b"<html>\n<title> - SECURING AMERICA'S ELECTIONS</title>\n<body><pre>[House Hearing, 116 Congress]\n[From the U.S. Government Publishing Office]\n\n\n                      SECURING AMERICA'S ELECTIONS\n\n=======================================================================\n\n                                HEARING\n\n                               BEFORE THE\n\n                       COMMITTEE ON THE JUDICIARY\n\n                        HOUSE OF REPRESENTATIVES\n\n                     ONE HUNDRED SIXTEENTH CONGRESS\n\n                             FIRST SESSION\n\n                               __________\n\n                       FRIDAY, SEPTEMBER 27, 2019\n\n                               __________\n\n                           Serial No. 116-56\n\n                               __________\n\n         Printed for the use of the Committee on the Judiciary\n\n[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]\n\n               Available via: http://judiciary.house.gov\n               \n                            __________\n                            \n\n                    U.S. GOVERNMENT PUBLISHING OFFICE                    \n45-285                     WASHINGTON : 2021                     \n          \n-----------------------------------------------------------------------------------                          \n                      \n                       \n                       COMMITTEE ON THE JUDICIARY\n\n                    JERROLD NADLER, New York, Chair\n               MARY GAY SCANLON, Pennsylvania, Vice-Chair\nZOE LOFGREN, California              DOUG COLLINS, Georgia, Ranking \nSHEILA JACKSON LEE, Texas                Member\nSTEVE COHEN, Tennessee               F. JAMES SENSENBRENNER, Jr., \nHENRY C. ``HANK'' JOHNSON, Jr.,          Wisconsin\n    Georgia                          STEVE CHABOT, Ohio\nTHEODORE E. DEUTCH, Florida          LOUIE GOHMERT, Texas\nKAREN BASS, California               JIM JORDAN, Ohio\nCEDRIC L. RICHMOND, Louisiana        KEN BUCK, Colorado\nHAKEEM S. JEFFRIES, New York         JOHN RATCLIFFE, Texas\nDAVID N. CICILLINE, Rhode Island     MARTHA ROBY, Alabama\nERIC SWALWELL, California            MATT GAETZ, Florida\nTED LIEU, California                 MIKE JOHNSON, Louisiana\nJAMIE RASKIN, Maryland               ANDY BIGGS, Arizona\nPRAMILA JAYAPAL, Washington          TOM MCCLINTOCK, California\nVAL BUTLER DEMINGS, Florida          DEBBIE LESKO, Arizona\nJ. LUIS CORREA, California           GUY RESCHENTHALER, Pennsylvania\nSYLVIA R. GARCIA, Texas              BEN CLINE, Virginia\nJOE NEGUSE, Colorado                 KELLY ARMSTRONG, North Dakota\nLUCY MCBATH, Georgia                 W. GREGORY STEUBE, Florida\nGREG STANTON, Arizona\nMADELEINE DEAN, Pennsylvania\nDEBBIE MUCARSEL-POWELL, Florida\nVERONICA ESCOBAR, Texas\n\n        PERRY APELBAUM, Majority Staff Director & Chief Counsel\n                BRENDAN BELAIR, Minority Staff Director\n                           \n                           \n                           C O N T E N T S\n\n                              ----------                              \n\n                       Friday, September 27, 2019\n\n                                                                   Page\n\n                           OPENING STATEMENTS\n\nThe Honorable Jerrold Nadler, Chairman, Committee on the \n  Judiciary......................................................     1\n\n                                WITNESS\n\nDebora Plunkett, Senior Fellow, Defending Digital Democracy \n  Project, Harvard Kennedy School, Belfer Center for Science and \n  International Affairs\n  Oral Testimony.................................................     5\n  Written Testimony..............................................     7\nKathryn Boockvar, Acting Secretary of the Commonwealth, \n  Pennsylvania Department of State\n  Oral Testimony.................................................    16\n  Written Testimony..............................................    18\nTom Burt, Corporate Vice President, Customer Security & Trust, \n  Microsoft Corporation\n  Oral Testimony.................................................    24\n  Written Testimony..............................................    26\n\n          LETTERS, STATEMENTS, ETC. SUBMITTED FOR THE HEARING\n\nH.R. 2353, To amend the Federal Election Campaign Act of 1971 to \n  require candidates for election for public office to refuse \n  offers of assistance from foreign powers and to report such \n  offers to the Federal Bureau of Investigation, and for other \n  purposes, submitted by The Honorable Sheila Jackson Lee........    48\nH.R. 3529, To require the Secretary of Homeland Security to \n  promptly notify appropriate State and local officials and \n  Members of Congress if Federal officials have credible evidence \n  of an unauthorized intrusion into an election system and a \n  basis to believe that such intrusion could have resulted in \n  voter information being altered or otherwise affected, to \n  require State and local officials to notify potentially \n  affected individuals of such intrusion, and for other purposes, \n  submitted by The Honorable Matt Gaetz..........................    68\n\n                                APPENDIX\n\nA statement for the record from the Brennan Center for Justice at \n  NYU School of Law submitted by the Honorable Chairman Jerrold \n  Nadler.........................................................    92\n\n \n                      SECURING AMERICA'S ELECTIONS\n\n                              ----------                              \n\n\n                       Friday, September 27, 2019\n\n                        House of Representatives\n\n                       Committee on the Judiciary\n\n                             Washington, DC\n\n    The Committee met, pursuant to call, at 9:05 a.m., in Room \n2141, Rayburn House Office Building, Hon. Jerrold Nadler \n[chairman of the committee] presiding.\n    Present: Representatives Nadler, Lofgren, Jackson Lee, \nCohen, Johnson of Georgia, Deutch, Cicilline, Lieu, Raskin, \nJayapal, Demings, Correa, Scanlon, Garcia, Neguse, Stanton, \nDean, Mucarsel-Powell, Chabot, Gohmert, Jordan, Buck, Gaetz, \nJohnson of Louisiana, Reschenthaler, Cline, Armstrong, and \nSteube.\n    Staff Present: Aaron Hiller, Deputy Chief Counsel; Arya \nHariharan, Deputy Chief Oversight Counsel; Madeline Strasser, \nChief Clerk; Moh Sharma, Member Services and Outreach Advisor; \nSarah Istel, Oversight Counsel; Julian Gerson, Staff Assistant; \nPriyanka Mara, Professional Staff Member/Legislative Aide; Matt \nRobinson, Counsel, Subcommittee on Courts, Intellectual \nProperty, and the Internet; Brendan Belair, Minority Staff \nDirector; Bobby Parmiter, Minority Deputy Staff Director/Chief \nCounsel; Jon Ferro, Minority Parliamentarian; Ryan Breitenbach, \nMinority Chief Counsel, National Security; and Erica Barker, \nMinority Chief Legislative Clerk.\n    Chairman Nadler. The House Committee on the Judiciary will \ncome to order.\n    Without objection, the chair is authorized to declare \nrecesses of the Committee at any time.\n    We welcome everyone to this morning's hearing on ``Securing \nAmerica's Elections.''\n    I will now recognize myself for an opening statement.\n    Yesterday, the Director of National Intelligence testified \nthat, ``the greatest challenge we have as a Nation is making \nsure to maintain the integrity of our election system.'' I \nagree. Our democracy was founded on a government elected by the \npeople, for the people in free and fair elections.\n    Today, our elections, the very core of our democracy, are \nunder attack. Special Counsel Mueller's report, in no uncertain \nterms, details how a foreign government attacked our 2016 \nelections. The Russian objectives were clear: Deepen distrust \nand discord in our society, secure the election of one \ncandidate for President over the other, and, in so doing, \nundermine confidence in the integrity of our elections and \ndamage our Nation's standing in the world.\n    There is no evidence that Russia affected the actual vote \ncount of our elections, but Russia did successfully steal \nthousands of documents from American citizens that it used to \ninfluence public opinion. It also accessed voter data and \ngained other valuable intelligence, which it may seek to \nexploit in the future.\n    In short, as Special Counsel Mueller emphasized in his \nrecent press conference, Russia's attack, ``deserves the \nattention of every American.''\n    Russia's attack was not an isolated accident, nor is Russia \nthe only foreign power attempting to influence our elections. \nWe live in a world with agile, persistent enemies who are \nconstantly evolving their methods of attack. As FBI Director \nChristopher Wray warned, ``Make no mistake: The threat just \nkeeps escalating. And we're going to have to up our game to \nstay ahead of it.''\n    Despite concrete evidence confirmed by the heads of our \nintelligence agencies, President Trump has refused to \nacknowledge Russia's attack, let alone publicly denounce it, or \noutline clearly how he intends to deter future interventions. \nTo the contrary, the President has openly declared that he sees \nno problem with foreign influence in our elections.\n    More troubling, there have been reports from multiple \nsenior White House officials, including the former Secretary of \nHomeland Security, the organization tasked with leading our \nelection security efforts, that the White House failed to \nadequately inform Americans about continuing influence efforts \nand, instead, directly stymied attempts to investigate or even \ndiscuss the attacks on our elections.\n    More troubling still, we now have evidence that the \nPresident of the United States asked a foreign leader to \ninterfere in our next election. The President is not only \nrefusing to defend our elections against foreign attacks but is \nactively soliciting such intervention.\n    That is unacceptable, and it puts our Nation at great risk. \nWe must not let foreign attacks go unpunished or undeterred, \nand we must make the investments necessary to withstand any \nfuture attacks.\n    The Judiciary Committee is tasked with the duty of \nprotecting the right to vote for every American. That includes \nnot just equal voting rights and access to the polls but also \nconfidence in the accuracy and security of our election \nsystems. We will protect that sacred right. We will not let \nanyone, not even the President, attempt to undermine the \nintegrity of our democracy.\n    Today's hearing will help carry out that duty to ensure \nthat we understand the extent of the scope and the threat to \nour 2020 elections and to identify appropriate steps for \ndeterring, detecting, and defending against those threats. I am \npleased that the last week the Senate finally approved a \nbipartisan spending bill to safeguard voting systems, but much \nmore needs to be done.\n    U.S. elections are not built of isolated parts. The \nexisting infrastructure is a vast ecosystem that includes voter \nregistration, vote-casting, vote tabulation, election-night \nreporting, and auditing systems. Each of those components is \nvulnerable to attack. As with any ecosystem, if any one \ncomponent part fails, if there is a flaw in one piece of the \ntechnology, it can jeopardize the entire process.\n    As former Secretary of Homeland Security Jeh Johnson \nexplained, the integrity of our election outcomes on a national \nlevel dances on the head of a pin. Securing our election \nsystem, therefore, requires securing each of its component \nparts.\n    This begins with ensuring that we can verify all votes \nthrough post-election audits to certify that each vote is \naccurately counted, which will help maintain trust and \ntransparency in the election process.\n    We must also secure our voter registration databases, \nvoting machines, and voting systems. A report published this \nspring found that in at least 40 States voter registration \ndatabases and machines were instituted more than a decade ago. \nOutdated systems are difficult to maintain and are subject to \nserious flaws and vulnerabilities and are more vulnerable to \nattacks from the outside.\n    Our adversaries are agile and technologically advanced. We \nmust be too. We must provide States with the resources needed \nto secure their systems and update their critical \ninfrastructure.\n    In addition, nearly all States and territories rely on \noutside vendors in some capacity, but of those States and \nterritories, roughly 92 percent rely on just three vendors. \nThese vendors must be regulated to ensure that all of their \nproducts meet minimum election security requirements.\n    Finally, State and local officials responsible for \nadministering elections, our democracy's frontline defenders, \nmust have the resources and cybersecurity training necessary to \nprotect our voting systems. We must also develop better tools \nto share cybersecurity and threat information among State and \nlocal officials and the Federal Government.\n    In 2016, according to the intelligence community, State \nelection officials were not sufficiently warned or prepared to \nhandle an attack from a hostile nation-state actor. We must \nensure that each component piece of our election system is \nsufficiently integrated, equipped, and ready to handle any \nattack, from any actor, going into 2020 and beyond.\n    In short, the challenges facing our elections are serious, \nevolving, and multipronged. There are no easy answers. I know \nthat Ranking Member Collins agrees with me that the threat to \nour elections is a threat to the American republic.\n    I thank Mr. Collins for his attention to this issue, and I \nam pleased to say that our staff jointly selected the witnesses \nhere today. These witnesses will help us understand further the \nextent and the scope of the threats we face and the \nvulnerabilities in our systems that must be patched. Their \ntestimony will help guide this committee's efforts to ensure \nthe integrity of our elections, and I thank them for appearing \ntoday.\n    I am confident that, working together, we can address the \nimminent threat to our elections and protect our voting systems \ngoing forward. Our democracy depends on it.\n    The Ranking Member has been detained, and I will recognize \nhim for his opening statement after he arrives.\n    Without objection, all other opening statements will be \nincluded in the record.\n    Chairman Nadler. I will now introduce today's witnesses.\n    Debora Plunkett is a senior fellow for the Defending \nDigital Democracy Project at the Harvard Kennedy School, Belfer \nCenter for Science and International Affairs, and an adjunct \nprofessor of cybersecurity at the University of Maryland \nGraduate School.\n    Ms. Plunkett previously served as Deputy Director and then \nDirector of the National Security Agency's Information \nAssurance Directorate. She also served as a director on the \nNational Security Council under both President Clinton and \nPresident George W. Bush.\n    Ms. Plunkett received a Bachelor of Science degree from \nTowson University, an MBA from Johns Hopkins University, and a \nMaster of Science in national security strategy from the \nNational War College.\n    Kathy Boockvar is the acting secretary of the Commonwealth \nof Pennsylvania. She also serves as the Elections Committee co-\nchair for the National Association of Secretaries of State and \nas the association's representative on the Election \nInfrastructure Subsector Government Coordinating Council. That \nis a nice title.\n    Previously, Ms. Boockvar served as senior advisor to the \nGovernor of Pennsylvania on election modernization, as \nexecutive director of Lifecycle WomanCare, and as chief counsel \nfor the Pennsylvania auditor general. Ms. Boockvar also worked \nfor many years as a poll worker and voting rights attorney.\n    Ms. Boockvar received a Bachelor of Arts degree from the \nUniversity of Pennsylvania and a J.D. from American University \nWashington College of Law.\n    Mr. Raskin. Will the gentleman yield?\n    Chairman Nadler. I yield to the gentleman.\n    Mr. Raskin. She was my student.\n    I yield back.\n    Chairman Nadler. I will assume she learned well.\n    Tom Burt is the corporate vice President of the Customer \nSecurity and Trust Team at Microsoft Corporation, where he \nworks to formulate and to advocate Microsoft's cybersecurity \npolicy globally, including advancing the Digital Geneva \nConvention, the Tech Accord, and the Defending Democracy \nProject.\n    Mr. Burt joined Microsoft in 1995 and has since held \nseveral leadership roles in the Corporate, External, and Legal \nAffairs Department, including leading the company's litigation \ngroup from 1996 to 2007 and, more recently, leading their \nDigital Trust team.\n    Prior to joining Microsoft, Mr. Burt was a litigation \npartner at Riddell Williams, a law firm in Seattle, where he \nworked on voting rights cases.\n    Mr. Burt received a Bachelor of Arts degree from Stanford \nUniversity and a J.D. from the University of Washington Law \nSchool, where he graduated magna cum laude.\n    We welcome all our distinguished witnesses, and we thank \nthem for participating in today's hearing.\n    Now, if you would please rise, I will begin by swearing you \nin. Raise your right hands, please.\n    Do you swear or affirm under penalty of perjury that the \ntestimony you're about to give is true and correct to the best \nof your knowledge, information, and belief, so help you God?\n    Thank you.\n    Let the record show the witnesses answered in the \naffirmative.\n    Thank you, and please be seated.\n    Please note that each of your written statements will be \nentered into the record in its entirety. Accordingly, I ask \nthat you summarize your testimony in 5 minutes. To help you \nstay within that time, there is a timing light on your table. \nWhen the light switches from green to yellow, you have 1 minute \nto conclude your testimony. When the light turns red, it \nsignals your 5 minutes have expired.\n    Ms. Plunkett, you may begin.\n\n                  TESTIMONY OF DEBORA PLUNKETT\n\n    Ms. Plunkett. Chairman Nadler, Ranking Member Collins, and \ndistinguished Members of the committee, thank you for the \nopportunity to testify before you today.\n    My testimony focuses on potential security vulnerabilities \nof our election systems and recommendations to better protect \nour democratic processes and systems from cyber attacks.\n    We must take bold, decisive, and expeditious steps to \naddress cyber threats and then assume our efforts are \ninsufficient given the rise of attackers' capabilities. All \nknown threats must be addressed in order to better ensure \nsecure and trusted elections.\n    Bad actors, whether nation-states or lone criminals, focus \non gaining unauthorized access to systems that provide the best \nopportunity to achieve their goals, including influence, \ndestruction, profit, espionage, coercion, or just fun and fame. \nAttackers can make their attempts from across an ocean or from \ndown the street.\n    We must treat election security as imperative for \nsafeguarding our democracy. Intelligence leaders warn of \nongoing and escalating interference attempts by multiple \nforeign actors who view our 2020 elections as an opportunity to \nadvance their interests at the expense of American democracy.\n    In the United States, elections are complex and \ndecentralized. The United States has over 10,000 election \njurisdictions. These jurisdictions vary by technology and \nprocesses. Recognizing the variety of election jurisdictions is \ncentral to developing and implementing strategies to improve \nelection infrastructure security.\n    While elections operations can vary significantly across \njurisdictions, there are fundamental similarities in some \ninfrastructures. Many election systems are built using general-\npurpose technology and commercial off-the-shelf software. While \nthis means they are often subject to attacks popular in other \nsectors, it also means experts have identified some best \npractices to mitigate many of the risks. The key is to make \nsure these solutions are kept up to date.\n    At Harvard, the Belfer Center's Defending Digital Democracy \nProject produced a State and local elections security playbook \nwhich identifies 10 best practices that apply to all elections' \njurisdictions, which I'll briefly summarize today.\n    The first is to create a proactive security culture. Most \ncyber compromises start with human error. A strong security \nculture makes a big difference as to the success of a malicious \nactor.\n    The second is to treat elections as an interconnected \nsystem. Any digital device that touches election processes must \nbe safeguarded. Device security management should be \ncentralized and streamlined.\n    The third is to require a paper vote record. It is \nessential to have a voter-verified, auditable paper record to \nallow votes to be cross-checked against electronic results. The \npaper record must have a rigorous chain of custody.\n    The fourth is to use audits to show transparency and \nmaintain trust in the elections process. Auditing should be \nembedded at points in the process where data, integrity, and \naccuracy are critical.\n    The fifth is to implement strong passwords and two-factor \nauthentication. While strong passwords are important, two-\nfactor authentication is one of the best defenses against \naccount compromise.\n    Number six is to control and actively manage access, where \nusers should receive the minimum access required to perform \ntheir jobs. When someone no longer needs access, it should be \nrevoked.\n    Number seven is to prioritize and isolate sensitive data \nand systems so that you know which systems should be properly \nprotected.\n    Number eight is to monitor, log, and back up data, which \nenables attack detection and system or data recovery after an \nincident.\n    Number nine is to require vendors to make security a \npriority. Detailed security specifications should be written \ninto acquisition documents, and vendors must be required to \nnotify officials immediately after becoming aware of a breach.\n    Finally, number 10 is to build public trust and prepare for \ninformation operations. Transparency and open communications \nwill counter information operations that seek to cast doubt \nover the integrity of the election system.\n    In conclusion, election systems are critical \ninfrastructure. To protect them, the Federal Government must \nprovide the requisite guidance and support by allocating \nresources to upgrade election systems to the highest security \nstandards; ensuring information exchange between Federal, \nState, and local entities is seamless; instituting security \nstandards that vendors must follow for election systems or \ncomponents; and encouraging a culture of security by keeping \nthe American public fully informed on malicious actors' \nbehaviors and intentions and the government's efforts to stop \nthem.\n    Thank you for the opportunity to participate in this \nimportant dialogue today.\n    [The statement of Ms. Plunkett follows:]\n    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]\n    \n    Chairman Nadler. Thank you.\n    Ms. Boockvar?\n\n                 TESTIMONY OF KATHRYN BOOCKVAR\n\n    Ms. Boockvar. Chairman Nadler and esteemed Members of the \ncommittee, thank you so much for your leadership on election \nsecurity.\n    As chief election official of Pennsylvania, I have the \nprivilege of working with dedicated election officials across \nthe Commonwealth, in all 67 counties, to make sure that all of \nour elections are fair, accessible, and secure for all eligible \nvoters.\n    As has already been discussed, the issues surrounding \nelection Administration have become more complex and \ncomplicated because of security issues. As we know, foreign \nadversaries are continuously trying to influence our elections. \nThe key to thwarting this effort is to make sure that we are \nbuilding our cyber walls faster than those that are trying to \ntear them down.\n    Election security is a race without a finish line, and our \nadversaries are not slowing down. We need to make sure that we \nare meeting and exceeding those technologies and making sure \nthat we invest, at all levels, substantial and sustained \nresources.\n    Alongside the great majority of States, we urge the Federal \nGovernment to provide additional election security funding but \nalso infrastructure.\n    We need to look at this like we look at other ongoing \ninitiatives. So, we don't do once-and-done appropriations for \nother types of security, for healthcare, for education. We look \nat these as ongoing investments, and that's how we have to look \nat our elections. Nothing is more important than the security \nof our democracy.\n    There have been great advances over the last many years. As \ndiscussed, the EIS-GCC, the Election Infrastructure Subsector \nGovernment Coordinating Council--say that five times fast--has \nbeen a great collaboration among Federal, State, and local \nofficials to secure elections. It's working to formalize and \nimprove information-sharing, communication protocols, to make \nsure that our local and State election officials can respond \ntimely to threats.\n    The great thing about EIS-GCC is that it has a wide range \nof Members. So, we've got 29 Members; 24 of them are local and \nState election officials. But, it also includes critical \nFederal partners like DHS, EAC, NASED, the Election Center, and \nthe International Association of Government Officials.\n    Other key partners in this fight are DHS, National Guard, \nand Center for Internet Security, who have been incredibly \nstrong partners, making sure that we have risk and \nvulnerability assessments, shared intelligence, tabletop \nexercises, and extensive communications.\n    There's more that we could do. So, one of the things that \nI'd love to see the Federal Government being more involved in \nis vendor oversight, tracking foreign ownership, making sure \nthat we're getting background checks, making sure that there's \na good chain of custody across all voting and election \ncomponents.\n    We also need to strengthen lines of communication in both \ndirections from Federal, State, and local. For example, when \nthere are local incidents reported to our Federal partners, the \nFederal partners need to make sure that the State election \nofficials know so that we could timely respond to those \nincidents.\n    On the Pennsylvania landscape, we've had some great \nsuccesses over the last year and a half that I've been very \nproud to be a part of. We've really had a very--we broke down \nsilos. We knew it was really important to have an integrated \napproach to election security. It's been incredibly effective.\n    We have an interagency workgroup that involves IT \nprofessionals, security, law enforcement, homeland security, \nelections, and emergency preparedness. We meet regularly and \nwork together to make sure that we are working together as a \nfront to make sure we have the most secure and accessible \nelections in Pennsylvania.\n    We've provided tabletop exercises, and we were the first \nState in the country to accept DHS's offer of free \nvulnerability assessments to States.\n    One of our big successes over the last year has been our \ntransition in Pennsylvania to voter-verified paper ballot \nsystems. I'm happy to say that, whereas a year ago we had 50 \ncounties across Pennsylvania that had no paper trails, as of \nthis November there will be 52 counties that will have voter-\nverifiable paper trails. So, a huge flip, great success. The \ncredits to the county election officials for all their work.\n    I'm also happy to say that we have a post-election audit \nwork-group, as discussed by Chairman. This is a critical piece \nof our elections, is making sure that we're auditing and \ninstilling confidence in our voters about confirming the \nresults of the election.\n    The right to vote is a fundamental right, and every voter \nmust be provided equal access to polls and a deep-seated \nconfidence in the security and accuracy of their votes. Our \ndemocracy and bolstering our confidence in that democracy is \nworth every dollar.\n    Thank you very much.\n    [The statement of Ms. Boockvar follows:]\n    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]\n    \n    Chairman Nadler. Thank you.\n    Mr. Burt?\n\n                     TESTIMONY OF TOM BURT\n\n    Mr. Burt. Chairman Nadler, Ranking Member Collins, and \nMembers of the committee, thank you for the opportunity to \ntestify today on the important topic of how emerging technology \ncan contribute to the security of our elections.\n    My name is Tom Burt. I'm the corporate vice President for \ncustomer security and trust at Microsoft. My team includes our \nDefending Democracy Program, which works to protect democratic \nelections from cyber-attack around the world.\n    We know that skilled and well-financed adversaries have and \ncertainly will continue to attack elections in the U.S. and in \nother countries, all in the pursuit of their goal of \nundermining citizen confidence in democracy.\n    Defending democracy and our elections are important to \nMicrosoft, so we spent the last year working on what we, as a \ntechnology provider, can contribute to this effort. I'm pleased \nto inform the Committee that this week we released a free, \nopen-source software development kit called ElectionGuard.\n    Simply put, ElectionGuard technology can enable the most \nsecure and trustworthy elections in the history of the United \nStates. How does it do this? When a vote is cast, it is \nimmediately encrypted so that it can't be seen or changed. The \nvoter then receives a tracking number, and when the election is \ncomplete, the voter can go online and check to see, for the \nfirst time in history, that their vote was in fact counted and \nunchanged.\n    ElectionGuard, more than that, also enables anyone--voting \nofficials, the media, third-party watchdog organizations--to \nbuild a verifier application that will let them confirm that \nthe tally is correct and unchanged. All of this can be done \nwithout ever decrypting individual votes through the use of \nhomomorphic encryption, a well-established technology that can \ncount votes without ever decrypting the underlying data.\n    ElectionGuard is designed to work with many of the voting \nsystems in use today, including electronic ballot-marking \ndevices or hand-marked paper ballots read by optical scanners, \nand we have on our roadmap making it work with other forms of \nelections.\n    We have made this technology free and open to everyone. \nMicrosoft is not making any revenue from ElectionGuard. We've \nbeen working closely with all the major U.S. election vendors, \nencouraging them to build systems with ElectionGuard, and we're \nexcited to report that their response has been uniformly \nenthusiastic.\n    There is a significant impediment to the rapid adoption of \nthis and other new voting technologies: The complex and \noutdated Federal election machine certification process. This \nprocess is more than a decade old, and it's too slow and too \nburdensome to enable voting officials to respond as quickly as \nneeded to our agile adversaries. Unfortunately, this means that \nnew machines using ElectionGuard likely will not be certified \nin time for use in the 2020 national election.\n    This certification process also hinders basic security \nhygiene. Today, if a voting machine is updated with a minor \nsecurity patch from a trusted vendor, it will have to go \nthrough a full recertification process. This creates a \nsignificant disincentive for election officials and vendors to \ndeploy security patches, leaving our elections vulnerable.\n    We're pleased that the Election Assistance Commission is in \nthe process right now of revising these certification rules, \nand we would ask all of you to encourage the Commission to \nadopt soon new rules that enable rapid and agile deployment of \nnew security technology and basic security hygiene.\n    While we and others in the private sector can contribute \ntechnological advances to secure the vote, there is, of course, \nan important role for Congress. We agree with Ms. Plunkett's \nwritten testimony regarding the urgent need for long-term, \nsustainable funding. This is critically needed to enable \nelection officials to plan ahead, to purchase new equipment \nrather than letting outdated systems remain active, and to \ninvest in cybersecurity training and staffing that we expect of \nall critical infrastructure providers.\n    We live in a world with agile enemies who are persistent in \ntheir efforts to interfere in our democratic process. Our \ncitizens deserve to be able to cast their vote with confidence \nthat it will be counted without manipulation.\n    We believe ElectionGuard is breakthrough technology that \ncan help achieve this goal. We remain committed to working with \ngovernment, civil society, and the technology sector to take \neven more steps to ensure that every vote is counted and every \nvoter has confidence in our free and fair elections. The \nstewardship of our democracy requires nothing less.\n    Thank you, and I look forward to your questions.\n    [The statement of Mr. Burt follows:]\n    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]\n    \n    Chairman Nadler. Thank you.\n    I thank all the witnesses for their testimony.\n    We'll now proceed under the 5-minute Rule with questions. I \nwill begin by recognizing myself for 5 minutes.\n    I'd like to focus initially on one component of our \nelection systems that I find particularly concerning: voter \nregistration databases.\n    The Mueller report concluded that in approximately June \n2016 the Russian intelligence organization GRU ``compromised \nthe computer network of the Illinois State Board of Elections'' \nand ``gained access to a database containing information on \nmillions of registered Illinois voters,'' unquote.\n    Ms. Plunkett, in this case, the Russian hackers \nsuccessfully breached the databases, but they failed to alter \nor to delete voting records. My question to you is, if Russian \nhackers had changed voting records, including deleting voters \nfrom the databases, can you describe the specific possible \nimpacts it could've had on the election?\n    Ms. Plunkett. If they--\n    Chairman Nadler. If they had altered the databases.\n    Ms. Plunkett. Well, it would've been devastating had they \naltered the databases. ``Altering'' in this case could've been \nchanging records; it could've been deleting records, which \nwould have made it, in some cases, impossible for voters to \nvote, to register to vote. Voters could've been turned away. It \ncould've inserted voters erroneously into the database that \ncould've provided an opportunity for those who shouldn't be \nvoting to vote. So, it would have been devastating had that \nhappened.\n    Chairman Nadler. So, thousands or tens of thousands of \nvoters might have turned up at the polls and been turned away \nbecause--\n    Ms. Plunkett. That's correct.\n    Chairman Nadler. --there was no record of their \nregistration?\n    Ms. Plunkett. That's correct.\n    Chairman Nadler. Thousands of nonexistent voters might have \nvoted?\n    Ms. Plunkett. That's correct.\n    Chairman Nadler. Thank you.\n    Ms. Plunkett, the House-passed appropriations bill contains \n$600 million in funding for States. It also includes \naccountability measures and requires that funding cannot be \nused to purchase non-qualified voting machines. The Senate's \nversion has only $250 million, with no accountability \nrestrictions.\n    Your written testimony emphasizes the need to replace \npaperless machines and implement robust post-election audits \nusing paper ballots.\n    Now, we saw in 2000 how one county's failure to properly \nmaintain its chads or non-chads held up the entire country. One \ncounty's dereliction could again conceivably hold up the entire \ncountry's election, national election.\n    Now, I understand why some States or counties might not \nwant to spend the money necessary to update their election \nmachinery so they can't be hacked, but I was astounded to read \nrecently, a couple days ago in fact, that States are still \nbuying, spending large amounts of money, on voting machines \nthat are electronic, that do not have paper trails, that are \nunauditable and vulnerable to hacking.\n    So, my question is, aside from the obvious necessity of \nappropriating money to update our election machinery so that we \nhave hack-proof machines that cannot be tampered with from the \noutside and that leave auditable trails, which means paper \ntrails, do you think that the Federal Government should mandate \nthis? Because, after all, the Federal elections are premised on \naccurate counts in every State and county. Should we mandate as \nwell as providing the funds for modern election technology so \nthat we can be sure that no foreign actor is in fact hacking \nit, in fact, phonying up our vote, and perhaps even doing so \nand leaving no trail so that you knew it later?\n    Ms. Plunkett. So, woe is me to make a comment about Federal \nand State roles and responsibilities, but here's what I'd say, \nsir: It is incumbent upon every State to institute the \nappropriate security measures and make sure that their \ntechnology is their most robust available in order to protect \nthe democracy and their election and votes.\n    I believe that there's a role for the Federal Government in \nthis space that starts with requiring that vendors follow \ncertain security standards in the production and delivery and \nmaintenance of the equipment that these States are using. That \nwould thereby standardize, at least, the security of those \nsystems, everything from auditing and database management to, \non the back end, should something happen to the systems, being \nable to report on that.\n    Chairman Nadler. So, obviously, if the Federal Government \nmandated that only proper machines could be made, then new \npurchases would only be of proper machines.\n    In the 5 seconds I've got left, do any of the other \nwitnesses want to comment on whether they think it necessary \nfor the Federal Government to mandate that existing machines be \nreplaced in time for the next election so that we can guarantee \nan election un-dictated from Moscow or someplace else?\n    Mr. Burt. We think, as the Election Assistance Commission \nis revising its standards for certification, there's an \nopportunity there to inject standards for the security of \ndevices to be certified. I would caution, though, that we must \nbe careful not to specify specific technological solutions--\n    Chairman Nadler. Right.\n    Mr. Burt. --because our enemies move very quickly. We need \nto be agile in response.\n    To have basic security guidelines that are part of that \ncertification process would be an advance in the current State \nand would help us secure our elections.\n    Chairman Nadler. Thank you.\n    Ms. Boockvar, quickly, because my time has expired.\n    Ms. Boockvar. Chairman, I just want to say that I think \nyou've mentioned a lot of the areas that we need to invest. You \ntalked about voter registration systems. I think you talked \nabout sensors, intrusion-detection sensors, and all kinds of \nother things.\n    So, what I'd like to see is that we define a continuum, a \nnumber of different things that are critical priorities, but \nallow the States, who know best what's the most critical need \nin their State, to decide what the best use of those funds are.\n    Chairman Nadler. Thank you very much.\n    My time has expired.\n    The gentleman from Colorado.\n    Mr. Buck. Thank you, Mr. Chairman.\n    Mr. Burt, I'm interested in the ElectionGuard technology \nthat you were talking about earlier. One of the interests I \nhave is that the United States wasn't the only country that \nRussia targeted in the last decade. It's clear that Russia \ntried to impugn the integrity of the Brexit vote, the Scottish \nindependence vote. They've been involved in Spain with the \nCatalonia independence movement.\n    Will Microsoft make ElectionGuard available to our allies, \nforeign countries, or something similar, so that we can try to \nmake sure that democracies across the world have elections that \nare considered by their people to have integrity?\n    Mr. Burt. Yes, that's absolutely our plan, Congressman. As \nyou may know, our AccountGuard service, which we offer for free \nto help protect campaigns against being hacked, we've extended \nthat now to 26 countries around the world, and we intend to do \nthe same with ElectionGuard technology as well.\n    It is a free, open-source project, so any vendor in any \ncountry is free to take that technology and build it into \nelection systems. We work to expand our protections to all \ndemocracies committed to free and fair elections.\n    Mr. Buck. Okay.\n    Mr. Burt, one of the things I'm interested in is exactly--\nyou've used the word ``agile'' a number of times. I'm assuming \nthat there is a distinction between hardware and software when \nyou're talking about agility, and I'm wondering if you could \njust explain that.\n    When Chairman talks about, and rightfully, you know, \nupdating systems, I think we're in large part talking about \nhardware. I want to make sure that we have hardware that's \ncompatible with whatever the software is that we need to be \nagile with.\n    Mr. Burt. Yes, it's absolutely important that both hardware \nand software be the most secure, current engineering. There's \nwork to do, frankly, on both sides of that. Most importantly, \nfor most of these systems, it's the ability to update software.\n    As I mentioned in my written testimony, we just announced \nrecently that we are going to provide free security updates to \nWindows 7 election voting devices, because we discovered that \nthere are many of those devices still in operation around the \ncountry even though that's decades-old technology. It reaches \nits end of life this January for most customers, but because of \nthe importance of securing our vote, we are providing for free \nthose security updates through the end of 2020.\n    The challenge, though, is, as I mentioned earlier, with \ncurrent regulations, it's actually very difficult and \nburdensome for local officials to even apply security patches \nto their devices. So, we need to work on both the software and \nhardware side of the equation to ensure that we can be agile in \nadopting the best technology to defend against these attacks.\n    Mr. Buck. So, for old folks like me, we think that, if it's \nnot on paper, it's not secure and it's not believable. I just \nwant to open this up for the young folks on the panel here, if \nyou have an opinion on how we convince the American public. \nBecause that's really the audience, in this case, is making \nsure the American public understands we're doing everything we \ncan to make elections credible.\n    How do we convince the American public that something that \nwe can't see, that exists out there somewhere, is just as good \nas a paper ballot and being able to see something on paper?\n    Mr. Burt. If I could start off, and at least I'll claim to \nbe young at heart, Congressman. There are two really important \nthings we can do to help establish that trust.\n    One which you've heard about from others, which we \nabsolutely endorse at Microsoft, is the existence of a paper \nbackup, at least, that can be used in risk-limiting audits. In \nfact, our ElectionGuard technology supports an advanced form of \nrisk-limiting audits, which enables voting officials to audit \nthe outcome after the vote and show that it wasn't tampered \nwith.\n    So that's one important thing, is the application of audits \nand the maintenance of at least a paper backup so that you \nalways have that as a resource to go to.\n    Again, if we can get to a world where the ElectionGuard \ntechnology is broadly adopted, that provides a whole new form \nof voter trust, because now voters will be able to, for the \nvery first time, actually see that their vote got counted and \nwasn't changed. Today--I'm from Washington State--I have no \nidea whether the ballot I marked was ever actually counted or \nnot. With this technology, voters will know, which should help \nestablish voter trust.\n    Mr. Buck. Thank you.\n    Mr. Chairman, I don't often do this, but I wanted to thank \nyou for holding this hearing. I think this is beneficial. It \nhas very little to do with partisanship. It's important for \neverybody on both sides of the aisle and all around the \ncountry, to make sure we have this integrity. So, thank you \nvery much.\n    Chairman Nadler. Thank you.\n    The gentleman's time has expired.\n    The gentlelady from Texas.\n    Ms. Jackson Lee. Thank you, Mr. Chairman. Let me add my \nappreciation for this very crucial hearing as well.\n    Thank you to all the witnesses.\n    Let me ask one question from each of you, with a ``yes'' or \n``no'' answer. Do you think it is important for there to be \ngovernmental involvement in a regulatory structure, in review \nof the technologies, as we move toward the upcoming elections, \nas quickly as possible?\n    Ms. Plunkett?\n    Ms. Plunkett. Yes.\n    Ms. Jackson Lee. Secretary Brockner?\n    Ms. Boockvar. Boockvar. Yes.\n    Ms. Jackson Lee. Mr. Burt?\n    Mr. Burt. Yes, I do.\n    Ms. Jackson Lee. Let me ask, Ms. Plunkett, with respect to \nthe 2016 election and the Russian GRU officers compromised a \ncomputer network of the Illinois State Board of Elections and \ngained access to a database containing information on millions \nof registered Illinois voters. The Russian GRU officers were \nable to steal data of thousands of U.S. voters before Illinois \nwas aware of the hack.\n    If Russia had succeeded in all these efforts, can you \nexplain how attacking voter registration software in electronic \npolling stations can impact an election?\n    Ms. Plunkett. Certainly.\n    Since the foundation of the voter system begins with the \nregistration databases, which validates that a voter is \neligible to cast a vote, should that database be altered in any \nway, whether it be destroyed or deleted or additions made to \nit, it could jeopardize the ability of a legitimate citizen who \nhas the right to vote from voting and would certainly alter the \noutcome of the election because it would prevent those who \nshould be able to vote from casting their votes.\n    Ms. Jackson Lee. In essence, it would undermine the very \nbasis of our democracy.\n    Ms. Plunkett. That's correct.\n    Ms. Jackson Lee. Mr. Burt, you've mentioned the Election-\nGuard. We are all fascinated by that. It's outstanding \ntechnology.\n    In your marketing to the entire world, I'm not sure what \nkind of litmus test you're going to use to determine whether or \nnot it is a democratic government. What is the potential of \ninnocent democratic governments now giving technology of that \nlevel of sophistication to be utilized, then, to hack into the \nsystem? What are the protections and the firewalls on your \nsystem if, by chance, you sell it to an enemy, a foreign enemy?\n    Mr. Burt. Well, Congresswoman, we're actually being quite \ndeliberate and careful about the countries to which we expand \nour services. Let me be clear about ElectionGuard: It's an \nopen-source project that anyone can access. That actually leads \nto the security, because as people find any flaws or security \nflaws in that software, it can be updated.\n    What's important to understand is that this technology is \nnot capable of being used as an offensive weapon. What it does \nis secure the vote. What it does is ensure that votes are \nencrypted and can't be changed or altered. It ensures that the \nvote can be verified and that the count can be properly \nverified by individual voters and by any third party.\n    So, to the extent that this technology is deployed even in \ncountries that we would not consider an ally, it just means \nthat their votes are going to be more trustworthy than they are \ntoday.\n    Ms. Jackson Lee. So, it doesn't give them the ability to \nbreach or to hack into the votes of another country?\n    Mr. Burt. That's correct.\n    Ms. Jackson Lee. Let me ask Secretary Boockvar, what is the \nimportance of having a variety of technologies that States can \nhave access to, rather than the limited number of vendors that \nwe already have, in terms of protecting the election process?\n    Ms. Boockvar. So, I think one of the benefits that we have \nis--decentralized systems have their advantages and \ndisadvantages, but having the variety of technology is \ndefinitely an advantage, because the likelihood of the ability \nto breach all the different technologies is certainly harder \nthan if you had one uniform across the board. So, it's key to \nkeep the diversity of our systems.\n    Ms. Jackson Lee. You only have, I think someone mentioned \nthree. So having us to be able to certify or legislation that \ndeals with expanding that opportunity would also enhance the \nsecurity and safety of elections.\n    Let me--you're all lawyers. In the past election, 2016, \nwe've determined that there were a lot of foreign operatives. \nDo you think it's important to have legislation that indicates \nthat if you, an elected official, or a candidate, are \napproached by a foreign adversary, that you need to report that \nimmediately to an organization, agency, such as the FBI?\n    Ms. Plunkett? I'm just asking everybody across the board.\n    Ms. Plunkett. Yes, I do.\n    Ms. Jackson Lee. Madam Secretary?\n    Ms. Boockvar. Yes, I do as well, Congresswoman.\n    Ms. Jackson Lee. Mr. Burt?\n    Mr. Burt. Certainly.\n    Ms. Jackson Lee. I ask unanimous consent to place into the \nrecord H.R. 2353.\n    Chairman Nadler. Without objection.\n    [The information follows:]\n     \n\n                MS. JACKSON LEE FOR THE OFFICIAL RECORD\n\n=======================================================================\n\n[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]\n\n    Ms. Jackson Lee. Can an effective deceptive campaign \nspoofing attack be deployed through user search engine \nrequests?\n    I'll repeat it. Can an effective deceptive campaign \nspoofing attack be deployed through user search engine request?\n    Can you just answer the question, Mr. Burt?\n    Chairman Nadler. The time of the gentlelady has expired. \nThe witnesses may answer the question.\n    Mr. Burt. Yes, that's possible, although a more fulsome \nanswer would take a considerable period of time in terms of how \nthat would work and how we can defend against it.\n    Ms. Plunkett. I agree, yes.\n    Ms. Jackson Lee. All right. Thank you. I yield back.\n    Chairman Nadler. The gentlelady yields back.\n    The gentleman from Florida?\n    Mr. Gaetz. Thank you, Mr. Chairman.\n    I'd like to associate myself with the comments of the \ngentlelady from Texas and the gentleman from Colorado, that \nelection security issues must be viewed as a bipartisan \nendeavor for us to be able to make progress and that all voters \ndeserve to have confidence in that process.\n    I must say, it was a little disheartening that Chairman \nbegan the hearing by taking a bunch of partisan shots at the \nPresident. I don't understand how that is helpful to the work \nthat we're doing here.\n    Really, thinking in terms of the value of elections most \nbroadly, I fear that the greatest risk to our democracy may not \nbe hacks or interference with the vote; it may be the efforts \nby radical Democrats to try to impeach a President who was duly \nelected. That seems to undo elections a lot more than hacking.\n    Alas, back to this important work of the committee. I \nwanted to thank Congresswoman Murphy as the lead but also our \ncolleagues on the Judiciary Committee, Mr. Deutch and Ms. \nMucarsel-Powell from Florida, for coauthoring H.R. 3529. This \nbipartisan legislation requires the head of the Department of \nHomeland Security to notify State and local election officials \nin the event of some intrusion or hack.\n    So my question is really to any of the Members of the panel \nto speak to the utility and importance of real-time \ncoordination in the event of an intrusion and how you might see \nState and local officials working cooperatively and proactively \nwith the Federal Government in such an endeavor.\n    Ms. Boockvar. I'd love to take a crack at that. Thank you, \nCongressman.\n    It's critically important, that collaboration at the State, \nlocal, and Federal level. We saw it in Pennsylvania last year, \nin November of 2018's election. We were connected across the \ncountry to other States and to the Federal Government, getting \nreal-time information about things that were being seen in \nother States.\n    We could not only take--so, for example, there were \nattempts to hack into--to send PDOS types of interruptions in \nother States. IP addresses were identified, passed along to \nother States. We then, in turn, were connected across the State \nto the 67 counties, could pass along those IP addresses, so \nthey could block it proactively before having to have--it was \nliterally in-action collaboration that protected our elections.\n    So that kind of thing, both before, during, and after, is \ncritical to make sure that we have the most secure elections \npossible.\n    Mr. Burt. Congressman, if I may, in 2018, under the \ndirection of Director Krebs from CISA, there was a war room \nestablished at the Federal level to which technology providers, \nState and local officials were all invited. We participated in \nthat, and that was a good step forward.\n    What you suggest is absolutely critical. I agree that the \nmore efficient we can have communication between all Federal \nagencies who are aware of attacks in real-time with State and \nlocal officials and, also, leading technology providers who \nstand ready to assist with this effort of protecting our \nelections, the better it can be.\n    So, we need to improve and expand on that rapid real-time \nsharing of threat information at the time of the election and \nbefore then.\n    Ms. Plunkett. I agree with both.\n    I'd just also add, it's critically important and a good \nrole for the government to create the environment where \ninformation-sharing can happen without restrictions in a smooth \nand precise and expeditious manner, such that everyone who \nneeds the information can get it and it's presented in a usable \nfashion.\n    I would not limit that to State, local, and Federal, as has \nalready been stated. Vendors there are very good threat \nintelligence organizations that are doing a great job in \nuncovering good information that needs to be a part of this \ndialogue.\n    Mr. Gaetz. That is incredibly helpful advice, especially \nwhen I think about the experiences in Florida, where hackers \nmasquerade as the vendors. So, they would seem to be an \nimportant part of that community. That's very helpful.\n    I would also observe that there seems to be some confusion \nin Florida as to the extent to which any hack could lead to \nvoter manipulation in future elections, not based on changing \nthe tallies of the votes but by potentially manipulating \nsomeone's name. I'm Matthew Louis Gaetz II, but if someone went \nand changed my name to just ``Matt Gaetz'' on the voter rolls, \npotentially I would have a hard time having my vote counted.\n    So, this may be a broader question than you're able to \nanswer, but I am interested--and I think the Judiciary \nCommittee could perhaps partner with others--on the utility of \nblockchain technology to enhance the security of elections. \nBecause in an immutable, decentralized ledger, I would think \nthat such a manipulation of the voter rolls, themselves, would \nbe less likely.\n    I would seek any comment anyone would have.\n    I appreciate the chair's indulgence.\n    Ms. Jackson Lee. [Presiding.] The witnesses may answer the \nquestion. The gentleman's time has expired.\n    Ms. Plunkett. I think there certainly the opportunity for \nblockchain to be relevant in this space. If we think now about \nthe American public and their understanding of voting and \nvoting systems, we are talking about paper ballots as a backup. \nGenerally, people understand that.\n    Blockchain technology is very complicate and is untested. I \nknow it's being tested in West Virginia, as I understand it. \nSo, I think there's possibility, but it's not something that I \nthink is ready for use for a general or primary election.\n    Ms. Jackson Lee. The gentleman's time has expired.\n    The gentleman from Georgia is recognized for 5 minutes.\n    Mr. Johnson of Georgia. Thank you, Madam Chair.\n    Thank the witnesses for your appearance today and for your \ntestimony.\n    Ms. Plunkett, the Center for American Progress recently \nreported that, quote, ``voting on paper is the most hack-proof \nway of conducting elections.'' You agree with that, do you not?\n    Ms. Plunkett. Today, yes, I do.\n    Mr. Johnson of Georgia. What about you, Ms. Boockvar?\n    Ms. Boockvar. Absolutely. At least with a paper record, I \nshould say.\n    Mr. Johnson of Georgia. Uh-huh.\n    Mr. Burt?\n    Mr. Burt. Well, I would say that we actually believe that \nElectionGuard provides an even more hack-proof way of voting. \nPaper as at least a backup or as primary--because the \ntechnology would support either--is important to maintaining \nthe security of our elections.\n    Mr. Johnson of Georgia. Uh-huh.\n    So, when we talk about a paper ballot, we're talking about \na hand-marked paper ballot.\n    Is that right, Ms. Plunkett?\n    Ms. Plunkett. It doesn't necessarily have to be hand-\nmarked, but there should be a piece of paper involved that can \nbe--\n    Mr. Johnson of Georgia. Well, now, if the paper involved is \nproduced by a touchscreen voting machine and that piece of \npaper also has a barcode along with the races that the voter \nvoted on, and this paper that the machine produces with the \nbarcode is given to the voter, who can then check it, make sure \nthat it reflects accurately what choices were made by that \nvoter, and then that piece of paper is then scanned into a \ncounting machine which counts not the actual choices made by \nthe voter but the barcode on top, that's the kind of paper \nballot that you're talking about?\n    Ms. Plunkett. I don't know about the barcode piece. I--\n    Ms. Boockvar. So, I think I can answer that. So, for \nexample, that's where audits come in, right? So, for example, \nwe're developing a process in Pennsylvania where--\n    Mr. Johnson of Georgia. Well, I guess the question that I'm \nasking--if it's the barcode that is counted and not the box \nthat is identified as the one that was checked by the voter, \nhow does the voter know that the barcode which is counted \nactually reflects the choices that the voter made? Or does the \nvoter just simply have to depend on the barcode to accurately \nreflect--how can we get around that if we're counting the \nbarcode and not counting the hand-marked paper ballot?\n    Ms. Boockvar. So, most systems, whether they're hand-marked \npaper ballot or ballot-marking devices, use some form of mark \nfor the tabulation process, whether it's a barcode, a QR code, \nor timing marks, which some of the hand-marked paper ballots \nuse. So, there's basically triggers into the tabular, and then \nthe audit--\n    Mr. Johnson of Georgia. Then you're able to actually count \nthe hand-marked ballot by hand.\n    Ms. Boockvar. Exactly. That's what the audit or a recount \nwould do, would look at the plain text language on the--and it \ncan compare to the tabulation numbers--\n    Mr. Johnson of Georgia. The tabulation of the machine.\n    Ms. Boockvar.--yes, with the--\n    Mr. Johnson of Georgia. So, the hand-marked ballot is the \nway that it produces an auditable trail. The ballot that is \ncounted by the barcode and is not hand-filled-out is just \nsimply a further extension of the mechanics of the computerized \nvoting?\n    Mr. Burt. If I may, Congressman. So, in the context we are \ntalking about the barcode, that paper still shows the specific \nindividual votes which the voter, in a well-run system, has had \nan opportunity to verify the checkmarks in the boxes. So, now \nyou've got a--\n    Mr. Johnson of Georgia. Yeah, but those checkmarks are not \nthe ones that are counted, though.\n    Mr. Burt. I understand. What I'm saying is--\n    Mr. Johnson of Georgia. It's the barcode.\n    Mr. Burt.--even if it's not hand-marked, if it's marked by \nthe machine, but the voter has verified those boxes, now you \nhave a paper ballot that's verified that can be used for \ncounting.\n    Mr. Johnson of Georgia. How does the voter verify that the \nbarcode or the counting mechanism accurately reflects the \nchoices that the voter made?\n    Mr. Burt. Yeah, so that is part of the audit process that \ncan be performed by looking at the tally against the audited \nsubset of ballots that's selected for the audit, looking not at \nthe barcode, in this case, but looking at the boxes that are \nchecked. So, the audit system provides that.\n    Mr. Johnson of Georgia. Let me just say this, then. Isn't \nit clear that a hand-marked paper ballot that is then fed into \na counting machine, which counts that tally, along with the \nother voters--and then, at the end of the voting process, if \nthere is a recount, then you can actually count the paper \nballot, the hand-marked paper ballot by hand and compare that \nto the tally that was produced by the counting machine, doesn't \nthat provide the most effective way of auditing the results of \nan election?\n    Ms. Jackson Lee. The gentleman's time has expired. The \nwitness may answer the question.\n    Mr. Burt. I would say that it's not important whether the \nballot was hand-marked or marked by a machine as long as the \nvoter gets the opportunity to verify that what they see on the \nballot is what they intended before they deposit it in the \nballot box. Either way, whether it's my hand-marking or the \nmachine that checks the box, you have a clear representation of \nthe voter intent.\n    In fact, in the machine-checked box, sometimes that's \nclearer. As you know, with hand-marked ballots, there's often \ndisputes about what a voter actually intended with the marking, \ndepending on the system.\n    Mr. Johnson of Georgia. There's no way of doing that--\n    Ms. Jackson Lee. The gentleman's time has expired.\n    Mr. Johnson of Georgia. --with the electronic voting \nprocess.\n    I thank the gentlelady, and I yield back.\n    Ms. Jackson Lee. The gentleman's time has expired.\n    The gentleman from North Dakota, Mr. Armstrong, is \nrecognized for 5 minutes.\n    Mr. Armstrong. Thank you, Madam Chair, if I have time, I am \ngoing to come back to this, but Mr. Burt, your written \ntestimony, you mentioned, you talked about future threats, and \none of those was deepfakes and synthetic media being a future \nthreat. I'm an old State party chairman. I understand how in \nthe last 10 days of a close election things escalate extremely \nquickly. Just, why is this such a threat, and what can we do to \ndeal with it on the front end? I mean, I've seen some--our \ncolleagues, they did one yesterday, and I don't know another \nword to say another than creepy, and they look absolutely \nlegitimate, so.\n    Mr. Burt. Well, Congressman, that's exactly why it's such a \nthreat. We know that our adversaries, among other things, \nengage in disinformation campaigns, in which they attempt to \ntake the extreme positions on social issues relevant to the \ncampaign, and they try to incite conflict among the American \nelectorate. They seek to discredit candidates or positions \nthrough their disinformation campaigns. We should anticipate \nthat they are going to become more sophisticated in their \nefforts.\n    Synthetic media, or deepfakes as it's called regularly, the \ntechnology that enables that, both in terms of audio and video, \nis advancing rapidly, and as you point out, it's now possible, \nwith the most advanced technology, to really create videos that \nappear to be entirely realistic. There's a lot of research \nthat's going into detection technology, how to detect these \ndeep fake videos and show that they are artificial and not \nreal. At the end of the day, the technology to create the \nvideos, because of the way the artificial intelligence works, \nwill always be ahead of any detection algorithm.\n    So, the opportunity for our adversaries to use this \ntechnology, to try to influence a campaign or an election, is \nvery real. Today as it stands right now, we don't have a great \nanswer to that, other than to educate the American public that \nit's going to be even more important now than it's been in the \npast, that they consume the information that they use to make \nelection decisions from sources they believe are credible. \nThere are a number of services out that try to rank and rate \nvarious sources to determine is this a journalistically \ncredible source or not, but in today's world, that's going to \nbecome even more important.\n    Mr. Armstrong. Thank you. I get criticized for a lot of \nthings I say, so I'd prefer that I not get criticized by things \npeople make up that I say. Moving into that, as far as a \ndefense to that, as we're going forward, if the technology is \nadvancing faster than the detection of it, it probably behooves \nus, as a body, and whoever else is doing some of these things, \nto figure out a way, particularly with platforms and things, to \nbe able to have immediate removal and those types of efforts. \nWould that probably be just as we're moving forward and going \ntowards this, there has to be a way. We have to have a way as a \nCongress or as a government or just as an election, to be able \nto deal with these things.\n    Mr. Burt. Yes. In the short-term, I think using available \ndetection technologies, working with the social media platforms \nand others to try to identify those that originate from \nadversaries, which is, cybersecurity technology we can deploy. \nThose are going to be the best things we can do for this \nelection cycle.\n    We and others are investing in a number of different \nefforts to try to come up with better ways, both to detect and \nto identify legitimate sources of video and audio so that over \ntime, we will have a better approach to solving this challenge. \nIt is going to be a real challenge for us in the 2020 \nelections.\n    Mr. Armstrong. Going back to the encryption stuff, and how \ndoes the broader encryption debate potentially affect \nencryption in ElectionGuard. If a government has a backdoor \naccess, it's a backdoor that potentially could be exploited. \nThat could create a built-in weakness in the balance. How do we \nbalance law enforcement and the ability to do that with \ncybersecurity?\n    Mr. Burt. So, this is a broader question that goes beyond \nthe election context. In the election context, the encryption \nthat we build in to ElectionGuard would never have a backdoor. \nThere would be no purpose to have the backdoor, and it actually \nwould reveal voter--specific votes, which you don't want to do \nfor a variety of reasons.\n    In the more broader context, this is a very nuanced \ndiscussion. There was a recent paper from the Carnegie \nInstitute that I thought was very well done in talking about \nthe broad range of issues, relevant to encryption, law \nenforcement access, protection of dissidents, for example, the \nlegitimate uses for encryption, why that's important. One of \nthe things that paper said, which we absolutely endorse, it's \nimportant to get very specific about the problem you're trying \nto address, and look at that problem and how to properly \nbalance all the competing interests as to that problem. There \nis no general approach to encryption that doesn't create way \ntoo many problems. So, we need to be very specific, look at \nthose specific things, and then balance the social issues to \nfind the right result, and that's going to be some work that we \nall have to do, the technology industry together with \ngovernment.\n    Chairman Nadler. The time of the gentleman has expired. The \ngentleman from Rhode Island.\n    Mr. Cicilline. Thank you, Mr. Chairman. Thank you to our \nwitnesses for this very useful and important testimony. One of \nthe things that I'm particularly concerned about is the \nregulation of vendors. As you are aware, a large percentage--I \nthink it's 97 percent--of States and territories use vendors in \nsome capacity, from the computers they use to access \ninformation to the servers that house information, the \nmanagement of databases that contain information to cast and \ntally votes, websites and software used to display information \nand results, to the software that creates ballot design and \nhelps transfer information across systems.\n    Three vendors in particular control over 90 percent of this \nprocess. Of those three, over 60 percent of American voters \ncast ballots on systems owned and operated by a single vendor. \nDespite the incredible impact of vendors on our electoral \nsystem, there seems to be very little regulation over vendors \nthat really ensures election security. As a result of it, we've \nseen some very serious issues with vendor security.\n    So, my first question really is, for each of the witnesses, \nshould we consider regulations at the Federal level in creating \nsome standards for vendors, and if so, why? If not, why not?\n    Ms. Plunkett. I absolutely believe that we should, because \nelections and election systems are a national security threat. \nFor national security threats, that has been the approach of \nthe U.S. Government. It is to develop Federal standards, and in \nthis case, it would be Federal security standards for election \nequipment that range--that really run the gamut from how the \nenvironment in which the software is developed, and ensuring \nthat it's developed in a secure manner, and appropriately \nprotected, straight through to the implementation and \nmaintenance, and then the responsibility for reporting any \nvulnerabilities that are discovered even after that software, \nhardware is deployed. I think it absolutely should be done, and \nI believe it's a role for the Federal Government.\n    Ms. Boockvar. I agree on every level. We have the Election \nAssistance Commission which does certification, but as you \nprobably know, not only has the AC been underfunded, but they \nalso were unable to update their standards, the voluntary VBSG \nstandards, for a long time. It didn't have a quorum.\n    So, for example, in Pennsylvania, we stepped in and last \nyear, when we knew we had to certify a whole bunch more voting \nsystems, we actually created our own more stringent security \nstandards, because we didn't want to rely on the outdated ones.\n    So, it would be much more effective if the Federal \nGovernment were having stronger oversight both to standards and \nthen to oversight of, for example, we talked earlier about the \nforeign ownership, background checks, and making sure that \nthere's chain-of-custody controls over every component of the \nvoting and election system.\n    Mr. Cicilline. To make those standards requirements, not \nvoluntary?\n    Ms. Boockvar. Correct.\n    Mr. Burt. Congressman, if I may add, we're all in agreement \non that, with the one caveat that it's important that the \nstandards not dictate any particular technology or \ntechnological solution because that then sticks the States and \nlocal governments with a particular solution. If that becomes \nvulnerable, then it would take too much time to change. So, \nthey need to be generalized standards so that there can be \ninnovation in terms of the technology approach that's used to \nmeet those standards.\n    Mr. Cicilline. That makes sense. In addition to the \nestablishment of mandatory standards, are there other things \nCongress should be thinking about with respect to the role \nvendors play in our electoral process and the integrity of our \nelections?\n    Mr. Burt. One thing that is another one of the future \nthreats that the vendors can be playing a more significant role \nis, the risk of ransomware, and ransomware attack, especially \non the voter registration rolls. This is something that \nDirector Krebs from CISA pointed out a few weeks ago after this \nwhole rash of ransomware attacks, we've seen on small \nmunicipalities around the country, ten in Texas alone \nrelatively recently. The risk that our adversaries will use \nthat same malware injected into the voter registration devices, \nand basically it will show up on the day of the election, and \nthe entire database will be locked up and you can't see it. \nThat's a significant risk.\n    So, vendors need to work with their customers to help them \nunderstand how to establish defenses, how to have and build \ninto the system backups that are offline backups, and do \ntabletop exercises so that State and local officials know how \nto restore those systems very rapidly, so there's no \ninterruption in the voting process in the event that everything \nelse that we do to try to maintain security is unsuccessful.\n    Mr. Cicilline. Thank you. I want to thank you, Mr. \nChairman, for holding this really important hearing. There's \nnothing more fundamental than protecting the right of the \nAmerican people to have their voices heard and their votes \ncounted in our elections, and this requires strong leadership \nfrom everyone at every level of government, and I really thank \nyou for conducting this hearing.\n    Chairman Nadler. Thank you, the gentleman yields back. The \ngentleman from Texas.\n    Mr. Gohmert. Thank you, Mr. Chairman. I appreciate all of \nyou being here. I noted that Chairman said basically that he \nwas astounded to find counties still buying machines with no \npaper trail. Ms. Plunkett, were you at the NSA back in 2000, \n2001?\n    Ms. Plunkett. Yes, I was.\n    Mr. Gohmert. Do you remember who mandated that every county \nor parish in America buy electronic voting machines, and there \nwas no requirement for paper trails because that was more \nexpensive? Do you remember who mandated that?\n    Ms. Plunkett. No, I do not.\n    Mr. Gohmert. Well, I was working for the State and county \nas a judge, and counties were outraged that they had an \nunfunded mandate by this Congress, that some people here were \nin, Democrats intimidated Republicans because of the votes in \nFlorida, even though there were fifth graders tested. None of \nthem had trouble with the butterfly ballots and such. \nApparently, people that were trying to vote Democrat had a lot \nof trouble with them. So, there was outrage, there was demand \nfor electronic voting, and the Federal Government, Congress, \nmandated it. It was very, very difficult for counties, many \ncounties, to come out of the financial burden that this \nCongress put on them, and so, if some of them have had trouble \nrecovering financially for the poor mandate from this Congress, \nthen hopefully they will be forgiven.\n    Mr. Burt, it's wonderful that ElectionGuard is being \nprovided by Microsoft to help secure elections. Does that work \nas well on Apple or Mac systems as it does on Microsoft \noperating systems?\n    Mr. Burt. Yes, Congressman, it works on any platform. It \ndoesn't matter what platform--\n    Mr. Gohmert. See, I've heard that about here in Washington, \nI could have whatever computer system I wanted, and I have used \nMicrosoft operating system for years. I tell people, I thought \nMicrosoft Vista was the best thing that ever happened to \ncomputers. It screwed up all my software. I finally got mad and \nwent and bought an Apple, it was a Mac. It was the best thing I \never did. Bought dozens since. But, when I was in Congress, I \nwanted a Mac, and I got one, but Microsoft system is what \nthings are based on here. It screwed up my computer, and they \nsaid, look, you just can't have a Mac, if you're going to \ncommunicate with other computers around it. So, I just didn't \nknow.\n    I understand that your job is security and trust with \nMicrosoft, so maybe they hadn't told you, but is there any \nbackdoor into Elec-tionGuard that Microsoft might have in order \nto fix or deal with some problem in the system?\n    Mr. Burt. Absolutely not, Congressman. There is no--\n    Mr. Gohmert. As far as you know.\n    Mr. Burt. Well, not only as far as I know, but it was my \nteam that did the engineering work on this ElectionGuard--\n    Mr. Gohmert. Okay.\n    Mr. Burt. --and so, I am confident there is no backdoor. \nThe other thing I would say again is, we are making it an open-\nsource project. So, the source code is available today on \nGitHub for anybody to look at. We actually encouraged hackers \nto try to hack into it, so that we can find any security flaws \nand fix them.\n    Mr. Gohmert. One of the problems since really we're all \nvery concerned about election security, no matter how good your \nsystem is, it can't do anything about a county that hires a \nvendor, as my colleague was just bringing up, and the vendor at \nthe end of our early voting, on Friday before the election on \nTuesday, takes the 48 flash drives from the 48 precincts home \nand plays with them until Election Day. Your system can't help \nwith that kind of problem, correct?\n    Mr. Burt. Actually, Congressman, the ElectionGuard \ntechnology, the way it works, actually provides security and \ntrustworthiness even if you have a vendor or an election \nofficial who's been compromised or has some malign intent, \nbecause the vote gets encrypted the moment that the voter votes \non it, and it never decrypts it after that.\n    Mr. Gohmert. Yeah.\n    Mr. Burt. So, it's protected against any of those kinds of \nattacks. Then we--\n    Mr. Gohmert. If it's protected against that kind of abuse, \nthen a county may not want to use your system, if they need a \nvendor to take them home and play with them. I'm concerned that \neach of you think it is possible to rig an American election, \nand if that's the case, I just warn you that in President \nObama's eyes, that would make you a nonserious person, because \nhe said, no serious person out there would suggest somehow you \ncould even rig America's elections.\n    I would encourage you, since traditionally dead people vote \nnearly a hundred percent Democrat, that you figure out a way to \nsecure our graveyards so people don't keep turning out and \nvoting in our elections. My time is expired.\n    Chairman Nadler. The gentleman's time is expired. The \ngentlelady from Washington.\n    Ms. Jayapal. Thank you, Mr. Chairman, and thank you all for \nbeing here. It's really very important the information that \nyou're giving to us. As I've come to learn more about this \nissue, I've been quite stunned that the United States is \ncurrently the only major democracy without a centralized agency \ngoverning cybersecurity. Although we have multiple Federal \nagencies that have some role to play in protecting elections, \nthere's no clear place that a local county that's concerned \nabout hacking can go to. I read this recent U.K. report that \nexplains that there are single, centralized, cybersecurity \nagencies that coordinate national security in Australia, \nCanada, and New Zealand, but the same report notes that in the \nUnited States international cybersecurity efforts must go \nthrough multiple U.S. agencies, including the NSA, DHS, and the \nFBI. So, I'm really interested in this idea of centralized and \ncohesive coordination of our Nation's cybersecurity to better \nprotect from foreign and domestic threats.\n    Mr. Burt, I want to thank you for your work and say how \nproud I am that Washington State is Microsoft's home State, and \nthat I have the honor of representing many, many, many \nMicrosoft workers as my constituents. I think you have brought \nup some really--you've done some really important work with the \nElectionGuard technology. I'm curious--I know you just released \nit--is it actually in use anywhere yet? Are we using it in \nWashington, I guess, is the most relevant question?\n    Mr. Burt. No, it's not yet in use anywhere, because as you \nsay, just released it for public use just in the last few days. \nWe are working with all the major election--working with all \nthe election vendors. They're all very enthusiastic. They're in \nthe process now of evaluating the technology and thinking about \nhow they could build it into new offerings, new devices. So, we \nneed both the election vendors, as well as State and local \nofficials to understand the technology, think about how they \ncan use it to secure their election, and we're out, you know, \nactively helping explain and educate that.\n    We do expect that either later this year, or certainly in \n2020, there will be--we're working with a number of partners on \nsome, at least pilot elections, where it will be used for a \ncertain precinct or in a certain location so that we can \nactually test the technology, make sure that it's working as \nexpected, hopefully in the coming months, and certainly by \n2020.\n    Ms. Jayapal. Thank you. That's what I was wondering, is \nperhaps if we were pilot-testing it in Washington. In your \ntestimony, you talked about imposing a culture of \ncybersecurity, including training, and I was also struck by the \nfact that many of the existing voting systems were using \nWindows 7. In your testimony you talked--or in your written \nstatement, you talked about that. How do we, and maybe this is \na question for you, but also for you, Ms. Boockvar, how do we \nmake sure that we are providing the support and incentivizing \nin some way States and local counties to update their \ntechnology? Because we can have the best stuff, and we can put \nit out there, but if people don't continue to update, we're \ngoing to have this problem. Do either of you have comments on \nthat?\n    Mr. Burt. Well, I think you've heard a number of comments \nthat address that already today from the testimony. I would \nsay, we basically endorse the comments from both other \nwitnesses which is, among other things, a set of consistent \nFederal standards on security for elections would be useful \nguidance. But, you also need to have a sustained, durable, \nlong-term funding solution, so that State and local agencies \nare not stuck because of financial considerations, with \noutdated technology. This is just too important to our \ndemocracy. We need to make sure that we have the most secure \nsystems possible in every State and local elections.\n    Ms. Jayapal. Is it just about money, though, or is it also \nabout people's fear of how to use technology, not perhaps \nhaving their technology officers in place? Either of you, \nplease.\n    Ms. Boockvar. There's a role really for lots of different \npieces of the puzzle here, so from--everything from--sorry \nabout that. We were talking earlier about how it would have \nbeen great if the new systems, for example, in Pennsylvania, \nthat we just certified over the last year, they should--it \nwould have been great if they were never made with Windows 7, \nso that there was an earlier sort of prevention measure in \nplace that just involves regulation at the front end.\n    Then, I think at the county level, and at the State level, \nand at the Federal level, to have easier certification, so when \nthere is the transition and the upgrade of technology, we need \nto be able to make sure that those systems can be in use \nwithout being out of play for a while. So, there's a lot of \ndifferent levels of it.\n    Ms. Jayapal. You mean made with Windows 7, because things \nhave an operating system within them, but what do you mean by \nthat?\n    Ms. Boockvar. So that's their operating system B. So, for \nexample, it would have been great if all the systems that were \neven being made over the last year were already Windows 10. \nSome were, some weren't.\n    Ms. Jayapal. Oh, I see. I see. They were updated as they \nwere being put out?\n    Ms. Boockvar. Correct. The counties, so there were \nnegotiations--in terms of the money piece, there were \nnegotiations with the vendors to make sure that they weren't \ngoing to charge for the upgrade, but it would have been better \nif there was never a need for upgrade because they had been \nmade with Windows 10 to begin with.\n    Ms. Jayapal. Thank you. I yield back.\n    Chairman Nadler. The gentlelady yields back.\n    The gentleman from Virginia.\n    Mr. Cline. Thank you, Mr. Chairman, and I'm grateful to you \nfor holding this hearing today. It's an issue that has needed \nexamination for some time, and I'm hopeful that after today's \nhearing, we'll be able to Act on some of the excellent ideas \nthat have been discussed this morning and many others that have \nbeen put forward by Members on this committee.\n    While the responsibility of carrying out elections is one \nmainly for local and State governments, the Federal Government \ndoes have a critical role to play as has been discussed. It's a \nfact that other countries are trying to interfere in U.S. \nelections--Russia, most notably--and we must remain vigilant to \nensure that foreign adversaries cannot mettle in our electoral \nprocess.\n    New threats will never cease, and our Nation must stay on \nthe cutting edge to ensure our elections remain secure. Our \nlaws guarantee the American people just and fair elections, and \nit's our duty to carry out that mandate and resist all forms of \ntyranny that threaten our freedom.\n    I have listened with interest. It seems like we're moving \nin two different directions--one toward less technology, paper \nballots, and one toward more use of technology, \ndecentralization, Blockchain. I'm curious about real-time \ntesting of Blockchain in West Virginia.\n    Ms. Boockvar, your neighboring State, West Virginia, had \napparent success in the midterms in using Blockchain to allow \ndeployed overseas servicemembers to vote. Have you explored any \nsimilar initiatives in Pennsylvania, and what have you done to \nensure that overseas, deployed servicemembers can vote?\n    Ms. Boockvar. So, we have not explored directly--I think \nacross the country we are very closely talking with Virginia \nand West Virginia and watching how this goes. I think it did \nseem that the first run of it was successful. But, like we all \nknow, there's a lot of risks with using untested technology. \nSo, I think that's going to be something to watch over time. In \nthe meantime, we are effectuating an encrypted email process \nthat's going to be used for the first time--I'm sorry, I lost \nmy voice--but that's going to be used, that's going to allow, \ninstead of having to access a website, encrypted emails for \ndelivery of the ballot to those voters, and that's kind of our \nnext technology way to protect the vote overseas--of overseas \nvoters. I'm sorry.\n    Mr. Cline. Mr. Burt, your technology seems to--\nElectionGuard seems to utilize both ends of the spectrum there. \nYou're having a paper ballot backup but exploring open-source \nsolutions. Do you still--are you researching efforts to replace \npaper ballots, design and create additional software efforts \nthat could replace paper ballots? Or are you of the mind that \nyou should always have that paper ballot backup?\n    Mr. Burt. So, our view is that whether paper ballot is the \nbackup or primary, either way, the ElectionGuard technology can \nhelp provide this level of security and verifiability. We've \ndesigned it so that it will work with paper ballots in either \nway. But our position is that today, it's important to have a \nverified paper ballot backup, at a minimum, to use for risk-\nlimiting audits and have it available in the worst case, so \nthat you can do a hand count if necessary. So, we think--and \nour technology supports that as well--so we think it's \nimportant.\n    If I just make comment quickly on Blockchain, our \nresearchers, who look really carefully at election-based \ntechnology, do not think Blockchain is a great solution for a \nnationwide election. We're very interested in the West Virginia \nexperiment. We'll continue to look at that. It has a very \nspecific focus which it may be useful for. For the most part, \nthere are two big problems with Blockchain. It's a distributed \nledger, and you really need to have a leader, which we have \nleaders now with the State and local election officials who \nestablish what the rules are for voting and for who's on the \nballot and who's not. So, there's challenges with Blockchain \ntechnology inherently, and furthermore, on a nationwide level, \nit would not maintain the degree of security and privacy in \neach individual's vote that is critical to our national \nelections.\n    Mr. Cline. You've been working globally on this effort. \nHave you seen in other countries any evidence of hackers and \nwhether your work in other countries on those issues has led \ndirectly to denying hackers an option to penetrate election \ninfrastructure?\n    Mr. Burt. So, the work that we've done globally so far has \nbeen with our account guard service, where we monitor Nation \nState actors, attempting to hack into the accounts of \ncandidates or others involved in the election process, \nincluding third-parties, academics, and NGOs. What we have seen \nis that there are attacks in many other countries. We saw it in \na number of the ones that Chairman Nadler referenced in his \nopening statement. We saw it as well in the French presidential \nelection following ours in 2016. So, this pattern of conduct by \nthe Russians, but potentially by other nation-states, is \nabsolutely continuing in multiple different countries.\n    Mr. Cline. I thank the witnesses.\n    Chairman Nadler. The time of the gentleman is expired. The \ngentleman from Maryland.\n    Mr. Raskin. Mr. Chair, thank you. In 2016, Vladimir Putin \nassessed the Russian posture vis-a-vis other countries. He \nrealized he could not defeat liberal democracies militarily or \neconomically, but he convened the equivalent of a Manhattan \nproject for electronic subversion of the cyber elections, and \nthe social media of Democratic countries.\n    So, from prior hearings I've learned it was a three-pronged \nattack. Part of it was on the social media. There was an effort \nto inject racial propaganda and other kinds of ideological \npoison into Facebook and Twitter and so on. Two, there was a \ndirect effort to hack into the DNC, at the D triple C, Hillary \nClinton's emails. We're aware of that and had testimony about \nthat.\n    The third part was to go right to the State boards of \nelections to try to get into those systems. I want to ask a \ncouple questions about that. I understand that they made their \nmost progress in terms of the Illinois system, actually got \ninto the voter registration database. Although, they were not \nable to, but apparently they tried, but they were not able to \nnullify the existence of voters on the database. What might \nhave happened had they been able to do that? How secure are we \nagainst that in a similar attack, in 2020, Ms. Boockvar?\n    Ms. Boockvar. So, the way it's been described to me is, \nwhat they did was kind of like, you know, if you're a thief and \nyou go around the neighborhood and you try to figure out which \nhouses have unlocked doors or windows, which are the easiest to \nbreak into, and when they're locked, you move on to the next \none. So, they scanned a bunch of States, found most of the \ndoors and windows locked and moved on to the next. I think that \nthat's why we were successful at not having a worse situation. \nIt could have been, as has been discussed previously, it could \nhave been devastating.\n    Mr. Raskin. Are you a member of the National Association of \nSecretaries of State?\n    Ms. Boockvar. Correct.\n    Mr. Raskin. How secure are the States? How ready are we? \nPeople ask me all the time, how ready are we, but we don't have \none system. We have at least 50 systems, right? Or 51 systems \nall over the country.\n    Ms. Boockvar. I think we are absolutely in a much better \nplace than we were 2 years ago, and the designation of \nelections as critical infrastructure was a big start to that. \nWe still have a way to go, and that's why I'm really \ninterested, Congressman, on making sure that we don't focus \nentirely on voting systems. Voting systems are really \nimportant, but we need to be funding replacement of voter \nregistration systems, intrusion-detection systems, making sure \nthat the counties have the cyber protections, the passwords, \nand the multifactor authentication. Those are just as important \nas the voting systems, and we need to recognize that.\n    Mr. Raskin. Ms. Plunkett, would we be safer in protecting \nour Presidential elections, which are obviously the biggest \nmagnet and target for foreign actors, would we be better off if \nwe had one national popular vote in electoral system for \nPresident, or are we better off using the current electoral \ncollege system where we have a State-by-State voting and we've \ngot to protect all those different systems?\n    Ms. Plunkett. What's most important is that we have the \nright--whichever system we would choose to use, what's most \nimportant is that we have the right security protections in \nplace. With the right security protections in place, either \nwould work equally effectively, I believe.\n    Mr. Raskin. Okay. Mr. Burt, I was very cheered to hear your \ntestimony. Are you telling us that we essentially have a \ntechnological fix to the problem of security of the actual \nvoting systems themselves?\n    Mr. Burt. Yes, Congressman. We think the election, our \ntechnology, once it's implemented in devices and those devices \nhave been adopted, will provide a high degree of security, and \nmore importantly, will provide this end-to-end verifiability, \nwhich will enable individual voters and voting officials to be \nable to trust the outcome, with the ability to have audits as a \nbackup to add a layer of verifiability and trust in the system.\n    Mr. Raskin. It will promote a lot more confidence in the \nreliability of the results?\n    Mr. Burt. Yes. Ultimately, it would provide a much greater \ndegree of confidence in the outcome, in part, because \nindividual voters, for the first time, will see that their vote \nactually was counted.\n    Mr. Raskin. Yeah. I mean, all of you have emphasized that \nour electoral integrity is a matter of national security. If \nyou think about it, why does Vladimir Putin and Prime Minister \nOrban in Hungary and Duterte and all the authoritarians and \ndespots and dictators want to destabilize our elections, it's \nbecause they want to destroy people's faith and confidence in \ndemocracy. They would like everything to be about authoritarian \ndespots who just make deals around the world and go and corrupt \neach other's elections and interfere in each other's \ngovernments. I yield back. Thank you for your testimony.\n    Chairman Nadler. The gentleman yields back. The gentleman \nfrom Pennsylvania.\n    Mr. Reschenthaler. Thank you, Mr. Chairman.\n    Mr. Burt, thanks for coming in today, and thanks for all \nyou're doing to make our elections safe and protecting \ndemocracy. I just wanted to see if you'd like to speak about \nwhy Microsoft got into the election space and just generally \nspeak, say, if there's anything more you want to elaborate on \nElectionGuard.\n    Mr. Burt. Absolutely. This goes to a number of the \nquestions about how we got to where we're at today. We need to \nkeep in mind that our foreign adversaries' direct efforts to \nintervene in our elections is a relatively new phenomenon, and \nthe process for certifying devices and so forth is an older \nphenomenon. So, this is something that the entire election \ncommunity is reacting to in a relatively short period of time.\n    For Microsoft, this started in 2016, during the Democratic \nNational Convention when our security team saw that a group \nthat we call STRONTIUM, which we now know from the Mueller \nindictment, is a Russian organization operated by the GRU, the \nsame group. When we saw that organization registering a bunch \nof fake Microsoft domains, domain names, websites that looked \nlike they were Microsoft, but really were not, and because of \nthe timing, we immediately took action, and ultimately, \nactually, went to court. We've been in a battle with that same \norganization now over several years in court, where every time \nthey register fake domains, or use them to try to steal \ncredentials, we go to court, get an order, we take those down \nand direct all of that traffic to our own sinkhole at our \ndigital crime's unit. So, we're in a constant technological \nbattle with that organization. It started then.\n    Then as we fast-forward over the next year, I had a \nconversation with our president, my boss, Brad Smith, and we \ntalked about the obligation we have as a company, a company \nbased in a democracy, founded in a democracy, to help protect, \nhowever we can, those democratic institutions and our voting \nprocess as a core democratic institution. That's when we \nfounded our Defending Democracy Program which we're going to \ncontinue to invest in and advance in coming years.\n    Mr. Reschenthaler. Thank you again, Mr. Burt. I really \nappreciate all you're doing, and with that, I would yield the \nremainder of my time to my friend and colleague from Florida.\n    Mr. Gaetz. I thank the gentleman for yielding. Mr. \nChairman, I initially have a unanimous consent request that \nH.R. 3529, the bipartisan election security legislation I \nreferenced earlier be entered into the record.\n    Chairman Nadler. Without objection.\n    [The information follows:]\n    \n\n                        MR. GAETZ FOR THE RECORD\n\n=======================================================================\n\n[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]\n\n    Mr. Gaetz. Thank you. I want to return to this issue of \npaper ballots versus blockchain technology, and I know that we \nall likely have a lot to learn on that. Mr. Burt, do you view \nblockchain technology as potentially being more applicable to \nthe voter rolls and the maintenance of the rolls and ensuring \nthat there is no manipulation of those than to the actual vote \nitself? Or would you view the technology as applicable or \ninapplicable to those two silos of election data separately?\n    Mr. Burt. So, I think you do need to evaluate those two \nthings separately, because they really are different problem \nsets, right? So, you need to look at the problem set and what \nyou're trying to address. There's two different problem sets \nbetween voting, where we don't think blockchain is a great \nsolution for a nationwide election, and the voter registration \nrolls where, to be honest, it's something I need to go back and \ntalk to our experts about, whether it's a potential solution.\n    Offhand, I'm not sure that it is, because again, you don't \nreally want in the context even of a voter registration roll, \nyou don't want a distributed ledger. You want a ledger with a \nleader.\n    Mr. Gaetz. Why is that?\n    Mr. Burt. Because you want to have someone who has the \ndecision-making authority about what's a legitimate \nregistration and what's not. In a distributed environment, \nthat's being determined by every other participant in that \nenvironment. Now, there may be a way to make blockchain \napplicable to the voter registration process to help with this \nsecurity issue. I want to go back and talk to our experts. \nOffhand, I think it's probably not the right technological fit.\n    Mr. Gaetz. Again I'm not asserting that it is, it's just \nvery interesting to me that it seems to be less susceptible to \nmanipulation because in the event that you had the circumstance \nyou describe, where someone was attempting to manipulate the \ndata, instead of us relying on one supervisor of elections, a \nDepartment of State, or even some of these joint task forces \nthat I think we've very productively discussed today, you would \nhave potentially thousands of different nodes and capabilities \nto be able to diagnose that manipulation.\n    My concern now is, if you can essentially flummox a \nsupervisor of elections, you can manipulate the voter rolls. As \nI sit here today, having received the briefing that I know my \nFlorida colleagues received, I'm not certain that in my State, \nthere wasn't some manipulation of the voter rolls. No one's \nbeen able to reflect that certainty than me, and so I'm just \ntrying to kind of democratize the oversight of that system, \npotentially. So, again, I don't expect anyone to be an expert \non this. I think we've got a lot to learn about it. I just \nreject the premise that only a piece of paper gives us a sense \nof a lack of manipulation.\n    Mr. Burt. I don't disagree with that, Congressman. If I \nmay, I'd like to go back and--\n    Chairman Nadler. The gentleman's time is expired. The \nwitness may answer the question.\n    Mr. Burt. Thank you, Chairman. Let me go back and we come \nback to you and answer the question more specifically about \nblockchain and voter registration rolls, whether that or some \nother approach is the best means of securing those rolls.\n    Mr. Gaetz. Thank you. I yield back.\n    Chairman Nadler. The gentleman yields back. The gentlelady \nfrom Florida.\n    Mrs. Demings. Thank you so much, Mr. Chairman. Thank you to \nall our witnesses for being here. I am from Florida, and I \nrepresent Florida, and I do agree with my colleague's earlier \nstatement from Florida that every voter, regardless of their \nparty, where they live, their zip code, deserves to have their \nvote counted. So, thank you very much, Mr. Chair, for this very \ntimely and important hearing.\n    Mr. Burt, I'd just like to ask you, have you faced any \nobstacles at the Federal level with implementing ElectionGuard, \nand if so, what have they been?\n    Mr. Burt. We have not faced any obstacles at the Federal \nlevel to implement ElectionGuard. Now that the technology is \nactually out and available for inspection and deployment, we \nexpect to have continued conversations with a number of \nrepresentatives, Federal Government, where we will explain the \ntechnology and how it works. I don't anticipate actually any \nFederal-level resistance because, I think we are aligned with \nthe Federal interest, especially those of CISA and others \nresponsible for our election security.\n    Mrs. Demings. If you could State again, what's the timeline \nof implementation?\n    Mr. Burt. So, the technology is available right now for \nimplementation in devices. The timeline is complex, and that is \na bit of a problem. It's complex for a number of reasons, some \nthat really government can't do much about, because the vendors \nhave to inspect the technology, determine whether they want to \nput it in devices. There must be a demand from State and local \nvendors for the technology, which we think there will be, based \non our conversations so far. Then once those are available, \nthere has to be the funding at the State and local level to be \nable to deploy the new devices that implement the technology, \nand all of that is subject to this currently outdated \ncertification process that takes too long, it's too burdensome, \nand it's too hard.\n    Those rules are being updated right now by the Election \nAssistance Commission, but we need to make sure they're updated \nin a way that provides much more agility and flexibility. So, \nyou've got all of those pieces that need to come into \nalignment. We're confident they will. We're confident we'll \nhave some pilot elections utilizing this technology no later \nthan 2020, but the sooner that it can be deployed to secure our \nelections, the better.\n    Mrs. Demings. My understanding is that certain of the \nbreaches in the 2016 election, when they were going door to \ndoor looking to see which windows were unlocked, and doors, \nwere not immediately detected. So, my question is, what signs \nshould election officials be trained to look for on election \nday, to ensure that there are no undetected attacks? Either \nof--\n    Ms. Plunkett. The first and most important is to have a \nbaseline of what normal looks like. Every election jurisdiction \nneeds to know what normal operations looks like. So that they \ncan then have the appropriate monitoring in place, should there \nbe any abnormal activity, whether that be a flow of data that \nlooks unusual, a disruption of data that looks unusual, a login \nfrom an unusual--someone who should not have access, from an \naccount that should not have access. So, knowing what normal \nand having that baseline, and then being able to monitor for \nany abnormal activity is the most important.\n    Mrs. Demings. Thank you.\n    Ms. Boockvar. I would say, every level needs to be trained \nin this. Starting from technology, right, the intrusion-\ndetection systems should be in every single county in the \ncountry and every municipality that runs elections, I think \nthat is one of the most critical components for protecting our \nelections from here forward. I'd love to see resources from the \nFederal Government to make sure that happens, so that we don't \nhave voters in under-resourced counties with less security than \nothers.\n    Then poll workers, my first job in elections was as a poll \nworker, making sure that we had the support and training for \nthe poll workers to be able to recognize, not only signs that \nare problematic, like people not being in the voting rolls, but \nknowing about provisional ballots. We haven't mentioned \nprovisional ballots yet once in this hearing. We actually have \na provision that allows when people are not in the voter rolls \nto still vote. Sometimes poll workers don't remember to do \nthat, or don't know to do that.\n    So, they need to be adequately trained. Every voter can get \na provisional ballot, and then it can be checked later. So, if \nthat person is eligible, they should never, ever be turned \naway.\n    Mrs. Demings. Thank you so much.\n    I yield back, Mr. Chair.\n    Chairman Nadler. The gentlelady yields back. There are 4 \nminutes and 20 seconds left on a vote on the floor. We have a \nnumber of votes on the floor. The Committee will stand in \nrecess but will reconvene immediately upon cessation of the \nvotes on the floor. So, please, I ask the Members of the \ncommittee, come back as soon as the last vote is cast. The \nCommittee stands in recess.\n    [Recess.]\n    Chairman Nadler. The Committee will come to order.\n    The gentlelady from Texas is recognized.\n    Ms. Garcia. Thank you, Mr. Chairman.\n    Thank you for the patience of our witnesses as they waited \nfor us while we registered our votes, and that's what we're \nfocusing on, aren't we, voting. So, thank you for being here.\n    Election security is all about voter confidence and \nparticipation. The more confident voters are in the integrity \nof our election systems, the more confident they will feel that \ntheir vote has been counted and that their voice has been heard \nand, of course, this directly impacts their future \nparticipation.\n    I listened with great interest to some of your testimony, \nand I've looked at your written testimony. I wanted to start \nwith you, Mr. Burt. Quickly, I don't need a--I heard you \nexplain the system that you have, and I just want to make sure \nthat anyone watching is clear. Is yours a software system or a \nsoftware system and machines and an auditing system too or all \nthe above, one of the above?\n    Mr. Burt. Ours is a software system that needs to be \nincorporated into the voting system that is utilized by the \nState or local voting officials, and it supports multiple \ndifferent forms of voting systems. So, you can have an \nelectronic ballot-marking device. You can start with hand \nmarked ballots that are then scanned. We support those, and \nwe're working to support others that are not as widely used. \nBut, it's basically software that needs to be incorporated by \nvendors into the voting system itself.\n    Ms. Garcia. The verification that the user can--the voter \ncan go to online, that will simply just verify that they voted, \nor can they print something at home through your software \nsystem?\n    Mr. Burt. So, the system, when they vote, when they go to a \npolling place and they vote, they get a piece of paper that has \nthe code. They can then enter the code in later and they will \nsee, they will get verification that their vote was counted. \nThey can't see their vote. This is really critically important. \nThey can't see who they voted for. They know who they voted \nfor, but what the system tells them is your vote was not \nchanged and your vote was counted. It's important that they not \nbe able to see their vote, because otherwise, they could be \ncoerced into voting in a certain way, you could sell your vote. \nThis is an important character--\n    Ms. Garcia. Anyone doing an audit would also not be able to \nsee how they voted?\n    Mr. Burt. That's correct. That's actually--\n    Ms. Garcia. So there really is no paper trail?\n    Mr. Burt. There is a paper trail in the sense that our \nsystem supports the creation of a verified paper ballot. So, \nyou vote, that's encrypted, but you also get a paper ballot \nthat the voter can look at and say, yes, this is correct. You \ndeposit that in the ballot box. That can be used for risk-\nlimiting audits, even for hand counts, if necessary, although \nit shouldn't be necessary.\n    Ms. Garcia. Well, I'm thinking of a lot of people in my \ndistrict that don't have a computer at home, don't have a \nlaptop, don't have a way of doing any of that. So, what are we \nto do with, quite frankly, the usual targeted populations when \nthere are some of this misinformation hacking? It's usually \nmany times, minority voter precincts that get attacked. So, \nwhat would we do then for the person who doesn't have access to \na computer or internet to be able to go through that process?\n    Mr. Burt. So, our system is based on polling place voting, \nwhether it's hand-marked ballots or using an electronic voting \nmachine. The election guard supports going to the polling place \nto vote. So, you don't need to have any technology in order to \nvote--\n    Ms. Garcia. No, but to verify--\n    Mr. Burt. But to verify and--yes. So--\n    Ms. Garcia. I'm talking specifically about verifying that \nyou voted.\n    Mr. Burt. Correct.\n    Ms. Garcia. It's actually sort of happened to me once. I \nvoted and I thought I had done everything, and then they came \nto the car to get me and said, I was a senator at the time, \nthey said, Senator, it didn't go through. I said, what do you \nmean it didn't go through? So, I had to go back in and, \nessentially, vote again. It made no sense to me that I had to \ndo that. I think that happens probably more often than not.\n    So, I'm just concerned about the populations who don't have \naccess to their computer to verify that, in fact, their vote \nwas counted.\n    Mr. Burt. Totally understandable. The good news is that you \ncan do the verification in our system with a smartphone. In \nmost populations, smartphones have penetrated much further than \nlaptops.\n    Ms. Garcia. Well, many in my district do not have \nsmartphones. They just have the one that you go to the flea \nmarket or a store--what are they called? The click-it phones or \nflip phones. They don't have a smartphone. Those are more \ncostly. They go in there--Cricket phones. They go there and get \n1 month at a time. We're talking about people that are paycheck \nto paycheck. They can't afford one like mine.\n    Mr. Burt. Yes. I understand, Congresswoman. The \nverification does require some access to a system, whether it's \nyour neighbor's phone, your phone, go to the library and access \na computer, to get that personal verification. Now, keep in \nmind, that's a new advance of the technology, but to do that \nverification and see that your vote was counted, with our \nsystem, you will need access to something, whether it's a \nsmartphone, a public computer, some device that lets you see, \nyes, my vote, in fact, got counted.\n    Ms. Garcia. Well, thank you.\n    I've run out of time and I yield back. Thank you, Mr. \nChairman.\n    Chairman Nadler. The gentlelady yields back.\n    The gentlelady from Pennsylvania.\n    Ms. Scanlon. Thank you very much.\n    Ms. Boockvar, I wanted to thank you for your work in \nremoving barriers to voting in Pennsylvania for everyone who's \neligible to vote. In particular, I wanted to thank you for your \nattention to modernization of Pennsylvania's voting system and \nthings such as, just 2 weeks ago, rolling out the ability to \nrequest absentee ballots online. I know my three children, who \ndo not live in the district anymore, when they're at school, \nappreciate that ability.\n    You've also paid a lot of attention to our young voters, \nand I know particularly high school registration. Can you just \ntell us a little bit about what you've done there?\n    Ms. Boockvar. Governor Wolf started a couple years ago the \nGovernor's Civic Engagement Award, and it's been a tremendous \nsuccess in Pennsylvania encouraging students in schools to \nregister eligible voters to vote. It's been terrific, both the \ncompetition from school to school and from student to student, \nbut also their engagement in voting, which as we all know--\nprobably a lot of us started our civic engagement early, and it \nreally--research shows when you are engaged early, you probably \nbecome life-long voters, and that's critical to our democracy.\n    Ms. Scanlon. Okay. Turning more to what's at hand here, \nthere's been discussion about needing to improve lines of \ncommunication between Federal, State, and local agencies. Can \nyou explain a little bit about that?\n    Ms. Boockvar. Absolutely. So, one of the things that we've \nbeen talking about a lot, and as we've developed these \nconversations around election security, is the importance of \ncontinuity of operations, or COOP planning. It's one of those \nthings that I think a lot of areas like emergency management \nand law enforcement have been doing for a long time, but the \nelections sphere, it's relatively new. One of the critical \ncomponents of effective COOP planning is to know who to call at \nthe moment you need to call them. Because the last thing you \nwant to do when an incident happens is figure out who the right \nperson is to call.\n    So, the more clarity we have about who at the Federal \nGovernment is the call to make at incident X, Y, or Z, the \nbetter it would be for the counties to not to have to figure it \nout at the moment. We're doing a lot of work with the counties \nto develop those COOP plans, but we need that to come from the \nFederal Government as well to make sure we have centralized \nlines of contact.\n    Ms. Scanlon. Okay. If you have one piece of advice for \nCongress as we debate the appropriate vehicles to legislate and \nto fund this, what would that be?\n    Ms. Boockvar. I'd have to go back to our conversation about \ndiversifying the types of election security that's implemented \nacross the country. So, there's been a lot of attention to \nvoting systems, which is a very important thing, to transition \nto paper records. As we discussed earlier, so many other \ncomponents of this process are at least as critical. So, we \nneed to allow funding to go to voter registration databases, \nintrusion detection systems, making sure that we have layered \ndefenses to all our networks, phishing and security training \nand multifactor authentication, and COOP planning. All those \nthings are equally important, and I'm most worried about \nthinking that one solution is going to fix everything. We need \nto give the States the ability to decide what their most \ncritical components are.\n    Ms. Scanlon. As I understand it, that involves both work \nand helping establish best practices that the Federal \nGovernment can help push out and then providing funding to \nachieve those best practices?\n    Ms. Boockvar. Exactly.\n    Ms. Scanlon. Okay. Thank you.\n    I yield back.\n    Ms. Boockvar. Thank you.\n    Chairman Nadler. The gentlelady yields back.\n    The gentleman from Arizona.\n    Mr. Stanton. Thank you, Chairman, for hosting this \nimportant hearing today. It's one of the most pressing issues \nfacing our Nation.\n    Thank you to the witnesses for not only appearing today and \nsharing your expertise, but for taking such a leading role in \nprotecting the integrity and security of our elections at all \nlevels of government. It's much appreciated.\n    Our Nation came under attack in 2016. The special counsel \ndescribed Russia's efforts to interfere in our elections as, \nquote, sweeping and systemic, unquote. They deceived Americans, \nhacked into campaign email accounts, hacked into the very \nsystems and databases that conduct our elections at the State \nlevel.\n    We know that these same kinds of attacks continue to this \nvery day. The Federal Bureau of Investigation Director \nChristopher Wray, stated that, quote, ``this is not just an \nelection-cycle threat. It's pretty much a 365-day-a-year \nthreat,'' unquote. Despite that, this White House has done \nnothing. It joins the Senate in sitting on its hands in the \nfight to defend our democracy. It's a real travesty, and I hope \nwith this hearing and the legislative efforts, we can begin to \nturn the tide.\n    Unfortunately, my home State of Arizona, its voter \nregistration database was one of Russia's targets. Their attack \nwasn't successful, but it shows the heightened importance local \nofficials must place on election security.\n    Ms. Plunkett, you mentioned in your written testimony the \nimportance of the integrity of voter registration databases and \nePollbooks. When it comes to the use of ePollbooks for voter \nregistration rosters and ballot-on-demand printers, do you \nagree that it is a best practice to use encrypted \ncommunications in all circumstances when data is transmitted or \nreceived?\n    Ms. Plunkett. Yes, I do.\n    Mr. Stanton. Can you think of a circumstance--is there ever \na circumstance where election officials should transmit or \nreceive data on these devices in a nonencrypted manner?\n    Ms. Plunkett. I cannot envision a circumstance such as \nthat.\n    Mr. Stanton. Thank you.\n    Ms. Plunkett, you also mentioned that the steps the Federal \nGovernment and State governments must take will cost more than \n$2 billion. Not all States are adequately investing in election \nsecurity. Some, including Arizona, are cutting election \nsecurity funds.\n    What type of outcomes and risks are States that don't take \nthis issue seriously exposing themselves to?\n    Ms. Plunkett. Well, they're exposing themselves to the \npotential for their election outcomes to be corrupted, invalid, \nnot accepted, not trusted by the populous that they represent, \nand ultimately, the impact of the perception could be much \nworse than the reality, which would mean people would not come \nout to vote.\n    Mr. Stanton. Thank you for that answer.\n    This is a question for all of the witnesses. Some elected \nofficials use USB devices to transfer data from one device to \nanother. Is it best practice to use those devices only a single \ntime to minimize the possibility of malware or to use those \ndevices repeatedly?\n    Ms. Boockvar. I would go with, yes, that it is certainly a \nbest practice. There are some circumstances where as long as \nthere's effective reformatting, that that might be effective, \nbut I think using new ones is always, I would say, the best \npractice.\n    Mr. Stanton. Mr. Burt?\n    Mr. Burt. I would caution that USB devices are a known \nvector for the transmission of malware which can be installed \nat the time of their manufacture. So even using new USB devices \nfrom anything other than a very highly trusted source, and \nincreasingly that would mean of American manufacture, if you \nare using it in an election in the United States, is a \nchallenging thing to do.\n    You can try to scan that device, you can try to make sure \nit doesn't have malware on it before it's ever used, but that \ncould be a very costly and time-consuming practice. So, the use \nof USB devices is something that we would say you should be \nvery cautious about doing it even once because the malware may \nbe present on that device when you first use it.\n    Mr. Stanton. Thank you.\n    Ms. Plunkett, have any thoughts on that subject matter?\n    Ms. Plunkett. I would go so far as to say that, unless \nthere are no other alternatives, the use of thumb drives should \nbe prohibited.\n    Mr. Stanton. Thank you very much.\n    I yield back.\n    Chairman Nadler. The gentleman yields back.\n    The gentlelady from Pennsylvania.\n    Ms. Dean. Thank you, Mr. Chairman. Thank you for holding \nthis important hearing.\n    I want to associate myself, so as not to be repetitious, \nwith Representative Stanton's remarks of the gravity of the \nsituation, as well as Chairman.\n    Secretary Boockvar, as you said--and you're not alone in \nsaying this--nothing is more important than the security of our \nelections. Nothing in this democracy is more important than \nthat. So, I am glad we're talking about these issues.\n    Secretary Boockvar, of course, I am delighted to see you \nhere from Pennsylvania. I thank you and Governor Wolf for your \nservice, particularly in the area of election security.\n    I'm thinking back to Mueller coming in and telling us and \ntelling the world that certainly we--our elections were \ninterfered with in 2016, and if I recall him correctly, he \nsaid, and it's going on\n24/7. That interference continues.\n    Can you describe some of our vulnerabilities as of 2016 and \nmaybe lay out some of the vulnerabilities that you still see?\n    Ms. Boockvar. So, I think the good news--and going back to \nwhat we talked about earlier, is the good that arose from what \nhappened in the past is that we are--with the declaration of \nbeing critical infrastructure, it's provided us with a lot more \nresources. So, one of the things that I really think is \ncritically important across the country as well as in the State \nare these collaborations that we've been talking about. So, I \nthink the lack of collaboration and intersection of resources \ncould be a vulnerability if it's ignored.\n    So, for example, we found in Pennsylvania, as we started to \nhave like tabletop exercises and really improve our \ncollaborations, a lot of times in the counties, the election \nofficials didn't even know the emergency management personnel. \nThat's crazy, right. So, in 2018, the primary was almost like a \nreal-life tabletop exercise. I don't know if you recall, but \nthere was a tornado that crossed the State literally on primary \nday. So, we had to have--trees were down, polling places were \nblocked, electricity went out. The intersection of the \nemergency management, law enforcement, and elections was \ncritical--is critical.\n    So, one of the vulnerabilities is not feeding that well. \nAgain, it goes back to the COOP planning, too. Then I also want \nto make sure that our counties have the resources they need to \nhave really advanced intrusion detection systems, effective \nplan--training of phishing and security and all that, and every \nadvanced sensor and protection, layered defenses of their \nnetwork.\n    So, those are the areas that I would really focus on. \nSupporting the local counties and municipalities would be one \nof the areas I'd want to direct most attention.\n    Ms. Dean. The issue of certification, I guess, of the \nequipment itself, what is the delay there? How could we \nstreamline that? Either you or any of the witnesses.\n    Mr. Burt. The issue there is that the standards that--the \nguidelines that are promulgated by the Election Assistance \nCommission are more than 10 years old. In fact, the most recent \nmodification of those guidelines, there's not a single election \nsystem that's ever been certified under those most recent \nguidelines, and they're 10 years old.\n    So, what the Election Assistance Commission is doing right \nnow, which is revising those guidelines, is critically \nimportant, but they need to move quickly. They need to move \nwith expeditious activity, because this threat, as you pointed \nout, Congresswoman, is 24/7. It's happening now. It's going to \nhappen through the 2020 election cycle.\n    So, we need the EAC to adopt new guidelines for \ncertification quickly. The current ones are--don't adequately \naddress security, and they take too long and they're too \nburdensome. So, we need to streamline that process, make it \nfaster.\n    One of the really critical things for all State and local \nelection officials is we need to make it very easy to apply \nsecurity updates. That's a key defense to these adversaries \nfrom every vendor, and so we need to be able to apply security \nupdates quickly, expeditiously, without so much bureaucracy so \nthat we can respond.\n    Ms. Dean. Thank you very much.\n    This will just be by way of sort of a rhetorical statement. \nI was struck by something you wrote in your testimony, \nSecretary Boockvar. You wrote that election security is a race \nwithout a finish line, that our adversaries are continuously \nadvancing their technologies, and we must do more all the time. \nSo, we know that we can't see a finish line for this, and we \nhave to identify the threats.\n    I have to wonder what conversations all of you have had to \nhave with your own organizations based on foreign threats, but \nnow the news of this past week, domestic threat to our \nelection. It couldn't be a more grievous, grave time. None of \nus is pleased with the news of the Ukraine conversation by the \nPresident of the United States in an attempt to interfere in a \nfuture election. So, I praise you all for your work. Help us do \nbetter at our work to protect our elections.\n    I yield back.\n    Chairman Nadler. The gentlelady yields back.\n    This concludes today's hearing. We thank all our witnesses \nfor participating.\n    Without objection, all Members will have 5 legislative days \nto submit additional written questions for the witnesses or \nadditional materials for the record.\n    With that, without objection, the hearing is adjourned.\n    [Whereupon, at 12:02 p.m., the Committee was adjourned.]\n     \n\n                                APPENDIX\n\n=======================================================================\n[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]\n\n                                 [all]\n</pre></body></html>\n"