How counties are running war-games to prepare for election interference
First up today, let’s look at how counties across the U.S. are preparing for the 2020 election. This segment all comes from an article in the Washington Post by Joseph Marks, and it is a remarkable read. Let me give you the first two paragraphs:
“PRINCETON, [NEW JERSEY] — If Russian hackers seek to disrupt the 2020 election, it will be county election officials on the front lines. And some are diving in to war games so they can be ready for anything Moscow or another U.S. adversary can throw at them.
Election officials from New Jersey’s 21 counties huddled at tables in a hotel ballroom here, hashing out how they’d respond to Election Day cyberattacks. In some attack scenarios, hackers shut down voter registration databases, loaded voter files with phony information, or compromised county social media accounts so they start spreading false information about polling locations. They also prepared for what happens if attackers locked up election office computers with ransomware or shut down cellphone towers across multiple states.”
And from there, this article continues to read like a spy novel. It emphasizes the fact that U.S. federal elections are actually conducted at the local level. So every single state has to think about the security of its own elections, and that tends to fall on the shoulders of county officials. With a patchwork of election systems across the country, and a variety of threats facing them, these war games are now a necessity. And what’s worse, the war might be between county officials and nations.
According to the report, New Jersey is not alone. Reading again here:
“More than a dozen states have held election hacking war games for county officials during the past two years — many of them with help from the Department of Homeland Security. But the vast majority of those exercises have been done behind closed doors.
During the New Jersey exercise, county election officials had five minutes to game out a response plan to each hypothetical attack — typically getting their ideas by flipping through thick binders where they keep plans for all kinds of contingency scenarios.
Every time a county didn’t come up with a plan within the five-minute limit — or came up with a bad plan — a facilitator made a note in the county’s evaluation.”
So, be aware, there are war games in New Jersey and the best-known adversary is Russia. Who will win? Will the binders be thick enough? We will find out in a little more than a year.
Where the gaps are and what they’ll cost to fix
Next, let’s talk about money and the overall set of problems it might solve. Or might not. According to an article in Axios by Joe Uchill, QUOTE:
“The bare minimum cost of securing the U.S. election system is $2.153 billion [dollars] over the next 5 years, according to an estimate by the Brennan Center at NYU Law School. Lawrence Norden, director of the Electoral Reform Program at Brennan, told Axios it will likely cost a similar amount every 5 years after that. […] By the Brennan estimates, it will cost:
$734 million [dollars] to purchase voting machines that use paper ballots for the last few states, including Pennsylvania, that haven't already switched. Paper leaves an unhackable record of voter intent.
$486 million [dollars] for secure voter registration systems.
$833 million [dollars] for state and local election cybersecurity, including $55 million [dollars] in county-level cybersecurity staffing, assuming 1 employee for every 10 counties, and $9.6 million [dollars] for website security. [AND]
$100 million [dollars] for post-election audits.”
So, to reiterate, that’s more than $2 billion dollars over a five-year period, with a big chunk of that going into voting machines. But it’s not just about hackers getting in there and changing votes. There are serious concerns that voter registration systems are just as vulnerable—if voters suddenly lose their registration, whether through hacking or just plain technical problems, that’s another way the election can fail. People can’t cast votes if they’re not registered, or their registration mysteriously disappears or changes status.
And beyond all that, voting machines wear out. Even the old-fashioned ones. One expert cited in the Axios story suggested replacing them every 10 years.
And the final piece of the puzzle is making sure you have staff—all around the country—who are actually trained to make sure elections go smoothly, and to handle cybersecurity threats specifically. Even if that’s just one cybersecurity specialist per TEN COUNTIES, that’s more than we have now. Reading once more from Axios:
“"People think that on Election Day, they just go and cast a ballot," said Earl Matthews, chief strategy officer at the security firm Verodin and a retired Air Force major general. "But that process actually began many months earlier."
The federal government doesn't have to bear the full cost of cybersecurity. In fact, most states would prefer some degree of autonomy in how they run elections.
But states can't realistically fight off nations without a little more help.
"The federal government has a responsibility to share," said Christopher Deluzio, director of policy at [the] University of Pittsburgh's cyber center, who has written frequently about the cost of securing elections.”
The push for election security funding in Congress
So all of this adds up to a political fight in Congress, as we approach November 2020. The first big example is the “For the People Act of 2019,” which was in fact the very first bill that the House passed this session. It’s numbered House Resolution 1.
It would set aside $1.6 billion dollars in total, though many of the items it includes are not specifically election security measures. It includes a bunch of stuff like making Election Day a federal holiday, getting rid of partisan gerrymandering, requiring certain candidates to release tax returns, restructuring the FEC to remove one seat, and WAY more. But, keep in mind that number—$1.6 billion dollars.
In an article for Politico, Marianne Levine wrote about what happened when HR1 was sent over to the Senate.
“When asked at a news conference why he wasn’t bringing the House electoral reform bill to the Senate floor, [Senate Majority Leader Mitch] McConnell said, with a grin, "Because I get to decide what we vote on.”
“What is the problem we’re trying to solve here?” McConnell asked. “People are flooding to the polls.””
As if to respond to that question, later in the same article, Levine wrote:
“The legislation contains a series of voting reforms Democrats have long pushed for, including automatic voter registration, expansion of early voting, endorsement of D.C. statehood and a requirement that independent commissions oversee House redistricting. In addition, the bill requires “dark money” groups to disclose donors.
Democrats argue that the bill would make it easier to vote and crack down on money in politics.”
And that seems to be the core of the issue in Congress, at least in my reading. You have a combination of specific security factors along with a bunch of stuff about money in politics, and adding states, and so on. If those things could be separated, that might have a better shot.
Well, HR1 did not reach a vote in the Senate. Since then, some Democrats in the House, most notably Zoe Lofgren of California, have pushed for a more targeted approach. Lofgren introduced H.R. 2722, the Securing America’s Federal Elections Act, or SAFE Act. Let me read here from the summary of the bill, which by way, did pass the House in late June.
“The bill establishes requirements for voting systems, including that systems (1) use individual, durable, voter-verified paper ballots; (2) make a voter's marked ballot available for inspection and verification by the voter before the vote is cast; (3) ensure that individuals with disabilities are given an equivalent opportunity to vote, including with privacy and independence, in a manner that produces a voter-verified paper ballot; (4) be manufactured in the United States; and (5) meet specified cybersecurity requirements, including the prohibition of the connection of a voting system to the internet.
The National Science Foundation must award grants to study, test, and develop accessible voter-verified paper ballot voting and best practices to enhance the accessibility of such voting for individuals with disabilities, for voters whose primary language is not English, and for voters with difficulties in literacy.
The Election Assistance Commission (EAC) must award grants to states to replace certain voting systems, carry out voting system security improvements, and implement and model best practices for ballot design, ballot instructions, and the testing of ballots.”
There’s more in the bill, but that’s the key stuff. The cost of the bill is listed explicitly in its text as $600 million dollars in 2019, then $175 million dollars for each of 2020, 2022, 2024, and 2026. So this is a far cry from the $1.6 BILLION dollars in the previous proposal, but it is targeted specifically toward voting and voting systems. No DC statehood, no tax returns, nothing like that.
After the SAFE Act passed the House, it was not taken up the Senate. One of the loudest voices on the issue has been Senator Ron Wyden of Oregon. On Twitter, Wyden has made a running commentary on the act, every week tweeting a variant of the following. This is a tweet from Monday, September 23rd: “We are 407 days away from the 2020 election and Mitch McConnell has yet to take any concrete steps to protect our federal elections from hacking or foreign interference.” And in it, he links to his previous tweet on the same topic. I clicked and clicked and clicked until I found the original tweet from July 15th.
Last Week, McConnell did budge just a bit. Reading from a Washington Post article by Andrew Taylor:
“A key Senate panel on Thursday approved $250 million [dollars] to help states beef up their election systems, freeing up the money after Senate Majority Leader Mitch McConnell came under criticism from Democrats for impeding separate election security legislation.”
This new funding does have bipartisan support. Senator Chris Coons, a Democratic Senator from Delaware, supports it. Reading from the article again:
““We are simply responding to what I know to be an unmet need,” Coons said. “In 2016 we all know the Russian government’s military intelligence branch directed extensive activity against our election infrastructure and I think there is important undone work in providing modest federal support that will make some progress in assuring that our election infrastructure is protected.””
Senator Wyden disagreed with that approach.
A New York Times story by Michael Wines noted, in the headline, that Pennsylvania alone—that is ONE STATE—requires $125 million dollars just to update its voting machines for the upcoming election. And they would not get that from the McConnell proposal—even if they did, that’s HALF the money overall.
That article also pointed out that the funding in the McConnell compromise would provide only a fraction of what states need for equipment, much less training and all the other stuff. Reading from the article:
“Senator Ron Wyden of Oregon, one of the leading Democrats on voting security issues, called the measure a “joke.”
“This amendment doesn’t even require the funding be spent on election security,” he said in a statement. “Giving states taxpayer money to buy hackable, paperless machines or systems with poor cybersecurity is a waste.”
That underscored one of the key partisan differences that has blocked voting legislation. Calling it federal intrusion in local elections, Mr. McConnell of Kentucky and some other Republicans oppose proposals to tighten oversight of the voting infrastructure, such as limiting the purchase of voting machines to devices that produce a paper ballot. Democrats and other Republicans see such rules as central to shielding systems from outside interference.
“We don’t have basic standards for cybersecurity around elections,” [Lawrence] Norden, [director of the Election Reform Program at] the Brennan Center, said. “There are zero federal regulations on voting system vendors — even requirements to report that they’ve been hacked. You’re not going to deal with that through the appropriations process.””
What comes next
To close this out for today, let’s talk about what comes next. The McConnell compromise is not nothing. But it’s a fraction of what nonpartisan groups like the Brennan Center say is absolutely necessary. So we’re at a moment here where the Senate is debating what to do. Reading again from that Washington Post article by Andrew Taylor:
“Minority Leader Chuck Schumer […] was more measured.
“Maybe, just maybe Republicans are starting to come around to our view [that] election security is necessary, that if Americans don’t believe their elections are on the up and up, woe is us as a country, as a democracy,” Schumer said. “It’s not all the money we have requested and doesn’t include a single solitary reform that virtually everyone knows we need, but it’s a start.”
House Speaker Nancy Pelosi issued a statement with other top Democrats calling McConnell’s move “the smallest of steps to help guard against foreign election interference” and vowing to press for more action in upcoming spending bill negotiations this fall.”
And reading here from an op-ed in the New York Times from one week ago today:
“Whatever the impetus, the crack in the majority leader’s stonewalling is cause for, if not celebration, at least modest cheer. Senate negotiators will now work to reconcile their bill with the House’s version, which provides a more generous $600 million [dollars] with stricter conditions.
That said, more needs to be done. Democrats are pushing for broader reforms, bipartisan and otherwise.
Senator Michael Bennet of Colorado, a Democratic candidate for president, tweeted that Mr. McConnell needed to take up bills to “Strengthen election audits, Adopt paper ballots, Toughen disclosure on social media [and] Require campaigns to report contact w[ith] foreign officials trying to interfere.””
Well, that is it for one more episode of the Election Ride Home. I have been your host, Chris Higgins. You can always find me on Twitter @chrishiggins. Now, you might have noticed that today’s show diverged a little from our typical format, and I think you can guess why. I’m taking a little mental break from the big news this week, and stepping back to process the big picture around the election itself—not just what happened TODAY or THIS WEEK, but the broader stuff. We are skipping the candidate anecdote for this week, but don’t worry, I have one lined up for next week. One piece of breaking news you DO need to know today is that the October debate appears to be ONE NIGHT ONLY, so we should see 12 candidates on stage at one time. More on that next week. As always, thanks for listening, and I will talk to y’all on MONDAY.
- Chris Higgins on Twitter
- Chris Higgins on Instagram
- Election Ride Home on Twitter
- Election Ride Home on Facebook
- The Cybersecurity 202: How counties are war-gaming Election Day cyberattacks (WaPo)
- $250M for election security is a fraction of what's needed (Axios)
- HR1 - The For The People Act of 2019 (Brennan Center)
- H.R. 1, For the People Act of 2019 budget breakdown (CBO)
- House passes sweeping Democrat-backed election security bill (The Hill)
- H.R. 2722, Securing America’s Federal Elections Act (Congress dot gov)
- Mitch McConnell Backs Election Security Funding After Blocking It Repeatedly (HuffPo)
- McConnell won't allow vote on election reform bill (Politico)
- Senator Ron Wyden (Oregon) on Twitter (Twitter/Ron Wyden)
- Wyden tweet re 407 days until 2020 selection (Twitter/Ron Wyden)
- Key Senate panel approves $250 million for election security (WaPo)
- The Cybersecurity 202: Democrats launch ‘full court press’ on election security (WaPo)
- $250 Million to Keep Votes Safe? Experts Say Billions Are Needed (NYT)
- What Does Election Security Cost? (Brennan Center)
- As ‘Moscow Mitch’ Rings in His Ears, McConnell Backs Election Security (NYT)
- October Democratic debate to take place on one night (CNN)