A giant bill House Democrats proposed on Friday includes a number of measures aimed at improving election security and voter confidence. The measures in H.R. 1 draw on provisions from several bills that were proposed but failed since the 2016 election, which experts and officials concluded was targeted by a Russian-led influence operation.
Key features include a requirement that federal elections be conducted with paper ballots that can be counted by hand or optical scanners, new grants that states and municipalities can use to improve and upgrade equipment, an incident reporting requirement for election system vendors and a number of other measures meant to keep election systems’ security up-to-date.
Election security experts have criticized paperless voting machines because of their vulnerability to tampering with little recourse, since they produce no auditable paper trail of each vote. Such machines were used to some extent in more than a dozen states in the recent midterm elections, according to Verified Voting. In South Carolina and Georgia, voters sued the government under the premise that their votes aren’t being properly counted with paperless machines. The bill, also called the “For the People Act,” would statutorily do away with these machines for federal elections by 2022.
The bill also would authorize the Election Assistance Commission (EAC) to issue grants to states to improve the security of voting systems. The grants can cover new equipment, maintenance, cybersecurity and risk training, technical support and voter registration system improvements.
Congress, through the EAC, issued $380 million in similar grants in 2018. H.R. 1 would authorize $1 billion to be spent in 2019, then $175 million for each federal election year after that until 2026, although appropriated amounts could end up being less.
There are other grants in the bill that would go toward helping states conduct risk-limiting audits of election results as well as awards for a competitive program that would fund election security research and development.
Vendors that supply election equipment or services paid for by the grants would get a cybersecurity incident reporting requirement under the proposed bill. They would have to notify election agencies, the Secretary of the Department of Homeland Security and the EAC commissioner within three days if they suffer a cybersecurity incident.
Vendors would also be mandated to undergo testing nine months before a federal election to make sure they meet government-issued guidelines and best practices for election cybersecurity.
More scrutiny of vendors would come in the form of a proposed bug bounty program, inviting security researchers to probe their products for security vulnerabilities that can be remediated. However, the program would be voluntary for vendors, as well as state and local offices.
DHS and the EAC took the lead in coordinating with state and local officials to defend against election interference in the 2018 elections. As federal elections are run at the state and local level, much of the coordination was voluntary, while federal lawmakers tried and failed to get election security legislation passed over the past year.
You can read the full text of the bill here.