[House Hearing, 116 Congress]
[From the U.S. Government Publishing Office]


                      SECURING AMERICA'S ELECTIONS

=======================================================================

                                HEARING

                               BEFORE THE

                       COMMITTEE ON THE JUDICIARY

                        HOUSE OF REPRESENTATIVES

                     ONE HUNDRED SIXTEENTH CONGRESS

                             FIRST SESSION

                               __________

                       FRIDAY, SEPTEMBER 27, 2019

                               __________

                           Serial No. 116-56

                               __________

         Printed for the use of the Committee on the Judiciary

[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]

               Available via: http://judiciary.house.gov
               
                            __________
                            

                    U.S. GOVERNMENT PUBLISHING OFFICE                    
45-285                     WASHINGTON : 2021                     
          
-----------------------------------------------------------------------------------                          
                      
                       
                       COMMITTEE ON THE JUDICIARY

                    JERROLD NADLER, New York, Chair
               MARY GAY SCANLON, Pennsylvania, Vice-Chair
ZOE LOFGREN, California              DOUG COLLINS, Georgia, Ranking 
SHEILA JACKSON LEE, Texas                Member
STEVE COHEN, Tennessee               F. JAMES SENSENBRENNER, Jr., 
HENRY C. ``HANK'' JOHNSON, Jr.,          Wisconsin
    Georgia                          STEVE CHABOT, Ohio
THEODORE E. DEUTCH, Florida          LOUIE GOHMERT, Texas
KAREN BASS, California               JIM JORDAN, Ohio
CEDRIC L. RICHMOND, Louisiana        KEN BUCK, Colorado
HAKEEM S. JEFFRIES, New York         JOHN RATCLIFFE, Texas
DAVID N. CICILLINE, Rhode Island     MARTHA ROBY, Alabama
ERIC SWALWELL, California            MATT GAETZ, Florida
TED LIEU, California                 MIKE JOHNSON, Louisiana
JAMIE RASKIN, Maryland               ANDY BIGGS, Arizona
PRAMILA JAYAPAL, Washington          TOM MCCLINTOCK, California
VAL BUTLER DEMINGS, Florida          DEBBIE LESKO, Arizona
J. LUIS CORREA, California           GUY RESCHENTHALER, Pennsylvania
SYLVIA R. GARCIA, Texas              BEN CLINE, Virginia
JOE NEGUSE, Colorado                 KELLY ARMSTRONG, North Dakota
LUCY MCBATH, Georgia                 W. GREGORY STEUBE, Florida
GREG STANTON, Arizona
MADELEINE DEAN, Pennsylvania
DEBBIE MUCARSEL-POWELL, Florida
VERONICA ESCOBAR, Texas

        PERRY APELBAUM, Majority Staff Director & Chief Counsel
                BRENDAN BELAIR, Minority Staff Director
                           
                           
                           C O N T E N T S

                              ----------                              

                       Friday, September 27, 2019

                                                                   Page

                           OPENING STATEMENTS

The Honorable Jerrold Nadler, Chairman, Committee on the 
  Judiciary......................................................     1

                                WITNESS

Debora Plunkett, Senior Fellow, Defending Digital Democracy 
  Project, Harvard Kennedy School, Belfer Center for Science and 
  International Affairs
  Oral Testimony.................................................     5
  Written Testimony..............................................     7
Kathryn Boockvar, Acting Secretary of the Commonwealth, 
  Pennsylvania Department of State
  Oral Testimony.................................................    16
  Written Testimony..............................................    18
Tom Burt, Corporate Vice President, Customer Security & Trust, 
  Microsoft Corporation
  Oral Testimony.................................................    24
  Written Testimony..............................................    26

          LETTERS, STATEMENTS, ETC. SUBMITTED FOR THE HEARING

H.R. 2353, To amend the Federal Election Campaign Act of 1971 to 
  require candidates for election for public office to refuse 
  offers of assistance from foreign powers and to report such 
  offers to the Federal Bureau of Investigation, and for other 
  purposes, submitted by The Honorable Sheila Jackson Lee........    48
H.R. 3529, To require the Secretary of Homeland Security to 
  promptly notify appropriate State and local officials and 
  Members of Congress if Federal officials have credible evidence 
  of an unauthorized intrusion into an election system and a 
  basis to believe that such intrusion could have resulted in 
  voter information being altered or otherwise affected, to 
  require State and local officials to notify potentially 
  affected individuals of such intrusion, and for other purposes, 
  submitted by The Honorable Matt Gaetz..........................    68

                                APPENDIX

A statement for the record from the Brennan Center for Justice at 
  NYU School of Law submitted by the Honorable Chairman Jerrold 
  Nadler.........................................................    92

 
                      SECURING AMERICA'S ELECTIONS

                              ----------                              


                       Friday, September 27, 2019

                        House of Representatives

                       Committee on the Judiciary

                             Washington, DC

    The Committee met, pursuant to call, at 9:05 a.m., in Room 
2141, Rayburn House Office Building, Hon. Jerrold Nadler 
[chairman of the committee] presiding.
    Present: Representatives Nadler, Lofgren, Jackson Lee, 
Cohen, Johnson of Georgia, Deutch, Cicilline, Lieu, Raskin, 
Jayapal, Demings, Correa, Scanlon, Garcia, Neguse, Stanton, 
Dean, Mucarsel-Powell, Chabot, Gohmert, Jordan, Buck, Gaetz, 
Johnson of Louisiana, Reschenthaler, Cline, Armstrong, and 
Steube.
    Staff Present: Aaron Hiller, Deputy Chief Counsel; Arya 
Hariharan, Deputy Chief Oversight Counsel; Madeline Strasser, 
Chief Clerk; Moh Sharma, Member Services and Outreach Advisor; 
Sarah Istel, Oversight Counsel; Julian Gerson, Staff Assistant; 
Priyanka Mara, Professional Staff Member/Legislative Aide; Matt 
Robinson, Counsel, Subcommittee on Courts, Intellectual 
Property, and the Internet; Brendan Belair, Minority Staff 
Director; Bobby Parmiter, Minority Deputy Staff Director/Chief 
Counsel; Jon Ferro, Minority Parliamentarian; Ryan Breitenbach, 
Minority Chief Counsel, National Security; and Erica Barker, 
Minority Chief Legislative Clerk.
    Chairman Nadler. The House Committee on the Judiciary will 
come to order.
    Without objection, the chair is authorized to declare 
recesses of the Committee at any time.
    We welcome everyone to this morning's hearing on ``Securing 
America's Elections.''
    I will now recognize myself for an opening statement.
    Yesterday, the Director of National Intelligence testified 
that, ``the greatest challenge we have as a Nation is making 
sure to maintain the integrity of our election system.'' I 
agree. Our democracy was founded on a government elected by the 
people, for the people in free and fair elections.
    Today, our elections, the very core of our democracy, are 
under attack. Special Counsel Mueller's report, in no uncertain 
terms, details how a foreign government attacked our 2016 
elections. The Russian objectives were clear: Deepen distrust 
and discord in our society, secure the election of one 
candidate for President over the other, and, in so doing, 
undermine confidence in the integrity of our elections and 
damage our Nation's standing in the world.
    There is no evidence that Russia affected the actual vote 
count of our elections, but Russia did successfully steal 
thousands of documents from American citizens that it used to 
influence public opinion. It also accessed voter data and 
gained other valuable intelligence, which it may seek to 
exploit in the future.
    In short, as Special Counsel Mueller emphasized in his 
recent press conference, Russia's attack, ``deserves the 
attention of every American.''
    Russia's attack was not an isolated accident, nor is Russia 
the only foreign power attempting to influence our elections. 
We live in a world with agile, persistent enemies who are 
constantly evolving their methods of attack. As FBI Director 
Christopher Wray warned, ``Make no mistake: The threat just 
keeps escalating. And we're going to have to up our game to 
stay ahead of it.''
    Despite concrete evidence confirmed by the heads of our 
intelligence agencies, President Trump has refused to 
acknowledge Russia's attack, let alone publicly denounce it, or 
outline clearly how he intends to deter future interventions. 
To the contrary, the President has openly declared that he sees 
no problem with foreign influence in our elections.
    More troubling, there have been reports from multiple 
senior White House officials, including the former Secretary of 
Homeland Security, the organization tasked with leading our 
election security efforts, that the White House failed to 
adequately inform Americans about continuing influence efforts 
and, instead, directly stymied attempts to investigate or even 
discuss the attacks on our elections.
    More troubling still, we now have evidence that the 
President of the United States asked a foreign leader to 
interfere in our next election. The President is not only 
refusing to defend our elections against foreign attacks but is 
actively soliciting such intervention.
    That is unacceptable, and it puts our Nation at great risk. 
We must not let foreign attacks go unpunished or undeterred, 
and we must make the investments necessary to withstand any 
future attacks.
    The Judiciary Committee is tasked with the duty of 
protecting the right to vote for every American. That includes 
not just equal voting rights and access to the polls but also 
confidence in the accuracy and security of our election 
systems. We will protect that sacred right. We will not let 
anyone, not even the President, attempt to undermine the 
integrity of our democracy.
    Today's hearing will help carry out that duty to ensure 
that we understand the extent of the scope and the threat to 
our 2020 elections and to identify appropriate steps for 
deterring, detecting, and defending against those threats. I am 
pleased that the last week the Senate finally approved a 
bipartisan spending bill to safeguard voting systems, but much 
more needs to be done.
    U.S. elections are not built of isolated parts. The 
existing infrastructure is a vast ecosystem that includes voter 
registration, vote-casting, vote tabulation, election-night 
reporting, and auditing systems. Each of those components is 
vulnerable to attack. As with any ecosystem, if any one 
component part fails, if there is a flaw in one piece of the 
technology, it can jeopardize the entire process.
    As former Secretary of Homeland Security Jeh Johnson 
explained, the integrity of our election outcomes on a national 
level dances on the head of a pin. Securing our election 
system, therefore, requires securing each of its component 
parts.
    This begins with ensuring that we can verify all votes 
through post-election audits to certify that each vote is 
accurately counted, which will help maintain trust and 
transparency in the election process.
    We must also secure our voter registration databases, 
voting machines, and voting systems. A report published this 
spring found that in at least 40 States voter registration 
databases and machines were instituted more than a decade ago. 
Outdated systems are difficult to maintain and are subject to 
serious flaws and vulnerabilities and are more vulnerable to 
attacks from the outside.
    Our adversaries are agile and technologically advanced. We 
must be too. We must provide States with the resources needed 
to secure their systems and update their critical 
infrastructure.
    In addition, nearly all States and territories rely on 
outside vendors in some capacity, but of those States and 
territories, roughly 92 percent rely on just three vendors. 
These vendors must be regulated to ensure that all of their 
products meet minimum election security requirements.
    Finally, State and local officials responsible for 
administering elections, our democracy's frontline defenders, 
must have the resources and cybersecurity training necessary to 
protect our voting systems. We must also develop better tools 
to share cybersecurity and threat information among State and 
local officials and the Federal Government.
    In 2016, according to the intelligence community, State 
election officials were not sufficiently warned or prepared to 
handle an attack from a hostile nation-state actor. We must 
ensure that each component piece of our election system is 
sufficiently integrated, equipped, and ready to handle any 
attack, from any actor, going into 2020 and beyond.
    In short, the challenges facing our elections are serious, 
evolving, and multipronged. There are no easy answers. I know 
that Ranking Member Collins agrees with me that the threat to 
our elections is a threat to the American republic.
    I thank Mr. Collins for his attention to this issue, and I 
am pleased to say that our staff jointly selected the witnesses 
here today. These witnesses will help us understand further the 
extent and the scope of the threats we face and the 
vulnerabilities in our systems that must be patched. Their 
testimony will help guide this committee's efforts to ensure 
the integrity of our elections, and I thank them for appearing 
today.
    I am confident that, working together, we can address the 
imminent threat to our elections and protect our voting systems 
going forward. Our democracy depends on it.
    The Ranking Member has been detained, and I will recognize 
him for his opening statement after he arrives.
    Without objection, all other opening statements will be 
included in the record.
    Chairman Nadler. I will now introduce today's witnesses.
    Debora Plunkett is a senior fellow for the Defending 
Digital Democracy Project at the Harvard Kennedy School, Belfer 
Center for Science and International Affairs, and an adjunct 
professor of cybersecurity at the University of Maryland 
Graduate School.
    Ms. Plunkett previously served as Deputy Director and then 
Director of the National Security Agency's Information 
Assurance Directorate. She also served as a director on the 
National Security Council under both President Clinton and 
President George W. Bush.
    Ms. Plunkett received a Bachelor of Science degree from 
Towson University, an MBA from Johns Hopkins University, and a 
Master of Science in national security strategy from the 
National War College.
    Kathy Boockvar is the acting secretary of the Commonwealth 
of Pennsylvania. She also serves as the Elections Committee co-
chair for the National Association of Secretaries of State and 
as the association's representative on the Election 
Infrastructure Subsector Government Coordinating Council. That 
is a nice title.
    Previously, Ms. Boockvar served as senior advisor to the 
Governor of Pennsylvania on election modernization, as 
executive director of Lifecycle WomanCare, and as chief counsel 
for the Pennsylvania auditor general. Ms. Boockvar also worked 
for many years as a poll worker and voting rights attorney.
    Ms. Boockvar received a Bachelor of Arts degree from the 
University of Pennsylvania and a J.D. from American University 
Washington College of Law.
    Mr. Raskin. Will the gentleman yield?
    Chairman Nadler. I yield to the gentleman.
    Mr. Raskin. She was my student.
    I yield back.
    Chairman Nadler. I will assume she learned well.
    Tom Burt is the corporate vice President of the Customer 
Security and Trust Team at Microsoft Corporation, where he 
works to formulate and to advocate Microsoft's cybersecurity 
policy globally, including advancing the Digital Geneva 
Convention, the Tech Accord, and the Defending Democracy 
Project.
    Mr. Burt joined Microsoft in 1995 and has since held 
several leadership roles in the Corporate, External, and Legal 
Affairs Department, including leading the company's litigation 
group from 1996 to 2007 and, more recently, leading their 
Digital Trust team.
    Prior to joining Microsoft, Mr. Burt was a litigation 
partner at Riddell Williams, a law firm in Seattle, where he 
worked on voting rights cases.
    Mr. Burt received a Bachelor of Arts degree from Stanford 
University and a J.D. from the University of Washington Law 
School, where he graduated magna cum laude.
    We welcome all our distinguished witnesses, and we thank 
them for participating in today's hearing.
    Now, if you would please rise, I will begin by swearing you 
in. Raise your right hands, please.
    Do you swear or affirm under penalty of perjury that the 
testimony you're about to give is true and correct to the best 
of your knowledge, information, and belief, so help you God?
    Thank you.
    Let the record show the witnesses answered in the 
affirmative.
    Thank you, and please be seated.
    Please note that each of your written statements will be 
entered into the record in its entirety. Accordingly, I ask 
that you summarize your testimony in 5 minutes. To help you 
stay within that time, there is a timing light on your table. 
When the light switches from green to yellow, you have 1 minute 
to conclude your testimony. When the light turns red, it 
signals your 5 minutes have expired.
    Ms. Plunkett, you may begin.

                  TESTIMONY OF DEBORA PLUNKETT

    Ms. Plunkett. Chairman Nadler, Ranking Member Collins, and 
distinguished Members of the committee, thank you for the 
opportunity to testify before you today.
    My testimony focuses on potential security vulnerabilities 
of our election systems and recommendations to better protect 
our democratic processes and systems from cyber attacks.
    We must take bold, decisive, and expeditious steps to 
address cyber threats and then assume our efforts are 
insufficient given the rise of attackers' capabilities. All 
known threats must be addressed in order to better ensure 
secure and trusted elections.
    Bad actors, whether nation-states or lone criminals, focus 
on gaining unauthorized access to systems that provide the best 
opportunity to achieve their goals, including influence, 
destruction, profit, espionage, coercion, or just fun and fame. 
Attackers can make their attempts from across an ocean or from 
down the street.
    We must treat election security as imperative for 
safeguarding our democracy. Intelligence leaders warn of 
ongoing and escalating interference attempts by multiple 
foreign actors who view our 2020 elections as an opportunity to 
advance their interests at the expense of American democracy.
    In the United States, elections are complex and 
decentralized. The United States has over 10,000 election 
jurisdictions. These jurisdictions vary by technology and 
processes. Recognizing the variety of election jurisdictions is 
central to developing and implementing strategies to improve 
election infrastructure security.
    While elections operations can vary significantly across 
jurisdictions, there are fundamental similarities in some 
infrastructures. Many election systems are built using general-
purpose technology and commercial off-the-shelf software. While 
this means they are often subject to attacks popular in other 
sectors, it also means experts have identified some best 
practices to mitigate many of the risks. The key is to make 
sure these solutions are kept up to date.
    At Harvard, the Belfer Center's Defending Digital Democracy 
Project produced a State and local elections security playbook 
which identifies 10 best practices that apply to all elections' 
jurisdictions, which I'll briefly summarize today.
    The first is to create a proactive security culture. Most 
cyber compromises start with human error. A strong security 
culture makes a big difference as to the success of a malicious 
actor.
    The second is to treat elections as an interconnected 
system. Any digital device that touches election processes must 
be safeguarded. Device security management should be 
centralized and streamlined.
    The third is to require a paper vote record. It is 
essential to have a voter-verified, auditable paper record to 
allow votes to be cross-checked against electronic results. The 
paper record must have a rigorous chain of custody.
    The fourth is to use audits to show transparency and 
maintain trust in the elections process. Auditing should be 
embedded at points in the process where data, integrity, and 
accuracy are critical.
    The fifth is to implement strong passwords and two-factor 
authentication. While strong passwords are important, two-
factor authentication is one of the best defenses against 
account compromise.
    Number six is to control and actively manage access, where 
users should receive the minimum access required to perform 
their jobs. When someone no longer needs access, it should be 
revoked.
    Number seven is to prioritize and isolate sensitive data 
and systems so that you know which systems should be properly 
protected.
    Number eight is to monitor, log, and back up data, which 
enables attack detection and system or data recovery after an 
incident.
    Number nine is to require vendors to make security a 
priority. Detailed security specifications should be written 
into acquisition documents, and vendors must be required to 
notify officials immediately after becoming aware of a breach.
    Finally, number 10 is to build public trust and prepare for 
information operations. Transparency and open communications 
will counter information operations that seek to cast doubt 
over the integrity of the election system.
    In conclusion, election systems are critical 
infrastructure. To protect them, the Federal Government must 
provide the requisite guidance and support by allocating 
resources to upgrade election systems to the highest security 
standards; ensuring information exchange between Federal, 
State, and local entities is seamless; instituting security 
standards that vendors must follow for election systems or 
components; and encouraging a culture of security by keeping 
the American public fully informed on malicious actors' 
behaviors and intentions and the government's efforts to stop 
them.
    Thank you for the opportunity to participate in this 
important dialogue today.
    [The statement of Ms. Plunkett follows:]
    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    Chairman Nadler. Thank you.
    Ms. Boockvar?

                 TESTIMONY OF KATHRYN BOOCKVAR

    Ms. Boockvar. Chairman Nadler and esteemed Members of the 
committee, thank you so much for your leadership on election 
security.
    As chief election official of Pennsylvania, I have the 
privilege of working with dedicated election officials across 
the Commonwealth, in all 67 counties, to make sure that all of 
our elections are fair, accessible, and secure for all eligible 
voters.
    As has already been discussed, the issues surrounding 
election Administration have become more complex and 
complicated because of security issues. As we know, foreign 
adversaries are continuously trying to influence our elections. 
The key to thwarting this effort is to make sure that we are 
building our cyber walls faster than those that are trying to 
tear them down.
    Election security is a race without a finish line, and our 
adversaries are not slowing down. We need to make sure that we 
are meeting and exceeding those technologies and making sure 
that we invest, at all levels, substantial and sustained 
resources.
    Alongside the great majority of States, we urge the Federal 
Government to provide additional election security funding but 
also infrastructure.
    We need to look at this like we look at other ongoing 
initiatives. So, we don't do once-and-done appropriations for 
other types of security, for healthcare, for education. We look 
at these as ongoing investments, and that's how we have to look 
at our elections. Nothing is more important than the security 
of our democracy.
    There have been great advances over the last many years. As 
discussed, the EIS-GCC, the Election Infrastructure Subsector 
Government Coordinating Council--say that five times fast--has 
been a great collaboration among Federal, State, and local 
officials to secure elections. It's working to formalize and 
improve information-sharing, communication protocols, to make 
sure that our local and State election officials can respond 
timely to threats.
    The great thing about EIS-GCC is that it has a wide range 
of Members. So, we've got 29 Members; 24 of them are local and 
State election officials. But, it also includes critical 
Federal partners like DHS, EAC, NASED, the Election Center, and 
the International Association of Government Officials.
    Other key partners in this fight are DHS, National Guard, 
and Center for Internet Security, who have been incredibly 
strong partners, making sure that we have risk and 
vulnerability assessments, shared intelligence, tabletop 
exercises, and extensive communications.
    There's more that we could do. So, one of the things that 
I'd love to see the Federal Government being more involved in 
is vendor oversight, tracking foreign ownership, making sure 
that we're getting background checks, making sure that there's 
a good chain of custody across all voting and election 
components.
    We also need to strengthen lines of communication in both 
directions from Federal, State, and local. For example, when 
there are local incidents reported to our Federal partners, the 
Federal partners need to make sure that the State election 
officials know so that we could timely respond to those 
incidents.
    On the Pennsylvania landscape, we've had some great 
successes over the last year and a half that I've been very 
proud to be a part of. We've really had a very--we broke down 
silos. We knew it was really important to have an integrated 
approach to election security. It's been incredibly effective.
    We have an interagency workgroup that involves IT 
professionals, security, law enforcement, homeland security, 
elections, and emergency preparedness. We meet regularly and 
work together to make sure that we are working together as a 
front to make sure we have the most secure and accessible 
elections in Pennsylvania.
    We've provided tabletop exercises, and we were the first 
State in the country to accept DHS's offer of free 
vulnerability assessments to States.
    One of our big successes over the last year has been our 
transition in Pennsylvania to voter-verified paper ballot 
systems. I'm happy to say that, whereas a year ago we had 50 
counties across Pennsylvania that had no paper trails, as of 
this November there will be 52 counties that will have voter-
verifiable paper trails. So, a huge flip, great success. The 
credits to the county election officials for all their work.
    I'm also happy to say that we have a post-election audit 
work-group, as discussed by Chairman. This is a critical piece 
of our elections, is making sure that we're auditing and 
instilling confidence in our voters about confirming the 
results of the election.
    The right to vote is a fundamental right, and every voter 
must be provided equal access to polls and a deep-seated 
confidence in the security and accuracy of their votes. Our 
democracy and bolstering our confidence in that democracy is 
worth every dollar.
    Thank you very much.
    [The statement of Ms. Boockvar follows:]
    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    Chairman Nadler. Thank you.
    Mr. Burt?

                     TESTIMONY OF TOM BURT

    Mr. Burt. Chairman Nadler, Ranking Member Collins, and 
Members of the committee, thank you for the opportunity to 
testify today on the important topic of how emerging technology 
can contribute to the security of our elections.
    My name is Tom Burt. I'm the corporate vice President for 
customer security and trust at Microsoft. My team includes our 
Defending Democracy Program, which works to protect democratic 
elections from cyber-attack around the world.
    We know that skilled and well-financed adversaries have and 
certainly will continue to attack elections in the U.S. and in 
other countries, all in the pursuit of their goal of 
undermining citizen confidence in democracy.
    Defending democracy and our elections are important to 
Microsoft, so we spent the last year working on what we, as a 
technology provider, can contribute to this effort. I'm pleased 
to inform the Committee that this week we released a free, 
open-source software development kit called ElectionGuard.
    Simply put, ElectionGuard technology can enable the most 
secure and trustworthy elections in the history of the United 
States. How does it do this? When a vote is cast, it is 
immediately encrypted so that it can't be seen or changed. The 
voter then receives a tracking number, and when the election is 
complete, the voter can go online and check to see, for the 
first time in history, that their vote was in fact counted and 
unchanged.
    ElectionGuard, more than that, also enables anyone--voting 
officials, the media, third-party watchdog organizations--to 
build a verifier application that will let them confirm that 
the tally is correct and unchanged. All of this can be done 
without ever decrypting individual votes through the use of 
homomorphic encryption, a well-established technology that can 
count votes without ever decrypting the underlying data.
    ElectionGuard is designed to work with many of the voting 
systems in use today, including electronic ballot-marking 
devices or hand-marked paper ballots read by optical scanners, 
and we have on our roadmap making it work with other forms of 
elections.
    We have made this technology free and open to everyone. 
Microsoft is not making any revenue from ElectionGuard. We've 
been working closely with all the major U.S. election vendors, 
encouraging them to build systems with ElectionGuard, and we're 
excited to report that their response has been uniformly 
enthusiastic.
    There is a significant impediment to the rapid adoption of 
this and other new voting technologies: The complex and 
outdated Federal election machine certification process. This 
process is more than a decade old, and it's too slow and too 
burdensome to enable voting officials to respond as quickly as 
needed to our agile adversaries. Unfortunately, this means that 
new machines using ElectionGuard likely will not be certified 
in time for use in the 2020 national election.
    This certification process also hinders basic security 
hygiene. Today, if a voting machine is updated with a minor 
security patch from a trusted vendor, it will have to go 
through a full recertification process. This creates a 
significant disincentive for election officials and vendors to 
deploy security patches, leaving our elections vulnerable.
    We're pleased that the Election Assistance Commission is in 
the process right now of revising these certification rules, 
and we would ask all of you to encourage the Commission to 
adopt soon new rules that enable rapid and agile deployment of 
new security technology and basic security hygiene.
    While we and others in the private sector can contribute 
technological advances to secure the vote, there is, of course, 
an important role for Congress. We agree with Ms. Plunkett's 
written testimony regarding the urgent need for long-term, 
sustainable funding. This is critically needed to enable 
election officials to plan ahead, to purchase new equipment 
rather than letting outdated systems remain active, and to 
invest in cybersecurity training and staffing that we expect of 
all critical infrastructure providers.
    We live in a world with agile enemies who are persistent in 
their efforts to interfere in our democratic process. Our 
citizens deserve to be able to cast their vote with confidence 
that it will be counted without manipulation.
    We believe ElectionGuard is breakthrough technology that 
can help achieve this goal. We remain committed to working with 
government, civil society, and the technology sector to take 
even more steps to ensure that every vote is counted and every 
voter has confidence in our free and fair elections. The 
stewardship of our democracy requires nothing less.
    Thank you, and I look forward to your questions.
    [The statement of Mr. Burt follows:]
    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    Chairman Nadler. Thank you.
    I thank all the witnesses for their testimony.
    We'll now proceed under the 5-minute Rule with questions. I 
will begin by recognizing myself for 5 minutes.
    I'd like to focus initially on one component of our 
election systems that I find particularly concerning: voter 
registration databases.
    The Mueller report concluded that in approximately June 
2016 the Russian intelligence organization GRU ``compromised 
the computer network of the Illinois State Board of Elections'' 
and ``gained access to a database containing information on 
millions of registered Illinois voters,'' unquote.
    Ms. Plunkett, in this case, the Russian hackers 
successfully breached the databases, but they failed to alter 
or to delete voting records. My question to you is, if Russian 
hackers had changed voting records, including deleting voters 
from the databases, can you describe the specific possible 
impacts it could've had on the election?
    Ms. Plunkett. If they--
    Chairman Nadler. If they had altered the databases.
    Ms. Plunkett. Well, it would've been devastating had they 
altered the databases. ``Altering'' in this case could've been 
changing records; it could've been deleting records, which 
would have made it, in some cases, impossible for voters to 
vote, to register to vote. Voters could've been turned away. It 
could've inserted voters erroneously into the database that 
could've provided an opportunity for those who shouldn't be 
voting to vote. So, it would have been devastating had that 
happened.
    Chairman Nadler. So, thousands or tens of thousands of 
voters might have turned up at the polls and been turned away 
because--
    Ms. Plunkett. That's correct.
    Chairman Nadler. --there was no record of their 
registration?
    Ms. Plunkett. That's correct.
    Chairman Nadler. Thousands of nonexistent voters might have 
voted?
    Ms. Plunkett. That's correct.
    Chairman Nadler. Thank you.
    Ms. Plunkett, the House-passed appropriations bill contains 
$600 million in funding for States. It also includes 
accountability measures and requires that funding cannot be 
used to purchase non-qualified voting machines. The Senate's 
version has only $250 million, with no accountability 
restrictions.
    Your written testimony emphasizes the need to replace 
paperless machines and implement robust post-election audits 
using paper ballots.
    Now, we saw in 2000 how one county's failure to properly 
maintain its chads or non-chads held up the entire country. One 
county's dereliction could again conceivably hold up the entire 
country's election, national election.
    Now, I understand why some States or counties might not 
want to spend the money necessary to update their election 
machinery so they can't be hacked, but I was astounded to read 
recently, a couple days ago in fact, that States are still 
buying, spending large amounts of money, on voting machines 
that are electronic, that do not have paper trails, that are 
unauditable and vulnerable to hacking.
    So, my question is, aside from the obvious necessity of 
appropriating money to update our election machinery so that we 
have hack-proof machines that cannot be tampered with from the 
outside and that leave auditable trails, which means paper 
trails, do you think that the Federal Government should mandate 
this? Because, after all, the Federal elections are premised on 
accurate counts in every State and county. Should we mandate as 
well as providing the funds for modern election technology so 
that we can be sure that no foreign actor is in fact hacking 
it, in fact, phonying up our vote, and perhaps even doing so 
and leaving no trail so that you knew it later?
    Ms. Plunkett. So, woe is me to make a comment about Federal 
and State roles and responsibilities, but here's what I'd say, 
sir: It is incumbent upon every State to institute the 
appropriate security measures and make sure that their 
technology is their most robust available in order to protect 
the democracy and their election and votes.
    I believe that there's a role for the Federal Government in 
this space that starts with requiring that vendors follow 
certain security standards in the production and delivery and 
maintenance of the equipment that these States are using. That 
would thereby standardize, at least, the security of those 
systems, everything from auditing and database management to, 
on the back end, should something happen to the systems, being 
able to report on that.
    Chairman Nadler. So, obviously, if the Federal Government 
mandated that only proper machines could be made, then new 
purchases would only be of proper machines.
    In the 5 seconds I've got left, do any of the other 
witnesses want to comment on whether they think it necessary 
for the Federal Government to mandate that existing machines be 
replaced in time for the next election so that we can guarantee 
an election un-dictated from Moscow or someplace else?
    Mr. Burt. We think, as the Election Assistance Commission 
is revising its standards for certification, there's an 
opportunity there to inject standards for the security of 
devices to be certified. I would caution, though, that we must 
be careful not to specify specific technological solutions--
    Chairman Nadler. Right.
    Mr. Burt. --because our enemies move very quickly. We need 
to be agile in response.
    To have basic security guidelines that are part of that 
certification process would be an advance in the current State 
and would help us secure our elections.
    Chairman Nadler. Thank you.
    Ms. Boockvar, quickly, because my time has expired.
    Ms. Boockvar. Chairman, I just want to say that I think 
you've mentioned a lot of the areas that we need to invest. You 
talked about voter registration systems. I think you talked 
about sensors, intrusion-detection sensors, and all kinds of 
other things.
    So, what I'd like to see is that we define a continuum, a 
number of different things that are critical priorities, but 
allow the States, who know best what's the most critical need 
in their State, to decide what the best use of those funds are.
    Chairman Nadler. Thank you very much.
    My time has expired.
    The gentleman from Colorado.
    Mr. Buck. Thank you, Mr. Chairman.
    Mr. Burt, I'm interested in the ElectionGuard technology 
that you were talking about earlier. One of the interests I 
have is that the United States wasn't the only country that 
Russia targeted in the last decade. It's clear that Russia 
tried to impugn the integrity of the Brexit vote, the Scottish 
independence vote. They've been involved in Spain with the 
Catalonia independence movement.
    Will Microsoft make ElectionGuard available to our allies, 
foreign countries, or something similar, so that we can try to 
make sure that democracies across the world have elections that 
are considered by their people to have integrity?
    Mr. Burt. Yes, that's absolutely our plan, Congressman. As 
you may know, our AccountGuard service, which we offer for free 
to help protect campaigns against being hacked, we've extended 
that now to 26 countries around the world, and we intend to do 
the same with ElectionGuard technology as well.
    It is a free, open-source project, so any vendor in any 
country is free to take that technology and build it into 
election systems. We work to expand our protections to all 
democracies committed to free and fair elections.
    Mr. Buck. Okay.
    Mr. Burt, one of the things I'm interested in is exactly--
you've used the word ``agile'' a number of times. I'm assuming 
that there is a distinction between hardware and software when 
you're talking about agility, and I'm wondering if you could 
just explain that.
    When Chairman talks about, and rightfully, you know, 
updating systems, I think we're in large part talking about 
hardware. I want to make sure that we have hardware that's 
compatible with whatever the software is that we need to be 
agile with.
    Mr. Burt. Yes, it's absolutely important that both hardware 
and software be the most secure, current engineering. There's 
work to do, frankly, on both sides of that. Most importantly, 
for most of these systems, it's the ability to update software.
    As I mentioned in my written testimony, we just announced 
recently that we are going to provide free security updates to 
Windows 7 election voting devices, because we discovered that 
there are many of those devices still in operation around the 
country even though that's decades-old technology. It reaches 
its end of life this January for most customers, but because of 
the importance of securing our vote, we are providing for free 
those security updates through the end of 2020.
    The challenge, though, is, as I mentioned earlier, with 
current regulations, it's actually very difficult and 
burdensome for local officials to even apply security patches 
to their devices. So, we need to work on both the software and 
hardware side of the equation to ensure that we can be agile in 
adopting the best technology to defend against these attacks.
    Mr. Buck. So, for old folks like me, we think that, if it's 
not on paper, it's not secure and it's not believable. I just 
want to open this up for the young folks on the panel here, if 
you have an opinion on how we convince the American public. 
Because that's really the audience, in this case, is making 
sure the American public understands we're doing everything we 
can to make elections credible.
    How do we convince the American public that something that 
we can't see, that exists out there somewhere, is just as good 
as a paper ballot and being able to see something on paper?
    Mr. Burt. If I could start off, and at least I'll claim to 
be young at heart, Congressman. There are two really important 
things we can do to help establish that trust.
    One which you've heard about from others, which we 
absolutely endorse at Microsoft, is the existence of a paper 
backup, at least, that can be used in risk-limiting audits. In 
fact, our ElectionGuard technology supports an advanced form of 
risk-limiting audits, which enables voting officials to audit 
the outcome after the vote and show that it wasn't tampered 
with.
    So that's one important thing, is the application of audits 
and the maintenance of at least a paper backup so that you 
always have that as a resource to go to.
    Again, if we can get to a world where the ElectionGuard 
technology is broadly adopted, that provides a whole new form 
of voter trust, because now voters will be able to, for the 
very first time, actually see that their vote got counted and 
wasn't changed. Today--I'm from Washington State--I have no 
idea whether the ballot I marked was ever actually counted or 
not. With this technology, voters will know, which should help 
establish voter trust.
    Mr. Buck. Thank you.
    Mr. Chairman, I don't often do this, but I wanted to thank 
you for holding this hearing. I think this is beneficial. It 
has very little to do with partisanship. It's important for 
everybody on both sides of the aisle and all around the 
country, to make sure we have this integrity. So, thank you 
very much.
    Chairman Nadler. Thank you.
    The gentleman's time has expired.
    The gentlelady from Texas.
    Ms. Jackson Lee. Thank you, Mr. Chairman. Let me add my 
appreciation for this very crucial hearing as well.
    Thank you to all the witnesses.
    Let me ask one question from each of you, with a ``yes'' or 
``no'' answer. Do you think it is important for there to be 
governmental involvement in a regulatory structure, in review 
of the technologies, as we move toward the upcoming elections, 
as quickly as possible?
    Ms. Plunkett?
    Ms. Plunkett. Yes.
    Ms. Jackson Lee. Secretary Brockner?
    Ms. Boockvar. Boockvar. Yes.
    Ms. Jackson Lee. Mr. Burt?
    Mr. Burt. Yes, I do.
    Ms. Jackson Lee. Let me ask, Ms. Plunkett, with respect to 
the 2016 election and the Russian GRU officers compromised a 
computer network of the Illinois State Board of Elections and 
gained access to a database containing information on millions 
of registered Illinois voters. The Russian GRU officers were 
able to steal data of thousands of U.S. voters before Illinois 
was aware of the hack.
    If Russia had succeeded in all these efforts, can you 
explain how attacking voter registration software in electronic 
polling stations can impact an election?
    Ms. Plunkett. Certainly.
    Since the foundation of the voter system begins with the 
registration databases, which validates that a voter is 
eligible to cast a vote, should that database be altered in any 
way, whether it be destroyed or deleted or additions made to 
it, it could jeopardize the ability of a legitimate citizen who 
has the right to vote from voting and would certainly alter the 
outcome of the election because it would prevent those who 
should be able to vote from casting their votes.
    Ms. Jackson Lee. In essence, it would undermine the very 
basis of our democracy.
    Ms. Plunkett. That's correct.
    Ms. Jackson Lee. Mr. Burt, you've mentioned the Election-
Guard. We are all fascinated by that. It's outstanding 
technology.
    In your marketing to the entire world, I'm not sure what 
kind of litmus test you're going to use to determine whether or 
not it is a democratic government. What is the potential of 
innocent democratic governments now giving technology of that 
level of sophistication to be utilized, then, to hack into the 
system? What are the protections and the firewalls on your 
system if, by chance, you sell it to an enemy, a foreign enemy?
    Mr. Burt. Well, Congresswoman, we're actually being quite 
deliberate and careful about the countries to which we expand 
our services. Let me be clear about ElectionGuard: It's an 
open-source project that anyone can access. That actually leads 
to the security, because as people find any flaws or security 
flaws in that software, it can be updated.
    What's important to understand is that this technology is 
not capable of being used as an offensive weapon. What it does 
is secure the vote. What it does is ensure that votes are 
encrypted and can't be changed or altered. It ensures that the 
vote can be verified and that the count can be properly 
verified by individual voters and by any third party.
    So, to the extent that this technology is deployed even in 
countries that we would not consider an ally, it just means 
that their votes are going to be more trustworthy than they are 
today.
    Ms. Jackson Lee. So, it doesn't give them the ability to 
breach or to hack into the votes of another country?
    Mr. Burt. That's correct.
    Ms. Jackson Lee. Let me ask Secretary Boockvar, what is the 
importance of having a variety of technologies that States can 
have access to, rather than the limited number of vendors that 
we already have, in terms of protecting the election process?
    Ms. Boockvar. So, I think one of the benefits that we have 
is--decentralized systems have their advantages and 
disadvantages, but having the variety of technology is 
definitely an advantage, because the likelihood of the ability 
to breach all the different technologies is certainly harder 
than if you had one uniform across the board. So, it's key to 
keep the diversity of our systems.
    Ms. Jackson Lee. You only have, I think someone mentioned 
three. So having us to be able to certify or legislation that 
deals with expanding that opportunity would also enhance the 
security and safety of elections.
    Let me--you're all lawyers. In the past election, 2016, 
we've determined that there were a lot of foreign operatives. 
Do you think it's important to have legislation that indicates 
that if you, an elected official, or a candidate, are 
approached by a foreign adversary, that you need to report that 
immediately to an organization, agency, such as the FBI?
    Ms. Plunkett? I'm just asking everybody across the board.
    Ms. Plunkett. Yes, I do.
    Ms. Jackson Lee. Madam Secretary?
    Ms. Boockvar. Yes, I do as well, Congresswoman.
    Ms. Jackson Lee. Mr. Burt?
    Mr. Burt. Certainly.
    Ms. Jackson Lee. I ask unanimous consent to place into the 
record H.R. 2353.
    Chairman Nadler. Without objection.
    [The information follows:]
     

                MS. JACKSON LEE FOR THE OFFICIAL RECORD

=======================================================================

[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]

    Ms. Jackson Lee. Can an effective deceptive campaign 
spoofing attack be deployed through user search engine 
requests?
    I'll repeat it. Can an effective deceptive campaign 
spoofing attack be deployed through user search engine request?
    Can you just answer the question, Mr. Burt?
    Chairman Nadler. The time of the gentlelady has expired. 
The witnesses may answer the question.
    Mr. Burt. Yes, that's possible, although a more fulsome 
answer would take a considerable period of time in terms of how 
that would work and how we can defend against it.
    Ms. Plunkett. I agree, yes.
    Ms. Jackson Lee. All right. Thank you. I yield back.
    Chairman Nadler. The gentlelady yields back.
    The gentleman from Florida?
    Mr. Gaetz. Thank you, Mr. Chairman.
    I'd like to associate myself with the comments of the 
gentlelady from Texas and the gentleman from Colorado, that 
election security issues must be viewed as a bipartisan 
endeavor for us to be able to make progress and that all voters 
deserve to have confidence in that process.
    I must say, it was a little disheartening that Chairman 
began the hearing by taking a bunch of partisan shots at the 
President. I don't understand how that is helpful to the work 
that we're doing here.
    Really, thinking in terms of the value of elections most 
broadly, I fear that the greatest risk to our democracy may not 
be hacks or interference with the vote; it may be the efforts 
by radical Democrats to try to impeach a President who was duly 
elected. That seems to undo elections a lot more than hacking.
    Alas, back to this important work of the committee. I 
wanted to thank Congresswoman Murphy as the lead but also our 
colleagues on the Judiciary Committee, Mr. Deutch and Ms. 
Mucarsel-Powell from Florida, for coauthoring H.R. 3529. This 
bipartisan legislation requires the head of the Department of 
Homeland Security to notify State and local election officials 
in the event of some intrusion or hack.
    So my question is really to any of the Members of the panel 
to speak to the utility and importance of real-time 
coordination in the event of an intrusion and how you might see 
State and local officials working cooperatively and proactively 
with the Federal Government in such an endeavor.
    Ms. Boockvar. I'd love to take a crack at that. Thank you, 
Congressman.
    It's critically important, that collaboration at the State, 
local, and Federal level. We saw it in Pennsylvania last year, 
in November of 2018's election. We were connected across the 
country to other States and to the Federal Government, getting 
real-time information about things that were being seen in 
other States.
    We could not only take--so, for example, there were 
attempts to hack into--to send PDOS types of interruptions in 
other States. IP addresses were identified, passed along to 
other States. We then, in turn, were connected across the State 
to the 67 counties, could pass along those IP addresses, so 
they could block it proactively before having to have--it was 
literally in-action collaboration that protected our elections.
    So that kind of thing, both before, during, and after, is 
critical to make sure that we have the most secure elections 
possible.
    Mr. Burt. Congressman, if I may, in 2018, under the 
direction of Director Krebs from CISA, there was a war room 
established at the Federal level to which technology providers, 
State and local officials were all invited. We participated in 
that, and that was a good step forward.
    What you suggest is absolutely critical. I agree that the 
more efficient we can have communication between all Federal 
agencies who are aware of attacks in real-time with State and 
local officials and, also, leading technology providers who 
stand ready to assist with this effort of protecting our 
elections, the better it can be.
    So, we need to improve and expand on that rapid real-time 
sharing of threat information at the time of the election and 
before then.
    Ms. Plunkett. I agree with both.
    I'd just also add, it's critically important and a good 
role for the government to create the environment where 
information-sharing can happen without restrictions in a smooth 
and precise and expeditious manner, such that everyone who 
needs the information can get it and it's presented in a usable 
fashion.
    I would not limit that to State, local, and Federal, as has 
already been stated. Vendors there are very good threat 
intelligence organizations that are doing a great job in 
uncovering good information that needs to be a part of this 
dialogue.
    Mr. Gaetz. That is incredibly helpful advice, especially 
when I think about the experiences in Florida, where hackers 
masquerade as the vendors. So, they would seem to be an 
important part of that community. That's very helpful.
    I would also observe that there seems to be some confusion 
in Florida as to the extent to which any hack could lead to 
voter manipulation in future elections, not based on changing 
the tallies of the votes but by potentially manipulating 
someone's name. I'm Matthew Louis Gaetz II, but if someone went 
and changed my name to just ``Matt Gaetz'' on the voter rolls, 
potentially I would have a hard time having my vote counted.
    So, this may be a broader question than you're able to 
answer, but I am interested--and I think the Judiciary 
Committee could perhaps partner with others--on the utility of 
blockchain technology to enhance the security of elections. 
Because in an immutable, decentralized ledger, I would think 
that such a manipulation of the voter rolls, themselves, would 
be less likely.
    I would seek any comment anyone would have.
    I appreciate the chair's indulgence.
    Ms. Jackson Lee. [Presiding.] The witnesses may answer the 
question. The gentleman's time has expired.
    Ms. Plunkett. I think there certainly the opportunity for 
blockchain to be relevant in this space. If we think now about 
the American public and their understanding of voting and 
voting systems, we are talking about paper ballots as a backup. 
Generally, people understand that.
    Blockchain technology is very complicate and is untested. I 
know it's being tested in West Virginia, as I understand it. 
So, I think there's possibility, but it's not something that I 
think is ready for use for a general or primary election.
    Ms. Jackson Lee. The gentleman's time has expired.
    The gentleman from Georgia is recognized for 5 minutes.
    Mr. Johnson of Georgia. Thank you, Madam Chair.
    Thank the witnesses for your appearance today and for your 
testimony.
    Ms. Plunkett, the Center for American Progress recently 
reported that, quote, ``voting on paper is the most hack-proof 
way of conducting elections.'' You agree with that, do you not?
    Ms. Plunkett. Today, yes, I do.
    Mr. Johnson of Georgia. What about you, Ms. Boockvar?
    Ms. Boockvar. Absolutely. At least with a paper record, I 
should say.
    Mr. Johnson of Georgia. Uh-huh.
    Mr. Burt?
    Mr. Burt. Well, I would say that we actually believe that 
ElectionGuard provides an even more hack-proof way of voting. 
Paper as at least a backup or as primary--because the 
technology would support either--is important to maintaining 
the security of our elections.
    Mr. Johnson of Georgia. Uh-huh.
    So, when we talk about a paper ballot, we're talking about 
a hand-marked paper ballot.
    Is that right, Ms. Plunkett?
    Ms. Plunkett. It doesn't necessarily have to be hand-
marked, but there should be a piece of paper involved that can 
be--
    Mr. Johnson of Georgia. Well, now, if the paper involved is 
produced by a touchscreen voting machine and that piece of 
paper also has a barcode along with the races that the voter 
voted on, and this paper that the machine produces with the 
barcode is given to the voter, who can then check it, make sure 
that it reflects accurately what choices were made by that 
voter, and then that piece of paper is then scanned into a 
counting machine which counts not the actual choices made by 
the voter but the barcode on top, that's the kind of paper 
ballot that you're talking about?
    Ms. Plunkett. I don't know about the barcode piece. I--
    Ms. Boockvar. So, I think I can answer that. So, for 
example, that's where audits come in, right? So, for example, 
we're developing a process in Pennsylvania where--
    Mr. Johnson of Georgia. Well, I guess the question that I'm 
asking--if it's the barcode that is counted and not the box 
that is identified as the one that was checked by the voter, 
how does the voter know that the barcode which is counted 
actually reflects the choices that the voter made? Or does the 
voter just simply have to depend on the barcode to accurately 
reflect--how can we get around that if we're counting the 
barcode and not counting the hand-marked paper ballot?
    Ms. Boockvar. So, most systems, whether they're hand-marked 
paper ballot or ballot-marking devices, use some form of mark 
for the tabulation process, whether it's a barcode, a QR code, 
or timing marks, which some of the hand-marked paper ballots 
use. So, there's basically triggers into the tabular, and then 
the audit--
    Mr. Johnson of Georgia. Then you're able to actually count 
the hand-marked ballot by hand.
    Ms. Boockvar. Exactly. That's what the audit or a recount 
would do, would look at the plain text language on the--and it 
can compare to the tabulation numbers--
    Mr. Johnson of Georgia. The tabulation of the machine.
    Ms. Boockvar.--yes, with the--
    Mr. Johnson of Georgia. So, the hand-marked ballot is the 
way that it produces an auditable trail. The ballot that is 
counted by the barcode and is not hand-filled-out is just 
simply a further extension of the mechanics of the computerized 
voting?
    Mr. Burt. If I may, Congressman. So, in the context we are 
talking about the barcode, that paper still shows the specific 
individual votes which the voter, in a well-run system, has had 
an opportunity to verify the checkmarks in the boxes. So, now 
you've got a--
    Mr. Johnson of Georgia. Yeah, but those checkmarks are not 
the ones that are counted, though.
    Mr. Burt. I understand. What I'm saying is--
    Mr. Johnson of Georgia. It's the barcode.
    Mr. Burt.--even if it's not hand-marked, if it's marked by 
the machine, but the voter has verified those boxes, now you 
have a paper ballot that's verified that can be used for 
counting.
    Mr. Johnson of Georgia. How does the voter verify that the 
barcode or the counting mechanism accurately reflects the 
choices that the voter made?
    Mr. Burt. Yeah, so that is part of the audit process that 
can be performed by looking at the tally against the audited 
subset of ballots that's selected for the audit, looking not at 
the barcode, in this case, but looking at the boxes that are 
checked. So, the audit system provides that.
    Mr. Johnson of Georgia. Let me just say this, then. Isn't 
it clear that a hand-marked paper ballot that is then fed into 
a counting machine, which counts that tally, along with the 
other voters--and then, at the end of the voting process, if 
there is a recount, then you can actually count the paper 
ballot, the hand-marked paper ballot by hand and compare that 
to the tally that was produced by the counting machine, doesn't 
that provide the most effective way of auditing the results of 
an election?
    Ms. Jackson Lee. The gentleman's time has expired. The 
witness may answer the question.
    Mr. Burt. I would say that it's not important whether the 
ballot was hand-marked or marked by a machine as long as the 
voter gets the opportunity to verify that what they see on the 
ballot is what they intended before they deposit it in the 
ballot box. Either way, whether it's my hand-marking or the 
machine that checks the box, you have a clear representation of 
the voter intent.
    In fact, in the machine-checked box, sometimes that's 
clearer. As you know, with hand-marked ballots, there's often 
disputes about what a voter actually intended with the marking, 
depending on the system.
    Mr. Johnson of Georgia. There's no way of doing that--
    Ms. Jackson Lee. The gentleman's time has expired.
    Mr. Johnson of Georgia. --with the electronic voting 
process.
    I thank the gentlelady, and I yield back.
    Ms. Jackson Lee. The gentleman's time has expired.
    The gentleman from North Dakota, Mr. Armstrong, is 
recognized for 5 minutes.
    Mr. Armstrong. Thank you, Madam Chair, if I have time, I am 
going to come back to this, but Mr. Burt, your written 
testimony, you mentioned, you talked about future threats, and 
one of those was deepfakes and synthetic media being a future 
threat. I'm an old State party chairman. I understand how in 
the last 10 days of a close election things escalate extremely 
quickly. Just, why is this such a threat, and what can we do to 
deal with it on the front end? I mean, I've seen some--our 
colleagues, they did one yesterday, and I don't know another 
word to say another than creepy, and they look absolutely 
legitimate, so.
    Mr. Burt. Well, Congressman, that's exactly why it's such a 
threat. We know that our adversaries, among other things, 
engage in disinformation campaigns, in which they attempt to 
take the extreme positions on social issues relevant to the 
campaign, and they try to incite conflict among the American 
electorate. They seek to discredit candidates or positions 
through their disinformation campaigns. We should anticipate 
that they are going to become more sophisticated in their 
efforts.
    Synthetic media, or deepfakes as it's called regularly, the 
technology that enables that, both in terms of audio and video, 
is advancing rapidly, and as you point out, it's now possible, 
with the most advanced technology, to really create videos that 
appear to be entirely realistic. There's a lot of research 
that's going into detection technology, how to detect these 
deep fake videos and show that they are artificial and not 
real. At the end of the day, the technology to create the 
videos, because of the way the artificial intelligence works, 
will always be ahead of any detection algorithm.
    So, the opportunity for our adversaries to use this 
technology, to try to influence a campaign or an election, is 
very real. Today as it stands right now, we don't have a great 
answer to that, other than to educate the American public that 
it's going to be even more important now than it's been in the 
past, that they consume the information that they use to make 
election decisions from sources they believe are credible. 
There are a number of services out that try to rank and rate 
various sources to determine is this a journalistically 
credible source or not, but in today's world, that's going to 
become even more important.
    Mr. Armstrong. Thank you. I get criticized for a lot of 
things I say, so I'd prefer that I not get criticized by things 
people make up that I say. Moving into that, as far as a 
defense to that, as we're going forward, if the technology is 
advancing faster than the detection of it, it probably behooves 
us, as a body, and whoever else is doing some of these things, 
to figure out a way, particularly with platforms and things, to 
be able to have immediate removal and those types of efforts. 
Would that probably be just as we're moving forward and going 
towards this, there has to be a way. We have to have a way as a 
Congress or as a government or just as an election, to be able 
to deal with these things.
    Mr. Burt. Yes. In the short-term, I think using available 
detection technologies, working with the social media platforms 
and others to try to identify those that originate from 
adversaries, which is, cybersecurity technology we can deploy. 
Those are going to be the best things we can do for this 
election cycle.
    We and others are investing in a number of different 
efforts to try to come up with better ways, both to detect and 
to identify legitimate sources of video and audio so that over 
time, we will have a better approach to solving this challenge. 
It is going to be a real challenge for us in the 2020 
elections.
    Mr. Armstrong. Going back to the encryption stuff, and how 
does the broader encryption debate potentially affect 
encryption in ElectionGuard. If a government has a backdoor 
access, it's a backdoor that potentially could be exploited. 
That could create a built-in weakness in the balance. How do we 
balance law enforcement and the ability to do that with 
cybersecurity?
    Mr. Burt. So, this is a broader question that goes beyond 
the election context. In the election context, the encryption 
that we build in to ElectionGuard would never have a backdoor. 
There would be no purpose to have the backdoor, and it actually 
would reveal voter--specific votes, which you don't want to do 
for a variety of reasons.
    In the more broader context, this is a very nuanced 
discussion. There was a recent paper from the Carnegie 
Institute that I thought was very well done in talking about 
the broad range of issues, relevant to encryption, law 
enforcement access, protection of dissidents, for example, the 
legitimate uses for encryption, why that's important. One of 
the things that paper said, which we absolutely endorse, it's 
important to get very specific about the problem you're trying 
to address, and look at that problem and how to properly 
balance all the competing interests as to that problem. There 
is no general approach to encryption that doesn't create way 
too many problems. So, we need to be very specific, look at 
those specific things, and then balance the social issues to 
find the right result, and that's going to be some work that we 
all have to do, the technology industry together with 
government.
    Chairman Nadler. The time of the gentleman has expired. The 
gentleman from Rhode Island.
    Mr. Cicilline. Thank you, Mr. Chairman. Thank you to our 
witnesses for this very useful and important testimony. One of 
the things that I'm particularly concerned about is the 
regulation of vendors. As you are aware, a large percentage--I 
think it's 97 percent--of States and territories use vendors in 
some capacity, from the computers they use to access 
information to the servers that house information, the 
management of databases that contain information to cast and 
tally votes, websites and software used to display information 
and results, to the software that creates ballot design and 
helps transfer information across systems.
    Three vendors in particular control over 90 percent of this 
process. Of those three, over 60 percent of American voters 
cast ballots on systems owned and operated by a single vendor. 
Despite the incredible impact of vendors on our electoral 
system, there seems to be very little regulation over vendors 
that really ensures election security. As a result of it, we've 
seen some very serious issues with vendor security.
    So, my first question really is, for each of the witnesses, 
should we consider regulations at the Federal level in creating 
some standards for vendors, and if so, why? If not, why not?
    Ms. Plunkett. I absolutely believe that we should, because 
elections and election systems are a national security threat. 
For national security threats, that has been the approach of 
the U.S. Government. It is to develop Federal standards, and in 
this case, it would be Federal security standards for election 
equipment that range--that really run the gamut from how the 
environment in which the software is developed, and ensuring 
that it's developed in a secure manner, and appropriately 
protected, straight through to the implementation and 
maintenance, and then the responsibility for reporting any 
vulnerabilities that are discovered even after that software, 
hardware is deployed. I think it absolutely should be done, and 
I believe it's a role for the Federal Government.
    Ms. Boockvar. I agree on every level. We have the Election 
Assistance Commission which does certification, but as you 
probably know, not only has the AC been underfunded, but they 
also were unable to update their standards, the voluntary VBSG 
standards, for a long time. It didn't have a quorum.
    So, for example, in Pennsylvania, we stepped in and last 
year, when we knew we had to certify a whole bunch more voting 
systems, we actually created our own more stringent security 
standards, because we didn't want to rely on the outdated ones.
    So, it would be much more effective if the Federal 
Government were having stronger oversight both to standards and 
then to oversight of, for example, we talked earlier about the 
foreign ownership, background checks, and making sure that 
there's chain-of-custody controls over every component of the 
voting and election system.
    Mr. Cicilline. To make those standards requirements, not 
voluntary?
    Ms. Boockvar. Correct.
    Mr. Burt. Congressman, if I may add, we're all in agreement 
on that, with the one caveat that it's important that the 
standards not dictate any particular technology or 
technological solution because that then sticks the States and 
local governments with a particular solution. If that becomes 
vulnerable, then it would take too much time to change. So, 
they need to be generalized standards so that there can be 
innovation in terms of the technology approach that's used to 
meet those standards.
    Mr. Cicilline. That makes sense. In addition to the 
establishment of mandatory standards, are there other things 
Congress should be thinking about with respect to the role 
vendors play in our electoral process and the integrity of our 
elections?
    Mr. Burt. One thing that is another one of the future 
threats that the vendors can be playing a more significant role 
is, the risk of ransomware, and ransomware attack, especially 
on the voter registration rolls. This is something that 
Director Krebs from CISA pointed out a few weeks ago after this 
whole rash of ransomware attacks, we've seen on small 
municipalities around the country, ten in Texas alone 
relatively recently. The risk that our adversaries will use 
that same malware injected into the voter registration devices, 
and basically it will show up on the day of the election, and 
the entire database will be locked up and you can't see it. 
That's a significant risk.
    So, vendors need to work with their customers to help them 
understand how to establish defenses, how to have and build 
into the system backups that are offline backups, and do 
tabletop exercises so that State and local officials know how 
to restore those systems very rapidly, so there's no 
interruption in the voting process in the event that everything 
else that we do to try to maintain security is unsuccessful.
    Mr. Cicilline. Thank you. I want to thank you, Mr. 
Chairman, for holding this really important hearing. There's 
nothing more fundamental than protecting the right of the 
American people to have their voices heard and their votes 
counted in our elections, and this requires strong leadership 
from everyone at every level of government, and I really thank 
you for conducting this hearing.
    Chairman Nadler. Thank you, the gentleman yields back. The 
gentleman from Texas.
    Mr. Gohmert. Thank you, Mr. Chairman. I appreciate all of 
you being here. I noted that Chairman said basically that he 
was astounded to find counties still buying machines with no 
paper trail. Ms. Plunkett, were you at the NSA back in 2000, 
2001?
    Ms. Plunkett. Yes, I was.
    Mr. Gohmert. Do you remember who mandated that every county 
or parish in America buy electronic voting machines, and there 
was no requirement for paper trails because that was more 
expensive? Do you remember who mandated that?
    Ms. Plunkett. No, I do not.
    Mr. Gohmert. Well, I was working for the State and county 
as a judge, and counties were outraged that they had an 
unfunded mandate by this Congress, that some people here were 
in, Democrats intimidated Republicans because of the votes in 
Florida, even though there were fifth graders tested. None of 
them had trouble with the butterfly ballots and such. 
Apparently, people that were trying to vote Democrat had a lot 
of trouble with them. So, there was outrage, there was demand 
for electronic voting, and the Federal Government, Congress, 
mandated it. It was very, very difficult for counties, many 
counties, to come out of the financial burden that this 
Congress put on them, and so, if some of them have had trouble 
recovering financially for the poor mandate from this Congress, 
then hopefully they will be forgiven.
    Mr. Burt, it's wonderful that ElectionGuard is being 
provided by Microsoft to help secure elections. Does that work 
as well on Apple or Mac systems as it does on Microsoft 
operating systems?
    Mr. Burt. Yes, Congressman, it works on any platform. It 
doesn't matter what platform--
    Mr. Gohmert. See, I've heard that about here in Washington, 
I could have whatever computer system I wanted, and I have used 
Microsoft operating system for years. I tell people, I thought 
Microsoft Vista was the best thing that ever happened to 
computers. It screwed up all my software. I finally got mad and 
went and bought an Apple, it was a Mac. It was the best thing I 
ever did. Bought dozens since. But, when I was in Congress, I 
wanted a Mac, and I got one, but Microsoft system is what 
things are based on here. It screwed up my computer, and they 
said, look, you just can't have a Mac, if you're going to 
communicate with other computers around it. So, I just didn't 
know.
    I understand that your job is security and trust with 
Microsoft, so maybe they hadn't told you, but is there any 
backdoor into Elec-tionGuard that Microsoft might have in order 
to fix or deal with some problem in the system?
    Mr. Burt. Absolutely not, Congressman. There is no--
    Mr. Gohmert. As far as you know.
    Mr. Burt. Well, not only as far as I know, but it was my 
team that did the engineering work on this ElectionGuard--
    Mr. Gohmert. Okay.
    Mr. Burt. --and so, I am confident there is no backdoor. 
The other thing I would say again is, we are making it an open-
source project. So, the source code is available today on 
GitHub for anybody to look at. We actually encouraged hackers 
to try to hack into it, so that we can find any security flaws 
and fix them.
    Mr. Gohmert. One of the problems since really we're all 
very concerned about election security, no matter how good your 
system is, it can't do anything about a county that hires a 
vendor, as my colleague was just bringing up, and the vendor at 
the end of our early voting, on Friday before the election on 
Tuesday, takes the 48 flash drives from the 48 precincts home 
and plays with them until Election Day. Your system can't help 
with that kind of problem, correct?
    Mr. Burt. Actually, Congressman, the ElectionGuard 
technology, the way it works, actually provides security and 
trustworthiness even if you have a vendor or an election 
official who's been compromised or has some malign intent, 
because the vote gets encrypted the moment that the voter votes 
on it, and it never decrypts it after that.
    Mr. Gohmert. Yeah.
    Mr. Burt. So, it's protected against any of those kinds of 
attacks. Then we--
    Mr. Gohmert. If it's protected against that kind of abuse, 
then a county may not want to use your system, if they need a 
vendor to take them home and play with them. I'm concerned that 
each of you think it is possible to rig an American election, 
and if that's the case, I just warn you that in President 
Obama's eyes, that would make you a nonserious person, because 
he said, no serious person out there would suggest somehow you 
could even rig America's elections.
    I would encourage you, since traditionally dead people vote 
nearly a hundred percent Democrat, that you figure out a way to 
secure our graveyards so people don't keep turning out and 
voting in our elections. My time is expired.
    Chairman Nadler. The gentleman's time is expired. The 
gentlelady from Washington.
    Ms. Jayapal. Thank you, Mr. Chairman, and thank you all for 
being here. It's really very important the information that 
you're giving to us. As I've come to learn more about this 
issue, I've been quite stunned that the United States is 
currently the only major democracy without a centralized agency 
governing cybersecurity. Although we have multiple Federal 
agencies that have some role to play in protecting elections, 
there's no clear place that a local county that's concerned 
about hacking can go to. I read this recent U.K. report that 
explains that there are single, centralized, cybersecurity 
agencies that coordinate national security in Australia, 
Canada, and New Zealand, but the same report notes that in the 
United States international cybersecurity efforts must go 
through multiple U.S. agencies, including the NSA, DHS, and the 
FBI. So, I'm really interested in this idea of centralized and 
cohesive coordination of our Nation's cybersecurity to better 
protect from foreign and domestic threats.
    Mr. Burt, I want to thank you for your work and say how 
proud I am that Washington State is Microsoft's home State, and 
that I have the honor of representing many, many, many 
Microsoft workers as my constituents. I think you have brought 
up some really--you've done some really important work with the 
ElectionGuard technology. I'm curious--I know you just released 
it--is it actually in use anywhere yet? Are we using it in 
Washington, I guess, is the most relevant question?
    Mr. Burt. No, it's not yet in use anywhere, because as you 
say, just released it for public use just in the last few days. 
We are working with all the major election--working with all 
the election vendors. They're all very enthusiastic. They're in 
the process now of evaluating the technology and thinking about 
how they could build it into new offerings, new devices. So, we 
need both the election vendors, as well as State and local 
officials to understand the technology, think about how they 
can use it to secure their election, and we're out, you know, 
actively helping explain and educate that.
    We do expect that either later this year, or certainly in 
2020, there will be--we're working with a number of partners on 
some, at least pilot elections, where it will be used for a 
certain precinct or in a certain location so that we can 
actually test the technology, make sure that it's working as 
expected, hopefully in the coming months, and certainly by 
2020.
    Ms. Jayapal. Thank you. That's what I was wondering, is 
perhaps if we were pilot-testing it in Washington. In your 
testimony, you talked about imposing a culture of 
cybersecurity, including training, and I was also struck by the 
fact that many of the existing voting systems were using 
Windows 7. In your testimony you talked--or in your written 
statement, you talked about that. How do we, and maybe this is 
a question for you, but also for you, Ms. Boockvar, how do we 
make sure that we are providing the support and incentivizing 
in some way States and local counties to update their 
technology? Because we can have the best stuff, and we can put 
it out there, but if people don't continue to update, we're 
going to have this problem. Do either of you have comments on 
that?
    Mr. Burt. Well, I think you've heard a number of comments 
that address that already today from the testimony. I would 
say, we basically endorse the comments from both other 
witnesses which is, among other things, a set of consistent 
Federal standards on security for elections would be useful 
guidance. But, you also need to have a sustained, durable, 
long-term funding solution, so that State and local agencies 
are not stuck because of financial considerations, with 
outdated technology. This is just too important to our 
democracy. We need to make sure that we have the most secure 
systems possible in every State and local elections.
    Ms. Jayapal. Is it just about money, though, or is it also 
about people's fear of how to use technology, not perhaps 
having their technology officers in place? Either of you, 
please.
    Ms. Boockvar. There's a role really for lots of different 
pieces of the puzzle here, so from--everything from--sorry 
about that. We were talking earlier about how it would have 
been great if the new systems, for example, in Pennsylvania, 
that we just certified over the last year, they should--it 
would have been great if they were never made with Windows 7, 
so that there was an earlier sort of prevention measure in 
place that just involves regulation at the front end.
    Then, I think at the county level, and at the State level, 
and at the Federal level, to have easier certification, so when 
there is the transition and the upgrade of technology, we need 
to be able to make sure that those systems can be in use 
without being out of play for a while. So, there's a lot of 
different levels of it.
    Ms. Jayapal. You mean made with Windows 7, because things 
have an operating system within them, but what do you mean by 
that?
    Ms. Boockvar. So that's their operating system B. So, for 
example, it would have been great if all the systems that were 
even being made over the last year were already Windows 10. 
Some were, some weren't.
    Ms. Jayapal. Oh, I see. I see. They were updated as they 
were being put out?
    Ms. Boockvar. Correct. The counties, so there were 
negotiations--in terms of the money piece, there were 
negotiations with the vendors to make sure that they weren't 
going to charge for the upgrade, but it would have been better 
if there was never a need for upgrade because they had been 
made with Windows 10 to begin with.
    Ms. Jayapal. Thank you. I yield back.
    Chairman Nadler. The gentlelady yields back.
    The gentleman from Virginia.
    Mr. Cline. Thank you, Mr. Chairman, and I'm grateful to you 
for holding this hearing today. It's an issue that has needed 
examination for some time, and I'm hopeful that after today's 
hearing, we'll be able to Act on some of the excellent ideas 
that have been discussed this morning and many others that have 
been put forward by Members on this committee.
    While the responsibility of carrying out elections is one 
mainly for local and State governments, the Federal Government 
does have a critical role to play as has been discussed. It's a 
fact that other countries are trying to interfere in U.S. 
elections--Russia, most notably--and we must remain vigilant to 
ensure that foreign adversaries cannot mettle in our electoral 
process.
    New threats will never cease, and our Nation must stay on 
the cutting edge to ensure our elections remain secure. Our 
laws guarantee the American people just and fair elections, and 
it's our duty to carry out that mandate and resist all forms of 
tyranny that threaten our freedom.
    I have listened with interest. It seems like we're moving 
in two different directions--one toward less technology, paper 
ballots, and one toward more use of technology, 
decentralization, Blockchain. I'm curious about real-time 
testing of Blockchain in West Virginia.
    Ms. Boockvar, your neighboring State, West Virginia, had 
apparent success in the midterms in using Blockchain to allow 
deployed overseas servicemembers to vote. Have you explored any 
similar initiatives in Pennsylvania, and what have you done to 
ensure that overseas, deployed servicemembers can vote?
    Ms. Boockvar. So, we have not explored directly--I think 
across the country we are very closely talking with Virginia 
and West Virginia and watching how this goes. I think it did 
seem that the first run of it was successful. But, like we all 
know, there's a lot of risks with using untested technology. 
So, I think that's going to be something to watch over time. In 
the meantime, we are effectuating an encrypted email process 
that's going to be used for the first time--I'm sorry, I lost 
my voice--but that's going to be used, that's going to allow, 
instead of having to access a website, encrypted emails for 
delivery of the ballot to those voters, and that's kind of our 
next technology way to protect the vote overseas--of overseas 
voters. I'm sorry.
    Mr. Cline. Mr. Burt, your technology seems to--
ElectionGuard seems to utilize both ends of the spectrum there. 
You're having a paper ballot backup but exploring open-source 
solutions. Do you still--are you researching efforts to replace 
paper ballots, design and create additional software efforts 
that could replace paper ballots? Or are you of the mind that 
you should always have that paper ballot backup?
    Mr. Burt. So, our view is that whether paper ballot is the 
backup or primary, either way, the ElectionGuard technology can 
help provide this level of security and verifiability. We've 
designed it so that it will work with paper ballots in either 
way. But our position is that today, it's important to have a 
verified paper ballot backup, at a minimum, to use for risk-
limiting audits and have it available in the worst case, so 
that you can do a hand count if necessary. So, we think--and 
our technology supports that as well--so we think it's 
important.
    If I just make comment quickly on Blockchain, our 
researchers, who look really carefully at election-based 
technology, do not think Blockchain is a great solution for a 
nationwide election. We're very interested in the West Virginia 
experiment. We'll continue to look at that. It has a very 
specific focus which it may be useful for. For the most part, 
there are two big problems with Blockchain. It's a distributed 
ledger, and you really need to have a leader, which we have 
leaders now with the State and local election officials who 
establish what the rules are for voting and for who's on the 
ballot and who's not. So, there's challenges with Blockchain 
technology inherently, and furthermore, on a nationwide level, 
it would not maintain the degree of security and privacy in 
each individual's vote that is critical to our national 
elections.
    Mr. Cline. You've been working globally on this effort. 
Have you seen in other countries any evidence of hackers and 
whether your work in other countries on those issues has led 
directly to denying hackers an option to penetrate election 
infrastructure?
    Mr. Burt. So, the work that we've done globally so far has 
been with our account guard service, where we monitor Nation 
State actors, attempting to hack into the accounts of 
candidates or others involved in the election process, 
including third-parties, academics, and NGOs. What we have seen 
is that there are attacks in many other countries. We saw it in 
a number of the ones that Chairman Nadler referenced in his 
opening statement. We saw it as well in the French presidential 
election following ours in 2016. So, this pattern of conduct by 
the Russians, but potentially by other nation-states, is 
absolutely continuing in multiple different countries.
    Mr. Cline. I thank the witnesses.
    Chairman Nadler. The time of the gentleman is expired. The 
gentleman from Maryland.
    Mr. Raskin. Mr. Chair, thank you. In 2016, Vladimir Putin 
assessed the Russian posture vis-a-vis other countries. He 
realized he could not defeat liberal democracies militarily or 
economically, but he convened the equivalent of a Manhattan 
project for electronic subversion of the cyber elections, and 
the social media of Democratic countries.
    So, from prior hearings I've learned it was a three-pronged 
attack. Part of it was on the social media. There was an effort 
to inject racial propaganda and other kinds of ideological 
poison into Facebook and Twitter and so on. Two, there was a 
direct effort to hack into the DNC, at the D triple C, Hillary 
Clinton's emails. We're aware of that and had testimony about 
that.
    The third part was to go right to the State boards of 
elections to try to get into those systems. I want to ask a 
couple questions about that. I understand that they made their 
most progress in terms of the Illinois system, actually got 
into the voter registration database. Although, they were not 
able to, but apparently they tried, but they were not able to 
nullify the existence of voters on the database. What might 
have happened had they been able to do that? How secure are we 
against that in a similar attack, in 2020, Ms. Boockvar?
    Ms. Boockvar. So, the way it's been described to me is, 
what they did was kind of like, you know, if you're a thief and 
you go around the neighborhood and you try to figure out which 
houses have unlocked doors or windows, which are the easiest to 
break into, and when they're locked, you move on to the next 
one. So, they scanned a bunch of States, found most of the 
doors and windows locked and moved on to the next. I think that 
that's why we were successful at not having a worse situation. 
It could have been, as has been discussed previously, it could 
have been devastating.
    Mr. Raskin. Are you a member of the National Association of 
Secretaries of State?
    Ms. Boockvar. Correct.
    Mr. Raskin. How secure are the States? How ready are we? 
People ask me all the time, how ready are we, but we don't have 
one system. We have at least 50 systems, right? Or 51 systems 
all over the country.
    Ms. Boockvar. I think we are absolutely in a much better 
place than we were 2 years ago, and the designation of 
elections as critical infrastructure was a big start to that. 
We still have a way to go, and that's why I'm really 
interested, Congressman, on making sure that we don't focus 
entirely on voting systems. Voting systems are really 
important, but we need to be funding replacement of voter 
registration systems, intrusion-detection systems, making sure 
that the counties have the cyber protections, the passwords, 
and the multifactor authentication. Those are just as important 
as the voting systems, and we need to recognize that.
    Mr. Raskin. Ms. Plunkett, would we be safer in protecting 
our Presidential elections, which are obviously the biggest 
magnet and target for foreign actors, would we be better off if 
we had one national popular vote in electoral system for 
President, or are we better off using the current electoral 
college system where we have a State-by-State voting and we've 
got to protect all those different systems?
    Ms. Plunkett. What's most important is that we have the 
right--whichever system we would choose to use, what's most 
important is that we have the right security protections in 
place. With the right security protections in place, either 
would work equally effectively, I believe.
    Mr. Raskin. Okay. Mr. Burt, I was very cheered to hear your 
testimony. Are you telling us that we essentially have a 
technological fix to the problem of security of the actual 
voting systems themselves?
    Mr. Burt. Yes, Congressman. We think the election, our 
technology, once it's implemented in devices and those devices 
have been adopted, will provide a high degree of security, and 
more importantly, will provide this end-to-end verifiability, 
which will enable individual voters and voting officials to be 
able to trust the outcome, with the ability to have audits as a 
backup to add a layer of verifiability and trust in the system.
    Mr. Raskin. It will promote a lot more confidence in the 
reliability of the results?
    Mr. Burt. Yes. Ultimately, it would provide a much greater 
degree of confidence in the outcome, in part, because 
individual voters, for the first time, will see that their vote 
actually was counted.
    Mr. Raskin. Yeah. I mean, all of you have emphasized that 
our electoral integrity is a matter of national security. If 
you think about it, why does Vladimir Putin and Prime Minister 
Orban in Hungary and Duterte and all the authoritarians and 
despots and dictators want to destabilize our elections, it's 
because they want to destroy people's faith and confidence in 
democracy. They would like everything to be about authoritarian 
despots who just make deals around the world and go and corrupt 
each other's elections and interfere in each other's 
governments. I yield back. Thank you for your testimony.
    Chairman Nadler. The gentleman yields back. The gentleman 
from Pennsylvania.
    Mr. Reschenthaler. Thank you, Mr. Chairman.
    Mr. Burt, thanks for coming in today, and thanks for all 
you're doing to make our elections safe and protecting 
democracy. I just wanted to see if you'd like to speak about 
why Microsoft got into the election space and just generally 
speak, say, if there's anything more you want to elaborate on 
ElectionGuard.
    Mr. Burt. Absolutely. This goes to a number of the 
questions about how we got to where we're at today. We need to 
keep in mind that our foreign adversaries' direct efforts to 
intervene in our elections is a relatively new phenomenon, and 
the process for certifying devices and so forth is an older 
phenomenon. So, this is something that the entire election 
community is reacting to in a relatively short period of time.
    For Microsoft, this started in 2016, during the Democratic 
National Convention when our security team saw that a group 
that we call STRONTIUM, which we now know from the Mueller 
indictment, is a Russian organization operated by the GRU, the 
same group. When we saw that organization registering a bunch 
of fake Microsoft domains, domain names, websites that looked 
like they were Microsoft, but really were not, and because of 
the timing, we immediately took action, and ultimately, 
actually, went to court. We've been in a battle with that same 
organization now over several years in court, where every time 
they register fake domains, or use them to try to steal 
credentials, we go to court, get an order, we take those down 
and direct all of that traffic to our own sinkhole at our 
digital crime's unit. So, we're in a constant technological 
battle with that organization. It started then.
    Then as we fast-forward over the next year, I had a 
conversation with our president, my boss, Brad Smith, and we 
talked about the obligation we have as a company, a company 
based in a democracy, founded in a democracy, to help protect, 
however we can, those democratic institutions and our voting 
process as a core democratic institution. That's when we 
founded our Defending Democracy Program which we're going to 
continue to invest in and advance in coming years.
    Mr. Reschenthaler. Thank you again, Mr. Burt. I really 
appreciate all you're doing, and with that, I would yield the 
remainder of my time to my friend and colleague from Florida.
    Mr. Gaetz. I thank the gentleman for yielding. Mr. 
Chairman, I initially have a unanimous consent request that 
H.R. 3529, the bipartisan election security legislation I 
referenced earlier be entered into the record.
    Chairman Nadler. Without objection.
    [The information follows:]
    

                        MR. GAETZ FOR THE RECORD

=======================================================================

[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]

    Mr. Gaetz. Thank you. I want to return to this issue of 
paper ballots versus blockchain technology, and I know that we 
all likely have a lot to learn on that. Mr. Burt, do you view 
blockchain technology as potentially being more applicable to 
the voter rolls and the maintenance of the rolls and ensuring 
that there is no manipulation of those than to the actual vote 
itself? Or would you view the technology as applicable or 
inapplicable to those two silos of election data separately?
    Mr. Burt. So, I think you do need to evaluate those two 
things separately, because they really are different problem 
sets, right? So, you need to look at the problem set and what 
you're trying to address. There's two different problem sets 
between voting, where we don't think blockchain is a great 
solution for a nationwide election, and the voter registration 
rolls where, to be honest, it's something I need to go back and 
talk to our experts about, whether it's a potential solution.
    Offhand, I'm not sure that it is, because again, you don't 
really want in the context even of a voter registration roll, 
you don't want a distributed ledger. You want a ledger with a 
leader.
    Mr. Gaetz. Why is that?
    Mr. Burt. Because you want to have someone who has the 
decision-making authority about what's a legitimate 
registration and what's not. In a distributed environment, 
that's being determined by every other participant in that 
environment. Now, there may be a way to make blockchain 
applicable to the voter registration process to help with this 
security issue. I want to go back and talk to our experts. 
Offhand, I think it's probably not the right technological fit.
    Mr. Gaetz. Again I'm not asserting that it is, it's just 
very interesting to me that it seems to be less susceptible to 
manipulation because in the event that you had the circumstance 
you describe, where someone was attempting to manipulate the 
data, instead of us relying on one supervisor of elections, a 
Department of State, or even some of these joint task forces 
that I think we've very productively discussed today, you would 
have potentially thousands of different nodes and capabilities 
to be able to diagnose that manipulation.
    My concern now is, if you can essentially flummox a 
supervisor of elections, you can manipulate the voter rolls. As 
I sit here today, having received the briefing that I know my 
Florida colleagues received, I'm not certain that in my State, 
there wasn't some manipulation of the voter rolls. No one's 
been able to reflect that certainty than me, and so I'm just 
trying to kind of democratize the oversight of that system, 
potentially. So, again, I don't expect anyone to be an expert 
on this. I think we've got a lot to learn about it. I just 
reject the premise that only a piece of paper gives us a sense 
of a lack of manipulation.
    Mr. Burt. I don't disagree with that, Congressman. If I 
may, I'd like to go back and--
    Chairman Nadler. The gentleman's time is expired. The 
witness may answer the question.
    Mr. Burt. Thank you, Chairman. Let me go back and we come 
back to you and answer the question more specifically about 
blockchain and voter registration rolls, whether that or some 
other approach is the best means of securing those rolls.
    Mr. Gaetz. Thank you. I yield back.
    Chairman Nadler. The gentleman yields back. The gentlelady 
from Florida.
    Mrs. Demings. Thank you so much, Mr. Chairman. Thank you to 
all our witnesses for being here. I am from Florida, and I 
represent Florida, and I do agree with my colleague's earlier 
statement from Florida that every voter, regardless of their 
party, where they live, their zip code, deserves to have their 
vote counted. So, thank you very much, Mr. Chair, for this very 
timely and important hearing.
    Mr. Burt, I'd just like to ask you, have you faced any 
obstacles at the Federal level with implementing ElectionGuard, 
and if so, what have they been?
    Mr. Burt. We have not faced any obstacles at the Federal 
level to implement ElectionGuard. Now that the technology is 
actually out and available for inspection and deployment, we 
expect to have continued conversations with a number of 
representatives, Federal Government, where we will explain the 
technology and how it works. I don't anticipate actually any 
Federal-level resistance because, I think we are aligned with 
the Federal interest, especially those of CISA and others 
responsible for our election security.
    Mrs. Demings. If you could State again, what's the timeline 
of implementation?
    Mr. Burt. So, the technology is available right now for 
implementation in devices. The timeline is complex, and that is 
a bit of a problem. It's complex for a number of reasons, some 
that really government can't do much about, because the vendors 
have to inspect the technology, determine whether they want to 
put it in devices. There must be a demand from State and local 
vendors for the technology, which we think there will be, based 
on our conversations so far. Then once those are available, 
there has to be the funding at the State and local level to be 
able to deploy the new devices that implement the technology, 
and all of that is subject to this currently outdated 
certification process that takes too long, it's too burdensome, 
and it's too hard.
    Those rules are being updated right now by the Election 
Assistance Commission, but we need to make sure they're updated 
in a way that provides much more agility and flexibility. So, 
you've got all of those pieces that need to come into 
alignment. We're confident they will. We're confident we'll 
have some pilot elections utilizing this technology no later 
than 2020, but the sooner that it can be deployed to secure our 
elections, the better.
    Mrs. Demings. My understanding is that certain of the 
breaches in the 2016 election, when they were going door to 
door looking to see which windows were unlocked, and doors, 
were not immediately detected. So, my question is, what signs 
should election officials be trained to look for on election 
day, to ensure that there are no undetected attacks? Either 
of--
    Ms. Plunkett. The first and most important is to have a 
baseline of what normal looks like. Every election jurisdiction 
needs to know what normal operations looks like. So that they 
can then have the appropriate monitoring in place, should there 
be any abnormal activity, whether that be a flow of data that 
looks unusual, a disruption of data that looks unusual, a login 
from an unusual--someone who should not have access, from an 
account that should not have access. So, knowing what normal 
and having that baseline, and then being able to monitor for 
any abnormal activity is the most important.
    Mrs. Demings. Thank you.
    Ms. Boockvar. I would say, every level needs to be trained 
in this. Starting from technology, right, the intrusion-
detection systems should be in every single county in the 
country and every municipality that runs elections, I think 
that is one of the most critical components for protecting our 
elections from here forward. I'd love to see resources from the 
Federal Government to make sure that happens, so that we don't 
have voters in under-resourced counties with less security than 
others.
    Then poll workers, my first job in elections was as a poll 
worker, making sure that we had the support and training for 
the poll workers to be able to recognize, not only signs that 
are problematic, like people not being in the voting rolls, but 
knowing about provisional ballots. We haven't mentioned 
provisional ballots yet once in this hearing. We actually have 
a provision that allows when people are not in the voter rolls 
to still vote. Sometimes poll workers don't remember to do 
that, or don't know to do that.
    So, they need to be adequately trained. Every voter can get 
a provisional ballot, and then it can be checked later. So, if 
that person is eligible, they should never, ever be turned 
away.
    Mrs. Demings. Thank you so much.
    I yield back, Mr. Chair.
    Chairman Nadler. The gentlelady yields back. There are 4 
minutes and 20 seconds left on a vote on the floor. We have a 
number of votes on the floor. The Committee will stand in 
recess but will reconvene immediately upon cessation of the 
votes on the floor. So, please, I ask the Members of the 
committee, come back as soon as the last vote is cast. The 
Committee stands in recess.
    [Recess.]
    Chairman Nadler. The Committee will come to order.
    The gentlelady from Texas is recognized.
    Ms. Garcia. Thank you, Mr. Chairman.
    Thank you for the patience of our witnesses as they waited 
for us while we registered our votes, and that's what we're 
focusing on, aren't we, voting. So, thank you for being here.
    Election security is all about voter confidence and 
participation. The more confident voters are in the integrity 
of our election systems, the more confident they will feel that 
their vote has been counted and that their voice has been heard 
and, of course, this directly impacts their future 
participation.
    I listened with great interest to some of your testimony, 
and I've looked at your written testimony. I wanted to start 
with you, Mr. Burt. Quickly, I don't need a--I heard you 
explain the system that you have, and I just want to make sure 
that anyone watching is clear. Is yours a software system or a 
software system and machines and an auditing system too or all 
the above, one of the above?
    Mr. Burt. Ours is a software system that needs to be 
incorporated into the voting system that is utilized by the 
State or local voting officials, and it supports multiple 
different forms of voting systems. So, you can have an 
electronic ballot-marking device. You can start with hand 
marked ballots that are then scanned. We support those, and 
we're working to support others that are not as widely used. 
But, it's basically software that needs to be incorporated by 
vendors into the voting system itself.
    Ms. Garcia. The verification that the user can--the voter 
can go to online, that will simply just verify that they voted, 
or can they print something at home through your software 
system?
    Mr. Burt. So, the system, when they vote, when they go to a 
polling place and they vote, they get a piece of paper that has 
the code. They can then enter the code in later and they will 
see, they will get verification that their vote was counted. 
They can't see their vote. This is really critically important. 
They can't see who they voted for. They know who they voted 
for, but what the system tells them is your vote was not 
changed and your vote was counted. It's important that they not 
be able to see their vote, because otherwise, they could be 
coerced into voting in a certain way, you could sell your vote. 
This is an important character--
    Ms. Garcia. Anyone doing an audit would also not be able to 
see how they voted?
    Mr. Burt. That's correct. That's actually--
    Ms. Garcia. So there really is no paper trail?
    Mr. Burt. There is a paper trail in the sense that our 
system supports the creation of a verified paper ballot. So, 
you vote, that's encrypted, but you also get a paper ballot 
that the voter can look at and say, yes, this is correct. You 
deposit that in the ballot box. That can be used for risk-
limiting audits, even for hand counts, if necessary, although 
it shouldn't be necessary.
    Ms. Garcia. Well, I'm thinking of a lot of people in my 
district that don't have a computer at home, don't have a 
laptop, don't have a way of doing any of that. So, what are we 
to do with, quite frankly, the usual targeted populations when 
there are some of this misinformation hacking? It's usually 
many times, minority voter precincts that get attacked. So, 
what would we do then for the person who doesn't have access to 
a computer or internet to be able to go through that process?
    Mr. Burt. So, our system is based on polling place voting, 
whether it's hand-marked ballots or using an electronic voting 
machine. The election guard supports going to the polling place 
to vote. So, you don't need to have any technology in order to 
vote--
    Ms. Garcia. No, but to verify--
    Mr. Burt. But to verify and--yes. So--
    Ms. Garcia. I'm talking specifically about verifying that 
you voted.
    Mr. Burt. Correct.
    Ms. Garcia. It's actually sort of happened to me once. I 
voted and I thought I had done everything, and then they came 
to the car to get me and said, I was a senator at the time, 
they said, Senator, it didn't go through. I said, what do you 
mean it didn't go through? So, I had to go back in and, 
essentially, vote again. It made no sense to me that I had to 
do that. I think that happens probably more often than not.
    So, I'm just concerned about the populations who don't have 
access to their computer to verify that, in fact, their vote 
was counted.
    Mr. Burt. Totally understandable. The good news is that you 
can do the verification in our system with a smartphone. In 
most populations, smartphones have penetrated much further than 
laptops.
    Ms. Garcia. Well, many in my district do not have 
smartphones. They just have the one that you go to the flea 
market or a store--what are they called? The click-it phones or 
flip phones. They don't have a smartphone. Those are more 
costly. They go in there--Cricket phones. They go there and get 
1 month at a time. We're talking about people that are paycheck 
to paycheck. They can't afford one like mine.
    Mr. Burt. Yes. I understand, Congresswoman. The 
verification does require some access to a system, whether it's 
your neighbor's phone, your phone, go to the library and access 
a computer, to get that personal verification. Now, keep in 
mind, that's a new advance of the technology, but to do that 
verification and see that your vote was counted, with our 
system, you will need access to something, whether it's a 
smartphone, a public computer, some device that lets you see, 
yes, my vote, in fact, got counted.
    Ms. Garcia. Well, thank you.
    I've run out of time and I yield back. Thank you, Mr. 
Chairman.
    Chairman Nadler. The gentlelady yields back.
    The gentlelady from Pennsylvania.
    Ms. Scanlon. Thank you very much.
    Ms. Boockvar, I wanted to thank you for your work in 
removing barriers to voting in Pennsylvania for everyone who's 
eligible to vote. In particular, I wanted to thank you for your 
attention to modernization of Pennsylvania's voting system and 
things such as, just 2 weeks ago, rolling out the ability to 
request absentee ballots online. I know my three children, who 
do not live in the district anymore, when they're at school, 
appreciate that ability.
    You've also paid a lot of attention to our young voters, 
and I know particularly high school registration. Can you just 
tell us a little bit about what you've done there?
    Ms. Boockvar. Governor Wolf started a couple years ago the 
Governor's Civic Engagement Award, and it's been a tremendous 
success in Pennsylvania encouraging students in schools to 
register eligible voters to vote. It's been terrific, both the 
competition from school to school and from student to student, 
but also their engagement in voting, which as we all know--
probably a lot of us started our civic engagement early, and it 
really--research shows when you are engaged early, you probably 
become life-long voters, and that's critical to our democracy.
    Ms. Scanlon. Okay. Turning more to what's at hand here, 
there's been discussion about needing to improve lines of 
communication between Federal, State, and local agencies. Can 
you explain a little bit about that?
    Ms. Boockvar. Absolutely. So, one of the things that we've 
been talking about a lot, and as we've developed these 
conversations around election security, is the importance of 
continuity of operations, or COOP planning. It's one of those 
things that I think a lot of areas like emergency management 
and law enforcement have been doing for a long time, but the 
elections sphere, it's relatively new. One of the critical 
components of effective COOP planning is to know who to call at 
the moment you need to call them. Because the last thing you 
want to do when an incident happens is figure out who the right 
person is to call.
    So, the more clarity we have about who at the Federal 
Government is the call to make at incident X, Y, or Z, the 
better it would be for the counties to not to have to figure it 
out at the moment. We're doing a lot of work with the counties 
to develop those COOP plans, but we need that to come from the 
Federal Government as well to make sure we have centralized 
lines of contact.
    Ms. Scanlon. Okay. If you have one piece of advice for 
Congress as we debate the appropriate vehicles to legislate and 
to fund this, what would that be?
    Ms. Boockvar. I'd have to go back to our conversation about 
diversifying the types of election security that's implemented 
across the country. So, there's been a lot of attention to 
voting systems, which is a very important thing, to transition 
to paper records. As we discussed earlier, so many other 
components of this process are at least as critical. So, we 
need to allow funding to go to voter registration databases, 
intrusion detection systems, making sure that we have layered 
defenses to all our networks, phishing and security training 
and multifactor authentication, and COOP planning. All those 
things are equally important, and I'm most worried about 
thinking that one solution is going to fix everything. We need 
to give the States the ability to decide what their most 
critical components are.
    Ms. Scanlon. As I understand it, that involves both work 
and helping establish best practices that the Federal 
Government can help push out and then providing funding to 
achieve those best practices?
    Ms. Boockvar. Exactly.
    Ms. Scanlon. Okay. Thank you.
    I yield back.
    Ms. Boockvar. Thank you.
    Chairman Nadler. The gentlelady yields back.
    The gentleman from Arizona.
    Mr. Stanton. Thank you, Chairman, for hosting this 
important hearing today. It's one of the most pressing issues 
facing our Nation.
    Thank you to the witnesses for not only appearing today and 
sharing your expertise, but for taking such a leading role in 
protecting the integrity and security of our elections at all 
levels of government. It's much appreciated.
    Our Nation came under attack in 2016. The special counsel 
described Russia's efforts to interfere in our elections as, 
quote, sweeping and systemic, unquote. They deceived Americans, 
hacked into campaign email accounts, hacked into the very 
systems and databases that conduct our elections at the State 
level.
    We know that these same kinds of attacks continue to this 
very day. The Federal Bureau of Investigation Director 
Christopher Wray, stated that, quote, ``this is not just an 
election-cycle threat. It's pretty much a 365-day-a-year 
threat,'' unquote. Despite that, this White House has done 
nothing. It joins the Senate in sitting on its hands in the 
fight to defend our democracy. It's a real travesty, and I hope 
with this hearing and the legislative efforts, we can begin to 
turn the tide.
    Unfortunately, my home State of Arizona, its voter 
registration database was one of Russia's targets. Their attack 
wasn't successful, but it shows the heightened importance local 
officials must place on election security.
    Ms. Plunkett, you mentioned in your written testimony the 
importance of the integrity of voter registration databases and 
ePollbooks. When it comes to the use of ePollbooks for voter 
registration rosters and ballot-on-demand printers, do you 
agree that it is a best practice to use encrypted 
communications in all circumstances when data is transmitted or 
received?
    Ms. Plunkett. Yes, I do.
    Mr. Stanton. Can you think of a circumstance--is there ever 
a circumstance where election officials should transmit or 
receive data on these devices in a nonencrypted manner?
    Ms. Plunkett. I cannot envision a circumstance such as 
that.
    Mr. Stanton. Thank you.
    Ms. Plunkett, you also mentioned that the steps the Federal 
Government and State governments must take will cost more than 
$2 billion. Not all States are adequately investing in election 
security. Some, including Arizona, are cutting election 
security funds.
    What type of outcomes and risks are States that don't take 
this issue seriously exposing themselves to?
    Ms. Plunkett. Well, they're exposing themselves to the 
potential for their election outcomes to be corrupted, invalid, 
not accepted, not trusted by the populous that they represent, 
and ultimately, the impact of the perception could be much 
worse than the reality, which would mean people would not come 
out to vote.
    Mr. Stanton. Thank you for that answer.
    This is a question for all of the witnesses. Some elected 
officials use USB devices to transfer data from one device to 
another. Is it best practice to use those devices only a single 
time to minimize the possibility of malware or to use those 
devices repeatedly?
    Ms. Boockvar. I would go with, yes, that it is certainly a 
best practice. There are some circumstances where as long as 
there's effective reformatting, that that might be effective, 
but I think using new ones is always, I would say, the best 
practice.
    Mr. Stanton. Mr. Burt?
    Mr. Burt. I would caution that USB devices are a known 
vector for the transmission of malware which can be installed 
at the time of their manufacture. So even using new USB devices 
from anything other than a very highly trusted source, and 
increasingly that would mean of American manufacture, if you 
are using it in an election in the United States, is a 
challenging thing to do.
    You can try to scan that device, you can try to make sure 
it doesn't have malware on it before it's ever used, but that 
could be a very costly and time-consuming practice. So, the use 
of USB devices is something that we would say you should be 
very cautious about doing it even once because the malware may 
be present on that device when you first use it.
    Mr. Stanton. Thank you.
    Ms. Plunkett, have any thoughts on that subject matter?
    Ms. Plunkett. I would go so far as to say that, unless 
there are no other alternatives, the use of thumb drives should 
be prohibited.
    Mr. Stanton. Thank you very much.
    I yield back.
    Chairman Nadler. The gentleman yields back.
    The gentlelady from Pennsylvania.
    Ms. Dean. Thank you, Mr. Chairman. Thank you for holding 
this important hearing.
    I want to associate myself, so as not to be repetitious, 
with Representative Stanton's remarks of the gravity of the 
situation, as well as Chairman.
    Secretary Boockvar, as you said--and you're not alone in 
saying this--nothing is more important than the security of our 
elections. Nothing in this democracy is more important than 
that. So, I am glad we're talking about these issues.
    Secretary Boockvar, of course, I am delighted to see you 
here from Pennsylvania. I thank you and Governor Wolf for your 
service, particularly in the area of election security.
    I'm thinking back to Mueller coming in and telling us and 
telling the world that certainly we--our elections were 
interfered with in 2016, and if I recall him correctly, he 
said, and it's going on
24/7. That interference continues.
    Can you describe some of our vulnerabilities as of 2016 and 
maybe lay out some of the vulnerabilities that you still see?
    Ms. Boockvar. So, I think the good news--and going back to 
what we talked about earlier, is the good that arose from what 
happened in the past is that we are--with the declaration of 
being critical infrastructure, it's provided us with a lot more 
resources. So, one of the things that I really think is 
critically important across the country as well as in the State 
are these collaborations that we've been talking about. So, I 
think the lack of collaboration and intersection of resources 
could be a vulnerability if it's ignored.
    So, for example, we found in Pennsylvania, as we started to 
have like tabletop exercises and really improve our 
collaborations, a lot of times in the counties, the election 
officials didn't even know the emergency management personnel. 
That's crazy, right. So, in 2018, the primary was almost like a 
real-life tabletop exercise. I don't know if you recall, but 
there was a tornado that crossed the State literally on primary 
day. So, we had to have--trees were down, polling places were 
blocked, electricity went out. The intersection of the 
emergency management, law enforcement, and elections was 
critical--is critical.
    So, one of the vulnerabilities is not feeding that well. 
Again, it goes back to the COOP planning, too. Then I also want 
to make sure that our counties have the resources they need to 
have really advanced intrusion detection systems, effective 
plan--training of phishing and security and all that, and every 
advanced sensor and protection, layered defenses of their 
network.
    So, those are the areas that I would really focus on. 
Supporting the local counties and municipalities would be one 
of the areas I'd want to direct most attention.
    Ms. Dean. The issue of certification, I guess, of the 
equipment itself, what is the delay there? How could we 
streamline that? Either you or any of the witnesses.
    Mr. Burt. The issue there is that the standards that--the 
guidelines that are promulgated by the Election Assistance 
Commission are more than 10 years old. In fact, the most recent 
modification of those guidelines, there's not a single election 
system that's ever been certified under those most recent 
guidelines, and they're 10 years old.
    So, what the Election Assistance Commission is doing right 
now, which is revising those guidelines, is critically 
important, but they need to move quickly. They need to move 
with expeditious activity, because this threat, as you pointed 
out, Congresswoman, is 24/7. It's happening now. It's going to 
happen through the 2020 election cycle.
    So, we need the EAC to adopt new guidelines for 
certification quickly. The current ones are--don't adequately 
address security, and they take too long and they're too 
burdensome. So, we need to streamline that process, make it 
faster.
    One of the really critical things for all State and local 
election officials is we need to make it very easy to apply 
security updates. That's a key defense to these adversaries 
from every vendor, and so we need to be able to apply security 
updates quickly, expeditiously, without so much bureaucracy so 
that we can respond.
    Ms. Dean. Thank you very much.
    This will just be by way of sort of a rhetorical statement. 
I was struck by something you wrote in your testimony, 
Secretary Boockvar. You wrote that election security is a race 
without a finish line, that our adversaries are continuously 
advancing their technologies, and we must do more all the time. 
So, we know that we can't see a finish line for this, and we 
have to identify the threats.
    I have to wonder what conversations all of you have had to 
have with your own organizations based on foreign threats, but 
now the news of this past week, domestic threat to our 
election. It couldn't be a more grievous, grave time. None of 
us is pleased with the news of the Ukraine conversation by the 
President of the United States in an attempt to interfere in a 
future election. So, I praise you all for your work. Help us do 
better at our work to protect our elections.
    I yield back.
    Chairman Nadler. The gentlelady yields back.
    This concludes today's hearing. We thank all our witnesses 
for participating.
    Without objection, all Members will have 5 legislative days 
to submit additional written questions for the witnesses or 
additional materials for the record.
    With that, without objection, the hearing is adjourned.
    [Whereupon, at 12:02 p.m., the Committee was adjourned.]
     

                                APPENDIX

=======================================================================
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]

                                 [all]