[Congressional Record Volume 149, Number 176 (Tuesday, December 9, 2003)]
[Senate]
[Pages S16122-S16124]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]

      By Mrs. CLINTON:
  S. 1986. A bill to amend the help America Vote Act of 2002 to require 
voter verification and improved security for voting systems under title 
III of the Act, and for other purposes; to the Committee on Rules and 
Administration.
  Mrs. CLINTON. Mr. President, I rise to introduce the Protecting 
American Democracy Act of 2003, legislation that is vital to ensuring 
that the voting systems used in our Federal elections are as secure as 
possible while also ensuring that each and every voter in our Nation 
has an equal opportunity to verify his or her vote before that vote is 
cast and permanently recorded. At its core, this legislation will 
ensure that every vote is properly counted, ensuring the integrity of 
each vote, which is at the heart of our democracy.
  In recent months, there has been discussion about the increasing use 
of electronic voting systems such as direct recording electronic 
systems (DREs), the first completely computerized voting systems. 
Computerized voting systems can have many advantages. As the 
Congressional Research

[[Page S16123]]

Service has reported, they are arguably the most user-friendly and 
versatile of any current voting system. Among many features, such 
voting machines can be easily programmed to display ballots in 
different languages and can be made fully accessible for persons with 
disabilities, including the visually impaired. They can also prevent 
overvotes and spoilage of ballots due to extraneous marks since no 
document ballot is involved. In addition, fully computerized systems 
have the ability to notify voters of undervotes. Presently, no other 
kind of voting system possesses so many features. For this reason, it 
is expected that within the next two years, with funding authorized 
under the Help America Vote Act of 2002 (``HAVA''), state and local 
jurisdictions across the country will begin purchasing fully 
computerized systems.
  One of the disadvantages of these electronic voting systems, however, 
is that they do not give voters an opportunity to verify their votes--
to confirm that the voting machinery is registering the vote that the 
voter intended to cast--before the vote is cast and permanently 
recorded. In addition, electronic voting systems raise other concerns 
because of the ability of the software in the voting system to be 
compromised, or worse, maliciously attacked, by someone who may want to 
alter the voting results. Indeed, a number of recent studies, including 
the July 2001 study by Caltech/MIT, the July 2003 study by Johns 
Hopkins and Rice universities, the September 2003 study by the Science 
Applications International Corporation, requested by the Governor of 
Maryland, and the two November 2003 studies conducted by Compuware 
Corporation and InfoSENTRY, requested by the Ohio Secretary of State, 
pointed to significant and disturbing security risks in electronic 
voting systems and related administrative procedures and processes.
  That is why in addition to ensuring that voters have an opportunity 
to verify their vote, it is vital that we improve the security of 
voting system technology, and that means not only the kind of software 
that is used but also how, for example, that software is designed, 
stored, disseminated, updated, field tested, and used in an actual 
election. This is a developing consensus among computer security 
experts that not only is the security of electronic voting systems 
wholly inadequate, but that the security policies and procedures that 
State and local election officials, voting system vendors, and others 
use are non-existent, inadequate, or, if they exist, are not followed, 
which is the same as having no policy at all.
  Our Nation is the greatest Nation on earth and it is the leading 
democracy in the world. Central to that democracy is ability of 
Americans to have confidence in the voting system used to register and 
record their votes. This is a fundamental standard that must be met. I 
have concerns, however, that our Nation is falling short of that 
standard.
  That is why I am today introducing the ``Protecting American 
Democracy Act of 2003,'' which amends by adding a voter verification 
requirement for voting systems to give each voter an opportunity to 
verify his or her vote at the time the vote is cast. Voters will be 
given an opportunity to correct any error made by the voting system 
before the permanent voting record is preserved.
  While requiring that all election jurisdictions give voters the 
ability to verify their votes, this legislation also gives States and 
local jurisdictions the flexibility to employ the most appropriate, 
accurate, and secure voter verification technologies, which may include 
voter-verifiable paper ballots, votemeters, modular voting 
architecture, and/or encrypted votes, for their State or jurisdiction 
in a uniform and nondiscriminatory manner. Any voter verification 
method used must ensure that voters with disabilities and other 
affected voters have the ability to cast their vote in private, and 
language minorities must have equal access in verifying their vote. 
This is important if we are to ensure that all Americans--including the 
more than 20 million voters who are visually impaired, the more than 40 
million Americans who lack basic literacy skills, and millions of 
language minorities--will be able to exercise their constitutional 
right to vote.
  To address critical security issues, the ``Protecting American 
Democracy Act of 2003'' also amends HAVA by adding a security 
requirement for voting systems to ensure that voting systems are as 
secure as possible. Specifically, voting systems must adhere to the 
security requirements for Federal computer systems as required under 
current law or, alternatively, more stringent requirements adopted by 
the Election Assistance Commission. Currently no such requirement 
exists. I believe that, at minimum, the systems used by the people of 
the United States to exercise their constitutional right to vote, the 
hallmark of our democracy, should be at least as secure as the computer 
systems used by the Federal Government.
  The security requirements must also provide that no voting system 
shall contain any wireless device, which reduces the risk that hackers 
will be able to attack any electronic voting system. In addition, all 
software and hardware used in any electronic voting system must be 
certified by laboratories accredited by the Commission as meeting all 
security requirements.
  The Act also requires the Election Assistance Commission to report to 
Congress within 6 months of enactment regarding a proposed security 
review and certification process for all voting systems. Within 3 
months of enactment, the Government Accounting Office, unless the 
Commission has already completed the following report, must issue a 
report to Congress on the operational and management systems that 
should be employed to safeguard the security of voting systems, 
together with a schedule for how quickly each such measure should be 
implemented.
  Lastly, immediately upon enactment, the National Institute of 
Standards and technology (NIST) must provide security consultation 
services to State and local jurisdiction. Two million dollars in Fiscal 
Years 2004 through 2006 are authorized to be appropriated to assist 
NIST in providing these security consultation services.
  I cannot think of a more significant risk to our democracy than for 
Americans to lack complete confidence in the voting systems used to 
cast and count their votes in Federal elections. For all those who 
believe that in a democracy, there is no more important task than 
assuring the sanctity of votes, this should be an easy step to take to 
assure it. For this reason, I urge all of my colleagues to support this 
legislation. I ask unanimous consent that the text of this bill be 
printed in the Record.
  There being no objection, the material was ordered to be printed in 
the Record, as follows:

                                S. 1986

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Protecting American 
     Democracy Act of 2003''.

     SEC. 2. REQUIRING VERIFICATION FOR VOTERS.

       (a) In General.--Section 301(a)(2) of the Help America Vote 
     Act of 2002 (42 U.S.C. 15481(a)(2)) is amended by adding at 
     the end the following new subparagraph:
       ``(C) Voter verification.--
       ``(i) The voting system shall provide a means by which each 
     individual voter must be able to verify his or her vote at 
     the time the vote is cast, and shall preserve each vote 
     within the polling place on the day of the election in a 
     manner that ensures the security of the votes as verified for 
     later use in any audit.
       ``(ii) The voting system shall provide the voter with an 
     opportunity to correct any error made by the system before 
     the permanent record is preserved for use in any audit.
       ``(iii) The verified vote produced under this subparagraph 
     shall be available as an official record.
       ``(iv) Any method used to permit the individual voter to 
     verify his or her vote at the time the vote is cast and 
     before a permanent record is created--

       ``(I) shall use the most accurate technology, which may 
     include voter-verifiable paper ballots, votemeters, modular 
     voting architecture, and encrypted votes, in a uniform and 
     nondiscriminatory manner;
       ``(II) shall guarantee voters with disabilities and other 
     affected voters the ability to cast a vote in private, 
     consistent with paragraph (3)(A); and
       ``(III) shall guarantee voters alternative language 
     accessibility under the requirements of section 203 of the 
     Voting Rights Act of 1965 (42 U.S.C. 1973aa-1a), consistent 
     with paragraph (4).''.

     SEC. 3. REQUIRING INCREASED SECURITY FOR VOTING SYSTEMS.

       (a) Section 301(a) of the Help America Vote Act of 2002 (42 
     U.S.C. 15481(a)) is amended by

[[Page S16124]]

     adding at the end the following new paragraph:
       ``(7) Increased security for voting systems.--
       ``(A) Voting system security requirement.--The voting 
     system shall adhere to security requirements for Federal 
     computer systems or more stringent requirements adopted by 
     the Election Assistance Commission after receiving 
     recommendations from the Technical Guidelines Development 
     Committee under sections 221 and 222. Such requirements shall 
     provide that no voting system shall contain any wireless 
     device. All software and hardware used in any electronic 
     voting system shall be certified by laboratories accredited 
     by the Commission as meeting the requirements of this 
     subsection.
       ``(B) Report to congress on security review.--The 
     Commission, in consultation with the National Institute of 
     Standards and Technology (NIST), shall report to Congress not 
     later than 6 months after the date of enactment of the 
     Protecting American Democracy Act of 2003 regarding a 
     proposed security review and certification process for all 
     voting systems.
       ``(C) General accounting office report.--Not later than 3 
     months after the date of enactment of the Protecting American 
     Democracy Act of 2003, the Government Accounting Office, 
     unless the Commission has previously completed such report, 
     shall issue a report to Congress on the operational and 
     management systems that should be employed to safeguard the 
     security of voting systems, together with a schedule for how 
     quickly each such system should be implemented.
       ``(D) Provision of security consultation services.--
       ``(i) In general.--On and after the date of enactment of 
     the Protecting American Democracy Act of 2003, the National 
     Institute of Standards and Technology (NIST) shall provide 
     security consultation services to State and local 
     jurisdictions.
       ``(ii) Authorization.--To carry out the purposes of this 
     subparagraph, $2,000,0000 is authorized for each of fiscal 
     years 2004 through 2006.''.

     SEC. 4. EFFECTIVE DATE.

       The amendments made by this Act shall take effect as if 
     included in the enactment of the Help America Vote Act of 
     2002.
                                 ______