One of the major ironies of the past few days is that the administration’s fraudulent anti-voting fraud commission is asking for bundles of private voter information from the 50 states, all the while dismissing Russian interference in the 2016 election as a hoax, AND submitting a budget which we’ve known for some time would eliminate the ONE federal agency tasked with assisting state and local governments with election security.
“House Republicans are taking aim at a small federal agency that helps provide election oversight and guidance, saying its functions are no longer necessary.
A spending bill from the House Appropriations Committee unveiled Thursday would give the Election Assistance Commission 60 days to terminate itself. The small agency was created after the tightly contested 2000 presidential election. It has an annual budget of about $10 million and had just 31 employees on its rolls as of March. The agency writes election management guidelines and develops specifications for testing and certifying voting systems, among other tasks.” [GovExec]
The bill, introduced by Rep. Gregg Harper (R-MS), would hand the powers and duties of the Election Assistance Commission to the Federal Election Commission, and the little agency responsible for “developing specifications for testing and certifying voting systems” would fold up and go away under the terms of HR 634.
The tribulations and gridlock in the Federal Election Commission are well known and documented: Investigations stalled, dark money flowing freely, enforcement delayed and denied. In short a scene of “dysfunction and deadlock.” [NYT] Failures to investigate, and 3-3 vote ties stifling further investigations. [NBC] Thus, the Harper bill would deliver election security responsibilities to a commission already in the throes of partisan gridlock and as they say so politely, “dysfunction.”
Republicans on the Administration Committee [Harper (R-MS), Davis (R-IL), Comstock (R-VA), Smith (R-NE), Walker (R-NC), and Loudermilk (R-GA)] voted to send the bill forward; Democratic Representatives Brady (D-PA), Lofgren (D-CA) and Raskin (D-MD) voted “no.” So, what do these lawmakers want to hand over the the stalemated FEC? The part which should interest us the most at the moment is this segment from the EAC:
“EAC Certification Program is to provide clear procedures to Manufacturers for the testing and certification of voting systems to specified Federal standards consistent with the requirements of HAVA Section 231(a)(1).
Under this program, the testing and review process requires the completion of an application, employment of an EAC-accredited laboratory for system testing, and technical analysis of the laboratory test report by the EAC. The result of this process is an Initial Decision on Certification.”
It doesn’t take much effort to interpret this task as the foundation of standards for the certifying and testing of election systems. Republicans may argue that this could be done under the auspices of the Department of Homeland Security, but this seems hollow since the bill doesn’t transfer the duties to DHS, it just wipes the EAC off the map. The EAC already maintains a list of certified election systems, and those which have been terminated. The Republicans appear quite pleased to take the constable off the beat, and hope that someone, somewhere, will prevent the development and certification of voting systems from becoming the Wild West of slackers, partisan backers, and hackers.
If eliminating the EAC isn’t the answer, what might be? The Brennan Center issued a report on “Security Election Systems from Foreign Interference,” in a forward by former CIA Director James Woolsey,” he observes:
“In the last few months, we have learned extraordinary details about a Russian assault on our election infrastructure. While there is no evidence that this assault altered the vote count, that fact should be cold comfort as we look to protect ourselves against future attacks.”
One doesn’t have to be an expert on cybersecurity or election technology to understand how dangerous this is. Based on my experience, as a former Director of Central Intelligence, and in service to this country under both Democratic and Republican Presidents, I am confident the Russians will be back, and that they will take what they have learned last year to attempt to inflict even more damage in future elections. In particular, their history of interfering in other nations’ politics, their antipathy to the United States and Western democracies generally, and their proven ability to multiply the impact of their actions through cyberattacks should put us on the highest alert, and spur us to take all necessary actions to protect ourselves from further attack.”
In summary form, Ambassador Woolsey is convinced the Russians will be back, they will apply “lessons learned” evaluations, and they will attempt to cause even more damage in the future. If the former CIA Director is correct, and there’s no logical reason to believe otherwise, this is hardly the time to terminate any programs to help state and local election officials secure their systems. In fact, it’s time to do more, as outlined by the Report:
“What more must be done? The key security measures detailed in this report are the right place to start: replace paperless electronic machines, upgrade the hardware and software that supports voter registration, and conduct post-election audits to confirm the results.
These are common-sense solutions that will increase security and public confidence in the integrity of our system. Importantly, they will do so without interfering with the right of any eligible citizen to participate in the choice of who will govern the nation.”
Some of these recommendations are squarely in the EAC wheelhouse, others will require additional support for local and state election officials.
The good news is that the decentralization of American voting systems makes a concerted attack extremely difficult, there are 8,000 voting jurisdictions, and about 100,000 polling places. However, this doesn’t mean that we should be taking much comfort from our fragmented system, because the bad news is that some jurisdictions are using antiquated equipment with operating systems no longer supported by vendors (and thus are easier to attack.) States and localities have made progress toward greater technical voting system security since 2004, but now is no time to rest upon laurels and declare “we’re Safe!” merely because vote totals are difficult to alter.
There’s also the matter of voter registration data security. Again, the Brennan Center recommends:
“State and local governments must fully identify potential avenues for attacking voter registration systems, mapping out all of the entities that interact with that system, and implementing mitigation strategies where weaknesses are identified. The consensus among experts interviewed by the Brennan Center is that this should be done on a regular basis, but that many states are unlikely to have completed this kind of comprehensive risk assessment in the last few years, despite the fact that both registration systems and cyber threats have evolved enormously over that time.”
Putting a more blunt perspective on it: The risk assessment tools used to evaluate the security of voter registration data which were judged “state of the art” just a couple of years ago may now be as outdated as that Motorola StarTAC clam shell mobile phone sitting in the bottom of someone’s junk drawer. Add to this the notion that the Administration’s fraudulent Fraud Commission wants to centralize voter registration data from 50 states all in one convenient place — thus making it a handier target for our adversaries — and we lose the advantages of decentralization while making life easier for those wishing to practice their “foreign interference.”
There is a bill in the Congress well worth supporting, introduced by Derek Kilmer (D-WA), HR 1344, under its terms the Department of Homeland Security would assist local and state government officials as follows:
“The Department of Homeland Security (DHS) may award states with planning and biennial implementation grants under the program to:
adopt cybersecurity best practices;
mitigate talent gaps in government workforces;
protect public safety answering points, emergency communications, and continuity of communications during catastrophic disruption;
mitigate threats to critical infrastructure or key resources;
coordinate with neighboring states or countries, National Guard units, or information sharing and analysis organizations; and
establish scholarships or apprenticeships to provide financial assistance to state residents pursuing cybersecurity education who commit to working for state government.
The bill sets forth requirements for distribution of awarded amounts to local and tribal governments within states and for consultation with local and regional officials.
The Committee for Cyber Resiliency Grants is established to: (1) promulgate guidance for states to develop applications for such cyber resiliency grants; (2) provide DHS and states with recommendations regarding the approval of state plans or applications; and (3) evaluate, and report to Congress regarding, the progress of states in implementing plans.”
We’d be well advised to contact our Representatives and recommend they oppose HR 634 (perhaps on the theory that the fact we have a Navy doesn’t obviate the need to also have a Coast Guard) and to support HR 1344.
This is hardly the time to make the hackers any happier.
Local Contact Information:
Representative Mark Amodei (R-NV2) Phone: (775) 686-5760
Representative Dina Titus (D-NV1) Phone: (702) 220-9823
Representative Ruben Kihuen (D-NV4) (702) 963-9360
Representative Jacky Rosen (D-NV3) (702) 963-9500