b"<html>\n<title> - ELECTION SECURITY</title>\n<body><pre>[House Hearing, 116 Congress]\n[From the U.S. Government Publishing Office]\n\n\n                           ELECTION SECURITY\n\n=======================================================================\n\n                                HEARING\n\n                               BEFORE THE\n\n                           COMMITTEE ON HOUSE\n                             ADMINISTRATION\n                        HOUSE OF REPRESENTATIVES\n\n                     ONE HUNDRED SIXTEENTH CONGRESS\n\n                             FIRST SESSION\n\n                               __________\n\n                              MAY 8, 2019\n\n                               __________\n\n      Printed for the use of the Committee on House Administration\n\n[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]\n\n                       Available on the Internet:\n         https://www.govinfo.gov/committee/house-administration\n                    \n                               __________\n                               \n\n                    U.S. GOVERNMENT PUBLISHING OFFICE                    \n38-641                    WASHINGTON : 2020                     \n          \n--------------------------------------------------------------------------------------                   \n                    \n                    \n                    COMMITTEE ON HOUSE ADMINSTRATION\n\n                  ZOE LOFGREN, California, Chairperson\nJAMIE RASKIN, Maryland               RODNEY DAIVS, Illinois\nSUSAN A. DAVIS, California             Ranking Member\nG. K. BUTTERFIELD, North Carolina    MARK WALKER, North Carolina\nMARCIA L. FUDGE, Ohio                BARRY LOUDERMILK, Georgia\nPETE AGUILAR, California\n                            \n                            C O N T E N T S\n\n                              ----------                              \n\n                              MAY 8, 2019\n\n                                                                   Page\n\nElection Security................................................     1\n\n                           OPENING STATEMENTS\n\nChairperson Zoe Lofgren..........................................     1\n    Prepared statement of Chairperson Lofgren....................     4\nHon. Rodney Davis, Ranking Member................................     7\n    Prepared statement of Ranking Member Davis...................     9\n\n                               WITNESSES\n\nLarry Norden, Deputy Director, Brennan Center's Democracy Program    11\n    Prepared statement of Mr. Norden.............................    13\nMarian Schneider, President, Verified Voting Foundation..........    26\n    Prepared statement of Ms. Schneider..........................    28\nJoseph Lorenzo Hall, Chief Technologist and Director, Center for \n  Democracy and Technology.......................................    37\n    Prepared statement of Mr. Hall...............................    39\nHon. Jocelyn Benson, Secretary of State, State of Michigan.......    48\n    Prepared statement of Hon. Benson............................    50\nHon. John Merrill, Secretary of State, State of Alabama..........    57\n    Prepared statement of Hon. Merrill...........................    59\n\n                       SUBMISSIONS FOR THE RECORD\n\nHon. Rodney Davis, Ranking Member, statement.....................    83\n\n\n \n                           ELECTION SECURITY\n\n                              ----------                              \n\n                         WEDNESDAY, MAY 8, 2019\n\n                  House of Representatives,\n                 Committee on House Administration,\n                                                    Washington, DC.\n    The Committee met, pursuant to call, at 2:17 p.m., in Room \n1310, Longworth House Office Building, Hon. Zoe Lofgren \n[Chairperson of the Committee] presiding.\n    Present: Representatives Lofgren, Raskin, Davis of \nCalifornia, Butterfield, Fudge, Davis of Illinois, Walker, and \nLoudermilk.\n    Staff Present: Khalil Abboud, Deputy Staff Director; Sean \nJones, Legislative Clerk; David Tucker, Parliamentarian; Tanya \nSehgal, Senior Elections Counsel; Veleter Mazyck, Chief of \nStaff to Representative Fudge; Lauren Doney, Communications \nDirector and Deputy Chief of Staff to Representative Raskin; \nJulie Tagen, Chief of Staff to Representative Raskin; Brandon \nMendoza, Senior Legislative Aide to Representative Davis of \nCalifornia; Lisa Sherman, Chief of Staff to Representative \nDavis of California; Kyle Parker, Senior Policy Advisor to \nRepresentative Butterfield; Evan Dorner, Legislative Assistant \nto Representative Aguilar; Joy Yunji-Lee, Minority Counsel; \nCourtney Parella, Minority Communications Director; Jesse \nRoberts, Minority Counsel; Cole Felder, Minority General \nCounsel; Jen Daulby, Minority Staff Director; and Susannah \nJohnston, Legislative Assistant to Representative Loudermilk.\n    The Chairperson. Good afternoon. The Committee on House \nAdministration will come to order. We do thank the witnesses \nfor being here with us today. This Committee is charged with \noverseeing the administration of Federal elections, and this \nhearing will help us fulfill that responsibility by documenting \nthe scope of current election security challenges.\n    Before we proceed, I offer this background on today's \ntroubling state of affairs. It is documented that foreign \nagents, specifically Russians, attempted to interfere in \nAmerican elections in 2016. The fact of Russian interference in \nthe 2016 election was confirmed by eight credible national \nentities, the Central Intelligence Agency, the Office of \nDirector of National Intelligence, the FBI, the National \nSecurity Agency, the Department of Justice, the Department of \nHomeland Security, and the House Intelligence Committee and the \nSenate Intelligence Committee.\n    There was not only consensus among American intelligence \nofficials, both Democrats and Republicans agree that attempts \nwere made by Russia to compromise the integrity of American \nelections. On July 17, 2018, then House Speaker Paul Ryan said \nto reporters: They did interfere in our elections; it is really \nclear.\n    Senate Majority Leader Mitch McConnell referred to \nindisputable evidence of Russia's attempt to influence the 2016 \nelection. Senate Majority Leader McConnell further stated: ``We \nunderstand the Russian threat, and I think that is the \nwidespread view here in the United States among members of both \nparties.''\n    More details of foreign interference in our election became \nknown through the release of Special Counsel Robert Mueller's \nreport which detailed the following, quote: ``GRU officers, the \nmain military foreign intelligence service of Russia, also \ntargeted individuals and entities involved in the \nadministration of the elections.'' Victims included U.S. State \nand local entities, such as State boards of election, \nsecretaries of state, and county governments, as well as \nindividuals who worked for those entities. The GRU also \ntargeted private technology firms responsible for manufacturing \nand administering election-related software and hardware, such \nas voter regulation software and electronic polling stations.\n    In June 2017, then Democratic Leader Pelosi created the \nCongressional Task Force on Election Security in response to \nthen the inaction on the topic. Despite our clear \nresponsibilities under House Rules, not a single hearing was \nheld in this Committee on this topic in the last Congress.\n    In February 2018, the Task Force released its report, \nrecommending reforms that could significantly advance election \nsecurity. Among some of the proposed reforms are replacement of \npaperless voting machines with paper ballot voting systems, \nrisk-limiting audits, upgraded information technology \ninfrastructure, including voter registration databases with \nongoing maintenance, and requirements that election technology \nvendors secure their voting systems.\n    Intelligence community pre-election threat assessments, in \ncoordination with Federal and State officials is important, and \nit also prioritized State-level cybersecurity training. \nCongress has not done enough to tackle this problem. The risk \nposed by the vulnerabilities previously exploited remain. \nDespite the overwhelming evidence showing these \nvulnerabilities, the White House has failed to take these \nissues seriously and to direct resources towards securing \nelection infrastructure.\n    Last summer, in remarks before the National Association of \nthe Secretaries of State, former Homeland Security Secretary \nKirstjen Nielsen said that there was, quote, ``no indication \nthat Russia is targeting the 2018 U.S. midterms at a scale or \nscope to match their activities in 2016 but that she \n``consistently observed malicious cyber activity from various \nactors against U.S. election infrastructure.''\n    She also said that, quote, ``there is little doubt that \nadversaries and non-State actors continue to view elections as \na target for cyber and influence operations.''\n    Now, according to The New York Times, Homeland Security \nSecretary Nielsen eventually gave up her efforts to organize a \nWhite House meeting of Cabinet Secretaries to coordinate a \nstrategy to protect next year's elections. As a result, the \nissue did not gain urgency or widespread attention that only a \nPresident can command, and it meant that many Americans \nremained unaware of the latest versions of Russian \ninterference.\n    In spite of inaction, the Election Assistance Commission, \nin cooperation with the Department of Homeland Security, has \nbeen successful at building relations with State officials and \nproviding valuable resources as part of the critical \ninfrastructure designation. But in the face of increasing \nthreats, their efforts must expand. However, such expansion is \nonly possible if Congress increases resources.\n    Today, the EAC is operating with only half the budget and \nfewer than half the staff it had 10 years ago when threats were \nless grave. This already under resourced agency is only further \nstymied by the administration's strenuous efforts to avoid \nacknowledging our vulnerability and the need to secure our \nelections from foreign threats, facts accepted as plain by both \nlegislative branch and national intelligence agencies. This is \nunacceptable, and several things must change.\n    States need money to be able to replace their paperless \nvoting machines and outdated IT infrastructure. States and \nlocalities also face the daunting task of training hundreds, if \nnot thousands, of election officials, IT staff, and poll \nworkers on cybersecurity and risk mitigation.\n    Another significant vulnerability comes from election \ntechnology vendors. Many States purchase their voting systems \nfrom third-party vendors who have little financial incentive to \nprioritize election security and are not subject to regulations \nrequiring them to use cybersecurity best practices, nor are \nthey necessarily voluntarily adhering to these best practices.\n    In July of 2018, it was revealed that ES&S, one of the \nNation's largest voting machine makers had installed remote \naccess software on election management systems, although it had \nnot admitted about this fact to the press. This fact was only \nuncovered through an inquiry by Senator Ron Wyden, who \ncharacterized this remote access software installation as, \nquote, ``the worst decision for security, short of leaving \nballot boxes on a Moscow street corner.''\n    In addition, election vendors are not currently required to \ninform any Federal agency or State election official in the \nevent of a cyber-attack. Federal action is needed now to grasp \nthe scope of the problem and to innovate concrete solutions \nthat can be implemented before the next Federal election cycle \nin 2020. This goal will be a primary focus of this Committee \nmoving forward. No matter your side of the aisle, the oath of \nupholding democracy as citizens and elected leaders in this \nNation is fundamental, and that is why I am glad to convene \nthis hearing today, especially recognizing our new Ranking \nMember Rodney Davis' avowed commitment to advancing election \nsecurity so that every voter can feel that her vote is \naccurately counted and safe from the influence of those who \nwish to see our great democratic experiment fail. And with that \ngoal in mind, I would recognize Mr. Davis for his opening \nstatement.\n    [The statement of the Chairperson follows:]\n    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]\n    \n    Mr. Davis of Illinois. Thank you, Madam Chairperson, and \nthank you for your leadership of this Committee and your \nbipartisan leadership on this issue.\n    Election security is one of the most important issues that \nthis Committee is tasked with and I take the responsibility of \nensuring fair and secure elections extremely serious. I know \nthat my colleagues on this Committee share--we share in this \nsentiment.\n    We know that at least 21 States were targeted by a foreign \nstate actor prior to the 2016 U.S. election and we know that \nRussia undertook a misinformation campaign during the same \nelection. I think I can safely say that everyone on this panel \nfinds that troubling, but we must also factually say that no \nvotes were changed in the 2016 election and that through the \ntremendous effort of local, State, and Federal officials, the \n2018 midterm elections, with record midterm turnout, were \nsecure--with record voter participation, once again. In fact, \nwe saw the highest turnout in a midterm election in the last 50 \nyears.\n    As we discuss election security today, it is important to \nnote that many of the best practices used to protect our \nelections are noncontroversial. And I want to take a moment to \nclearly demonstrate what I am for. I am for an election system \nremaining--I am for election systems remaining as critical \ninfrastructure. I am for helping our election technology \nvendors secure their voting systems. I am for ensuring our \nelection officials, both at the State and Federal level receive \nsecurity clearances in a timely manner. I am for empowering the \nElection Assistance Commission to lead our Federal support to \nState and local officials. I am for the Department of Homeland \nSecurity lending their expertise to State and local officials \nwhen appropriate.\n    We must also recognize that our States and the Federal \nGovernment have taken significant steps to carry out these \npractices and services. We can take a look at my home State of \nIllinois, which has invested in a new Cyber Navigator Program \nthat helps counties detect and defend themselves against \ncybersecurity attacks. I believe we can cannot lose sight of \nwhat Chris Krebs, the Director of the Department of Homeland \nSecurity Cybersecurity and Infrastructure Security Agency, said \nbefore the House Homeland Security Committee earlier this year. \nDirector Krebs said, quote: ``Local officials know their system \nand what they need to do to conduct a successful election, end \nquote, and State and local officials should remain in control \nof their elections.''\n    As I have said many times, I believe that partisanship is \nthe greatest threat to our elections. Election security cannot \nbe a partisan exercise, but what we saw during the markup and \npassage of H.R. 1 was purely partisan. Too much is at stake to \nmake this about party. If this hearing is an effort by my \ncolleagues to take a bipartisan look at election security, I \nwelcome it. We have important work to do here. However, I will \nnot support any attempt today to waste an opportunity to work \ntogether and strengthen our election security for an attempt to \nmake the nightly news with a partisan political agenda.\n    I look forward to learning from our witnesses today on best \npractices that States are implementing to combat foreign \ninterference and secure our Nation's elections. I look forward \nto hearing more about the tremendous effort of the Election \nAssistance Commission, the Department of Homeland Security, our \ntwo secretaries of state, representing the rest in the Nation, \nand most importantly, our local officials, where we see the \nsafest, fairest, and the most secure elections being \nadministered many, many times throughout the decade. I welcome \nall of the guests today and the witnesses. I look forward to \nhearing from you.\n    Madam Chairperson, I yield back.\n    [The statement of Mr. Davis of Illinois follows:]\n    [GRAPHIC NOT AVAILABLE IN TIFF FORMAT]\n    \n    The Chairperson. Thank you, Mr. Davis.\n    And other Members are welcome to submit their opening \nstatements for the record.\n    I would now like to introduce our distinguished panel of \nwitnesses.\n    Under the rules of this Committee, you have five minutes to \npresent your oral testimony. However, your full written \ntestimony will be made part of the record. There is a light \nsystem in the front. When you are down to one minute, it goes \nyellow from green. And when it is red, your time is up, and we \nwould ask you to sum up. Let me introduce each witness, and \nthen we will begin.\n    First, we have Lawrence Norden, who is the Deputy Director \nof the Brennan Center's Democracy Program. Mr. Norden has \nworked at the Brennan Center for some time, authoring several \nnationally recognized reports on election security. He served \nas chair of the Ohio Secretary of State's bipartisan election \nsummit. He is the lead author of the book ``Machinery of \nDemocracy: Protecting Elections in the Electronic World.'' He \nhas written extensively on the influence of money in New York \nState politics. He is a graduate of the University of Chicago \nand the NYU School of Law.\n    Next, we have Marian Schneider, who is the President of \nVerified Voting. She brings a strong grounding in the legal and \nconstitutional elements governing voting rights in elections, \nas well as experience in election administration at the State \nlevel. She has served as a special advisor to Pennsylvania \nGovernor Tom Wolf on election policy. Throughout her career, \nshe has focused on the intersections of civil rights and \nelection law. She received her Juris Doctor degree from George \nWashington University where she was a member of the Law Review \nand earned her Bachelor's of Arts degree cum laude from the \nUniversity of Pennsylvania.\n    Next, we have Joseph Lorenzo Hall, the Chief Technologist \nand Director of the Internet Architecture Project at the Center \nfor Democracy and Technology. His work has focused on the \nintersection of technology, law, and policy, working to ensure \nthat technical considerations are appropriately embedded into \nlegal and policy arguments. He also leads CDT's internet \narchitecture project. Thank you very much for that. He has \nreceived numerous awards I cannot read them all, but prior to \njoining CDT in 2012, he was a post-doc research fellow at NYU, \nand he was at Princeton University, as well as the University \nof California, where he received his Ph.D. in information \nsystems. His Ph.D. thesis used electronic voting as a critical \ncase study in digital government transparency.\n    Next, we have Jocelyn Benson who is the Secretary of State \nof Michigan. We appreciate so much that you have made your way \nhere. She was sworn in as Michigan's 43rd Secretary of State, \nJanuary 21st, 2019, after being elected last November to a \nfour-year term. Her focus for the department is customer \nservice excellence. She is an expert on civil rights law, \neducation law, and election law. She served as Dean of Wayne \nState University Law School in Detroit. When she was appointed \ndean at age 36, she became the youngest woman in U.S. history \nto lead a top-100 accredited law school. She continues to serve \nas Vice Chair of the advisory board for the Levin Center at \nWayne Law which she founded with former Senator Carl Levin. \nPrior to her election, she served as CEO of the Ross Initiative \nin Sports for Equality, otherwise known as RISE. She is the \nfounder of the nonpartisan Michigan Center for Election Law. \nShe earned a Bachelor of Arts from Wellesley College, a Master \nof Philosophy from Oxford University, and a law degree from \nHarvard Law School.\n    Finally, but certainly not least, we have John H. Merrill, \nthe Secretary of State of Alabama. We are so grateful that you \nwould make time to be here with us today. Secretary of State \nMerrill grew up in Heflin. He is an Eagle Scout. He was a \ngraduate of the University of Alabama, where he served as \npresident of the Student Government Association as an \nundergraduate. He was elected to represent the people of \nDistrict 62 in the State House of Representatives with 87 \npercent of the vote, the highest percentage garnered by a \ncandidate in any contested House race that year. He served as \nSecretary Treasurer of the House Republican caucus and was a \nmember of the powerful Rules Committee, Economic Development \nand Tourism. He has been awarded the Silver Beaver by the Black \nWarrior Council of the Boy Scouts of America, as well as the \nSunlight Foundations Award for the most effective Republican \nmember of the Alabama House of Representatives. He was elected \nin November of 2014, as Alabama Secretary of State, with 65 \npercent of the vote, winning 53 of Alabama's 67 counties and \nwas inaugurated Alabama's 53rd Secretary of State in 2015. He \nis active in his community, his church, and active also with \nthe National Association of Secretaries of State, and we look \nforward to hearing from him and from all of you.\n    We will start first with you.\n\n STATEMENTS OF LARRY NORDEN, DEPUTY DIRECTOR, BRENNAN CENTER'S \nDEMOCRACY PROGRAM; MARIAN SCHNEIDER, PRESIDENT, VERIFIED VOTING \n    FOUNDATION; JOSEPH LORENZO HALL, CHIEF TECHNOLOGIST AND \n DIRECTOR, CENTER FOR DEMOCRACY AND TECHNOLOGY; THE HONORABLE \nJOCELYN BENSON, SECRETARY OF STATE, STATE OF MICHIGAN; AND THE \n  HONORABLE JOHN MERRILL, SECRETARY OF STATE, STATE OF ALABAMA\n\n                   STATEMENT OF LARRY NORDEN\n\n    Mr. Norden. Thank you, Chairperson Lofgren, Ranking Member \nDavis, Members of the Committee for this opportunity to testify \ntoday. Chairperson Lofgren has recounted the scope of Russian \nattacks against our election infrastructure in 2016, but there \nare several reasons to believe we could face even more serious \nthreats in 2020. We have seen the kind of damage a well-planned \nattack by Russian operatives can do against election \ninfrastructure in Ukraine, Bulgaria, and elsewhere, where \nattackers have deleted critical election files, shut down \nwebsites, and even inserted a virus designed to declare the \nwrong result.\n    Worse, there are other nation-states we need to worry \nabout. U.S. intelligence agencies have warned of potential \nattacks by China, North Korea, and Iran, and, indeed, the \nChinese are alleged to have launched attacks against Indonesia \nand Australia just this year.\n    The good news is that we have made significant progress to \nsecure our elections since 2016. Most importantly, policymakers \nand election officials are acutely aware of the threats to our \nelection infrastructure. There is better information sharing \nand resources sharing between Federal, State, and local \nagencies. In the last 2 years, more resources have been made \navailable to secure our election infrastructure, not least of \nwhich was $380 million in HAVA grants that Congress provided in \n2018. The vast majority of which has been allocated to critical \nsecurity measures.\n    Despite this progress, there is far more to be done. First, \nwe must replace aging and insecure voting machines. In a recent \nsurvey by the Brennan Center, local officials in 31 States told \nus that they must replace their equipment before the 2020 \nelection, but two-thirds of those officials said that they did \nnot have adequate funds to do so and this was after \nCongressional funds were appropriated. Too often these systems \nuse outdated software that no longer receive security patches, \nand election officials are forced to turn to eBay for \nreplacement parts because those parts are no longer \nmanufactured. A particularly urgent security issue is phasing \nout paperless machines in the 11 States that still use them.\n    Second, we need implementation of robust post-election \naudits--a comparison of paper ballots to software totals that \nwill provide a high level of confidence in the election outcome \nand that will correct a wrong voting outcome. Only 21 States \ncurrently have voter records for--paper records for every vote \nand conduct post-election audits, precertification, and only \ntwo conduct risk-limiting audits, which provide the high level \nof confidence that I mentioned.\n    The good news is that several States used the HAVA money \nthat was appropriated to pilot risk-limiting audits in the last \nyear, and several jurisdictions would like to do more of those \nthis year. And we certainly should be doing everything we can \nin the coming months and years to ensure that these are \nconducted nationwide.\n    Third and finally, we must provide ongoing long-term \nsupport for maintaining and improving election cybersecurity. \nThe Mueller report is a reminder that the election \ninfrastructure we need to protect goes far beyond voting \nmachines. The Brennan Center has long advocated that all States \nimplement a process of continuous cybersecurity vulnerability \nassessments and mediation. While we estimate that the costs of \nthese kinds of assessments should be no more than a few million \ndollars a year, obviously the cost of securing vulnerabilities \nthat are identified by such assessments will cost more.\n    Local election offices are on the front lines in defending \nour election infrastructure against attacks, but often have the \nleast amount of IT or cybersecurity support. Routine, ongoing \nfunding of programs like the one Ranking Member Davis \nmentioned, the Illinois Cyber Navigator Program, which directs \npersonnel and resources to local offices, would help close that \nsecurity gap.\n    It is cliche to say that this is a race without a finish \nline. Funding election security should be a shared \nresponsibility among local, State, and the Federal level, but \nonly Congress has the power to ensure that responsibility is \nshared by providing matching grants for State and local \ngovernments. I am hopeful to see a continued commitment from \nCongress to partner in this effort. Thank you.\n    [The statement of Mr. Norden follows:]\n    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]\n    \n    The Chairperson. Thank you very much.\n    Ms. Schneider.\n\n                 STATEMENT OF MARIAN SCHNEIDER\n\n    Ms. Schneider. Chairperson Lofgren, Ranking Member Davis, \nand Members of the committee, thank you so much for the \ninvitation to testify here today. My name is Marian Schneider, \nand I am the President of Verified Voting, a nonprofit, \nnonpartisan organization. Verified Voting's mission is to \nstrengthen democracy for all voters by promoting the \nresponsible use of technology in elections.\n    We are here today to talk about bolstering election \nsecurity. Ninety-nine percent of the votes cast in this country \nare counted by computers, and election administration depends \non computers throughout the process. 2016 demonstrated what \nmany of us in this space have long believed, that the threat to \nour computerized voting systems was not merely theoretical but \nreal and persistent. We must, as a Nation, adopt clear \nsolutions that will change the destructive narrative that \nelection hacking can alter election outcomes.\n    In our written testimony, we describe threats and solutions \nfor the larger election ecosystems. For voting systems, \nhowever, the clear solution is to replace aging and vulnerable \nvoting machines with systems that use a voter-marked paper \nballot. Voters mark the paper either with a pen or a computer \nballot marking device with assistive features for voters who \nneed them, creating a verifiable record. Then the ballot is \nscanned and retained in a secure ballot box.\n    We leverage the computer speed to count ballots quickly, \nbut it is imperative to check that the computer has counted the \nballots properly. In the best-practice scenario, as Mr. Norden \nmentioned, we can check election outcomes by auditing, \nselecting a random sample of ballots to check the reported \nresults and gather sufficient evidence that the outcome is \ncorrect.\n    While there are different types of auditing, Verified \nVoting and other experts urge widespread adoption of risk-\nlimiting audits as the most efficient and reliable way of \nchecking the election results. Such audits have a predetermined \nlarge chance of leading to a full hand recount if the reported \nresults were incorrect, thus limiting the risk that a wrong \noutcome will stand.\n    Verified Voting board members and staff have been involved \nwith every stage of RLA development, from its inception to \nworking with election officials, other groups, and several \nStates to pilot risk-limiting audits.\n    From 2015 to 2017, I served as Deputy Secretary for \nElections Administration in the Pennsylvania Department of \nState, overseeing both elections and information technology. I \nhave firsthand experience trying to strengthen the \ncybersecurity of election infrastructure in advance of a \nPresidential election. I drafted directives for counties to \nharden their systems, strengthen voter registration database \nbackup protocols, invited the Department of Homeland Security \nto conduct penetration testing, and initiated a disaster \nrecovery plan for a statewide, election-night-return website. \nAnd I worked with heroic, local election officials trying to \nkeep up with the changing threat environment with next to no \nresources. From that experience, I urge Congress to support \nState and local jurisdictions by providing immediate and \nsustained investment in the security of our elections.\n    The consensus among the intelligence community is that \nfuture attacks on American elections are inevitable. This is a \ngiven. It is not whether a system will be attacked but when. \nSafeguarding systems requires that we assume such breaches will \noccur or have already. The best practice demands a multilayered \napproach built around the concept of resiliency. Election \nsystems are resilient if jurisdictions can monitor, detect, and \nrecover from either an intentional attack or a programming \nerror. Resilient voting systems are those that use voter-marked \npaper ballots, coupled with the risk-limiting audits. Paper \nballots and audits are the disaster recovery plan for our \nvoting systems.\n    A significant number of States have moved toward paper-\nbased systems over the years. Verified Voting tracks this \nmovement on its website and so that is a general recognition of \nthe best practices that we are talking about today. The main \nbarrier to the remaining States is the cost. We call on \nCongress for the financial investment for jurisdictions to \nreplace aging and vulnerable voting systems, to fund technical \nand material support to conduct risk-limiting audits, and to \nfund enhanced security measures for all aspects of election \ninfrastructure.\n    We also urge investment in the research needed to build \nbetter election systems, using open-source software and \nresearch into the best methods to ensure voters check their \nchoices before casting their ballots and research that marries \nsecurity with more universally useable and accessible systems.\n    Our Nation's election infrastructure is vitally important \nto our democracy. We must continue the progress begun in the \nlast two years to ensure that our election systems and voting \nprocesses are resilient in the face of attack or disaster. With \nsupport from Congress, the goal is in reach. Thank you.\n    [The statement of Ms. Schneider follows:]\n    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]\n    \n    The Chairperson. Thank you very much.\n    Mr. Hall.\n\n                STATEMENT OF JOSEPH LORENZO HALL\n\n    Mr. Hall. Chairperson Lofgren, Ranking Member Davis, and \nMembers of the Committee, thank you for the opportunity to \nspeak with you today. My name is Joseph Lorenzo Hall. I am the \nChief Technologist at the Center for Democracy and Technology. \nFor 25 years, CDT has been a leader in protecting digital civil \nliberties and democratic principles online. My Ph.D. work at UC \nBerkeley focused on voting machines, and I have served on a \nnumber of State-level independent reviews of voting systems. \nToday I will talk first about what we saw in 2018, and then \nCDT's five priorities for election security as we head into \n2020.\n    While 2018 did not see the cybersecurity attacks on \nelection systems that we saw in 2016, a number of attacks did \ntarget campaigns and campaign infrastructure. The midterms were \njust not a juicy target for attackers, at least not as \nattractive as 2016 or 2020 election cycles. The issues we did \nsee with election systems in 2018 involved isolated but \nsystemic issues more easily explained as failures rather than \nattacks.\n    For example, in Johnson County, Indiana, a misconfigured \ncomputer server caused electronic pollbooks to crash across the \nentire county. No one could vote for four hours. In a case of \nelection deejaa vu, a serious ballot design flaw likely \ncontributed to tens of thousands of missing votes in a Florida \nU.S. Senate contest. We were in many ways lucky and thankful \nthat we didn't see attacks like those of 2016, but we still \nhave a long way to go in terms of hardening elections.\n    CDT believes the following five priorities are crucial \ngoing into 2020: First, Congress must prioritize the \nreplacement of dangerously outdated voting technologies. We \nlearned after the Help America Vote Act of 2002 that elections \nare one area of civic life that we cannot fully digitize. To \nenable meaningful recounts and post-election audits, we must \nhave software-independent, voter-verifiable paper records. Very \nsimply, it is time for a paper mandate in elections for Federal \noffice. Or at least some very attractive incentives designed to \nreplace paperless systems.\n    Second, Congress should limit the use of paperless remote \nvoting systems. There are some contexts, such as uniformed and \noverseas voting, where jurisdictions allow email, fax, or even \ninternet voting, occasionally disguised as remote ballot-\nmarking systems. These systems do not have a paper record \nbacking up those votes, and they may even expose jurisdictions \nto increased risks of cyberattack. Rather than allowing, for \nexample, any absentee voter to use these systems as some \njurisdictions do, paperless remote voting should be limited to \nonly those who could not otherwise vote in another manner.\n    Third, Congress should promote the research, development, \nand implementation of risk-limiting audits. Yes, that is a \nwonky term, risk-limiting audits, but you can think of them as \nlow-cost recounts. In a risk-limiting audit, paper ballots are \nrandomly selected and compared to their digital equivalent \nuntil there is enough evidence that, if you did a full recount \nof those paper records, you would know that the outcome of the \nrace wouldn't change. And as mentioned, only a few States \ncurrently permit these kinds of audits, are engaged in pilot \nprojects, and to encourage more, Congress should provide \nincentives for two things: research and development to make \nthem more precise and useable, and then pilot projects with \npublished reports which would greatly help others along this \njourney.\n    Fourth, Congress should commit to long-term funding of the \nU.S. election infrastructure. The ongoing evolution of election \nadministration desperately needs a stable and long-term source \nof funding. Without this, elections will continue to be \nthreadbare and a natural target for attackers that want to \naffect our economy, our society, and our democracy. The down \npayment in ongoing funding contemplated in the Election \nSecurity Act, now part of H.R. 1, is a good start.\n    Finally, Congress must increase the budget of the U.S. \nElection Assistance Commission. The EAC now has a full \ncomplement of sitting Commissioners. It is preparing right \nnow--preparing election officials and voting system testing for \n2020, and it is in the process of finalizing version 2.0 of the \nFederal voting system standards, the VVSG. It is a very busy \ntime for the EAC right now. The last time there was this level \nof activity at the EAC was in 2010 when its budget was roughly \ntwice what it is now.\n    In summary, replace paperless voting systems, incentivize \nrisk-limiting audits, and fund election infrastructure and \nsecurity. Thank you very much.\n    [The statement of Mr. Hall follows:]\n    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]\n    \n    The Chairperson. Thank you very much.\n    Ms. Benson.\n\n           STATEMENT OF THE HONORABLE JOCELYN BENSON\n\n    Ms. Benson. Chairperson Lofgren, Ranking Member Davis, and \nMembers of the Committee, thank you for holding this hearing \nand for the invitation to testify. Securing our election \ninfrastructure against efforts to thwart or undermine the will \nof our voters is essential to the survival of our democratic \nsystem. I am honored to offer my perspective as Michigan's \nchief election officer on this critical challenge.\n    As this Committee proceeds, I encourage you to seek further \ninput from State and especially local election administrators. \nNow more than ever, the Federal Government's role as a partner \nwith us securing our elections is necessary if our work at any \nlevel is to succeed. The role best manifests itself in three \nforms: one, investment and resources, much of which we have \nheard today; two, setting standards and establishing \nprotections at the local level; and, three, setting and \nestablishing a cooperative and bipartisan tone.\n    As you know, in recent years, we have seen unprecedented \nthreats to our election system, including some from \nsophisticated foreign-government-aligned entities. From this \nvery highest level of government, we need acknowledgement of \nthe past, present, and future threats posed by foreign state \nactors, and through that, the marshaling of bipartisan support \nand cooperation to build a sustainable and secure election \ninfrastructure in every State.\n    The threats to the security of our elections did not begin \nin 2016 and we know for certain that they will not end in 2020. \nOnly through a unified approach and long-term commitment and \ninvestment can we adequately support the infrastructure we need \nto provide a voting system in which all Americans will rightly \nplace their trust. Part of that unified approach must be a \ncommitment to providing a predictable stream of funding and \nother resources.\n    Many of the issues we have discussed today can only be \naddressed partially at the local level and temporarily with the \ntools that we have at our disposal. In many cases, election \nofficials know what they need to do, but they cannot afford to \ndo it. The Federal Government has taken positive steps, such as \nsignificantly improving Federal, State, and local coordination, \nand making more funding available, but we need to do much more.\n    Michigan's election system provides a useful example. We \nare unique in the extent to which our election administration \nresponsibility is shared among over 1,500 local municipalities, \neach one running their own elections. This decentralized system \nhelps safeguard against systemwide problems but also means we \nhave many links in the chain. Local officials are often on the \nfront lines of defense, and investment in their work is \ncritical if we are going to secure all our elections.\n    With that in mind, investing in the infrastructure at the \nlocal level, providing support to local clerks, supporting poll \nworkers as well with increased accountability with local \nofficials who don't take advantage of the resources or \notherwise fail to run elections in a way that ensures security \nand integrity of election results is critical.\n    To ensure we are implementing best practices and leaving no \nstone unturned in Michigan, I also formed a security task force \ncomposed of local officials, election specialists, and national \nexperts in technology and data security, including a liaison \nfrom the Department of Homeland Security. Our goal is for \nMichigan's elections to be among the most secure in the country \nand to pilot best practices, like risk-limiting audits, that we \nhope can drive national reform.\n    While we await our Michigan panel's final recommendations \nlater this year, their initial discussion has already focused \non securing and protecting several areas of vulnerabilities. I \ndescribe these in greater detail in my written testimony but \nwill highlight a few key points here.\n    First, voter registration databases. Following the 2016 \nelection, we learned of attempts to compromise our voter \nregistration databases in other States, some successful. If \noutside actors were able to manipulate registration records \nsuccessfully, they could disrupt elections and put voters at \nrisk. Protections against this potential is critical. In \nMichigan, we have taken steps to modernize and safeguard our \nvoter registration database, the backbone of our election \nadministration system. And it is also important to have \nprotections at the local level in the event of a registration \nproblem. Michigan has joined the growing list of States that \nallow voters to register on election day and vote that same \nday. In yesterday's elections alone, 400 voters took advantage \nof that freedom, and they would not have voted without it.\n    In Michigan, someone missing from a list on election day \ncan now reregister at a clerk's office and vote. This is an \nimportant safeguard also to threats to challenge our voter \nregistration databases.\n    In addition, voting technology is critical to upgrade, and \nI also want to emphasize that simple investments in voting \ntechnology is incomplete without a recognition that that \ntechnology will continually evolve, and upgrades and \nsustainable sources of funding for those upgrades are critical.\n    Finally, support from Congress and the Federal Government \nwill be critical to ensuring this and many other issues are \naddressed, and I am encouraged by the bipartisan spirit of \ncooperation among election officials in our State and in our \ncountry, particularly when it comes to election security.\n    Tomorrow, Secretary Merrill, a Republican, and myself, a \nDemocrat, are leading a bipartisan group of Secretaries of \nState to visit Selma, Alabama, where Congressman John Lewis and \nmany others put their lives on the line for the right to vote. \nThrough this leadership, we, as secretaries of state, hope to \nshow bipartisan support and cooperation is possible, and we \nhope to strengthen and unify our commitment to a free and fair \nelection system. And I encourage you to join us in this spirit \nof bipartisan cooperation. Thank you.\n    [The statement of Ms. Benson follows:]\n    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]\n    \n    The Chairperson. Thank you very much. Good for you.\n    And Secretary of State Merrill.\n\n            STATEMENT OF THE HONORABLE JOHN MERRILL\n\n    Mr. Merrill. Thank you, Madam Chairperson, Ranking Member \nDavis, distinguished Members of the Committee, I am honored to \nbe with you today. I am John Merrill and I have the privilege \nto serve as Alabama's 53rd Secretary of State. Alabamians have \nan extraordinary amount of experience with effective and \nineffective election administration. At one time, our laws were \nwritten to reduce or eliminate minority participation in the \nelectoral process. My team and I work diligently each day to \nensure the right to vote and the opportunity to receive a free \ngovernment-photo-issued ID are extended to each and every \neligible U.S. citizen that is a resident of our State.\n    Since I have been Secretary of State of Alabama, we have \nbroken every record in the history of the State for both voter \nregistration and voter participation. I will get to those \nnumbers in a few minutes, but I think that it is essential to \nimpress upon the Committee and members of the body and my \nfellow citizens of the United States that we cannot solve one \ncrisis by pretending it is another. We must work collectively \nto strengthen our cybersecurity to protect the integrity of the \nelectoral system from foreign influence. However, we should not \npresent a narrative to citizens that only one system can ensure \nan equal right to vote.\n    As I previously stated, my goal as Alabama Secretary of \nState is to ensure that each and every eligible U.S. citizen \nthat is a resident of our State is registered to vote and has a \nphoto ID. During my time as Alabama Secretary of State, my team \nand I have changed the paradigm for voting in the State of \nAlabama. Since January 19, 2015, we worked with notable \nAlabamians, local officials, interested parties, key \ncommunicators, and concerned citizens to encourage voter \nregistration and voter participation. The results are \nstaggering.\n    Since January 19, 2015, we have registered 1,249,422 new \nvoters. We now have a record 3,479,068 registered voters. I am \nvery, very proud of that because we have led the Nation per \ncapita in those numbers since I have been the Secretary.\n    You also need to know that we have got 30 of our 67 \ncounties that have electronic pollbooks which expedites the \ncheck-in process and offers greater security for voters to \nparticipate in the process. As a part of our efforts to ensure \nvoter integrity, we have worked to secure six convictions on \nvoter fraud, and we have had two elections that have been \noverturned.\n    We will continue to document, investigate, and prosecute \nthose individuals and their attempts on disrupting the \nelectoral process for others.\n    We have created Alabama's first Braille voter guide and \nother applications for absentee ballots printed and regular \nballots printed in Braille. In 2016, we created a committee to \nauthor and pass legislation and make it easier for folks to \nregain the right to vote after being convicted of disqualifying \nfelonies.\n    My legislative team is currently working with Alabama State \nSenator Rodger Smitherman, a Democrat, to pass legislation, to \nmake it easier for Alabamians to cast an absentee ballot, \nincluding those Alabamians that are incarcerated but not \nconvicted of disqualifying felonies while they remain \nincarcerated.\n    Our director of relations is currently working with a team \nof election analysts and other third-party groups to build an \nactive pilot program for the most effective manner which we can \nconduct post-election audits. We have worked to secure election \nsystems that do not connect to our State and local internet \nnetworks for potential breaches of internet connectivity.\n    We have expanded training provided by the Office of the \nSecretary of State to make sure that cybersecurity is included.\n    All these efforts are designed to ensure that we have made \nsure that we are providing the safest and securest election \nprocedures in our State. We have broken every record in the \nhistory of the State for voter participation in the last four \nmajor elections that we have had as well.\n    We also have an electronic, election-night-reporting \nsystem, which has been exceptional and has been a model that \nother States have used. As a matter of fact, when we had our \nspecial U.S. Senate election on December 12, 2017, we \naccommodated more than 500,000 unique voters and users who were \nmonitoring the system at one time. The work that we completed \nin advance of the election with our State and Federal partners \nto ensure that the system was secure and could be able to \nwithstand cybersecurity attacks has been notable and has been \nsuccessful. All we are trying to do is to make it easy to vote \nand hard to cheat. There is a number of ways that we have \ncontinued to do that.\n    I think the most important thing for me to close with is by \nsharing that we continue to work with our private and public \npartners, and the effort that Secretary Benson and I have put \ntogether to ensure that we are trying to do the best we can to \nhave a bipartisan effort to help people understand where we are \ntoday in our elections process and where we hope to be in the \nfuture. We think the best way to do that is by understanding \neach other, each other's needs, what our common goals are, and \nhow we hope to move forward for the future. Thank you so much.\n    [The statement of Mr. Merrill follows:]\n    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]\n    \n    The Chairperson. Thank you very much.\n    And thanks to all the witnesses.\n    Now is the time when Members of the Committee may ask \nquestions of the witnesses for five minutes apiece.\n    I will turn first to our Ranking Member, Mr. Davis, for \nquestions that he may have.\n    Mr. Davis of Illinois. Well, thank you again to all the \nwitnesses for your testimony.\n    I want to start with Mr. Hall. Assuming the supply chain is \nsecure, do you believe that ballot-marking devices with a \nvoter-verified receipt is a reasonably secure method of voting?\n    Mr. Hall. Absolutely. One of the things we struggle with \nhere is to make a system a hundred percent secure is \nimpossible.\n    Mr. Davis of Illinois. Okay.\n    Mr. Hall. What we try to do is make them as secure as we \ncan. Certain ballot-marking devices, they are not all created \nequal. I have my favorite, which is created by a government, \nthe county of L.A., Los Angeles County. But I do think that, \nespecially if we can make sure that voters understand that it \nis their civic duty to make sure they look at that piece of \npaper that is the ballot of record, that it is a secure and \nreasonable system.\n    Mr. Davis of Illinois. Okay. What, in your opinion, would \nthe sample size be for a risk-limiting audit in a State like \nFlorida with a 10,000-vote margin in a statewide race?\n    Mr. Hall. The example I typically use--I don't know the \ndetails about Florida, but for example, in a State like \nCalifornia, a 1-percent-margin race, typically to get around 95 \npercent confidence, you need to sample 400 ballots from the \nentire State. So this is why risk-limiting audits are so \nawesome because they give you the best leverage off of counting \nthe fewest ballots to know, if you did a recount, it wouldn't \nchange.\n    Mr. Davis of Illinois. But do you think the risk-limiting \naudits would result in more statewide recounts?\n    Mr. Hall. I like to think of these as statistical recounts. \nYou get the answer you would get from a recount without having \nto do the recount. I am hoping--I doubt that would be the case, \nif you were going to go to a recount before, that you would \nprobably go to a recount under these systems as well.\n    Mr. Davis of Illinois. Okay. It wouldn't work in my 2,000-\nvote margin of victory, huh?\n    Mr. Hall. It depends on a number of factors. It is hard for \nme to say without doing the math----\n    Mr. Davis of Illinois. Sample size of, like, two.\n    Mr. Hall. Yeah. Probably not.\n    Mr. Davis of Illinois. Hopefully I can get my wife and \nkids. So, could State-canvas systems already in place be \nmodified for risk-limiting audits?\n    Mr. Hall. This depends on a bunch of technical factors. The \nbest risk-limiting audits right now are what we call ballot-\ncomparison risk-limiting audits, where a single ballot is \ncompared with the digital record that it corresponds with. \nThose are only feasible right now with what are called central \ncount optical scan systems, and so it depends on the specifics \nof the locality----\n    Mr. Davis of Illinois. Okay.\n    Mr. Hall [continuing]. Whether or not they are--we are \nworking on making it work for everything, but it is going to \ntake a little while.\n    Mr. Davis of Illinois. Well, that gets me to my next \nquestion. How does the Center for Democracy and Technology \nthrough its support of Voting Works hope to impact the current \nmarket for voting systems and election support?\n    Mr. Hall. Voting Works is--nonprofits will incubate other \nnonprofits when they don't have their 501(c)(3) status, and \nthat is what we are doing at the Center for Democracy and \nTechnology. Voting Works aims to be a nonprofit, open-source, \nvoting-system vendor, which is very different than all the \nother election manufacturers on the market. We hope that by \nbuilding things that people can take and use and build on, that \nthrough that work, it will spread good things rather than \nkeeping things proprietary and keeping things secret.\n    Mr. Davis of Illinois. Okay. Mr. Norden, do you believe \nthat an equal protection claim under the Voting Rights Act \nwould exist in relation to post-election audits?\n    Mr. Norden. I am not sure I understand the question. Are \nyou saying that if a jurisdiction didn't conduct post-election \naudits, would there be an equal protection claim?\n    Mr. Davis of Illinois. What I am saying is, if they did a \nrisk-limiting audit and a jurisdiction made the claim, would \nyou believe that if it was compared to another neighboring \njurisdiction, that the--that the equal protection claim under \nthe VRA would exist in relation to the post-election audits?\n    Mr. Norden. I guess what I would say, this is the first \ntime I have ever confronted that question, so I would have to \nthink about it, but it would not immediately occur to me that \nsomebody could bring an equal protection claim for how post-\nelection audits were conducted.\n    Mr. Davis of Illinois. Okay. Yeah, I would like you to \nthink about it and get back to me----\n    Mr. Norden. I am happy to do that.\n    Mr. Davis of Illinois [continuing]. If you could.\n    Okay. And then to the entire panel and whomever wants to \nanswer, what, if anything, do you know about the U.S. \nDepartment of Defense Advanced Research Project Agency's effort \nto create a federally supported hardware architecture for \nvoting? And do you believe the Federal Government should be \npursuing a more aggressive role in the design and deployment of \nelections technology for State and local adoption, and if so, \nwhy or why not?\n    Mr. Merrill. My answer is no, and the reason is because \nthat should be left up to the local States to be able to \npurchase the equipment that they think is important for them to \nuse. And, frankly, I feel like the free market is the one that \nought to determine what the availability of that equipment is \nand what should be purchased and what should not as long as it \nmeets the standards.\n    Mr. Davis of Illinois. Okay.\n    Ms. Benson.\n    Ms. Benson. I would actually--I would welcome that type of \ninvestment at the Federal level. The work that we have done \nalready with the Department of Homeland Security has been very \nhelpful because of the additional resources and expertise they \nbring to the table. I do think it would need to be a \npartnership with States and local election officials who have \nunique things to share as to what the infrastructure should \nlook like, but certainly I could only imagine that it would \nhelp our efforts to secure our elections if we had that level \nof infrastructure, investment, and support.\n    Mr. Merrill. And to be clear, we are still friends.\n    Mr. Davis of Illinois. So are we.\n    Mr. Merrill. But I am not for universal adoption.\n    Mr. Hall. So, quickly, the work that DARPA is doing is to \ncreate secure hardware and to use voting as a really \nchallenging application on top of that. And the cool thing \nabout that is it will be usable by anyone later down the line \nwho could actually take that and turn it into a product, rather \nthan a research demonstration system, so I am very hopeful that \nthis will benefit everyone in a way that doesn't force them but \nallows them to see that secure hardware is a really important \npart of securing systems in general.\n    Mr. Davis of Illinois. Thank you.\n    The Chairperson. Thank you. I will recognize myself for \nfive minutes because I want to follow up on this DARPA issue. I \nhad understood, perhaps incorrectly, that they were also--DARPA \nwas also looking at open-source software. Is that correct, Mr. \nHall?\n    Mr. Hall. As far as I understand it--and I am not involved \nin the project--there is a hardware component. There is the \nsoftware that runs on the chip that they are making, and then \nthere is the software around the application of voting itself. \nSo there are a bunch of pieces in there. I am pretty sure that \nall those pieces are going to be freely and publicly available \nunder generous copyright licensing terms. And I think that is--\n--\n    The Chairperson. Does anyone else, any of the other \nwitnesses--we have reached out to DARPA, and they thought it \nwas best not to be a witness at this hearing. But do you know, \nMr. Norden? No? So I think we need to know more about that \nbecause it seems to me that we have had a problem in the \ncountry with proprietary software systems refusing to tell \nanybody what their system is not disclosing, and so the victims \nultimately are the American voter, but also election officials \ncan't know what the problems are even if they should be \nconcerned about what had happened, and having open-source \nmaterial available to elections officials is one way to avoid \nthat.\n    I would like to follow--or perhaps you don't know, Mr. \nHall, but some of the software experts in my home, Silicon \nValley, were critical about the DARPA effort, that it wasn't \nsufficiently open source to their liking. Do you know anything \nabout that?\n    Mr. Hall. I am not familiar with it. I would have to follow \nup.\n    The Chairperson. I think we need to pursue it with DARPA \nthen.\n    Let me ask you this, Mr. Hall, or anyone else, Mr. Norden, \nhow should political campaigns, which are fast-paced, nimble, \nin a rush, bolster their cybersecurity, particularly if \nresources are scarce? Usually, oftentimes, it is the last thing \nthe candidates are thinking about. What are best practices for \ncampaigns?\n    Mr. Hall. Many of the best practices for campaigns are very \nsimilar to the best practices for election officials, or you \ncan even think of a campaign as really a rock 'n' roll startup. \nThey only last for, like, 18 months, and it has a ton of money \nand has to get rid of it really quickly. The things that can \nreally help the campaigns are what I call of systems-level \nprotection. So, for example, hardware keys for two-factor \nauthentication, where it is not just a password that you have, \nbut you actually have to have something on your key chain that \nyou stick in and push a button. Those things, and then \nhardening their communications infrastructure. So there have \nbeen a lot of attacks on email systems of campaigns and things \nlike that. These are things that we can deal with. The problem \nis a campaign's security is not the thing that they get awards \nfor doing well, right? They get someone elected. And so----\n    The Chairperson. Right.\n    Mr. Hall [continuing]. A lot of us have been trying to \nchange the mentality and say: Look, security is just as much a \nfirst-class citizen in your enterprise as it is----\n    The Chairperson. Well, especially if it has an impact on \nwhether you get elected, so----\n    Mr. Hall. Absolutely.\n    The Chairperson. Mr. Norden, you have written books and \narticles on this subject. Describe, if you can, what hacking \ninto election systems, whether it is voter registration \ndatabases, the voting machines themselves, what could happen on \nelection day? What is the worst case--what keeps you awake at \nnight on this?\n    Mr. Norden. Oh, gosh. Look, you know, in many ways, we \nknow--we know some of the bad things that can happen by looking \nat what has happened in other nations, but we also know just \nwhat has happened not by malicious act but by mistake here in \nthe United States. And I often say that anything that can \nhappen through error is kind of the opposite side of the coin \nof what can happen maliciously. We have seen, for instance, \nwhen electronic pollbooks fell, what kind of chaos that can \ncause at the polls, how it can keep people from voting, how it \ncan cause lines for hours. And so that is certainly something \nthat I worry about, and I am concerned that we don't have \nFederal standards, unlike for voting machines. I think when \nHAVA was written, electronic pollbooks weren't in as wide use \nas they are today. Thirty-four States use them today. And we \ndon't have those kind of baseline--you know, the voting machine \nguidelines are voluntary. If we had something like that at the \nFederal level, I think that could be a baseline for States. We \nhave information--a lot of these electronic pollbooks use \nwireless components. They have information that is on the \ncloud. So that is something that worries me, of course. And \nsame thing with--and that is an example of the kind of thing \nthat you would be worried about with registration databases \nalso, changing information so that when people show up at the \npolls, they are unable to vote. There is a lot that we should \nbe doing, and I think we can be doing, to protect against that, \nmaking sure that we have contingency plans.\n    And then, lastly, of course, the real--the nightmare--the \nbig nightmare scenario is that somehow somebody changes votes \non a voting machine or for election night reporting, and I do \nthink that is why having paper backups of every vote, being \nable to go back and, detect it through audits, and then \nrecover. And I think that is important even if there isn't an \nattack. They are so--you know, when we talk about foreign \ninterference, we are often focused on election infrastructure. \nThere is a whole social media disinformation element to this \nthat Mr. Davis mentioned. There can be a lot that is done there \nto undermine confidence in the vote, and having paper backups, \ndoing audits, I think, is one way to combat that.\n    The Chairperson. Thank you very much. Before calling on the \ngentleman from Georgia, I will say, we had very strongly held \ndivergent views on various elements of H.R. 1, but I don't \nthink there was any disagreement on a partisan basis that we \nwant every vote cast by Americans to be counted as cast, and \nthat we don't want to become victims of an attack from any \nsource. I think there is bipartisan agreement on that.\n    The gentleman from Georgia is recognized.\n    Mr. Loudermilk. Thank you, Madam Chairperson.\n    It is a very important hearing we have here, and I have got \na couple questions, especially regarding the voting machines. I \ncome from a technology background. I have an IT background. \nAlso, early in my career, I had a job spying on Russia, in the \nAir Force. I bring a cybersecurity aspect to this as well. \nLong-time advocate for a paper backup. But what I am hearing, \nit seems counterproductive to some things I have advocated for \nin the past because I have seen the advantage of computer-based \nvoting is the efficiency, especially when it comes to post-\nelection. I can remember the first elections I was involved in, \nas a volunteer. You were up till midnight, 1 or 2 o'clock in \nthe morning, in Georgia, waiting for results to come in. People \nare sitting at the courthouse waiting for counts to be done. We \nbrought electronic voting in. A lot of times you know within a \nhalf hour to an hour by the time the polls close.\n    But then we have the problem of, I would get calls from \nRepublicans that the machines were changing my vote as I voted \nto all Democrats, and you get the same thing from the other \nside.\n    What I heard from a lot of you is to not use a paper backup \nbut use a predominantly paper ballot system with a computerized \nbackup, which seems to be backwards to me from what would be \nthe most efficient use, which would be, utilize computerized \nvoting because of the efficiency. We already have a lot of long \nlines and the initial counting, but have the machine produce a \npaper verification that the voter then verifies that piece of \npaper is what they cast on the machine, that is then filed and \nused as a backup. I would like to hear, Mr. Hall, what are your \nthoughts on that? Because to me that actually reduces the human \nerror, multiple marks made on a page for the same candidate, \nhanging chads, all that, is that the voter is then verifying \nthat the computer did take what they said--the way they voted, \nand then that would be used for your recount.\n    Mr. Hall. Yes, and so what I would say is, we have come a \nlong way since around 2000 in that the machines we use now and \nthat we are advocating for are what we call software \nindependent. And what I mean by that is that no change in the \nvote total is--I am misstating the definition, but essentially \nthink of it as, if something were to mess with the vote totals, \nyou would still have an independent way of coming at the actual \nresult. And so now these ballot-marking devices, they don't \nkeep any state, to use a nerd word. Now, they don't keep the \ntotals themselves. They use a different machine, like an \noptical scan machine, to suck the ballot in and actually do the \ncounting. And so you have the benefit of using technology----\n    Mr. Loudermilk. Right.\n    Mr. Hall [continuing]. For doing all of the navigation. You \nhave a computer counting the thing, and you still have a paper \nballot backup for the auditing.\n    Mr. Loudermilk. So you have an IT-based device that \nactually casts the paper ballot, and a different device that \nactually counts it, and you have a backup.\n    Mr. Hall. It depends on the model, but yes, that is \nbasically correct.\n    Mr. Loudermilk. Okay. Ms. Schneider.\n    Ms. Schneider. So, the way you described the paper ballot \nworking is actually the way that it does work with an optical \nscanner. You are still getting the efficiency of the computer \nwhen it comes to ballots, and you can still have that speed, \nalthough we should consider whether speed is the value we want \non election night, but you still have that speed by having the \ncomputer scanners, even if you mark a ballot by a pen or \npencil.\n    And I do want to point out that with ballot marking \ndevices, it is critically important, especially if they are \nused for all voters, there are two critical important things: \nOne, there has to be enough. You have to know how many voters \ncan vote on a single device during the course of one election \nday; and two, there has to be a process, a deliberate process, \nespecially for those who are not using the assistive features \nto deliberately verify that their choices are correctly \nreflected, because there could be mistakes, or there could be \nmalware that could impact that ballot, and so you have to--that \nis a process. That is a process issue on top of a security \nissue.\n    Mr. Loudermilk. So let me make sure. You are talking about \nactually using a physical ballot that I mark.\n    Ms. Schneider. Right.\n    Mr. Loudermilk. Like the standardized tests that we used to \ndo in school.\n    Ms. Schneider. That is correct.\n    Mr. Loudermilk. Does that not open up for human error that \ntakes us back to the hanging chad days of the 2000 Presidential \nelection?\n    Ms. Schneider. We use paper ballots in my home county. I \nwill tell you a story. In the State House race in my county, \nthe margin of victory was about two dozen votes. It happened \ntwice, in 2006, and, again, in 2016. And about 23,000 ballots \nwere counted in that race. There was a full hand recount of \nthose races, and the ambiguous ballots that you would talk \nabout where you might dispute the voters' intent were not \nenough to change the outcome.\n    Mr. Loudermilk. But if we could, Mr. Hall, you seem to be \nagreeing with me in that aspect as it does open up the chance \nfor human error but doing it the way we were discussing would \npretty much alleviate that. Is that true?\n    Mr. Hall. Yes. And I think this is where we differ a little \nbit on the panel in the sense that at CDT, we believe that \nusing the computer interface to improve navigation to reduce \nerrors is a really important part. You do need to have enough \nof them. You have to pay for them. They are really expensive. \nAnd, so, those kinds of balancing features come into the \nultimate decision of whether or not you should purchase those \nkinds of machines, but we believe that you should use \ntechnology when it does things really well and then ground it, \nyou know, have it in something like paper when there is an \nimportant security element that you can't otherwise do. It is \nlike an ``air gap.''\n    Mr. Norden. I would just quickly like to add one thing. The \nBrennan Center doesn't take a position on ballot marking \ndevices versus optical scan and filling out these ballots, but \nI do want to make one point. Most people at this point in the \nUnited States are voting on these paper ballots now, and the \nscanner, as a computer, can be very helpful in preventing the \nkind of problems that you are talking about. In fact, the new \ntechnology makes it much less likely that somebody makes a \nmistake that they can't catch. The scanner now will notify a \nvoter if it can't read their vote, will notify a voter if they \nvoted in too many contests.\n    So, the kind of hanging chad problem that you are talking \nabout because of that technology is much, much, much less \nfrequent. We have statistics on this, much, much less frequent \nthan we saw with punch card ballots.\n    Mr. Loudermilk. I see my time expired, but maybe if we have \na second round, Madam Chairperson, I will follow up.\n    The Chairperson. Sure. The gentlelady from California, Mrs. \nDavis, is recognized. And as I have to attend a meeting I \ncannot get out of, so I am going to ask her to take the chair.\n    Mrs. Davis of California [presiding]. Thank you. I was \ngoing to thank Madam Chair, but I want to thank all of you for \nbeing with us today. I appreciate it very much.\n    I want to ask you, please, Mr. Hall, if you could walk us \nthrough the process, or maybe it is even the lack of a process, \non how the NSA lets State election officials know about \nemerging threats, or vulnerabilities that they have discovered \nin State election infrastructure?\n    And I will go on for just a second and be a little bit more \nspecific. Is there a formal system already in place for when \nthe NSA or the broader intel community is supposed to \ncommunicate with State election officials? From what I \nunderstand, there is something that has been created called the \nVulnerabilities Equities Policies and Process, but it doesn't \nappear that it has the kind of proactive warning that private \nindustry or State election officials can do anything with, or \nat least it doesn't seem to notify them in real time so they \ncan respond.\n    Mr. Merrill. Madam Chairperson, obviously you didn't ask \nthat question, but not to overstep, I think it is important----\n    Mrs. Davis of California. Sir, let me ask Mr. Hall first, \nokay?\n    Mr. Merrill. Yes, ma'am. Just to let you know, we didn't \nreceive any notification from anybody at any time.\n    Mrs. Davis of California. Okay. No. That is part of how we \ndeal with this, yeah.\n    Mr. Merrill. Yes, ma'am.\n    Mr. Hall. Okay. So there were two things in your question. \nThe first is how State and local election officials are \nnotified of potential attacks on their systems. This is a \npretty well-orchestrated thing. I don't know the full details, \nbut I can give you a high level overview, and if you ask me in \nQ&A format, I can follow up in more detail.\n    Essentially, the NSA does, and the CIA do things, and not \nin the United States, to figure out who may be attacking our \nsystems. The FBI does a little bit of that, too, domestically. \nIf something were to happen where someone foreign was targeting \nour systems with cyber-attacks, presumably, the FBI would be \nnotified, and either DHS or FBI, probably FBI, would notify the \nState and local election officials.\n    In some cases, that went to governors or CIOs who may not \nbe in the path. They may not have been directly plugged into \nthat disclosure path. I think that is changing now with \nclearances for the State officials, because often, if you don't \nhave a clearance, you can't accept this kind of stuff. So it is \ncleaning up a little bit.\n    I still think that I am seeing, for example, there is a \nproblem--if you are a victim, when DHS notifies you, they are \nnot going to announce to the world what happened to you. It is \nup to you as the victim to disclose that, or it is going to \ncome out in the press at some point. That thing--I think there \nneeds to be something, like a couple of years or a year after \nsomething--someone gets notified such that that stuff becomes \npublic.\n    The Vulnerabilities Equities Process is something I can \ndescribe. It is a little different in that it is more about \nflaws that our defenders find, or offensive people find in \ncommercial products that they can then decide when to disclose \nto the commercial entity to fix them. And I haven't seen that \ntouch the voting systems sphere yet. It would be interesting if \nit did. I would love to know about that.\n    Mrs. Davis of California. Yes. Thank you. Really, I respect \nyour response there. What we are trying to figure out is, is \nthere a way to have clearances and then the issue is, what do \nyou do? If you think about it, say you get that information a \nfew days before an election, and it is very serious.\n    Mr. Hall. That is very tough.\n    Mrs. Davis of California. What do you do?\n    Mr. Hall. It depends on the nature of the information. For \nexample, if you are told that someone installed malware on one \nof your machines, and it hopes to spread to your other machine, \nbecause they know exactly what the machine is, hopefully, you \ncan quarantine that machine. But often, it is more likely there \nhas been someone in your network for six months. We have no \nidea of what kind of access they had. You need to look at \neverything. That can be a real, real challenge for local \nelections.\n    Mrs. Davis of California. So part of it, perhaps, may be--\nand if you all want to respond, just the vulnerabilities that \nyou may learn about, but that may not necessarily translate \ninto something that you can act on, in real time. So that is \nsomething that--I think we all need to be thinking about that \nand how we can be helpful to you as election officials.\n    I wonder, Secretary Benson, if you were to suspect a \nforeign intelligence hack, who would you turn to? Where would \nyou go from there?\n    Ms. Benson. We have contacts, you know, with DHS and \nmultiple different agencies, so we would contact, you know, \nwhether--regardless of the potential threat, and we are in, and \nI am in, frequent contact with those officials. In fact, we \nhave a DHS liaison at Masterson who serves on my election \nsecurity task force, so we are in frequent communication. That \nis something I established early on in my tenure to ensure that \nwe are, in real time, learning of threats, and then, you know \nthrough security clearance.\n    Mrs. Davis of California. Any ideas that you all have \ndiscussed that you think, perhaps, we need to know about in \nterms of how you can have a better relationship in this way?\n    Ms. Benson. I think it is a proactive one on the part of \nthe Federal Government, as well as the Secretaries of State, \nthat perhaps standards and expectations from Congress can \nestablish. But it is something that an individual leader will \ntake seriously, but I think encouraging us to develop that \nrelationship and then ongoing communication and a statewide \nresponse system is important.\n    Mrs. Davis of California. Okay. Thank you very much. I am \nsorry.\n    Mr. Butterfield. It looks like it is your turn.\n    Mr. Butterfield. Thank you very much. I know the \nChairperson is not in the room, but I want to begin by thanking \nher for holding today's hearing. This topic is extremely \nimportant. It appears to be a bipartisan issue that we are \ntalking about, and one that is very dear to my heart.\n    The Mueller report that we have heard so much about has a \nrevelation that I want to make a reference. The Mueller report \nstated, quote, ``In August of 2016, the GRU officers,'' and, of \ncourse, we all know that is the Russian foreign intelligence \nagency, ``targeted employees of,'' and then there is a \nredaction, ``a voting technology company that develops software \nused by numerous U.S. counties to manage voter rolls and \ninstalled malware on the company network.''\n    Further, the report goes on to describe a separate spear-\nphishing operation conducted by GRU operatives that enabled \naccess to the network of at least one Florida county \ngovernment. And now, I am just finding out that in my \nCongressional district in North Carolina, a poll book product \nprovided by an election vendor catastrophically failed on \nElection Day in 2016. Now, that failure occurred in six \nprecincts in Durham, North Carolina on Election Day. And one of \nthose precincts was forced to close one hour and a half at \nlunchtime during one of the busiest times for voters.\n    There has been reporting that the voting technology company \nidentified in the report, that is the Mueller report, who \nsuffered a cyber intrusion in August of 2016, is the same \nvendor whose poll books catastrophically failed on Election Day \nin my district. The intrusions described in the Mueller report \ndemonstrate just how important today's hearing is, and how \nrobust action is urgently needed from this Congress to ensure \nthe security and integrity of our election system.\n    We know Russia interfered in our elections in 2016 and will \nlikely try it again next year. And so, the question is then \npresented: What is this Congress going to do about it? Let me \nstart with you, Mr. Norden. Was the attack in 2016, in your \nopinion, a well-planned Russian attack, or was it basically \nspontaneous?\n    Mr. Norden. Thank you for the question, Mr. Butterfield. \nThat is something I have thought a lot about. If you look at \nthe reports of what the Russians did, actually, the attacks on \nelection infrastructure almost look like an afterthought. They \nhappened months after the hacking of political campaigns, at \nleast reported what we know, months after the hacks on \npolitical campaigns, and years after the first disinformation \ncampaign that we saw from the Russians.\n    I do have concerns that--this is one of the reasons why I \nam concerned that the threat we face in 2020 is greater. The \nRussians will now have had four years to gain whatever they \nlearned and given what we know that they have done in other \ncountries, I would be concerned that there is potentially a \nmuch more aggressive action.\n    Mr. Butterfield. Let me talk about election vendors for a \nmoment, if I can. Can you quantify for me the number of \nelection vendors throughout the country? Is it a small number?\n    Mr. Norden. Well, that is a very difficult question to \nanswer, because election vendors are central to so many aspects \nof the elections we run. We often think about just voting \nmachines, and there are three main voting machine vendors and a \ncouple of other smaller ones, but then there are vendors that \nproduce electronic poll books. There are vendors that, for some \nlocal election offices, create their websites.\n    Mr. Butterfield. Is there a registry anywhere of election \nvendors?\n    Mr. Norden. Not that I am aware of.\n    Mr. Butterfield. What regulatory oversight does the Federal \nGovernment have over an election vendor? Do we have any \noversight?\n    Mr. Norden. So, I mean, at the moment there--one thing that \nI talk about is there are more Federal regulations of ballpoint \npens than there are of our election infrastructure. There \nhasn't been, as far as I am concerned, as much oversight as \nthere should be of election vendors. We don't necessarily know \nwho owns the election vendors. We don't know who works for \nthem.\n    Mr. Butterfield. Are you a proponent for more oversight?\n    Mr. Norden. Absolutely. Absolutely. I think we need more \ninformation about who the vendors are, who works for them, what \nkind of security processes they have in place. And I certainly \nthink a basic thing that we deserve is if election vendors are \naware of a cyber attack on them, that they should be required \nto report that to the Federal authorities, to anybody that is \nusing their products, and that currently doesn't exist right \nnow. There is no requirement for that.\n    Mr. Butterfield. That was going to be my next question.\n    Yes. Ms. Schneider.\n    Ms. Schneider. Thank you. I wanted to answer your other \nquestion regarding the number of vendors. The reason it is so \ndifficult to determine that number is because there are 8,000 \njurisdictions who administer elections, and for many of those \njurisdictions who are very small, they outsource or contract \nwith vendors to perform many steps in the election \nadministration, and so, the real oversight need is for these \nthird-party vendors. They may not be voting system \nmanufacturers, but they may provide services and exactly the \nkind of vendors that you are talking about from the Mueller \nreport where there is no oversight or regulation of those \nvendors, and no standard that they have to adhere to in terms \nof cybersecurity.\n    Mrs. Davis of California. Thank you. Thank you for your \nresponse.\n    Ms. Fudge.\n    Ms. Fudge. Thank you very much and thank you all for being \nhere. As you may know, we have been traveling the country a bit \njust getting data and information about voting irregularities, \nvoter suppression, et cetera. I want to start with the two \nelected officials that are sitting here.\n    We have heard so much as we have traveled the country. I am \nfrom Ohio, by the way, a State that thought that our machines \nwere so awful, we got rid of them, but South Carolina bought \nthem. This is true. South Carolina bought all the machines we \ngot rid of because they were not effective. To go back to your \npoint, there is no regulation.\n    I am trying to determine from the two of you what do I tell \npeople who have no confidence in our system? What do I tell \npeople who believe that there is no integrity, that don't \nbelieve that their votes count? I have people who are afraid \nnow to vote absentee, but then they come to the polls and see \nlong lines, and they are afraid to do that, too. They look at \nthese electronic books and they can't find their name, and when \nthey do, their signatures just may have dotted their ``I'' \ndifferently, and they tell them they can't vote. What do I tell \npeople who have no confidence in the system? What the state is \nof voting--what is the state of affairs of voting in the United \nStates today?\n    Ms. Benson. I think you tell them, one, that we have much--\none, I completely agree that focusing on ensuring voters have \nconfidence in the security and accessibility of our elections \nis a critical component to making our democracy work. And I \nthink why it is so important that we have a partnership at the \nState level with Federal Government, and why the Federal \nGovernment can set important standards and play an important \nleadership role, just as it has historically with the Voting \nRights Act. It is setting the standards and expectations that \nStates must meet in order to protect everyone's right to vote.\n    In addition to that, I think factually, and what you have \nheard today, is that we are further ahead than we were five \nyears ago, two years ago, ten years ago in securing our \nelections, but as we have moved forward, threats have emerged \nas well and evolved. And so what we need more of that we \nhaven't had before is a stronger Federal and State partnership, \nand even Federal-State-local paper partnership where we are \ncollaborating on a bipartisan basis to ensure that we are \nleaving no stone unturned in promoting the accessibility of the \nvote and the security of the vote. Those ongoing \ncommunications, that ongoing partnership, is important, and \nthat is part of what we have tried to do at the State level \namong our Secretaries.\n    Mr. Merrill. Yes, ma'am. I think it is real important to \nnote some of the things we have already introduced. First of \nall, in our State, we made a concerted effort to ensure that \npeople know that their vote needs to be cast for the candidate \nof their choice, but in order to do that, you have to be a \nregistered voter, so we made it a campaign effort to ensure \nthat all eligible people in our State are registered to vote. \n96 percent of all eligible African Americans in the State of \nAlabama are registered to vote, 91 percent of all eligible \nCaucasian Alabamians are registered to vote, and 94 percent of \nall eligible Alabamians are registered to vote.\n    Ms. Fudge. But that doesn't tell them that their vote \ncounts.\n    Mr. Merrill. No. But, when they go to all 2,499 locations \nin our State and they see a line, one of the ways we try to \nreduce that is by introducing electronic poll books.\n    Now, Madam Chairperson, I really want to revisit that \nquestion about standardization.\n    Ms. Fudge. Okay, but this is my time. I am trying to get \nanswers to my questions.\n    Mr. Merrill. I just want to make sure she knows.\n    Ms. Fudge. Okay. Just hold one second for me.\n    Mr. Merrill. Yes, ma'am.\n    Ms. Fudge. Ms. Schneider, you talked about the cost of \ntrying to assist States. What do you think it would cost to \nhave a fair election in every State in the country because they \nhave machines that are not going to be easily hacked, that they \nhave a paper trail? What does that cost?\n    Ms. Schneider. Well, I think that there have been published \nestimates of the cost, but in the Secure Election Act from last \nsession, and in the security part of the H.R. 1, the $1.2 \nbillion that is allocated for this purpose is a good start. We \nknow--I can speak specifically for Pennsylvania where 83 \npercent of the counties in Pennsylvania had unverifiable and \nvulnerable systems, and the estimate for just Pennsylvania was \nclose to $100 million to replace just those systems. So, I \nthink that the first thing is an influx of investment right \nnow, and then sustainable funding going forward.\n    Ms. Fudge. All I can say is that I am more concerned now \nthan when you came in about how easily our systems are \ncompromised, and the fact that States don't have the resources \nto ensure to every one of their citizens that their vote is \ngoing to count. Thank you so much, all of you.\n    Mrs. Davis of California. Thank you.\n    Mr. Raskin.\n    Mr. Raskin. Thank you, Madam Chairperson. Thanks to the \nwitnesses. It seems as if the cyber age has made political \ndemocracy more vulnerable, and our elections more susceptible \nto attack and manipulation. We know from the Mueller report \nthat there was a sweeping and systematic campaign by Russian \noperatives to destabilize and change the course of the American \nelection.\n    One part of it was pumping ideological poison into the \nAmerican body politic through Facebook and Twitter and other \nsocial media. Another part was the cyber espionage of the DNC, \nthe DCCC, and the Clinton campaign in order to release emails \ninto the election. And the third part of it was the direct \nefforts to hack into State election systems.\n    We also know from the intelligence community today that the \nsame bad actors have not gone away and are planning a return \nengagement with the American people in 2020. And there might be \nother bad actors now who have decided to enter the sport, given \nthe spotty defenses and response of the American Government. \nThe good news, I think, is that there is a good deal of expert \nconsensus as to what needs to be done to better secure our \nelections, and I just want to see if all of you all agree with \nthese points.\n    The first is that we should get rid of paperless voting \nmachines and move to voting systems with voter marked paper \nballots. Is that something that there is consensus on? Okay. It \nlooks--let the record show I think everybody is nodding their \nheads.\n    Secondly, we need to update and replace out-of-date \ncomputer software in States that are still using antiquated and \nobsolescent systems. Everybody agrees with that, yes?\n    Ms. Benson. Yes, but we need to do so in way that carries a \nsustainable funding source because updating it now means it \nwill be out of date in five years.\n    Mr. Raskin. Good. That is a strong point. We have got to be \nthinking long term, not short term, in terms of all of these \nremedies.\n    We need to adopt post-election audits in order to determine \nwhether there are strange things going on. Does everybody agree \nwith that? Yes. And then the Federal Government ought to \nprovide greater cybersecurity resources to help thousands of \ndifferent electoral jurisdictions across the country fortify \ntheir cyber defenses and defend the integrity of our elections. \nDoes that sound right to everybody?\n    Okay. So how would we characterize where the States are in \nterms of developing their responses in order to be ready and \nsecure for the 2020 elections? Is there somebody who would be \nwilling to state where they think that the State elections are, \nthe systems are? Ms. Benson.\n    Ms. Benson. I will start.\n    Mr. Raskin. Please.\n    Ms. Benson. I think that a partnership, a strong \npartnership with State and local officials and the Federal \nGovernment is key, and frankly, the Federal Government has both \nthe leadership, a standard establishing role, and an \neducational role to play for many State and local officials who \ncome to the jobs, perhaps new to the area, and could benefit \nsignificantly from ongoing educational awareness and training \nto the point where if there is a problem identified, you are \nnot simply telling us the problem, you are providing us with \nthe tools, resources, and education to fix it.\n    Mr. Raskin. And in some sense, America's problems are \nunique here, because we have such a decentralized system of \nelectoral administration. In most countries, certainly our \nneighbors, Mexico and Canada and the European countries, there \nare national electoral commissions. I think in Mexico, there is \neven like a national electoral supreme court. But there are \nnational electoral commissions whose sole job, as professional \nnonpartisan entities, is to administer elections fairly. And we \ndon't have anything like that, right? We have got the Federal \nElection Commission whose sole jurisdiction is campaign finance \nand is almost completely dysfunctional even with respect to \nthat. We don't have a national electoral administration, so we \ndepend on the States and the counties and the cities to do it, \nright?\n    Mr. Merrill. Congressman, if we did not allow that to \nhappen the way that it is, according to the 10th Amendment, so \nthose decisions are best made at the local level, at the State \nlevel. It would be a lot easier to infiltrate the system and to \nprepare it to be compromised.\n    Mr. Raskin. You think it is easier to defend 8,000 \ndifferent systems than one system?\n    Mr. Merrill. I think it is easier to defend an individual \nState system than it is if you just knew that on one particular \nday, using one set of equipment that is used in the entire \nNation----\n    Mr. Raskin. But can you imagine if America's military \ndefense was provided by the 51 different jurisdictions.\n    Mr. Merrill. Yes, sir, but we are not talking about the \ndefense.\n    Mr. Raskin. It is an analogy, yes.\n    Mr. Merrill. Well, but it is not an accurate one, in my \nestimation, based on what we are trying to do. That is why I \nthink we need to make sure that equipment is approved, \nequipment is evaluated, and equipment is documented and \nrecorded as to its effectiveness in election administration.\n    Mr. Raskin. Okay. I yield back. Thank you.\n    Mrs. Davis of California. Thank you both. We are going to \ndo another round here quickly, so I want to turn to the Ranking \nMember, Mr. Davis.\n    Mr. Davis of Illinois. I know everybody is excited for the \nsecond round, right?\n    Mr. Merrill, you were making a point earlier and were not \nable to finish that point. I would like to give you some time \nto do that if you want.\n    Mr. Merrill. Well, there are a couple of things, \nCongressman. One of the things I think it is important to note, \nthe gentlelady from Ohio, who has since had to be excused, I \nthink it is important to note that according to all reports \nthat we received from Homeland Security, from \ncounterintelligence, from the Central Intelligence Agency, from \nthe FBI, there was never an incident or occurrence in any of \nthe 50 States in the Union where tabulation changes occurred \nduring the 2016 election. I think that is very important to \nnote.\n    It is very important to recognize that fact, that the \nRussians did, indeed, infiltrate our systems, but primarily \nthrough social media, and through influencing people in their \ndecision making. When it comes to the administration of the \nelections, no votes were changed. No equipment was touched. \nThere have been no changes occur to the votes that were cast \nfor those candidates.\n    The other thing that I wanted to talk about, Congressman, \nin relation to election equipment. What we could really benefit \nfrom in Alabama, in Michigan, in all other States in the Union \nis to have a centralized effort to evaluate the effectiveness \nof election equipment, whether it be for voter registration \npurposes, whether it be for voter administration purposes, \nelectronic poll books.\n    And as a member of the Election Assistance Commission \nStandards Board, one of the things I have advocated for is that \nwe need to have the EAC be a central repository where they \ncould evaluate the effectiveness of equipment. And if they \nnoted failures, or failures were recorded, they could come back \nand say in a report, much like Consumer Reports used to do for \nall of us that are old enough to remember it where they don't \nrecognize, or recommend, that a specific vendor be selected, \nbut they say this is what we know about the successes. This is \nwhat we know about the failures. And in doing so, it puts us in \na better position when we are trying to determine if this is a \nspecific group we need to do business with, or a product that \nwe need to purchase.\n    Mr. Davis of Illinois. All right. Well, I agree with your \nearlier statement. Facts matter, statistics matter and help us \ndetermine how we effectively spend taxpayer dollars to ensure \nthat we have the fairest, safest, most secure election systems.\n    Secretary Merrill, you worked with DHS going up into the \n2018 elections, right?\n    Mr. Merrill. Yes, sir, and still do today.\n    Mr. Davis of Illinois. What were your thoughts initially \nabout DHS coming in and helping?\n    Mr. Merrill. I was a little bit irritated. Part of it was \nbecause when we were told by Secretary Johnson before the \nelections in 2016 that the Department of Homeland Security was \ngoing to take over the elections process, that is a real \nconcern, because that is not an area that those individuals \nhave been trained to take over and to help us be able to \neffectively administer the elections. What we need is support, \nand we need assistance, and when possible, funding to assist us \nin that area.\n    But for the Federal Government to come over and to \noverreach and to take over the administration of the elections \nat all levels, first, I don't think it is appropriate. \nSecondly, I don't think it is constitutional.\n    Mr. Davis of Illinois. So that was your worry in 2016?\n    Mr. Merrill. Yes, sir.\n    Mr. Davis. But right now, what are your thoughts about \n2018?\n    Mr. Merrill. Yes, sir. It has continued to improve, because \none of the things that we have seen is, they have wanted to \nwork with us, and we made our position known to Secretary \nJohnson and through the Obama administration, and then to \nPresident Trump and through Secretary Nielsen. We have found \nthem to be very receptive to our request. I have had, in the \nlast 15 months, two private meetings with Secretary Nielsen and \nwith other team members. We have visited with her and other \npeople in Homeland Security to talk about the issues that have \nbeen so important and so relevant to us. They have been very \nreceptive, very responsive. They have offered assistance. They \nhave offered assistance at the State and local level in \nAlabama. I know they have done that in other States as well.\n    Mr. Davis of Illinois. They haven't come in and required \nyou to do things?\n    Mr. Merrill. No, sir. They said that we are available. If \nyou would like to enter into an agreement with us, we would be \nsupportive, but not what we would consider overreach where they \ncome in to take over the system.\n    Mr. Davis of Illinois. How many of your colleagues that are \nsecretaries of state, or in my State of Illinois, it would be \nthe State Board of Elections. How many do you think would be \nreceptive to mandatory Federal assistance?\n    Mr. Merrill. Not very many. I think there is some that \nwould be interested in having a stronger partnership than we \nhave if they could get certain benefits from it. But we think, \nand when I say ``we,'' I am talking about the colleagues that I \nam the closest to. Much like Thomas Jefferson suggested that \nthat government which governs best governs least. That is the \nsum of good government.\n    Mr. Davis of Illinois. Well, Mr. Secretary, thanks for your \nresponse. I have no idea why my red light speeds up faster than \neveryone else's, but it always happens that way, so I yield \nback.\n    Mrs. Davis of California. Thank you. I will recognize \nmyself for five minutes and just follow up with this discussion \na little bit, because, you know, it is possible to think about \na time when a jurisdiction, when the State doesn't have proper \ncybersecurity systems, and in that case, what are we looking \nat? Should there be a role for the Federal Government to make \nsure that their system is not as vulnerable to hacking as \nperhaps a neighboring State?\n    Mr. Merrill. Yes, ma'am. And one of the things that I would \nsuggest that, much like the appropriation that we just received \nfrom the EAC, if there were certain expectations about the way \nthat a block grant of resources could be received by the State \nand be utilized by that State in certain areas to make sure \nthat certain purchases were being made, or certain systems were \nbeing implemented to prevent vulnerabilities or to keep certain \nvulnerabilities from being exposed, that would be very helpful \nto us.\n    But for certain things to be introduced, as it was in H.R. \n1, to say that you must have these things in place, you must do \nthese and have an unfunded mandate, that is not good for any \nState, no matter whether you have a great deal of resources in \nyour statement or you are limited with your resources.\n    Mrs. Davis of California. So it sounds like you are talking \nabout some enforcement capability in some areas, but not in \nothers.\n    Anybody else want to comment on that quickly?\n    Ms. Benson. Yes. I would like to offer the alternative \nperspective. With all due respect to my good friend, Secretary \nMerrill, I am coming at this as a long-time academic and voting \nrights scholar. I feel very strongly that there is a leadership \nrole for the Federal Government to play. It is in partnership \nand in collaboration with the State and local governments, as I \nhave said repeatedly today, but the Federal Government cannot, \nand should not, abdicate its role as it has historically to set \nthe standards and expectations that all States must meet.\n    I think it is the basic Constitutional imperative of equal \nprotection, and it takes into consideration that while every \nState does have unique challenges, there are some standards of \nexpectations that, especially if we are receiving Federal \nfunding, I think many of us, myself included, would be \ncomfortable working with the Federal Government in seeking to \nmeet. It is a dance to determine how deep and specific those \nstandards should be, and I acknowledge that, but I don't think \nthat is a reason to not have basic data-driven, fact-based \nsolutions, and bars that States should strive to meet if they \nare receiving Federal assistance.\n    Mr. Davis. Thank you. Yes, please.\n    Ms. Schneider. I just wanted to share with you my \nexperience in 2016 with the Department of Homeland Security. At \nthat time, they offered their services free of charge to State \nand local jurisdictions who wished to receive them, and we were \nable to engage with the Department of Homeland Security to run \na penetration test and assessment of our networks before the \n2016 election, which we were very grateful for, and we think \nthat that is the kind of partnership that should occur, and I \nthink that they need adequate resources to offer those services \nto every jurisdiction who would like them.\n    And to your earlier question before about whether you get \nnotification, there is the multi-State information sharing \nassociation from the Center for Internet Security, that it does \ngo to the State CIOs, but we did receive that in Pennsylvania, \nand if it was unclassified, it was filtered down, and also, \nthrough the Pennsylvania Emergency Management Association.\n    Mrs. Davis of California. Okay. Thank you very much. And \nthat was in real time, you are suggesting. Was it a week from \nthe occurrence, or right away?\n    Ms. Schneider. No. If they were unclassified, they were \nright as they occurred.\n    Mrs. Davis of California. Okay. Great. Thank you.\n    I wonder if you could, just for a moment, think about \nwhether you believe that there is anything that voters should \nbe doing to make our systems more secure? Is there an \neducational piece that we have not addressed in this country?\n    Ms. Schneider. There is one thing that voters could do \nright before or at any point in the election cycle, is to check \ntheir registration, and make sure that their information is \ncorrect, their address is correct, their polling place is \ncorrect, because if there has been an attack or tampering in \nthe registration system, you can detect it and correct it in \nadvance.\n    Mr. Hall. And I would say check your ballot to make sure \nthat the thing you cast reflects your intent and volunteer to \nbe a poll worker. This is a vast volunteer force, and it is the \npinnacle, I think, of civic duty, you know, spending 16 hours \ncounting your fellow citizens' votes.\n    Mrs. Davis of California. Thank you. And that is \nparticularly in areas where there is a very diverse community, \nwe need to have people come forward who understand language and \nculture and a whole host of other things. Thank you very much. \nI appreciate all of you for being here, and I am going to turn \nto Mr.----\n    Mr. Merrill. Madam Chairperson, if I may add to that in \nresponse to your question. One of the things we have done is \ntry to encourage non-voters to become poll workers. We are \npassing legislation now in Alabama, it has already passed both \nchambers, to allow 16- and 17-year-olds to be able to work the \npolls which can increase civic responsibility.\n    Mrs. Davis of California. Thank you. Appreciate that as \nwell.\n    Mr. Loudermilk, do you have an extra question?\n    Mr. Loudermilk. Thank you, Madam Chairperson. I want to \nshift away from voting, because I would really love to continue \nthat conversation, and I think Mr. Hall and I could have a good \nconversation on that. I think we see eye to eye on this.\n    I want to move over to the cybersecurity aspect of it now, \nand from my background in cybersecurity, any breach at some, or \nat least the majority of breaches at some level, have human \nerror involved in it. There is usually some aspect, and a lot \nof times, it is a failure to act. It is with a patch or it is \nwith something--at Equifax, it was failure to actually have a \npatch. And Mr. Hall is right. You cannot create a 100 percent \nsecure system.\n    When I was working in intelligence in the Air Force, we \ncommissioned a vendor to create a completely secure system. \nThey came pretty close. It was very secure, but it was so slow, \nnobody could use it. So it is always--it is a balance there.\n    I do want to say something, and Mr. Merrill brought up a \ngood point. It is from my experience of working in IT, it is \nalways more secure to have multiple vendor systems over a \nsingle vendor system which if that is compromised, then \neverybody has--the bad guy has 100 percent access to \neverything. But you have to have a set of standards that the \nvendors operate by, and I think that is a role that we can play \nas a recommended set of standards still leaving the 10th \nAmendment, the States authority to conduct and operate their \nelections. But if you are going to use certain types of \nsystems, they should meet these standards. I think that is \nclear.\n    But back to the cybersecurity aspect. Is anyone on the \npanel familiar with OODA loop? OODA. O-O-D-A. A little bit \nsurprised because that is used in cybersecurity. It is a cycle \nof decision making that you use to defeat an adversary in a \nfast-paced, multi-faceted environment. It is OODA. It means----\n    Mr. Hall. Observe something, detect, act?\n    Mr. Loudermilk. It is observe, orient, detect or decide and \nact. It basically means you are always observant. You are \nwatching to see what is going on which is happening in our \ncybersecurity realm right now. You orient yourself to what the \nthreat is or multiple threats coming in. You make a decision of \nwhat you are going to do to counter that decision, and you act. \nAnd these loops are going continually, and it is used today. \nThe NSA uses it. The CIA uses it. It was developed by an actual \nAir Force Colonel, so you know, give a few kudos to the Air \nForce there.\n    Most cyber risk and breaches come from the last aspect of \nthat, a failure to act. It is you orient, you observe, you \ndecide, and in the case of Equifax, they didn't act to put a \npatch in. When we go to the 2016 election, and I will open this \nup to anybody, because I am still trying to figure out why we \ndid what we did. I don't know if you are familiar with Michael \nDaniel. Michael Daniel was the cybersecurity czar in the \nprevious administration.\n    When the administration was given evidence that the \nRussians were actively trying to attack our cybersecurity, or \nour election systems, when it came to the acting, he was given \nthe order by the National Security Advisor, Susan Rice, to \nstand down and not do anything. This was testified before the \nSenate in 2018 by Michael Daniel, that he received the order to \nnot act to counter the Russians' attempts to interfere with our \nelection system. Can anybody answer why, and maybe that would \nhave a failure to act on the part of the Obama administration?\n    Mr. Hall. The only thing I can think of is concern with \nongoing operations that might have revealed something, but, you \nknow, given that democracy hangs in the balance, I am not sure. \nI don't know enough about the specifics to say one way or the \nother.\n    Mr. Loudermilk. I think we could have evolved a lot of \nstuff, resolved a lot of stuff, had there been the act which is \na standard process in cybersecurity.\n    And one last question for you, Mr. Merrill. War Eagle or \nRoll Tide?\n    Mr. Merrill. My friend, look. There is only two words that \nyou can say. Roll Tide.\n    Mr. Loudermilk. All right. Thank you. I yield back.\n    Mrs. Davis of California. Thank you.\n    Mr. Raskin.\n    Mr. Raskin. Thank you, Madam Chairperson.\n    Ms. Benson, I just want to follow up with you about a point \nyou were making before. First, there are a number of provisions \nin our Constitution which confer power on Congress and the \nFederal Government to regulate elections, right?\n    Ms. Benson. Yes.\n    Mr. Raskin. For example, the Congress has to guarantee to \nthe people of the States a Republican form of government. Also, \nthere is a specific provision which allows Congress to \nlegislate in the electoral field, right? And under the \nsupremacy clause, it clearly is supreme to the States. And as \nwell, there are the enforcement provisions of a number of \namendments in the Bill of Rights, and that is how we have made \ngreat progress in our country. Certainly, we would not be where \nwe are in terms of voting with all the problems that we have \nwithout the Voting Rights Act of 1965, and that was passed \nunder Section 5 of the 14th Amendment, right?\n    Ms. Benson. Yes.\n    Mr. Raskin. Is there any serious debate about the \nCongressional role in trying to make sure that everybody's \nvoting rights are vindicated, and everybody's votes are \ncounted?\n    Ms. Benson. I think in Section 2 of the 14th Amendment, I \nthink whether it is the Help America Vote Act, the National \nVoter Registration Act, the Voting Rights Act of 1965, the \nmyriad of other Federal laws that have been enacted since the \ninception of our democracy, our democracy is better because of \nthe congressional role in enforcing a basic standard of \nexpectations of protections for all of our citizens.\n    Mr. Raskin. And to just tease that out for a moment, \nhaven't the greatest threats to people's voting rights started \nat the local and State level? Obviously, we have got this new \nthreat of global interference with people's voting rights, but \ntraditionally in our country, haven't the greatest threats \narisen locally?\n    Ms. Benson. History does show us that some of greatest \nthreats have emerged locally, and some of the greatest \nsuccesses and protections for voting rights have also emerged \nlocally when States and local governments have gone beyond what \nthe Federal Government has expected as a standard. I want to \nmake that point as well, but, yes, certainly there is a \ncritical role for the Federal Government to play.\n    Mr. Raskin. Yes. I mean, the States have certainly led in \nterms of the expansion of the franchise, and we know lots of \nStates extended women the right to vote, for example, before \nthe 19th Amendment----\n    Ms. Benson. And language protections.\n    Mr. Raskin [continuing]. Was adopted. And language \nprotections and extending the right to vote to African \nAmericans. And so that is definitely the case, that we have \nseen a lot of forward movement in the States that lead to \nnational changes. But in the dynamics of Federalism, Congress \nhas played an essential role in securing people's right to \nvote. And I think given the new cyber threats to voting \nsecurity, Congress cannot abdicate that role, and Congress \nshould be really in the forefront of trying to assist the \nStates in making sure that we are fortifying our defenses, so \nthere is not an open door for the kinds of activities that we \nsaw in 2016.\n    Ms. Benson. It is a critical role for the Federal \nGovernment to play. Also, in acknowledging and being a partner \nwith us, and you know, fully funding the Election Assistance \nCommission and other existing agencies can go a long way in \nthat regard as well.\n    Mr. Raskin. Okay. Madam Chairperson, I yield back to you. \nThanks so much.\n    Mrs. Davis of California. Thank you very much.\n    I might just follow up. Fully funding it and providing some \nauthority so that they can do something about it, correct? I \nthink everybody would agree with that.\n    Ms. Benson. And I also want to emphasize as you have seen \ntoday, the importance of talking to more State and local \nofficials, because I think you will see multiple different \nperspectives and opinions, and through that, I think you can \ndevelop some Federal expectations and standards.\n    Mrs. Davis of California. Thank you very much. I want to \nthank all of you for your valuable testimony here, for \nappearing, and for being very helpful. I also want to let you \nknow that members have five legislative days to revise and \nextend their remarks, and written statements may be made part \nof the record. If they have questions, we ask you to please \nrespond in writing as soon as possible. I think there is a \ndeadline on that but respond quickly so they can be made part \nof the record. Thank you very much. If there are no objections, \nthis hearing is adjourned.\n    [Whereupon, at 4:00 p.m., the Committee was adjourned.]\n    [GRAPHIC NOT AVAILABLE IN TIFF FORMAT] \n    \n</pre></body></html>\n"