steps to modernize and safeguard our
voter registration database, the backbone of our election
administration system. And it is also important to have
protections at the local level in the event of a registration
problem. Michigan has joined the growing list of States that
allow voters to register on election day and vote that same
day. In yesterday's elections alone, 400 voters took advantage
of that freedom, and they would not have voted without it.
In Michigan, someone missing from a list on election day
can now reregister at a clerk's office and vote. This is an
important safeguard also to threats to challenge our voter
registration databases.
In addition, voting technology is critical to upgrade, and
I also want to emphasize that simple investments in voting
technology is incomplete without a recognition that that
technology will continually evolve, and upgrades and
sustainable sources of funding for those upgrades are critical.
Finally, support from Congress and the Federal Government
will be critical to ensuring this and many other issues are
addressed, and I am encouraged by the bipartisan spirit of
cooperation among election officials in our State and in our
country, particularly when it comes to election security.
Tomorrow, Secretary Merrill, a Republican, and myself, a
Democrat, are leading a bipartisan group of Secretaries of
State to visit Selma, Alabama, where Congressman John Lewis and
many others put their lives on the line for the right to vote.
Through this leadership, we, as secretaries of state, hope to
show bipartisan support and cooperation is possible, and we
hope to strengthen and unify our commitment to a free and fair
election system. And I encourage you to join us in this spirit
of bipartisan cooperation. Thank you.
[The statement of Ms. Benson follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
The Chairperson. Thank you very much. Good for you.
And Secretary of State Merrill.
STATEMENT OF THE HONORABLE JOHN MERRILL
Mr. Merrill. Thank you, Madam Chairperson, Ranking Member
Davis, distinguished Members of the Committee, I am honored to
be with you today. I am John Merrill and I have the privilege
to serve as Alabama's 53rd Secretary of State. Alabamians have
an extraordinary amount of experience with effective and
ineffective election administration. At one time, our laws were
written to reduce or eliminate minority participation in the
electoral process. My team and I work diligently each day to
ensure the right to vote and the opportunity to receive a free
government-photo-issued ID are extended to each and every
eligible U.S. citizen that is a resident of our State.
Since I have been Secretary of State of Alabama, we have
broken every record in the history of the State for both voter
registration and voter participation. I will get to those
numbers in a few minutes, but I think that it is essential to
impress upon the Committee and members of the body and my
fellow citizens of the United States that we cannot solve one
crisis by pretending it is another. We must work collectively
to strengthen our cybersecurity to protect the integrity of the
electoral system from foreign influence. However, we should not
present a narrative to citizens that only one system can ensure
an equal right to vote.
As I previously stated, my goal as Alabama Secretary of
State is to ensure that each and every eligible U.S. citizen
that is a resident of our State is registered to vote and has a
photo ID. During my time as Alabama Secretary of State, my team
and I have changed the paradigm for voting in the State of
Alabama. Since January 19, 2015, we worked with notable
Alabamians, local officials, interested parties, key
communicators, and concerned citizens to encourage voter
registration and voter participation. The results are
staggering.
Since January 19, 2015, we have registered 1,249,422 new
voters. We now have a record 3,479,068 registered voters. I am
very, very proud of that because we have led the Nation per
capita in those numbers since I have been the Secretary.
You also need to know that we have got 30 of our 67
counties that have electronic pollbooks which expedites the
check-in process and offers greater security for voters to
participate in the process. As a part of our efforts to ensure
voter integrity, we have worked to secure six convictions on
voter fraud, and we have had two elections that have been
overturned.
We will continue to document, investigate, and prosecute
those individuals and their attempts on disrupting the
electoral process for others.
We have created Alabama's first Braille voter guide and
other applications for absentee ballots printed and regular
ballots printed in Braille. In 2016, we created a committee to
author and pass legislation and make it easier for folks to
regain the right to vote after being convicted of disqualifying
felonies.
My legislative team is currently working with Alabama State
Senator Rodger Smitherman, a Democrat, to pass legislation, to
make it easier for Alabamians to cast an absentee ballot,
including those Alabamians that are incarcerated but not
convicted of disqualifying felonies while they remain
incarcerated.
Our director of relations is currently working with a team
of election analysts and other third-party groups to build an
active pilot program for the most effective manner which we can
conduct post-election audits. We have worked to secure election
systems that do not connect to our State and local internet
networks for potential breaches of internet connectivity.
We have expanded training provided by the Office of the
Secretary of State to make sure that cybersecurity is included.
All these efforts are designed to ensure that we have made
sure that we are providing the safest and securest election
procedures in our State. We have broken every record in the
history of the State for voter participation in the last four
major elections that we have had as well.
We also have an electronic, election-night-reporting
system, which has been exceptional and has been a model that
other States have used. As a matter of fact, when we had our
special U.S. Senate election on December 12, 2017, we
accommodated more than 500,000 unique voters and users who were
monitoring the system at one time. The work that we completed
in advance of the election with our State and Federal partners
to ensure that the system was secure and could be able to
withstand cybersecurity attacks has been notable and has been
successful. All we are trying to do is to make it easy to vote
and hard to cheat. There is a number of ways that we have
continued to do that.
I think the most important thing for me to close with is by
sharing that we continue to work with our private and public
partners, and the effort that Secretary Benson and I have put
together to ensure that we are trying to do the best we can to
have a bipartisan effort to help people understand where we are
today in our elections process and where we hope to be in the
future. We think the best way to do that is by understanding
each other, each other's needs, what our common goals are, and
how we hope to move forward for the future. Thank you so much.
[The statement of Mr. Merrill follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
The Chairperson. Thank you very much.
And thanks to all the witnesses.
Now is the time when Members of the Committee may ask
questions of the witnesses for five minutes apiece.
I will turn first to our Ranking Member, Mr. Davis, for
questions that he may have.
Mr. Davis of Illinois. Well, thank you again to all the
witnesses for your testimony.
I want to start with Mr. Hall. Assuming the supply chain is
secure, do you believe that ballot-marking devices with a
voter-verified receipt is a reasonably secure method of voting?
Mr. Hall. Absolutely. One of the things we struggle with
here is to make a system a hundred percent secure is
impossible.
Mr. Davis of Illinois. Okay.
Mr. Hall. What we try to do is make them as secure as we
can. Certain ballot-marking devices, they are not all created
equal. I have my favorite, which is created by a government,
the county of L.A., Los Angeles County. But I do think that,
especially if we can make sure that voters understand that it
is their civic duty to make sure they look at that piece of
paper that is the ballot of record, that it is a secure and
reasonable system.
Mr. Davis of Illinois. Okay. What, in your opinion, would
the sample size be for a risk-limiting audit in a State like
Florida with a 10,000-vote margin in a statewide race?
Mr. Hall. The example I typically use--I don't know the
details about Florida, but for example, in a State like
California, a 1-percent-margin race, typically to get around 95
percent confidence, you need to sample 400 ballots from the
entire State. So this is why risk-limiting audits are so
awesome because they give you the best leverage off of counting
the fewest ballots to know, if you did a recount, it wouldn't
change.
Mr. Davis of Illinois. But do you think the risk-limiting
audits would result in more statewide recounts?
Mr. Hall. I like to think of these as statistical recounts.
You get the answer you would get from a recount without having
to do the recount. I am hoping--I doubt that would be the case,
if you were going to go to a recount before, that you would
probably go to a recount under these systems as well.
Mr. Davis of Illinois. Okay. It wouldn't work in my 2,000-
vote margin of victory, huh?
Mr. Hall. It depends on a number of factors. It is hard for
me to say without doing the math----
Mr. Davis of Illinois. Sample size of, like, two.
Mr. Hall. Yeah. Probably not.
Mr. Davis of Illinois. Hopefully I can get my wife and
kids. So, could State-canvas systems already in place be
modified for risk-limiting audits?
Mr. Hall. This depends on a bunch of technical factors. The
best risk-limiting audits right now are what we call ballot-
comparison risk-limiting audits, where a single ballot is
compared with the digital record that it corresponds with.
Those are only feasible right now with what are called central
count optical scan systems, and so it depends on the specifics
of the locality----
Mr. Davis of Illinois. Okay.
Mr. Hall [continuing]. Whether or not they are--we are
working on making it work for everything, but it is going to
take a little while.
Mr. Davis of Illinois. Well, that gets me to my next
question. How does the Center for Democracy and Technology
through its support of Voting Works hope to impact the current
market for voting systems and election support?
Mr. Hall. Voting Works is--nonprofits will incubate other
nonprofits when they don't have their 501(c)(3) status, and
that is what we are doing at the Center for Democracy and
Technology. Voting Works aims to be a nonprofit, open-source,
voting-system vendor, which is very different than all the
other election manufacturers on the market. We hope that by
building things that people can take and use and build on, that
through that work, it will spread good things rather than
keeping things proprietary and keeping things secret.
Mr. Davis of Illinois. Okay. Mr. Norden, do you believe
that an equal protection claim under the Voting Rights Act
would exist in relation to post-election audits?
Mr. Norden. I am not sure I understand the question. Are
you saying that if a jurisdiction didn't conduct post-election
audits, would there be an equal protection claim?
Mr. Davis of Illinois. What I am saying is, if they did a
risk-limiting audit and a jurisdiction made the claim, would
you believe that if it was compared to another neighboring
jurisdiction, that the--that the equal protection claim under
the VRA would exist in relation to the post-election audits?
Mr. Norden. I guess what I would say, this is the first
time I have ever confronted that question, so I would have to
think about it, but it would not immediately occur to me that
somebody could bring an equal protection claim for how post-
election audits were conducted.
Mr. Davis of Illinois. Okay. Yeah, I would like you to
think about it and get back to me----
Mr. Norden. I am happy to do that.
Mr. Davis of Illinois [continuing]. If you could.
Okay. And then to the entire panel and whomever wants to
answer, what, if anything, do you know about the U.S.
Department of Defense Advanced Research Project Agency's effort
to create a federally supported hardware architecture for
voting? And do you believe the Federal Government should be
pursuing a more aggressive role in the design and deployment of
elections technology for State and local adoption, and if so,
why or why not?
Mr. Merrill. My answer is no, and the reason is because
that should be left up to the local States to be able to
purchase the equipment that they think is important for them to
use. And, frankly, I feel like the free market is the one that
ought to determine what the availability of that equipment is
and what should be purchased and what should not as long as it
meets the standards.
Mr. Davis of Illinois. Okay.
Ms. Benson.
Ms. Benson. I would actually--I would welcome that type of
investment at the Federal level. The work that we have done
already with the Department of Homeland Security has been very
helpful because of the additional resources and expertise they
bring to the table. I do think it would need to be a
partnership with States and local election officials who have
unique things to share as to what the infrastructure should
look like, but certainly I could only imagine that it would
help our efforts to secure our elections if we had that level
of infrastructure, investment, and support.
Mr. Merrill. And to be clear, we are still friends.
Mr. Davis of Illinois. So are we.
Mr. Merrill. But I am not for universal adoption.
Mr. Hall. So, quickly, the work that DARPA is doing is to
create secure hardware and to use voting as a really
challenging application on top of that. And the cool thing
about that is it will be usable by anyone later down the line
who could actually take that and turn it into a product, rather
than a research demonstration system, so I am very hopeful that
this will benefit everyone in a way that doesn't force them but
allows them to see that secure hardware is a really important
part of securing systems in general.
Mr. Davis of Illinois. Thank you.
The Chairperson. Thank you. I will recognize myself for
five minutes because I want to follow up on this DARPA issue. I
had understood, perhaps incorrectly, that they were also--DARPA
was also looking at open-source software. Is that correct, Mr.
Hall?
Mr. Hall. As far as I understand it--and I am not involved
in the project--there is a hardware component. There is the
software that runs on the chip that they are making, and then
there is the software around the application of voting itself.
So there are a bunch of pieces in there. I am pretty sure that
all those pieces are going to be freely and publicly available
under generous copyright licensing terms. And I think that is--
--
The Chairperson. Does anyone else, any of the other
witnesses--we have reached out to DARPA, and they thought it
was best not to be a witness at this hearing. But do you know,
Mr. Norden? No? So I think we need to know more about that
because it seems to me that we have had a problem in the
country with proprietary software systems refusing to tell
anybody what their system is not disclosing, and so the victims
ultimately are the American voter, but also election officials
can't know what the problems are even if they should be
concerned about what had happened, and having open-source
material available to elections officials is one way to avoid
that.
I would like to follow--or perhaps you don't know, Mr.
Hall, but some of the software experts in my home, Silicon
Valley, were critical about the DARPA effort, that it wasn't
sufficiently open source to their liking. Do you know anything
about that?
Mr. Hall. I am not familiar with it. I would have to follow
up.
The Chairperson. I think we need to pursue it with DARPA
then.
Let me ask you this, Mr. Hall, or anyone else, Mr. Norden,
how should political campaigns, which are fast-paced, nimble,
in a rush, bolster their cybersecurity, particularly if
resources are scarce? Usually, oftentimes, it is the last thing
the candidates are thinking about. What are best practices for
campaigns?
Mr. Hall. Many of the best practices for campaigns are very
similar to the best practices for election officials, or you
can even think of a campaign as really a rock 'n' roll startup.
They only last for, like, 18 months, and it has a ton of money
and has to get rid of it really quickly. The things that can
really help the campaigns are what I call of systems-level
protection. So, for example, hardware keys for two-factor
authentication, where it is not just a password that you have,
but you actually have to have something on your key chain that
you stick in and push a button. Those things, and then
hardening their communications infrastructure. So there have
been a lot of attacks on email systems of campaigns and things
like that. These are things that we can deal with. The problem
is a campaign's security is not the thing that they get awards
for doing well, right? They get someone elected. And so----
The Chairperson. Right.
Mr. Hall [continuing]. A lot of us have been trying to
change the mentality and say: Look, security is just as much a
first-class citizen in your enterprise as it is----
The Chairperson. Well, especially if it has an impact on
whether you get elected, so----
Mr. Hall. Absolutely.
The Chairperson. Mr. Norden, you have written books and
articles on this subject. Describe, if you can, what hacking
into election systems, whether it is voter registration
databases, the voting machines themselves, what could happen on
election day? What is the worst case--what keeps you awake at
night on this?
Mr. Norden. Oh, gosh. Look, you know, in many ways, we
know--we know some of the bad things that can happen by looking
at what has happened in other nations, but we also know just
what has happened not by malicious act but by mistake here in
the United States. And I often say that anything that can
happen through error is kind of the opposite side of the coin
of what can happen maliciously. We have seen, for instance,
when electronic pollbooks fell, what kind of chaos that can
cause at the polls, how it can keep people from voting, how it
can cause lines for hours. And so that is certainly something
that I worry about, and I am concerned that we don't have
Federal standards, unlike for voting machines. I think when
HAVA was written, electronic pollbooks weren't in as wide use
as they are today. Thirty-four States use them today. And we
don't have those kind of baseline--you know, the voting machine
guidelines are voluntary. If we had something like that at the
Federal level, I think that could be a baseline for States. We
have information--a lot of these electronic pollbooks use
wireless components. They have information that is on the
cloud. So that is something that worries me, of course. And
same thing with--and that is an example of the kind of thing
that you would be worried about with registration databases
also, changing information so that when people show up at the
polls, they are unable to vote. There is a lot that we should
be doing, and I think we can be doing, to protect against that,
making sure that we have contingency plans.
And then, lastly, of course, the real--the nightmare--the
big nightmare scenario is that somehow somebody changes votes
on a voting machine or for election night reporting, and I do
think that is why having paper backups of every vote, being
able to go back and, detect it through audits, and then
recover. And I think that is important even if there isn't an
attack. They are so--you know, when we talk about foreign
interference, we are often focused on election infrastructure.
There is a whole social media disinformation element to this
that Mr. Davis mentioned. There can be a lot that is done there
to undermine confidence in the vote, and having paper backups,
doing audits, I think, is one way to combat that.
The Chairperson. Thank you very much. Before calling on the
gentleman from Georgia, I will say, we had very strongly held
divergent views on various elements of H.R. 1, but I don't
think there was any disagreement on a partisan basis that we
want every vote cast by Americans to be counted as cast, and
that we don't want to become victims of an attack from any
source. I think there is bipartisan agreement on that.
The gentleman from Georgia is recognized.
Mr. Loudermilk. Thank you, Madam Chairperson.
It is a very important hearing we have here, and I have got
a couple questions, especially regarding the voting machines. I
come from a technology background. I have an IT background.
Also, early in my career, I had a job spying on Russia, in the
Air Force. I bring a cybersecurity aspect to this as well.
Long-time advocate for a paper backup. But what I am hearing,
it seems counterproductive to some things I have advocated for
in the past because I have seen the advantage of computer-based
voting is the efficiency, especially when it comes to post-
election. I can remember the first elections I was involved in,
as a volunteer. You were up till midnight, 1 or 2 o'clock in
the morning, in Georgia, waiting for results to come in. People
are sitting at the courthouse waiting for counts to be done. We
brought electronic voting in. A lot of times you know within a
half hour to an hour by the time the polls close.
But then we have the problem of, I would get calls from
Republicans that the machines were changing my vote as I voted
to all Democrats, and you get the same thing from the other
side.
What I heard from a lot of you is to not use a paper backup
but use a predominantly paper ballot system with a computerized
backup, which seems to be backwards to me from what would be
the most efficient use, which would be, utilize computerized
voting because of the efficiency. We already have a lot of long
lines and the initial counting, but have the machine produce a
paper verification that the voter then verifies that piece of
paper is what they cast on the machine, that is then filed and
used as a backup. I would like to hear, Mr. Hall, what are your
thoughts on that? Because to me that actually reduces the human
error, multiple marks made on a page for the same candidate,
hanging chads, all that, is that the voter is then verifying
that the computer did take what they said--the way they voted,
and then that would be used for your recount.
Mr. Hall. Yes, and so what I would say is, we have come a
long way since around 2000 in that the machines we use now and
that we are advocating for are what we call software
independent. And what I mean by that is that no change in the
vote total is--I am misstating the definition, but essentially
think of it as, if something were to mess with the vote totals,
you would still have an independent way of coming at the actual
result. And so now these ballot-marking devices, they don't
keep any state, to use a nerd word. Now, they don't keep the
totals themselves. They use a different machine, like an
optical scan machine, to suck the ballot in and actually do the
counting. And so you have the benefit of using technology----
Mr. Loudermilk. Right.
Mr. Hall [continuing]. For doing all of the navigation. You
have a computer counting the thing, and you still have a paper
ballot backup for the auditing.
Mr. Loudermilk. So you have an IT-based device that
actually casts the paper ballot, and a different device that
actually counts it, and you have a backup.
Mr. Hall. It depends on the model, but yes, that is
basically correct.
Mr. Loudermilk. Okay. Ms. Schneider.
Ms. Schneider. So, the way you described the paper ballot
working is actually the way that it does work with an optical
scanner. You are still getting the efficiency of the computer
when it comes to ballots, and you can still have that speed,
although we should consider whether speed is the value we want
on election night, but you still have that speed by having the
computer scanners, even if you mark a ballot by a pen or
pencil.
And I do want to point out that with ballot marking
devices, it is critically important, especially if they are
used for all voters, there are two critical important things:
One, there has to be enough. You have to know how many voters
can vote on a single device during the course of one election
day; and two, there has to be a process, a deliberate process,
especially for those who are not using the assistive features
to deliberately verify that their choices are correctly
reflected, because there could be mistakes, or there could be
malware that could impact that ballot, and so you have to--that
is a process. That is a process issue on top of a security
issue.
Mr. Loudermilk. So let me make sure. You are talking about
actually using a physical ballot that I mark.
Ms. Schneider. Right.
Mr. Loudermilk. Like the standardized tests that we used to
do in school.
Ms. Schneider. That is correct.
Mr. Loudermilk. Does that not open up for human error that
takes us back to the hanging chad days of the 2000 Presidential
election?
Ms. Schneider. We use paper ballots in my home county. I
will tell you a story. In the State House race in my county,
the margin of victory was about two dozen votes. It happened
twice, in 2006, and, again, in 2016. And about 23,000 ballots
were counted in that race. There was a full hand recount of
those races, and the ambiguous ballots that you would talk
about where you might dispute the voters' intent were not
enough to change the outcome.
Mr. Loudermilk. But if we could, Mr. Hall, you seem to be
agreeing with me in that aspect as it does open up the chance
for human error but doing it the way we were discussing would
pretty much alleviate that. Is that true?
Mr. Hall. Yes. And I think this is where we differ a little
bit on the panel in the sense that at CDT, we believe that
using the computer interface to improve navigation to reduce
errors is a really important part. You do need to have enough
of them. You have to pay for them. They are really expensive.
And, so, those kinds of balancing features come into the
ultimate decision of whether or not you should purchase those
kinds of machines, but we believe that you should use
technology when it does things really well and then ground it,
you know, have it in something like paper when there is an
important security element that you can't otherwise do. It is
like an ``air gap.''
Mr. Norden. I would just quickly like to add one thing. The
Brennan Center doesn't take a position on ballot marking
devices versus optical scan and filling out these ballots, but
I do want to make one point. Most people at this point in the
United States are voting on these paper ballots now, and the
scanner, as a computer, can be very helpful in preventing the
kind of problems that you are talking about. In fact, the new
technology makes it much less likely that somebody makes a
mistake that they can't catch. The scanner now will notify a
voter if it can't read their vote, will notify a voter if they
voted in too many contests.
So, the kind of hanging chad problem that you are talking
about because of that technology is much, much, much less
frequent. We have statistics on this, much, much less frequent
than we saw with punch card ballots.
Mr. Loudermilk. I see my time expired, but maybe if we have
a second round, Madam Chairperson, I will follow up.
The Chairperson. Sure. The gentlelady from California, Mrs.
Davis, is recognized. And as I have to attend a meeting I
cannot get out of, so I am going to ask her to take the chair.
Mrs. Davis of California [presiding]. Thank you. I was
going to thank Madam Chair, but I want to thank all of you for
being with us today. I appreciate it very much.
I want to ask you, please, Mr. Hall, if you could walk us
through the process, or maybe it is even the lack of a process,
on how the NSA lets State election officials know about
emerging threats, or vulnerabilities that they have discovered
in State election infrastructure?
And I will go on for just a second and be a little bit more
specific. Is there a formal system already in place for when
the NSA or the broader intel community is supposed to
communicate with State election officials? From what I
understand, there is something that has been created called the
Vulnerabilities Equities Policies and Process, but it doesn't
appear that it has the kind of proactive warning that private
industry or State election officials can do anything with, or
at least it doesn't seem to notify them in real time so they
can respond.
Mr. Merrill. Madam Chairperson, obviously you didn't ask
that question, but not to overstep, I think it is important----
Mrs. Davis of California. Sir, let me ask Mr. Hall first,
okay?
Mr. Merrill. Yes, ma'am. Just to let you know, we didn't
receive any notification from anybody at any time.
Mrs. Davis of California. Okay. No. That is part of how we
deal with this, yeah.
Mr. Merrill. Yes, ma'am.
Mr. Hall. Okay. So there were two things in your question.
The first is how State and local election officials are
notified of potential attacks on their systems. This is a
pretty well-orchestrated thing. I don't know the full details,
but I can give you a high level overview, and if you ask me in
Q&A format, I can follow up in more detail.
Essentially, the NSA does, and the CIA do things, and not
in the United States, to figure out who may be attacking our
systems. The FBI does a little bit of that, too, domestically.
If something were to happen where someone foreign was targeting
our systems with cyber-attacks, presumably, the FBI would be
notified, and either DHS or FBI, probably FBI, would notify the
State and local election officials.
In some cases, that went to governors or CIOs who may not
be in the path. They may not have been directly plugged into
that disclosure path. I think that is changing now with
clearances for the State officials, because often, if you don't
have a clearance, you can't accept this kind of stuff. So it is
cleaning up a little bit.
I still think that I am seeing, for example, there is a
problem--if you are a victim, when DHS notifies you, they are
not going to announce to the world what happened to you. It is
up to you as the victim to disclose that, or it is going to
come out in the press at some point. That thing--I think there
needs to be something, like a couple of years or a year after
something--someone gets notified such that that stuff becomes
public.
The Vulnerabilities Equities Process is something I can
describe. It is a little different in that it is more about
flaws that our defenders find, or offensive people find in
commercial products that they can then decide when to disclose
to the commercial entity to fix them. And I haven't seen that
touch the voting systems sphere yet. It would be interesting if
it did. I would love to know about that.
Mrs. Davis of California. Yes. Thank you. Really, I respect
your response there. What we are trying to figure out is, is
there a way to have clearances and then the issue is, what do
you do? If you think about it, say you get that information a
few days before an election, and it is very serious.
Mr. Hall. That is very tough.
Mrs. Davis of California. What do you do?
Mr. Hall. It depends on the nature of the information. For
example, if you are told that someone installed malware on one
of your machines, and it hopes to spread to your other machine,
because they know exactly what the machine is, hopefully, you
can quarantine that machine. But often, it is more likely there
has been someone in your network for six months. We have no
idea of what kind of access they had. You need to look at
everything. That can be a real, real challenge for local
elections.
Mrs. Davis of California. So part of it, perhaps, may be--
and if you all want to respond, just the vulnerabilities that
you may learn about, but that may not necessarily translate
into something that you can act on, in real time. So that is
something that--I think we all need to be thinking about that
and how we can be helpful to you as election officials.
I wonder, Secretary Benson, if you were to suspect a
foreign intelligence hack, who would you turn to? Where would
you go from there?
Ms. Benson. We have contacts, you know, with DHS and
multiple different agencies, so we would contact, you know,
whether--regardless of the potential threat, and we are in, and
I am in, frequent contact with those officials. In fact, we
have a DHS liaison at Masterson who serves on my election
security task force, so we are in frequent communication. That
is something I established early on in my tenure to ensure that
we are, in real time, learning of threats, and then, you know
through security clearance.
Mrs. Davis of California. Any ideas that you all have
discussed that you think, perhaps, we need to know about in
terms of how you can have a better relationship in this way?
Ms. Benson. I think it is a proactive one on the part of
the Federal Government, as well as the Secretaries of State,
that perhaps standards and expectations from Congress can
establish. But it is something that an individual leader will
take seriously, but I think encouraging us to develop that
relationship and then ongoing communication and a statewide
response system is important.
Mrs. Davis of California. Okay. Thank you very much. I am
sorry.
Mr. Butterfield. It looks like it is your turn.
Mr. Butterfield. Thank you very much. I know the
Chairperson is not in the room, but I want to begin by thanking
her for holding today's hearing. This topic is extremely
important. It appears to be a bipartisan issue that we are
talking about, and one that is very dear to my heart.
The Mueller report that we have heard so much about has a
revelation that I want to make a reference. The Mueller report
stated, quote, ``In August of 2016, the GRU officers,'' and, of
course, we all know that is the Russian foreign intelligence
agency, ``targeted employees of,'' and then there is a
redaction, ``a voting technology company that develops software
used by numerous U.S. counties to manage voter rolls and
installed malware on the company network.''
Further, the report goes on to describe a separate spear-
phishing operation conducted by GRU operatives that enabled
access to the network of at least one Florida county
government. And now, I am just finding out that in my
Congressional district in North Carolina, a poll book product
provided by an election vendor catastrophically failed on
Election Day in 2016. Now, that failure occurred in six
precincts in Durham, North Carolina on Election Day. And one of
those precincts was forced to close one hour and a half at
lunchtime during one of the busiest times for voters.
There has been reporting that the voting technology company
identified in the report, that is the Mueller report, who
suffered a cyber intrusion in August of 2016, is the same
vendor whose poll books catastrophically failed on Election Day
in my district. The intrusions described in the Mueller report
demonstrate just how important today's hearing is, and how
robust action is urgently needed from this Congress to ensure
the security and integrity of our election system.
We know Russia interfered in our elections in 2016 and will
likely try it again next year. And so, the question is then
presented: What is this Congress going to do about it? Let me
start with you, Mr. Norden. Was the attack in 2016, in your
opinion, a well-planned Russian attack, or was it basically
spontaneous?
Mr. Norden. Thank you for the question, Mr. Butterfield.
That is something I have thought a lot about. If you look at
the reports of what the Russians did, actually, the attacks on
election infrastructure almost look like an afterthought. They
happened months after the hacking of political campaigns, at
least reported what we know, months after the hacks on
political campaigns, and years after the first disinformation
campaign that we saw from the Russians.
I do have concerns that--this is one of the reasons why I
am concerned that the threat we face in 2020 is greater. The
Russians will now have had four years to gain whatever they
learned and given what we know that they have done in other
countries, I would be concerned that there is potentially a
much more aggressive action.
Mr. Butterfield. Let me talk about election vendors for a
moment, if I can. Can you quantify for me the number of
election vendors throughout the country? Is it a small number?
Mr. Norden. Well, that is a very difficult question to
answer, because election vendors are central to so many aspects
of the elections we run. We often think about just voting
machines, and there are three main voting machine vendors and a
couple of other smaller ones, but then there are vendors that
produce electronic poll books. There are vendors that, for some
local election offices, create their websites.
Mr. Butterfield. Is there a registry anywhere of election
vendors?
Mr. Norden. Not that I am aware of.
Mr. Butterfield. What regulatory oversight does the Federal
Government have over an election vendor? Do we have any
oversight?
Mr. Norden. So, I mean, at the moment there--one thing that
I talk about is there are more Federal regulations of ballpoint
pens than there are of our election infrastructure. There
hasn't been, as far as I am concerned, as much oversight as
there should be of election vendors. We don't necessarily know
who owns the election vendors. We don't know who works for
them.
Mr. Butterfield. Are you a proponent for more oversight?
Mr. Norden. Absolutely. Absolutely. I think we need more
information about who the vendors are, who works for them, what
kind of security processes they have in place. And I certainly
think a basic thing that we deserve is if election vendors are
aware of a cyber attack on them, that they should be required
to report that to the Federal authorities, to anybody that is
using their products, and that currently doesn't exist right
now. There is no requirement for that.
Mr. Butterfield. That was going to be my next question.
Yes. Ms. Schneider.
Ms. Schneider. Thank you. I wanted to answer your other
question regarding the number of vendors. The reason it is so
difficult to determine that number is because there are 8,000
jurisdictions who administer elections, and for many of those
jurisdictions who are very small, they outsource or contract
with vendors to perform many steps in the election
administration, and so, the real oversight need is for these
third-party vendors. They may not be voting system
manufacturers, but they may provide services and exactly the
kind of vendors that you are talking about from the Mueller
report where there is no oversight or regulation of those
vendors, and no standard that they have to adhere to in terms
of cybersecurity.
Mrs. Davis of California. Thank you. Thank you for your
response.
Ms. Fudge.
Ms. Fudge. Thank you very much and thank you all for being
here. As you may know, we have been traveling the country a bit
just getting data and information about voting irregularities,
voter suppression, et cetera. I want to start with the two
elected officials that are sitting here.
We have heard so much as we have traveled the country. I am
from Ohio, by the way, a State that thought that our machines
were so awful, we got rid of them, but South Carolina bought
them. This is true. South Carolina bought all the machines we
got rid of because they were not effective. To go back to your
point, there is no regulation.
I am trying to determine from the two of you what do I tell
people who have no confidence in our system? What do I tell
people who believe that there is no integrity, that don't
believe that their votes count? I have people who are afraid
now to vote absentee, but then they come to the polls and see
long lines, and they are afraid to do that, too. They look at
these electronic books and they can't find their name, and when
they do, their signatures just may have dotted their ``I''
differently, and they tell them they can't vote. What do I tell
people who have no confidence in the system? What the state is
of voting--what is the state of affairs of voting in the United
States today?
Ms. Benson. I think you tell them, one, that we have much--
one, I completely agree that focusing on ensuring voters have
confidence in the security and accessibility of our elections
is a critical component to making our democracy work. And I
think why it is so important that we have a partnership at the
State level with Federal Government, and why the Federal
Government can set important standards and play an important
leadership role, just as it has historically with the Voting
Rights Act. It is setting the standards and expectations that
States must meet in order to protect everyone's right to vote.
In addition to that, I think factually, and what you have
heard today, is that we are further ahead than we were five
years ago, two years ago, ten years ago in securing our
elections, but as we have moved forward, threats have emerged
as well and evolved. And so what we need more of that we
haven't had before is a stronger Federal and State partnership,
and even Federal-State-local paper partnership where we are
collaborating on a bipartisan basis to ensure that we are
leaving no stone unturned in promoting the accessibility of the
vote and the security of the vote. Those ongoing
communications, that ongoing partnership, is important, and
that is part of what we have tried to do at the State level
among our Secretaries.
Mr. Merrill. Yes, ma'am. I think it is real important to
note some of the things we have already introduced. First of
all, in our State, we made a concerted effort to ensure that
people know that their vote needs to be cast for the candidate
of their choice, but in order to do that, you have to be a
registered voter, so we made it a campaign effort to ensure
that all eligible people in our State are registered to vote.
96 percent of all eligible African Americans in the State of
Alabama are registered to vote, 91 percent of all eligible
Caucasian Alabamians are registered to vote, and 94 percent of
all eligible Alabamians are registered to vote.
Ms. Fudge. But that doesn't tell them that their vote
counts.
Mr. Merrill. No. But, when they go to all 2,499 locations
in our State and they see a line, one of the ways we try to
reduce that is by introducing electronic poll books.
Now, Madam Chairperson, I really want to revisit that
question about standardization.
Ms. Fudge. Okay, but this is my time. I am trying to get
answers to my questions.
Mr. Merrill. I just want to make sure she knows.
Ms. Fudge. Okay. Just hold one second for me.
Mr. Merrill. Yes, ma'am.
Ms. Fudge. Ms. Schneider, you talked about the cost of
trying to assist States. What do you think it would cost to
have a fair election in every State in the country because they
have machines that are not going to be easily hacked, that they
have a paper trail? What does that cost?
Ms. Schneider. Well, I think that there have been published
estimates of the cost, but in the Secure Election Act from last
session, and in the security part of the H.R. 1, the $1.2
billion that is allocated for this purpose is a good start. We
know--I can speak specifically for Pennsylvania where 83
percent of the counties in Pennsylvania had unverifiable and
vulnerable systems, and the estimate for just Pennsylvania was
close to $100 million to replace just those systems. So, I
think that the first thing is an influx of investment right
now, and then sustainable funding going forward.
Ms. Fudge. All I can say is that I am more concerned now
than when you came in about how easily our systems are
compromised, and the fact that States don't have the resources
to ensure to every one of their citizens that their vote is
going to count. Thank you so much, all of you.
Mrs. Davis of California. Thank you.
Mr. Raskin.
Mr. Raskin. Thank you, Madam Chairperson. Thanks to the
witnesses. It seems as if the cyber age has made political
democracy more vulnerable, and our elections more susceptible
to attack and manipulation. We know from the Mueller report
that there was a sweeping and systematic campaign by Russian
operatives to destabilize and change the course of the American
election.
One part of it was pumping ideological poison into the
American body politic through Facebook and Twitter and other
social media. Another part was the cyber espionage of the DNC,
the DCCC, and the Clinton campaign in order to release emails
into the election. And the third part of it was the direct
efforts to hack into State election systems.
We also know from the intelligence community today that the
same bad actors have not gone away and are planning a return
engagement with the American people in 2020. And there might be
other bad actors now who have decided to enter the sport, given
the spotty defenses and response of the American Government.
The good news, I think, is that there is a good deal of expert
consensus as to what needs to be done to better secure our
elections, and I just want to see if all of you all agree with
these points.
The first is that we should get rid of paperless voting
machines and move to voting systems with voter marked paper
ballots. Is that something that there is consensus on? Okay. It
looks--let the record show I think everybody is nodding their
heads.
Secondly, we need to update and replace out-of-date
computer software in States that are still using antiquated and
obsolescent systems. Everybody agrees with that, yes?
Ms. Benson. Yes, but we need to do so in way that carries a
sustainable funding source because updating it now means it
will be out of date in five years.
Mr. Raskin. Good. That is a strong point. We have got to be
thinking long term, not short term, in terms of all of these
remedies.
We need to adopt post-election audits in order to determine
whether there are strange things going on. Does everybody agree
with that? Yes. And then the Federal Government ought to
provide greater cybersecurity resources to help thousands of
different electoral jurisdictions across the country fortify
their cyber defenses and defend the integrity of our elections.
Does that sound right to everybody?
Okay. So how would we characterize where the States are in
terms of developing their responses in order to be ready and
secure for the 2020 elections? Is there somebody who would be
willing to state where they think that the State elections are,
the systems are? Ms. Benson.
Ms. Benson. I will start.
Mr. Raskin. Please.
Ms. Benson. I think that a partnership, a strong
partnership with State and local officials and the Federal
Government is key, and frankly, the Federal Government has both
the leadership, a standard establishing role, and an
educational role to play for many State and local officials who
come to the jobs, perhaps new to the area, and could benefit
significantly from ongoing educational awareness and training
to the point where if there is a problem identified, you are
not simply telling us the problem, you are providing us with
the tools, resources, and education to fix it.
Mr. Raskin. And in some sense, America's problems are
unique here, because we have such a decentralized system of
electoral administration. In most countries, certainly our
neighbors, Mexico and Canada and the European countries, there
are national electoral commissions. I think in Mexico, there is
even like a national electoral supreme court. But there are
national electoral commissions whose sole job, as professional
nonpartisan entities, is to administer elections fairly. And we
don't have anything like that, right? We have got the Federal
Election Commission whose sole jurisdiction is campaign finance
and is almost completely dysfunctional even with respect to
that. We don't have a national electoral administration, so we
depend on the States and the counties and the cities to do it,
right?
Mr. Merrill. Congressman, if we did not allow that to
happen the way that it is, according to the 10th Amendment, so
those decisions are best made at the local level, at the State
level. It would be a lot easier to infiltrate the system and to
prepare it to be compromised.
Mr. Raskin. You think it is easier to defend 8,000
different systems than one system?
Mr. Merrill. I think it is easier to defend an individual
State system than it is if you just knew that on one particular
day, using one set of equipment that is used in the entire
Nation----
Mr. Raskin. But can you imagine if America's military
defense was provided by the 51 different jurisdictions.
Mr. Merrill. Yes, sir, but we are not talking about the
defense.
Mr. Raskin. It is an analogy, yes.
Mr. Merrill. Well, but it is not an accurate one, in my
estimation, based on what we are trying to do. That is why I
think we need to make sure that equipment is approved,
equipment is evaluated, and equipment is documented and
recorded as to its effectiveness in election administration.
Mr. Raskin. Okay. I yield back. Thank you.
Mrs. Davis of California. Thank you both. We are going to
do another round here quickly, so I want to turn to the Ranking
Member, Mr. Davis.
Mr. Davis of Illinois. I know everybody is excited for the
second round, right?
Mr. Merrill, you were making a point earlier and were not
able to finish that point. I would like to give you some time
to do that if you want.
Mr. Merrill. Well, there are a couple of things,
Congressman. One of the things I think it is important to note,
the gentlelady from Ohio, who has since had to be excused, I
think it is important to note that according to all reports
that we received from Homeland Security, from
counterintelligence, from the Central Intelligence Agency, from
the FBI, there was never an incident or occurrence in any of
the 50 States in the Union where tabulation changes occurred
during the 2016 election. I think that is very important to
note.
It is very important to recognize that fact, that the
Russians did, indeed, infiltrate our systems, but primarily
through social media, and through influencing people in their
decision making. When it comes to the administration of the
elections, no votes were changed. No equipment was touched.
There have been no changes occur to the votes that were cast
for those candidates.
The other thing that I wanted to talk about, Congressman,
in relation to election equipment. What we could really benefit
from in Alabama, in Michigan, in all other States in the Union
is to have a centralized effort to evaluate the effectiveness
of election equipment, whether it be for voter registration
purposes, whether it be for voter administration purposes,
electronic poll books.
And as a member of the Election Assistance Commission
Standards Board, one of the things I have advocated for is that
we need to have the EAC be a central repository where they
could evaluate the effectiveness of equipment. And if they
noted failures, or failures were recorded, they could come back
and say in a report, much like Consumer Reports used to do for
all of us that are old enough to remember it where they don't
recognize, or recommend, that a specific vendor be selected,
but they say this is what we know about the successes. This is
what we know about the failures. And in doing so, it puts us in
a better position when we are trying to determine if this is a
specific group we need to do business with, or a product that
we need to purchase.
Mr. Davis of Illinois. All right. Well, I agree with your
earlier statement. Facts matter, statistics matter and help us
determine how we effectively spend taxpayer dollars to ensure
that we have the fairest, safest, most secure election systems.
Secretary Merrill, you worked with DHS going up into the
2018 elections, right?
Mr. Merrill. Yes, sir, and still do today.
Mr. Davis of Illinois. What were your thoughts initially
about DHS coming in and helping?
Mr. Merrill. I was a little bit irritated. Part of it was
because when we were told by Secretary Johnson before the
elections in 2016 that the Department of Homeland Security was
going to take over the elections process, that is a real
concern, because that is not an area that those individuals
have been trained to take over and to help us be able to
effectively administer the elections. What we need is support,
and we need assistance, and when possible, funding to assist us
in that area.
But for the Federal Government to come over and to
overreach and to take over the administration of the elections
at all levels, first, I don't think it is appropriate.
Secondly, I don't think it is constitutional.
Mr. Davis of Illinois. So that was your worry in 2016?
Mr. Merrill. Yes, sir.
Mr. Davis. But right now, what are your thoughts about
2018?
Mr. Merrill. Yes, sir. It has continued to improve, because
one of the things that we have seen is, they have wanted to
work with us, and we made our position known to Secretary
Johnson and through the Obama administration, and then to
President Trump and through Secretary Nielsen. We have found
them to be very receptive to our request. I have had, in the
last 15 months, two private meetings with Secretary Nielsen and
with other team members. We have visited with her and other
people in Homeland Security to talk about the issues that have
been so important and so relevant to us. They have been very
receptive, very responsive. They have offered assistance. They
have offered assistance at the State and local level in
Alabama. I know they have done that in other States as well.
Mr. Davis of Illinois. They haven't come in and required
you to do things?
Mr. Merrill. No, sir. They said that we are available. If
you would like to enter into an agreement with us, we would be
supportive, but not what we would consider overreach where they
come in to take over the system.
Mr. Davis of Illinois. How many of your colleagues that are
secretaries of state, or in my State of Illinois, it would be
the State Board of Elections. How many do you think would be
receptive to mandatory Federal assistance?
Mr. Merrill. Not very many. I think there is some that
would be interested in having a stronger partnership than we
have if they could get certain benefits from it. But we think,
and when I say ``we,'' I am talking about the colleagues that I
am the closest to. Much like Thomas Jefferson suggested that
that government which governs best governs least. That is the
sum of good government.
Mr. Davis of Illinois. Well, Mr. Secretary, thanks for your
response. I have no idea why my red light speeds up faster than
everyone else's, but it always happens that way, so I yield
back.
Mrs. Davis of California. Thank you. I will recognize
myself for five minutes and just follow up with this discussion
a little bit, because, you know, it is possible to think about
a time when a jurisdiction, when the State doesn't have proper
cybersecurity systems, and in that case, what are we looking
at? Should there be a role for the Federal Government to make
sure that their system is not as vulnerable to hacking as
perhaps a neighboring State?
Mr. Merrill. Yes, ma'am. And one of the things that I would
suggest that, much like the appropriation that we just received
from the EAC, if there were certain expectations about the way
that a block grant of resources could be received by the State
and be utilized by that State in certain areas to make sure
that certain purchases were being made, or certain systems were
being implemented to prevent vulnerabilities or to keep certain
vulnerabilities from being exposed, that would be very helpful
to us.
But for certain things to be introduced, as it was in H.R.
1, to say that you must have these things in place, you must do
these and have an unfunded mandate, that is not good for any
State, no matter whether you have a great deal of resources in
your statement or you are limited with your resources.
Mrs. Davis of California. So it sounds like you are talking
about some enforcement capability in some areas, but not in
others.
Anybody else want to comment on that quickly?
Ms. Benson. Yes. I would like to offer the alternative
perspective. With all due respect to my good friend, Secretary
Merrill, I am coming at this as a long-time academic and voting
rights scholar. I feel very strongly that there is a leadership
role for the Federal Government to play. It is in partnership
and in collaboration with the State and local governments, as I
have said repeatedly today, but the Federal Government cannot,
and should not, abdicate its role as it has historically to set
the standards and expectations that all States must meet.
I think it is the basic Constitutional imperative of equal
protection, and it takes into consideration that while every
State does have unique challenges, there are some standards of
expectations that, especially if we are receiving Federal
funding, I think many of us, myself included, would be
comfortable working with the Federal Government in seeking to
meet. It is a dance to determine how deep and specific those
standards should be, and I acknowledge that, but I don't think
that is a reason to not have basic data-driven, fact-based
solutions, and bars that States should strive to meet if they
are receiving Federal assistance.
Mr. Davis. Thank you. Yes, please.
Ms. Schneider. I just wanted to share with you my
experience in 2016 with the Department of Homeland Security. At
that time, they offered their services free of charge to State
and local jurisdictions who wished to receive them, and we were
able to engage with the Department of Homeland Security to run
a penetration test and assessment of our networks before the
2016 election, which we were very grateful for, and we think
that that is the kind of partnership that should occur, and I
think that they need adequate resources to offer those services
to every jurisdiction who would like them.
And to your earlier question before about whether you get
notification, there is the multi-State information sharing
association from the Center for Internet Security, that it does
go to the State CIOs, but we did receive that in Pennsylvania,
and if it was unclassified, it was filtered down, and also,
through the Pennsylvania Emergency Management Association.
Mrs. Davis of California. Okay. Thank you very much. And
that was in real time, you are suggesting. Was it a week from
the occurrence, or right away?
Ms. Schneider. No. If they were unclassified, they were
right as they occurred.
Mrs. Davis of California. Okay. Great. Thank you.
I wonder if you could, just for a moment, think about
whether you believe that there is anything that voters should
be doing to make our systems more secure? Is there an
educational piece that we have not addressed in this country?
Ms. Schneider. There is one thing that voters could do
right before or at any point in the election cycle, is to check
their registration, and make sure that their information is
correct, their address is correct, their polling place is
correct, because if there has been an attack or tampering in
the registration system, you can detect it and correct it in
advance.
Mr. Hall. And I would say check your ballot to make sure
that the thing you cast reflects your intent and volunteer to
be a poll worker. This is a vast volunteer force, and it is the
pinnacle, I think, of civic duty, you know, spending 16 hours
counting your fellow citizens' votes.
Mrs. Davis of California. Thank you. And that is
particularly in areas where there is a very diverse community,
we need to have people come forward who understand language and
culture and a whole host of other things. Thank you very much.
I appreciate all of you for being here, and I am going to turn
to Mr.----
Mr. Merrill. Madam Chairperson, if I may add to that in
response to your question. One of the things we have done is
try to encourage non-voters to become poll workers. We are
passing legislation now in Alabama, it has already passed both
chambers, to allow 16- and 17-year-olds to be able to work the
polls which can increase civic responsibility.
Mrs. Davis of California. Thank you. Appreciate that as
well.
Mr. Loudermilk, do you have an extra question?
Mr. Loudermilk. Thank you, Madam Chairperson. I want to
shift away from voting, because I would really love to continue
that conversation, and I think Mr. Hall and I could have a good
conversation on that. I think we see eye to eye on this.
I want to move over to the cybersecurity aspect of it now,
and from my background in cybersecurity, any breach at some, or
at least the majority of breaches at some level, have human
error involved in it. There is usually some aspect, and a lot
of times, it is a failure to act. It is with a patch or it is
with something--at Equifax, it was failure to actually have a
patch. And Mr. Hall is right. You cannot create a 100 percent
secure system.
When I was working in intelligence in the Air Force, we
commissioned a vendor to create a completely secure system.
They came pretty close. It was very secure, but it was so slow,
nobody could use it. So it is always--it is a balance there.
I do want to say something, and Mr. Merrill brought up a
good point. It is from my experience of working in IT, it is
always more secure to have multiple vendor systems over a
single vendor system which if that is compromised, then
everybody has--the bad guy has 100 percent access to
everything. But you have to have a set of standards that the
vendors operate by, and I think that is a role that we can play
as a recommended set of standards still leaving the 10th
Amendment, the States authority to conduct and operate their
elections. But if you are going to use certain types of
systems, they should meet these standards. I think that is
clear.
But back to the cybersecurity aspect. Is anyone on the
panel familiar with OODA loop? OODA. O-O-D-A. A little bit
surprised because that is used in cybersecurity. It is a cycle
of decision making that you use to defeat an adversary in a
fast-paced, multi-faceted environment. It is OODA. It means----
Mr. Hall. Observe something, detect, act?
Mr. Loudermilk. It is observe, orient, detect or decide and
act. It basically means you are always observant. You are
watching to see what is going on which is happening in our
cybersecurity realm right now. You orient yourself to what the
threat is or multiple threats coming in. You make a decision of
what you are going to do to counter that decision, and you act.
And these loops are going continually, and it is used today.
The NSA uses it. The CIA uses it. It was developed by an actual
Air Force Colonel, so you know, give a few kudos to the Air
Force there.
Most cyber risk and breaches come from the last aspect of
that, a failure to act. It is you orient, you observe, you
decide, and in the case of Equifax, they didn't act to put a
patch in. When we go to the 2016 election, and I will open this
up to anybody, because I am still trying to figure out why we
did what we did. I don't know if you are familiar with Michael
Daniel. Michael Daniel was the cybersecurity czar in the
previous administration.
When the administration was given evidence that the
Russians were actively trying to attack our cybersecurity, or
our election systems, when it came to the acting, he was given
the order by the National Security Advisor, Susan Rice, to
stand down and not do anything. This was testified before the
Senate in 2018 by Michael Daniel, that he received the order to
not act to counter the Russians' attempts to interfere with our
election system. Can anybody answer why, and maybe that would
have a failure to act on the part of the Obama administration?
Mr. Hall. The only thing I can think of is concern with
ongoing operations that might have revealed something, but, you
know, given that democracy hangs in the balance, I am not sure.
I don't know enough about the specifics to say one way or the
other.
Mr. Loudermilk. I think we could have evolved a lot of
stuff, resolved a lot of stuff, had there been the act which is
a standard process in cybersecurity.
And one last question for you, Mr. Merrill. War Eagle or
Roll Tide?
Mr. Merrill. My friend, look. There is only two words that
you can say. Roll Tide.
Mr. Loudermilk. All right. Thank you. I yield back.
Mrs. Davis of California. Thank you.
Mr. Raskin.
Mr. Raskin. Thank you, Madam Chairperson.
Ms. Benson, I just want to follow up with you about a point
you were making before. First, there are a number of provisions
in our Constitution which confer power on Congress and the
Federal Government to regulate elections, right?
Ms. Benson. Yes.
Mr. Raskin. For example, the Congress has to guarantee to
the people of the States a Republican form of government. Also,
there is a specific provision which allows Congress to
legislate in the electoral field, right? And under the
supremacy clause, it clearly is supreme to the States. And as
well, there are the enforcement provisions of a number of
amendments in the Bill of Rights, and that is how we have made
great progress in our country. Certainly, we would not be where
we are in terms of voting with all the problems that we have
without the Voting Rights Act of 1965, and that was passed
under Section 5 of the 14th Amendment, right?
Ms. Benson. Yes.
Mr. Raskin. Is there any serious debate about the
Congressional role in trying to make sure that everybody's
voting rights are vindicated, and everybody's votes are
counted?
Ms. Benson. I think in Section 2 of the 14th Amendment, I
think whether it is the Help America Vote Act, the National
Voter Registration Act, the Voting Rights Act of 1965, the
myriad of other Federal laws that have been enacted since the
inception of our democracy, our democracy is better because of
the congressional role in enforcing a basic standard of
expectations of protections for all of our citizens.
Mr. Raskin. And to just tease that out for a moment,
haven't the greatest threats to people's voting rights started
at the local and State level? Obviously, we have got this new
threat of global interference with people's voting rights, but
traditionally in our country, haven't the greatest threats
arisen locally?
Ms. Benson. History does show us that some of greatest
threats have emerged locally, and some of the greatest
successes and protections for voting rights have also emerged
locally when States and local governments have gone beyond what
the Federal Government has expected as a standard. I want to
make that point as well, but, yes, certainly there is a
critical role for the Federal Government to play.
Mr. Raskin. Yes. I mean, the States have certainly led in
terms of the expansion of the franchise, and we know lots of
States extended women the right to vote, for example, before
the 19th Amendment----
Ms. Benson. And language protections.
Mr. Raskin [continuing]. Was adopted. And language
protections and extending the right to vote to African
Americans. And so that is definitely the case, that we have
seen a lot of forward movement in the States that lead to
national changes. But in the dynamics of Federalism, Congress
has played an essential role in securing people's right to
vote. And I think given the new cyber threats to voting
security, Congress cannot abdicate that role, and Congress
should be really in the forefront of trying to assist the
States in making sure that we are fortifying our defenses, so
there is not an open door for the kinds of activities that we
saw in 2016.
Ms. Benson. It is a critical role for the Federal
Government to play. Also, in acknowledging and being a partner
with us, and you know, fully funding the Election Assistance
Commission and other existing agencies can go a long way in
that regard as well.
Mr. Raskin. Okay. Madam Chairperson, I yield back to you.
Thanks so much.
Mrs. Davis of California. Thank you very much.
I might just follow up. Fully funding it and providing some
authority so that they can do something about it, correct? I
think everybody would agree with that.
Ms. Benson. And I also want to emphasize as you have seen
today, the importance of talking to more State and local
officials, because I think you will see multiple different
perspectives and opinions, and through that, I think you can
develop some Federal expectations and standards.
Mrs. Davis of California. Thank you very much. I want to
thank all of you for your valuable testimony here, for
appearing, and for being very helpful. I also want to let you
know that members have five legislative days to revise and
extend their remarks, and written statements may be made part
of the record. If they have questions, we ask you to please
respond in writing as soon as possible. I think there is a
deadline on that but respond quickly so they can be made part
of the record. Thank you very much. If there are no objections,
this hearing is adjourned.
[Whereupon, at 4:00 p.m., the Committee was adjourned.]
[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]