What Russians? GOP seeks to terminate Election Assistance Commission

February 10, 2017:  The House Administration Committee votes 6-3 (along party lines) to terminate the Election Assistance Commission, saying the body has “outlived its usefulness.”  [NCSL]

“The bill would also terminate the Technical Guidelines Development Committee (TGDC), which is the entity responsible for developing “voluntary voting systems guidelines.” According to Harper, the technical guidelines developed by the TDGC and adopted by the EAC are hardly ever used. Representative Zoe Lofgren (D-Calif.) reminded the committee that the creation of the EAC and the TGDC was a bipartisan effort because of  shared concern after the 2000 election that our election systems and administration of elections needed to be reformed.”  [NCSL]

What the EAC does is to establish guidelines for electronic voting systems.  And, THIS is the commission the Republicans want to fold into the Federal Election Commission.  There is one more element of immediate importance:

“NCSL’s webpage, Voting System Standards, Testing and Certification, describes the standards set by each state. Some states adopt federal standards, some develop their own standards and others use a hybrid of both. NCSL research indicates 37 states use some aspect of federal guidelines in their own certification requirements, and another four refer to federal standards in some way.”

It seems very difficult to argue that the Commission has outlived its usefulness because no one is using its services when 37 states have used the guidelines in some form.

Given that the current occupant of the Oval Office appears to be the last man on planet Earth to agree that the Russians interfered in our election processes and institutions in 2016,  it seems altogether more nefarious that his political party is the one calling for the termination of the commission which sets standards for election integrity.   It’s all the more incomprehensible the GOP would advocate for the termination in light of the continual Republican refrain that the Russian interference didn’t change any election results.

The Republican members of the House Admin. Committee are Gregg Harper (R-MS), Rodney Davis (R-IL), Barbara Comstock (R-VA), Mark Walker (R-NC), Adrian Smith (R-NE), and Barry Loudermilk (R-GA).  The Democrats who voted against the termination of the Election Assistance Commission are Robert Brady (D-PA), Zoe Lofgren (D-CA), and Jamie Raskin (D-MD).

It might well be high time to contact our Representatives to indicate opposition to the Election Assistance Commission Termination Act (HR 834).   The one who might require more incentive to vote against this ill-considered bill is Nevada Representative Mark Amodei (R-NV2):  775-686-5760; 775-777-7705 (Elko), and 202-225-6155.

 

Watching the Bear Raid the Pantry: Trump Administration Invitation by Inaction

One of the most profoundly disturbing moments during testimony given by Attorney General Jeff Sessions to the House Judiciary Committee was his response to Rep. Brad Schneider:

“When the attorney general appeared before the House Judiciary Committee on Tuesday, Rep. Brad Schneider (D-Ill.) asked him about the department’s efforts to protect U.S. elections from foreign interference in the future. Sessions told the Senate Judiciary Committee last month that election security policies needed to be reviewed, but didn’t have any updates to offer on Tuesday.

“I have not followed through to see where we are on that and I will personally take action to do so,” Sessions said. “There are a lot of things that have been happening, and we’ve been working on a lot of great agenda items, but this one is important, and I acknowledge that, and I should be able to give you better information today than I am.”  [HuffPo]

Let’s review.  The Russians sought to break into at least 21 state election systems, and may have attempted to hack into as many as 39.  The Russians launched a social media influence campaign replete with bots, and posts, and promotions.   The Russians attacked the computer systems of the Democratic Party.  The Republican response to these three elements has been, and continues to be, completely unsatisfactory.

The White House reply has ranged from “it didn’t happen because Putin said it didn’t,” to a bizarre conspiracy theory in which it’s the Democrats who conspired with the Russians (to lose the election?), to “it may have happened but who can tell who did it.”   At the risk of redundancy, it’s not like there haven’t been security assessments published since last January refuting this nonsense.  However, too often we lose track of an essential piece of this state of denial:  The administration appears to believe that this  activity wasn’t serious because no one can prove that election results were changed in any way.  The is a goal post with serious policy ramifications.

This is almost tantamount to arguing that since the bear didn’t eat so much food during his raid on the pantry as to cause family members to starve,  then the raid wasn’t actually serious.

It offers an excuse for Attorney General Sessions’ inactivity.  After all if nothing serious happened, then why should the Department of Justice assign assets toward investigating the problem?   The second paragraph quoted above is perhaps the most disturbing.  If we take the Attorney General at his word that the Russian interference is “serious” then why has he nothing to report to the House Judiciary Committee?

Because other items were more important? “We’ve been working on a lot of great agenda items.”   And what might these be?  A Muslim immigration ban?  A ban on recruiting transgender individuals in the US military?  I wish the Representative, or other Representatives, had ask what “other great agenda items?” And, why are these are more important than attempts to interfere in US elections?

Back to the bear in the pantry — The bear’s pantry raid wasn’t all that important because we’ve been busy replacing the carpeting in the living room.   There was an addendum to Attorney General Sessions’ comments:

“He added that states needed to review their election vulnerabilities, and that the FBI and intelligence community could play a key role in stopping hacking. He said he did not dispute the conclusion of the intelligence community that Russia interfered in the 2016 election. There’s no evidence that any votes were changed by hackers.

Federal and state officials have faced significant obstacles in trying to coordinate their response to election hacking. The Department of Homeland Security waited until this September to notify 21 states that Russian hackers had targeted them last year. Election officials in two of those states ― California and Wisconsin ― then turned around and accused the department of giving them bad information.”

There he goes again — the actual election returns weren’t rendered bogus, then there’s nothing to see here.  Or, no one starved so the pantry raid wasn’t important — but wait, the FBI and intelligence community COULD  “play a key role in stopping hacking.”   Could?

The FBI and intelligence community COULD assist states — but they didn’t notify 21 states until THIS September, and then two of the states got inaccurate information.  Nothing says “this isn’t a priority” quite like delaying important warnings for months and then not checking to see if the warning contents were accurate.

After the bear ate his fill from the family pantry …”we’d like to inform you that you had a bear in your pantry last Summer, but it could have been raccoons, and although the door frame was damaged, they could have gotten in through that back door, or maybe it was the window.”

As of this November:

“Most states’ elections officials still don’t have the security clearances necessary to have a thorough discussion with federal officials about what’s known about Russian, or others’, efforts to hack into their systems.

Seven states still use all-electronic voting systems whose results cannot be verified because there is no paper trail.

And hundreds of US counties rely on outside contractors to maintain their registration records and update the software on voting machines. Some of those contractors are small operations with few employees and minimal computer security skills.”

In other words — the back door frame still hasn’t been repaired, there’s still a batch of open cartons of food in the pantry, and back fence can be easily scaled by all but the most geriatric ursine intruder.

The bear will be back.  And if he had fun in the pantry, imagine how much fulfilling fun he’ll have in the kitchen?

The Happy Hackers Bill approved by House Republicans

One of the major ironies of the past few days is that the administration’s fraudulent anti-voting fraud commission is asking for bundles of private voter information from the 50 states, all the while dismissing Russian interference in the 2016 election as a hoax, AND submitting a budget which we’ve known for some time would eliminate the ONE federal agency tasked with assisting state and local governments with election security.

“House Republicans are taking aim at a small federal agency that helps provide election oversight and guidance, saying its functions are no longer necessary.

A spending bill from the House Appropriations Committee unveiled Thursday would give the Election Assistance Commission 60 days to terminate itself. The small agency was created after the tightly contested 2000 presidential election. It has an annual budget of about $10 million and had just 31 employees on its rolls as of March. The agency writes election management guidelines and develops specifications for testing and certifying voting systems, among other tasks.” [GovExec]

The bill, introduced by Rep. Gregg Harper (R-MS), would hand the powers and duties of the Election Assistance Commission to the Federal Election Commission, and the little agency responsible for “developing specifications for testing and certifying voting systems” would fold up and go away under the terms of HR 634.

The tribulations and gridlock in the Federal Election Commission are well known and documented: Investigations stalled, dark money flowing freely, enforcement delayed and denied. In short a scene of “dysfunction and deadlock.”  [NYT]  Failures to investigate, and 3-3 vote ties stifling further investigations. [NBC] Thus, the Harper bill would deliver election security responsibilities to a commission already in the throes of partisan gridlock and as they say so politely, “dysfunction.”

Republicans on the Administration Committee [Harper (R-MS), Davis (R-IL), Comstock (R-VA), Smith (R-NE),  Walker (R-NC), and Loudermilk (R-GA)] voted to send the bill forward;  Democratic Representatives Brady (D-PA), Lofgren (D-CA) and Raskin (D-MD) voted “no.”  So, what do these lawmakers want to hand over the the stalemated FEC?  The part which should interest us the most at the moment is this segment from the EAC:

“EAC Certification Program is to provide clear procedures to Manufacturers for the testing and certification of voting systems to specified Federal standards consistent with the requirements of HAVA Section 231(a)(1).

Under this program, the testing and review process requires the completion of an application, employment of an EAC-accredited laboratory for system testing, and technical analysis of the laboratory test report by the EAC. The result of this process is an Initial Decision on Certification.”

It doesn’t take much effort to interpret this task as the foundation of standards for the certifying and testing of election systems.   Republicans may argue that this could be done under the auspices of the Department of Homeland Security, but this seems hollow since the bill doesn’t transfer the duties to DHS, it just wipes the EAC off the map.  The EAC already maintains a list of certified election systems,  and those which have been terminated.   The Republicans appear quite pleased to take the constable off the beat, and hope that someone, somewhere, will prevent the development and certification of voting systems from becoming the Wild West of slackers, partisan backers, and hackers.

If eliminating the EAC isn’t the answer, what might be?   The Brennan Center issued a report on “Security Election Systems from Foreign Interference,”  in a forward by former CIA Director James Woolsey,” he observes:

“In the last few months, we have learned extraordinary details about a Russian assault on our election infrastructure. While there is no evidence that this assault altered the vote count, that fact should be cold comfort as we look to protect ourselves against future attacks.”

One doesn’t have to be an expert on cybersecurity or election technology to understand how dangerous this is. Based on my experience, as a former Director of Central Intelligence, and in service to this country under both Democratic and Republican Presidents, I am confident the Russians will be back, and that they will take what they have learned last year to attempt to inflict even more damage in future elections. In particular, their history of interfering in other nations’ politics, their antipathy to the United States and Western democracies generally, and their proven ability to multiply the impact of their actions through cyberattacks should put us on the highest alert, and spur us to take all necessary actions to protect ourselves from further attack.”

In summary form, Ambassador Woolsey is convinced the Russians will be back, they will apply “lessons learned” evaluations, and they will attempt to cause even more damage in the future.  If the former CIA Director is correct, and there’s no logical reason to believe otherwise, this is hardly the time to terminate any programs to help state and local election officials secure their systems.  In fact, it’s time to do more, as outlined by the Report:

“What more must be done? The key security measures detailed in this report are the right place to start: replace paperless electronic machines, upgrade the hardware and software that supports voter registration, and conduct post-election audits to confirm the results.

These are common-sense solutions that will increase security and public confidence in the integrity of our system. Importantly, they will do so without interfering with the right of any eligible citizen to participate in the choice of who will govern the nation.”

Some of these recommendations are squarely in the EAC wheelhouse, others will require additional support for local and state election officials.

The good news is that the decentralization of American voting systems makes a concerted attack extremely difficult, there are 8,000 voting jurisdictions, and about 100,000 polling places.  However, this doesn’t mean that we should be taking much comfort from our fragmented system, because the bad news is that some jurisdictions are using antiquated equipment with operating systems no longer supported by vendors (and thus are easier to attack.)  States and localities have made progress toward greater technical voting system security since 2004, but now is no time to rest upon laurels and declare “we’re Safe!” merely because vote totals are difficult to alter.

There’s also the matter of voter registration data security.  Again, the Brennan Center recommends:

“State and local governments must fully identify potential avenues for attacking voter registration systems, mapping out all of the entities that interact with that system, and implementing mitigation strategies where weaknesses are identified. The consensus among experts interviewed by the Brennan Center is that this should be done on a regular basis, but that many states are unlikely to have completed this kind of comprehensive risk assessment in the last few years, despite the fact that both registration systems and cyber threats have evolved enormously over that time.”

Putting a more blunt perspective on it:  The risk assessment tools used to evaluate the security of voter registration data which were judged “state of the art” just a couple of years ago may now be as outdated as that Motorola StarTAC clam shell mobile phone  sitting in the bottom of someone’s junk drawer.   Add to this the notion that the Administration’s fraudulent Fraud Commission wants to centralize voter registration data from 50 states all in one convenient place — thus making it a handier target for our adversaries — and we lose the advantages of decentralization while making life easier for those wishing to practice their “foreign interference.”

There is a bill in the Congress well worth supporting, introduced by Derek Kilmer (D-WA), HR 1344, under its terms the Department of Homeland Security would assist local and state government officials as follows:

“The Department of Homeland Security (DHS) may award states with planning and biennial implementation grants under the program to:

adopt cybersecurity best practices;
mitigate talent gaps in government workforces;
protect public safety answering points, emergency communications, and continuity of communications during catastrophic disruption;
mitigate threats to critical infrastructure or key resources;
coordinate with neighboring states or countries, National Guard units, or information sharing and analysis organizations; and
establish scholarships or apprenticeships to provide financial assistance to state residents pursuing cybersecurity education who commit to working for state government.
The bill sets forth requirements for distribution of awarded amounts to local and tribal governments within states and for consultation with local and regional officials.

The Committee for Cyber Resiliency Grants is established to: (1) promulgate guidance for states to develop applications for such cyber resiliency grants; (2) provide DHS and states with recommendations regarding the approval of state plans or applications; and (3) evaluate, and report to Congress regarding, the progress of states in implementing plans.”

We’d be well advised to contact our Representatives and recommend they oppose HR 634 (perhaps on the theory that the fact we have a Navy doesn’t obviate the need to also have a Coast Guard) and to support HR 1344.

This is hardly the time to make the hackers any happier.

Local Contact Information: 

Representative Mark Amodei (R-NV2) Phone: (775) 686-5760

Representative Dina Titus (D-NV1) Phone: (702) 220-9823

Representative Ruben Kihuen (D-NV4)  (702) 963-9360

Representative Jacky Rosen (D-NV3)  (702) 963-9500