Senators Wants to Protect Elections From Hacking. Will Congress Act?

With the 2018 general election just 10 months away, they don’t have much time.

December 22, 2017

Cross-posted from Slate

TIME has declared that the recently passed tax bill proves bipartisanship in Congress is dead. It’s hard to argue with that assessment. And yet, there is one critical issue where members of both parties seem to be building momentum toward an actual bipartisan solution: protecting American elections from hacking.

In the same week that Congress passed its tax legislation without a single Democratic vote, Sens. James Lankford, R-Okla.; Amy Klobuchar, D-Minn.; Lindsay Graham, R-S.C.; Kamala Harris, D-Calif.; Susan Collins, R-Maine; and Martin Heinrich, D-N.M., introduced the Secure Elections Act, which would authorize federal money for several measures that cybersecurity experts have been pushing for years. This follows a series of bipartisan statements and proposals promoting the need to bolster the security of our election systems.

The big question now is whether Congress can manage to pass something in time to meaningfully safeguard our elections. With the 2018 general election just 10 months away, they don’t have much time.

Cyberattacks against election systems around the world have become increasingly common. We don’t even have to delve into the (unfortunately) still controversial topic of Russian meddling in the 2016 election to understand this. In 2014 alone, hacks targeted election systems in Ukraine, the PhilippinesBulgaria, and the Czech Republic. While Russia has also been implicated in the Ukraine cyberattacks, it is clearly not the only adversary we need to worry about. The U.S. government has blamed North Korea’s spy agency for the ransomware attack that locked up the computers of government agencies and businesses in 150 countries in May, while al -Qaeda and ISIS have shown their willingness to hack foreign government websites. It would be naïve in the extreme to believe these enemies of the United States might not be interested in wreaking havoc on our elections in the coming years.

Meanwhile, it’s been more than 15 years since Congress passed the Help America Vote Act, which provided states with money to upgrade their election infrastructure. Since that time, as these systems have aged, Congress has done almost nothing to assist states and localities to adjust to evolving cyberthreats. Today, America’s antiquated voting machines and outdated registration databases often run on obsolete software that is more vulnerable to hacking and less likely to be serviced with security patches from their vendors. Unless something changes soon, in 2018 nearly 40 states will use voting machines that are at least a decade old, perilously close to the end of their projected lifespans. Many of these systems will not have a voter-verified paper record that can be used to independently confirm that the software they run on was not hacked.

The steps we need to take to secure our systems aren’t a secret, and the Securing Elections Act contains the relevant ingredients. Perhaps most importantly, it would establish a $386 million grant program that states could access to implement a set of voluntary cybersecurity guidelines developed by a panel of independent experts. While $386 million is a tiny amount compared to the billions of dollars Congress authorized to upgrade America’s election infrastructure with HAVA in 2002, an analysis by the Brennan Center for Justice at NYU School of Law, where I work, shows that this amount of money could still go a long way to shoring up the most vulnerable systems.

Most importantly, the bill would help states replace old voting machines with new ones that process paper ballots.* It would also create new federal guidelines for post-election audits of those paper ballots. Regularly checking the paper ballots against the electronic vote tally helps ensure that if there is a breach of the voting machines, it will be caught.

The bill also would also authorize immediate grants to election agencies that conduct a “risk and vulnerability” assessment, with subsequent funds to take actions to fix vulnerabilities identified. Election officials interviewed by the Brennan Center have argued that such evaluations are a critical first step in securing our election infrastructure.

Finally, the bill would foster more timely and thorough communication on election security issues, something that proved to be a problem in 2016. Many local election officials and members of Congress expressed frustration that it took the Department of Homeland Security nearly a year to notify 21 states that their registration systems had been targeted by Russian government hackers. An information-sharing clause in the bill would set up a clear process for notifying election officials quickly of any potential hack. And election system vendors and officials would be required to report suspected security breaches to law enforcement. The failure to quickly communicate security breaches or system malfunctions could be the difference between a contained problem and a national crisis.

In sum, the Securing Elections Act aims to do just what a bill meant to guard American elections from tampering should. But just because it has bipartisan support doesn’t mean congressional leaders will act with necessary speed. Time is running out. If Congress doesn’t want to get blamed for an attack that our intelligence leaders agree is likely to come, they need to act soon.