[House Hearing, 116 Congress]
[From the U.S. Government Publishing Office]


                           ELECTION SECURITY

=======================================================================

                                HEARING

                               BEFORE THE

                           COMMITTEE ON HOUSE
                             ADMINISTRATION
                        HOUSE OF REPRESENTATIVES

                     ONE HUNDRED SIXTEENTH CONGRESS

                             FIRST SESSION

                               __________

                              MAY 8, 2019

                               __________

      Printed for the use of the Committee on House Administration

[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]

                       Available on the Internet:
         https://www.govinfo.gov/committee/house-administration
                    
                               __________
                               

                    U.S. GOVERNMENT PUBLISHING OFFICE                    
38-641                    WASHINGTON : 2020                     
          
--------------------------------------------------------------------------------------                   
                    
                    
                    COMMITTEE ON HOUSE ADMINSTRATION

                  ZOE LOFGREN, California, Chairperson
JAMIE RASKIN, Maryland               RODNEY DAIVS, Illinois
SUSAN A. DAVIS, California             Ranking Member
G. K. BUTTERFIELD, North Carolina    MARK WALKER, North Carolina
MARCIA L. FUDGE, Ohio                BARRY LOUDERMILK, Georgia
PETE AGUILAR, California
                            
                            C O N T E N T S

                              ----------                              

                              MAY 8, 2019

                                                                   Page

Election Security................................................     1

                           OPENING STATEMENTS

Chairperson Zoe Lofgren..........................................     1
    Prepared statement of Chairperson Lofgren....................     4
Hon. Rodney Davis, Ranking Member................................     7
    Prepared statement of Ranking Member Davis...................     9

                               WITNESSES

Larry Norden, Deputy Director, Brennan Center's Democracy Program    11
    Prepared statement of Mr. Norden.............................    13
Marian Schneider, President, Verified Voting Foundation..........    26
    Prepared statement of Ms. Schneider..........................    28
Joseph Lorenzo Hall, Chief Technologist and Director, Center for 
  Democracy and Technology.......................................    37
    Prepared statement of Mr. Hall...............................    39
Hon. Jocelyn Benson, Secretary of State, State of Michigan.......    48
    Prepared statement of Hon. Benson............................    50
Hon. John Merrill, Secretary of State, State of Alabama..........    57
    Prepared statement of Hon. Merrill...........................    59

                       SUBMISSIONS FOR THE RECORD

Hon. Rodney Davis, Ranking Member, statement.....................    83


 
                           ELECTION SECURITY

                              ----------                              

                         WEDNESDAY, MAY 8, 2019

                  House of Representatives,
                 Committee on House Administration,
                                                    Washington, DC.
    The Committee met, pursuant to call, at 2:17 p.m., in Room 
1310, Longworth House Office Building, Hon. Zoe Lofgren 
[Chairperson of the Committee] presiding.
    Present: Representatives Lofgren, Raskin, Davis of 
California, Butterfield, Fudge, Davis of Illinois, Walker, and 
Loudermilk.
    Staff Present: Khalil Abboud, Deputy Staff Director; Sean 
Jones, Legislative Clerk; David Tucker, Parliamentarian; Tanya 
Sehgal, Senior Elections Counsel; Veleter Mazyck, Chief of 
Staff to Representative Fudge; Lauren Doney, Communications 
Director and Deputy Chief of Staff to Representative Raskin; 
Julie Tagen, Chief of Staff to Representative Raskin; Brandon 
Mendoza, Senior Legislative Aide to Representative Davis of 
California; Lisa Sherman, Chief of Staff to Representative 
Davis of California; Kyle Parker, Senior Policy Advisor to 
Representative Butterfield; Evan Dorner, Legislative Assistant 
to Representative Aguilar; Joy Yunji-Lee, Minority Counsel; 
Courtney Parella, Minority Communications Director; Jesse 
Roberts, Minority Counsel; Cole Felder, Minority General 
Counsel; Jen Daulby, Minority Staff Director; and Susannah 
Johnston, Legislative Assistant to Representative Loudermilk.
    The Chairperson. Good afternoon. The Committee on House 
Administration will come to order. We do thank the witnesses 
for being here with us today. This Committee is charged with 
overseeing the administration of Federal elections, and this 
hearing will help us fulfill that responsibility by documenting 
the scope of current election security challenges.
    Before we proceed, I offer this background on today's 
troubling state of affairs. It is documented that foreign 
agents, specifically Russians, attempted to interfere in 
American elections in 2016. The fact of Russian interference in 
the 2016 election was confirmed by eight credible national 
entities, the Central Intelligence Agency, the Office of 
Director of National Intelligence, the FBI, the National 
Security Agency, the Department of Justice, the Department of 
Homeland Security, and the House Intelligence Committee and the 
Senate Intelligence Committee.
    There was not only consensus among American intelligence 
officials, both Democrats and Republicans agree that attempts 
were made by Russia to compromise the integrity of American 
elections. On July 17, 2018, then House Speaker Paul Ryan said 
to reporters: They did interfere in our elections; it is really 
clear.
    Senate Majority Leader Mitch McConnell referred to 
indisputable evidence of Russia's attempt to influence the 2016 
election. Senate Majority Leader McConnell further stated: ``We 
understand the Russian threat, and I think that is the 
widespread view here in the United States among members of both 
parties.''
    More details of foreign interference in our election became 
known through the release of Special Counsel Robert Mueller's 
report which detailed the following, quote: ``GRU officers, the 
main military foreign intelligence service of Russia, also 
targeted individuals and entities involved in the 
administration of the elections.'' Victims included U.S. State 
and local entities, such as State boards of election, 
secretaries of state, and county governments, as well as 
individuals who worked for those entities. The GRU also 
targeted private technology firms responsible for manufacturing 
and administering election-related software and hardware, such 
as voter regulation software and electronic polling stations.
    In June 2017, then Democratic Leader Pelosi created the 
Congressional Task Force on Election Security in response to 
then the inaction on the topic. Despite our clear 
responsibilities under House Rules, not a single hearing was 
held in this Committee on this topic in the last Congress.
    In February 2018, the Task Force released its report, 
recommending reforms that could significantly advance election 
security. Among some of the proposed reforms are replacement of 
paperless voting machines with paper ballot voting systems, 
risk-limiting audits, upgraded information technology 
infrastructure, including voter registration databases with 
ongoing maintenance, and requirements that election technology 
vendors secure their voting systems.
    Intelligence community pre-election threat assessments, in 
coordination with Federal and State officials is important, and 
it also prioritized State-level cybersecurity training. 
Congress has not done enough to tackle this problem. The risk 
posed by the vulnerabilities previously exploited remain. 
Despite the overwhelming evidence showing these 
vulnerabilities, the White House has failed to take these 
issues seriously and to direct resources towards securing 
election infrastructure.
    Last summer, in remarks before the National Association of 
the Secretaries of State, former Homeland Security Secretary 
Kirstjen Nielsen said that there was, quote, ``no indication 
that Russia is targeting the 2018 U.S. midterms at a scale or 
scope to match their activities in 2016 but that she 
``consistently observed malicious cyber activity from various 
actors against U.S. election infrastructure.''
    She also said that, quote, ``there is little doubt that 
adversaries and non-State actors continue to view elections as 
a target for cyber and influence operations.''
    Now, according to The New York Times, Homeland Security 
Secretary Nielsen eventually gave up her efforts to organize a 
White House meeting of Cabinet Secretaries to coordinate a 
strategy to protect next year's elections. As a result, the 
issue did not gain urgency or widespread attention that only a 
President can command, and it meant that many Americans 
remained unaware of the latest versions of Russian 
interference.
    In spite of inaction, the Election Assistance Commission, 
in cooperation with the Department of Homeland Security, has 
been successful at building relations with State officials and 
providing valuable resources as part of the critical 
infrastructure designation. But in the face of increasing 
threats, their efforts must expand. However, such expansion is 
only possible if Congress increases resources.
    Today, the EAC is operating with only half the budget and 
fewer than half the staff it had 10 years ago when threats were 
less grave. This already under resourced agency is only further 
stymied by the administration's strenuous efforts to avoid 
acknowledging our vulnerability and the need to secure our 
elections from foreign threats, facts accepted as plain by both 
legislative branch and national intelligence agencies. This is 
unacceptable, and several things must change.
    States need money to be able to replace their paperless 
voting machines and outdated IT infrastructure. States and 
localities also face the daunting task of training hundreds, if 
not thousands, of election officials, IT staff, and poll 
workers on cybersecurity and risk mitigation.
    Another significant vulnerability comes from election 
technology vendors. Many States purchase their voting systems 
from third-party vendors who have little financial incentive to 
prioritize election security and are not subject to regulations 
requiring them to use cybersecurity best practices, nor are 
they necessarily voluntarily adhering to these best practices.
    In July of 2018, it was revealed that ES&S, one of the 
Nation's largest voting machine makers had installed remote 
access software on election management systems, although it had 
not admitted about this fact to the press. This fact was only 
uncovered through an inquiry by Senator Ron Wyden, who 
characterized this remote access software installation as, 
quote, ``the worst decision for security, short of leaving 
ballot boxes on a Moscow street corner.''
    In addition, election vendors are not currently required to 
inform any Federal agency or State election official in the 
event of a cyber-attack. Federal action is needed now to grasp 
the scope of the problem and to innovate concrete solutions 
that can be implemented before the next Federal election cycle 
in 2020. This goal will be a primary focus of this Committee 
moving forward. No matter your side of the aisle, the oath of 
upholding democracy as citizens and elected leaders in this 
Nation is fundamental, and that is why I am glad to convene 
this hearing today, especially recognizing our new Ranking 
Member Rodney Davis' avowed commitment to advancing election 
security so that every voter can feel that her vote is 
accurately counted and safe from the influence of those who 
wish to see our great democratic experiment fail. And with that 
goal in mind, I would recognize Mr. Davis for his opening 
statement.
    [The statement of the Chairperson follows:]
    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    Mr. Davis of Illinois. Thank you, Madam Chairperson, and 
thank you for your leadership of this Committee and your 
bipartisan leadership on this issue.
    Election security is one of the most important issues that 
this Committee is tasked with and I take the responsibility of 
ensuring fair and secure elections extremely serious. I know 
that my colleagues on this Committee share--we share in this 
sentiment.
    We know that at least 21 States were targeted by a foreign 
state actor prior to the 2016 U.S. election and we know that 
Russia undertook a misinformation campaign during the same 
election. I think I can safely say that everyone on this panel 
finds that troubling, but we must also factually say that no 
votes were changed in the 2016 election and that through the 
tremendous effort of local, State, and Federal officials, the 
2018 midterm elections, with record midterm turnout, were 
secure--with record voter participation, once again. In fact, 
we saw the highest turnout in a midterm election in the last 50 
years.
    As we discuss election security today, it is important to 
note that many of the best practices used to protect our 
elections are noncontroversial. And I want to take a moment to 
clearly demonstrate what I am for. I am for an election system 
remaining--I am for election systems remaining as critical 
infrastructure. I am for helping our election technology 
vendors secure their voting systems. I am for ensuring our 
election officials, both at the State and Federal level receive 
security clearances in a timely manner. I am for empowering the 
Election Assistance Commission to lead our Federal support to 
State and local officials. I am for the Department of Homeland 
Security lending their expertise to State and local officials 
when appropriate.
    We must also recognize that our States and the Federal 
Government have taken significant steps to carry out these 
practices and services. We can take a look at my home State of 
Illinois, which has invested in a new Cyber Navigator Program 
that helps counties detect and defend themselves against 
cybersecurity attacks. I believe we can cannot lose sight of 
what Chris Krebs, the Director of the Department of Homeland 
Security Cybersecurity and Infrastructure Security Agency, said 
before the House Homeland Security Committee earlier this year. 
Director Krebs said, quote: ``Local officials know their system 
and what they need to do to conduct a successful election, end 
quote, and State and local officials should remain in control 
of their elections.''
    As I have said many times, I believe that partisanship is 
the greatest threat to our elections. Election security cannot 
be a partisan exercise, but what we saw during the markup and 
passage of H.R. 1 was purely partisan. Too much is at stake to 
make this about party. If this hearing is an effort by my 
colleagues to take a bipartisan look at election security, I 
welcome it. We have important work to do here. However, I will 
not support any attempt today to waste an opportunity to work 
together and strengthen our election security for an attempt to 
make the nightly news with a partisan political agenda.
    I look forward to learning from our witnesses today on best 
practices that States are implementing to combat foreign 
interference and secure our Nation's elections. I look forward 
to hearing more about the tremendous effort of the Election 
Assistance Commission, the Department of Homeland Security, our 
two secretaries of state, representing the rest in the Nation, 
and most importantly, our local officials, where we see the 
safest, fairest, and the most secure elections being 
administered many, many times throughout the decade. I welcome 
all of the guests today and the witnesses. I look forward to 
hearing from you.
    Madam Chairperson, I yield back.
    [The statement of Mr. Davis of Illinois follows:]
    [GRAPHIC NOT AVAILABLE IN TIFF FORMAT]
    
    The Chairperson. Thank you, Mr. Davis.
    And other Members are welcome to submit their opening 
statements for the record.
    I would now like to introduce our distinguished panel of 
witnesses.
    Under the rules of this Committee, you have five minutes to 
present your oral testimony. However, your full written 
testimony will be made part of the record. There is a light 
system in the front. When you are down to one minute, it goes 
yellow from green. And when it is red, your time is up, and we 
would ask you to sum up. Let me introduce each witness, and 
then we will begin.
    First, we have Lawrence Norden, who is the Deputy Director 
of the Brennan Center's Democracy Program. Mr. Norden has 
worked at the Brennan Center for some time, authoring several 
nationally recognized reports on election security. He served 
as chair of the Ohio Secretary of State's bipartisan election 
summit. He is the lead author of the book ``Machinery of 
Democracy: Protecting Elections in the Electronic World.'' He 
has written extensively on the influence of money in New York 
State politics. He is a graduate of the University of Chicago 
and the NYU School of Law.
    Next, we have Marian Schneider, who is the President of 
Verified Voting. She brings a strong grounding in the legal and 
constitutional elements governing voting rights in elections, 
as well as experience in election administration at the State 
level. She has served as a special advisor to Pennsylvania 
Governor Tom Wolf on election policy. Throughout her career, 
she has focused on the intersections of civil rights and 
election law. She received her Juris Doctor degree from George 
Washington University where she was a member of the Law Review 
and earned her Bachelor's of Arts degree cum laude from the 
University of Pennsylvania.
    Next, we have Joseph Lorenzo Hall, the Chief Technologist 
and Director of the Internet Architecture Project at the Center 
for Democracy and Technology. His work has focused on the 
intersection of technology, law, and policy, working to ensure 
that technical considerations are appropriately embedded into 
legal and policy arguments. He also leads CDT's internet 
architecture project. Thank you very much for that. He has 
received numerous awards I cannot read them all, but prior to 
joining CDT in 2012, he was a post-doc research fellow at NYU, 
and he was at Princeton University, as well as the University 
of California, where he received his Ph.D. in information 
systems. His Ph.D. thesis used electronic voting as a critical 
case study in digital government transparency.
    Next, we have Jocelyn Benson who is the Secretary of State 
of Michigan. We appreciate so much that you have made your way 
here. She was sworn in as Michigan's 43rd Secretary of State, 
January 21st, 2019, after being elected last November to a 
four-year term. Her focus for the department is customer 
service excellence. She is an expert on civil rights law, 
education law, and election law. She served as Dean of Wayne 
State University Law School in Detroit. When she was appointed 
dean at age 36, she became the youngest woman in U.S. history 
to lead a top-100 accredited law school. She continues to serve 
as Vice Chair of the advisory board for the Levin Center at 
Wayne Law which she founded with former Senator Carl Levin. 
Prior to her election, she served as CEO of the Ross Initiative 
in Sports for Equality, otherwise known as RISE. She is the 
founder of the nonpartisan Michigan Center for Election Law. 
She earned a Bachelor of Arts from Wellesley College, a Master 
of Philosophy from Oxford University, and a law degree from 
Harvard Law School.
    Finally, but certainly not least, we have John H. Merrill, 
the Secretary of State of Alabama. We are so grateful that you 
would make time to be here with us today. Secretary of State 
Merrill grew up in Heflin. He is an Eagle Scout. He was a 
graduate of the University of Alabama, where he served as 
president of the Student Government Association as an 
undergraduate. He was elected to represent the people of 
District 62 in the State House of Representatives with 87 
percent of the vote, the highest percentage garnered by a 
candidate in any contested House race that year. He served as 
Secretary Treasurer of the House Republican caucus and was a 
member of the powerful Rules Committee, Economic Development 
and Tourism. He has been awarded the Silver Beaver by the Black 
Warrior Council of the Boy Scouts of America, as well as the 
Sunlight Foundations Award for the most effective Republican 
member of the Alabama House of Representatives. He was elected 
in November of 2014, as Alabama Secretary of State, with 65 
percent of the vote, winning 53 of Alabama's 67 counties and 
was inaugurated Alabama's 53rd Secretary of State in 2015. He 
is active in his community, his church, and active also with 
the National Association of Secretaries of State, and we look 
forward to hearing from him and from all of you.
    We will start first with you.

 STATEMENTS OF LARRY NORDEN, DEPUTY DIRECTOR, BRENNAN CENTER'S 
DEMOCRACY PROGRAM; MARIAN SCHNEIDER, PRESIDENT, VERIFIED VOTING 
    FOUNDATION; JOSEPH LORENZO HALL, CHIEF TECHNOLOGIST AND 
 DIRECTOR, CENTER FOR DEMOCRACY AND TECHNOLOGY; THE HONORABLE 
JOCELYN BENSON, SECRETARY OF STATE, STATE OF MICHIGAN; AND THE 
  HONORABLE JOHN MERRILL, SECRETARY OF STATE, STATE OF ALABAMA

                   STATEMENT OF LARRY NORDEN

    Mr. Norden. Thank you, Chairperson Lofgren, Ranking Member 
Davis, Members of the Committee for this opportunity to testify 
today. Chairperson Lofgren has recounted the scope of Russian 
attacks against our election infrastructure in 2016, but there 
are several reasons to believe we could face even more serious 
threats in 2020. We have seen the kind of damage a well-planned 
attack by Russian operatives can do against election 
infrastructure in Ukraine, Bulgaria, and elsewhere, where 
attackers have deleted critical election files, shut down 
websites, and even inserted a virus designed to declare the 
wrong result.
    Worse, there are other nation-states we need to worry 
about. U.S. intelligence agencies have warned of potential 
attacks by China, North Korea, and Iran, and, indeed, the 
Chinese are alleged to have launched attacks against Indonesia 
and Australia just this year.
    The good news is that we have made significant progress to 
secure our elections since 2016. Most importantly, policymakers 
and election officials are acutely aware of the threats to our 
election infrastructure. There is better information sharing 
and resources sharing between Federal, State, and local 
agencies. In the last 2 years, more resources have been made 
available to secure our election infrastructure, not least of 
which was $380 million in HAVA grants that Congress provided in 
2018. The vast majority of which has been allocated to critical 
security measures.
    Despite this progress, there is far more to be done. First, 
we must replace aging and insecure voting machines. In a recent 
survey by the Brennan Center, local officials in 31 States told 
us that they must replace their equipment before the 2020 
election, but two-thirds of those officials said that they did 
not have adequate funds to do so and this was after 
Congressional funds were appropriated. Too often these systems 
use outdated software that no longer receive security patches, 
and election officials are forced to turn to eBay for 
replacement parts because those parts are no longer 
manufactured. A particularly urgent security issue is phasing 
out paperless machines in the 11 States that still use them.
    Second, we need implementation of robust post-election 
audits--a comparison of paper ballots to software totals that 
will provide a high level of confidence in the election outcome 
and that will correct a wrong voting outcome. Only 21 States 
currently have voter records for--paper records for every vote 
and conduct post-election audits, precertification, and only 
two conduct risk-limiting audits, which provide the high level 
of confidence that I mentioned.
    The good news is that several States used the HAVA money 
that was appropriated to pilot risk-limiting audits in the last 
year, and several jurisdictions would like to do more of those 
this year. And we certainly should be doing everything we can 
in the coming months and years to ensure that these are 
conducted nationwide.
    Third and finally, we must provide ongoing long-term 
support for maintaining and improving election cybersecurity. 
The Mueller report is a reminder that the election 
infrastructure we need to protect goes far beyond voting 
machines. The Brennan Center has long advocated that all States 
implement a process of continuous cybersecurity vulnerability 
assessments and mediation. While we estimate that the costs of 
these kinds of assessments should be no more than a few million 
dollars a year, obviously the cost of securing vulnerabilities 
that are identified by such assessments will cost more.
    Local election offices are on the front lines in defending 
our election infrastructure against attacks, but often have the 
least amount of IT or cybersecurity support. Routine, ongoing 
funding of programs like the one Ranking Member Davis 
mentioned, the Illinois Cyber Navigator Program, which directs 
personnel and resources to local offices, would help close that 
security gap.
    It is cliche to say that this is a race without a finish 
line. Funding election security should be a shared 
responsibility among local, State, and the Federal level, but 
only Congress has the power to ensure that responsibility is 
shared by providing matching grants for State and local 
governments. I am hopeful to see a continued commitment from 
Congress to partner in this effort. Thank you.
    [The statement of Mr. Norden follows:]
    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    The Chairperson. Thank you very much.
    Ms. Schneider.

                 STATEMENT OF MARIAN SCHNEIDER

    Ms. Schneider. Chairperson Lofgren, Ranking Member Davis, 
and Members of the committee, thank you so much for the 
invitation to testify here today. My name is Marian Schneider, 
and I am the President of Verified Voting, a nonprofit, 
nonpartisan organization. Verified Voting's mission is to 
strengthen democracy for all voters by promoting the 
responsible use of technology in elections.
    We are here today to talk about bolstering election 
security. Ninety-nine percent of the votes cast in this country 
are counted by computers, and election administration depends 
on computers throughout the process. 2016 demonstrated what 
many of us in this space have long believed, that the threat to 
our computerized voting systems was not merely theoretical but 
real and persistent. We must, as a Nation, adopt clear 
solutions that will change the destructive narrative that 
election hacking can alter election outcomes.
    In our written testimony, we describe threats and solutions 
for the larger election ecosystems. For voting systems, 
however, the clear solution is to replace aging and vulnerable 
voting machines with systems that use a voter-marked paper 
ballot. Voters mark the paper either with a pen or a computer 
ballot marking device with assistive features for voters who 
need them, creating a verifiable record. Then the ballot is 
scanned and retained in a secure ballot box.
    We leverage the computer speed to count ballots quickly, 
but it is imperative to check that the computer has counted the 
ballots properly. In the best-practice scenario, as Mr. Norden 
mentioned, we can check election outcomes by auditing, 
selecting a random sample of ballots to check the reported 
results and gather sufficient evidence that the outcome is 
correct.
    While there are different types of auditing, Verified 
Voting and other experts urge widespread adoption of risk-
limiting audits as the most efficient and reliable way of 
checking the election results. Such audits have a predetermined 
large chance of leading to a full hand recount if the reported 
results were incorrect, thus limiting the risk that a wrong 
outcome will stand.
    Verified Voting board members and staff have been involved 
with every stage of RLA development, from its inception to 
working with election officials, other groups, and several 
States to pilot risk-limiting audits.
    From 2015 to 2017, I served as Deputy Secretary for 
Elections Administration in the Pennsylvania Department of 
State, overseeing both elections and information technology. I 
have firsthand experience trying to strengthen the 
cybersecurity of election infrastructure in advance of a 
Presidential election. I drafted directives for counties to 
harden their systems, strengthen voter registration database 
backup protocols, invited the Department of Homeland Security 
to conduct penetration testing, and initiated a disaster 
recovery plan for a statewide, election-night-return website. 
And I worked with heroic, local election officials trying to 
keep up with the changing threat environment with next to no 
resources. From that experience, I urge Congress to support 
State and local jurisdictions by providing immediate and 
sustained investment in the security of our elections.
    The consensus among the intelligence community is that 
future attacks on American elections are inevitable. This is a 
given. It is not whether a system will be attacked but when. 
Safeguarding systems requires that we assume such breaches will 
occur or have already. The best practice demands a multilayered 
approach built around the concept of resiliency. Election 
systems are resilient if jurisdictions can monitor, detect, and 
recover from either an intentional attack or a programming 
error. Resilient voting systems are those that use voter-marked 
paper ballots, coupled with the risk-limiting audits. Paper 
ballots and audits are the disaster recovery plan for our 
voting systems.
    A significant number of States have moved toward paper-
based systems over the years. Verified Voting tracks this 
movement on its website and so that is a general recognition of 
the best practices that we are talking about today. The main 
barrier to the remaining States is the cost. We call on 
Congress for the financial investment for jurisdictions to 
replace aging and vulnerable voting systems, to fund technical 
and material support to conduct risk-limiting audits, and to 
fund enhanced security measures for all aspects of election 
infrastructure.
    We also urge investment in the research needed to build 
better election systems, using open-source software and 
research into the best methods to ensure voters check their 
choices before casting their ballots and research that marries 
security with more universally useable and accessible systems.
    Our Nation's election infrastructure is vitally important 
to our democracy. We must continue the progress begun in the 
last two years to ensure that our election systems and voting 
processes are resilient in the face of attack or disaster. With 
support from Congress, the goal is in reach. Thank you.
    [The statement of Ms. Schneider follows:]
    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    The Chairperson. Thank you very much.
    Mr. Hall.

                STATEMENT OF JOSEPH LORENZO HALL

    Mr. Hall. Chairperson Lofgren, Ranking Member Davis, and 
Members of the Committee, thank you for the opportunity to 
speak with you today. My name is Joseph Lorenzo Hall. I am the 
Chief Technologist at the Center for Democracy and Technology. 
For 25 years, CDT has been a leader in protecting digital civil 
liberties and democratic principles online. My Ph.D. work at UC 
Berkeley focused on voting machines, and I have served on a 
number of State-level independent reviews of voting systems. 
Today I will talk first about what we saw in 2018, and then 
CDT's five priorities for election security as we head into 
2020.
    While 2018 did not see the cybersecurity attacks on 
election systems that we saw in 2016, a number of attacks did 
target campaigns and campaign infrastructure. The midterms were 
just not a juicy target for attackers, at least not as 
attractive as 2016 or 2020 election cycles. The issues we did 
see with election systems in 2018 involved isolated but 
systemic issues more easily explained as failures rather than 
attacks.
    For example, in Johnson County, Indiana, a misconfigured 
computer server caused electronic pollbooks to crash across the 
entire county. No one could vote for four hours. In a case of 
election deejaa vu, a serious ballot design flaw likely 
contributed to tens of thousands of missing votes in a Florida 
U.S. Senate contest. We were in many ways lucky and thankful 
that we didn't see attacks like those of 2016, but we still 
have a long way to go in terms of hardening elections.
    CDT believes the following five priorities are crucial 
going into 2020: First, Congress must prioritize the 
replacement of dangerously outdated voting technologies. We 
learned after the Help America Vote Act of 2002 that elections 
are one area of civic life that we cannot fully digitize. To 
enable meaningful recounts and post-election audits, we must 
have software-independent, voter-verifiable paper records. Very 
simply, it is time for a paper mandate in elections for Federal 
office. Or at least some very attractive incentives designed to 
replace paperless systems.
    Second, Congress should limit the use of paperless remote 
voting systems. There are some contexts, such as uniformed and 
overseas voting, where jurisdictions allow email, fax, or even 
internet voting, occasionally disguised as remote ballot-
marking systems. These systems do not have a paper record 
backing up those votes, and they may even expose jurisdictions 
to increased risks of cyberattack. Rather than allowing, for 
example, any absentee voter to use these systems as some 
jurisdictions do, paperless remote voting should be limited to 
only those who could not otherwise vote in another manner.
    Third, Congress should promote the research, development, 
and implementation of risk-limiting audits. Yes, that is a 
wonky term, risk-limiting audits, but you can think of them as 
low-cost recounts. In a risk-limiting audit, paper ballots are 
randomly selected and compared to their digital equivalent 
until there is enough evidence that, if you did a full recount 
of those paper records, you would know that the outcome of the 
race wouldn't change. And as mentioned, only a few States 
currently permit these kinds of audits, are engaged in pilot 
projects, and to encourage more, Congress should provide 
incentives for two things: research and development to make 
them more precise and useable, and then pilot projects with 
published reports which would greatly help others along this 
journey.
    Fourth, Congress should commit to long-term funding of the 
U.S. election infrastructure. The ongoing evolution of election 
administration desperately needs a stable and long-term source 
of funding. Without this, elections will continue to be 
threadbare and a natural target for attackers that want to 
affect our economy, our society, and our democracy. The down 
payment in ongoing funding contemplated in the Election 
Security Act, now part of H.R. 1, is a good start.
    Finally, Congress must increase the budget of the U.S. 
Election Assistance Commission. The EAC now has a full 
complement of sitting Commissioners. It is preparing right 
now--preparing election officials and voting system testing for 
2020, and it is in the process of finalizing version 2.0 of the 
Federal voting system standards, the VVSG. It is a very busy 
time for the EAC right now. The last time there was this level 
of activity at the EAC was in 2010 when its budget was roughly 
twice what it is now.
    In summary, replace paperless voting systems, incentivize 
risk-limiting audits, and fund election infrastructure and 
security. Thank you very much.
    [The statement of Mr. Hall follows:]
    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    The Chairperson. Thank you very much.
    Ms. Benson.

           STATEMENT OF THE HONORABLE JOCELYN BENSON

    Ms. Benson. Chairperson Lofgren, Ranking Member Davis, and 
Members of the Committee, thank you for holding this hearing 
and for the invitation to testify. Securing our election 
infrastructure against efforts to thwart or undermine the will 
of our voters is essential to the survival of our democratic 
system. I am honored to offer my perspective as Michigan's 
chief election officer on this critical challenge.
    As this Committee proceeds, I encourage you to seek further 
input from State and especially local election administrators. 
Now more than ever, the Federal Government's role as a partner 
with us securing our elections is necessary if our work at any 
level is to succeed. The role best manifests itself in three 
forms: one, investment and resources, much of which we have 
heard today; two, setting standards and establishing 
protections at the local level; and, three, setting and 
establishing a cooperative and bipartisan tone.
    As you know, in recent years, we have seen unprecedented 
threats to our election system, including some from 
sophisticated foreign-government-aligned entities. From this 
very highest level of government, we need acknowledgement of 
the past, present, and future threats posed by foreign state 
actors, and through that, the marshaling of bipartisan support 
and cooperation to build a sustainable and secure election 
infrastructure in every State.
    The threats to the security of our elections did not begin 
in 2016 and we know for certain that they will not end in 2020. 
Only through a unified approach and long-term commitment and 
investment can we adequately support the infrastructure we need 
to provide a voting system in which all Americans will rightly 
place their trust. Part of that unified approach must be a 
commitment to providing a predictable stream of funding and 
other resources.
    Many of the issues we have discussed today can only be 
addressed partially at the local level and temporarily with the 
tools that we have at our disposal. In many cases, election 
officials know what they need to do, but they cannot afford to 
do it. The Federal Government has taken positive steps, such as 
significantly improving Federal, State, and local coordination, 
and making more funding available, but we need to do much more.
    Michigan's election system provides a useful example. We 
are unique in the extent to which our election administration 
responsibility is shared among over 1,500 local municipalities, 
each one running their own elections. This decentralized system 
helps safeguard against systemwide problems but also means we 
have many links in the chain. Local officials are often on the 
front lines of defense, and investment in their work is 
critical if we are going to secure all our elections.
    With that in mind, investing in the infrastructure at the 
local level, providing support to local clerks, supporting poll 
workers as well with increased accountability with local 
officials who don't take advantage of the resources or 
otherwise fail to run elections in a way that ensures security 
and integrity of election results is critical.
    To ensure we are implementing best practices and leaving no 
stone unturned in Michigan, I also formed a security task force 
composed of local officials, election specialists, and national 
experts in technology and data security, including a liaison 
from the Department of Homeland Security. Our goal is for 
Michigan's elections to be among the most secure in the country 
and to pilot best practices, like risk-limiting audits, that we 
hope can drive national reform.
    While we await our Michigan panel's final recommendations 
later this year, their initial discussion has already focused 
on securing and protecting several areas of vulnerabilities. I 
describe these in greater detail in my written testimony but 
will highlight a few key points here.
    First, voter registration databases. Following the 2016 
election, we learned of attempts to compromise our voter 
registration databases in other States, some successful. If 
outside actors were able to manipulate registration records 
successfully, they could disrupt elections and put voters at 
risk. Protections against this potential is critical. In 
Michigan, we have taken steps to modernize and safeguard our 
voter registration database, the backbone of our election 
administration system. And it is also important to have 
protections at the local level in the event of a registration 
problem. Michigan has joined the growing list of States that 
allow voters to register on election day and vote that same 
day. In yesterday's elections alone, 400 voters took advantage 
of that freedom, and they would not have voted without it.
    In Michigan, someone missing from a list on election day 
can now reregister at a clerk's office and vote. This is an 
important safeguard also to threats to challenge our voter 
registration databases.
    In addition, voting technology is critical to upgrade, and 
I also want to emphasize that simple investments in voting 
technology is incomplete without a recognition that that 
technology will continually evolve, and upgrades and 
sustainable sources of funding for those upgrades are critical.
    Finally, support from Congress and the Federal Government 
will be critical to ensuring this and many other issues are 
addressed, and I am encouraged by the bipartisan spirit of 
cooperation among election officials in our State and in our 
country, particularly when it comes to election security.
    Tomorrow, Secretary Merrill, a Republican, and myself, a 
Democrat, are leading a bipartisan group of Secretaries of 
State to visit Selma, Alabama, where Congressman John Lewis and 
many others put their lives on the line for the right to vote. 
Through this leadership, we, as secretaries of state, hope to 
show bipartisan support and cooperation is possible, and we 
hope to strengthen and unify our commitment to a free and fair 
election system. And I encourage you to join us in this spirit 
of bipartisan cooperation. Thank you.
    [The statement of Ms. Benson follows:]
    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    The Chairperson. Thank you very much. Good for you.
    And Secretary of State Merrill.

            STATEMENT OF THE HONORABLE JOHN MERRILL

    Mr. Merrill. Thank you, Madam Chairperson, Ranking Member 
Davis, distinguished Members of the Committee, I am honored to 
be with you today. I am John Merrill and I have the privilege 
to serve as Alabama's 53rd Secretary of State. Alabamians have 
an extraordinary amount of experience with effective and 
ineffective election administration. At one time, our laws were 
written to reduce or eliminate minority participation in the 
electoral process. My team and I work diligently each day to 
ensure the right to vote and the opportunity to receive a free 
government-photo-issued ID are extended to each and every 
eligible U.S. citizen that is a resident of our State.
    Since I have been Secretary of State of Alabama, we have 
broken every record in the history of the State for both voter 
registration and voter participation. I will get to those 
numbers in a few minutes, but I think that it is essential to 
impress upon the Committee and members of the body and my 
fellow citizens of the United States that we cannot solve one 
crisis by pretending it is another. We must work collectively 
to strengthen our cybersecurity to protect the integrity of the 
electoral system from foreign influence. However, we should not 
present a narrative to citizens that only one system can ensure 
an equal right to vote.
    As I previously stated, my goal as Alabama Secretary of 
State is to ensure that each and every eligible U.S. citizen 
that is a resident of our State is registered to vote and has a 
photo ID. During my time as Alabama Secretary of State, my team 
and I have changed the paradigm for voting in the State of 
Alabama. Since January 19, 2015, we worked with notable 
Alabamians, local officials, interested parties, key 
communicators, and concerned citizens to encourage voter 
registration and voter participation. The results are 
staggering.
    Since January 19, 2015, we have registered 1,249,422 new 
voters. We now have a record 3,479,068 registered voters. I am 
very, very proud of that because we have led the Nation per 
capita in those numbers since I have been the Secretary.
    You also need to know that we have got 30 of our 67 
counties that have electronic pollbooks which expedites the 
check-in process and offers greater security for voters to 
participate in the process. As a part of our efforts to ensure 
voter integrity, we have worked to secure six convictions on 
voter fraud, and we have had two elections that have been 
overturned.
    We will continue to document, investigate, and prosecute 
those individuals and their attempts on disrupting the 
electoral process for others.
    We have created Alabama's first Braille voter guide and 
other applications for absentee ballots printed and regular 
ballots printed in Braille. In 2016, we created a committee to 
author and pass legislation and make it easier for folks to 
regain the right to vote after being convicted of disqualifying 
felonies.
    My legislative team is currently working with Alabama State 
Senator Rodger Smitherman, a Democrat, to pass legislation, to 
make it easier for Alabamians to cast an absentee ballot, 
including those Alabamians that are incarcerated but not 
convicted of disqualifying felonies while they remain 
incarcerated.
    Our director of relations is currently working with a team 
of election analysts and other third-party groups to build an 
active pilot program for the most effective manner which we can 
conduct post-election audits. We have worked to secure election 
systems that do not connect to our State and local internet 
networks for potential breaches of internet connectivity.
    We have expanded training provided by the Office of the 
Secretary of State to make sure that cybersecurity is included.
    All these efforts are designed to ensure that we have made 
sure that we are providing the safest and securest election 
procedures in our State. We have broken every record in the 
history of the State for voter participation in the last four 
major elections that we have had as well.
    We also have an electronic, election-night-reporting 
system, which has been exceptional and has been a model that 
other States have used. As a matter of fact, when we had our 
special U.S. Senate election on December 12, 2017, we 
accommodated more than 500,000 unique voters and users who were 
monitoring the system at one time. The work that we completed 
in advance of the election with our State and Federal partners 
to ensure that the system was secure and could be able to 
withstand cybersecurity attacks has been notable and has been 
successful. All we are trying to do is to make it easy to vote 
and hard to cheat. There is a number of ways that we have 
continued to do that.
    I think the most important thing for me to close with is by 
sharing that we continue to work with our private and public 
partners, and the effort that Secretary Benson and I have put 
together to ensure that we are trying to do the best we can to 
have a bipartisan effort to help people understand where we are 
today in our elections process and where we hope to be in the 
future. We think the best way to do that is by understanding 
each other, each other's needs, what our common goals are, and 
how we hope to move forward for the future. Thank you so much.
    [The statement of Mr. Merrill follows:]
    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    The Chairperson. Thank you very much.
    And thanks to all the witnesses.
    Now is the time when Members of the Committee may ask 
questions of the witnesses for five minutes apiece.
    I will turn first to our Ranking Member, Mr. Davis, for 
questions that he may have.
    Mr. Davis of Illinois. Well, thank you again to all the 
witnesses for your testimony.
    I want to start with Mr. Hall. Assuming the supply chain is 
secure, do you believe that ballot-marking devices with a 
voter-verified receipt is a reasonably secure method of voting?
    Mr. Hall. Absolutely. One of the things we struggle with 
here is to make a system a hundred percent secure is 
impossible.
    Mr. Davis of Illinois. Okay.
    Mr. Hall. What we try to do is make them as secure as we 
can. Certain ballot-marking devices, they are not all created 
equal. I have my favorite, which is created by a government, 
the county of L.A., Los Angeles County. But I do think that, 
especially if we can make sure that voters understand that it 
is their civic duty to make sure they look at that piece of 
paper that is the ballot of record, that it is a secure and 
reasonable system.
    Mr. Davis of Illinois. Okay. What, in your opinion, would 
the sample size be for a risk-limiting audit in a State like 
Florida with a 10,000-vote margin in a statewide race?
    Mr. Hall. The example I typically use--I don't know the 
details about Florida, but for example, in a State like 
California, a 1-percent-margin race, typically to get around 95 
percent confidence, you need to sample 400 ballots from the 
entire State. So this is why risk-limiting audits are so 
awesome because they give you the best leverage off of counting 
the fewest ballots to know, if you did a recount, it wouldn't 
change.
    Mr. Davis of Illinois. But do you think the risk-limiting 
audits would result in more statewide recounts?
    Mr. Hall. I like to think of these as statistical recounts. 
You get the answer you would get from a recount without having 
to do the recount. I am hoping--I doubt that would be the case, 
if you were going to go to a recount before, that you would 
probably go to a recount under these systems as well.
    Mr. Davis of Illinois. Okay. It wouldn't work in my 2,000-
vote margin of victory, huh?
    Mr. Hall. It depends on a number of factors. It is hard for 
me to say without doing the math----
    Mr. Davis of Illinois. Sample size of, like, two.
    Mr. Hall. Yeah. Probably not.
    Mr. Davis of Illinois. Hopefully I can get my wife and 
kids. So, could State-canvas systems already in place be 
modified for risk-limiting audits?
    Mr. Hall. This depends on a bunch of technical factors. The 
best risk-limiting audits right now are what we call ballot-
comparison risk-limiting audits, where a single ballot is 
compared with the digital record that it corresponds with. 
Those are only feasible right now with what are called central 
count optical scan systems, and so it depends on the specifics 
of the locality----
    Mr. Davis of Illinois. Okay.
    Mr. Hall [continuing]. Whether or not they are--we are 
working on making it work for everything, but it is going to 
take a little while.
    Mr. Davis of Illinois. Well, that gets me to my next 
question. How does the Center for Democracy and Technology 
through its support of Voting Works hope to impact the current 
market for voting systems and election support?
    Mr. Hall. Voting Works is--nonprofits will incubate other 
nonprofits when they don't have their 501(c)(3) status, and 
that is what we are doing at the Center for Democracy and 
Technology. Voting Works aims to be a nonprofit, open-source, 
voting-system vendor, which is very different than all the 
other election manufacturers on the market. We hope that by 
building things that people can take and use and build on, that 
through that work, it will spread good things rather than 
keeping things proprietary and keeping things secret.
    Mr. Davis of Illinois. Okay. Mr. Norden, do you believe 
that an equal protection claim under the Voting Rights Act 
would exist in relation to post-election audits?
    Mr. Norden. I am not sure I understand the question. Are 
you saying that if a jurisdiction didn't conduct post-election 
audits, would there be an equal protection claim?
    Mr. Davis of Illinois. What I am saying is, if they did a 
risk-limiting audit and a jurisdiction made the claim, would 
you believe that if it was compared to another neighboring 
jurisdiction, that the--that the equal protection claim under 
the VRA would exist in relation to the post-election audits?
    Mr. Norden. I guess what I would say, this is the first 
time I have ever confronted that question, so I would have to 
think about it, but it would not immediately occur to me that 
somebody could bring an equal protection claim for how post-
election audits were conducted.
    Mr. Davis of Illinois. Okay. Yeah, I would like you to 
think about it and get back to me----
    Mr. Norden. I am happy to do that.
    Mr. Davis of Illinois [continuing]. If you could.
    Okay. And then to the entire panel and whomever wants to 
answer, what, if anything, do you know about the U.S. 
Department of Defense Advanced Research Project Agency's effort 
to create a federally supported hardware architecture for 
voting? And do you believe the Federal Government should be 
pursuing a more aggressive role in the design and deployment of 
elections technology for State and local adoption, and if so, 
why or why not?
    Mr. Merrill. My answer is no, and the reason is because 
that should be left up to the local States to be able to 
purchase the equipment that they think is important for them to 
use. And, frankly, I feel like the free market is the one that 
ought to determine what the availability of that equipment is 
and what should be purchased and what should not as long as it 
meets the standards.
    Mr. Davis of Illinois. Okay.
    Ms. Benson.
    Ms. Benson. I would actually--I would welcome that type of 
investment at the Federal level. The work that we have done 
already with the Department of Homeland Security has been very 
helpful because of the additional resources and expertise they 
bring to the table. I do think it would need to be a 
partnership with States and local election officials who have 
unique things to share as to what the infrastructure should 
look like, but certainly I could only imagine that it would 
help our efforts to secure our elections if we had that level 
of infrastructure, investment, and support.
    Mr. Merrill. And to be clear, we are still friends.
    Mr. Davis of Illinois. So are we.
    Mr. Merrill. But I am not for universal adoption.
    Mr. Hall. So, quickly, the work that DARPA is doing is to 
create secure hardware and to use voting as a really 
challenging application on top of that. And the cool thing 
about that is it will be usable by anyone later down the line 
who could actually take that and turn it into a product, rather 
than a research demonstration system, so I am very hopeful that 
this will benefit everyone in a way that doesn't force them but 
allows them to see that secure hardware is a really important 
part of securing systems in general.
    Mr. Davis of Illinois. Thank you.
    The Chairperson. Thank you. I will recognize myself for 
five minutes because I want to follow up on this DARPA issue. I 
had understood, perhaps incorrectly, that they were also--DARPA 
was also looking at open-source software. Is that correct, Mr. 
Hall?
    Mr. Hall. As far as I understand it--and I am not involved 
in the project--there is a hardware component. There is the 
software that runs on the chip that they are making, and then 
there is the software around the application of voting itself. 
So there are a bunch of pieces in there. I am pretty sure that 
all those pieces are going to be freely and publicly available 
under generous copyright licensing terms. And I think that is--
--
    The Chairperson. Does anyone else, any of the other 
witnesses--we have reached out to DARPA, and they thought it 
was best not to be a witness at this hearing. But do you know, 
Mr. Norden? No? So I think we need to know more about that 
because it seems to me that we have had a problem in the 
country with proprietary software systems refusing to tell 
anybody what their system is not disclosing, and so the victims 
ultimately are the American voter, but also election officials 
can't know what the problems are even if they should be 
concerned about what had happened, and having open-source 
material available to elections officials is one way to avoid 
that.
    I would like to follow--or perhaps you don't know, Mr. 
Hall, but some of the software experts in my home, Silicon 
Valley, were critical about the DARPA effort, that it wasn't 
sufficiently open source to their liking. Do you know anything 
about that?
    Mr. Hall. I am not familiar with it. I would have to follow 
up.
    The Chairperson. I think we need to pursue it with DARPA 
then.
    Let me ask you this, Mr. Hall, or anyone else, Mr. Norden, 
how should political campaigns, which are fast-paced, nimble, 
in a rush, bolster their cybersecurity, particularly if 
resources are scarce? Usually, oftentimes, it is the last thing 
the candidates are thinking about. What are best practices for 
campaigns?
    Mr. Hall. Many of the best practices for campaigns are very 
similar to the best practices for election officials, or you 
can even think of a campaign as really a rock 'n' roll startup. 
They only last for, like, 18 months, and it has a ton of money 
and has to get rid of it really quickly. The things that can 
really help the campaigns are what I call of systems-level 
protection. So, for example, hardware keys for two-factor 
authentication, where it is not just a password that you have, 
but you actually have to have something on your key chain that 
you stick in and push a button. Those things, and then 
hardening their communications infrastructure. So there have 
been a lot of attacks on email systems of campaigns and things 
like that. These are things that we can deal with. The problem 
is a campaign's security is not the thing that they get awards 
for doing well, right? They get someone elected. And so----
    The Chairperson. Right.
    Mr. Hall [continuing]. A lot of us have been trying to 
change the mentality and say: Look, security is just as much a 
first-class citizen in your enterprise as it is----
    The Chairperson. Well, especially if it has an impact on 
whether you get elected, so----
    Mr. Hall. Absolutely.
    The Chairperson. Mr. Norden, you have written books and 
articles on this subject. Describe, if you can, what hacking 
into election systems, whether it is voter registration 
databases, the voting machines themselves, what could happen on 
election day? What is the worst case--what keeps you awake at 
night on this?
    Mr. Norden. Oh, gosh. Look, you know, in many ways, we 
know--we know some of the bad things that can happen by looking 
at what has happened in other nations, but we also know just 
what has happened not by malicious act but by mistake here in 
the United States. And I often say that anything that can 
happen through error is kind of the opposite side of the coin 
of what can happen maliciously. We have seen, for instance, 
when electronic pollbooks fell, what kind of chaos that can 
cause at the polls, how it can keep people from voting, how it 
can cause lines for hours. And so that is certainly something 
that I worry about, and I am concerned that we don't have 
Federal standards, unlike for voting machines. I think when 
HAVA was written, electronic pollbooks weren't in as wide use 
as they are today. Thirty-four States use them today. And we 
don't have those kind of baseline--you know, the voting machine 
guidelines are voluntary. If we had something like that at the 
Federal level, I think that could be a baseline for States. We 
have information--a lot of these electronic pollbooks use 
wireless components. They have information that is on the 
cloud. So that is something that worries me, of course. And 
same thing with--and that is an example of the kind of thing 
that you would be worried about with registration databases 
also, changing information so that when people show up at the 
polls, they are unable to vote. There is a lot that we should 
be doing, and I think we can be doing, to protect against that, 
making sure that we have contingency plans.
    And then, lastly, of course, the real--the nightmare--the 
big nightmare scenario is that somehow somebody changes votes 
on a voting machine or for election night reporting, and I do 
think that is why having paper backups of every vote, being 
able to go back and, detect it through audits, and then 
recover. And I think that is important even if there isn't an 
attack. They are so--you know, when we talk about foreign 
interference, we are often focused on election infrastructure. 
There is a whole social media disinformation element to this 
that Mr. Davis mentioned. There can be a lot that is done there 
to undermine confidence in the vote, and having paper backups, 
doing audits, I think, is one way to combat that.
    The Chairperson. Thank you very much. Before calling on the 
gentleman from Georgia, I will say, we had very strongly held 
divergent views on various elements of H.R. 1, but I don't 
think there was any disagreement on a partisan basis that we 
want every vote cast by Americans to be counted as cast, and 
that we don't want to become victims of an attack from any 
source. I think there is bipartisan agreement on that.
    The gentleman from Georgia is recognized.
    Mr. Loudermilk. Thank you, Madam Chairperson.
    It is a very important hearing we have here, and I have got 
a couple questions, especially regarding the voting machines. I 
come from a technology background. I have an IT background. 
Also, early in my career, I had a job spying on Russia, in the 
Air Force. I bring a cybersecurity aspect to this as well. 
Long-time advocate for a paper backup. But what I am hearing, 
it seems counterproductive to some things I have advocated for 
in the past because I have seen the advantage of computer-based 
voting is the efficiency, especially when it comes to post-
election. I can remember the first elections I was involved in, 
as a volunteer. You were up till midnight, 1 or 2 o'clock in 
the morning, in Georgia, waiting for results to come in. People 
are sitting at the courthouse waiting for counts to be done. We 
brought electronic voting in. A lot of times you know within a 
half hour to an hour by the time the polls close.
    But then we have the problem of, I would get calls from 
Republicans that the machines were changing my vote as I voted 
to all Democrats, and you get the same thing from the other 
side.
    What I heard from a lot of you is to not use a paper backup 
but use a predominantly paper ballot system with a computerized 
backup, which seems to be backwards to me from what would be 
the most efficient use, which would be, utilize computerized 
voting because of the efficiency. We already have a lot of long 
lines and the initial counting, but have the machine produce a 
paper verification that the voter then verifies that piece of 
paper is what they cast on the machine, that is then filed and 
used as a backup. I would like to hear, Mr. Hall, what are your 
thoughts on that? Because to me that actually reduces the human 
error, multiple marks made on a page for the same candidate, 
hanging chads, all that, is that the voter is then verifying 
that the computer did take what they said--the way they voted, 
and then that would be used for your recount.
    Mr. Hall. Yes, and so what I would say is, we have come a 
long way since around 2000 in that the machines we use now and 
that we are advocating for are what we call software 
independent. And what I mean by that is that no change in the 
vote total is--I am misstating the definition, but essentially 
think of it as, if something were to mess with the vote totals, 
you would still have an independent way of coming at the actual 
result. And so now these ballot-marking devices, they don't 
keep any state, to use a nerd word. Now, they don't keep the 
totals themselves. They use a different machine, like an 
optical scan machine, to suck the ballot in and actually do the 
counting. And so you have the benefit of using technology----
    Mr. Loudermilk. Right.
    Mr. Hall [continuing]. For doing all of the navigation. You 
have a computer counting the thing, and you still have a paper 
ballot backup for the auditing.
    Mr. Loudermilk. So you have an IT-based device that 
actually casts the paper ballot, and a different device that 
actually counts it, and you have a backup.
    Mr. Hall. It depends on the model, but yes, that is 
basically correct.
    Mr. Loudermilk. Okay. Ms. Schneider.
    Ms. Schneider. So, the way you described the paper ballot 
working is actually the way that it does work with an optical 
scanner. You are still getting the efficiency of the computer 
when it comes to ballots, and you can still have that speed, 
although we should consider whether speed is the value we want 
on election night, but you still have that speed by having the 
computer scanners, even if you mark a ballot by a pen or 
pencil.
    And I do want to point out that with ballot marking 
devices, it is critically important, especially if they are 
used for all voters, there are two critical important things: 
One, there has to be enough. You have to know how many voters 
can vote on a single device during the course of one election 
day; and two, there has to be a process, a deliberate process, 
especially for those who are not using the assistive features 
to deliberately verify that their choices are correctly 
reflected, because there could be mistakes, or there could be 
malware that could impact that ballot, and so you have to--that 
is a process. That is a process issue on top of a security 
issue.
    Mr. Loudermilk. So let me make sure. You are talking about 
actually using a physical ballot that I mark.
    Ms. Schneider. Right.
    Mr. Loudermilk. Like the standardized tests that we used to 
do in school.
    Ms. Schneider. That is correct.
    Mr. Loudermilk. Does that not open up for human error that 
takes us back to the hanging chad days of the 2000 Presidential 
election?
    Ms. Schneider. We use paper ballots in my home county. I 
will tell you a story. In the State House race in my county, 
the margin of victory was about two dozen votes. It happened 
twice, in 2006, and, again, in 2016. And about 23,000 ballots 
were counted in that race. There was a full hand recount of 
those races, and the ambiguous ballots that you would talk 
about where you might dispute the voters' intent were not 
enough to change the outcome.
    Mr. Loudermilk. But if we could, Mr. Hall, you seem to be 
agreeing with me in that aspect as it does open up the chance 
for human error but doing it the way we were discussing would 
pretty much alleviate that. Is that true?
    Mr. Hall. Yes. And I think this is where we differ a little 
bit on the panel in the sense that at CDT, we believe that 
using the computer interface to improve navigation to reduce 
errors is a really important part. You do need to have enough 
of them. You have to pay for them. They are really expensive. 
And, so, those kinds of balancing features come into the 
ultimate decision of whether or not you should purchase those 
kinds of machines, but we believe that you should use 
technology when it does things really well and then ground it, 
you know, have it in something like paper when there is an 
important security element that you can't otherwise do. It is 
like an ``air gap.''
    Mr. Norden. I would just quickly like to add one thing. The 
Brennan Center doesn't take a position on ballot marking 
devices versus optical scan and filling out these ballots, but 
I do want to make one point. Most people at this point in the 
United States are voting on these paper ballots now, and the 
scanner, as a computer, can be very helpful in preventing the 
kind of problems that you are talking about. In fact, the new 
technology makes it much less likely that somebody makes a 
mistake that they can't catch. The scanner now will notify a 
voter if it can't read their vote, will notify a voter if they 
voted in too many contests.
    So, the kind of hanging chad problem that you are talking 
about because of that technology is much, much, much less 
frequent. We have statistics on this, much, much less frequent 
than we saw with punch card ballots.
    Mr. Loudermilk. I see my time expired, but maybe if we have 
a second round, Madam Chairperson, I will follow up.
    The Chairperson. Sure. The gentlelady from California, Mrs. 
Davis, is recognized. And as I have to attend a meeting I 
cannot get out of, so I am going to ask her to take the chair.
    Mrs. Davis of California [presiding]. Thank you. I was 
going to thank Madam Chair, but I want to thank all of you for 
being with us today. I appreciate it very much.
    I want to ask you, please, Mr. Hall, if you could walk us 
through the process, or maybe it is even the lack of a process, 
on how the NSA lets State election officials know about 
emerging threats, or vulnerabilities that they have discovered 
in State election infrastructure?
    And I will go on for just a second and be a little bit more 
specific. Is there a formal system already in place for when 
the NSA or the broader intel community is supposed to 
communicate with State election officials? From what I 
understand, there is something that has been created called the 
Vulnerabilities Equities Policies and Process, but it doesn't 
appear that it has the kind of proactive warning that private 
industry or State election officials can do anything with, or 
at least it doesn't seem to notify them in real time so they 
can respond.
    Mr. Merrill. Madam Chairperson, obviously you didn't ask 
that question, but not to overstep, I think it is important----
    Mrs. Davis of California. Sir, let me ask Mr. Hall first, 
okay?
    Mr. Merrill. Yes, ma'am. Just to let you know, we didn't 
receive any notification from anybody at any time.
    Mrs. Davis of California. Okay. No. That is part of how we 
deal with this, yeah.
    Mr. Merrill. Yes, ma'am.
    Mr. Hall. Okay. So there were two things in your question. 
The first is how State and local election officials are 
notified of potential attacks on their systems. This is a 
pretty well-orchestrated thing. I don't know the full details, 
but I can give you a high level overview, and if you ask me in 
Q&A format, I can follow up in more detail.
    Essentially, the NSA does, and the CIA do things, and not 
in the United States, to figure out who may be attacking our 
systems. The FBI does a little bit of that, too, domestically. 
If something were to happen where someone foreign was targeting 
our systems with cyber-attacks, presumably, the FBI would be 
notified, and either DHS or FBI, probably FBI, would notify the 
State and local election officials.
    In some cases, that went to governors or CIOs who may not 
be in the path. They may not have been directly plugged into 
that disclosure path. I think that is changing now with 
clearances for the State officials, because often, if you don't 
have a clearance, you can't accept this kind of stuff. So it is 
cleaning up a little bit.
    I still think that I am seeing, for example, there is a 
problem--if you are a victim, when DHS notifies you, they are 
not going to announce to the world what happened to you. It is 
up to you as the victim to disclose that, or it is going to 
come out in the press at some point. That thing--I think there 
needs to be something, like a couple of years or a year after 
something--someone gets notified such that that stuff becomes 
public.
    The Vulnerabilities Equities Process is something I can 
describe. It is a little different in that it is more about 
flaws that our defenders find, or offensive people find in 
commercial products that they can then decide when to disclose 
to the commercial entity to fix them. And I haven't seen that 
touch the voting systems sphere yet. It would be interesting if 
it did. I would love to know about that.
    Mrs. Davis of California. Yes. Thank you. Really, I respect 
your response there. What we are trying to figure out is, is 
there a way to have clearances and then the issue is, what do 
you do? If you think about it, say you get that information a 
few days before an election, and it is very serious.
    Mr. Hall. That is very tough.
    Mrs. Davis of California. What do you do?
    Mr. Hall. It depends on the nature of the information. For 
example, if you are told that someone installed malware on one 
of your machines, and it hopes to spread to your other machine, 
because they know exactly what the machine is, hopefully, you 
can quarantine that machine. But often, it is more likely there 
has been someone in your network for six months. We have no 
idea of what kind of access they had. You need to look at 
everything. That can be a real, real challenge for local 
elections.
    Mrs. Davis of California. So part of it, perhaps, may be--
and if you all want to respond, just the vulnerabilities that 
you may learn about, but that may not necessarily translate 
into something that you can act on, in real time. So that is 
something that--I think we all need to be thinking about that 
and how we can be helpful to you as election officials.
    I wonder, Secretary Benson, if you were to suspect a 
foreign intelligence hack, who would you turn to? Where would 
you go from there?
    Ms. Benson. We have contacts, you know, with DHS and 
multiple different agencies, so we would contact, you know, 
whether--regardless of the potential threat, and we are in, and 
I am in, frequent contact with those officials. In fact, we 
have a DHS liaison at Masterson who serves on my election 
security task force, so we are in frequent communication. That 
is something I established early on in my tenure to ensure that 
we are, in real time, learning of threats, and then, you know 
through security clearance.
    Mrs. Davis of California. Any ideas that you all have 
discussed that you think, perhaps, we need to know about in 
terms of how you can have a better relationship in this way?
    Ms. Benson. I think it is a proactive one on the part of 
the Federal Government, as well as the Secretaries of State, 
that perhaps standards and expectations from Congress can 
establish. But it is something that an individual leader will 
take seriously, but I think encouraging us to develop that 
relationship and then ongoing communication and a statewide 
response system is important.
    Mrs. Davis of California. Okay. Thank you very much. I am 
sorry.
    Mr. Butterfield. It looks like it is your turn.
    Mr. Butterfield. Thank you very much. I know the 
Chairperson is not in the room, but I want to begin by thanking 
her for holding today's hearing. This topic is extremely 
important. It appears to be a bipartisan issue that we are 
talking about, and one that is very dear to my heart.
    The Mueller report that we have heard so much about has a 
revelation that I want to make a reference. The Mueller report 
stated, quote, ``In August of 2016, the GRU officers,'' and, of 
course, we all know that is the Russian foreign intelligence 
agency, ``targeted employees of,'' and then there is a 
redaction, ``a voting technology company that develops software 
used by numerous U.S. counties to manage voter rolls and 
installed malware on the company network.''
    Further, the report goes on to describe a separate spear-
phishing operation conducted by GRU operatives that enabled 
access to the network of at least one Florida county 
government. And now, I am just finding out that in my 
Congressional district in North Carolina, a poll book product 
provided by an election vendor catastrophically failed on 
Election Day in 2016. Now, that failure occurred in six 
precincts in Durham, North Carolina on Election Day. And one of 
those precincts was forced to close one hour and a half at 
lunchtime during one of the busiest times for voters.
    There has been reporting that the voting technology company 
identified in the report, that is the Mueller report, who 
suffered a cyber intrusion in August of 2016, is the same 
vendor whose poll books catastrophically failed on Election Day 
in my district. The intrusions described in the Mueller report 
demonstrate just how important today's hearing is, and how 
robust action is urgently needed from this Congress to ensure 
the security and integrity of our election system.
    We know Russia interfered in our elections in 2016 and will 
likely try it again next year. And so, the question is then 
presented: What is this Congress going to do about it? Let me 
start with you, Mr. Norden. Was the attack in 2016, in your 
opinion, a well-planned Russian attack, or was it basically 
spontaneous?
    Mr. Norden. Thank you for the question, Mr. Butterfield. 
That is something I have thought a lot about. If you look at 
the reports of what the Russians did, actually, the attacks on 
election infrastructure almost look like an afterthought. They 
happened months after the hacking of political campaigns, at 
least reported what we know, months after the hacks on 
political campaigns, and years after the first disinformation 
campaign that we saw from the Russians.
    I do have concerns that--this is one of the reasons why I 
am concerned that the threat we face in 2020 is greater. The 
Russians will now have had four years to gain whatever they 
learned and given what we know that they have done in other 
countries, I would be concerned that there is potentially a 
much more aggressive action.
    Mr. Butterfield. Let me talk about election vendors for a 
moment, if I can. Can you quantify for me the number of 
election vendors throughout the country? Is it a small number?
    Mr. Norden. Well, that is a very difficult question to 
answer, because election vendors are central to so many aspects 
of the elections we run. We often think about just voting 
machines, and there are three main voting machine vendors and a 
couple of other smaller ones, but then there are vendors that 
produce electronic poll books. There are vendors that, for some 
local election offices, create their websites.
    Mr. Butterfield. Is there a registry anywhere of election 
vendors?
    Mr. Norden. Not that I am aware of.
    Mr. Butterfield. What regulatory oversight does the Federal 
Government have over an election vendor? Do we have any 
oversight?
    Mr. Norden. So, I mean, at the moment there--one thing that 
I talk about is there are more Federal regulations of ballpoint 
pens than there are of our election infrastructure. There 
hasn't been, as far as I am concerned, as much oversight as 
there should be of election vendors. We don't necessarily know 
who owns the election vendors. We don't know who works for 
them.
    Mr. Butterfield. Are you a proponent for more oversight?
    Mr. Norden. Absolutely. Absolutely. I think we need more 
information about who the vendors are, who works for them, what 
kind of security processes they have in place. And I certainly 
think a basic thing that we deserve is if election vendors are 
aware of a cyber attack on them, that they should be required 
to report that to the Federal authorities, to anybody that is 
using their products, and that currently doesn't exist right 
now. There is no requirement for that.
    Mr. Butterfield. That was going to be my next question.
    Yes. Ms. Schneider.
    Ms. Schneider. Thank you. I wanted to answer your other 
question regarding the number of vendors. The reason it is so 
difficult to determine that number is because there are 8,000 
jurisdictions who administer elections, and for many of those 
jurisdictions who are very small, they outsource or contract 
with vendors to perform many steps in the election 
administration, and so, the real oversight need is for these 
third-party vendors. They may not be voting system 
manufacturers, but they may provide services and exactly the 
kind of vendors that you are talking about from the Mueller 
report where there is no oversight or regulation of those 
vendors, and no standard that they have to adhere to in terms 
of cybersecurity.
    Mrs. Davis of California. Thank you. Thank you for your 
response.
    Ms. Fudge.
    Ms. Fudge. Thank you very much and thank you all for being 
here. As you may know, we have been traveling the country a bit 
just getting data and information about voting irregularities, 
voter suppression, et cetera. I want to start with the two 
elected officials that are sitting here.
    We have heard so much as we have traveled the country. I am 
from Ohio, by the way, a State that thought that our machines 
were so awful, we got rid of them, but South Carolina bought 
them. This is true. South Carolina bought all the machines we 
got rid of because they were not effective. To go back to your 
point, there is no regulation.
    I am trying to determine from the two of you what do I tell 
people who have no confidence in our system? What do I tell 
people who believe that there is no integrity, that don't 
believe that their votes count? I have people who are afraid 
now to vote absentee, but then they come to the polls and see 
long lines, and they are afraid to do that, too. They look at 
these electronic books and they can't find their name, and when 
they do, their signatures just may have dotted their ``I'' 
differently, and they tell them they can't vote. What do I tell 
people who have no confidence in the system? What the state is 
of voting--what is the state of affairs of voting in the United 
States today?
    Ms. Benson. I think you tell them, one, that we have much--
one, I completely agree that focusing on ensuring voters have 
confidence in the security and accessibility of our elections 
is a critical component to making our democracy work. And I 
think why it is so important that we have a partnership at the 
State level with Federal Government, and why the Federal 
Government can set important standards and play an important 
leadership role, just as it has historically with the Voting 
Rights Act. It is setting the standards and expectations that 
States must meet in order to protect everyone's right to vote.
    In addition to that, I think factually, and what you have 
heard today, is that we are further ahead than we were five 
years ago, two years ago, ten years ago in securing our 
elections, but as we have moved forward, threats have emerged 
as well and evolved. And so what we need more of that we 
haven't had before is a stronger Federal and State partnership, 
and even Federal-State-local paper partnership where we are 
collaborating on a bipartisan basis to ensure that we are 
leaving no stone unturned in promoting the accessibility of the 
vote and the security of the vote. Those ongoing 
communications, that ongoing partnership, is important, and 
that is part of what we have tried to do at the State level 
among our Secretaries.
    Mr. Merrill. Yes, ma'am. I think it is real important to 
note some of the things we have already introduced. First of 
all, in our State, we made a concerted effort to ensure that 
people know that their vote needs to be cast for the candidate 
of their choice, but in order to do that, you have to be a 
registered voter, so we made it a campaign effort to ensure 
that all eligible people in our State are registered to vote. 
96 percent of all eligible African Americans in the State of 
Alabama are registered to vote, 91 percent of all eligible 
Caucasian Alabamians are registered to vote, and 94 percent of 
all eligible Alabamians are registered to vote.
    Ms. Fudge. But that doesn't tell them that their vote 
counts.
    Mr. Merrill. No. But, when they go to all 2,499 locations 
in our State and they see a line, one of the ways we try to 
reduce that is by introducing electronic poll books.
    Now, Madam Chairperson, I really want to revisit that 
question about standardization.
    Ms. Fudge. Okay, but this is my time. I am trying to get 
answers to my questions.
    Mr. Merrill. I just want to make sure she knows.
    Ms. Fudge. Okay. Just hold one second for me.
    Mr. Merrill. Yes, ma'am.
    Ms. Fudge. Ms. Schneider, you talked about the cost of 
trying to assist States. What do you think it would cost to 
have a fair election in every State in the country because they 
have machines that are not going to be easily hacked, that they 
have a paper trail? What does that cost?
    Ms. Schneider. Well, I think that there have been published 
estimates of the cost, but in the Secure Election Act from last 
session, and in the security part of the H.R. 1, the $1.2 
billion that is allocated for this purpose is a good start. We 
know--I can speak specifically for Pennsylvania where 83 
percent of the counties in Pennsylvania had unverifiable and 
vulnerable systems, and the estimate for just Pennsylvania was 
close to $100 million to replace just those systems. So, I 
think that the first thing is an influx of investment right 
now, and then sustainable funding going forward.
    Ms. Fudge. All I can say is that I am more concerned now 
than when you came in about how easily our systems are 
compromised, and the fact that States don't have the resources 
to ensure to every one of their citizens that their vote is 
going to count. Thank you so much, all of you.
    Mrs. Davis of California. Thank you.
    Mr. Raskin.
    Mr. Raskin. Thank you, Madam Chairperson. Thanks to the 
witnesses. It seems as if the cyber age has made political 
democracy more vulnerable, and our elections more susceptible 
to attack and manipulation. We know from the Mueller report 
that there was a sweeping and systematic campaign by Russian 
operatives to destabilize and change the course of the American 
election.
    One part of it was pumping ideological poison into the 
American body politic through Facebook and Twitter and other 
social media. Another part was the cyber espionage of the DNC, 
the DCCC, and the Clinton campaign in order to release emails 
into the election. And the third part of it was the direct 
efforts to hack into State election systems.
    We also know from the intelligence community today that the 
same bad actors have not gone away and are planning a return 
engagement with the American people in 2020. And there might be 
other bad actors now who have decided to enter the sport, given 
the spotty defenses and response of the American Government. 
The good news, I think, is that there is a good deal of expert 
consensus as to what needs to be done to better secure our 
elections, and I just want to see if all of you all agree with 
these points.
    The first is that we should get rid of paperless voting 
machines and move to voting systems with voter marked paper 
ballots. Is that something that there is consensus on? Okay. It 
looks--let the record show I think everybody is nodding their 
heads.
    Secondly, we need to update and replace out-of-date 
computer software in States that are still using antiquated and 
obsolescent systems. Everybody agrees with that, yes?
    Ms. Benson. Yes, but we need to do so in way that carries a 
sustainable funding source because updating it now means it 
will be out of date in five years.
    Mr. Raskin. Good. That is a strong point. We have got to be 
thinking long term, not short term, in terms of all of these 
remedies.
    We need to adopt post-election audits in order to determine 
whether there are strange things going on. Does everybody agree 
with that? Yes. And then the Federal Government ought to 
provide greater cybersecurity resources to help thousands of 
different electoral jurisdictions across the country fortify 
their cyber defenses and defend the integrity of our elections. 
Does that sound right to everybody?
    Okay. So how would we characterize where the States are in 
terms of developing their responses in order to be ready and 
secure for the 2020 elections? Is there somebody who would be 
willing to state where they think that the State elections are, 
the systems are? Ms. Benson.
    Ms. Benson. I will start.
    Mr. Raskin. Please.
    Ms. Benson. I think that a partnership, a strong 
partnership with State and local officials and the Federal 
Government is key, and frankly, the Federal Government has both 
the leadership, a standard establishing role, and an 
educational role to play for many State and local officials who 
come to the jobs, perhaps new to the area, and could benefit 
significantly from ongoing educational awareness and training 
to the point where if there is a problem identified, you are 
not simply telling us the problem, you are providing us with 
the tools, resources, and education to fix it.
    Mr. Raskin. And in some sense, America's problems are 
unique here, because we have such a decentralized system of 
electoral administration. In most countries, certainly our 
neighbors, Mexico and Canada and the European countries, there 
are national electoral commissions. I think in Mexico, there is 
even like a national electoral supreme court. But there are 
national electoral commissions whose sole job, as professional 
nonpartisan entities, is to administer elections fairly. And we 
don't have anything like that, right? We have got the Federal 
Election Commission whose sole jurisdiction is campaign finance 
and is almost completely dysfunctional even with respect to 
that. We don't have a national electoral administration, so we 
depend on the States and the counties and the cities to do it, 
right?
    Mr. Merrill. Congressman, if we did not allow that to 
happen the way that it is, according to the 10th Amendment, so 
those decisions are best made at the local level, at the State 
level. It would be a lot easier to infiltrate the system and to 
prepare it to be compromised.
    Mr. Raskin. You think it is easier to defend 8,000 
different systems than one system?
    Mr. Merrill. I think it is easier to defend an individual 
State system than it is if you just knew that on one particular 
day, using one set of equipment that is used in the entire 
Nation----
    Mr. Raskin. But can you imagine if America's military 
defense was provided by the 51 different jurisdictions.
    Mr. Merrill. Yes, sir, but we are not talking about the 
defense.
    Mr. Raskin. It is an analogy, yes.
    Mr. Merrill. Well, but it is not an accurate one, in my 
estimation, based on what we are trying to do. That is why I 
think we need to make sure that equipment is approved, 
equipment is evaluated, and equipment is documented and 
recorded as to its effectiveness in election administration.
    Mr. Raskin. Okay. I yield back. Thank you.
    Mrs. Davis of California. Thank you both. We are going to 
do another round here quickly, so I want to turn to the Ranking 
Member, Mr. Davis.
    Mr. Davis of Illinois. I know everybody is excited for the 
second round, right?
    Mr. Merrill, you were making a point earlier and were not 
able to finish that point. I would like to give you some time 
to do that if you want.
    Mr. Merrill. Well, there are a couple of things, 
Congressman. One of the things I think it is important to note, 
the gentlelady from Ohio, who has since had to be excused, I 
think it is important to note that according to all reports 
that we received from Homeland Security, from 
counterintelligence, from the Central Intelligence Agency, from 
the FBI, there was never an incident or occurrence in any of 
the 50 States in the Union where tabulation changes occurred 
during the 2016 election. I think that is very important to 
note.
    It is very important to recognize that fact, that the 
Russians did, indeed, infiltrate our systems, but primarily 
through social media, and through influencing people in their 
decision making. When it comes to the administration of the 
elections, no votes were changed. No equipment was touched. 
There have been no changes occur to the votes that were cast 
for those candidates.
    The other thing that I wanted to talk about, Congressman, 
in relation to election equipment. What we could really benefit 
from in Alabama, in Michigan, in all other States in the Union 
is to have a centralized effort to evaluate the effectiveness 
of election equipment, whether it be for voter registration 
purposes, whether it be for voter administration purposes, 
electronic poll books.
    And as a member of the Election Assistance Commission 
Standards Board, one of the things I have advocated for is that 
we need to have the EAC be a central repository where they 
could evaluate the effectiveness of equipment. And if they 
noted failures, or failures were recorded, they could come back 
and say in a report, much like Consumer Reports used to do for 
all of us that are old enough to remember it where they don't 
recognize, or recommend, that a specific vendor be selected, 
but they say this is what we know about the successes. This is 
what we know about the failures. And in doing so, it puts us in 
a better position when we are trying to determine if this is a 
specific group we need to do business with, or a product that 
we need to purchase.
    Mr. Davis of Illinois. All right. Well, I agree with your 
earlier statement. Facts matter, statistics matter and help us 
determine how we effectively spend taxpayer dollars to ensure 
that we have the fairest, safest, most secure election systems.
    Secretary Merrill, you worked with DHS going up into the 
2018 elections, right?
    Mr. Merrill. Yes, sir, and still do today.
    Mr. Davis of Illinois. What were your thoughts initially 
about DHS coming in and helping?
    Mr. Merrill. I was a little bit irritated. Part of it was 
because when we were told by Secretary Johnson before the 
elections in 2016 that the Department of Homeland Security was 
going to take over the elections process, that is a real 
concern, because that is not an area that those individuals 
have been trained to take over and to help us be able to 
effectively administer the elections. What we need is support, 
and we need assistance, and when possible, funding to assist us 
in that area.
    But for the Federal Government to come over and to 
overreach and to take over the administration of the elections 
at all levels, first, I don't think it is appropriate. 
Secondly, I don't think it is constitutional.
    Mr. Davis of Illinois. So that was your worry in 2016?
    Mr. Merrill. Yes, sir.
    Mr. Davis. But right now, what are your thoughts about 
2018?
    Mr. Merrill. Yes, sir. It has continued to improve, because 
one of the things that we have seen is, they have wanted to 
work with us, and we made our position known to Secretary 
Johnson and through the Obama administration, and then to 
President Trump and through Secretary Nielsen. We have found 
them to be very receptive to our request. I have had, in the 
last 15 months, two private meetings with Secretary Nielsen and 
with other team members. We have visited with her and other 
people in Homeland Security to talk about the issues that have 
been so important and so relevant to us. They have been very 
receptive, very responsive. They have offered assistance. They 
have offered assistance at the State and local level in 
Alabama. I know they have done that in other States as well.
    Mr. Davis of Illinois. They haven't come in and required 
you to do things?
    Mr. Merrill. No, sir. They said that we are available. If 
you would like to enter into an agreement with us, we would be 
supportive, but not what we would consider overreach where they 
come in to take over the system.
    Mr. Davis of Illinois. How many of your colleagues that are 
secretaries of state, or in my State of Illinois, it would be 
the State Board of Elections. How many do you think would be 
receptive to mandatory Federal assistance?
    Mr. Merrill. Not very many. I think there is some that 
would be interested in having a stronger partnership than we 
have if they could get certain benefits from it. But we think, 
and when I say ``we,'' I am talking about the colleagues that I 
am the closest to. Much like Thomas Jefferson suggested that 
that government which governs best governs least. That is the 
sum of good government.
    Mr. Davis of Illinois. Well, Mr. Secretary, thanks for your 
response. I have no idea why my red light speeds up faster than 
everyone else's, but it always happens that way, so I yield 
back.
    Mrs. Davis of California. Thank you. I will recognize 
myself for five minutes and just follow up with this discussion 
a little bit, because, you know, it is possible to think about 
a time when a jurisdiction, when the State doesn't have proper 
cybersecurity systems, and in that case, what are we looking 
at? Should there be a role for the Federal Government to make 
sure that their system is not as vulnerable to hacking as 
perhaps a neighboring State?
    Mr. Merrill. Yes, ma'am. And one of the things that I would 
suggest that, much like the appropriation that we just received 
from the EAC, if there were certain expectations about the way 
that a block grant of resources could be received by the State 
and be utilized by that State in certain areas to make sure 
that certain purchases were being made, or certain systems were 
being implemented to prevent vulnerabilities or to keep certain 
vulnerabilities from being exposed, that would be very helpful 
to us.
    But for certain things to be introduced, as it was in H.R. 
1, to say that you must have these things in place, you must do 
these and have an unfunded mandate, that is not good for any 
State, no matter whether you have a great deal of resources in 
your statement or you are limited with your resources.
    Mrs. Davis of California. So it sounds like you are talking 
about some enforcement capability in some areas, but not in 
others.
    Anybody else want to comment on that quickly?
    Ms. Benson. Yes. I would like to offer the alternative 
perspective. With all due respect to my good friend, Secretary 
Merrill, I am coming at this as a long-time academic and voting 
rights scholar. I feel very strongly that there is a leadership 
role for the Federal Government to play. It is in partnership 
and in collaboration with the State and local governments, as I 
have said repeatedly today, but the Federal Government cannot, 
and should not, abdicate its role as it has historically to set 
the standards and expectations that all States must meet.
    I think it is the basic Constitutional imperative of equal 
protection, and it takes into consideration that while every 
State does have unique challenges, there are some standards of 
expectations that, especially if we are receiving Federal 
funding, I think many of us, myself included, would be 
comfortable working with the Federal Government in seeking to 
meet. It is a dance to determine how deep and specific those 
standards should be, and I acknowledge that, but I don't think 
that is a reason to not have basic data-driven, fact-based 
solutions, and bars that States should strive to meet if they 
are receiving Federal assistance.
    Mr. Davis. Thank you. Yes, please.
    Ms. Schneider. I just wanted to share with you my 
experience in 2016 with the Department of Homeland Security. At 
that time, they offered their services free of charge to State 
and local jurisdictions who wished to receive them, and we were 
able to engage with the Department of Homeland Security to run 
a penetration test and assessment of our networks before the 
2016 election, which we were very grateful for, and we think 
that that is the kind of partnership that should occur, and I 
think that they need adequate resources to offer those services 
to every jurisdiction who would like them.
    And to your earlier question before about whether you get 
notification, there is the multi-State information sharing 
association from the Center for Internet Security, that it does 
go to the State CIOs, but we did receive that in Pennsylvania, 
and if it was unclassified, it was filtered down, and also, 
through the Pennsylvania Emergency Management Association.
    Mrs. Davis of California. Okay. Thank you very much. And 
that was in real time, you are suggesting. Was it a week from 
the occurrence, or right away?
    Ms. Schneider. No. If they were unclassified, they were 
right as they occurred.
    Mrs. Davis of California. Okay. Great. Thank you.
    I wonder if you could, just for a moment, think about 
whether you believe that there is anything that voters should 
be doing to make our systems more secure? Is there an 
educational piece that we have not addressed in this country?
    Ms. Schneider. There is one thing that voters could do 
right before or at any point in the election cycle, is to check 
their registration, and make sure that their information is 
correct, their address is correct, their polling place is 
correct, because if there has been an attack or tampering in 
the registration system, you can detect it and correct it in 
advance.
    Mr. Hall. And I would say check your ballot to make sure 
that the thing you cast reflects your intent and volunteer to 
be a poll worker. This is a vast volunteer force, and it is the 
pinnacle, I think, of civic duty, you know, spending 16 hours 
counting your fellow citizens' votes.
    Mrs. Davis of California. Thank you. And that is 
particularly in areas where there is a very diverse community, 
we need to have people come forward who understand language and 
culture and a whole host of other things. Thank you very much. 
I appreciate all of you for being here, and I am going to turn 
to Mr.----
    Mr. Merrill. Madam Chairperson, if I may add to that in 
response to your question. One of the things we have done is 
try to encourage non-voters to become poll workers. We are 
passing legislation now in Alabama, it has already passed both 
chambers, to allow 16- and 17-year-olds to be able to work the 
polls which can increase civic responsibility.
    Mrs. Davis of California. Thank you. Appreciate that as 
well.
    Mr. Loudermilk, do you have an extra question?
    Mr. Loudermilk. Thank you, Madam Chairperson. I want to 
shift away from voting, because I would really love to continue 
that conversation, and I think Mr. Hall and I could have a good 
conversation on that. I think we see eye to eye on this.
    I want to move over to the cybersecurity aspect of it now, 
and from my background in cybersecurity, any breach at some, or 
at least the majority of breaches at some level, have human 
error involved in it. There is usually some aspect, and a lot 
of times, it is a failure to act. It is with a patch or it is 
with something--at Equifax, it was failure to actually have a 
patch. And Mr. Hall is right. You cannot create a 100 percent 
secure system.
    When I was working in intelligence in the Air Force, we 
commissioned a vendor to create a completely secure system. 
They came pretty close. It was very secure, but it was so slow, 
nobody could use it. So it is always--it is a balance there.
    I do want to say something, and Mr. Merrill brought up a 
good point. It is from my experience of working in IT, it is 
always more secure to have multiple vendor systems over a 
single vendor system which if that is compromised, then 
everybody has--the bad guy has 100 percent access to 
everything. But you have to have a set of standards that the 
vendors operate by, and I think that is a role that we can play 
as a recommended set of standards still leaving the 10th 
Amendment, the States authority to conduct and operate their 
elections. But if you are going to use certain types of 
systems, they should meet these standards. I think that is 
clear.
    But back to the cybersecurity aspect. Is anyone on the 
panel familiar with OODA loop? OODA. O-O-D-A. A little bit 
surprised because that is used in cybersecurity. It is a cycle 
of decision making that you use to defeat an adversary in a 
fast-paced, multi-faceted environment. It is OODA. It means----
    Mr. Hall. Observe something, detect, act?
    Mr. Loudermilk. It is observe, orient, detect or decide and 
act. It basically means you are always observant. You are 
watching to see what is going on which is happening in our 
cybersecurity realm right now. You orient yourself to what the 
threat is or multiple threats coming in. You make a decision of 
what you are going to do to counter that decision, and you act. 
And these loops are going continually, and it is used today. 
The NSA uses it. The CIA uses it. It was developed by an actual 
Air Force Colonel, so you know, give a few kudos to the Air 
Force there.
    Most cyber risk and breaches come from the last aspect of 
that, a failure to act. It is you orient, you observe, you 
decide, and in the case of Equifax, they didn't act to put a 
patch in. When we go to the 2016 election, and I will open this 
up to anybody, because I am still trying to figure out why we 
did what we did. I don't know if you are familiar with Michael 
Daniel. Michael Daniel was the cybersecurity czar in the 
previous administration.
    When the administration was given evidence that the 
Russians were actively trying to attack our cybersecurity, or 
our election systems, when it came to the acting, he was given 
the order by the National Security Advisor, Susan Rice, to 
stand down and not do anything. This was testified before the 
Senate in 2018 by Michael Daniel, that he received the order to 
not act to counter the Russians' attempts to interfere with our 
election system. Can anybody answer why, and maybe that would 
have a failure to act on the part of the Obama administration?
    Mr. Hall. The only thing I can think of is concern with 
ongoing operations that might have revealed something, but, you 
know, given that democracy hangs in the balance, I am not sure. 
I don't know enough about the specifics to say one way or the 
other.
    Mr. Loudermilk. I think we could have evolved a lot of 
stuff, resolved a lot of stuff, had there been the act which is 
a standard process in cybersecurity.
    And one last question for you, Mr. Merrill. War Eagle or 
Roll Tide?
    Mr. Merrill. My friend, look. There is only two words that 
you can say. Roll Tide.
    Mr. Loudermilk. All right. Thank you. I yield back.
    Mrs. Davis of California. Thank you.
    Mr. Raskin.
    Mr. Raskin. Thank you, Madam Chairperson.
    Ms. Benson, I just want to follow up with you about a point 
you were making before. First, there are a number of provisions 
in our Constitution which confer power on Congress and the 
Federal Government to regulate elections, right?
    Ms. Benson. Yes.
    Mr. Raskin. For example, the Congress has to guarantee to 
the people of the States a Republican form of government. Also, 
there is a specific provision which allows Congress to 
legislate in the electoral field, right? And under the 
supremacy clause, it clearly is supreme to the States. And as 
well, there are the enforcement provisions of a number of 
amendments in the Bill of Rights, and that is how we have made 
great progress in our country. Certainly, we would not be where 
we are in terms of voting with all the problems that we have 
without the Voting Rights Act of 1965, and that was passed 
under Section 5 of the 14th Amendment, right?
    Ms. Benson. Yes.
    Mr. Raskin. Is there any serious debate about the 
Congressional role in trying to make sure that everybody's 
voting rights are vindicated, and everybody's votes are 
counted?
    Ms. Benson. I think in Section 2 of the 14th Amendment, I 
think whether it is the Help America Vote Act, the National 
Voter Registration Act, the Voting Rights Act of 1965, the 
myriad of other Federal laws that have been enacted since the 
inception of our democracy, our democracy is better because of 
the congressional role in enforcing a basic standard of 
expectations of protections for all of our citizens.
    Mr. Raskin. And to just tease that out for a moment, 
haven't the greatest threats to people's voting rights started 
at the local and State level? Obviously, we have got this new 
threat of global interference with people's voting rights, but 
traditionally in our country, haven't the greatest threats 
arisen locally?
    Ms. Benson. History does show us that some of greatest 
threats have emerged locally, and some of the greatest 
successes and protections for voting rights have also emerged 
locally when States and local governments have gone beyond what 
the Federal Government has expected as a standard. I want to 
make that point as well, but, yes, certainly there is a 
critical role for the Federal Government to play.
    Mr. Raskin. Yes. I mean, the States have certainly led in 
terms of the expansion of the franchise, and we know lots of 
States extended women the right to vote, for example, before 
the 19th Amendment----
    Ms. Benson. And language protections.
    Mr. Raskin [continuing]. Was adopted. And language 
protections and extending the right to vote to African 
Americans. And so that is definitely the case, that we have 
seen a lot of forward movement in the States that lead to 
national changes. But in the dynamics of Federalism, Congress 
has played an essential role in securing people's right to 
vote. And I think given the new cyber threats to voting 
security, Congress cannot abdicate that role, and Congress 
should be really in the forefront of trying to assist the 
States in making sure that we are fortifying our defenses, so 
there is not an open door for the kinds of activities that we 
saw in 2016.
    Ms. Benson. It is a critical role for the Federal 
Government to play. Also, in acknowledging and being a partner 
with us, and you know, fully funding the Election Assistance 
Commission and other existing agencies can go a long way in 
that regard as well.
    Mr. Raskin. Okay. Madam Chairperson, I yield back to you. 
Thanks so much.
    Mrs. Davis of California. Thank you very much.
    I might just follow up. Fully funding it and providing some 
authority so that they can do something about it, correct? I 
think everybody would agree with that.
    Ms. Benson. And I also want to emphasize as you have seen 
today, the importance of talking to more State and local 
officials, because I think you will see multiple different 
perspectives and opinions, and through that, I think you can 
develop some Federal expectations and standards.
    Mrs. Davis of California. Thank you very much. I want to 
thank all of you for your valuable testimony here, for 
appearing, and for being very helpful. I also want to let you 
know that members have five legislative days to revise and 
extend their remarks, and written statements may be made part 
of the record. If they have questions, we ask you to please 
respond in writing as soon as possible. I think there is a 
deadline on that but respond quickly so they can be made part 
of the record. Thank you very much. If there are no objections, 
this hearing is adjourned.
    [Whereupon, at 4:00 p.m., the Committee was adjourned.]
    [GRAPHIC NOT AVAILABLE IN TIFF FORMAT]