Donald Trump is such an erratic, narcissistic, and imprudent commander in chief that he will often, in a matter of hours, come up with a horrible idea, abandon it, and then blow the whole debate up without ever applying a measure of common sense.
Witness the president’s sudden show of interest in developing “an impenetrable Cyber Security unit” to guard against “election hacking.” After meeting for more than two hours with Russian President Vladimir Putin—during which Trump may or may not have accepted Putin’s assurance that Russia did not interfere on the Republican’s behalf in the 2016 election—Trump was foraging around for some evidence that he had accomplished anything. The president tweeted: “Putin & I discussed forming an impenetrable Cyber Security unit so that election hacking, & many other negative things, will be guarded.”
The reaction was not good. Republicans were dumbfounded. South Carolina Senator Lindsey Graham said, “It’s not the dumbest idea I’ve ever heard, but it’s pretty close.” Florida Senator Marco Rubio argued that “Partnering with Putin on a ‘Cyber Security Unit’ is akin to partnering with Assad on a ‘Chemical Weapons Unit.’” Nebraska Senator Ben Sasse called the whole idea “inexplicably bizarre.” Congressman Brendan Boyle, D-Pennsylvania, did more than just complain. He announced that he would introduce legislation to “prohibit the United States from participating in any type joint working group with Russia on cybersecurity efforts.”
The whole affair degenerated into such a mess that Trump engaged in a rare attempt at backtracking. On Sunday, he tweeted: “The fact that President Putin and I discussed a Cyber Security unit doesn’t mean I think it can happen.”
Correct. That can’t happen.
But a response to cyber threats—both external and internal—is necessary. So, too, is a response to broader threats to the integrity of elections across the United States. Those threats go far beyond concerns that have arisen following allegations of Russian hacking. Trump’s tweets are, at best, distractions from all of these issues.
But Congressmen Mark Pocan of Wisconsin, Keith Ellison of Minnesota, and Hank Johnson of Georgia are not distracted. They have introduced a groundbreaking piece of legislation—the Securing America’s Future Elections (SAFE) Act—that proposes to safeguard US elections from cyber threats by permanently classifying the integrity and security of elections as a component of critical infrastructure of the country. Arguing that that the United States needs “a comprehensive approach to secure our election process from start to finish,” Congressman Pocan says, “By making our elections a top national security priority, we can ensure cybersecurity standards for voting systems are upgraded and require paper ballots with all electronic voting machines. One thing Democrats and Republicans should agree on is that we should be doing everything in our power to guarantee the sovereignty of our county and the integrity of our elections. This bill will do just that.”
The change Pocan and his allies propose (with support from key congressional reformers such as Maryland Congressman Jamie Raskin) would place election systems in the same category as other critical infrastructure, including the power grid, the banking system, and essential utilities. At the same time, the SAFE Act protects against cyber threats by requiring the use of better voting machines that provide paper ballots. And it requires random audits of ballots to thwart wrongdoing and to assure against malfunctions. This is not the final answer to concerns about election integrity and the many challenges facing American democracy. But it is a practical and consequential beginning.
The SAFE Act legislation is a response to reports regarding Russia’s aggressive cyber tactics during the 2016 election, one of many concerns related to the ongoing FBI investigation into whether members of President Trump’s campaign colluded with Russians to influence that election. But this legislation is about more than that. It is, as well, a response to a wrongheaded vote by the Republicans on the House Administration Committee to shut down the Election Administration Committee (EAC), a federal agency created to help states update election systems and security. The SAFE Act reauthorizes the EAC for a period of 10 years and requires a random audit of precincts/wards in each state to ensure there are no discrepancies between paper ballots and electronic ballots.
“Few things are as critical as the integrity of our elections, which is why we must protect one of our most sacred institutions from foreign powers and domestic hackers who seek to undermine and influence our democratic process,” says Congressman Ellison, a co-chair of the Congressional Progressive Caucus, which Pocan serves as the first vice chair. “The SAFE Act makes our elections a top national security priority, creates cybersecurity standards to protect our voting systems, and ensures accountability to voters. The American people must have full confidence that their votes are protected and counted.”
To create that confidence the SAFE Act would:
1. Permanently classify the security and integrity of our elections as essential to the United States’ national security interests and allow the Department of Homeland Security (DHS) to designate election infrastructure as critical infrastructure. This includes storage facilities, polling places, vote tabulation locations, voter databases, voting machines, and other systems that manage the election process. This important classification would place elections systems in the same category as other critical infrastructure including the power grid, the banking system, and other utilities.
2. Authorize the necessary funding for upgrading cybersecurity standards of voting systems, including the software used to operate such systems, and to ensure the security of the manufacturing processes for such components through collaboration with the National Institute for Standards in Technology (NIST) and the Department of Homeland Security. The bill will also ensure cybersecurity for all voter registration databases.
3. Require NIST and DHS to create basic cybersecurity standards for private companies contracted to work on elections systems in the US.
4. Require all electronic voting machines to have a corresponding paper ballot. The EAC would be required to randomly audit 5 percent of wards/precincts in each state to ensure that there are no discrepancies between paper ballots and electronic ballots.
5. Reauthorize the EAC (Election Assistance Commission) for a period of 10 years. The EAC is the most well-equipped agency to deal with election technology issues, such as software patches, for voting machines from private vendors. Eliminating this crucial agency would create an easily exploitable opportunity to hackers.
6. Require the DHS to conduct a review of elections systems yearly beginning in 2018.
“As a fundamental tenet of our democracy, our voting systems are a matter of national security and we must make sure they are not compromised or disrupted by outside parties,” said Congressman Johnson, who noted recent reports of an alleged data breach at Georgia’s Center For Elections Systems—involving as many as 7.5 million voter records. “Expressing Congress’ support to designate our voting systems as critical infrastructure will encourage the Department of Homeland Security and the states to better coordinate, engage, and share resources that will improve the security of our electoral process. The SAFE Act will help ensure the security of our voting systems and preserve public faith in the integrity of our electoral process.”