Special counsel Robert Mueller’s indictments last week of 13 Russian nationals and three Russian entities for meddling in the 2016 US election campaign is big news. But it is even bigger news that Dan Coats, the Trump administration’s director of national intelligence, says, “There should be no doubt that Russia perceives that its past efforts have been successful and views the 2018 midterm US elections as a potential target for Russian influence operations.”
“Frankly,” Coats told the Senate Intelligence Committee several days before Mueller’s indictments were announced, “the United States is under attack.”
No one knows how far those efforts will go—whether they will continue to target voters via social media or whether meddling might focus on the actual machinery of elections. But, according to a highly classified intelligence report obtained last year by The Intercept, “Russian military intelligence executed a cyberattack on at least one US voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before [the 2016 presidential election].”
It’s not just the Russians. Concerns about the vulnerability of US voting systems to hacking have been reported for years, and now the Los Angeles Times observes that, “As hackers abroad plot increasingly brazen and sophisticated assaults, the United States’ creaky polling stations and outdated voter registration technology are not up to the task of fighting them off, according to elections officials and independent experts.”
With a mix of urgency about the threats and skepticism about whether Washington or officials in the states are prepared to respond, David Salvo, a resident fellow at the Alliance for Securing Democracy, asks: “Are we going to be prepared to prevent something more egregious from happening?”
Congressman Mark Pocan, the Wisconsin Democrat who co-chairs the Congressional Progressive Caucus, has an appropriate answer. “It is abundantly clear that we need to get ahead of anyone wanting to interfere with our elections,” Pocan explained in an interview following last week’s indictments and warnings. “We need better protections for our elections, including paper ballots for our voting machines.”
Pocan and several of his colleagues are doing more than just talking about what “needs” to be done. They have prepared a legislative response that would work—if congressional leaders would allow it to be debated and enacted.
While federal officials who should be all over the issue struggle to even begin the right conversations about election-integrity issues, Pocan and Congressmen Keith Ellison (D-MN) and Hank Johnson (D-GA) have been working for the better part of a year to generate support for groundbreaking legislation that gets to the heart of the matter. Their Securing America’s Future Elections (SAFE) Act would safeguard US elections from cyber threats and interference by permanently classifying the integrity and security of elections as a component of the country’s critical infrastructure.
Arguing that the United States needs “a comprehensive approach to secure our election process from start to finish,” Pocan said when the SAFE Act was introduced last year that: “By making our elections a top national security priority, we can ensure cybersecurity standards for voting systems are upgraded and require paper ballots with all electronic voting machines. One thing Democrats and Republicans should agree on is that we should be doing everything in our power to guarantee the sovereignty of our county and the integrity of our elections. This bill will do just that.”
The changes that Pocan and his colleagues propose would place elections systems in the same category as other critical infrastructure such as the power grid, the banking system, and essential utilities. At the same time, the SAFE Act protects against cyber threats by requiring the use of better voting machines that provide paper ballots. And it requires random audits of ballots to thwart wrongdoing and to assure against malfunctions.
This is not the final answer to concerns about election integrity and the many challenges facing American democracy. However, it is a practical point of beginning—as tech-savvy cosponsors such as Ro Khanna of California and Jamie Raskin of Maryland have recognized.
With the Mueller indictments and the testimony from Coats, it is time for House Democrat leaders and responsible Republicans to take a more serious look at the SAFE Act.
This legislation is about more than Russian intrigues. It is, as well, a response to a wrongheaded attempt last year by House Republicans Committee to shut down the Election Assistance Committee (EAC), the federal agency created to help states update election systems and security. The SAFE Act reauthorizes the EAC for a period of 10 years and requires a random audit of precincts/wards in each state to ensure there are no discrepancies between paper ballots and electronic ballots.
“Few things are as critical as the integrity of our elections, which is why we must protect one of our most sacred institutions from foreign powers and domestic hackers who seek to undermine and influence our democratic process,” says Ellison. “The SAFE Act makes our elections a top national security priority, creates cybersecurity standards to protect our voting systems, and ensures accountability to voters. The American people must have full confidence that their votes are protected and counted.”
To create that confidence the SAFE Act would:
1. Permanently classify the security and integrity of our elections as essential to the United States’s national security interests and allow the Department of Homeland Security (DHS) to designate election infrastructure as critical infrastructure. This includes storage facilities, polling places, vote tabulation locations, voter databases, voting machines, and other systems that manage the election process. This important classification would place elections systems in the same category as other critical infrastructure including the power grid, the banking system, and other utilities.
2. Authorize the necessary funding for upgrading cybersecurity standards of voting systems, including the software used to operate such systems, and to ensure the security of the manufacturing processes for such components through collaboration with the National Institute for Standards in Technology (NIST) and the Department of Homeland Security. The bill will also ensure cybersecurity for all voter registration databases.
3. Require NIST and DHS to create basic cyber-security standards for private companies contracted to work on elections systems in the United States.
4. Require all electronic voting machines to have a corresponding paper ballot. The EAC would be required to randomly audit 5 percent of wards/precincts in each state to ensure that there are no discrepancies between paper ballots and electronic ballots.
5. Reauthorize the EAC (Election Assistance Commission) for a period of 10 years. The EAC is the agency best equipped to deal with election-technology issues, such as software patches, for voting machines from private vendors. Eliminating this crucial agency would create an easily exploitable opportunity to hackers.
6. Require the DHS to conduct a review of elections systems yearly, beginning in 2018.
It’s 2018. It’s time to act because, as Pocan says, “Not acting now will only lead to repeated interference.”