In recent weeks, intelligence officials have said clearly that Russia will likely meddle again in the 2018 midterm election season—which begins in Texas in less than three weeks. United States election systems, though, have not yet adequately improved defenses since the 2016 presidential election. On Wednesday, House Democrats outlined a last-ditch effort to step up security while there’s still some time.
The Congressional Task Force on Election Security—which counts not a single Republican among its members—announced a findings report and new bill outlining a comprehensive plan for funding and enforcing minimum security standards for all US election systems. Three other election security bills have already been introduced, but neither the Senate nor the House has held an election security hearing so far. President Donald Trump’s continuing skepticism that Russia interfered in the 2016 election process has also slowed momentum.
“Regardless of what President Trump believes, there’s no disagreement among security experts that Russia carried out a cyber-enabled influence campaign to meddle in our democratic process,” task force co-chair Bennie Thompson said on Wednesday. “Last week, Trump’s Secretary of State candidly admitted that we are no better prepared to stop Russia than we were in 2016. Time is short. Our 2018 and 2020 elections are just around the corner.”
The group’s proposal outlines 10 recommendations for securing election infrastructure. Some are widely promoted measures, like ensuring that all US voting machines produce voter-verified paper backups, replacing aging machines that are potentially more vulnerable to attack, improving communication between federal and local officials, and offering support so all states can conduct “risk-limiting” statistical audits after elections.
‘If we wanted to replace all of the equipment and infrastructure that needed to be replaced by the 2020 election, even now we’re running out of time.’
Lawrence Norden, NYU Brennan Center
Some are more subtle, though, and reflect the committee’s collaboration with election experts and the security community. For example, the report specifically suggests unlocking funding for states to improve their IT infrastructure, and particularly encourages states to overhaul their voter registration database architecture. Task force co-chair Robert Brady noted that 41 states operate databases that are at least 10 years old. The report also specifically calls on election equipment vendors to prioritize voting infrastructure security through steps like active patching programs and vulnerability and attack disclosures.
There is $400 million left from the 2002 Help America Vote Act that Congress authorized but was never appropriated, and the legislators propose that this funding be immediately distributed to help states replace voting machines—a move that groups like The National Association of Secretaries of State strongly support. But the task force’s proposed bill would also provide other types of funding to address election security initiatives that aren’t voting machine-related. The bill would expand the Election Assistance Commission’s oversight role, and authorize $1 billion for the Commission to distribute as election security grants. The legislation would also give every state one dollar for each person who voted in the most recent election to strengthen election infrastructure. And it would put $20 million toward a grant program for establishing risk-limiting audit initiatives.
Implementing all of the task force’s recommendations in every state would certainly raise baseline election security. But given the limited time left before the midterm elections and Congress’s overall lack of interest in taking action on election security, the odds of immediate large-scale improvement seem low. Representative Thompson even noted that though there are some bipartisan election security bills pending before Congress, no Republican representatives offered to help or participate in the task force.
“If we wanted to replace all of the equipment and infrastructure that needed to be replaced by the 2020 election, even now we’re running out of time,” Lawrence Norden, the deputy director of the Brennan Center’s Democracy Program at New York University School of Law, told WIRED ahead of the task force’s announcement. “Some of it isn’t that hard, like doing a thorough risk assessment, putting in basic cybersecurity best practices, and doing post elections audits. If you could make that happen for this November it would be really important. But Congress needs to make sure those minimums are hit.”
The task force makes it clear that the Constitution prohibits federal agencies from running elections, and it supports this decentralized approach. But after working for six months to evaluate the state of election security across the US, it concludes that federal resources should play a crucial role in supporting progress. “State and local governments must continue to run their own elections, but they cannot be expected to confront a sophisticated nation state like Russia on their own,” task force member James Langevin said. “We must take the next step and actually act swiftly to implement these policies.”
Though many states have made a significant effort to shore up their election defenses, time is almost up to implement baseline changes in every state. And that goes not just for 2018, but 2020 as well.