Push to bolster election security stalls in Senate

The Hill photo illustration

Senators are running into roadblocks from state officials as they try to craft legislation to secure election systems before the midterms in November.

Sens. James Lankford (R-Okla.) and Kamala Harris (D-Calif.) are pushing for legislation that would bolster the security of U.S. voting infrastructure, with an eye toward countering threats from adversaries like Russia.

But Lankford on Wednesday was forced to table an amendment to a bill moving through the Senate that was aimed at improving information-sharing between federal and state election officials on election cyber threats. State officials objected to the amendment.

{mosads}The development sparked frustration on the Senate Homeland Security and Governmental Affairs Committee, where lawmakers have been agitating for action.

“Texas had elections yesterday,” said Harris, referring to the state’s Democratic and Republican primaries. “This is an issue that we should approach, I think, with a great sense of urgency and immediacy.”

What to do about election cybersecurity has been a source of tension between federal and state officials since the revelation that Russia tried to hack into election-related systems as part of its broader influence campaign against the U.S. in 2016.

While none of the systems targeted by Russia were involved in vote tallying, officials fear those campaigns could grow in scope and sophistication.

The Obama administration in its waning days designated election infrastructure as critical and therefore subject to optional federal protections from the Department of Homeland Security (DHS). State and local officials balked at the move, fearing a federal takeover of elections.

States have also complained that DHS was slow to share information on the Russia threat. The department formally notified election officials in 21 states that they had been targeted by Russian hackers last September, nearly a year after the 2016 election took place.

Lankford’s amendment, provided to The Hill by an aide, aimed to improve the flow of information between federal officials and state officials involved in administering elections.

The lawmaker hoped to offer the amendment to a bill reauthorizing DHS that is under consideration in the Senate. But four secretaries of state — who serve as the chief election officials in most states — wrote to the committee Tuesday expressing concerns over the provision and one later withdrawn by Sen. Maggie Hassan (D-N.H.) that would have codified into law steps DHS has undertaken to secure U.S. voting infrastructure.

The letter, signed by officials in Indiana, Louisiana, Georgia and New Mexico, questioned the need for the amendments to be included in the reauthorization bill, according to a copy obtained by The Hill.

“With so much scrutiny and ongoing investigations into the Russian involvement in the 2016 Presidential election, it would be more prudent to allow the investigation reports to be finalized and sent to the Congress and the President with conclusive evidence of what may have occurred before assuming what a proper solution might be,” Indiana Secretary of State Connie Lawson wrote.

The Senate Intelligence Committee, which is investigating Russian interference in the presidential election, is expected to release a bipartisan report on election security later this year.

Lankford’s amendment in its current form would direct DHS to promptly share election cybersecurity information with state election officials, unless the department secretary “makes a specific determination in writing that there is good cause to withhold the particular information.” The state officials suggested the provision could potentially block state officials from receiving timely threat information.

The amendment would also mandate that election service providers, including vendors and contractors, notify state officials promptly if election systems — including voting machines, voter registration databases and election agency email systems — are breached, and that state officials provide the information to their federal counterparts in a timely fashion.

The secretaries of state questioned whether states would be penalized if a vendor or contractor failed to notify state election agencies of cybersecurity incidents.

Lankford’s amendment would also instruct DHS to develop an expedited process for providing security clearances to state election officials so they can have timely access to sensitive threat information otherwise classified and out of their reach.

“When an international actor is hacking into one state, it does affect a national election, and there should be an awareness and there should be a streamlining of that communication which DHS has already initiated,” Lankford said Wednesday. He said he would withdraw the measure to work through the “final issues.”

Lankford also suggested the legislation spurred a behind-the-scenes fight between committees over which has jurisdiction over the issue.

“Though I am withdrawing it, you might sense my frustration with not finishing this out because it’s obvious to the American people but we’re not able to get it done in the Senate,” Lankford said.

A spokeswoman for the National Association of Secretaries of State (NASS) told The Hill the organization has offered its members to members of Congress “to serve as resources when drafting amendments, but that offer was never pursued.”

“We are eager for a more collaborative approach on any proposed legislation in the future,” said Maria Dill Benson, NASS director of communications. “In the meantime, cybersecurity information-sharing between DHS and state and local election officials will continue making positive progress.”

Meanwhile, concerns about voting machine cybersecurity appear to be reaching a boiling point in Washington.

A bipartisan cadre of senators, including Lankford and Harris, last December introduced a stand-alone bill that would, in part, authorize block grants for states to upgrade outdated, paperless voting machines. The bill has stalled in the Senate.

There is debate within the security community over the extent of the threat to actual voting machines.

Some say the decentralized nature of U.S. voting systems, coupled with the fact that voting machines are not connected to the internet, make it unlikely that hackers could have a meaningful effect on a federal election.

But some experts have stepped up calls for states to do away with paperless direct-recording electronic voting machines and transition to technology that provides a paper trail — allowing for an audit in the case a result is called into question.

“The choices are written directly to computer memory and you don’t have another record of the voters’ choices,” said Marian Schneider, president of Verified Voting, an organization that advocates for voter-verified paper ballots and paper-backed voting technology. “Not only do you not have the ability to detect when something went wrong, you have no way to recover if something did go wrong.”

President Trump, who has described allegations of his campaign colluding with Russia as a “hoax,” on Tuesday insisted that his administration would react “strongly” to any effort by Moscow to interfere in the midterm elections. He also endorsed the idea of paper backups.

“It’s old-fashioned, but it’s always good to have a paper backup system of voting,” Trump said. “It’s called paper. Not highly complex computers — paper. A lot of states are doing that. They’re going to a paper backup. And I think that’s a great idea. But we’re studying it closely.”

Tags cybersecurity Donald Trump election hacking Election Security James Lankford Maggie Hassan
See all Hill.TV See all Video