[House Hearing, 114 Congress]
[From the U.S. Government Publishing Office]









                     PROTECTING THE 2016 ELECTIONS
                 FROM CYBER AND VOTING MACHINE ATTACKS

=======================================================================

                                HEARING

                               BEFORE THE

              COMMITTEE ON SCIENCE, SPACE, AND TECHNOLOGY
                        HOUSE OF REPRESENTATIVES

                    ONE HUNDRED FOURTEENTH CONGRESS

                             SECOND SESSION

                               __________

                           September 13, 2016

                               __________

                           Serial No. 114-91

                               __________

 Printed for the use of the Committee on Science, Space, and Technology



[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]




       Available via the World Wide Web: http://science.house.gov





                                  ______

                         U.S. GOVERNMENT PUBLISHING OFFICE 

22-560 PDF                     WASHINGTON : 2017 
-----------------------------------------------------------------------
  For sale by the Superintendent of Documents, U.S. Government Publishing 
  Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; 
         DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, 
                          Washington, DC 20402-0001







              COMMITTEE ON SCIENCE, SPACE, AND TECHNOLOGY

                   HON. LAMAR S. SMITH, Texas, Chair
FRANK D. LUCAS, Oklahoma             EDDIE BERNICE JOHNSON, Texas
F. JAMES SENSENBRENNER, JR.,         ZOE LOFGREN, California
    Wisconsin                        DANIEL LIPINSKI, Illinois
DANA ROHRABACHER, California         DONNA F. EDWARDS, Maryland
RANDY NEUGEBAUER, Texas              SUZANNE BONAMICI, Oregon
MICHAEL T. McCAUL, Texas             ERIC SWALWELL, California
MO BROOKS, Alabama                   ALAN GRAYSON, Florida
RANDY HULTGREN, Illinois             AMI BERA, California
BILL POSEY, Florida                  ELIZABETH H. ESTY, Connecticut
THOMAS MASSIE, Kentucky              MARC A. VEASEY, Texas
JIM BRIDENSTINE, Oklahoma            KATHERINE M. CLARK, Massachusetts
RANDY K. WEBER, Texas                DON S. BEYER, JR., Virginia
JOHN R. MOOLENAAR, Michigan          ED PERLMUTTER, Colorado
STEVE KNIGHT, California             PAUL TONKO, New York
BRIAN BABIN, Texas                   MARK TAKANO, California
BRUCE WESTERMAN, Arkansas            BILL FOSTER, Illinois
BARBARA COMSTOCK, Virginia
GARY PALMER, Alabama
BARRY LOUDERMILK, Georgia
RALPH LEE ABRAHAM, Louisiana
DARIN LaHOOD, Illinois
WARREN DAVIDSON, Ohio




















                            C O N T E N T S

                           September 13, 2016

                                                                   Page
Witness List.....................................................     2

Hearing Charter..................................................     3

                           Opening Statements

Statement by Representative Lamar S. Smith, Chairman, Committee 
  on Science, Space, and Technology, U.S. House of 
  Representatives................................................     5
    Written Statement............................................     7

Statement by Representative Eddie Bernice Johnson, Ranking 
  Member, Committee on Science, Space, and Technology, U.S. House 
  of Representatives.............................................     9
    Written Statement............................................    11

                               Witnesses:

Dr. Charles H. Romine, Director, Information Technology 
  Laboratory, National Institute of Standards and Technology
    Oral Statement...............................................    14
    Written Statement............................................    17

Hon. Tom Schedler, Secretary of State, State of Louisiana
    Oral Statement...............................................    27
    Written Statement............................................    29

Mr. David Becker, Executive Director, The Center for Election 
  Innovation & Research
    Oral Statement...............................................    35
    Written Statement............................................    38

Dr. Dan S. Wallach, Professor, Department of Computer Science and 
  Rice Scholar, Baker Institute for Public Policy, Rice 
  University
    Oral Statement...............................................    42
    Written Statement............................................    44

Discussion.......................................................    56

             Appendix I: Answers to Post-Hearing Questions

Dr. Charles H. Romine, Director, Information Technology 
  Laboratory, National Institute of Standards and Technology.....    88

Hon. Tom Schedler, Secretary of State, State of Louisiana........   107

Mr. David Becker, Executive Director, The Center for Election 
  Innovation & Research..........................................   110

Dr. Dan S. Wallach, Professor, Department of Computer Science and 
  Rice Scholar, Baker Institute for Public Policy, Rice 
  University.....................................................   113

            Appendix II: Additional Material for the Record

Washington Post article How to hack- and rig-proof U.S. elections   122

 
                     PROTECTING THE 2016 ELECTIONS
                             FROM CYBER AND
                         VOTING MACHINE ATTACKS

                              ----------                              


                      TUESDAY, SEPTEMBER 13, 2016

                  House of Representatives,
               Committee on Science, Space, and Technology,
                                                   Washington, D.C.

    The Committee met, pursuant to call, at 10:11 a.m., in Room 
2318, Rayburn House Office Building, Hon. Lamar Smith [Chairman 
of the Committee] presiding.


[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]


    Chairman Smith. The Committee on Science, Space, and 
Technology will come to order. Without objection, the Chair is 
authorized to declare recesses of the Committee at any time.
    Welcome to today's hearing entitled ``Protecting the 2016 
Elections from Cyber and Voting Machine Attacks.'' I'll 
recognize myself for an opening statement and then the Ranking 
Member.
    We are here today to discuss the subject of election 
security. It's hard to imagine a more bipartisan issue. 
Election security is fundamental to the fairness of elections 
and democracy in the United States. Elections are a key 
component of democracy, and voting is the very essence of what 
President Abraham Lincoln meant when he said a government by 
the people.
    Voting is the means by which Americans express their 
opinions about their government. It provides Americans with the 
opportunity to affirm policies they like and change what they 
don't. When our citizens vote, they not only elect their 
leaders, they choose a direction and set priorities for our 
nation. Elections with integrity strengthen democracy. They 
confer legitimacy and boost public trust in government.
    Concerns with earlier versions of voting and election 
systems led to the passage of the 2002 Help America Vote Act. 
This act requires the National Institute of Standards and 
Technology, over which we have jurisdiction, to work with the 
Election Assistance Commission on technical, voluntary 
guidelines for voting.
    Today, we will discuss the current technical voluntary 
guidelines that are in place for States to protect their voting 
and election systems. Though these guidelines are voluntary, I 
hope to hear whether they are sufficient to safeguard our 
elections and whether States effectively use them.
    This discussion is timely as many concerns have been raised 
in recent months about the vulnerabilities of electronic voting 
machines, voting over the Internet, and online voter 
registration. In response to these concerns, our discussion 
today will review the security of the election system in its 
entirety. We will examine what guidelines are in place, how we 
currently protect systems from potential technical 
vulnerabilities, and what kind of work--including research and 
development in my home State of Texas--is underway to protect 
future voting and election systems.
    Last year, hackers from China infiltrated the Office of 
Personnel Management's database and stole confidential records 
and personal information on more than 22 million current and 
former federal employees, including those involved in our 
national security effort with the highest security clearances. 
The attacks on voter registration databases in Illinois and 
Arizona are the latest instances of such attacks, this time 
with alleged ties to Russia. We have yet to take decisive steps 
to defend ourselves and deter attackers.
    The President says we are more technologically advanced, 
both offensively and defensively, in cyber warfare than our 
adversaries. So why won't he take the necessary steps to 
prevent cyber attacks on our elections systems by foreign 
governments? If we are attacked repeatedly and do nothing, we 
will have surrendered unilaterally and put at risk our economy, 
our national security, and our very freedoms.
    This committee has held more than a half-a-dozen hearings 
on cybersecurity issues in this Congress. We know it isn't 
enough to respond to cyber attacks with diplomatic protest. We 
are going to hear from witnesses today about how the Federal 
Government can help States keep our election systems secure. 
But the single most important way to protect our election 
systems, to protect each American's right to vote and be heard, 
is for this Administration--and for the next Administration--to 
take decisive steps to deter and, if necessary, sanction 
foreign governments that attack us in cyber space.
    [The prepared statement of Chairman Smith follows:]
    
  [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
  
     
    Chairman Smith. That concludes my opening statement, and 
the Ranking Member, the gentlewoman from Texas, Eddie Bernice 
Johnson, is recognized for hers.
    Ms. Johnson. Thank you, Mr. Chairman, and good morning.
    Ensuring that our elections are fair, accurate, and freely 
accessible to all American citizens is fundamental to our 
democracy. Every instance of malfunctioning voting technology 
and without question every cyber attack on our election system 
is significant. And all efforts to improve voting security, 
reliability, privacy, and access are welcome and important.
    I am confident by the testimony of today's experts and many 
others that we are in a much better place today than we were 10 
or 15 years ago. I'm deeply concerned, however, by some of the 
rhetoric in recent weeks that seems to--seems intended to erode 
public confidence in our election system. Prominent voices have 
suggested that the U.S. election system is riddled with fraud 
and somehow rigged. Those conspirator allegations, like many 
others, that have been floated in the public sphere this 
election cycle are not supported by actual facts, and they 
threaten the election process we have relied upon for more than 
2 centuries.
    I'm eager to hear from the distinguished panel today about 
the challenges of securing our election system in the digital 
age and what actions have been taken at the federal, state, and 
local levels to strengthen cybersecurity. However, given the 
reckless rhetoric, as well as other serious threats our 
election system is facing, I want to take this opportunity to 
put the cybersecurity challenges in context.
    The U.S. election system is complex and highly 
decentralized, encompassing approximately 10,000 local, county, 
and state election offices. Further, there are few connections 
between individual voting systems and the Internet. And at 
least 75 percent of the voters will be able to verify their 
vote with a paper ballot this fall. This compartmentalization 
and paper trail provides a strong firewall against any cyber 
threats.
    The recently publicized attacks against voter registration 
rolls in Arizona and Illinois are serious but have not resulted 
in any changes to voter data or to any voters. In Arizona the 
cybersecurity firewalls worked to contain the threat. What I 
find most concerning are reports that these recent threats may 
be linked to the Russian intelligence operation. So we must be 
vigilant, and I hope these incidents will lead to improved 
cybersecurity protocols and practices.
    While security of the election system is important, voter 
access is fundamental to our democracy. Baseless allegations of 
widespread voter fraud have been used as an excuse to 
disenfranchise large numbers of minority and young voters 
through discriminatory voter ID restrictions.
    News21, a journalism program established by the Carnegie 
Corporation of New York and the John S. and James L. Knight 
Foundation found voter impersonation fraud to be 
extraordinarily rare. An analysis of 2,068 alleged election 
fraud cases in all 50 States from 2000 to 2012 out of 146 
million registered voters identified only 10 cases of voter 
impersonation fraud. You don't enact laws because of 10 cases 
of fraud in 12 years unless you have an ulterior motive. 
Fortunately, the courts have been right through the most 
blatantly discriminatory state laws.
    In addition to the state-sanctioned voter ID laws, the 
Brennan Center for Justice and others have continued to 
document cases of voter intimidation, deliberate spreading of 
misinformation to keep minorities and students from voting, and 
other attempts to target and disenfranchise minorities and 
young voters. These threats to tens of hundreds of thousands of 
eligible voters were either orchestrated by public officials or 
lone troublemakers should be taken as seriously as a cyber 
threat.
    Mr. Chairman, I know my remarks have moved beyond the 
intended scope of this hearing, but you know well how 
passionate I am about this issue. It is my hope that with this 
hearing that we can have a thoughtful discussion of the 
challenges and actions that have been taken related to 
cybersecurity and other voting technology issues, while 
avoiding adding to the noise and confusion surrounding these 
issues just 8 weeks from the crucial election.
    With that, I'd like to welcome our witnesses for being here 
today. And this is a distinguished panel. I look forward to 
hearing from our collective experience and expertise.
    Thank you, Mr. Chairman. I yield back.
    [The prepared statement of Ms. Johnson follows:]
    
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    
   
    Chairman Smith. Okay. Thank you, Ms. Johnson. And I'll 
introduce our witnesses. Our first witness today is Dr. Charles 
Romine, Director of the Information Technology Laboratory at 
the National Institute of Standards and Technology. In this 
capacity, Dr. Romine oversees a research program that develops 
and disseminates standards, measurements, and testing for 
interoperability, security, usability, and reliability of 
information systems, which includes cybersecurity standards and 
guidelines for federal agencies in U.S. industry.
    Dr. Romine previously served as a Senior Policy Analyst at 
the White House Office of Science and Technology Policy and is 
a Program Manager at the Department of Energy's Advanced 
Scientific Computing Research Office.
    Dr. Romine received both his bachelor's degree in 
mathematics and his Ph.D. in applied mathematics from the 
University of Virginia.
    I'll now recognize the gentleman from Louisiana, Mr. 
Abraham, to introduce our next witness, who happens to also be 
from Louisiana.
    Mr. Abraham. Thank you, Mr. Chairman. It is my pleasure to 
recognize Hon. Tom Schedler, the Secretary of State from the 
great State of Louisiana. Secretary Schedler was appointed to 
the position in 2010 and was reelected in 2011 to serve a four-
year term. He is past President of the National Association of 
Secretaries of State with his term ending this past July. And 
he served as Co-Chairman for the National Association of 
Secretaries of State Task Force on Emergency Preparedness for 
Elections.
    As Secretary of State of Louisiana, he is committed to 
protecting and defending the integrity of every election in the 
State and has worked diligently to streamline the election 
process. The result is been a more efficient and cost-effective 
system with Louisiana becoming one of the first States to 
implement online voter registration and the first State in the 
country to launch a smartphone app for voters to use to get 
timely election information. My pleasure for you to be here.
    I yield back, Mr. Chairman.
    Chairman Smith. Thank you, Mr. Abraham.
    Our third witness today is Mr. David Becker, Executive 
Director and Co-Founder of the Center for Election Innovation 
and Research. Mr. Becker founded CEIR to increase voter turnout 
and give election officials the tools they need to ensure all 
eligible voters can vote conveniently and assist them with 
maximum integrity.
    Prior to founding CEIR, Mr. Becker was the Director of the 
Elections Program at the Pew Charitable Trust where he worked 
on reforms in election administration. These reforms included 
using technology to provide voters with information they need 
to cast a ballot.
    Mr. Becker received both his undergraduate and law degrees 
from the University of California at Berkeley.
    Our final witness today from my home State of Texas is Dr. 
Dan Wallach, Professor in the Department of Computer Science 
and Rice Scholar at the Baker Institute for Public Policy at 
Rice University. Dr. Wallach's research covers a variety of 
topics in computer security. This includes electronic voting 
system security where he served as the Director of an NSF-
funded multi-institution research center, A Center for Correct, 
Usable, Reliable, Auditable, and Transparent Elections, acronym 
for which is ACCURATE. He also served as a member of the Air 
Force Science Advisory Board from 2011 to 2015.
    Dr. Wallach earned his bachelor's degree in electrical 
engineering and computer sciences at UC Berkeley and his 
master's and Ph.D. from Princeton University.
    We welcome you all, appreciate your expert advice.
    And, Dr. Romine, if you'll begin.

         TESTIMONY OF DR. CHARLES H. ROMINE, DIRECTOR,

               INFORMATION TECHNOLOGY LABORATORY,

         NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

    Dr. Romine. Thank you, Mr. Chairman. Chairman Smith, 
Ranking Member Johnson, and Members of the Committee, thank you 
for the opportunity to discuss NIST's role in voting systems.
    Improving voting systems requires an interdisciplinary, 
collaborative approach that must be accurate and reliable, yet 
cost-effective, secure, and usable and accessible to all 
voters. The design and standards must consider the diversity of 
voting processes and ballots across the States, and none of 
these can be considered in a vacuum.
    NIST expertise in testing, certification, information 
security, trusted networks, software quality, and usability and 
accessibility provides the foundation for our voting systems 
work, but our experience working in multi-stakeholder processes 
is critical. We must bring together election officials, 
industry, technical experts, and advocacy groups to address 
this challenge.
    The NIST role is limited to the research to develop 
standards, tests, guidelines, best practices, and assistance 
with laboratory accreditation that the Election Assistance 
Commission, or EAC, and state and local jurisdictions may use 
at their discretion.
    Since the signing of the Help America Vote Act, or HAVA, 
NIST has partnered with the EAC to develop the science, tools, 
and standards necessary to improve the accuracy, reliability, 
usability, accessibility, and security of voting systems. Our 
joint accomplishments include new voting system guidelines; 
guidelines in support of Military and Overseas Voters 
Empowerment Act, or MOVE; and the Uniformed and Overseas 
Citizens Absentee Voting Act, or UOCAVA; the establishment of 
accredited testing laboratories for voting system equipment and 
a testing and certification program upon which many States 
depend.
    The Technical Guidelines Development Committee, or TGDC, a 
federal advisory committee to the EAC chaired by NIST, assists 
in the development of the voluntary voting system guidelines. 
In 2015, the EAC approved the TGDC's latest recommendations, 
Voluntary Voting System Guidance, or VVSG 1.1, with new 
requirements for human factors, audit and election logging, and 
new security requirements on access control, physical security, 
auditing, cryptography, software quality, and software 
integrity.
    To support overseas and military voters, including the use 
of the Internet to cast absentee ballots, NIST research 
concluded that widely deployed security technologies and 
procedures could mitigate many of the risks associated with 
electronic blank ballot delivery but the risks associated with 
casting doubts over the Internet were more serious and 
challenging to overcome.
    Based on that research, NIST documented security best 
practices and considerations for election officials on the use 
of electronic mail or the Web to expedite transmission of voter 
registration materials and blank ballots. In early 2011, NIST 
analyzed current and emerging technologies that may mitigate 
risk to Internet voting.
    We also identified several areas where research and 
technological improvements are needed to ensure the security, 
usability, and accessibility of Internet voting. Many of these 
challenges are not unique to Internet voting such as strong 
identity management, protection against malware, and the 
resiliency of Internet-connected systems. The unique challenges 
of Internet voting are the requirements and expectations, 
notably ensuring the integrity of the voting process while 
protecting privacy.
    NIST and the EAC have recently organized public working 
groups that provide an open and transparent development process 
and give the EAC and state election officials the opportunity 
to work directly with academic, industry, and Federal 
Government experts. The working groups help inform NIST, the 
EAC, and the TGDC in updating the VVSG.
    There are three election working groups--pre-election, 
election, and postelection--that are providing insight on 
election processes. These groups are supported by four 
technical groups--cybersecurity, human factors, 
interoperability, and testing. The election working groups take 
input from the technical groups to inform requirements 
development for consideration by the TGDC.
    Ensuring that voting systems are secure and auditable is 
critical to providing trust and confidence in the voting 
process. The cybersecurity technical working group is 
developing guidelines and best practices to secure voting 
systems. The group is focused on election security best 
practices, including physical security, auditing, and 
contingency planning.
    To provide a firm foundation for next-generation security 
guidelines, NIST is researching threats and vulnerabilities to 
voting systems and the best practices and technologies that can 
mitigate those risks. As part of that research, NIST has 
catalogued published vulnerabilities and weaknesses in voting 
system software. The goal is to understand the types of 
vulnerabilities by looking at historical evidence and creating 
a voter-specific list of vulnerabilities and mapping these with 
weaknesses to requirements in the VVSG. This work has 
identified issues that should be addressed in future security 
requirements and test methods and by voting system 
manufacturers.
    NIST is committed to continue collaborating with the EAC 
and others to fulfill our role defined in HAVA, MOVE, and 
UOCAVA. We leverage our research, which is applicable to a wide 
variety of organizations and used by industry and governments 
throughout the world. Active collaboration between the public 
and private sectors is the only way to effectively meet this 
challenge, leveraging each participant's roles and 
responsibilities.
    Thank you for the opportunity to testify today on NIST's 
work in voting systems, and I would be happy to answer any 
questions you may have.
    [The prepared statement of Dr. Romine follows:]
    
   [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
 
    
       
    Chairman Smith. Thank you, Dr. Romine. And, Secretary 
Schedler.

                TESTIMONY OF HON. TOM SCHEDLER,

             SECRETARY OF STATE, STATE OF LOUISIANA

    Mr. Schedler. Thank you. I want to thank the Committee, 
Chairman Smith, and Ranking Member Johnson for the invitation 
to address you today. I think it's very important for you to 
hear from actual election officials who actually conduct 
elections. And our job--at least in my opinion, is to make 
voting easier, more accessible, and to make it tough to cheat.
    But in recent weeks, reports on cyber attacks have voters 
questioning whether their vote will actually count, and that in 
my opinion is more damaging than the potential for hacking.
    We are all on high alert. This whole exercise has put every 
one of the 50 States working on national security issues with 
all national agencies in an effort to try to improve the system 
we have or to recheck the system we have. But the fact is 
States are always evaluating security measures and emergency 
plans. As I speak, in Louisiana I'm dealing with 30 precincts 
from the record flooding that we had in the Baton Rouge area on 
contingency plans and what I'm going to do to move those 
precincts, notify voters, and the like.
    So yes, we--are we concerned about potential interference 
into our election process? We absolutely are, but voter fraud 
is much, much harder to accomplish than you may think. As was 
pointed out by Ranking Member Johnson, we have some 10,000 
jurisdictions of voting in this country hundreds of thousands 
of voting machines in various locations. The complexity of our 
election system has reinforced the election process, and what I 
mean by that is if you think about the complexity of that, it 
makes it very difficult for any player to go in and actually 
disrupt a federal national election.
    Specifically, States have developed online registration 
some 31 States have the best practice to improve customer 
service. They've also developed different ways to guard against 
intrusion. In Louisiana, for instance, information collected 
through our online voter registration system does not flow 
directly into our statewide system. Instead of voter 
information is sent from a Web site to each parish register in 
the State of Louisiana. The register has direct access to the 
database, not the voter.
    While it would certainly be disruptive to have registration 
systems hacked, as we saw in Arizona and Illinois, voters could 
still vote and Election Day would still occur. Anyone who 
discovers an issue with their voter registration status still 
has the option of a provisional ballot. And remember, no voter 
information was added or deleted in Arizona or Illinois, and 
most States have electronic paper ballot backups.
    In terms of voting machines, it's important to note that so 
far scientists have only succeeded in hacking voting machines 
when favorable conditions existed that do not exist on Election 
Day, including plenty of time and unfettered access. There is 
no evidence that ballot manipulation has ever occurred in the 
United States.
    No State--and I want to make this clear--has Internet 
voting, and our voting machines are never connected to the 
Internet. In Louisiana, all machines are stored in secure, 
state-owned warehouses. All maintenance, including most up-to-
date software applications, as well as programming, is 
performed by vetted Secretary of State employees, not outside 
contractors.
    Additionally, before every election, Louisiana publicly 
performs a test-and-seal process in which we demonstrate that 
each machine is working properly before it is locked with a 
tamperproof seal. That testing process is also done at the end 
of each Election Day to demonstrate that each machine is 
functioning postelection, which is required by roughly 60 
percent of the States. And, if necessary, the majority of 
States can make paper ballots and audits available if a recount 
or review becomes necessary.
    Finally, please keep in mind that timing is critical. 
Elections are no longer one-day events and voting is occurring 
right now as we speak. Ballots have been printed, absentee 
ballots are in the mail, and in-person voting begins in days in 
some States. To say this is an inopportune time for election 
officials to be discussing this subject instead of real-time 
preparation is an understatement. The train has left the 
station.
    During a call with Secretary Jeh Johnson in mid-August, my 
colleagues and I were assured there would be no intent to 
declare an election system as part of the critical 
infrastructure before the November elections. Some Secretaries, 
including myself, have been very vocal that no matter when that 
may occur, such a designation would undercut the Constitutional 
role of the States and local jurisdictions. It would only 
complicate our ability to properly secure elections.
    As of today, there is not enough clear information on what 
the designation would mean or why it's necessary. States get 
what we need through existing networks, including the United 
States Elections Assistance Commission and the National 
Institute of Standards and Technology, which already identify 
the kind of testing and certification.
    And most standards needed to reveal signs of tampering, 
there is a role for Congress in this. Most States purchase 
their voting machines using federal dollars, HAVA, back in 
2005, but there is little interest on the Hill when it comes to 
helping replace our aging systems. I suggest you revisit HAVA 
and see how an investment in voting technology could benefit 
our nation in the long run.
    In the meantime, we have received a sobering wake-up call 
on the serious nature of cyber attacks. States will continue to 
take a proactive approach to secure our election systems, and 
at the end of the day, I want to assure every American--and I 
speak for all of my colleagues, the Secretaries of State 
Association--that your next President will be determined by the 
vote of the people and every vote will count.
    Thank you for allowing me my comments.
    [The prepared statement of Mr. Schedler follows:]
    
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    
 
    
    Chairman Smith. Thank you, Secretary Schedler.
    And, Mr. Becker.

                 TESTIMONY OF MR. DAVID BECKER,

                      EXECUTIVE DIRECTOR,

         THE CENTER FOR ELECTION INNOVATION & RESEARCH

    Mr. Becker. Good morning, and thank you, Mr. Chairman, and 
Ranking Member Johnson, for the opportunity to testify today on 
the important issue of the security of our election system.
    My name is David Becker and I'm the Executive Director of 
the Center for Election Innovation and Research, a nonprofit 
working in partnership with election officials like Secretary 
Schedler and technology leaders to improve our system of 
elections.
    My experience in elections goes back about two decades, 
starting with a seven-year stint as a senior trial attorney 
with the voting section of the Department of Justice under both 
the Clinton and George W. Bush Administrations where I observed 
dozens of elections in hundreds of precincts nationwide and 
then served for several years as the Director of the Elections 
Program at Pew where I oversaw efforts to use technology to 
improve the efficiency and security of elections.
    As an initial matter, we should be clear about the election 
systems that are in place and what they each do and what if any 
relative vulnerabilities might exist. Voter registration 
databases or a key election system have been in the news a lot 
recently. As you noted, there was a breach of the Illinois 
voter registration database where personal data from several 
thousand voters appears to have been accessed. In Arizona, it 
appears the State successfully detected an attempted hack of 
their state voter registration database and prevented access of 
any private data.
    But in both cases initial investigations suggest no voter 
data was changed. The voter registration lists remained intact 
with the primary goal of the hack seemingly being to access 
personal data for the purposes related to identity theft rather 
than to manipulate the voter lists themselves.
    While we should continue to be vigilant about these 
centralized databases, to my knowledge, every State creates a 
regular backup of their voter registration lists, and most 
States on a daily basis, so that should anything go wrong with 
the databases themselves, the list could be reconstructed prior 
to the election.
    And while there have also been concerns expressed about the 
hack of the Democratic National Committee email system, that 
system is completely different than the election systems in 
place. That was an attack on a centralized email server and a 
nongovernmental entity which bears no analogy to the highly 
regulated systems in place in the States to administer 
elections.
    The voting machines themselves include paper ballots or 
electronic devices on which votes are cast and include vote 
tabulation equipment. And with regard to those systems, I can 
say that while no system is 100 percent hack-proof, elections 
in this country are secure, perhaps as secure as they've ever 
been, and that voters should have confidence that their votes 
will be counted and counted accurately.
    There are four primary reasons that voters should feel 
confident in our election system. First, our election system is 
highly decentralized. Each State governs the administration of 
elections independently, and within each State there are many 
individual election jurisdictions--counties, towns, and the 
like--totalling approximately 10,000 nationwide that actually 
administer those elections.
    Even within many States, counties use different systems and 
dozens of different technologies to conduct elections, and 
within those thousands of election jurisdictions there are well 
over 100,000 Election Day precincts and polling places where 
ballots are cast and collected, and that is just on Election 
Day, not taking into account the thousands of early-voting 
sites and tens of millions of mail ballots that will be 
utilized this November. Thus, there isn't a single or 
concentrated point of entry for a hacker. Rather, there are 
thousands of points hacker would have to successfully navigate 
to manipulate the results of a national election.
    Second, voting machines are kept securely. These machines 
are subjected to rigorous protocols for chain of custody and 
testing in every jurisdiction. Machines are held under lock and 
key with additional protections in place to ensure that nobody 
without proper credentials can access the devices. It's 
exceedingly difficult to gain unauthorized access to even one 
of these machines and nearly impossible to gain access to more 
than one. Prior to every election, not just federal elections, 
but every time the equipment is used, these machines go through 
a series of tests called logic and accuracy tests to confirm 
that they are working as intended, recording and tabulating 
votes accurately.
    Third, unlike voter registration databases or email 
systems, I know of no jurisdiction where voting machines are 
connected to the Internet. This makes it nearly impossible for 
a remote hacker, whether in Moscow, Russia, or Moscow, Idaho, 
to access the equipment and plan malicious code or otherwise 
hack the system. Without connectivity, it would require a 
hacker to have unfettered physical access and enough time to 
sabotage one machine just to impact the results on one device 
in one polling place. To manipulate election results on a state 
or national scale would require a conspiracy of literally 
hundreds of thousands and for that massive conspiracy to go 
undetected.
    Which brings us to the fourth reason: Even if hundreds of 
thousands of conspirators operated undetected on a diverse 
range of systems, defeating the testing and chain-of-custody 
protections in place, it would likely have no effect on the 
vast majority of election results nationwide because well over 
75 percent of voters vote on paper ballots or on a device that 
creates a paper record.
    And in most States--32 plus DC. as of 2014, there is a 
postelection audit requirement that mandates States match the 
paper record to the digital record, and if a discrepancy 
exists, recount the paper ballots for use as the official 
record. The States that require such an audit include the 
battleground States of Arizona, Colorado, Florida, Nevada, New 
Mexico, North Carolina, Ohio, Pennsylvania, Virginia, and 
Wisconsin, among others, so even if a grand conspiracy were 
viable, a postelection audit requirement would almost certainly 
discover it prior to the election results becoming official.
    There's been a lot of hyperbole surrounding the selection, 
but the processes in place to ensure the integrity of our 
election system should not become part of the political 
rhetoric. There are few loudly seeking to sow distrust in the 
system, but there are far more working quietly and 
collaboratively at the federal, state, and local level and 
election officials across the political spectrum like Secretary 
Schedler here who are working to secure our voting systems and 
reassure voters that the selection will accurately reflect 
voters' choices.
    And voters can play a role as well, by attending pre-
election voting machine tests and especially volunteering to 
serve as poll workers to see the process firsthand, whether 
it's federal officials offering assistance and resources to the 
States, state and local officials sharing best practices, or 
citizens serving as poll workers, this cooperation and 
diligence will protect our elections in 2016 and safeguard 
future elections as well.
    Thank you and I'd be happy to take any questions.
    [The prepared statement of Mr. Becker follows:]
    
 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
   
    
    Chairman Smith. Thank you, Mr. Becker.
    And, Dr. Wallach.

          TESTIMONY OF DR. DAN S. WALLACH, PROFESSOR,

        DEPARTMENT OF COMPUTER SCIENCE AND RICE SCHOLAR,

               BAKER INSTITUTE FOR PUBLIC POLICY,

                        RICE UNIVERSITY

    Dr. Wallach. Chairman Smith, Ranking Member Johnson, 
Members of the Committee, it's a great honor to speak to you 
today about our nation's voting systems and the threats they 
face this November and the steps we might take to mitigate 
those threats.
    My name is Dan Wallach. I've been a Professor in the 
Department of Computer Science at Rice University in Houston 
for 18 years. And my main message for you here today is that 
our election systems face credible cyber threats from our 
nation-state adversaries, and it's prudent to adopt contingency 
plans before November to mitigate these threats.
    In particular, we've learned that Russia may have been 
behind leaked DNC emails for the explicit purpose of 
manipulating our elections. We've also learned of attacks on 
voter registration databases in Arizona and Illinois, and 
that's only the ones we know about. There might be more.
    We must prepare for the possibility that Russia or other 
sophisticated adversaries will use their cyber skills to attack 
our elections, and they need not attack every county in every 
State. It's sufficient for them to go after battleground States 
where a small nudge can have a large impact. The 
decentralization that we've heard about is helpful but it's not 
sufficient.
    My number one concern is our voter registration databases 
because they are online, and if an attacker can damage or 
destroy the voter registration databases, they could 
disenfranchise a significant number of voters, leading to long 
lines and other difficulties. The provisional voting process 
requires filling out affidavits, it's slow, it takes time, and 
that wouldn't work for million voters.
    Paperless electronic voting systems and their tabulation 
systems are also vulnerable. Despite not generally being 
connected to the Internet, these systems were unfortunately 
never engineered with security in mind, and expert analyses by 
myself and others have found unacceptable security issues.
    Our biggest nation-state adversaries have the capability to 
execute attacks against these systems. For example, Russia was 
behind an attack of this kind directed at Ukraine's 2014 
election where a hacked tabulation system would have reported 
results favorable to Russia. The Ukrainians were lucky enough 
to catch this.
    Our options between now and November are largely limited to 
contingency planning. If we're lucky, we might detect attacks 
before Election Day, but it's important to make plans now for 
recovering from unforeseen cyber disasters in the same way that 
we make plans for natural disasters, including running drills 
and exercises and having plans written out and thought through.
    If, for example, we were to conclude on Election Day that 
our computer systems had been unreliable, a contingency plan 
might be to rapidly print millions of paper ballots and rerun 
the election the next day. Legislation passed in most States 
following 2012's Hurricane Sandy appears to allow for such 
mitigations. The details vary State to State.
    Between now and November we should also be aggressive at 
deploying expert teams to do security audits of relevant 
networks and systems particularly in battleground States. If 
something has been hacked, the sooner we know about it, the 
better. And my understanding is a critical infrastructure 
designation would allow States to request assistance from the 
Federal Government in this role.
    We must also plan for the next few years after November's 
election is complete. Roughly 1/3--we've heard today--we've 
also heard 1/4. I'm not sure what the real number is. Roughly 
1/3 of American voters this fall will use aging electronic 
voting systems with proven insecure designs. Some new hybrid 
voting system designs with electronic user interfaces and 
printed paper ballots are being designed by Los Angeles County, 
California, and Travis County. That's Austin, Texas. These have 
the potential to substantially reduce costs and improve the 
security of our elections. Federal support could advance their 
deployment nationwide, and if we do nothing, keeping our aging 
systems in service holds our elections at risk.
    As a quick note, our immediate future should not include 
Internet voting. It's hard enough to protect the online systems 
that we already have. Moving additional voters online increases 
the risks. Traditional hand-marked paper ballots and these new 
hybrid systems from Los Angeles and Austin are our best paths 
forward.
    As Don Rumsfeld once said, you go to war with the army you 
have, not the army you might want or wish to have at a later 
time. We face a similar situation this November with our 
systems for voter registration casting and tabulation. None of 
them are ready to rebuff attacks from our nation-state 
adversaries, nor can we replace them in time to make a 
difference.
    Despite this, we can pursue a number of pragmatic steps 
such as verifying the integrity of election database backups, 
and we can make contingency plans for how we may respond if and 
when we do detect attacks against our elections. If we can 
somehow determine that tampering with an election voting system 
did take place, we should have plans in place to print paper 
ballots or otherwise keep the election going. The sooner we can 
create and agree on these plans, the more resilient our 
elections will be to foreign attack.
    And even if nothing goes wrong and all this turned out to 
be nothing but hot air, we should treat these events as a 
warning. With modest investment, we can improve our practices 
and replace obsolete and insecure equipment, defeating future 
attacks like this before they ever get off the ground.
    Thank you.
    [The prepared statement of Dr. Wallach follows:]
    
   [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
 
       
    Chairman Smith. Thank you, Dr. Wallach.
    I'll recognize myself for questions. And, Dr. Wallach, let 
me address the first one to you. You raised a lot of 
interesting issues. I guess my question is where do you think 
our election systems are the most vulnerable? What are the one 
or two areas that we'd need to guard against?
    Dr. Wallach. So I believe my top concern is the voter 
registration systems because they are generally online, and if 
it's online, it's accessible from the Internet, and if it's 
accessible from the Internet, it's accessible from our nation-
state adversaries.
    And as I mentioned before, if you can either selectively or 
entirely delete people who you'd rather not vote, the current 
provisional voting system can't really scale to support a large 
number of voters who are filling out affidavits and following 
that process.
    My second concern is the vote tabulation systems. Generally 
speaking, these tend to be old computers running old operating 
systems, in some cases Windows 2000 where security patches 
aren't even available from the vendor anymore, and that means 
that there are significant vulnerabilities where attacking a 
single point could result in an interesting result.
    Chairman Smith. Okay. Thank you, Dr. Wallach.
    By the way, when I hear you all recommend paper ballots, I 
wince a little bit because those of us from Texas have 
sometimes read about what happened in the 1950s where a ballot 
box was stuffed with paper ballots and it changed the outcome 
of a Senate race and perhaps elected the next President. So I 
sometimes worry about paper ballots as well.
    Let me address a question to all the panelists here today. 
And we've heard about some of the vulnerabilities. Let me ask 
you to rate on a scale of one to five with five being the most 
vulnerable, the most at risk, where you think we stand both in 
this election, and let's take the long view--say this election 
and the next election--how vulnerable are we to being hacked, 
not necessarily successfully hacked, but how likely is it that 
there will be attempts to interfere in our elections process by 
foreign countries this election or the next? And again one to 
five with five being the greatest risk.
    Dr. Romine?
    Dr. Romine. It's a little hard for me to answer that 
question principally because it involves intent of malefactors, 
and I don't really have any background to be able to determine 
the level of intent.
    Chairman Smith. Okay. Let's assume, then, how likely is it 
that there would be intentional attempted hacking in the next 
two elections? If you want to use----
    Dr. Romine. It's not unreasonable to imagine attempts. In 
fact, as others have testified, there have been a couple of 
attempts to hack into voter registration systems currently. I 
think most CIOs at most organizations will tell you that 
there's a sort of constant current of probing of their IT 
systems. And so with respect to voter registration, I would say 
the possibility that an attempt could be made is not out of the 
question.
    With respect to the voter--the----
    Chairman Smith. Maybe I should say likely or unlikely, 
would you consider that to be an easier way to describe it or 
not?
    Dr. Romine. It's still difficult for me to answer that 
question, but I would say I would put it somewhere in between. 
I can't say that it's likely but I can't rule it out either.
    Chairman Smith. Okay. Thank you.
    Secretary Schedler?
    Mr. Schedler. I'll take a stab at that. I'll say on the 
registration side of it, as evidenced by the two States that 
have had a problem, one of which, from what I understand the 
code was giving and the other one was detected immediately. I'd 
probably give it around a three. On the Election Day, one and 
one half or two.
    Chairman Smith. Okay. Good. Thanks. Mr. Becker?
    Mr. Becker. Yes, I agree. I think it's not out of the realm 
of possibility that there will be an attempted hack either 
before the election or at any time, as there was with the voter 
registration databases. But I think the chance that it would be 
successful is down below two. I think vigilance is important 
but it appears that the primary goal here is to disrupt 
confidence in the election rather than actually manipulate 
election results.
    Chairman Smith. So likely attempt, unlikely success?
    Mr. Becker. Correct.
    Chairman Smith. Okay. Dr. Wallach?
    Dr. Wallach. So in the cybersecurity lingo we often have 
this phrase ``advanced persistent threat'' that we use as a 
colloquial way of talking about nation-state adversaries who 
have patience and skills and will take the time, might do 
something years in advance. It's often the case that 
adversaries are present in very secure and highly protected 
networks for months at a time before they're detected.
    So trying to rank these vulnerabilities, I'm going to rank 
them relative to access. I think our voter registration systems 
are most accessible so I'm most worried about them. I'm 
secondarily concerned about the tabulation systems, and then 
I'm concerned about the voting systems themselves, particularly 
the paperless electronic ones.
    Chairman Smith. Okay.
    Dr. Wallach. It's very hard for a remote Internet attacker 
to overwrite printed paper.
    Chairman Smith. Okay. A final quick question, what more 
should the Administration be doing to protect us from foreign 
countries attempted hacking of our election systems? Anybody?
    Dr. Wallach. So I think the short answer is providing 
available expertise and teams to go and do intrusion detection, 
network monitoring, and other appropriate tasks to just go 
looking for it.
    Chairman Smith. Okay. My time is up. Any other quick 
responses to what more the Administration could be doing?
    Mr. Schedler. Well, I think with we should be looking more 
long-term with additional dollars to improve the States' 
machinery or equipment at this time. It's been over ten years 
since we did HAVA funding. And I do want to make one comment. 
As far as Homeland Security assisting us, we already have that 
assistance through FBI and Homeland Security, and you nearly 
asked, you don't have to be a critical infrastructure to get 
that service.
    Chairman Smith. Okay. Thank you.
    The gentlewoman from Texas, Ms. Johnson, is recognized for 
her questions.
    Ms. Johnson. Thank you, Mr. Chairman.
    I take all concerns and challenges over cybersecurity in 
our elections very seriously. At the same time, we face many 
other challenges to ensuring that every vote counts and we 
count every vote. Some of these challenges are the direct 
results of human action such as related to old technology, and 
as we've seen in elections past, we even face risks from 
natural events such as major storms. I'd like each of you to 
comment on how you would rate the current cybersecurity risk in 
our upcoming election as it relates to other issues.
    Dr. Romine. Congresswoman Johnson, from my perspective my 
entire orientation or the orientation of my organization is 
looking at the cybersecurity risks and threats, and so all of 
the other things that you've talked about are really sort of 
outside of our purview with perhaps one exception, which is 
that contingency planning that the States and other 
jurisdictions and the local jurisdictions are encouraged to do 
under the voluntary voting system guidelines can also protect 
again these other kinds of natural disasters and other kinds of 
things that you referenced.
    Ms. Johnson. Thank you.
    Mr. Schedler. Yes, ma'am. I would put that risk again, as I 
indicated earlier, on Election Day very low for the reason that 
no State is on the Internet. I find it difficult to hack 
something that's not on the Internet. All machines are not--
none of the machines are linked together. They're all separate 
cartridges, so they're independent. My bigger concern on 
Election Day would be something of a physical nature, a 
physical threat that would be something much more difficult to 
deal with. And I put that at a very high number.
    But as far as cyber attack other than what's occurred on 
the election side--and again, there's been no change. I think 
that was more of a data collection attempt personally. I know 
in Louisiana if you go--we are an online registration State, 
Ms. Johnson. If you went into my system to change party 
affiliation, address, whatever you may do, you may think you're 
accessing my entire system. You're not. You're in a silo and a 
person behind the scenes drags out that information, 
disseminates it to the local register and puts it in the public 
side, the campaign side, or in the registration side. So if 
someone hacked you, they would only hack Ms. Johnson. They 
wouldn't get the entire list.
    Mr. Becker. Yes, I agree with that. I think, as Secretary 
Schedler noted, election officials are on high alert, and 
they're on high alert not just for this election. They're on 
high alert for every election. And, you know, in many States if 
it's Tuesday, it's Election Day because there are so many 
elections now.
    So not only are they trying to make sure that the security 
of the systems are in place and that the process as a whole is 
secure but they're also doing, I think, a remarkably good job--
probably better than ever before--of balancing that with access 
to all eligible voters to make sure they can have a good 
experience.
    So whether it's more people having access to easy ways to 
register to vote, more people having easy access to voting 
information like things with the GeauxVote app in Louisiana and 
many other States or more voters than ever before having access 
to early voting and mail voting option, I think election 
officials around the country, both Democrats and Republicans, 
are doing a remarkably good job, probably better than ever 
before, balancing out the access and security concerns.
    Dr. Wallach. At the end of the day we need to worry about 
every problem. We have to worry about hurricanes, we have to 
worry about earthquakes, and we have to worry about cyber 
issues and we need to have plans in place to deal with them 
all. And the interesting thing is if you have plans in place 
for an earthquake, the earthquake doesn't really care. It's 
going to happen or not. But if you have plans in place for 
cyber, you can actually dissuade a cyber attack. If your 
adversary knows it's not going to work, then they're not going 
to bother. So I think it's important to do the planning and the 
forward thinking to make this not be a problem in the future.
    Ms. Johnson. Thank you very much.
    Another real quick question--I know my time is running out. 
We would all agree that making it easier to participate in our 
democratic elections process should be a priority. Registering 
to vote and casting a vote shouldn't be an extra burden for 
those who can't leave their homes or for people with three jobs 
and for a family of caregivers. How do we balance our efforts 
to make voting more accessible with the necessity of having 
secure elections?
    Dr. Romine. I'd like to take a slightly different tack. 
We've actually worked with the Election Systems Commission on 
accessibility issues and usability issues with regard to voting 
systems so that people who have physical disabilities, whether 
it's vision impairment or mobility impairment or other things, 
do have access to voting systems that they can also use. And 
one of the advantages of electronic voting systems, as they're 
being rolled out, is that we can improve the accessibility over 
paper and pencil, for example.
    Mr. Schedler. First off, we do have early voting, certainly 
something in the last decade that we didn't have prior to that, 
a paper ballot, relaxed paper ballot laws now. I mean, we all 
remember the days you used to have--almost have to have a 
doctor's note or an airline ticket to be able to absentee vote. 
That's no longer the case across the United States. And we do 
have easy accessibility through nursing home programs, ADA 
compliant with visually impaired and the like. So I think 
there's been tremendous improvements made, and voting is 
probably easier today than it's ever been.
    Mr. Becker. Yes, I think thanks to the efforts of state and 
local election officials all around the country and efforts of 
the Election Assistance Commission and the Presidential 
Commission on Election Administration and many others, voting 
is easier today than it ever has been before. As I noted, more 
people have access to easy voter registration options. Many 
States--20 States, including Louisiana, have joined the 
Electronic Registration Information Center, which allows them 
to keep their voter registration data up-to-date and has 
resulted in registering about a million--almost a million new 
voters.
    More people have access to voting information and 
convenience voting options where they can vote by mail or vote 
early. That trend has been remarkable, and I think we're going 
to see and I hope that we're going to see the benefits of it in 
this election and as it expands in many years to come.
    Dr. Wallach. So we've heard about early voting and Election 
Day vote centers. An interesting thing going on in Travis 
County--it's Austin, Texas--every single precinct can handle 
any voter from the whole county. They did that because of 
redistricting. It was to avoid chaos. But it has the 
interesting benefit that you can vote near where you work 
rather than near your home. So I think that there's a lot of 
opportunity for creative expansion of the availability to vote 
without making radical changes in how we vote.
    Ms. Johnson. Thank you very much, Mr. Chairman.
    Chairman Smith. Thank you, Ms. Johnson.The gentleman from 
California, Mr. Rohrabacher, is recognized for his questions.
    Mr. Rohrabacher. Thank you very much. And thank you, Mr. 
Chairman, for holding this hearing. I didn't expect it would be 
as interesting as it's been, so thank you to the witnesses as 
well.
    Let me just start off with one question in terms of getting 
a sense of information here on one issue the broader issue of 
whether or not the integrity of our voting process and our 
election system will be maintained is really vital to the very 
nature of our country. I mean, this goes to the heart of 
whether or not we are who we say we are. If we don't have an 
election process that has integrity, we don't have an election 
process.
    First let me ask this. How many examples do we have of 
where the Russians have actually--or Russian-based, whoever it 
is in Russia, have hacked in to our election system?
    Mr. Schedler. I know of none. And to be quite honest with 
you, I ask the question to Secretary Johnson of Homeland 
Security, is there an imminent threat known? And his answer was 
no, and that was reported in several news agencies. So I know 
of zero.
    Mr. Rohrabacher. Does anybody disagree?
    Mr. Schedler. I had a request from a Russian Embassy out of 
Houston to come monitor my elections in Louisiana----
    Mr. Rohrabacher. All right.
    Mr. Schedler. --and I would suggest to you if I allowed 
that, I'd be run out of office in Louisiana, but especially----
    Mr. Rohrabacher. Well, the----
    Mr. Schedler. --with the conversation we're having. But I 
know of zero.
    Mr. Rohrabacher. Does anyone disagree with that on the 
panel? Yes, sir.
    Dr. Wallach. So the nature of the threat is that they don't 
want you to see them there, so we can't assume that if we 
haven't seen them, that they're absent. What we do know is that 
we've established motive. The attack on the DNC's email server 
is motive for a nation--it shows that they did it for 
explicitly partisan purposes. And when you combine motive with 
means and opportunity----
    Mr. Rohrabacher. Excuse me. What example was that that you 
just gave?
    Dr. Wallach. Oh, I'm sorry. This was reported in the press 
that Russian state actors allegedly hacked the DNC's email 
server with the intent of releasing emails for partisan 
purposes.
    Mr. Rohrabacher. Okay. But that's not the election process, 
but that is an entity that's involved in elections here so they 
have capability of actually getting into various--whether it's 
Republican, Democrat, or whatever, but actually in the election 
process we have no examples of them actually hacking into the 
system and compromising the integrity of any specific election, 
is that correct?
    Dr. Wallach. The only example I'm aware of happened in the 
Ukraine in 2014.
    Mr. Rohrabacher. Right. Okay.Just to let you know, we have 
seen article after article after article about how Russia is 
compromising the integrity of our election system. And, Mr. 
Chairman, the panelist is just saying that is false and just a 
note.
    For those of us who want our country to be safe but we also 
don't want to just continually vilifying Russia turning them 
into the bad guys. If we're going to have the integrity of our 
system, I think we have to look at home for some of the real 
threats to the integrity of our voting system and whether the--
as we say, the old-fashioned way of stealing elections has been 
around for a long time and we should be insisting that we make 
sure that we don't have people, for example, voting who are not 
eligible to vote because they're perhaps not citizens or here 
illegally.
    We have people who are trying to suggest that we don't even 
have any real demand to identify someone's self whether they 
are here--whether they are actually who they say they are when 
they go to vote.
    So we have a real challenge to make sure our system is, as 
I say, safe from being defrauded because the people of the 
United States, their ballots are being negated by every other 
ballot that's cast is cast by someone who does not have a right 
to vote here.
    Now, with that said, we actually did confront this. 
Congress confronted this whole issue back in 2002 with the Help 
America Vote Act. And just very quickly to the panel because my 
time is running out, that's been around now since 2002. 
Congress passed this act specifically aiming at protecting the 
integrity of our system. Is our system now more or less at risk 
from cyber attacks due to this legislation? And very quickly, 
if we could have the panel answer that.
    Dr. Romine. I think the legislation has improved our focus 
on security issues associated with the voting system. My 
organization has been working in partnership with the Election 
Assistance Commission under HAVA for 14 years to provide the 
best guidance possible to States and municipalities.
    Mr. Schedler. I would certainly echo that comment. And if 
you allow me just to claw back on you previous comment, I mean 
the whole Russian argument has--they've actually accomplished I 
think--even if they're not trying, we've done it for them, 
quite frankly.
    Mr. Becker. Yes, I agree. I think the Help America Vote Act 
has helped improve security since it was enacted, but even more 
importantly, what we've learned since it has been enacted has 
helped improve the security. I think the 2016 election is going 
to be one of the most secure we've seen in recent memory but 
there's no question that I think based on what we're talking 
about here and this discussion and the conversations we're 
having, the 2018 and 2020 elections will be even more secure.
    Dr. Wallach. So HAVA helped us get rid of punch cards and 
helped us get rid of lever voting machines, and that's a good 
thing. HAVA was really two parts. It helped create the EAC, 
which could then help improve standards, and it also helped 
fund the purchase of new equipment. The equipment was largely 
purchased before the EAC standards effort was in action, and I 
think it would be an excellent thing to revisit to get new 
equipment up to new standards.
    Mr. Rohrabacher. All right. Well, thank you very much and 
thank you, Mr. Chairman.
    Chairman Smith. Thank you, Mr. Rohrabacher.
    The gentlewoman from California, Ms. Lofgren, is 
recognized.
    Ms. Lofgren. Thank you, Mr. Chairman.
    It was interesting to listen to my colleague from 
California inquire about the role of the Russians in this 
election. And, I think, you know, the focus of this hearing is 
on the voting systems, but really the question is about the 
election and it's not limited to voting systems. And it's 
pretty clear that the Russians have attacked--have engaged in a 
cyber attack on the DNC and the DCCC. We've received reports on 
that. I thought it was unfortunate that the Republican 
candidate for President either thought it was a good idea or 
was making a joke about it--we don't know which. But this is a 
serious matter.
    What we've been told is not just that the material has been 
taken but that the pattern of the Russians is not just to 
release material but to forge material and to alter it in an 
effort to try and impact outcomes of elections. And that's 
certainly--they have a history of cyber attacks in an attempt 
to discredit Democratic elections in Ukraine, in Bulgaria, 
Romania, the Philippines. So this is something I think we need 
to take very seriously. To my knowledge, this is the first time 
the Russians have actually so boldly attacked a Western 
democracy, in fact the most important democracy in the world.
    Now, I think the focus of this hearing is unduly limited, 
and I agree that a large-scale attack on distributed voting 
precincts is unlikely to succeed, although I do think we've 
underestimated the potential impact of air-gap tabulation 
systems, and I think that is something to be concerned about.
    But the question isn't really whether the actual vote 
tabulations could be altered because I don't think that's very 
likely, but whether chaos could be induced into the system. 
That is the goal of the attack on the Democratic Party, and I 
think it may also be the goal of the cyber attacks on the state 
systems.
    What could be done with this voter information? Obviously, 
there are backups on the database so no one can alter who can 
actually vote. But what would happen if emails were sent to all 
of those voters or are just the Democratic voters telling them 
the date of the election had been changed or their precinct had 
been changed? Wouldn't that create chaos in a system if even a 
small percentage of those voters believed an email misadvising 
them?
    I do think that there's a vulnerability in the overseas in 
system. The House Administration Committee has the primary 
jurisdiction over election systems, and I remember we had a 
hearing talking about our lack of concern, the lack of concern 
that electoral systems professionals had about emailing the 
ballot to overseas voters provided that the ballot itself was 
mailed in. The more we think about it, with these hackings, if 
you altered the ballot on the email, you would again create 
chaos in the electoral system.
    So I think that's really the goal here is not necessarily 
to impact the tabulation, although there may be efforts to do 
it, but to create long lines if people go to the wrong places 
to create chaos and to attack the faith and the confidence that 
the American people have in their elections systems through 
long lines and all sorts of mischief.
    I do think that to downplay the role that the Russians have 
had in this is a huge mistake when you take a look at what they 
did to the DNC and the DCCC. And I'll just close with this. I 
do think that it's been disappointing. The reaction has been 
disappointing that if you attack one of the major political 
parties, somehow that's okay if it could be to your advantage.
    I like to think if the Russians had attacked the Republican 
National Committee the Democrats would be as outraged as 
Republicans because it's an attack on America. It's not an 
attack on a party. And the fact that there hasn't been outrage 
expressed at all levels of both parties about the effort of the 
Russians to disrupt this election is--it's sad commentary on 
leaders of that party and it also is very chilling when you 
think about what could happen come this November.
    And I see that my time is expired. I yield back, Mr. 
Chairman.
    Chairman Smith. Thank you, Ms. Lofgren.
    And the gentleman from Louisiana, Mr. Abraham, is 
recognized for his questions.
    Mr. Abraham. Thank you, Mr. Chairman. And we'll get back on 
track here.
     Secretary Schedler, let's go to the 30,000 foot view. In 
your opinion is the integrity and the security of the voting 
systems in all States--you being the past President of the 
Secretaries of State, you have I think some knowledge of the 
subject. You think it's good, bad, average?
    Mr. Schedler. Congressman, I would say it's good. I mean, 
we did a survey before this hearing and we got a response from, 
I think, 19 of 20 States to try to ascertain that. Aside from 
my knowledge from serving, and I don't profess to be an expert 
on every state system, but there's a lot of similarities, 
there's a lot of differences in the States and that's what 
makes it so unique. But I feel very comfortable again--and the 
representative from California who appears stepped out.
    Keep in mind the Democratic National Convention, the 
component that was hacked was the campaign side of it. Each and 
every one of us like me is elected. All of you have used a 
campaign commercial list to determine a mail issue, a walk list 
in a neighborhood, whatever it may be. Those are readily 
accessible. I'd sell you mine. If you know me well enough, I 
might give it to you.
    But that is vastly different than the registration 
component and certainly vastly different than the Election Day 
component of equipment. So I think you have to understand that 
forefront to get into this subject. There's no one minimizing 
what happened with the Democratic National Convention. I know I 
have and I know with one of my colleagues, and that makes no 
difference if you're in a red state, blue state, or purple 
state.
    But the bottom line is maybe it's just our knowledge of the 
system that gives us this feeling of somewhat--not 
overconfidence because I think this is a good thing that we're 
going through, but we all remember the year 2000 when the world 
was going to end at one second after midnight. I'm still using 
batteries my wife bought for that event. That does not mean 
that we did not have reason to believe with studies and we 
should have been prepared. We went through that gyration. Or 
when a ballgame--when the scoreboard goes out on a football 
game, if you're sitting in the stands, you know what's going 
on. And guess what? There's other people taking track of those 
statistics at that same time.
    It's the same with election systems. If one component goes 
down, we have various components that come in and--it may delay 
it some but it doesn't create a nuclear war.
    And I can't speak to what happens in the Ukraine. I can 
only speak to what happens in the United States, and I'll tell 
you, the election system in the United States, just like many 
other things in this country, in spite of maybe what we think, 
is the best system in the world. Is it fool-proof? Absolutely 
not.
    And I'd also tell you there's no such thing as a perfect 
election. Anybody that tells you that don't know what they're 
talking about because anytime you've got 10,000 machines at 
play and 15,000 people from 65 to 90 years old, things are 
going to happen. It's how you handle that. It's how you 
document that and move forward.
    So I'm very confident in it with caution lights on. And 
there's no disrespect to anyone who believes otherwise. We're 
looking at it. It's forced us to do so. But I am deeply 
concerned, and I can speak to my Democratic colleagues and my 
Republican colleagues that have been on conference calls over 
the last several weeks with this issue. We are in unison. This 
is the worst situation we could be talking about as we enter 
this election. We've been going through a chaotic convention 
process. We have voters who are more disgruntled than ever. And 
we are adding to that participation rate in a very negative 
fashion.
    And I feel very comforted in saying that I speak for all of 
my colleagues that we are deeply concerned with the rhetoric 
that's going on right now from the national press, and we're 
not trying to minimize it. We're double-checking, but there's 
little that could be done in eight weeks, little. We just need 
to stay the course, have confidence in what we're doing. And 
again, I'm very confident that on November 9, you're going to 
wake up and you're going to have unofficial result of who won 
the President of the United States because keep in mind it's 
unofficial. We go through that audit in every county, every 
parish, every State postelection before it becomes official and 
you go to your electoral college.
    Mr. Abraham. Thank you.
    Mr. Schedler. Thank you.
    Mr. Abraham. I'm out of time, Mr. Chairman. Thank you.
    Chairman Smith. Thank you, Mr. Abraham.
    And the gentlewoman from Oregon, Ms. Bonamici, is 
recognized for her questions.
    Ms. Bonamici. Thank you very much, Mr. Chairman. Thank you 
all for your testimony.
    Mr. Becker, you said in your testimony you emphasize that 
voters should feel confident in our voting system, and we 
certainly have heard a lot of messages about the importance of 
that confidence here today and how it will lead to greater 
participation, and certainly that's good for democracy. I think 
just getting the information out to the public that the voting 
machines themselves are not connected to the Internet is going 
to help. I think there's a misconception about that.
    Well, I'm from Oregon, and we all vote by mail in Oregon. 
We've done that for more than a decade. It's a very secure 
process. It also makes it very easy for Oregonians to vote. The 
Secretary of State's office mails paper ballots to each and 
every registered voter a couple of weeks before the election, 
along with a voter's pamphlet with all the information about 
the candidates and the initiatives on the ballot so Oregonians 
have plenty of time to not only study the issues but then fill 
out their ballots and get them back in to be tallied by the 
local election offices.
    And there are privacy and security measures at each step of 
the way. I was a trained election observer years ago and it 
gave me a lot of confidence to see each step of the way and to 
watch that tally happen at the elections office.
    So I wanted to ask you a little bit about are there lessons 
to be learned from a State like Oregon that does use vote by 
mail with a paper ballot for everyone and really with a focus 
on the two different issues, there's the voter records and then 
there are actually what happens at the--with the ballot and the 
tally, the voting machine, if you want to talk a little bit 
about the lessons that can be learned from that system.
    And then I also want to ask, Dr. Romine, I know NIST has 
mostly concentrated its work to date in standards development 
for the actual voting machines, but you're now, I understand, 
working to identify systems dealing with the voter registration 
systems. So--and just before you respond, both of you--I know 
Dr. Wallach mentioned something about the possibility of this 
selective disenfranchising of voters by deleting them from the 
database. It's really easy in Oregon for anybody to check 
whether they're still in the database, and getting the ballot 
early means that there would be an early notice that, well, 
maybe there was a problem assuming that somebody did get 
through a very secure system.
    So, Mr. Becker, do you want to start and then Dr. Romine?
    Mr. Becker. Sure. Thank you. The--you know, of course 
Oregon and Washington have had long-time success with mail 
balloting in their States, and there are lessons that other 
States are learning from that. Not every State is the same, and 
other States have reached different decisions about their 
population of that, and that's entirely appropriate.
    But States like California and Arizona and some other 
Western States offer the option of becoming a permanent mail 
voter, which you have to check a box, but after that you'll 
receive a ballot for every election. And I think very 
interestingly, Colorado has experimented with a model--actually 
has put a model in place that--California just passed a similar 
bill that is a hybrid of sorts where every voter gets a mail 
ballot, but they can choose to mail that ballot in, drop that 
ballot off at a drop site, go in for early voting at a vote 
center as Dr. Wallach mentioned, which is they can go to any 
one within the county or they can even go on Election Day to a 
vote center and vote anywhere within the county. And they've 
seen some pretty strong initial successes there. So I think 
we're----
    Ms. Bonamici. But just to--I don't mean to interrupt, but 
just to clarify, in Oregon if somebody wants to go vote at 
elections--at the elections office on elections day, they can 
do that. They can stand in the booth there and vote. Anybody 
can do that.
    Mr. Becker. Absolutely.
    Ms. Bonamici. Most people don't because it's much easier to 
mail it.
    Mr. Becker. Right, and I think like--I think the States are 
learning from that experience and are trying to figure out 
what's best for their State based upon the successes that 
Oregon and Washington and Colorado and other States have seen 
with their particular systems.
    I think also, importantly, you brought up the note between 
the voter registration systems and the voting machines and 
tabulation devices themselves. And I think particularly with 
mail voting it's very important because the voter lists are the 
way to deliver a ballot to someone because that's the list that 
generates the mailing to the voters. Of course, in States where 
they don't get ballots it's not that voters don't receive 
something else. They're usually receiving a card that's a 
reminder.
    To the question earlier about chaos, which I think is a 
very important question, I think there's been a lot of work, 
contingency plans put in place by States to avoid chaos just in 
the last 10 to 15 years. One thing that's true now is 
particularly for Presidential election it's going to be very 
hard to avoid information about when the election is and what's 
going on. In fact, I'm guessing a lot of people right now would 
like to get away from information about the election.
    So whether it's the work that Facebook is doing pushing 
information out about it's Election Day, click here to find 
your polling place, whether it's the work Google is doing the 
same way, whether it's the work of many other tech partners and 
States are doing partnering with those entities to make sure 
that information gets out, that's all a great protective 
measure to ensure that if a voter does experience a problem or 
might--think they might experience a problem, they can in 
advance go and make sure that they're getting the right 
information.
    Ms. Bonamici. Thank you. And, Dr. Romine, if you could 
briefly tell us what NIST is doing with regard to the actual 
voting machines now.
    Dr. Romine. I think your question involved the whole 
lifecycle now from registration all the way through guidelines 
for the voting systems. The voluntary voting system guidelines 
that we work in collaboration with the EAC on involve the 
voting systems themselves, but I think we have a decades-long 
history of security as a management of risk exercise, and I 
think the States have taken that very seriously. Our 
interaction with the EAC and with election officials in the 
States suggests that they are managing risk to the voting 
systems and to the registration systems in a way that 
incorporates the best practices that NIST has been promoting 
for a number of years.
    Ms. Bonamici. Thank you. I see my time is expired. Thank 
you, Mr. Chairman.
    Chairman Smith. Thank you, Ms. Bonamici.
    And the gentleman from Georgia, Mr. Loudermilk, is 
recognized for his questions.
    Mr. Loudermilk. Thank you, Mr. Chairman, and thank all the 
witnesses for being here today, a very important issue.
    And rightly, we should be concerned about the integrity of 
our election system because we're only as good as the integrity 
of the selection system. After spending 30 years in the IT 
business, this is something that is very important to me and an 
area that I do understand at least from the technological side.
    Another area that I think we have to be very conscious of 
is the federal involvement because typically whatever we get 
involved with doesn't run as well as if a State is doing it 
themselves, so I want to be very conscious of whatever role the 
Federal Government plays is very limited to--especially in an 
authority stance.
    But I do understand that we do have some things that we can 
do as far as setting recommended standards, but recently, the 
Secretary of Homeland Security has reported saying that DHS is 
considering whether the state electoral apparatus should be 
designated as critical infrastructure. Dr. Romine?
    Dr. Romine. Romine.
    Mr. Loudermilk. --Romine, is this appropriate that--in your 
opinion?
    Dr. Romine. Well, that's a policy decision that's way above 
my pay grade so I don't have any input that I can provide you 
for that.
    Mr. Loudermilk. Well, I mean, do you have any idea what the 
benefits or the disadvantages would be of declaring these as 
critical infrastructure?
    Dr. Romine. I can't speak to that. I know that NIST 
provided a significant benefit in partnership with the private 
sector on the development of a cybersecurity framework for 
improving the cybersecurity of critical infrastructures that 
has received a lot of attention and a lot of accolades. But 
that's not limited to critical infrastructures. Any 
organization of any size in any sector is free to adopt that 
framework.
    Mr. Loudermilk. So you are working with DHS to help the 
States understand the critical nature of their electoral 
systems or----
    Dr. Romine. Absolutely. We're partnering with DHS and with 
the Department of Justice on trying to understand how we can 
ensure widest dissemination of best practices to the States and 
municipalities. And as was mentioned earlier, request to DHS 
for assistance is not predicated solely on whether you are 
designated as a critical infrastructure. That request can be 
made without that designation.
    Mr. Loudermilk. This includes cyber hygiene?
    Dr. Romine. My understanding is it includes request for DHS 
to do scanning of systems, for example, but only upon request.
    Mr. Loudermilk. So that would be voluntary? It'd be like a 
stress test on their system?
    Dr. Romine. It would be----
    Mr. Loudermilk. Are we applying lessons learned from the 
Presidential Commission on Enhancing National Cybersecurity in 
making these recommendations for the States?
    Dr. Romine. So the Presidential Commission on Cyber 
Security has not yet reached the stage of finalizing the 
recommendations, so those are not being incorporated in these 
guidelines. And I would put it sort of in the reverse in the 
sense that the commissioners are actually taking a look at best 
practices out in the field and discussions with the IT industry 
and with stakeholders around the country to try to develop the 
best possible recommendations for the benefit of this 
Administration and the next.
    Mr. Loudermilk. So NIST's stance on this is to work within 
the framework of the Federal Government to come up with 
recommendations that the States may or may not implement and 
with flexibility to where they can be customized to the States' 
individual networks?
    Dr. Romine. That is correct.
    Mr. Loudermilk. Secretary Schedler----
    Mr. Schedler. Yes?
    Mr. Loudermilk. --how do you feel about that?
    Mr. Schedler. Well, I do not think critical infrastructure 
is needed at all. I mean, as was indicated by Dr. Romine and I 
did a little bit earlier, we can go to Homeland Security now, 
we can get those tests by FBI. We have a committee--matter of 
fact, your Secretary of State Brian Kemp, who has been very 
active in this whole process with several of us, is one of the 
committee members that we've appointed from NIST to serve on 
the Homeland Security Committee and to do best practices and 
the like.
    So most States are cooperating with their local FBI agents 
when needed, and you know, again, I don't mean to be flippant 
but do we really want to create a new TSA for elections in this 
country or a new Postal Service? I just don't think we need 
that. The Constitution says very vividly that it's up to the 
States for the time, place, and manner in which we conduct 
elections.
    It is a constitutional issue, and I understand that from 
the rhetoric that's not the intent, but to go and put the 
national elections on par with the banking system and the 
electrical grid, in my point--in my position is way overreach, 
unnecessary, and we can accomplish the same goals. It's not 
that we don't want their support and assistance when we need 
it, but we can accomplish that in a far less intrusive way, I 
think, if we just keep things on pat now.
    And again, I think the answer is part of new equipment, new 
HAVA dollars, whatever it may be to improve these systems. 
We're working on trying to get a system where you can vote 
anywhere in the State, just like was represented earlier.
    So critical infrastructure would be an absolute--and I 
think I speak again for--I don't know of any Secretary of State 
that's voiced an opinion that they want to be part of that.
    Mr. Loudermilk. Do you feel what NIST is doing is 
beneficial to you?
    Mr. Schedler. Yes.
    Mr. Loudermilk. Do you feel in any way that what's 
happening right now is a camel nose under the tent?
    Mr. Schedler. No.
    Mr. Loudermilk. Okay. All right. Thank you. I yield back, 
Mr. Chairman.
    Chairman Smith. Thank you, Mr. Loudermilk.
    And the gentleman from New York, Mr. Tonko, is recognized.
    Mr. Tonko. Thank you, Mr. Chair. And welcome to the 
panelists, and thank you for your information.
    Mr. Becker, the 2014 Presidential Commission on Election 
Administration recommended that audits of voting equipment be 
conducted after each election as part of a comprehensive audit 
program. According to verified voting, approximately 3/4 of 
voters in November will be using voting machines with a paper 
record of their vote. And I'm--just share a concern perhaps 
about the potential for mishaps or potential hacking for the 
voting machines with no paper trail. Can you please describe 
the role auditability plays in elections and the impact 
individual voters casting their vote?
    Mr. Becker. Yes, thank you. So in--we--of course, 
auditability is important. If--it's very helpful when there is 
a permanent record created that should a count need to be 
reviewed for some reason--and in fact there's a process in 
place to discover even if you're not sure whether the count 
needs to be reviewed that you can discover that, and that's 
what a good postelection audit does.
    In 2014, about 32 States offered--had a requirement for 
postelection audits. You know, I'll be honest. Some are better 
than others. There's very good standard practices where States 
pick random precincts across the State and check the paper 
count against the electronic count. There's even something 
called a risk-limiting audit where you escalate the number of 
ballots you have to count to ensure the result as the election 
gets closer, and these are practices that are put in place in 
many States.
    What we are seeing is that it is easier to audit a system 
when you have a permanent record, a paper record that the voter 
has reviewed, and more voters are going to be voting on paper 
than we've seen since HAVA was enacted. States like Maryland 
and Florida, which had used paperless direct recording 
electronic devices, have switched. I believe this is actually--
I'm a Maryland voter, but I--this is the first Presidential 
election since the passage of HAVA where Maryland will be using 
a paper ballot that's read via optical scan.
    I've recommended for years--and States along with the 
Presidential Commission--that postelection audits are a good 
idea, and having a system that allows for full and transparent 
postelection audits and paper right now appears to be one of 
the best systems for that, affords the best opportunity to 
ensure that the election results are--do reflect the will of 
the people.
    Mr. Tonko. Thank you. And, Secretary Schedler, would you 
please describe what you have in place in Louisiana in terms of 
postelection auditing, and how would you rate other States 
overall?
    Mr. Schedler. Well, we do have a post-audit function. Now, 
we do not have a paper ballot system after we are looking at 
that when we go out for RFP next year on a new system, but we 
do--of course, our screen under HAVA does--after you complete 
voting, it pops up and gives you everything of who you--every 
person you voted for, position you voted for. They give you one 
more opportunity to rectify that if you want to change it or 
there was an error.
    What we see a lot on highly sensitive machines is an 
elderly person may be dragging their hand and it inadvertently 
hits the button below or a lady with long fingernails, 
sometimes it will have a problem, but you do have the 
opportunity to rectify that. But we do audit after every 
election. We audit at the end of each day on early voting to 
ascertain the correctness of the vote and basically balance the 
balance sheets so to speak so----
    Mr. Tonko. Right. And so you--there are the paper ballots 
that you're devising an audit process for?
    Mr. Schedler. That is correct.
    Mr. Tonko. What are some of those factors in that audit 
that you absolutely see essential? What--have you looked at 
other States and what they might be doing or----
    Mr. Schedler. Right. We've actually gone out to Denver. The 
county of Denver has a very similar situation that is now being 
used in California and other States with the paper ballot where 
the majority of folks actually want to bring that ballot in and 
put it into a box so to speak at a site. So we've looked at 
that system.
    We've looked at the printing of a paper ballot instead of 
on the screen that would go into a locked box. I would be 
personally against that voter taking that ballot out of the 
precinct. I think there's one State that does that.
    But overall, to answer your question, I mean I think the 
systems are sound, but everyone has to remember every State is 
different, and that--I think that's the uniqueness of the 
system, a lot of similarities, but each State is very unique in 
the way they do their elections. Some may have a week of early 
voting, some may have 30 days. Some States have no early 
voting, and that is the prerogative of that State.
    Mr. Tonko. Thank you very much. Mr. Chair, I yield back.
    Chairman Smith. Thank you, Mr. Tonko.
    Mr. Davidson is recognized.
    Mr. Davidson. Thank you, Mr. Chairman.
    Dr. Wallach, your testimony addresses the possibility of 
inserting malware into voting machines themselves. Can you 
elaborate on how malware could be loaded onto machines that are 
not connected to the Internet and further explain what it means 
that each and every single voting machine has to be 
manipulated? Or is there a different way where you could just 
hack one machine and that would transmit a bug to other 
machines in the precinct, again, even though they're not 
connected to an Internet?
    Dr. Wallach. Sure. So before we had an Internet, we had 
computers with floppy drives and there were computer viruses 
that could spread from one computer to another over floppies. 
Electronic voting machines, some of them use memory cards, some 
of them have these big battery packs, some of them have local 
area networks.
    Studies conducted in 2007 by the State of California State 
of Ohio, State of Florida found security vulnerabilities that 
could take advantage of these to engineer viruses where one 
compromised voting machine could then infect eventually the 
entire fleet of machines for an entire county.
    Mr. Davidson. Okay. So, you know, it's accurate to say that 
just because something is not connected to the Internet, it 
does not have vulnerability to cyber attack?
    Dr. Wallach. Being disconnected from the Internet helps, 
but it's not a panacea.
    Mr. Davidson. Okay. Perhaps as Secretary of State, Mr. 
Schedler, you could talk about--I spoke with our Secretary of 
State Husted about their protocols, but perhaps you could 
elaborate on how do your procedures protect against that risk 
should something like that occur?
    Mr. Schedler. Well, I think it's important to remember 
that, you know, we never link machines together. I know that 
some new systems that are being touted like a Wi-Fi and if you 
had a multiple-precinct site where you have a Wi-Fi, now that 
to me is a little scary.
    But when you consider the concept of each individual 
machine has a cartridge that's delivered by my office--now, 
we're a top-down system. We're not by county in Louisiana so we 
are vastly different. But--two or three days before, we 
literally deliver all the cartridges for all 10,000 machines to 
the various parishes, counties, to the clerk of court. The 
morning of the election--and we--when we deliver a secure 
laptop that is our equipment, it's not used to go shop on 
Amazon or anything else.
    And the morning of the election the commissioner in charge 
for that precinct picks up those cartridges and puts that 
cartridge individually into the machine, turns the machine on, 
and at the end of the night that cartridge is retrieved. It is 
driven back to the clerk of court with a sheriff's escort 
usually, and it's imported into that laptop. And it is on a 
closed-circuit line sent to my office in Baton Rouge.
    Mr. Davidson. Okay.
    Mr. Schedler. So, I mean, it is a little bit different, but 
to my knowledge no State interlocks machines so the concept of 
getting into one machine with one cartridge and you 
miraculously change all 10,000 across the State is ridiculous 
because you'd have to go into each machine individually and 
you'd have to have the programming.
    Mr. Davidson. Right. So in your system you have one card. 
Ohio system is similar. You have one card goes to one machine.
    Dr. Wallach, you mentioned a case study in Ohio. Perhaps 
you could elaborate on what that real vulnerability is.
    Dr. Wallach. Right, so the study in Ohio was called 
Everest, I believe. The similar study in California was called 
the Top-to-Bottom Review. I was part of the Top-to-Bottom 
Review. And each of these studies found ways that regular poll 
workers and election officials going through their standard 
procedures and standard operations could unwittingly be used to 
transmit viruses from one machine to another through the 
motion--typically, at the end of the Election Day you move a 
memory card through each of the machines in the precinct, and 
that's to collect the vote totals. That process can spread a 
virus. And there are other processes. The details vary from 
machine to machine.
    Mr. Davidson. Would a centralized federally controlled 
national voting infrastructure increase or decrease that risk?
    Dr. Wallach. That depends how it was built. I've been 
working with Travis County on trying to design something new 
where this wouldn't be a problem. The system that Los Angeles 
County is working on, this wouldn't be a problem. The reason 
why is because they generate paper backups--or rather paper 
ballots, which could then be audited against any electronic 
results.
    Mr. Davidson. The machine itself has memory, the card has 
memory, and it prints a roll tape that stays secure inside the 
machine and you can audit any one of those, so it's a good 
system in Ohio. It's been tested a lot. And Ohio will likely be 
front and center again in this election.
    Dr. Romine----
    Dr. Romine. Romine.
    Mr. Davidson. Romine, sorry. You stated in your written 
testimony that the NIST voting programs partnered with the AC 
to develop the science tools and standards necessary to improve 
accuracy, reliability, and usability and security of voting 
equipment used in federal elections for both domestic and 
overseas voters. How do you measure these improvements? How do 
you quantify them? Are there qualitative, quantitative 
measures?
    Dr. Romine. There are both. I don't have the details today 
on exactly the measurement of those improvements. I'd be happy 
to provide those to you. I think the issue, to a large extent, 
has been listening to the accessibility community. The human 
factors research that we've been able to do demonstrates 
certain kinds of changes that can be made to improve the 
accessibility and the usability of electronic voting systems, 
and we've documented those in various reports. I can give you 
pointers to those reports for the way in which those systems 
have been improved.
    Mr. Davidson. Okay. Aside from identity theft--my 
apologies. My time is expired.
    Chairman Smith. Thank you, Mr. Davidson.
    And the gentlewoman from Maryland, Ms. Edwards, is 
recognized.
    Ms. Edwards. Thank you, Mr. Chairman. And thank you to the 
witnesses. I apologize I had to step out for a bit, but I came 
back because this is a really important subject to me.
    I just want to be clear--and a yes or no answer from each 
of the witnesses would really help. Is it your--do you concur 
in the belief from the Department of Homeland Security that it 
was Russian state actors who hacked into both the Illinois--or 
attempted Arizona and also the party hacking that occurred 
earlier in the year? Dr. Romine?
    Dr. Romine. I have no information on that other than what's 
in the press.
    Ms. Edwards. Secretary Schedler?
    Mr. Schedler. Well, I mean the only thing I know of the 
Russian is the DNC issue. I don't know if they've ever 
determined where it came from in Arizona or Illinois.
    Ms. Edwards. Thank you. Mr. Becker?
    Mr. Becker. Yes, I don't have any specific information. 
I'll defer to the national security professionals on that.
    Ms. Edwards. And you believe they're capable of making that 
determination based on the signature or whatever?
    Mr. Becker. I can't answer that without knowing the 
information they have. I don't have any information to the 
contrary to support it.
    Ms. Edwards. Thank you. Dr. Wallach?
    Dr. Wallach. I only know what I've read in the press.
    Ms. Edwards. Thank you. And, Dr. Romine, in fiscal year 
2016, NIST received about $1.5 million in appropriations from 
the EAC. That is down from your budget of, I think, about $2-3 
million in the previous couple of fiscal years. Do you think 
that that's sufficient for you to be able to provide the kinds 
of certifications that you need of election systems?
    Dr. Romine. So let me clarify by saying NIST doesn't do 
certifications of systems. We do provide support through the 
development of guidelines in partnership with the EAC, and we 
also provide assistance to the EAC in the voluntary laboratory 
accreditation program the testing laboratories that do test 
equipment for certain--some States who choose to do that.
    Obviously, the--you know, the truism you can do more with 
more, but we believe that the current budget that we're 
receiving is adequate for us to continue to provide expert 
advice in security and interoperability for voting systems.
    Ms. Edwards. Thank you. And, Mr. Becker, in--you--in part 
of your testimony you indicated that the--I think it was your 
testimony that the technologies that we're using for these 
voting systems is now about a decade old for an awful lot of 
these systems. Can you share with us what you believe, if 
you've analyzed it, what would need to be an updated version of 
HAVA that would enable us to keep--to really keep track with 
the technology developments?
    Mr. Becker. Yes, and I think that might have been Dr. 
Wallach who said--who made one of those points. The--of course 
the--there is a rash of bought purchasing new equipment right 
after HAVA passed with a funding model that came through as a 
result of that. We've already seen some States like our State 
of Maryland and like Florida go to a second system after using 
the HAVA dollars.
    I think in talking with the States there is a great desire 
to be able to leverage new technologies that will improve 
access, as well as the integrity of the systems, that will also 
be cheaper to maintain and that--I don't have a specific dollar 
figure. If we were to replace all these systems nationwide, 
it's definitely in the billions.
    But, you know, to build--to encourage systems that are more 
component-based that use more off-the-shelf components that are 
easier to swap in and out so that you don't have a system that 
has a 10-year-old touch screen that you can update the touch 
screen as--with just the touch screen as it happens, I think 
that be a huge advantage to election officials. And if they had 
resources to do that, I think you'd find them doing some really 
exciting things.
    Ms. Edwards. And, Dr. Wallach, because--I apologize. That 
was your testimony.
    Dr. Wallach. Sorry. No problem. Part of what--so I've been 
working with Travis County for four years now on trying to 
design a better voting machine, and very much our intent is to 
use off-the-shelf hardware with custom software to the extent 
that we can for exactly that reason. When you buy a giant touch 
screen computer from Hewlett-Packard, Dell, insert your 
favorite tech company, you can get cheaper warranty support, 
you can replace the machines whenever you need to, and that 
helps reduce your maintenance and ongoing support costs.
    Ms. Edwards. Doesn't it increase your vulnerability though?
    Dr. Wallach. Not necessarily. The design of these systems, 
first and foremost, produces a printed paper ballot. So no 
matter what goes wrong with the computer, you have these 
printed paper ballots that the voters can see and verify. And 
everything else on top of that is gravy.
    Ms. Edwards. Thanks. And then just as a conclusion, I want 
to thank Secretary Schedler because I think in your testimony 
you indicated that the Secretaries of State across the country 
have great confidence in this election, and I think that's an 
important message to convey to voters so that we can make sure 
that we don't, with all of this talk, depress voter turnout. 
And so thank you very much for your remarks.
    Mr. Schedler. Yes, ma'am. I appreciate that. And I know I 
speak for all of them. We're very concerned about the rhetoric 
at this time.
    And if I could just add on the cost issue, I do have just 
on Louisiana, currently, we have roughly 10,000 voting machines 
that cost roughly or did cost $5,200 each on under HAVA so 
that--to replace those by today's dollars, if you could get the 
machine--which you can't--$152 million.
    If we went to a system similar to what Mr. Becker just 
indicated to you--and I'm overly simplifying an iPad concept, 
whether it be proprietary or store-bought, less than $300 each. 
Now, you do need two to three per machine so the hardware costs 
for us in Louisiana, $152 million on the replacement if you 
could get it, roughly $50-60 million, 1/3 of the cost. And 75 
percent of it is in the programming cost. The hardware is only 
10 or $11 million.
    Chairman Smith. Thank you, Ms. Edwards.
    The gentleman from Illinois, Mr. LaHood, is recognized.
    Mr. LaHood. Thank you, Mr. Chairman. I want to thank the 
witnesses for being here today.
    In my State of Illinois we've had a lot of changes in the 
last several years. We now have same-day voting registration, 
40 days of early voting, extended grace periods, absentee 
voting has a lengthy period of time. And couple that with some 
of the issues we've had particularly in Chicago over the years 
with issues related to voting there, I guess in terms of 
educating poll workers or training poll workers or election 
judges and looking at methods, particularly as it relates to 
the integrity of voting on Election Day and as we look at 
potential hacking of machines, I mean, is there a good model 
out there that has worked in terms of how we educate folks that 
are there at the polls?
    I'll also mention in a prior life I was Assistant State's 
Attorney in Cook County in Chicago. On Election Day, we would 
go out as prosecutors and be there at the voting booth. And a 
lot of times we didn't know what we're looking for or what we 
were supposed to be doing.
    And I guess, Secretary Schedler, can you maybe shed a 
little light on examples of what we need to be doing in terms 
of educating and working with our folks that are at the polls 
on Election Day?
    Mr. Schedler. Well, training is paramount. That came out in 
the Presidential Commission to all Commissioners or poll 
workers, whatever you want to refer to them as. We do a strong 
education component at the clerk's level. We assist with that. 
We have a very unified videotape that we use so we have 
consistency across the State. But we do heavy training and 
certification, and we require them to get certified annually. I 
think that's a huge benefit because the better trained, the 
better experience you're going to have on voting day.
    We also use people in voting lines, especially at larger 
precincts for questions or promoting that GeauxVote app where 
you could let individuals take a look at a mock ballot and 
actually mock vote that ballot on that phone to use as a guide 
to shorten lines and have a better experience in the voting 
booth.
    And the other thing that to me is a strength of poll 
workers and your voting boards in counties in regards to the 
subject we're talking about today, we all know our poll 
workers. They've been there a long time in most cases, great 
Americans. They do it for love of country, love of the 
experience. They don't do it for the money, that's for sure. 
And if you could just think about the greatest deterrent is 
that both Democratic, Republican poll workers together, do you 
realize if someone was going to affect an election, they'd have 
to go against that 80-year-old lady that's been there 30 years? 
I don't think that's going to happen whether they're Democrat 
or Republican.
    And to me that's one of the hidden jewels in our system, 
whether you have the best state-of-the-art equipment or 
whatever we have, you've got people on the ground with two eyes 
and they're looking at the process. They know the process. And 
to me that's the strength of the American system at its core. 
And it's really fundamental. It's the same way we did it 240 
years ago. And I just think that that's something that we need 
to recognize in this whole debate.
    Mr. LaHood. And just as a follow up on that, the level of 
what you go through in Louisiana, are you confident that that 
type of education and training is consistent across the 
country?
    Mr. Schedler. That I couldn't speak to. I think it's 
dominant across the country, but I wouldn't say every State 
does it that way.
    Mr. LaHood. And, Dr. Wallach, with all these changes we've 
seen recently with voting and how we vote--and I went to the 
litany there--what is the future of voting look like?
    Dr. Wallach. Well, I think what we've learned today is all 
the 50 States will be voting differently, and it's hard to make 
a broad-brush statement. I think that there will be a lot of 
hand-marked paper ballots scanned by machines. There will be a 
lot of computer-assistive technologies available, and there 
will be some States that are voting by mail and that's okay.
    Mr. LaHood. Thank you, Mr. Chairman.
    Mr. Babin. [Presiding] Thank you.
    I now recognize the gentleman from Virginia, Mr. Beyer.
    Mr. Beyer. Thank you, Mr. Chairman.
    Mr. Becker, I think in your comments you stated and wrote 
that there are 20 States in this Electronic Registration 
Information Center that you helped found. Why not 30? And then 
how do we motivate the other 30 to be part of it? And is there 
any suggestion that we'd ever require that?
    Mr. Becker. I feel like I planted that question with you, 
and just for the record I--we've never talked about this 
before.
    So the Electronic Registration Information Center, ERIC, is 
a data center that States voluntarily choose to join, and they 
share information so that they can identify when a voter record 
is out of date so they can notify that voter, make sure that 
voter gets the right information at their new address and also 
reach out to all the people who are eligible to vote but aren't 
yet registered and direct them to the easiest way to register. 
It was founded in 2012 with just seven States, so it's only 
four years old, and now 20 States plus DC. are in it so I think 
that's pretty good for a--you know pre-K 4-year-old.
    But certainly, you know, we are working very hard with the 
States that are already in it, including Virginia, who was one 
of the founding members, to see more States join. And as the 
word gets out, States like Virginia and Louisiana and many 
other States are spreading the word that this is helping them 
keep their voter rolls up to date and, in turn, what that's 
doing is actually reducing costs and increasing integrity 
because they're not sending mail out to people who no longer 
are there.
    The Presidential Commission on Election Administration, of 
course, did recommend that States join systems like ERIC, and 
that has been a tremendously positive influence. And I think by 
the time we get to the 2020 election I think we will be at more 
than 30 States, as I've talked to other States around the 
country.
    Mr. Beyer. Great. A parallel question for Dr. Wallach. In 
Mr. Becker's testimony, he talked about how the postelection 
audit requirement that mandates States match paper to digital 
is only 32 States doing this right now. And you wrote the mere 
possibility of a recount or audit of the paper ballots acts as 
a deterrent, dot, dot, dot. So what do we need to do with the 
other 18 States that don't have this post-audit reconciliation 
of paper and electronic?
    Mr. Wallach. Well, I'm certainly a big fan of reconciling 
paper and electronic records when you have both. Many of the 
States, that's not an option because you don't have paper 
records like, for example, the entire State of Georgia votes 
entirely on electronic machines without any paper records. So 
there's no way to do a meaningful audit. I would love to see 
the sun-setting of those machines and replacing them with the 
next generation of machines that will have paper.
    Mr. Beyer. There was the mention that we have $396 million 
of authorized but un-appropriated HAVA money. Is that enough to 
replace the old machines, the bad machines?
    Dr. Wallach. I'm not sure. If we could do it on a 
shoestring or if we'd do better to spend more money and do it 
properly. I don't have a good answer for you today.
    Mr. Beyer. Thanks. Many of you wrote about how the machines 
aren't connected to the Internet. So, Secretary Schedler, if 
they're not connected to the Internet yet, Dr. Wallach pointed 
out that they are at the time of initialization and tabulation. 
I think someone else pointed out that they're usually connected 
to the voter databases, you know, 365 days a year. So how--is 
that actually a strength that we can talk about that we're not 
connected to the Internet, or are those holes at initialization 
and tabulation----
    Mr. Schedler. I would think it's a strength because, as I 
look to the--I mean, people--the most common question asked of 
me is, Secretary Schedler, when are we going to be able to vote 
on the Internet? And my answer is I hope never because the 
world is evolving and we see it. I mean, the Department of 
Defense gets hacked into. Everything gets hacked into. And 
that's why I'm so adamantly--I want to keep it with the States 
to decentralize it, make it much more difficult. But the day we 
go on the Internet, all bets are off as far as in elections.
    Now, I want to caveat the comments. There are a couple of 
States that do allow a return of an overseas military ballot 
via the Internet. I think four, I believe, Alaska being one and 
I don't know--remember the other three. So I want to clarify 
that. Now, that's a small percentage of the overall vote. But 
they do allow a return of--but I will say this in defense of 
that, although we don't do it, it is a secure--you know, 
military--they have to get a pin, you've got to have access. 
You just don't just send them an email and here it is. They 
have to get access and have ability to open that file up and do 
something with it. So it is a little bit different. But 
certainly, under the argument and discussion we're having 
today, could be vulnerable.
    Mr. Beyer. Great. Great. Thank you, Secretary.
    Dr. Romine, a quick question. On this postelection audit 
requirement of reconciling paper and digital is--will--is this 
a NIST suggestion or a NIST standard or should it be?
    Dr. Romine. Part of the voluntary voting system guidelines 
that we worked with in the EAC was a strong recommendation that 
there be an auditability or audit capability, and certainly 
paper records provide a really robust way to do that, but it 
doesn't mandate specifically paper records.
    Mr. Beyer. Okay. Thank you very much. Mr. Chair, I yield 
back.
    Mr. Babin. Thank you.
    I now recognize myself for five minutes.
    Secretary Schedler.
    Mr. Schedler. Yes?
    Mr. Babin. By the way, I just spent two days in Baton 
Rouge, and my heart goes out to you----
    Mr. Schedler. I thank you for----
    Mr. Babin. --and your State.
    Mr. Schedler. --coming. I came back with Representative 
Honeycutt. I came to Washington yesterday with him----
    Mr. Babin. Right.
    Mr. Schedler. --with Garret Graves and Steve Scalise, flew 
with them, and he had the same expression to me so----
    Mr. Babin. Unbelievable. I represent the 36th District in 
Texas right across the Sabine so--and we had--in March we had--
--
    Mr. Schedler. Well, you all know shares of rain, too.
    Mr. Babin. Absolutely. But I've never seen anything like 
that.
    Mr. Schedler. No, it was pretty--30 inches of rain in some 
spots, 25, 30----
    Mr. Babin. Absolutely.
    Mr. Schedler. --inches of rain.
    Mr. Babin. In a population center like that.
    But I'd like to ask you a question. You stated in your 
testimony that ``I'm happy to report there's no evidence that 
ballot manipulation has ever occurred in the United States as a 
result of the cyber attack.'' And, Dr. Wallach on the other 
hand states that ``If our paperless electronic voting systems 
were attacked, we'd be unlikely to see evidence of it in the 
voting machines or tally systems.''
    So I just want to hear both of your opinions on this 
matter. I'm not trying to start----
    Mr. Schedler. No, no, no.
    Mr. Babin. --any problem.
    Mr. Schedler. I know you're not trying to start a war----
    Mr. Babin. Yes.
    Mr. Schedler. --or anything. I'm a pretty simplistic kind 
of guy----
    Mr. Babin. Okay.
    Mr. Schedler. --you can see in my delivery. I asked a 
simple question and I do not profess to be an IT expert, but I 
come at the derivative of saying if you're not on the Internet 
with voting, how do you hack into the machines? And I'm just 
coming at it very simple----
    Mr. Babin. Yes.
    Mr. Schedler. --apple pie. I don't know much more than 
that, but if you're not on the Internet out in the cloud how do 
you hack it? If they're individual machines with cartridges----
    Mr. Babin. You bet. Thank you. Thank you. And, Mr.--Dr. 
Wallach?
    Mr. Schedler. If he gets deep on me, I'm not going to be 
able to argue with him.
    Mr. Babin. Thank you.
    Dr. Wallach. Right. The example that I think we can look to 
to understand this was the Stuxnet virus, which was apparently 
engineered to damage the Natanz nuclear refinement facility in 
Iran. That nuclear refinement facility was also meant to be 
secure. It also was not connected to the Internet, yet somehow 
this Stuxnet malware was able to do its job. We don't know many 
of the details, but it's quite clear that where there's a 
will--and presumably a budget--then there's a way.
    I don't know whether our nation-state adversaries have 
chosen to make that investment, but I know that it's 
technically feasible to mount these sorts of attacks and that's 
why it's important to take mitigations and defensive steps 
against them.
    Mr. Babin. I agree with that. I sure do. Thank you. Thank 
you very much.
    The next question would be for you, Dr. Wallach. Is it 
possible for someone to conduct a cyber attack in case of 
voting or election systems while pretending to be Russian, 
Chinese, North Korean hackers so as to falsely assign blame for 
the hack on a foreign nation? And have you ever come across any 
instance of such in your experience?
    Mr. Wallach. So the issue of attribution of cyber attacks, 
broadly speaking, is a well-known problem and nation-state 
actors will pretend to be other nation-state actors for exactly 
the purpose of trying to throw off attribution.
    Mr. Babin. Yes.
    Dr. Wallach. So I am not privy to however we have this 
Russian attribution. I have to assume that the people who said 
that know what they're doing.
    Mr. Babin. Okay. And then, Secretary Schedler, one more for 
you. Considering the range of vulnerabilities--and this follows 
up on what you said just a second ago--the range of 
vulnerabilities that exist for electronic systems, do you think 
that more States will eventually return to paper ballots? And 
if so, can you explain to us how paper is the more secure 
option?
    Mr. Schedler. Well, there seems to be a trend if you 
consider a trend what four States, five States now, but in many 
cases it's done for cost reasons also. I mean, you have to 
factor that in.
    Mr. Babin. Right.
    Mr. Schedler. I'll say this. You have to have some other 
protections, and I think Oregon and some of the others do, but 
I mean I've always said that the best way and easiest way to 
perfect fraud is right here in my hand.
    Mr. Babin. Yes.
    Mr. Schedler. You know, when I mail out a paper ballot, I 
have no earthly idea who actually votes that ballot. I may be 
able to verify a signature, but I can tell you that we've had a 
couple of cases in Louisiana on mail ballots with frail and 
elderly in a small jurisdiction where the individual canvassing 
the area goes to Ms. Suzy and Mr. Joe's house, knocks on the 
door, says, oh, can help you fill out your mail ballot? And 
they do. Need I tell you how they vote? We caught one guy. 
Instead of keeping the addresses of 15 elderly people, he sent 
it from his campaign headquarters.
    But the point being, you have to have some checks and 
balances even under that system even if you're verifying the 
signature with electronic machine or signature, not naked eye. 
So I always contend that this right here is the easiest way to 
perfect fraud in the system. Now, it doesn't mean that it's 
wrong to do it because I'm very respectful of other States and 
how we do it.
    But I will just say this. In the entire subject matter we 
had HAVA dollars ten years ago, and I think this will set the 
stage with sparse dollars in States and in this country at this 
time. We have $386 million of un-appropriated HAVA dollars 
purportedly still out there. I gave you an example of what are 
the costs to replace Louisiana systems. So $394 million may go 
a long way, if not completely retool all 50 States with 
assistance from the Federal Government.
    But we can put layer on top of layer on top of layer of 
what ifs and what have you, and as long as you all can write 
the check, we'll do it. But at some point you've got to use 
practicality here, and I am again--myself, and I think I speak 
for all 50 of us--we are very confident in the system we have. 
We have trifecta backups, audits and the like, and even under 
some of the worst-case scenarios that I've heard here today, I 
am still very confident that you may not have results November 
9 if catastrophe hits, but if you're a little patient with us, 
we'll get you the results and you'll have a new President of 
the United States.
    Mr. Babin. That's a good answer. Thank you. And I know I'm 
out of time, but, Dr. Wallach, just as short as you can, what 
do you consider the chances with many States going back to the 
paper ballots?
    Dr. Wallach. Well, if for no other reason than electronic 
voting systems are very expensive, as the Secretary told us 
earlier----
    Mr. Babin. Right.
    Dr. Wallach. --and paper systems are cheaper, and for that 
reason, if nothing else, while these electronic systems are 
wearing out, we're moving to paper sort of by default.
    Mr. Babin. Okay. All right. Thank you.
    Let's see. I recognize the gentleman from Illinois, Mr. 
Lipinski.
    Mr. Lipinski. Thank you. And I thank all the witnesses for 
your testimony. And I have--I'm not sure if I can get to my 
questions because some other ideas came to mind as you're 
talking here. So let me ask a couple things here so I better 
understand. I know States--everyone does it differently, and 
the idea of not having our--the machines directly connected to 
the Internet makes sense.
    But, for example, if you do have a voting machine, you're 
voting, usually then at the end of the day when the votes are--
polls closed, votes are tabulated, how are those votes then 
communicated then from the polling place? So--because I would 
expect that they are done oftentimes over some sort of 
connection to the 'net.
    And then the other part of that is I go online election 
night and I'm looking at the results coming in so I can go 
online and connect in at least to see the results that they're 
displaying. So hopefully, I'm not displaying too much lack of 
understanding here, but aren't there some connections there to 
the Internet that are going on?
    Mr. Schedler. Not--no. Each machine has a separate 
cartridge and it's independent. They're not--none of those 
machines are linked together. And to answer your question, what 
occurs at the end of that night is that cartridge is retrieved 
from that machine. It is taken to the clerk of court or the 
central location in that county--at least in the parish in 
Louisiana--and it is put into a secure laptop and transmitted 
on a closed-circuit line, not on the Internet.
    Now, we do have--I mean, there's other systems. There's a 
tape on all machines that we can replicate. If a court 
challenge to an election--I can't tell you how you personally 
voted but I can certainly tell you if you voted and I can 
reconcile that tape. And there's one other method. Even in the 
transmission of those results on the nightly news that you 
referred to, there is a delay and there is a reason why we have 
that delay, to be able to detect any interference in that 
process.
    And again, even it occurred, delaying in getting you 
official results--because keep in mind on election night the 
results are unofficial. We all know that from being elected. 
The news media is out there declaring winners before the polls 
even close. That's their job. Our job is to make it accurate 
and effective.
    Mr. Lipinski. Well, that's good to hear. Is this--is that 
the common way it's done everywhere?
    Mr. Schedler. Yes, sir, pretty much. That's--to my 
knowledge, it's the way everybody does it.
    Mr. Becker. Yes, I can't speak for every place, but in the 
places I know of, they actually physically transport the 
cartridges or the memory devices with the counts that occurred 
in the precinct to the county office, which is often a 
frustration for people who are looking for election results 
because if they hit traffic or something like that, there's 
going to be a delay in getting those results. And only at that 
point--and most of these devices or many of them at least have 
duplicate cartridges as well, so one of them will go to the 
central count to be incorporated and you can check them.
    This is not completely foolproof and this--but it's--the 
problem that we often see is that voters get frustrated because 
there's a little bit of a delay in getting it because there's a 
physical transportation of the memory cartridges.
    Mr. Lipinski. And I think that--hopefully, that helps 
alleviate a lot of concerns that people do have that you--it's 
not being transmitted electronically in the way that can be 
hacked into.
    One other question that I had, the paper tapes I think 
are--certainly, I agree--a great idea. How often, though, and 
at what point would there be a check of those against the 
electronic numbers?
    Mr. Schedler. It usually dictates--I mean, it's usually 
dictatable by the closeness of the election. I mean, usually a 
challenge or if there was some major malfunction, but typically 
it's triggered by a challenge by a candidate, someone, you 
know, wins by 10 votes or loses by 10 votes, challenges that 
and requires a recount to be taken.
    We are also very public with the certification of our 
machines or you as a candidate or a campaign can watch us 
certify those beforehand in the warehouse and also when we 
reopen those machines to recertify candidates are allowed to 
come in or representatives to actually watch that process and 
to watch all that matching go on.
    I gave an--I testified last week at the EAC on this 
subject, and if you can bear with me a minute, it probably is a 
good representation of your question. I watched in utter awe 
with major networks with an individual that was claiming he had 
a handheld device that he could put early voting cards into and 
vote as many times as he wanted. Now, I don't argue the point 
that you can have a piece of machinery like that. They do it at 
gasoline pumps and the like. But what I did question was in the 
early stages they never, ever brought in anybody that ever 
conducted an election to dispute that.
    And you have to allow for an early voting site that someone 
is going to sit there and watch as somebody keep injecting a 
card--how times are they going to vote? We have time limits in 
most States. But at the end of the day, even if you have that 
piece of equipment, you still have to have the programming of 
what engaged that card. And at the end of the day, if there 
were 100 people they came in to early vote by signature next to 
your name and we had 106 votes, we're going to be able to 
determine by that number on that card that you don't see of--
that you voted six times. We don't know how you voted, but we 
know you voted six times so we'll catch you.
    Mr. Lipinski. I am from Chicago, though.
    Mr. Schedler. I'm from Louisiana. We've got a lot in 
common. But we've cleaned that act up.
    Mr. Lipinski. Similar.
    Mr. Schedler. We no longer throw ballot boxes in the 
Mississippi River. We don't do that anymore.
    Mr. Lipinski. We have a big lake to do that.
    Thank you very much. I yield back.
    Mr. Schedler. Thank you, sir.
    Mr. Babin. Yes, sir, thank you.
    I now recognize the gentleman from Illinois, Mr. Hultgren.
    Mr. Hultgren. Thank you all for being here. This is such an 
important subject. I don't know if anything more important than 
making sure that our ability to vote is protected and that we 
feel confident that everything is being done to make it open 
and accessible to everybody and using technology to do that but 
at the same time making sure that we're protecting information 
and protecting that confidence that our voting booths are 
accurate and are being abused in any way. So I really do want 
to thank you for being her. Thank you for your work.
    It's certainly clear the nature of our increasingly 
connected world has opened up new vulnerabilities which were 
originally unforeseen. It's also brought about new great things 
that we all can agree improve our lives, the functionality of 
our democracy, and it does it in ways in which we can exchange 
goods and services with each other as well.
    A little over a year ago, I had a chance to visit Estonia 
with a group of my colleagues and saw many of the innovative 
ways they are integrating technology into their government 
services. They actually have online voting in many elections 
and most forms and bureaucratic paperwork are submitted online 
in more easily searchable formats.
    While this is encouraging to me, I also realize that 
Estonia has as many people as New Hampshire or Maine, so there 
are things they can do differently than we as a country of 
almost 330 million people can do. So our States still need to 
have the flexibility to innovate and the Federal Government's 
role should be assisting but not passing down new unfunded 
mandates on them which we hear--I hear so often from my 
constituents and my local government officials and the 
challenges they face.
    Dr. Wallach, if I could address my first question to you. 
Regarding the recent cyber attacks on the voter registration 
databases in my State Illinois and also in Arizona, why would 
an individual or an organization want to hack into States' 
voter registration information? Are they looking for the same 
kind of information other data breaches in the retail sector or 
just personal information or what's the purpose behind these 
attacks?
    Dr. Wallach. So there's a lot of different motives that we 
can ascribe. If we're talking about garden-variety, you know, 
identity theft, they just want to have the information in the 
database. If we're talking about the nation-state actors, their 
motive could be to get information, but a lot of that 
information is available through other channels. It could be to 
tamper with information, and we've talked at length about the 
sort of chaos that you could potentially cause.
    Mr. Hultgren. Specifically with tampering, once a hacker 
has gained access to a database, would it be possible to add 
fictitious voters or delete legally registered voters?
    Dr. Wallach. If it's a database on a computer, it's 
possible to do all of those things.
    Mr. Hultgren. Yes. Okay. Dr. Romine, I wonder if I could 
address a couple questions to you. Is the walling off and 
protection of voter registration databases part of the 
technical guidelines for NIST?
    Dr. Romine. The voluntary voting systems guidelines are 
principally for the voting systems themselves. However, we do 
have other guidance that my organization has developed over the 
years to protect information systems broadly, and this would 
fall under that category. And I think, yes, separation there is 
a legitimate way of trying to prevent certain kinds of 
interactions.
    Mr. Hultgren. So that separation is happening or is it----
    Dr. Romine. What's actually happening in the States is 
something that I'm not privy to.
    Mr. Hultgren. Also, Dr. Romine, from what is known, what 
kind of guidance for protecting voter registration databases 
were in place in the two affected States that I mentioned 
earlier, Illinois and Arizona, and will NIST be considering 
updates to its technical guidelines to include voter 
registration databases?
    Dr. Romine. I think we will be considering that with regard 
to our partnership with the EAC to provide guidance to the 
States and municipalities for protecting voting systems with a 
broader remit perhaps as one way to look at it. The guidelines 
that we have in place for IT systems have been developed over a 
number of years and involve integrity checks, identity 
management issues, and other things that can protect 
information and information systems. And so the cybersecurity 
framework that I alluded to earlier helps to--helps 
organizations to craft a way to manage risk in this space.
    Mr. Hultgren. Well, again, my time is almost up. Thank you 
for your work. Please let us know how we can be helpful going 
forward. And with that, I yield back to the Chairman. Thank 
you.
    Mr. Babin. Yes, sir. Thank you.
    I now recognize the gentleman from Texas, Mr. Weber.
    Mr. Weber. I thank the gentleman.
    I want to do something before we get into the election 
discussion today regarding the earlier comment from one of the 
members on the other side of the aisle that she was appalled 
that there was no Republican outrage over the Russians' 
apparent hacking of the DCCC. I would note that there's 
probably about the same amount of outrage from the Democrats 
over Hillary Clinton's dumping of a bunch of emails and 
destroying evidence in a federal investigation.
    Having said that, in full disclosure I was an election 
clerk and election judge and a precinct chair for about 16 
years in Texas in Brazoria County when we had good old-
fashioned paper ballots. I was one of the few who raised my 
hand when they said, look, we want to pass a resolution 
encouraging electronic voting. I said I don't. I like the paper 
system. I don't trust the Internet. That was back in the '90s. 
It seems as if we've come full circle now that you all are 
saying that there are some States who are literally considering 
going back to paper ballots.
    So here's a question for, I guess, all of you one at a 
time. We'll start with you, Dr. Romine. Well, first of all, 
let's do it this way. How many States have paper?
    Dr. Romine. I think there's only five States that are 
completely without paper. There are some States in the middle 
that have a mix, depending on the county, of paper and on paper 
systems.
    Mr. Weber. Okay. What States in your opinion has the best 
system, Dr. Romine?
    Dr. Romine. I don't have insight into the systems that are 
being used State by State.
    Mr. Weber. So you really haven't formulated an opinion in 
that regard?
    Dr. Romine. I don't have the data.
    Mr. Weber. Okay. Fair enough.
    Now, if you say Louisiana, Secretary Schedler, I'm just 
saying.
    Mr. Schedler. My response to that would be the best system 
for which the people of that State feel comfortable in voting.
    Mr. Weber. Touche.
    Mr. Schedler. Okay. Because New Hampshire, I mean, if you 
can just think of the variety that we have across the board 
from the East Coast to the West Coast in Oregon, I mean, just 
totally different constituencies, totally different comfort 
zones, and, you know, if some people still like going to vote 
in their neighbor's garage and if that's what they want to do 
and then that's good for that State.
    So, I mean, I guess that's the best answer I could give 
you. No, I wouldn't say that we're the best, although a few 
years ago Pew had us at number 18, which would surprise you I 
bet because I used to always say if you interview people on the 
streets of New York on the late-night television show, they'd 
never mention Louisiana in the top 20, but we're there. We've 
done a lot of----
    Mr. Weber. And they usually don't know what they're talking 
about anyway.
    Mr. Schedler. That's correct. That's correct. But I think 
that's probably--I know that's kind of a politically correct 
answer, but out of respect for all my colleagues and all the 
States, I think you have to make that decision.
    Mr. Weber. Okay. Mr. Becker?
    Mr. Becker. I'll also be diplomatic here. I think if you 
ask most election officials around the country at the state or 
local level, most of them will say that the technology they're 
using, none of them have found the ideal system yet, that 
they're looking for something new to come around.
    Mr. Weber. So you don't have an opinion about that?
    Mr. Becker. I don't have an opinion about a particular 
State. I think the work that's being done in places like Los 
Angeles County to come up with a system that's based on off-
the-shelf components----
    Mr. Weber. Okay.
    Mr. Becker. --that is largely accessible is going to be 
very instructive to the entire field.
    Mr. Weber. Dr. Wallach?
    Dr. Wallach. Well, I'm going to toot the horn of three 
different States where I enjoy what they're doing.
    Mr. Weber. Okay.
    Dr. Wallach. I like California's use of risk-limiting 
audits where you can audit paper and compare it to electronic 
results. I like what Florida has done where they got rid of the 
paperless electronic voting machines. My parents live in Fort 
Lauderdale and they now vote on a laser printer will print out 
a ballot on demand so they can have early voting in vote 
centers. So Florida is now doing remarkably good stuff.
    And, of course, I have to say something good about Texas. I 
think in Travis County we're building a really great system and 
it could potentially be applied in a lot of other places.
    Mr. Weber. Are you from Travis County?
    Dr. Wallach. No, I live in Houston. I grew up in Dallas.
    Mr. Weber. Okay. So let me just also say here, having been 
the recipient of--when a lot of those ballot boxes were 
carried--Brazoria County is a big area. Apparently, where I 
grew up is like 40 miles north of the county seat. And as an 
election judge, in the general election I was, of course, in 
the primary in the general election, too--we would always take 
our Democratic counterpart in the general election, take the 
ballot boxes down, turn them into the county. I've been on the 
receiving end of when it took, you know, 45 minutes to an hour 
just for the drive time and people were wanting those results.
    One quick question because I'm the last one, is that right, 
Mr. Chairman?
    Mr. Babin. [No audible response.]
    Mr. Weber. Okay. What is the most critical time of a cyber 
attack?
    Dr. Wallach. I would say that a cyber actor who knows what 
they're doing is acting months to years in advance and--because 
they don't necessarily have access to----
    Mr. Weber. But I'm talking about if they were going to 
affect a November election coming up, is that something done 
the night of, the week before? You're saying years--are you 
saying they get into the system----
    Dr. Wallach. Yes. You get in way in advance and then you 
have whatever effect you're trying to have. If your goal is to 
create chaos, then you want to have your effect very late. It 
all depends what you're trying to do.
    Mr. Weber. Okay. All right, Mr. Chairman. I yield back. 
Thank you.
    Mr. Babin. Thank you. I appreciate that.
    I want to thank the witnesses for their testimony and the 
members for your questions. And the record will remain open for 
two weeks for additional written comments and written questions 
from members.
    And with that, this hearing is adjourned. Thank you.
    [Whereupon, at 12:25 p.m., the Committee was adjourned.]

                               Appendix I

                              ----------                              


                   Answers to Post-Hearing Questions


[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]



                              Appendix II

                              ----------                              


                   Additional Material for the Record

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

                                 [all]