b'<html>\n<title> - ELECTION SECURITY: VOTING TECHNOLOGY VULNERABILITIES</title>\n<body><pre>[House Hearing, 116 Congress]\n[From the U.S. Government Publishing Office]\n\n\n\n\n \n                           ELECTION SECURITY:\n                   VOTING TECHNOLOGY VULNERABILITIES\n\n=======================================================================\n\n                             JOINT HEARING\n\n                               BEFORE THE\n\n                     SUBCOMMITTEE ON INVESTIGATIONS\n                             AND OVERSIGHT\n                SUBCOMMITTEE ON RESEARCH AND TECHNOLOGY\n\n                                 OF THE\n\n                      COMMITTEE ON SCIENCE, SPACE,\n                             AND TECHNOLOGY\n                        HOUSE OF REPRESENTATIVES\n\n                     ONE HUNDRED SIXTEENTH CONGRESS\n\n                             FIRST SESSION\n\n                               __________\n\n                             JUNE 25, 2019\n\n                               __________\n\n                           Serial No. 116-31\n\n                               __________\n\n Printed for the use of the Committee on Science, Space, and Technology\n \n \n \n[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] \n\n\n\n\n       Available via the World Wide Web: http://science.house.gov\n       \n       \n       \n                           ______                      \n\n\n             U.S. GOVERNMENT PUBLISHING OFFICE \n 36-795 PDF           WASHINGTON : 2020        \n       \n       \n\n              COMMITTEE ON SCIENCE, SPACE, AND TECHNOLOGY\n\n             HON. EDDIE BERNICE JOHNSON, Texas, Chairwoman\nZOE LOFGREN, California              FRANK D. LUCAS, Oklahoma, \nDANIEL LIPINSKI, Illinois                Ranking Member\nSUZANNE BONAMICI, Oregon             MO BROOKS, Alabama\nAMI BERA, California,                BILL POSEY, Florida\n    Vice Chair                       RANDY WEBER, Texas\nCONOR LAMB, Pennsylvania             BRIAN BABIN, Texas\nLIZZIE FLETCHER, Texas               ANDY BIGGS, Arizona\nHALEY STEVENS, Michigan              ROGER MARSHALL, Kansas\nKENDRA HORN, Oklahoma                RALPH NORMAN, South Carolina\nMIKIE SHERRILL, New Jersey           MICHAEL CLOUD, Texas\nBRAD SHERMAN, California             TROY BALDERSON, Ohio\nSTEVE COHEN, Tennessee               PETE OLSON, Texas\nJERRY McNERNEY, California           ANTHONY GONZALEZ, Ohio\nED PERLMUTTER, Colorado              MICHAEL WALTZ, Florida\nPAUL TONKO, New York                 JIM BAIRD, Indiana\nBILL FOSTER, Illinois                JAIME HERRERA BEUTLER, Washington\nDON BEYER, Virginia                  JENNIFFER GONZALEZ-COLON, Puerto \nCHARLIE CRIST, Florida                   Rico\nSEAN CASTEN, Illinois                VACANCY\nKATIE HILL, California\nBEN McADAMS, Utah\nJENNIFER WEXTON, Virginia\n                                 ------                                \n\n              Subcommittee on Investigations and Oversight\n\n              HON. MIKIE SHERRILL, New Jersey, Chairwoman\nSUZANNE BONAMICI, Oregon             RALPH NORMAN, South Carolina, \nSTEVE COHEN, Tennessee                   Ranking Member\nDON BEYER, Virginia                  ANDY BIGGS, Arizona\nJENNIFER WEXTON, Virginia            MICHAEL WALTZ, Florida\n                                 ------                                \n\n                Subcommittee on Research and Technology\n\n                HON. HALEY STEVENS, Michigan, Chairwoman\nDANIEL LIPINSKI, Illinois            JIM BAIRD, Indiana, Ranking Member\nMIKIE SHERRILL, New Jersey           ROGER MARSHALL, Kansas\nBRAD SHERMAN, California             TROY BALDERSON, Ohio\nPAUL TONKO, New York                 ANTHONY GONZALEZ, Ohio\nBEN McADAMS, Utah                    JAIME HERRERA BEUTLER, Washington\nSTEVE COHEN, Tennessee\nBILL FOSTER, Illinois\n\n                         C  O  N  T  E  N  T  S\n\n                             June 25, 2019\n\n                                                                   Page\n\nHearing Charter..................................................     2\n\n                           Opening Statements\n\nStatement by Representative Mikie Sherrill, Chairwoman, \n  Subcommittee on Investigations and Oversight, Committee on \n  Science, Space, and Technology, U.S. House of Representatives..     9\n    Written Statement............................................    10\n\nStatement by Representative Ralph Norman, Ranking Member, \n  Subcommittee on Investigations and Oversight, Committee on \n  Science, Space, and Technology, U.S. House of Representatives..    11\n    Written Statement............................................    12\n\nStatement by Representative Haley Stevens, Chairwoman, \n  Subcommittee on Research and Technology, Committee on Science, \n  Space, and Technology, U.S. House of Representatives...........    13\n    Written Statement............................................    14\n\nStatement by Representative Jim Baird, Ranking Member, \n  Subcommittee on Research and Technology, Committee on Science, \n  Space, and Technology, U.S. House of Representatives...........    15\n    Written Statement............................................    16\n\nWritten statement by Representative Eddie Bernice Johnson, \n  Chairwoman, Committee on Science, Space, and Technology, U.S. \n  House of Representatives.......................................    17\n\nWritten statement by Representative Frank Lucas, Ranking Member, \n  Committee on Science, Space, and Technology, U.S. House of \n  Representatives................................................    18\n\n                               Witnesses:\n\nDr. Charles H. Romine, Director, Information Technology \n  Laboratory, National Institute of Standards and Technology\n    Oral Statement...............................................    20\n    Written Statement............................................    22\n\nMr. Neal Kelley, Registrar of Voters, Orange County, California\n    Oral Statement...............................................    28\n    Written Statement............................................    30\n\nDr. Latanya Sweeney, Professor of Government and Technology in \n  Residence, Department of Government, Harvard University, \n  Institute of Quantitative Social Science\n    Oral Statement...............................................    77\n    Written Statement............................................    79\n\nMr. Paul Ziriax, Secretary, Oklahoma State Election Board\n    Oral Statement...............................................    84\n    Written Statement............................................    86\n\nDr. Josh Benaloh, Senior Cryptographer, Microsoft Research\n    Oral Statement...............................................    99\n    Written Statement............................................   101\n\nDiscussion.......................................................   113\n\n             Appendix I: Answers to Post-Hearing Questions\n\nDr. Charles H. Romine, Director, Information Technology \n  Laboratory, National Institute of Standards and Technology.....   136\n\nMr. Neal Kelley, Registrar of Voters, Orange County, California..   138\n\nDr. Josh Benaloh, Senior Cryptographer, Microsoft Research.......   140\n\n            Appendix II: Additional Material for the Record\n\nDocuments submitted Representative Mikie Sherrill, Chairwoman, \n  Subcommittee on Investigations and Oversight, Committee on \n  Science, Space, and Technology, U.S. House of Representatives..   146\n\nDocument submitted by Rep. Sean Casten, Committee on Science, \n  Space, and Technology, U.S. House of Representatives...........   176\n\n\n                           ELECTION SECURITY:\n\n                   VOTING TECHNOLOGY VULNERABILITIES\n\n                              ----------                              \n\n\n                         TUESDAY, JUNE 25, 2019\n\n                  House of Representatives,\n      Subcommittee on Investigations and Oversight,\n            joint with the Subcommittee on Research\n                                    and Technology,\n               Committee on Science, Space, and Technology,\n                                                   Washington, D.C.\n\n    The Subcommittees met, pursuant to notice, at 2:58 p.m., in \nroom 2318 of the Rayburn House Office Building, Hon. Mikie \nSherrill [Chairwoman of the Subcommittee on Investigations and \nOversight] presiding.\n\n[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]\n\n\n\n    Chairwoman Sherrill. The hearing will come to order. \nWithout objection, the Chair is authorized to declare recess at \nany time. Good afternoon, and welcome to a joint hearing of the \nInvestigations and Oversight and Research and Technology \nSubcommittees. Ranking Member Norman and I had such a good \nexperience working with Research and Tech last month during our \ntransportation hearing that we thought we should do it again, \nso it\'s great to be here with Chairwoman Stevens and Ranking \nMember Baird, so thank you both, I appreciate it.\n    We are here today to talk about election security, and the \nvarious technologies and best practices that support it, and I \nwant to start out by acknowledging something good. The experts \ntell us that the United States has, in fact, made enormous \nprogress since 2016 toward protecting our election \ninfrastructure. I applaud the Secretaries of State, the \nelection officials, the poll workers, and the systems \nadministrators across the Nation who have already been working \nto defy election interference. New Jersey, for example, is \ninvesting in a whole range of activities right now to prevent \ninterference, including a pilot program for voter-verified \npaper trails.\n    But I remain worried about the enormous risks our election \nsystems still face heading into 2020, and I have been really \nconcerned about how attacks on our election system affect the \nAmerican psyche. We have all seen anecdotes in the press about \ncounties and States across the United States, where experts \nlearn after the fact that an election system has been hacked. \nIt is worth pointing out that we don\'t always see election \nsystems actually being breached when they are targeted. \nSometimes our systems work the way they\'re supposed to, and \nkeep intruders from doing harm, and we should find comfort when \nwe learn of a crisis averted, but for the most part we don\'t. \nThese stories in the news allow us to see just how high the \nstakes are. They allow us to see how many ways there are to \nmanipulate the system. These stories make the American people \nfeel uncertain, and our peace of mind, our faith in the \nelectoral process, is another casualty of interference.\n    There are few things more central to the American covenant \nthan the safety and security of our elections, where citizens \nfrom all walks of life can cast their vote and know that it \nwill be counted. Our foreign adversaries know this. The last \ntwo election cycles saw foreign interference in our election \nsystems that tried to shake our faith in the U.S. election \nsystem, and in our fellow Americans. When I was in the Navy, I \nwas a Russian policy officer, and I saw firsthand how the \nRussians worked to sow division here. We know the Russian \nintelligence service has already attacked our election \ninfrastructure across a number of States, and we have every \nreason to believe these attacks will escalate during the 2020 \ncycle. The methods that foreign and domestic actors use to \ncorrupt our elections are growing more sophisticated every day. \nWhen it comes to cybersecurity, the threat is constantly \nchanging. It is our responsibility in Congress to help States \narm themselves with advanced, adaptive strategies to prevent, \ndetect, and recover from intrusions.\n    On a lighter note, I am delighted to welcome a special \nguest in the gallery today, Ms. Bianca Lewis. Bianca just \nfinished the 7th grade in Phillipsburg, New Jersey. She is a \ncoder and an inventor who runs her own blog dedicated to her \nadventures in STEAM. That\'s science, technology, engineering, \nart, and mathematics. Bianca was also one of the young hackers \nfeatured at an exhibit that was hosted at last year\'s DEFCON \ntechnology conference in Las Vegas called Roots Asylum. At \nDEFCON, Bianca and other young people were able to exploit \nmodels of Secretary of State websites to delete content and \nchange the voting results displayed. While the websites at \nDEFCON were models, and not part of any real life voting \nsystems, they were designed with some of the known \nvulnerabilities that real life hackers have abused in recent \nyears. I thank Bianca for being a leader for girls in tech and \ncomputer science, and for helping shine a light on \ncybersecurity and election infrastructure. It is so rewarding \nto see that the next generation is thinking big, and I\'m glad \nthat you and your family could be here today from New Jersey.\n    I\'m also pleased to welcome the distinguished witnesses on \nour panel, three of whom contributed to the very important \nrecent report from the National Academies on Securing the Vote. \nThank you all for being here today.\n    [The prepared statement of Chairwoman Sherrill follows:]\n\n    Good afternoon, and welcome to a joint hearing of the \nInvestigations and Oversight and Research & Technology \nSubcommittees. It\'s good to be here with Ranking Member Norman, \nChairwoman Stevens and Ranking Member Baird once again.\n    We\'re here today to talk about election security and the \nvarious technologies and best practices that support it. And I \nwant to start out by acknowledging something good:\n    The experts tell us that the United States has, in fact, \nmade enormous progress since 2016 toward protecting our \nelection infrastructure. I applaud the Secretaries of State, \nthe election officials, the poll workers and the systems \nadministrators across this nation who have already been working \nhard to defy election interference. New Jersey, for example, is \ninvesting in a whole range of activities right now to prevent \ninterference, including a pilot program for voter verified \npaper trails.\n    But I remain worried about the enormous risks our election \nsystems still face heading into 2020. And I have been really \nconcerned about how attacks on our election system affect the \nAmerican psyche. We have all seen anecdotes in the press about \ncounties and states across the United States, where experts \nlearn after the fact that an election system has been hacked. \nIt is worth pointing out that we don\'t always see election \nsystems actually being breached when they are targeted. \nSometimes our systems work the way they are supposed to and \nkeep intruders from doing harm.\n    And we should find comfort when we learn of a crisis \naverted. But for the most part, we don\'t. These stories in the \nnews allow us to see just how high the stakes are. They allow \nus to see how many ways there are to manipulate the system. \nThese stories make the American people feel uncertain. And our \npeace of mind, our faith in the electoral process, is another \ncasualty of interference. There are few things more central to \nthe American covenant than the safety and security of our \nelections, where citizens from all walks of life can cast their \nvote and know it will be counted.\n    Our foreign adversaries know this. The last two election \ncycles saw foreign interference in our election systems that \ntried to shake our faith in the U.S. election system - and in \nour fellow Americans. When I was in the Navy, I was a Russian \npolicy officer and I saw firsthand how the Russians work to sow \ndivisions. We know the Russian intelligence service has already \nattacked our election infrastructure across a number of states, \nand we have every reason to believe these attacks will escalate \nduring the 2020 cycle. The methods that foreign and domestic \nactors use to corrupt our elections are growing more \nsophisticated every day. When it comes to cybersecurity, the \nthreat is constantly changing. It is our responsibility in \nCongress to help states arm themselves with advanced, adaptive \nstrategies to prevent, detect, and recover from intrusions.\n    On a lighter note - I am delighted to welcome a special \nguest to the gallery today, Ms. Bianca Lewis. Bianca just \nfinished seventh grade in Phillipsburg, New Jersey. She is a \ncoder and inventor who runs her own blog dedicated to her \nadventures in STEAM - that\'s science, technology, engineering, \narts and mathematics. Bianca was also one of the young hackers \nfeatured at an exhibit that was hosted at last year\'s Def Con \ntechnology conference in Las Vegas called the R00tz Asylum. At \nDef Con, Bianca and other young people were able to exploit \nmodels of Secretary of State websites to delete content and \nchange voting results being displayed. While the websites at \nDef Con were models and not part of any real-life voting \nsystems, they were designed with some of the known \nvulnerabilities that real-life hackers have abused in recent \nyears.\n    I thank Bianca for being a leader for girls in tech and \ncomputer science - and for helping shine a light on \ncybersecurity in election infrastructure. It is so rewarding to \nsee that the next generation is thinking big - about big \nchallenges. I\'m glad that you and your family could be here \nfrom New Jersey for today\'s hearing.\n    I am also pleased to welcome the distinguished witnesses on \nour panel, three of whom contributed to the very important \nrecent report from the National Academies on Securing the Vote. \nThank you all for being here.\n\n    Chairwoman Sherrill. So the Chair now recognizes Mr. Norman \nfor an opening statement.\n    Mr. Norman. Thank you, Chairwoman Sherrill, and Chairwoman \nStevens, for convening this important hearing, and thank you \nfor each of the witnesses for taking the time to give your \ntestimony this morning. We\'re here today to review the security \nof the United States\' election system technologies, and discuss \nresearch to ensure the security, the integrity, and the \naccessibility of America\'s election systems. Today\'s hearing \nprovides an opportunity to learn how the Federal Government can \nsupport State and local governments as they work to secure \nelections through research, technology, standards, and \nvoluntary guidance, without burdensome Federal mandates.\n    The 2000 Presidential election highlighted problems with \npunch card and lever voting systems, and brought to light new \nconcerns about election integrity. To address these concerns, \nCongress enacted the Help American Vote Act of 2002, or better \nknown as HAVA. HAVA provided money to the States to replace \nantiquated voting systems, established the United States \nElection Assistance Commission, or EAC, and required the \nNational Institute of Standards and Technology (NIST) to \nprovide technical support to the EAC to develop voluntary \nguidelines for voting systems.\n    My home State of South Carolina recently decided to upgrade \nvoting systems, and serves as an example of how the process \nshould work. South Carolina officials conducted a lengthy \nevaluation of several options, and ultimately determined that \nupgrading to a ballot marking device was the option that best \nmet the needs of our State. And this is how it should be, State \nand local officials figuring out what is best for their \ncommunity. As Federal policymakers, we must remember that \nadministration of elections is inherently a function of State \nand local governments. We should listen to our local election \nofficials, and provide the reasonable support necessary to \nbolster the security of election systems, and to efficiently \nand effectively administer elections throughout the United \nStates. This requires a flexible and a dynamic approach to \nsecurity that can be molded by jurisdictions across the country \nto fit their specific needs. A one-size-fits-all approach is \nsimply impractical and unworkable.\n    I welcome the chance to hear from State and local election \nofficials as we consider the issue of election system security, \nand look forward to their perspective on what role the Federal \nGovernment can play in ensuring that they have the information \nand support necessary to harden their election systems against \npresent, and any future threats. We\'ll also hear today from \nrepresentatives of academia, the private sector, and the \nFederal Government, which provides us with the opportunity to \nlearn more about technologies and innovations that will improve \nAmerica\'s election systems today, as well as research underway \nthat may bolster election system security in the future. It\'s \nhard to imagine an issue of greater importance to our democracy \nthan the security of America\'s election system.\n    And while I appreciate that this Committee continues to \napproach critical issues of national importance in a bipartisan \nfashion, I would be remiss today if I didn\'t take the \nopportunity to highlight how partisan politics on the part of \nthe House Democrat leadership has once again failed to proceed \nthrough regular order. Specifically, I\'m disappointed but, you \nknow, quite frankly I\'m not surprised, as this is just another \nin a long list of political stunts by leadership\'s sudden \ndecision to move H.R. 2722, the so-called Securing America\'s \nFederal Elections Act, to the floor this week without \nconsideration by this very Science Committee, which rightfully \nreceived a referral on the bill. House Democratic leadership \ninstead chose to rush this bill to the floor in order to \nsatisfy far left progressives with yet another messaging bill \nthat thankfully has absolutely no chance of being considered in \nthe Senate. As today\'s hearings will demonstrate, the Science \nCommittee has a crucial role to play in the consideration of \nany legislation that truly aims to improve the security of \nAmerica\'s election systems. That being said, I look forward to \na thoughtful and bipartisan discussion today of how we can \nimprove the security of America\'s election systems now, and in \nthe future.\n    I want to thank each of our witnesses for being here, and \nthank you, Madam Chair, for convening this all-important \nhearing. And I want to thank the Hyatts, who are here from my \nhometown, who have played a part in the elections in South \nCarolina, for being with us today. Madam Chair, I yield back \nthe balance of my time.\n    [The prepared statement of Mr. Norman follows:]\n\n    Thank you, Chairwoman Sherrill and Chairwoman Stevens, for \nconvening this important hearing, and thank you to the \nwitnesses for your testimony this morning.\n    We are here today to review the security of U.S. election \nsystem technologies and discuss research to ensure the \nsecurity, integrity, and accessibility of America\'s election \nsystems.\n    Today\'s hearing provides an opportunity to learn how the \nFederal government can support state and local governments as \nthey work to secure elections through research, technology, \nstandards, and voluntary guidance, without burdensome Federal \nmandates.\n    The 2000 presidential election highlighted problems with \npunch card and lever voting systems and brought to light new \nconcerns about election integrity. To address these concerns, \nCongress enacted the Help America Vote Act of 2002 (or \n``HAVA\'\').\n    HAVA provided money to the states to replace antiquated \nvoting systems, established the U.S. Election Assistance \nCommission (or ``EAC\'\'), and required the National Institute of \nStandards and Technology to provide technical support to the \nEAC to develop voluntary guidelines for voting systems.\n    My home state of South Carolina recently decided to upgrade \nvoting systems and serves as an example of how the process \nshould work. South Carolina officials conducted a lengthy \nevaluation of several options and ultimately determined that \nupgrading to a ballot marking device was the option that best \nmet the needs of the state.\n    And this is how it should be - state and local officials \nfiguring out what is best for their community. As Federal \npolicy makers, we must remember that administration of \nelections is inherently a function of state and local \ngovernments. We should listen to our local election officials \nand provide the reasonable support necessary to bolster the \nsecurity of election systems, and to efficiently and \neffectively administer elections throughout the United States.\n    This requires a flexible and dynamic approach to security \nthat can be molded by jurisdictions across the country to fit \ntheir specific needs. A one-size-fits-all approach is simply \nimpractical.\n    I welcome the chance to hear from state and local election \nofficials as we consider the issue of election system security \nand look forward to their perspective on what role the Federal \ngovernment can play in ensuring they have the information and \nsupport necessary to harden their election systems against \npresent and future threats.\n    We will also hear today from representatives of academia, \nthe private sector, and the Federal government, which provides \nus with the opportunity to learn more about technologies and \ninnovations that will improve America\'s election systems today, \nas well as the research underway that may bolster election \nsystem security in the future.\n    It\'s hard to imagine an issue of greater importance to our \ndemocracy than the security of America\'s election systems. And \nwhile I appreciate that this Committee continues to approach \ncritical issues of national importance in a bipartisan fashion, \nI would be remiss if I didn\'t take the opportunity to highlight \nhow partisan politics on the part of the House\'s Democrat \nleadership has once again failed to proceed through regular \norder.\n    Specifically, I am disappointed-but quite frankly not \nsurprised, as this is just another in a long line of political \nstunts-by leadership\'s sudden decision to move H.R. 2722, the \nso-called Securing America\'s Federal Elections Act, to the \nfloor this week without consideration by the Science Committee, \nwhich rightly received a referral on the bill. House Democratic \nleadership instead chose to rush this bill to the floor in \norder to satisfy far-left progressives with yet another \nmessaging bill that thankfully has no chance of being \nconsidered in the Senate.\n    As today\'s hearing will demonstrate, the Science Committee \nhas a crucial role to play in the consideration of any \nlegislation that truly aims to improve the security of \nAmerica\'s election systems.\n    That being said, I look forward to a thoughtful and \nbipartisan discussion today of how we can improve the security \nof America\'s election systems, now and in the future.\n    Thank you again to our witnesses for being here today. And \nthank you madam chair for convening this important hearing.\n    I yield back the balance of my time.\n\n    Chairwoman Sherrill. Thank you. The Chair now recognizes \nChairwoman Stevens of the Subcommittee on Research and \nTechnology for an opening statement.\n    Chairwoman Stevens. Thank you, Chairwoman Sherrill. It\'s \ngreat to be here talking about election security and voting \ntechnology vulnerabilities, and we\'re certainly so grateful \nthat we have the leadership in the House of Representatives \nwilling to take on the severity of some of the election \nsecurity breaches that we experienced in 2016, some of which \nhave been long overdue, and the current Administration has \nfailed to address. So, good afternoon, and welcome to this \nhearing.\n    Certainly the elections of 2016 showed us how vulnerable \nour election infrastructure can be to foreign adversaries who \ninterfere in the very foundation of our democratic process, and \nthis has begun a national conversation on the security and \nintegrity of our U.S. elections. Most election authority rests \nwith the States, but, as Mr. Norman recognized, Congress \ncreated a Federal role in election administration and security \nwith the Help America Vote Act of 2002, known as HAVA. And, \nunder HAVA, the National Institute of Standards and \nTechnologies, NIST, which--the Subcommittee that I have the \nprivilege of chairing on Research and Tech has oversight over--\nNIST was tasked with providing technical assistance and \nresearch to inform the development of voluntary voting \nsystems--guidelines to be recommended to the Election \nAssistance Commission, the EAC. HAVA provided hundreds of \nmillions of dollars to States to buy new voting equipment, but \nsome of those old machines are still in use today, and States, \nnot having--being--or not being required to implement the \nvoluntary voting system guidelines in the purchase of new \nvoting machines, were left with a gap. Only 38 States and the \nDistrict of Columbia use some of the parts of the Federal \ntesting and certification program for purchasing new voting \nequipment.\n    With more than 10,000 election jurisdictions in the United \nStates, there is certainly no one fit--no one-size-fits-all \nsolution to election administration and security. In addition, \nmost election administrators are well intentioned, but lack \nresources, awareness, and technical expertise. Cue the Federal \nGovernment. At the time of HAVA, voting technology was assumed \nto mean only the voting machine itself. Today, depending on the \njurisdiction, a voter may be able to register online to vote, \nand have their name and address confirmed through an Internet \nconnected electronic poll book, or e-poll book, at their \npolling site, in addition to casting their vote on an \nelectronic machine. Unfortunately, many Americans still cast \ntheir vote on machines with no paper record.\n    I know we will hear from our experts today that all--with \nall the conveniences that the Internet and the 21st century \ntechnology provide, paper ballots are still the most secure. \nBut even if we implement paper records everywhere, we are still \nleft with the new security challenges posed with online \nregistration and e-poll books. As a champion and a believer of \n21st century technology, I am also still a champion for the \nanalog skills that move us forward. In fact, every point of \ninternet connectivity in the election system, including \nsoftware development and updating, introduces a vulnerability. \nSecurity must be a priority at every step of our cherished \ndemocratic process. Free and fair elections are paramount.\n    Last year the National Academies issued a consensus study \nreport titled ``Securing the Vote: Protecting American \nDemocracy\'\'. This report included several recommendations for \nimproving election security, including the need for national \nstandards for e-poll books, voter registration databases, \nballot handling procedures, and audits. Finally, the report \nincluded a strong statement that the Federal Government has a \nresponsibility to invest in research to protect the integrity \nof elections, which is part of what we are here today to \ndiscuss. I certainly could not agree more, and I am glad to \nknow that, in addition to NIST, the National Science Foundation \ncarries out computer science and social science research that \ncould be applicable to election systems. There needs to be more \ncoordination. We are fans of inter-agency work here on this \nCommittee, and a more robust dedication of research dollars for \nthis purpose. The 2020 elections are not far away. I look \nforward to our witnesses\' insight on the Academies\' report, and \nother important recommendations for this Committee to take up. \nThank you, and I yield back.\n    [The prepared statement of Chairwoman Stevens follows:]\n\n    Good afternoon and welcome to this hearing to review U.S. \nelection security and voting technology vulnerabilities. I look \nforward to hearing testimony from our distinguished panel of \nwitnesses on this important topic.\n    The elections of 2016 showed us how vulnerable our election \ninfrastructure can be to foreign adversaries who interfere in \nthe very foundation of our democratic process and began a \nnational conversation on the security and integrity of \nelections. Most election authority rests with the states. \nHowever, Congress created a federal role in election \nadministration and security with the Help America Vote Act of \n2002, known as HAVA. Under HAVA, the National Institute of \nStandards and Technology, NIST, was tasked with providing \ntechnical assistance and research to inform the development of \nVoluntary Voting Systems Guidelines to be recommended to the \nElection Assistance Commission.\n    HAVA provided hundreds of millions of dollars to states to \nbuy new voting equipment, and some of those old machines are \nstill in use today. Further, states are not required to \nimplement the Voluntary Voting System Guidelines in the \npurchase of new voting machines. Only 38 states and the \nDistrict of Columbia use some part of the federal testing and \ncertification program for purchasing new voting equipment.\n    With more than 10,000 election jurisdictions in the United \nStates, there is no one size fits all solution to election \nadministration and security, but these Guidelines are intended \nto have broad application. In addition, most election \nadministrators are well intentioned but unfortunately lack the \nresources, awareness, and technical expertise to implement the \nvital security needs of today.\n    At the time of HAVA, voting technology was assumed to mean \nonly the voting machine itself. Today, depending on the \njurisdiction, a voter may be able to register online to vote \nand have their name and address confirmed through an internet-\nconnected electronic poll book (or e-poll book) at their \npolling site, in addition to casting their vote on an \nelectronic machine.\n    Unfortunately, many Americans still cast their vote on \nmachines with no paper record. I know we will hear from our \nexperts today that, with all of the conveniences that the \ninternet and 21st century technology provide, paper ballots are \nstill the most secure. But even if we implement paper records \neverywhere, we are still left with the new security challenges \nposed with online registration and e-poll books. In fact, every \npoint of internet connectivity in the election system, \nincluding software development and updating, introduces a \nvulnerability. Security must be a priority at every step of our \ncherished democratic process.\n    Last year, the National Academies issued a consensus study \nreport titled, "Securing the Vote - Protecting American \nDemocracy." This report included several recommendations for \nimproving elections security, including the need for national \nstandards for e-poll books, voter registration databases, \nballot handling procedures, and audits. Finally, the report \nincluded a strong statement that the federal government has a \nresponsibility to invest in research to protect the integrity \nof elections. I couldn\'t agree more, and am glad to know that \nin addition to NIST, the National Science Foundation carries \nout computer science and social science research that could be \napplicable to election systems. However, there needs to be more \ncoordination and a more robust dedication of research dollars \nfor this purpose.\n    The 2020 elections are not far away, I look forward to our \nwitnesses\' insight on the Academies\' report and other important \nrecommendations for actions this Committee can take to help.\n    Thank you and I yield back.\n\n    Chairwoman Sherrill. Thank you, and the Chair now \nrecognizes Dr. Baird of the Subcommittee on Research and \nTechnology for an opening statement.\n    Mr. Baird. Thank you, Chairwoman Sherrill, and Chairwoman \nStevens, for convening this day\'s hearing to review the \nsecurity of U.S. election system technologies. Voting is a \nfundamental right of every American citizen, and ensuring the \nright to a safe and secure election is the responsibility of \nevery Member of Congress. Without security, integrity, and \naccuracy in our electoral process, the foundation of our \nNation, in fact, our democracy, is weakened. I look forward to \nhearing from our witnesses this afternoon about how the Federal \nGovernment can support State and local governments in ensuring \nsafe and secure elections through research, technology testing, \naudits, and voluntary guidance.\n    As we all know, under our Constitution, the Federal system \nelects an Administration is, and should be, the responsibility \nof State and local governments. Our founders believed that \ngovernment is more transparent, responsive, and accountable \nwhen it\'s closest to the people, which is why the Constitution \ngave the responsibility of our elections to the States. To this \nend, Congress\' role is to empower State officials to strengthen \nthe security of their unique election systems, and effectively \nadminister elections, not to try to dictate a one-size-fits-\nall. The Help America Vote Act established the Federal Election \nAssistance Commission, and requires the National Institute of \nStandards and Technology, NIST, to work with the Commission on \ntechnical, voluntary guidelines, and voting systems. These \nvoluntary guidelines are an important tool for State and local \nelected officials to ensure the functionality and accuracy of \nthe State\'s unique system. They allow the testing of voting \nsystems to determine the basic functionality, accessibility, \nand security capabilities. They also offer flexibility, which \nis important, given the variation of election infrastructure \nfrom State to State.\n    I look forward to hearing from Dr. Romine about the most \nrecent iteration of voluntary voting system guidelines, which \nis expected to be released soon. I believe it\'s also valuable \nthat this Committee has the opportunity to hear what new and \nevolving challenges States are facing, and how States are using \nFederal resources to overcome unique challenges, including how \nand if these guidelines and protections are being effectively \nadopted. I expect Secretary Ziriax and Mr. Kelley will have \nparticularly good insight into these challenges.\n    There\'s no doubt that there is a need for improved security \nof our elections. We know that at least 21 States have been \ntargeted by foreign state actors prior to the 2016 U.S. \nelection, and we know that Russian undertook disinformation \ncampaigns on social media in that same election. This is \ntroubling, but we must also acknowledge that no votes were \nchanged in the 2016 election, and the 2018 midterm elections \nwere secure, with a record number of voter participation. We \nmust examine what we can learn from these past elections and \nimprove upon them. We can make progress on this issue. I want \nto again thank Chairwoman Sherrill and Chairwoman Stevens for \nholding this hearing, and I hope that we will take a bipartisan \nlook at the challenges of election security.\n    As my colleague, Ranking Member Norman, noted, this matter \nhas not been addressed in a bipartisan manner thus far this \nCongress. But I hope this hearing will illustrate how progress \ncan be made in keeping our Nation\'s elections secure, and free \nfrom interference. Thank you, and I yield back.\n    [The prepared statement of Mr. Baird follows:]\n\n    Thank you, Chairwoman Sherrill and Chairwoman Stevens, for \nconvening today\'s hearing to review the security of U.S. \nelection system technologies.\n    Voting is a fundamental right of every American citizen and \nensuring the right to safe and secure elections is the \nresponsibility of every Member of Congress.\n    Without security, integrity, and accuracy in our electoral \nprocess, the foundation of our nation - our democracy - is \nweakened.\n    I look forward to hearing from our witnesses this afternoon \nabout how the federal government can support State and local \ngovernments in ensuring safe and secure elections through \nresearch, technology testing, audits and voluntary guidance.\n    As we all know, under our Constitution and federal system, \nelection administration is and should be the responsibility of \nState and local governments.\n    Our Founders believed that government is more transparent, \nresponsive, and accountable when it is closest to the people, \nwhich is why the Constitution gave the responsibility of our \nelections to the States.\n    To this end, Congress\' role is to empower state officials \nto strengthen the security of their unique election systems and \neffectively administer elections, not to try to dictate a one-\nsize-fits-all approach.\n    The Help America Vote Act of 2002 (HAVA) established the \nfederal Election Assistance Commission (EAC) and requires the \nNational Institute of Standards and Technology (NIST) to work \nwith the Commission on technical, voluntary guidelines for \nvoting systems.\n    These voluntary guidelines are an important tool for state \nand local election officials to ensure the functionality and \naccuracy of that state\'s unique system.\n    They allow for the testing of voting systems to determine \nthe basic functionality, accessibility, and security \ncapabilities.\n    They also offer flexibility, which is important given the \nvariation of election infrastructure from state to state.\n    I look forward to hearing from Dr. Romine about the most \nrecent iteration of the Voluntary Voting System Guidelines, \nwhich is expected to be released soon.\n    I believe it is also valuable that this Committee has the \nopportunity to hear what new and evolving challenges states are \nfacing and how states are using federal resource to overcome \nthese unique challenges - including how and if these guidelines \nand protections are being effectively adopted.\n    I expect Secretary Ziriax and Mr. Kelley will have \nparticularly good insight into these challenges.\n    There is no doubt that there is a need for improved \nsecurity of our elections - we know that at least 21 states \nwere targeted by foreign state actors prior to the 2016 U.S. \nelection and we know that Russia undertook disinformation \ncampaigns on social media in that same election.\n    This is troubling, but we must also acknowledge that no \nvotes were changed in the 2016 election and the 2018 midterm \nelections were secure with a record number of voter \nparticipation.\n    We must examine what we can learn from these past elections \nand improve upon them. We can make progress on this issue.\n    I want to again thank Chairwoman Sherrill and Chairwoman \nStevens for holding this hearing, and what I hope will be, a \nbipartisan look at the challenges of election security.\n    As my colleague, Ranking Member Norman noted, this matter \nhas not been addressed in a bi-partisan manner thus far this \nCongress, but I hope this hearing will illustrate how progress \ncan be made in keeping our nation\'s elections secure and free \nfrom interference.\n    Thank you and I yield back the balance of my time.\n\n    Chairwoman Sherrill. Thank you, Dr. Baird. If there are \nMembers who wish to submit additional opening statements, your \nstatements will be added to the record at this point.\n    [The prepared statement of Chairwoman Johnson follows:]\n\n    Thank you Madam Chair, and I would like to join you in \nwelcoming our witnesses this afternoon.\n    I\'m glad we\'re holding this hearing today on such an \nimportant topic. The election system is decentralized and \ncomplicated. There are many different aspects of it that rely \non technology in some form. As a result, there are numerous \nchallenges and solutions to making sure our election system is \nsecure, fair and accessible. Elections security, as we all \nknow, is an active topic of conversation in Congress right now, \nas it should be. It is an urgent topic for our nation.\n    The Science Committee will do what it does best today - we \nwill talk about the technology. My home state of Texas is a \ncase study in how advanced technologies are both promising and \nperilous when it comes to the administration of elections. The \n2018 election cycle saw a terrible episode in Texas in which \nmalfunctioning electronic voting machines ended up changing \nsome voters\' selections from Democrat to Republican, and \ndeleted some voters all together. This occurred across at least \n78 counties. And the machines where this happened were \npaperless, which means it was impossible to go back and compare \nthe voters\' intent with what the device actually recorded. To \nunderscore the gravity of what happened in 2018, the Texas \nCivil Rights Project issued a statement that this event ``is \nthreatening to call into question the entire election in \nTexas.\'\' To wit, in a court case that resulted from a similar \nepisode in the state of Georgia, a judge ultimately decided \nthat continued use of paperless systems can harm our \nconstitutional rights to a free and fair election.\n    We were somewhat relieved to learn that cybersecurity \nexperts believe that the voting machine anomalies in Texas can \nbe attributed to old technology and not to hackers. But it is \neasy to imagine how a bad actor might seek to take advantage of \nexactly this kind of vulnerability in Texas and across the \ncountry. On the other hand, Texas is looking at some exciting \nreforms. This year the Texas House is considering legislation \nthat would implement automatic voter registration when eligible \nresidents interface with the Department of Motor Vehicles. This \nproposal will not only make it more convenient for citizens to \nparticipate in the democratic process, it will also save money \nfor state elections administrators and may help make the \nregistration process more secure.\n    I hope that the experiences we have in Texas can be used as \nlessons learned for other states. In fact, I believe almost \nevery state and jurisdiction is working hard to improve their \nsystems and make them more secure and accessible. The Federal \ngovernment has a role in shepherding the development of \nvoluntary guidelines for secure elections and in providing \ntechnical and other assistance to state and local election \nadministrators. We all need to learn from each other. Our very \ndemocracy is on the line.\n    I want to thank Chairwoman Sherrill, Ranking Member Norman, \nChairwoman Stevens and Ranking Member Baird for holding this \nhearing, and I yield back the balance of my time.\n\n    [The prepared statement of Mr. Lucas follows:]\n\n    Thank you, Chairwoman Sherrill, Chairwoman Stevens, Ranking \nMember Norman, and Ranking Member Baird, for holding today\'s \nhearing.\n    The integrity and security of elections is fundamental to \ndemocracy in the United States. Americans must have confidence \nin the accuracy of election results, or we risk losing the \npublic trust in government and our political system.\n    Although there is no evidence to date that a single vote \nwas changed in the 2016 or 2018 elections due to a cyberattack \nor foreign interference, we know that our adversaries are \nlooking to erode public confidence in elections.\n    Prior to the 2016 federal election, a series of \ncyberattacks occurred on information systems of state and local \nelection jurisdictions. The Federal Bureau of Investigation \n(FBI) announced that some state election jurisdictions had been \nthe victims of cyberattacks aimed at exfiltrating data from \ninformation systems in those jurisdictions. The attacks \nappeared to be of Russian-government origin.\n    Although these attacks did not result in actual votes being \nchanged, they served as a warning to Federal, State, and local \nofficials that we must be vigilant about securing our \nelections.\n    The U.S. Constitution vests the responsibility of \nadministering elections with State and local governments. \nHowever, the Federal government has an important role to play, \nin providing guidance and assistance to states on election \nsystems. The Federal government can and should also work \nclosely with State and local election officials to deal with \nforeign and domestic cyber threats.\n    Concerns with earlier versions of voting and election \nsystems led to the passage of the 2002 Help America Vote Act \n(HAVA). This Act requires the National Institute of Standards \nand Technology (NIST), over which our Committee has \njurisdiction, to work with the Election Assistance Commission \n(EAC) on technical, voluntary guidelines for voting.\n    NIST plays an important role in conducting research on \nelection systems and providing technical assistance and \nguidelines. NIST is a trusted partner by both industry and \nState governments. Because these guidelines are voluntary, \nStates and private companies are more willing to share \ninformation with the agency, which results in better voluntary \nstandards and guidelines. It is important that we support NIST \nin this work, and not erode their role in election security.\n    In Oklahoma, we have an election system that is secure, \nreliable, and provides timely results. I want to thank Mr. Paul \nZiriax, Secretary of the Oklahoma State Election Board, for \ntestifying today. Oklahomans can trust in the results of our \nState\'s elections, thanks to the thoughtful work of Paul and \nhis staff. I look forward to hearing about how the Federal \ngovernment can best support states like Oklahoma in their work, \nwithout creating mandates that are one-size-fits all.\n    What works for California might not work for Oklahoma, and \nI am glad we have two State and local election officials on the \npanel to hear what tools they need to administer secure \nelections in their jurisdictions.\n    The Science Committee has demonstrated over the last few \nmonths how Committees should work. Under the leadership of \nChairwoman Eddie Bernice Johnson, we have been conducting \nhearings and moving legislation under regular order, and in a \nbipartisan and productive fashion, to make progress for the \nAmerican people.\n    Unfortunately, the Democratic leadership of the House has \nchosen to ignore the Committee process, and rush two partisan \nbills to the floor in the name of "election security," \nincluding H.R. 2722, a bill that will be considered on the \nHouse floor later this week. That bill is partially in the \nScience Committee\'s jurisdiction, but leadership ignored \nregular order, and never gave our Committee members the \nopportunity to consider the legislation.\n    Unfortunately, that partisan bill goes far beyond securing \nelections - setting mandates on State and local governments for \nthe administration of elections that have nothing to do with \nsecurity or election integrity.\n    Republicans want to work with Democrats on election \nsecurity. I hope this hearing demonstrates that commitment on \nboth sides of the aisle and lays the groundwork for bipartisan \nlegislation out of this Committee to update NIST\'s election \nsecurity activities.\n    Again, thank you to the chairs and ranking members for \nholding this hearing. I yield back.\n\n    Chairwoman Sherrill. And, at this time, I would like to \nintroduce our five witnesses.\n    First, we have Dr. Charles Romine is the Director of the \nInformation Technology Laboratory at the National Institute of \nStandards and Technology, or NIST. And, Doctor, I\'m not sure if \nI should offer you congratulations or condolences, I hear this \nis your 20th time testifying before us, so welcome again.\n    Mr. Neal Kelley is the Registrar of Voters for Orange \nCounty, California. Mr. Kelley is also a member of the National \nAcademies of Science, Engineering, and Medicine, Committee on \nthe Future of Voting. This committee contributed to the \npublication of the 2018 National Academies consensus study \nreport titled, ``Securing the Vote.\'\' Thank you for coming \ntoday.\n    Dr. Latanya Sweeney is a Professor of government and \ntechnology in the Department of Government at Harvard \nUniversity\'s Institute for Quantitative Social Science. Thank \nyou.\n    And then Dr. Benaloh is a Senior Cryptographer at Microsoft \nResearch. Dr. Benaloh also contributed to the National \nAcademies ``Securing the Vote\'\' report.\n    And, to introduce our final witness, I recognize \nCongresswoman Horn of Oklahoma\'s 5th Congressional District.\n    Ms. Horn. Thank you, Madam Chairwoman. I am honored today \nto be able to introduce not only our Election Secretary, but \nalso one of my constituents from Oklahoma City, and I\'m honored \nto be able to join you on this Subcommittee today on such an \nimportant issue.\n    Secretary Paul Ziriax has served as the Secretary of \nOklahoma State Election Board since 2009, and as--in that \ncapacity as our chief election official. He also serves as the \nOklahoma--the Secretary of the Oklahoma Senate by way of a 1913 \nOklahoma law that requires the Secretary of the Senate to also \nserve as the Secretary of the Education--or the Election Board.\n    Originally from Claremore, Ziriax has worked as a senior \naide in the Oklahoma State Senate, Chief of Staff, and Press \nSecretary to a Member of Congress from Oklahoma, as a radio \nstation music director and announcer. Ziriax is a member of the \nNational Association of Election Directors, and the American \nSociety of Legislative Clerks and Secretaries, and is a past \nappointee to the Oklahoma Capital Preservation Commission. He\'s \nan alumnus of Oklahoma State University in Stillwater, and \nfinally, especially as related to this hearing today, I am \nproud of Oklahoma\'s election system because of our paper \nballots, and a number of other security features that allow us \nto know the security and veracity of our elections, which is \none of the things that we are talking about here today. So the \nwork of Secretary Ziriax, and the staff of the Oklahoma State \nElection Board, has been very important, and I\'m glad that you \ncould join us today, and look forward to your testimony.\n    Chairwoman Sherrill. Well, thank you. Now I feel guilty I \ndidn\'t give the rest of you the great intro. But, as our \nwitnesses should know, you will each have 5 minutes for your \nspoken testimony. Your written testimony will be included in \nthe record for the hearing. When you all have completed your \nspoken testimony, we will begin with questions. Each Member \nwill have 5 minutes to question the panel. And let\'s start with \nyou, Dr. Romine.\n\n               TESTIMONY OF DR. CHARLES H. ROMINE,\n\n          DIRECTOR, INFORMATION TECHNOLOGY LABORATORY,\n\n         NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY\n\n    Dr. Romine. Chairwoman Sherrill, Ranking Member Norton, \nChairwoman Stevens, Ranking Member Baird, and Members of the \nSubcommittees, I\'m Charles Romine, the Director of the \nInformation Technology Laboratory at the Department of \nCommerce\'s National Institute of Standards and Technology, or \nNIST. Thank you for the opportunity to appear before you today \nto discuss our role in what NIST is doing in election security.\n    For more than a decade, as directed by both the Help \nAmerica Vote Act of 2002, or HAVA, and the Military and \nOverseas Voter Empowerment Act, NIST has partnered with the \nElection Assistance Commission, the EAC, to develop the \nscience, tools, and standards necessary to improve the \naccuracy, reliability, usability, accessibility, and security \nof voting equipment used in Federal elections for both domestic \nand overseas voters. Under HAVA, NIST provides technical \nsupport to the Technical Guidelines Development Committee \n(TGDC), which is the Federal advisory committee to the EAC in \nareas such as the security of computers, computer networks, and \ncomputer data storage used in voting systems, methods to detect \nand prevent fraud, protection of voter privacy, the role of \nhuman factors in the design and application of voting systems, \nthe remote access voting, including voting through the \nInternet.\n    This technical support includes intramural research and \ndevelopment in areas to support the development of a set of \nVoluntary Voting System Guidelines, referred to as the VVSG, or \nthe Guidelines. The Guidelines are used by accredited testing \nlaboratories as part of both State and national certification \nprocesses by State and local election officials who are \nevaluating voting systems for potential use in their \njurisdictions, and by manufacturers who need to ensure that \ntheir products fulfill the requirements so they can be \ncertified.\n    The Guidelines address many aspects of voting systems, \nincluding determining system readiness, ballot preparation and \nelection definition, voting and ballet counting operations, \nsafeguards against system failure, and protections against \ntampering, ensuring the integrity of voted balance, and \nprotected data during transmission and auditing. Almost \nimmediately following the adoption of Voluntary Voting System \nGuidelines 1.1, NIST established a set of public working groups \nto gather input from a wide variety of stakeholders on the \ndevelopment of the next iteration of the Guidelines, the VVSG \n2.0. This approach pulled in subject-matter experts across the \nNation, with 994 members across seven working groups. Within \nthe working groups, the cybersecurity working group has grown \nto 175 members, and it engages in discussions regarding the \nsecurity of U.S. elections. Guidelines 2.0 addresses these \nevolving security concerns. It includes support for advanced \nauditing methods, as well as enhanced authentication \nrequirements, and mandates two-factor authentication. The \nsystem integrity section in Guidelines 2.0 ensures that \nsecurity protections developed by industry over the past decade \nare built into the voting system.\n    Other security issues to be resolved, beyond those \nmentioned in the Guidelines, include the need for regular and \ntimely software updates and security patches. Networked \ncommunication is another important security issue currently \nunder discussion. Many election jurisdictions rely on public \ntelecommunication networks for certain election functions, such \nas reporting results to State agencies and media outlets on the \nnight of the election. These connections, however brief, are a \nsignificant expansion of threat surface, and their security \nrequires further study.\n    NIST participates in the DHS (Department of Homeland \nSecurity) Election Security Initiative federal partner \nroundtable, and kicked off the election profile of the \ncybersecurity framework effort in March 2019. NIST will hold \nworkshops in July and in August to identify election processes \nand assets that need protection, threats from foreign control \ntechnology vendors, available safeguards, techniques that can \ndetect incidents, and methods to respond and recover. The \nelection profile will serve as a one-stop cybersecurity \nplaybook that matches cybersecurity requirements with \noperational methodologies across all election processes, from \nvoter registration through election reporting and auditing. The \nprofile can be used by Secretaries of State, State and local \nelection officials to identify and prioritize opportunities to \nimprove their cybersecurity posture. NIST expects that an \ninitial draft of the election profile of the cybersecurity \nframework will be available in the fall of 2019.\n    NIST is continuing to address election security by \nstrengthening the VVSG for voting systems, such as vote capture \nand tabulation, and by working with our government partners, \nincluding the EAC, to provide guidance to State and local \nelection officials on how to secure their election systems, \nincluding voter registration and election reporting systems.\n    Thank you for the opportunity to testify on NIST\'s work \nregarding election security, and I\'ll be pleased to answer any \nquestions that you may have.\n    [The prepared statement of Dr. Romine follows:]\n    \n[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]    \n       \n    Chairwoman Sherrill. Well, thank you very much. And, Mr. \nKelley?\n\n                  TESTIMONY OF MR. NEAL KELLEY,\n\n         REGISTRAR OF VOTERS, ORANGE COUNTY, CALIFORNIA\n\n    Mr. Kelley. Good afternoon, Chairwoman Sherrill, Chairwoman \nStevens, Ranking Member Baird, Ranking Member Norman, and \nMembers of the Subcommittee on Investigations and Oversight, \nand the Subcommittee on Research and Technology. My name is \nNeal Kelley. I\'m the Chief Election Official, Registrar of \nVoters, for Orange County, California. Thank you for the \ninvitation to speak today.\n    I\'d like to address four specific things: The key findings \nof the National Academies of Sciences, Engineering, and \nMedicine\'s consensus study report; ``Securing the Vote: \nProtecting American Democracy\'\', the best practices used in \nOrange County, including the use of paper trails with voting \nmachines, electronic poll books, and risk limiting audits; \nbarriers States\' and counties\' encounter in the pursuit of \nenhancing election security; and how I believe Congress can \nfurther assist States and counties with securing election \nsystem technologies.\n    As a member of the National Academies\' Committee on the \nFuture of Voting, I have submitted the report highlights for \nFederal policymakers along with my testimony today. I would \nalso like to share the insights I have gained as an election \nadministrator. In the 2 decades following the 2000 Presidential \nelection, numerous initiatives have been undertaken to improve \nour election systems. Although progress has been made, old and \ncomplex problems persist, and new problems emerge. Aging \nequipment, number one, the targeting of our election \ninfrastructure by foreign actors, a lack of sustained funding \ndedicated to election security, inconsistency in the skills and \ncapabilities of elections personnel, and growing expectations \nthat voting should be more accessible and convenient, as well \nas secure, complicate the administration of elections in the \nUnited States.\n    Working together, NIST and the Election Assistance \nCommission have made numerous contributions to the improvement \nof electronic voting systems by providing critical technical \nexpertise. The Voluntary Voting System Guidelines, otherwise \nknown as VVSG, developed by the EAC in collaboration with NIST, \nare particularly important. Nevertheless, despite the critical \nroles that these agencies plays--play in strengthening election \ninfrastructure, there is currently a very limited pool of \nongoing financial support.\n    While one-time funding has been historically allocated, \nelection cybersecurity is known to be an ongoing challenge that \nwill require a constant effort to better understand threats and \nvulnerabilities. The National Academies\' report recommends that \nthe EAC and NIST, the architects, developers, and shepherds of \nthe VVSG, continue the process of refining and improving the \nVVSG to reflect changes in how elections are administered; to \nrespond to new challenges to election systems as they occur, \nsuch as the threat of cyber attacks; and to research how new \ndigital technologies can be used by Federal, State, and local \ngovernments to secure elections. Our report further recommends \nthat a detailed set of cybersecurity best practices for State \nand local election officials be developed, maintained, and \nincorporated into election operations, and that the VVSG be \nperiodically updated in response to new threats and challenges.\n    Electronic voting systems that do not produce a human-\nreadable paper ballot of record are a particular concern, as \nthe absence of a paper record raises security and vulnerability \nissues. Because of this, our report recommended that all \nelections should be conducted with human-readable paper \nballots. We also recommend the use of risk limiting audits. An \nRLA is not considered to be performance audit, as it seeks to \nensure accuracy that the reported outcome would be the same if \nall ballots were examined manually, and that any different \noutcome has a high likelihood of being detected and corrected. \nThe National Academies\' report also recommends that the use of \nthe Internet, or any network connected to the Internet for a \nvoter to cast a ballot, or the return of a marked ballot, \nshould not be permitted.\n    There is no known technology that guarantees the secrecy, \nverifiability, and security of a marked ballot transmitted over \nthe Internet. Voter registration databases are also vulnerable \nto cyberattacks, whether it is a standalone, or is connected to \nother applications. Presently, election administrators are not \nrequired to report any detected compromises or vulnerabilities \nin voter registration systems, and our report recommends that \nStates make it mandatory for election administrators to report \nthese instances when it occurs to the Department of Homeland \nSecurity, the EAC, and State officials.\n    As the fifth largest voting jurisdiction in the United \nStates, Orange County, California is in the fortunate position \nof being able to allocate resources and staff to support pilot \nprograms, and determine best practices for the use of paper \naudit trails, voting machines, and electronic poll books. On \nthe matter of election security, in Orange County we remain \nclosely connected to our local fusion center, and to \ninformation sharing and analysis centers. In addition, I \nroutinely invite security experts to conduct audits and testing \non our systems to identify vulnerabilities, and to propose \nsolutions. Electronic poll books must meet high-level security \nrequirements to be used in California, and my office has placed \nadditional requirements on potential electronic poll book \nsolutions. Data must be encrypted while in transmission, and \nwhile at rest. Nevertheless, not every election office has the \nresources that we have in Orange County. There are hundreds, if \nnot thousands, of election offices where only a handful of \ndedicated staff are on hand to run their jurisdiction\'s \nelections. To share the knowledge and experience----\n    Chairwoman Sherrill. Wrap it up quickly, please.\n    Mr. Kelley. Going quickly. I released the 2018 Election \nSecurity Playbook for Orange County elections, and I have \nattached that to my written testimony.\n    Chairwoman Sherrill. Thank you.\n    Mr. Kelley. And thank you, and I look forward to your \nquestions.\n    [The prepared statement of Mr. Kelley follows:]\n    \n[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]    \n    \n    \n    \n    Chairwoman Sherrill. Thank you. I appreciate it. Dr. \nSweeney?\n\n                TESTIMONY OF DR. LATANYA SWEENEY,\n\n                     PROFESSOR OF GOVERNMENT\n\n                  AND TECHNOLOGY IN RESIDENCE,\n\n          DEPARTMENT OF GOVERNMENT, HARVARD UNIVERSITY,\n\n            INSTITUTE OF QUANTITATIVE SOCIAL SCIENCE\n\n    Dr. Sweeney. Thank you, Chairwoman Sherrill, Ranking Member \nNorman, Chairwoman Stevens, Ranking Member Baird, and Members \nof the Committee. I\'m not going to--I presented a written \ntestimony I\'m not going to read from, and instead like to give \nyou just some highlights. Let me first tell you a little bit \nabout myself. I have a Ph.D. in Computer Science from MIT. I\'m \na Professor of government at Harvard University, and I was the \nformer Chief Technology Officer of the Federal Trade \nCommission. For the last 20 years, my research mission has been \nto scientifically investigate and reveal unforeseen \nconsequences of technology and its impact on society. I put \nnames to health data that was supposed to be anonymous at--and \nthat\'s cited in the preamble of HIPAA (Health Insurance \nPortability and Accountability Act), and it led to a new field \nof study called data privacy. I documented adverse racial \ndiscrimination in online ad delivery that\'s led to a new area \nof computer science study called algorithmic fairness. I \ntrained students to be these same type of technologists to work \nin the public interest, and my students have improved practices \nat CMS (Centers for Medicare and Medicaid Services), Facebook, \nAirbnb, just to name a few.\n    In 2016, we gathered together 50 computer scientists, and \nsocial scientists, and civil society organizations, and said, \nwhat are the most pressing problems? They made a list of 75. We \nthen asked them to tell us which problem did they think was the \nmost important for us to investigate for the year? They said \nelections. It was January 2016, and we began doing just that. \nWe found different kinds of problems around misinformation \ncampaigns, and things like that on the Internet they got--that \nwere brought to our attention.\n    Eventually, though, we began realizing how broad the \nelection system is. The surface area of it is huge. Every one \nof those boxes has its own nature of a vulnerability. And we \nare only--and the rest of my talk is only going to talk about \nwhat\'s in that upper left corner. It was motivated by what \nhappened in Riverside County during the primaries in 2016, in \nwhich Republican--it was a close primary. Republicans showed \nup, and instead of getting a Republican ballot, they got \neverything but--many--hundreds of them got everything but a \nRepublican ballot. There was no break-in, there was no database \nbreach, it just seemed like somebody changed all these records \nthrough the online system.\n    And so this idea that you could just change a voter\'s \naddress, which changes their polling place, which could \ndisenfranchise voters, not--in a primary, but just in the \ngeneral election, and there are other ways too, that if you \nimpersonate a voter, and you could go online, you could make a \nbig difference, whether you wanted to make a local impact on a \nlocal election, whether you wanted to shave points off of an \nelection, or whether you wanted to disrupt the election \naltogether. So that gave us a set of research questions, and we \ndug in. We found 35 States, and the District of Columbia, had a \nwebsite in which a person could change their voter registration \nonline. These were not always voter registration websites. Many \nof them were also from the Motor Vehicle Division as well.\n    As you can see, the big problem here is, how does the State \nknow who you are? In the case of Delaware, it--using this \nsystem, it was the first name, last name, date of birth, and \nzip code. But there are many places where I could find the \nname, date of birth, and zip code of people who live in \nDelaware. That--an alternative that used the driver\'s license \nand date of birth is another example from Alabama. This is the \nsummary for all of the websites that we found, and the \ninformation that they require. Most of them require some \ncombination of demographics, like name, or date of birth, or \nmaybe address. Some of them require some government-issued \nnumber, like a Social Security Number (SSN), or a part of it, \nor a driver\'s license number. None of them necessarily require \nall of them, or they were the same.\n    Second question, though, is where would you get this data? \nAnd we found no shortage of the availability of the data. You \ncould buy voter lists directly, you could buy voter lists from \nbrokers that had a lot of the information. Some voter lists \nwere just posted freely online. We surveyed about 500 popular \ndata brokers to get SSNs and other kind of information, and we \nwent on the dark web and found that you could find a disturbing \namount of information also, including all of the Social \nSecurity Numbers of Americans.\n    At the time, 11 of those websites had captchas, these ways \nto try to figure out who you were, but in 2016 every captcha, \nincluding the Google captcha you see at the bottom, could be \nautomated to be defeated. So with people who had virtually no \nexperience, with about one page of Python code, you could \nautomate an attack, and the cost of doing that, including the \nvirtual machines to do it, and to weight its time, turned--if I \nwanted to shave 1 percent of the voter information off of the \nvoters from that--from those locations, it would be $24,000 \nacross all of them. If I use name sources. It drops to 10,000 \nif I was willing to also use dark net information as well. \nWe\'re not saying that it did happen. We\'re just saying that \nthis is--it\'s possible to happen, and it\'s a real \nvulnerability. Homeland Security had recommended this kind of \nvulnerability assessment. We\'re happy that we were able to \nparticipate, and we are updating now as to what has been the \nresponse.\n    I\'d better stop there. Thank you.\n    [The prepared statement of Dr. Sweeney follows:]\n    \n[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]    \n       \n    Chairwoman Sherrill. Thank you. Mr. Ziriax?\n\n                  TESTIMONY OF MR. PAUL ZIRIAX,\n\n            SECRETARY, OKLAHOMA STATE ELECTION BOARD\n\n    Mr. Ziriax. Thank you very much. And I do want to thank my \nrepresentative, Ms. Horn, for the kind introduction. I am her \nconstituent, so I think that\'s a prerequisite when here, but \nthank you very much for that. I also want to thank the full \nCommittee Ranking Member, Mr. Lucas, who is also from Oklahoma, \nwho ensured my invitation here today. So, Chairwomen Sherrill \nand Stevens, and Ranking Members Norman and Baird, also \nChairwoman Johnson of the full Committee, and distinguished \nMembers of the Subcommittees, I want to thank you for the \nopportunity to testify today. My name is Paul Ziriax. I\'m the \nSecretary of the Oklahoma State Election Board, and the Chief \nState Election Official. Different from many States, Oklahoma \nhas a voting system that is uniform, and Statewide, owned and \ncontrolled by the State Election Board. Our system utilizes \npaper ballots that are hand-marked by voters, and counted by \naccurate, reliable, precinct-based optical scanners. And no \nmatter where you are in our State, voting is the same. We have \nthe same style of ballots, the same voting hours, the same \nstandards and regulations, and the same accurate optical \nscanners.\n    In my written testimony you can read much more about \nOklahoma\'s election system and procedures, including our \nrelatively low costs, the bipartisanship of the system, the--\nand the speed with which we are able to count ballots and \ncertify results. In my opinion, Oklahoma\'s uniform system helps \nmake it more secure, easier to maintain, more efficient, more \ncost effective, and more equitable to voters across our State. \nIn my written testimony you can read about our--security \nfeatures of the system, but we are very proud that our system \nis auditable and verifiable. At my request, my State \nlegislature passed a new law this year that authorizes post-\nelection audits beginning in 2020. But, as an election \nofficial, I do want to say, although I want to make voting and \nvoter registration as convenient and as accessible as possible, \nwe, as election administrators and policymakers, must be \ncautious about sacrificing too much security in the name of \nconvenience.\n    I will say, in 2017, when I learned from Homeland Security \nthat Oklahoma was unsuccessfully targeted--was one of the 21 \nStates unsuccessfully--or at least we were unsuccessfully \ntargeted, we have taken a number of steps to improve election \nsecurity. For example, our systems are actively monitored and \nprotected by our State Cyber Command. We joined several Federal \nand State agencies to create an election security working group \nto enhance communication and information sharing. We are \nmembers of the EI-ISAC, which is the election infrastructure \ninformation sharing network. We work closely with State Cyber \nCommand, NASED (National Association of State Election \nDirectors), and social media sites to help protect against \nmisinformation campaigns, and our county election boards are \nnow required to notify the State if physical intrusions or \ncyber incidents occur in their counties.\n    Now, speaking only for myself, I do want to offer some \nrecommendations. The VVSG, which was mentioned earlier, should \nremain voluntary, and should contain broad-based goals that \nStates can determine how best to implement. These standards, \nthough, must be flexible so that they can adapt to changing \nthreats and technology. Academia should work closely with \ncurrent election administrators so that its recommendations are \nviable in the real world of election administration. All of us \nin this room should take great care so as not to unnecessarily \nalarm the public, or cause distrust in elections, especially \nwhen discussing theoretical threats without noting actual \nprotections that exist against those threats.\n    Under our Federal system, the States should continue to \nadminister elections in our country. I do not believe that \nelection administration should be Federalized, and that--I \nbelieve that mandatory standards and certification procedures \nshould not be forced on the States. The Federal Government \nshould make technical assistance, best practices, voluntary \nstandards, and intelligence available to the States. Sustained \nFederal funding for election security, or for upgrading voting \nsystems, can be very helpful, but excessive mandates could \ncause States to refuse those Federal grants. When possible, I \nthink intelligence regarding election security threats should \nbe declassified quickly and shared with State and local \nelection officials. And I do believe that every State should \nuse voting systems that are auditable and verifiable, but that \nStates should determine the best methods for auditing their \nelections.\n    In closing, my biggest concern as an election official is \nprotecting the public\'s faith and confidence in the integrity \nof our elections. If citizens lose faith in our elections, then \nwe risk losing our very representative republic. Physical \nsecurity and cybersecurity are a great concern, but the easiest \nway to disrupt our elections, and what we\'ve already observed, \nis for our adversaries to sow discord and spread \nmisinformation. I encourage Federal policymakers to keep in \nmind that each State is different, and that imposing a one-\nsize-fits-all mandate on the States for election policies or \nsecurity procedures could be disruptive and expensive, and \ncould unnecessarily create an adversarial relationship at a \ntime when a cooperative partnership is needed. And, with that, \nI thank you for the time.\n    [The prepared statement of Mr. Ziriax follows:]\n    \n[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]    \n        \n    Chairwoman Sherrill. Thank you. Dr. Benaloh?\n\n                 TESTIMONY OF DR. JOSH BENALOH,\n\n            SENIOR CRYPTOGRAPHER, MICROSOFT RESEARCH\n\n    Dr. Benaloh. Thank you, and good afternoon Chairs, Ranking \nMembers, other Members of the Subcommittees. I very much \nappreciate the opportunity to speak before you this afternoon. \nMy name is Josh Benaloh. I\'m Senior Cryptographer at Microsoft \nResearch. My 1987 doctoral dissertation at Yale University was \nentitled ``Verifiable Secret Ballot Elections\'\', so I\'ve been \nworking on election technologies for an embarrassingly long \ntime. I also had the privilege and pleasure of serving \nalongside Neal Kelley on the National Academies\' recent report \non securing the vote, and appreciate that experience as well.\n    There are thousands of election jurisdictions in the U.S., \nover 8,000 by most counts, and most are very small, with very \nlimited resources. Threats come from nation-state sponsored \nadversaries, in many cases. This is an asymmetric battle. And \nwhile we have certainly a responsibility to harden our election \ninfrastructure to the extent that we can, we should recognize \nthat we cannot realistically make our election infrastructure \nimpervious to attack. While we cannot guarantee that attacks \ncan be prevented, we can guarantee that they\'re detectable. And \nthe National Academies\' report recommends pursuing two \ntechnologies that enable auditing that enables us to detect any \nattacks on our infrastructure. One is called risk-limiting \nauditing, the other is end-to-end verifiability.\n    Risk-limiting audits are an enhanced form of traditional \naudits, managed by, and overseen by election officials, ideally \ntogether with, in cooperation with, members of the public. They \nuse advanced statistical methods to make the auditing process \nmore effective and more efficient, and they have been piloted \nin many jurisdictions--probably about a dozen jurisdictions \naround the U.S. in recent years. End-to-end verifiability is \nsomething entirely different. It\'s a public means of auditing. \nIt\'s a method that allows any individual, after an election \ncloses, at any time to conduct an audit. There\'s no need to \nwait for election officials, for Judges to issue court orders. \nCandidates, members of the news media, interest groups, and \neven individual voters can check for themselves that the votes \nhave been counted correctly. Any and all tampering can be \ndetected. Not just external tampering, but even insider \ntampering, due to faulty equipment, or improper actions by \nelection personnel.\n    End-to-end verifiability effectively answers the question, \nhow can I trust the results of an election when I don\'t trust \nthe people or equipment on which the election has been run? \nThis is not a new technology. It has actually been around for \ndecades. Its seeds go back to the 1980s, but it has evolved \nduring that time, and improved, and become more efficient, and \nmore practical, and more friendly, and is ready for wide-scale \ndeployment at a time when I believe we most need it.\n    Just over a year ago, Microsoft announced its Defending \nDemocracy program, and as part of that, just last month \nMicrosoft announced its ElectionGuard system. Microsoft is \nworking with partners, including Columbia University, and a \nPortland company called Galois to build a free, open-source, \nsoftware toolkit that enables both end-to-end verifiability and \nrisk-limiting audits. This is not intended to replace existing \nsystems for counting votes. It goes alongside. It makes it \npossible to have an auxiliary verifiable count that is \nverifiable by anybody at all. We are working with many vendors \nto promote the adoption of this technology, and seeking \njurisdictions for initial pilots. The technical details will be \nreleased shortly, and the toolkit that enables this will be \navailable later this summer.\n    There are, however, regulatory challenges to making this \nhappen, and the NIST and EAC guidelines that are in existence \ntoday are somewhat old and dated. They don\'t recognize new \ntechnologies, they\'re not very flexible, so we very strongly \nsupport and encourage the adoption of the new VVSG 2.0 \nGuidelines that are in draft form, and hope they will be \nadopted very soon.\n    There are numerous other challenges facing our election \ninfrastructure: Technical, financial, educational, and others. \nCongress, in collaboration with States, can help to provide \nconsistent funding sources, and address many of the challenges \nwe face. Thank you very much, and I look forward to your \nquestions.\n    [The prepared statement of Dr. Benaloh follows:]\n    \n[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]    \n   \n    \n    Chairwoman Sherrill. Well, thank you. Before we proceed, I \nwould like to bring the Committee\'s attention to statements we \nhave received from the Brennan Center for Justice, the Center \nfor American Progress, and Verified Voting. We\'ve also received \nletters to the Committee from the National Election Defense \nCoalition, and Common Cause. These documents highlight \npriorities that Members of this Committee should consider as we \nlook to assist States in their election security efforts. \nWithout objection, I will enter these documents into the \nrecord.\n    At this point we will begin our first round of questions, \nand I\'ll recognize myself 5 minutes.\n    So first I\'d like to start, if I could, with Mr. Kelley. In \n2018, my home State of New Jersey received a HAVA Election \nSecurity grant of nearly $9.8 million. So with this money, I\'m \nhappy to report we plan to purchase a number of voting systems \nthat use a voter-verified paper trail audit, I\'m sorry to \nreport that New Jersey does not have that at this time, and to \nconduct a number of pilot programs with new systems. So what \nadvice would you have for a State that decides to scale up \ntheir post-election audit pilots to a Statewide application?\n    Mr. Kelley. Well, thank you, Madam Chair, for the question. \nI would have to go back to the discussion on risk-limiting \naudits, and, using that as really the benchmark for \nauditability post-election. In California we use two auditing \nfunctions right now. One is the 1-percent audit, which audits 1 \npercent of the precincts, the ballots that are cast within \nCalifornia, and then the second is the option of conducting a \nrisk-limiting audit. Opening that up in a Statewide function, \nlike we are in California, I think is the proper way to go, \nbecause it does give you that extra look and comfort at \nauditing functions post-election, when, even if you\'re manually \ncounting the ballots, this gives you that extra added security \nand assurance that those audit--that the ballots are counted \ncorrectly.\n    So when you\'re looking at ramping up an auditing function, \nI think risk limiting audits is certainly the way to go. And \nthere are so many States, and counties, and jurisdictions right \nnow that don\'t utilize any auditing function, let alone a risk-\nlimiting audit.\n    Chairwoman Sherrill. Thank you very much. And, Dr. Sweeney, \nwith the money we received, we\'re also making plans to allocate \nfunds to implement any necessary changes to the Statewide voter \nregistration systems. I know NIST and the National Academies \nhave a lot of recommendations for how to do this. And, given \nyour experience examining vulnerabilities in a broad swath of \nvoter registration systems, what do you think are some of the \nmost important first steps that New Jersey can pursue with \nthese funds?\n    Dr. Sweeney. Well, there\'s two sides. A lot of--my \ncolleagues on the panel have really focused a lot on \ntraditional--cybersecurity kinds of threats. Break-ins, ways \nthat the data could be tampered with, changing the flow of the \ndata. The example that I gave is not a break-in, it\'s the \nopposite. It\'s the--a fundamental problem we have in the United \nStates about identifying citizens, or identifying Americans, \nor--and it\'s on--and how do we go about doing that when so much \nof the data on Americans is so publicly available?\n    And the study also gives us a hint at what was the best \nanswer. Texas was the most difficult of the States, and it\'s \nbecause it used driver\'s license numbers, but it also used the \nnumber that was printed on the surface of the driver\'s license \nitself. It wasn\'t enough for us to stop the attack, but it \nlimited--it raised the cost, because the only place you could \nget scans of actual driver\'s license to get those numbers was \non the dark web. They weren\'t--that--those extra numbers \nweren\'t available elsewhere. So that gives us a sense of a way \nforward. Intrusion--and also intrusion detection would be \nhelpful.\n    I would just say one more thing to New Jersey, and that is \nthe idea of independent assessments are really important. If--\nwe went through this with healthcare. If you build a system, \nand you say, this is what my security people say is good, and \nyou test it, you\'re testing what you built it for. What we do \nis--and the reason you do independent assessment is the things \nyou never thought of. It\'s a surface area you can\'t possibly \nthink of. And the second part of that is whether or not New \nJersey then--if a vulnerability is found, is--how robust is the \nresponse by New Jersey? We learned in the healthcare industry \nthat if the hospitals just try to pretend it didn\'t happen to \nreassure everyone, that that\'s not nearly as good as a hospital \nwho says, I had this vulnerability, we fixed it up, now we\'re \nready to go. That kind of robust response is much more \ntrustworthy. So I would recommend that approach.\n    Chairwoman Sherrill. Thank you very much. And then, Dr. \nRomine, I have some straightforward questions for the record \nfor you. Does NIST currently have the legal authority to \ndevelop technical guidelines for electronic poll books?\n    Dr. Romine. Thank you for the question. Under the Help \nAmerica Vote Act, the work that we do with the EAC is \nconstrained to voting systems, which are defined more narrowly. \nHowever, we do have a broad mandate for cybersecurity for a \nbroader number of systems, and in the COMPETES Act (America \nCreating Opportunities to Meaningfully Promote Excellence in \nTechnology, Education, and Science) we have more authorities \nthere for cybersecurity in those systems.\n    Chairwoman Sherrill. Thank you. And what about for voter \nregistration databases and local election websites?\n    Dr. Romine. That would be the same answer. Not under HAVA, \nbut under other authorities that we have, we could do work \nthere.\n    Chairwoman Sherrill. And same answer for election night \nreporting systems and ballot reconciliation methods?\n    Dr. Romine. That\'s correct.\n    Chairwoman Sherrill. All right. Well, thank you very much. \nThank you all. Now I\'d like to, sorry, turn it over to Ranking \nMember Norman for 5 minutes.\n    Mr. Norman. Thank you, Chairwoman Sherrill. Secretary \nZiriax, the substitute amendment to H.R. 2722 appears to \ncontain several provisions that pertain to the administration \nof elections, as opposed to election security. To me, it \nappears that these election administration provisions are a \nFederal overreach that really encroach upon the function of \nState and local election administrators and their job. What are \nyour thoughts about the bill? And, as an example, it looks like \nthe bill requires paper ballots to be printed on recycled paper \nproduced in the United States. And is that your read of the \nbill, and what would a mandate like that mean for Oklahoma?\n    Mr. Ziriax. Well, in general let me say that when I was \nworking with one of my home State Senators, and I apologize for \nmentioning a Member from the other body, but Mr. Lankford, when \nhe was working on some election security, I told him many of \nthe same things I\'m about to tell you, that I do believe that \nit\'s important to remember the differences between different \nStates. The recycled paper, for example, I personally--I--it is \nin the bill, I did read it there. I\'m not exactly sure what the \nsecurity purpose of that is. I know that with our current \nvoting system, it cannot use recycled paper because of the \nsensitivity of the scanners, and what--if we were required to \nuse recycled paper, it would actually run the risk of causing \nfalse readings.\n    Mr. Norman. Well, in your opinion, do you think the \nelection administration provisions of the bill reach too far \ninto the administration of elections, which really is \ninherently a function of each State?\n    Mr. Ziriax. I--in general, I think broad guidelines are \nbetter, and leaving specific decisions are better in the hands \nof the State.\n    Mr. Norman. OK. Mr. Kelley, you briefly discussed VVSG 2.0, \nand how it is structurally distinct from previous iterations of \nthe VVSGs. Specifically, you indicated that the new structures \naimed at providing high-level principles and guidelines on \nfunctions that are incorporated into devices that make up a \nvoting system. From the perspective of State and local election \nofficials, do you think the high-level approach taken by the \nVVSG 2.0 provides a more workable and implementable set of \nguidelines when compared to the previous iterations?\n    Mr. Kelley. Yes, sir, thank you for the question. Actually, \nfrom the standpoint of security, reliability, usability, and \naccessibility, I definitely believe that. The principles and \nguidelines are high-level. They are certainly a good road map \nfor heading down that path, but they\'re not in the weeds. \nThey\'re not the test assertions, they\'re not the requirements. \nSo, as it stands, those principles and guidelines in VVSG 2.0 I \nthink are light years ahead, sir, of where we were.\n    Mr. Norman. OK. And, Secretary Ziriax, based on your \nexperience, do you believe that a high-level approach is more \nworkable and implementable, and is this the right approach?\n    Mr. Ziriax. That--in my opinion, yes. I\'m very supportive \nof the VVSG 2.0 guidelines that are out there. Although I\'m not \nspeaking for the National Association of State Election \nDirectors, NASED, I am a member, and I know that they have \nexpressed concerns about a second part of that, where I know \nthe EAC is seeking to vote on the actual testing standards. \nAnd, you know, my concern there is that, with the--with what \nwe\'ve seen in the past, with the lack of a quorum at the EAC, \nyou run the risk then of getting stuck, as we currently are, \nwith out-of-date standards.\n    Mr. Norman. Thank you. And, Dr. Romine, in layman\'s terms, \ncan you describe what the election profile to the cybersecurity \nframework is, how it functions, and how it stands to help State \nand local election officials fortify their election systems?\n    Dr. Romine. Yes, sir. The cybersecurity framework that was \nspearheaded by NIST, and is now being adopted around the world, \nis a high-level document that is applicable and scalable to a \nwide variety of different sectors of the economy, for example. \nIn order to be maximally useful to a specific sector, and in \nparticular the critical infrastructure sectors that include the \nelection infrastructure, certain tailoring needs to be done to \nthe cybersecurity framework to make it maximally effective, and \nthat\'s what we\'re actually working on right now. So it\'s \nessentially making sure that we make decisions that are \npredicated on the needs of a particular sector.\n    Mr. Norman. Great. Thank you so much. You all have been \nvery responsive, and thank you for your questions. I yield \nback.\n    Chairwoman Stevens. Thank you, Mr. Norman. The Chair will \nnow recognize herself for 5 minutes of questions. And, \ncertainly, we--we\'re capturing the nuance here, and how \nimportant the R&D is, and the trustworthiness, and the honesty, \nand the integrity of our election systems. I represent a \nsuburban district in southeastern Michigan, and after the 2016 \nelection, Michigan replaced its aging voting machines in \nbasically every county in the State, spending $40 million in \nState and Federal money to do so, and it\'s one of at least four \nStates, along with Florida, Illinois, and Wisconsin, that use \ncellular modems to transmit unofficial election results. And \nMichigan officials have said that the State\'s election machines \nare not connected to the Internet, eliminating a major hacking \nrisk. Our Secretary of State, Jocelyn Benson, has implemented a \nSecurity of Elections Commission, a first of its kind \ncommission. That\'s coming into formation this year. She\'s a \nnewly won Secretary of State whose come in and put in that \ncommission.\n    So Michigan voters are using paper ballots that run through \nan optical scan voting system, and, as we\'ve noted, this week \nthe House is considering H.R. 2722, Securing America\'s Federal \nElections Act, which would require paper ballots and manual \ncounting by hand or optical scanning systems, which is sort of \na nice springboard to what we\'re doing here today, which is \ndigging into the technology, talking about the R&D, relying on \nyour expertise is a really robust panel. So--and there\'s \nobviously some, you know, ongoing debate about the use of \nmodems and Internet connectivity in elements of the election \nsystem.\n    NIST has named this as one of its ``open areas\'\' still \nbeing considered in its ongoing efforts to update its Voluntary \nVoting System Guidelines. And so, Dr. Romine, can you just tell \nus where NIST is headed with this? Will NIST give us an \naffirmative finding about whether voting systems should avoid \nwireless and cellular modems, and minimize Internet \nconnectivity?\n    Dr. Romine. Thank you, Madam Chairwoman. First I\'d like to \nmention that the VVSG--the Guidelines that I\'ve described are \nnot solely NIST guidelines, but we\'re in partnership with the \nEAC, and with the TGDC, which is the advisory committee, so \nthere\'s a number of people involved in the guideline \ndevelopment. But certainly in the Principles document in VVSG \n2.0 we talk about some of the concerns regarding Internet \nconnectivity, for example, actually, in VVSG 1.1 we talk about \nthose concerns. We\'ve had guidelines in the past, you talked \nabout the paper ballots, about auditability. In the Guidelines \nthat we put out, we\'re not specific on the way that you can \nobtain auditability. We just try to ensure that auditability is \navailable.\n    With regard to cellular modems, or any specific technology, \nwe don\'t get into that level of detail, but we do talk a lot \nabout the importance of Internet connectivity for voting \nsystems as being a challenge to be managed.\n    Chairwoman Stevens. Dr. Benaloh, would you say that--the \ngeneral opinion of the computer science community, as to \nwhether the risks of Internet connectivity and wireless access \ncan be adequately mitigated?\n    Dr. Benaloh. I think the consensus is that--not at this \ntime. There has been a good deal of exploration of use of \nInternet technologies associated with voting equipment, and \nthere have been some studies looking at possibilities of how \nthis might be done, and I believe the consensus is it would be \npremature to apply any of those technologies today.\n    Chairwoman Stevens. Yes. And, Dr. Romine, you know, each \nfiscal year, NIST receives, you know, about the $1 to $2 \nmillion in appropriations transferred from the EAC budget to \nconduct its voting research, if I have that right, and testing, \nwork required, you know, under HAVA, and these annual funds \nhave been declined, even as needs have grown. How many NIST \nstaff work on the NIST voting system project?\n    Dr. Romine. We have five Federal employees in my \nlaboratory. Four of those are part time, one is full time, and \nthen we have approximately four contractors working with them. \nThat\'s the extent of our capacity currently to address these \nissues.\n    Chairwoman Stevens. And, under those circumstances, how do \nyou prioritize your voting technology efforts, given limited \nresources and constrained staffing?\n    Dr. Romine. Well, I\'d like to point out that the activities \nthat we have in cybersecurity are considerably larger than this \none effort, and many of the activities--the research activities \nthat we engage in are applicable in some ways to voting \nsystems, and in particular to the more traditional systems, \nlike the voter registration systems, which are much more \nsimilar to mainstream IT systems. So we do leverage a lot, and \nI\'d just like to say we\'re very proud of what we do with the \nresources that we have.\n    Chairwoman Stevens. We\'re proud of you, too. And we\'re also \nproud of your fabulous description of NIST in your opening \ntestimony. We must have faith in our government, we must have \ncourage, we must stick to our principles for the people, by the \npeople. I don\'t even say bipartisan. I talk about the things \nthat bring us together as a body. And, with that, I\'m going to \nyield back, and I\'m going to call on my fabulous colleague, Dr. \nJim Baird, for his 5 minutes of questioning.\n    Mr. Baird. Thank you, Madam Chairwoman. Was that part of my \ntime you were using? Dr. Romine, when you look at your \nknowledge, and your experience, and the number of times you\'ve \nbeen here, maybe I should just allow you to decide what \nquestion you would like to answer. But I\'m not going to do \nthat. Here\'s a question. You know, in past testimony you \nmentioned the importance of collaboration with stakeholders in \nthe realm of elections, and to be successful in creating \nvoluntary standards. How often does NIST meet with election \nofficials, with industry, outside technical experts, and \nadvocacy groups, and what\'s been produced as a result of these \nmeetings, in your opinion?\n    Dr. Romine. Thank you for a question that allows me to brag \nabout NIST a little more. I appreciate that very much. The \nsubcommittee meetings I talked about, and the various task \ngroups have meetings, virtual meetings, biweekly, in some cases \nweekly. The level of engagement is high, the amount of \nparticipation is high. The work that we\'re doing on the \ndevelopment of the Guidelines, and in the cybersecurity profile \nthat I talked about, the cybersecurity framework profile, is a \ntestament to the productivity of those activities. We work \ncollaboratively with the Department of Homeland Security, and \nobviously with the EAC, in tackling some of these challenging \nissues with regard to security of many kinds, but security of \nour election systems in particular.\n    On the industry front, we have strong collaborations. One \nof the secrets of NIST is, because we\'re non-regulatory, I like \nto say aggressively non-regulatory, we have a very strong \nworking relationship with industry in many, many different \nsectors of the economy, and certainly we have strong \nrelationships with the election vendors as well.\n    Mr. Baird. Thank you. Dr. Ziriax, in your written testimony \nyou described how efficient Oklahoma\'s election system is, and \nyou state that the efficiency of Oklahoma\'s voting system is by \ndesign. How can we, at the Federal level of government, ensure \nthat you get what you need to bolster the security of \nOklahoma\'s election system without reducing the efficiency that \nyour system has designed to achieve?\n    Mr. Ziriax. I\'m very proud of our system, as I mentioned \nearlier. It\'s paper-based, it is auditable, it is verifiable. \nWe use optical scanners. We have since the early 1990s. That\'s \nwhen we first developed our Statewide uniform system. In my \nopinion, the best thing that Congress can do is to help ensure \nthat we have the resources from, you know, various Federal \nagencies for help. One of the things that I\'m very proud of is \nthe working relationship that we have with local, Federal, and \nState officials, Department of Homeland Security--both State \nand Federal--FBI, our State Cyber Command. They, and others, \nare all part of an election working group that we have, and I \nthink making sure that those various entities and agencies have \nthe resources to work with their local and State election \nofficials is very important.\n    Mr. Baird. Thank you, and I have one more question for you. \nIn your closing remarks, you said that the Federal policymakers \nshould keep in mind that each State is different, and that \nimposing one-size-fits-all would be disruptive, expensive, and \ncould create an adversarial relationship between State and \nlocal officials at a time when cooperation and partnership is \nvery much needed. So how can we best help States improve the \nsecurity of their election systems without encroaching on their \nConstitutional prerogatives, and at the same time ask any other \nthings that you might consider important?\n    Mr. Ziriax. Well, thank you for the question. You know, \nOklahoma is different from other States. My State has a little \nover two million registered voters. I believe Mr. Kelley\'s \ncounty has about two million registered voters. I have counties \nin my State with fewer than 1,500 registered voters that are \nstaffed by one county election board secretary and one staff \nperson. And I think, you know, you have to keep in mind that, \nas you\'re looking at election legislation, the broader that you \nmake any requirements, the more that you leave to local and \nState election officials to decide how to implement those, the \nbetter we can make it work for our States.\n    I know that--I believe in Oklahoma we know more how to run \nelections in our State than, you know, someone from Washington, \nD.C., or maybe a college professor from another State, for \nexample.\n    Mr. Baird. Thank you, and I\'m out of time, so I\'m sorry I \ndon\'t have questions for the other three of you, but thank you \nfor being here.\n    Chairwoman Stevens. Thank you, and the Chair now recognizes \nMr. Tonko for 5 minutes of questioning.\n    Mr. Tonko. Thank you, Madam Chairwoman, and thank you for \nholding this hearing, and thank you to our witnesses for \njoining us. Election security goes to the very heart of \nAmerica\'s ideal of government, of the people, by the people, \nand for the people. We need look no further for evidence of \nthis fact than the widespread, well-documented, and ongoing \nattacks of America\'s adversaries on our election systems. Our \nenemies recognize the power of our elections, and we must do \nthe same.\n    Today is Primary Day in the State of New York, and I am \nreassured that New York State has been taking election security \nseriously. I\'m deeply concerned about the U.S. intelligence \nreports that 21 State election systems were targeted by Russian \nhackers during the 2016 election cycle. I agree with Special \nCounsel Mueller that all Americans should be concerned about \nthe multiple systematic efforts to interfere in our election. \nThis must be a wakeup call for all of us.\n    Assuring the principle of one person, one vote requires \nbalancing security and accessibility. In developing election \ntechnology, it is crucial that the technology be both secure \nand accessible for blind Americans, for people with other \ndisabilities that can make it harder to vote. In election \ninfrastructure, there may be places where security and \naccessibility seem to compete with one another.\n    So, Mr. Kelley, is this the case? Are there places where \nthe needs of blind voters, or voters with disabilities, are at \nodds with some of the efforts that have been undertaken to \nmodernize election infrastructure?\n    Mr. Kelley. Thank you, sir, for the question, and I think \nat times in the past that was the case. I think with \ntechnology, and where we are today, we do have the capability \nto produce paper ballots that can be used by voters with \ndisabilities, and can be verified by voters with disabilities. \nAnd I would say the one area where they probably still \nintersect which is a little bit difficult is the remote \ntransmission of ballots to individuals who are voters with \ndisabilities. That\'s an area of concern that I think we need to \nkeep an eye on, and security\'s very important in that regard. \nBut I agree with you, sir, we can\'t lose sight of making sure \nthat it\'s accessible at the same time.\n    Mr. Tonko. So that technology gap that you just identified, \nis that resolvable, or----\n    Mr. Kelley. I believe it is. I think we\'re at a point now \nwhere we can transmit the ballot directly to that voter, it can \nbe verified, and marked, and printed out, and then mailed back, \nso there\'s no transmission of that ballot over the Internet, or \nover any network. So I do think it\'s solvable, yes, sir.\n    Mr. Tonko. Thank you. And, Dr. Benaloh, did I say that \ncorrectly?\n    Dr. Benaloh. It\'s Benaloh.\n    Mr. Tonko. Benaloh, thank you. Based on Microsoft\'s work \nwith election officials, what do you believe is the current \ncybersecurity posture and readiness of the average State \nelection office, and is there even an average, or any--or are \nthings all over the place?\n    Dr. Benaloh. I think it would be hard to define an average \nof any kind. States are--and local jurisdictions are certainly \nworking to try to improve things, but there is certainly a lot \nmore that can be done, and we are hoping that, with consistent \nfunding, new technologies, new--a new regulatory environment \nwe\'ll be able to enact better systems, with better \ntechnologies, that can better protect the American voter.\n    Mr. Tonko. And, Mr. Ziriax, what are the election security \nconcerns that keep you up at night going into 2020?\n    Mr. Ziriax. When I\'m--there are really three potential \nthreats that we face. One is misinformation. That has happened. \nI think it continues to happen. Obviously cyber intrusions. And \nI haven\'t heard anyone yet today mention physical security. You \nknow, you could have physical security threats at polling \nplaces, or at election offices, but all three of those things \nare things that we should be concerned about, and, in my \nopinion, should work together--State and Federal officials \nfinding common ground about how to move forward.\n    Mr. Tonko. Thank you. And, Mr. Kelley, what about you?\n    Mr. Kelley. I would just add to that, I definitely agree \nwith what he\'s saying. Cyber, physical, but I would also add \nsocial. One of the things that keeps me up at night is how well \ntrained are my election staff to make sure they\'re not clicking \non links they shouldn\'t be clicking on? And----\n    Mr. Tonko. OK.\n    Mr. Kelley [continuing]. That\'s really in the weeds, I \nknow.\n    Mr. Tonko. Thank you. And, Mr. Kelley, help us understand \nhow the paper trail works, and why it is important. When you \ntalk about establishing a paper trail in all voting \njurisdictions, what does that paper trail look like, and why \ndoes it need to be readable by humans?\n    Mr. Kelley. Yes, sir. So I\'ll just give you a quick \nexample. In California, we\'re required to have a paper trail in \nour electronic voting booths, and that paper trail prints out, \nthe voter can look at that, and see what their selections were \nbefore casting their ballot. They don\'t take that with them, \nbut it\'s included as part of the official record. The reason \nthat\'s very important is because that is the official record. \nWhen you go back in a recount or an audit, you\'re looking at \nthat paper record. You\'re not looking at the cast vote record, \nor the electronic portion of that ballot cast, so it has to be \nhuman readable so anybody looking at that can determine what \nare the true results here?\n    Mr. Tonko. Thank you. Thank you very much. And, with that, \nI yield back, Madam Chair.\n    Chairwoman Stevens. Thank you. And now the Chair would like \nto recognize Mr. Balderson for 5 minutes of questioning.\n    Mr. Balderson. Thank you, Madam Chair. Good afternoon, \neveryone, thank you all for being here. Dr. Romine, my home \nState of Ohio is requiring all 88 counties to request a risk \nassessment from the Department of Homeland Security by next \nmonth. Can you speak how the suggestions NIST lays out in the \nVoluntary Voting System Guidelines can mitigate common mistakes \nfound in DHS\' assessments?\n    Dr. Romine. I\'m not sure that I would do exactly that. What \nI can say is the Guidelines that we promote through the EAC are \nintended to guide election officials to understand what the \npriorities are. The DHS program of assessment is an independent \nactivity that I think is valuable to many localities in trying \nto determine whether they have adequately protected and thought \nof all of those particular issues.\n    Mr. Balderson. OK. Thank you. My next question is for Dr. \nBenaloh. Dr. Benaloh, does an end-to-end verifiable system, \nlike has been suggested by some, replace current technologies, \nor can it be used alongside them to ensure integrity in our \nelection system?\n    Dr. Benaloh. It can absolutely be used alongside. End to \nend verifiability offers an independent pathway by which voters \ncan check for themselves that the election results are correct. \nIt doesn\'t need to replace current systems at all. It can be \nentirely separate and parallel.\n    Mr. Balderson. Thank you very much for your answer. Madam \nChair, I yield back my remaining time.\n    Chairwoman Stevens. Thank you to the gentleman from Ohio. \nAnd at this time the Chair would like to recognize Mr. Beyer \nfor 5 minutes of questioning.\n    Mr. Beyer. Thank you, Madam Chair, very much. And thank you \nvery much for holding this long overdue hearing. Last Congress, \nI repeatedly asked our former Chair to hold hearings on \nelection security after all of the reports about Russian \ninterference, and now, certainly, our fears have since been \nconfirmed. They\'ve been verified, and I\'m really concerned that \nthe Trump Administration and the Senate Majority Leader refuse \nto take action.\n    You know May 2017, President Trump announced the bipartisan \nPresidential Advisory Commission on Election Integrity, and \nappointed Kris Kobach as his Chair, despite what we now know \nabout his concerns about his connection to white supremacy. And \nthe formal charge of the commission was to investigate voter \nfraud. This is the step that Mr. Trump took after making the \nunsubstantiated--claim that three to five million people voted \nfraudulently in the 2016 election, and it appears the primary \npurpose of this commission was just to try to support that \ncontention that he had somehow won the popular vote. In one of \nits only actions, the commission asked States to send in all \ntheir voter registration lists, including personal information \nlike Social Security Numbers. In return, the commission mostly \nreceived just lawsuits, and then Trump decided to disband it.\n    Mr. Kelley, as an election administrator, and a general \nexpert with a lot of experience, how frequently do we see \nactual voting fraud, where individuals actually cast fraudulent \nvotes?\n    Mr. Kelley. Well, thank you, sir. I can speak to my \njurisdiction only, and in Orange County there have been very \nfew prosecutions for voter fraud in general. I will tell you \nthe majority of those have been under voter registration, so \nindividuals who are out registering individuals to vote, they \nmay change information on the voter registration cards. We have \nnot seen any instance of in-person voter fraud, where someone \nwould show up in a polling place and present themselves as \nsomebody other than who they say they are. It\'s mainly been on \nthe voter registration side. In the last 15 years I would say \nthere\'s about five to six instances that have been prosecuted.\n    Mr. Beyer. Yes. In 40 years of doing politics in Virginia, \nI can remember exactly one instance that at least made it to \nthe newspaper, and that was a former State Senator who had \nmoved between his last election, voted one place, and then \nforgot, and voted the other place. He pled guilty, and was--can \nany of our panelists explain to use concisely the difference \nbetween voter fraud and election fraud? Is there--then let\'s \nmove on. How about Dr. Benaloh? Given what we learned today \nabout the information about the security and vulnerabilities in \ndata, how much risk would there have been if the States had \ncomplied with the commission\'s request, and sent in all that \ndata, including Social Security Numbers?\n    Dr. Benaloh. It\'s very hard to say. Much of the data, I \nbelieve, that was requested was public, but certainly there \nwere non-public data that were requested. The more hands that \ntouch sensitive data, the more exposure there is, and \ntransporting is always a somewhat risky endeavor, but it can be \ndone well. It should be done well.\n    Mr. Beyer. Mr. Kelley and Mr. Ziriax, you\'re both on the \nfront lines. Do you feel you\'ve received enough resources to be \nfully prepared for the 2020 election?\n    Mr. Kelley. No, sir. I think we\'ve made tremendous strides \nin the right direction, but I think funding is always an issue. \nI will say that I am grateful for the funding that we have \nreceived, because we\'ve been able to start securing new systems \nin California, and that will be a leap forward for 2020. But I \nwould never sit here and tell you, sir, that we\'re 100 percent.\n    Mr. Beyer. And Mr. Ziriax?\n    Mr. Ziriax. Thank you for the question. In the election \nbusiness, we never have enough resources, no matter which \nparticular issue you\'re talking about, I think. But in general \nI\'m very grateful for the Federal funds we\'ve received. We--\njust as we were with our initial HAVA funds, have been actually \na little slow to spend the security funds that were granted \nlast year. We\'ve actually begun by spending our State match \nfirst, but--and while we do have a list of items we provided \nthe Election Assistance Commission, we\'re actually reviewing \nthose with our State Cyber Command, because there may be some \nadditional changes that would be more cost-effective, given the \nlimited dollars. But I would repeat what I said in my opening \nstatement, sustained funding is better, and the fewer the \nmandates, the more likely you are to get State participation in \nthe grant process.\n    Mr. Beyer. Ok, great. Well, thank you very much, and thanks \nfor being here this afternoon. Madam Chair, I yield back.\n    Chairwoman Stevens. Thank you to the gentleman from \nVirginia. At this time the Chair would like to recognize Mr. \nGonzalez for 5 minutes of questioning.\n    Mr. Gonzalez. Thank you, Madam Chair, and thank you, \neverybody, for being here today on this incredibly important \ntopic. To Mr. Ziriax and Mr. Kelley, you both have unbelievably \nimportant and critical jobs in securing our democracy, and I \nthank you for your service to your States, and by default to \nour country. We in Ohio have an outstanding Secretary of State, \nFrank LaRose, and I share Mr. Ziriax\'s opinion that I have no \ninterest in dictating to him how to do his job. I trust him, I \nvoted for him, as did many Ohioans, and I think it\'s our \nresponsibility, at the Federal level, to empower you to do your \njob as effectively as possible. And, specifically, one area \nwhere I think we can do a better job at the Federal level is \nhelping on a cybersecurity standpoint.\n    Dr. Benaloh, I want to start with a question for you. One \nthing we hear on the Financial Services Committee, on that \nCommittee, and across industry, is if you don\'t believe you\'ve \nhad a cyber attack, it\'s because you\'re just not aware of it. \nWould you share that opinion?\n    Dr. Benaloh. I think that\'s a reasonable adage. I\'m sure \nthere are exceptions to that, but not knowing--not having seen \nan attack does not mean that it, in fact, did not happen. \nThat\'s certainly true.\n    Mr. Gonzalez. Absolutely. And then I guess my follow up, \nthen, for Mr. Ziriax is, with that in mind, how can we better \nequip you, how can we better prepare you for the coming \nelection, and going forward, from a cybersecurity standpoint?\n    Mr. Ziriax. Thank you for the question. In my opinion, \ncontinuing the Federal partnership that we have locally is \nsomething that is going to be very helpful. I know that our \nlocal FBI field office, local Department of Homeland Security \nofficials have been very helpful, whether it\'s sharing \nintelligence, whether it\'s providing physical security \nassessments, and I think making sure that those functions are \nfunded, and perhaps staffing is expanded. There are only two \nU.S. Department of Homeland Security officials, I believe, in \nthe entire State of Oklahoma, and one of them is attached to \nour State Fusion Center.\n    But, you know, for me personally, I think making sure that \nfunds are available, and not just funding, but the expertise \nand resources are available to election officials to help us \nsecure our own systems.\n    Mr. Gonzalez. Thank you. And, Mr. Kelley, same question.\n    Mr. Kelley. Yes, sir. Similar answer, but I would tell you \nthat in California we have 58 counties. Most of those counties \nhave not taken full advantage of all of the services that DHS \nhas to offer. I\'ve done that in Orange County, but I think \nadditional resources for training and pushing that--those \nresources out is very important, and the backlog, because it\'s \ntaken a little bit of time.\n    Mr. Gonzalez. Got it. And then switching to VVSG generally, \nand then 2.0, Dr. Romine, it strikes me that one of the hardest \nparts of this is we are playing an asymmetric dynamic game, \nessentially, right? You\'re only as good as kind of the last set \nof guidelines that you\'ve articulated, and the hackers are \nalways kind of one step ahead. And so, with that in mind, I \nguess how should we think about updating your mandates, from a \nVVSG standpoint, to make sure that we are ahead of the game, or \nat least not, you know, in this world where we\'re doing it \nevery couple years? It seems like we\'d want to be continuously \nupdating this information.\n    Dr. Romine. Thank you for the question. I think you\'ve just \narticulated one of the reasons why the high-level principles \napproach to VVSG 2.0 was the way that we felt most comfortable, \nbecause at the high-level principles, they\'re not necessarily \naffected by changes in technology more than specific guidelines \nwould do, and it gives you the opportunity to frame how you can \nsecure the systems at a higher level.\n    Mr. Gonzalez. Great. Dr. Benaloh, same question.\n    Dr. Benaloh. Yes. I think the high-level principles and \nguidelines are very valuable, and they afford the opportunity, \nif it is taken, to formally adopt just the high-level \nprinciples, which are far more enduring, and allow \nadministrative revision of the detailed requirements of VVSG to \nbe made and adjusted, as necessary, over time to accommodate \nchanging circumstances.\n    Mr. Gonzalez. Fantastic. Thank you, and I yield back.\n    Chairwoman Sherrill. Thank you. Ms. Wexton for 5 minutes.\n    Ms. Wexton. Thank you, Madam Chair, and thank you to all \nthe witnesses for coming to testify today. I also want to thank \nthe Chairwomen for holding this hearing. This is a topic that\'s \ncritical to both our national security and the integrity of our \ndemocracy, so I\'m very delighted that we\'re having this \nhearing.\n    Now, my home State of Virginia was one of the States that \nwas targeted by Russian hackers in the 2016 election, and at \nthe time we were using direct recording devices, or paper-free \nvoting machines, although paper ballots were available in many \npolling places. And my State has now transitioned back to using \npaper ballots, and they expedited that transition as a result \nof the hacking attempt, but it seems like NIST has been \nsounding the alarm about insecure voting machines for a long \ntime.\n    In the 2007 discussion draft paper of--to the EAC, a \nsubcommittee of the Technical Guidelines Development Committee \nwrote, NIST does not know how to write testable requirements to \nmake direct recording devices secure, and this recommendation \nis that the DRE, in practical terms, cannot be made secure. Is \nthat familiar to you, Dr. Romine?\n    Dr. Romine. It is.\n    Ms. Wexton. OK. And in 2011, the NIST working group on \nauditability concluded that voting systems that do not provide \na voter-verified paper ballot will be vulnerable to \nundetectable hacking, and cannot be audited effectively for \nerrors in the vote count. Is that also familiar to you?\n    Dr. Romine. It is.\n    Ms. Wexton. OK. So--but it doesn\'t seem clear--seem to be \nclear that election officials at the State and local levels are \ngetting that warning, NIST\'s warning, and the alarm bells that \nyou guys are sounding about the inherent insecurity about \npaperless DRE (direct recording electronic) systems. Even the \nformer Chair of the EAC, Tom Hicks, testified to the House \nHomeland Security Committee earlier this year that a \ncompromised DRE could be effectively audited to discover a \nmanipulation. Were you aware of that testimony?\n    Dr. Romine. I believe I was on that same panel.\n    Ms. Wexton. OK. Can you explain that discrepancy, or did \nyou agree with that statement by the--by Mr. Hicks?\n    Dr. Romine. So I don\'t remember the context in which he \nmade that statement. I think possibly what he was alluding to \nwas a collection of recommendations for auditability that might \ninclude risk-limiting audits. So there are certainly \nopportunities for advanced statistical analysis to be able to \nreveal the potential presence of anomalies in voting, but I \ndon\'t remember exactly whether he was endorsing fully paperless \nballots or not.\n    Ms. Wexton. So going forward, how can we ensure that NIST\'s \nresearch and conclusions regarding the security and \nauditability of DREs are given due attention and shared \neffectively with election administrators to inform policy?\n    Dr. Romine. We have strong relationships with the National \nAssociation of State Election Directors, NASED, and other \nvenues for State officials, and we talk regularly with them. \nMany of the stakeholders participate in the working groups, the \ncybersecurity working groups, a working group that I alluded to \nearlier, with 175 members. So we\'re getting the word out. \nThere\'s some awareness building. The principle guideline, from \nour perspective, is the necessity of an audit mechanism. Our \nGuidelines don\'t specify how that audit mechanism is to be \ndone, but the importance of auditability is essential, and our \nguidelines reflect that.\n    Ms. Wexton. Very good. Thank you. I will yield back with \nthat.\n    Chairwoman Sherrill. Thank you. Dr. Marshall? He\'s gone? \nOK. And so we are now down to Mr. Waltz for 5 minutes.\n    Mr. Waltz. Thank you, Madam Chairwoman, and I want to thank \neveryone for holding this important hearing. I have some \nconcern on the timing of it. I think this hearing is absolutely \nnecessary, and would have hoped we could work toward some \nbipartisan solutions before the majority put the bill H.R. 2722 \nforward this week, that is looking to put $1.3 billion at this \nissue.\n    Here nor there, I am working with Representative Stephanie \nMurphy and putting together an alerts framework. We all know I \nrepresent Florida, and we all know that two of Florida\'s \ncounties were breached as a result of a Russian spear phishing \ncampaign targeted at county election officials. None of the \ncongressional delegation, nor the State officials, were \nnotified by the FBI or DHS as a result of that intrusion in \n2016. The bill that we are working would seek to correct that \nproblem. Not only should officials be notified, but Floridians, \nand the voters, should be notified, in the guise of maintaining \nconfidence in our electoral system.\n    So part of the issue was that the Russians targeted \nemployees of a Florida-based manufacturer of voter registration \nsoftware, VR Systems. VR Systems has confirmed to the media \nthat they were the company that was penetrated. They have \nresponded to a letter from Senator Wyden that they did not \nclick on an attachment in the e-mail, however, we do know that \nVR systems used remote access software on election management \nsystems it sold to the counties leading up to that 2016 \nelection. We don\'t know if the systems were hacked as a result \nof the remote access software, and DHS is conducting forensic \nanalysis, I promise you I\'m getting to my questions.\n    Look, at the end of the day, the company responded that \nthey had been following the NIST cybersecurity framework that \nwe\'ve talked about prior to 2016, and they continue to do so \ntoday, so this gets to my question, Dr. Romine. Under HAVA, \nNIST is directed to develop the VVSG, all right, we know that. \nThe law defines voting systems for the purposes of mandating \nNIST to create standards for testing and certifying voting \nsystems. Not included in the definition of voting systems, \nwhich I know we\'ve gotten to somewhat today, but I want to \nreally spend time on this point, not including the definition \nof voting systems are voter registration panels and voter \nregistration databases. And, because of this, there have been \nquestions whether this vendor in particular, but I think it\'s a \nbroader question, whether this vendor, VR Systems, implemented \nNIST framework, because, again, there\'s issues now with the \ndefinition.\n    So although NIST guidelines are voluntary, and you\'re not a \nregulatory agency, which I think is correct, regardless of \nwhether the standards meet the definition of voting systems \nunder law. So question one, how would authorizing voter \nregistration portals and databases under the Help America Vote \nAct, under HAVA, improve NIST\'s ability to provide innovative \nstandards with respect to registration technologies?\n    Dr. Romine. Thank you, Mr. Congressman. The guidelines that \nwe currently provide under HAVA, the scope of those guidelines \nis controlled largely by the EAC, who makes the determination \nof what is in scope, or it\'s their interpretation of HAVA. The \nrole that we play in cybersecurity broadly allows us the \nopportunity to provide things like the cybersecurity framework \nand other guidance on more traditional IT type systems, such as \nthose that generally are used for voter registration databases, \nand e-poll books, and so on. So we already have guidelines in \nplace that might be applicable. The change there would be that \nthose guidelines would be incorporated into the EAC database, \nfor example, for VVSG guidelines, and that would be perceived \nas more directly relevant to election officials.\n    Mr. Waltz. I am out of time, but could you submit for the \nrecord how doing so, and how changing those guidelines, would \nincentivize companies and vendors, for example VR Systems, and \nother registration software companies to follow NIST \nguidelines, and implement the framework?\n    Dr. Romine. I\'ll be happy to respond.\n    Mr. Waltz. Thank you. I yield my time.\n    Chairwoman Sherrill. Thank you. And next the Chair \nrecognizes Ms. Horn for 5 minutes.\n    Ms. Horn. Thank you, Madam Chair, and thank you for \nallowing me to join this Subcommittee on such an important \nissue today. I--we have covered a lot of ground today, and in--\nthis is such a critical topic. I want to tackle a couple of \nquestions for I think most of the panel, just in a slightly \ndifferent direction. It seems to me--I\'ve heard both Dr. Romine \nand Mr. Ziriax say very clearly and explicitly that we have to \nwork to balance being--the accessibility and convenience, and \nmaking sure that people can show up and cast a ballot, and not \nmaking it so hard to cast a ballot that we disincentivize \nparticipation in the system, with a reliable and secure system. \nI absolutely agree, and this is a challenge to balance.\n    And, Dr. Sweeney, in your presentation, in your testimony, \nwe\'re looking at two sides of this coin. We\'re looking at the \nvoting system, and the ability to verify votes, and the \nsecurity, but also the database, and so we\'ve got two different \npieces to this, as I see it. So I want to start with the \nverify--the piece of--the verification, and how we can put \nparameters around that to continue to ensure the confidence and \nthe auditability of our voting systems.\n    I noted, Mr. Ziriax, in your testimony, in your \npresentation, that Oklahoma, and I think Chairwoman Stevens \nmentioned this as well, has three, as I see them, fundamental \nbaseline principles that help the ability to verify and audit \nvotes, paper ballots, a Statewide system that is uniform, and \nowned by the State, which helps allay differences between the \ndifferent counties, and the fact that the systems in Oklahoma \naren\'t connected to an Internet source, which is another \nchallenge. So my question--and we\'ve talked about how we set \nthese standards, the VVSG 2.0, VVSG, that--it seems that we \nhave States that aren\'t even getting up to the baseline. So I--\nMr. Kelley and Mr. Ziriax, I\'d like to hear your opinions about \nthe need to set baseline standards that all States have to \ncomply with, of course assuming we\'re going to help provide the \nfunding at the Federal level to help with that.\n    Mr. Ziriax. Thank you, Ms. Horn, and I think there\'s, you \nknow, there\'s a fine line between, say providing the \nguidelines, and allowing the States to determine how best to do \nthat. And some things--I mean, just to give an example, and, \nagain, these are similar things that I\'ve discussed with--about \nother election bills, but the bill that\'s been discussed \nearlier today, the SAFE Act (Securing America\'s Federal \nElections), includes a mandate that new voting systems have to \naccommodate ranked choice voting, for example, and that\'s in an \nelection security bill.\n    Me personally, you know, I view that as a decision that our \nState should make, whether we want to move toward that. But if \nCongress is going to provide money, and wants to say, if you \nwant our grants, then you need to at least demonstrate that \nyou\'re going to attempt to follow the voluntary guidelines, \nthat\'s certainly Congress\' prerogative.\n    Mr. Kelley. And I would concur with that. I would just also \nadd that--for the--for an example in California, there is an \nenhanced requirement in California for certification, so it \njust does not rely on the Federal standards, it goes above and \nbeyond that. And I think I would agree also that the States \nshould, in many cases, make those decisions, personal opinion.\n    Ms. Horn. Thank you. Now turning to the next piece of this \nis--that we--we\'re going to have to face, Dr. Sweeney, you \nreferenced all of the ways that individuals could perhaps get \ninto different systems without necessarily verifying their \nidentity. So, knowing that there are a range of challenges that \nwe may not even know, and, Dr. Romine, you\'ve spoken to some of \nthese as well, do you see any other pathways, or potential \nsolutions, for example biometrics, or anything like that, that \nwould help, moving forward, to protect these systems?\n    Dr. Sweeney. I think the most immediate answer is probably \njust to follow the best practices of things like using driver\'s \nlicense, but it is a--with additional information off the \ndriver\'s license, and using a modern capture device. But it is \na bit of a moving target, because that\'s not wholly \nsatisfactory. That--it requires a bigger question about how we \nauthenticate. The problem, though, is it\'s--the questions that \nyou pose generally around what NIST has proposed and so forth, \nand it was brought up that a lot of what they talked about \nhappened years before they started saying it. I\'m like that, \nbut now years before.\n    And, you know, so there\'s a--so we have a cycle mismatch as \nwell. So I think, if we\'re going to do the cycle, if we could \nmove faster to, like, implement something like, OK, what\'s the \nbest practice right now, to nail that down, like the driver\'s \nlicense, then we have a better shot at not being victimized by \nit, and having to come back in a few years, and say, well, how \nmany States have improved what they asked for?\n    Ms. Horn. Thank you very much. So we both have to address \nthe challenges now, and look forward--thank you all for your \ntestimony. I yield back, Madam Chair.\n    Chairwoman Sherrill. Thank you. And now I would like to \nrecognize Mr. Sherman for 5 minutes.\n    Mr. Sherman. I want to agree with Mr. Ziriax that the \nFederal Government has no business pushing rank choice voting, \nor rank order voting. Those who propose it most are those who \nmost want to undermine the two party system. There are \narguments for and against having two major parties in this \ncountry, but that\'s not something that the Federal Government \nshould be pushing on the States.\n    My first question is for whichever panelist answers it \nfirst. What number of States currently require the use of paper \nballots and an auditable paper ballot trail? Do we know how \nmany States do that? I thought there\'d be a jump in to be the \nfirst to answer.\n    Mr. Ziriax. Oklahoma does.\n    Mr. Sherman. And I guess the other States don\'t matter. Do \nwe have--if we don\'t have that, then I\'ll ask whichever witness \nraises their hand first to agree to answer that for the record.\n    Dr. Sweeney. I----\n    Mr. Sherman. Do we have any hard working----\n    Dr. Sherrill. I do believe----\n    Mr. Sherman [continuing]. Witnesses?\n    Dr. Sherrill [continuing]. Five do not. I know----\n    Mr. Sherman. Five do not?\n    Dr. Sherrill [continuing]. I know New Jersey does not.\n    Mr. Sherman. Got you. Hopefully it\'s only five that do not. \nFor States which conduct testing and certification of voting \nmachines, how do the State standards compare with the standards \npromulgated by the U.S. Election Assistance Commission? Yes?\n    Mr. Ziriax. I can--as Oklahoma\'s chief election official, I \ncan only talk about our State. I know with our current system, \nwhich was implemented in 2012, although our State law does not \nrequire that we follow those guidelines, the guidelines that I \nset at the time, when we were reviewing that system, and \nrequiring testing for it, we did require testing to ensure \ncompliance with many of the VVSG 1.0 requirements.\n    Mr. Sherman. Anyone else have a comment?\n    Mr. Kelley. Yes, sir, just very quickly, in California it\'s \nvery similar, VVSG 1.1, but I will say one of the key \ndifferences is that California requires volume testing of all \nthe systems, where those are not in the current standards.\n    Mr. Sherman. Should they be added to the national \nstandards?\n    Mr. Kelley. Sir, if I could defer that question?\n    Mr. Sherman. OK. Increasingly a number of States, including \nmy own, has moved to vote by mail. My State has authorized \nballot harvesting. I\'m told that the proponents of it would \nprefer I call it by a different name. What technologies do we \nneed to prevent either false registrations, followed by false \nvote by mail voting, where--knowing that people who--people are \nnot looking to cheat by adding one vote. I know every vote \nmatters, and we--but those who want to steal votes want to do \nit by the--at least by the hundreds. What do we do, first, to \nprevent false registrations, followed by false voting, all done \nby mail? Is there any system that is designed to combat that?\n    Dr. Sweeney. I wouldn\'t say that it\'s--I\'m not answering \nexactly on----\n    Mr. Sherman. Right.\n    Dr. Sweeney [continuing]. Point to you. It\'s not so much \nthat it\'s designed to combat it, it\'s just that it\'s totally a \ndifferent vector than has been really talked about in computer \nsecurity, because I\'d use the change of address, but it--what \nwe also talk about, it could be absentee ballots. I--\ndisenfranchise a person who then would go to the voting place, \nwho would get a provisional ballot, and that ballot won\'t \ncount, or in the case of a State where it\'s vote by mail.\n    Mr. Sherman. If I can squeeze in one question? In my State \nthey compare the signature on the outside of the envelope to \nthe signature on the voter registration card.\n    Dr. Sweeney. Right, but the clarification here is not----\n    Mr. Sherman. I\'ve got to squeeze in one more question, I\'m \nsorry. Mr. Kelley, or anyone else, is that process useful at \nall? Do the people who do that have any expertise in comparing \nsignatures, and do signatures change over time? My voter \nregistration form was filled out long, long ago.\n    Mr. Kelley. Yes, sir. I\'m glad you asked the question, \nbecause absolutely they do, and you see that, especially with \nhistorical signatures that we have on file. 20 years, 30 years, \nyou see a big difference. I will add that----\n    Mr. Sherman. So what percentage of the ballots in our State \nis--are put aside or provisional because there\'s some question \nas to whether the signature is legitimate?\n    Mr. Kelley. One plus million ballots cast in Orange County \nby mail, we had about 5,000 that were set aside specifically \nfor signature issues. Now, I will----\n    Mr. Sherman. How many of those were ultimately counted, how \nmany of those were not ultimately----\n    Mr. Kelley. The majority were ultimately counted. \nCalifornia changed its law last year to allow us to reach out \nto the voter to attempt to cure that.\n    Mr. Sherman. And so you had to reach out in 5,000 \ncircumstances and say, hey, is this really your signature.\n    Mr. Kelley. Yes, sir, we did.\n    Mr. Sherman. Wow. I believe my time has expired.\n    Chairwoman Sherrill. Well, thank you, and now the Chair \nrecognizes Mr. Casten for 5 minutes.\n    Mr. Casten. Thank you, Chairwoman Sherrill. Thank you to \nthe panel. The--one of my favorite things about this Committee \nis we consistently get such fascinating nerds before us, and \nyou guys are all awesome. Just--learned so much today on a \nreally important topic. And fortunately, the nerds are not just \nlimited to the panel. The--I want to thank--there\'s a few of us \nup here, but I want to thank our young visitor, Bianca Lewis, \nfor being here. Really, really appreciate what you\'ve done.\n    And I want to talk a little bit about, if I understand what \nyou did at DEFCON--my understanding, if I\'ve got it right, is \nthe method that the participants in your exhibit used to hack \ninto the Secretary of State website was called a sequel \ninjection? And--I got it right? The--this is--the single \nstrategy that these kids at DEFCON demonstrated is also what is \ndescribed in Robert Mueller\'s report that the Russians did.\n    Page 50, Volume 1, of the report says the following, GRU \nofficers--Bianca, GRU is the Russian agents--targeted State and \nlocal databases of registered voters using a technique known as \nsequel injection, by which malicious code was sent to the State \nor local website in order to run commands, such as exfiltrating \nthe database contents. In one instance, the GRU compromised the \ncomputer network of the Illinois State Board of Elections, my \nState, by exploiting a vulnerability in the State Board of \nElections website. The GRU then gained access to a database \ncontaining information on millions of registered Illinois \nvoters, and extracted data relating to thousands of U.S. voters \nbefore the malicious activity was identified. This is real-time \nstuff. But what it seems to be saying is that the Russians used \na real sequel injection to crack open the real State website, \nsame strategy that Bianca demonstrated on the models at DEFCON, \nand then the Russian worm kept going all the way through to the \nvoter registration database.\n    Now, Illinois has done great work in responding to this. I \nhope we have done enough. We seemed to be OK in the last \nelection, but this is really scary stuff. And--so what I\'m--\nfirst I\'d like to ask unanimous consent to add pages 50 and 51 \nof Volume 1 of the Mueller Report, which describes this \nepisode, to the hearing record.\n    Chairwoman Sherrill. Without objection.\n    Mr. Casten. And then, notwithstanding how I started this, I \nwant to start with Dr. Benaloh. Could you explain to us, so \nthat us smaller-brained people up here can understand, how does \na sequel injection work, exactly?\n    Dr. Benaloh. You\'re getting a little bit away from my \nexpertise, but the basic idea is that the--in a web query of \nsome--of any sort, additional information can be added to \nwhat\'s--what would otherwise be interpreted as an innocuous web \nrequest that is not of the form that\'s expected by the web \nserver that is handling this request. And if there aren\'t \nadequate measures in place, that web server may interpret that \nadditional information as code to be executed, and to \npotentially do harm, or provide services that are not intended \nby the----\n    Mr. Casten. Essentially modifying an existing sequel SQL \ndatabase?\n    Dr. Benaloh. Yes. It----\n    Mr. Casten. Dr. Sweeney, I see you nodding your head. Is \nthere anything you want to add to that? Did I get it about \nright?\n    Dr. Sweeney. No. I mean, that\'s about right. The idea is I \njust simply can add commands within a command so that it\'ll, in \nfact, do multiple things that never--you never intended me to \ndo. You provided access, say, to list some voters, or to check \none voter, and I just end up deleting 1,000, or downloading a \nmillion, or something like that.\n    Mr. Casten. So, for all of you, is this an--is this a \ntechnique we should expect to be seeing again, and be watching \nfor? I see a lot of head nodding will be entered into the \nrecord. Dr. Romine, does NIST\'s work in VVSG address the need \nto firewall State websites, particularly under the voter \nregistration databases, that we can protect against this in \nsome fashion?\n    Dr. Romine. I actually don\'t know the answer to that, but \nI\'m happy to respond to that. I suspect that it does, but I \ncan\'t confirm that. I\'ll have to go back and check.\n    Mr. Casten. That would be very helpful to find out.\n    Dr. Romine. Happy to do that.\n    Mr. Casten. Thank you all, and I yield back the balance of \nmy time.\n    Chairwoman Sherrill. Thank you, and now the Chair \nrecognizes Mr. McAdams for 5 minutes.\n    Mr. McAdams. Thank you, Madam Chair. I think this timely \nhearing is important for our Congress to review the current \nefforts, and the plan--and to plan our future work to develop--\nor to protect our elections from malign actors. So this work \nwill require, I think, strong collaboration from local, State, \nand Federal partners to ensure the integrity of our elections, \nand that all Americans can participate in our democracy. In my \nprevious role, I was one of those local officials. And, while I \nwasn\'t a county clerk, per se, was familiar with the incredible \nwork that they do to protect the integrity and security of our \nelections, and sometimes under very difficult circumstances, \nbut I applaud, and am grateful for those elected officials \nacross the country who work with the greatest effort to protect \nour elections.\n    And I\'m also proud that my home State of Utah has been \nleading the way in upgrading our election infrastructure and \npolicies, and also cybersecurity practices. Our county clerks, \nin 2018, led the substantial upgrade--a substantial effort to \nupgrade voting machines, and also to take other security \nmeasures in advance of the 2018 midterms, while also promoting \nmore options for Utahans to vote, including adopting things \nlike widespread vote by mail, and same day registration. Utah \nis one of 17 States that offer same day registration, and I \nbelieve policymakers should support any strategy that makes it \neasier for Americans to add their voice to our democracy, so \nlong as our election practices maintain the high standards of \nsecurity and integrity.\n    So I\'d like to discuss the implications for same day \nautomatic, or any mode of registration on our election system \nsecurity. So to anyone on the panel who\'d like to respond, how \ncan same day registration help to mitigate the effects of a \ncyber attack on voter registration data close to the election? \nAre there any concerns we should be worried about with that?\n    Dr. Sweeney. I would say the same day registration could \ndefinitely be a way of resolving the threat that I described. \nAnd the reason being that if somebody--if a malicious actor had \ncome in and intended to disenfranchise a large percentage of \nthose voters, but those voters still show up at their polling \nplace, and could register right there, the attack would be \nthwarted.\n    Mr. McAdams. Yes.\n    Mr. Ziriax. And if I may add, in Oklahoma, my State, we do \nnot have same day voter registration, we have a 24-day \ndeadline. I don\'t anticipate anywhere in the near future that \nthat is going to happen, but we extensively use the provisional \nballot process in Oklahoma, so then, in the event you did have \na situation where perhaps large numbers of voters were not \nappearing on registries, we would have a backup means, and then \nbe able to go back and confirm later that those people actually \nwere eligible to vote.\n    Mr. Kelley. Similar comments in--from California, and I \nwould say that the same day registration growth in California \nis growing, but it is small. It\'s still a small number compared \nto the overall database. So I think we need to be careful and \njust say that\'s the solution. We should be looking at the \ndatabase as a whole, and finding ways to detect anomalies in \nthat database itself.\n    Mr. McAdams. So I guess my second question relates to \nautomatic voter registration, and how can that operate in a \nsecure election system. And ultimately is--are election \nsecurity and automatic voter registration, are they in \ncompetition, or they--are they in symbiosis?\n    Mr. Kelley. I don\'t think they\'re in competition. It\'s \ncertainly a different dynamic when you go into DMV, for \ninstance, in California, and it\'s automated registration that \nyou could opt out of, where same day registration is you\'re \naffirmatively going to a polling place, or vote center, to \nregister to vote. So I don\'t think they\'re in competition with \neach other.\n    Dr. Sweeney. From a security standpoint, it definitely \nwould change--if I wanted to disenfranchise voters, because--in \nthose States, where provisional ballots don\'t fully count, then \nI would just want to attack the database. So it would remove \nthe--automated registration might remove on one layer--but \nremember the attack that I talked about was changing an \nexisting----\n    Mr. McAdams. Um-hum.\n    Dr. Sweeney [continuing]. Registration, so it would still \nallow that.\n    Mr. Ziriax. And if I may, I want to briefly add that, you \nknow, some of the concerns Dr. Sweeney and others have \nexpressed about the vulnerabilities for online voter \nregistration, if you\'re talking about whether you have the \nability to confirm a person\'s identity, or whether someone \ncould use a stolen identity to register to vote falsely, that \ncould happen with paper ballots now.\n    Dr. Sweeney. Let me make just one quick correction, since I \nwas called. I----\n    Mr. McAdams. Yes.\n    Dr. Sweeney [continuing]. These are not voter registration \nsystems. I\'m not talking about voter--it just happens that \nsometimes changing the voter record is on the same system as \nthe voter registration website, but sometimes it\'s on the DMV \nsite. I\'m only talking about registrations that already exist.\n    Mr. McAdams. And these are policies that would protect our \nelections. So I see our time has expired, and, Madam Chair, I \nyield back.\n    Chairwoman Sherrill. Well, thank you very much. And thank \nyou so much to all of the panelists today. I think all of us \nthink this is such a critical issue moving forward. Thank you \nto Bianca. You are not only a STEAM wizard, you are a trooper \nto sit through our hearing today, so I appreciate everyone here \ntoday. Thank you very much, and hopefully we will be talking \nagain. Maybe we can get you in, Dr. Romine, for your 21st \nappearance. So thank you all very much. Thank you.\n    [Whereupon, at 4:58 p.m., the Subcommittees were \nadjourned.]\n\n                               Appendix I\n\n                              ----------                              \n\n\n                   Answers to Post-Hearing Questions\n\n\n\n\n                   Answers to Post-Hearing Questions\n                   \nResponses by Dr. Charles H. Romine\n\n[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]\n\n\nResponses by Mr. Neal Kelley\n\n[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]\n\nResponses by Dr. Josh Benaloh\n\n[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]\n\n\n                              Appendix II\n\n                              ----------                              \n\n\n                   Additional Material for the Record\n\n\n\n\n               Documents submitted by Rep. Mikie Sherrill\n               \n[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]               \n\n\n                 Document submitted by Rep. Sean Casten\n                 \n[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]                 \n\n\n                                 <all>\n</pre></body></html>\n'