Lawmakers still need a hands-on demonstration of voting equipment vulnerabilities to fully grasp the urgency of election security, according to Rep. Jackie Speier, D-Calif.
“I think that if we can fashion some kind of an interactive experience for members to watch… then we’ve got their attention,” Speier, a member of the intelligence committee, said in an interview. “We need that moment and we need that equipment, and we need that hack. And so once we can do that and do it in a way that the average luddite can understand, then we’ll be golden.”
DEF CON, the hacking conference where researchers pick apart voting machines, provides that kind of visual demonstration. But Speier appeared to be the only lawmaker in attendance last week as the organizers of the DEF CON Voting Village presented their findings on Capitol Hill. (Some congressional staff did attend.)
Election security vaulted into the spotlight on Capitol Hill after the 2016 presidential campaign during which, according to U.S. officials, Russian-government-linked hackers probed the IT systems of 21 states and breached the Democratic National Committee to leak a trove of emails aimed at undermining Hillary Clinton’s candidacy. While activity on that scale has not yet surfaced this campaign season, U.S. officials have warned that the Russian government will continue to try to interfere in the 2018 midterms.
Speier credited DEF CON for bringing the challenges of election security to life for her, and said that her colleagues in Congress haven’t fully heeded the lessons of Russian interference in 2016. “I hadn’t focused on [the cybersecurity of election infrastructure] until after 2016, and then after I became aware of DEF CON and started really trying to immerse myself in understanding it,” she told CyberScoop. “Maybe I understand it 25 percent now, but I can tell you that I understand it about 90 percent more than most of my colleagues do.”
“I want to give [DEF CON representatives] every opportunity to be front-and-center” in the policy conversation in Washington, Speier added.
Voting Village organizers have clashed with top voting-equipment vendor Election Systems and Software, which has expressed concern over “unvetted” security researchers examining its machines. While ES&S says it supports rigorous third-party testing of its products, DEF CON’s backers say the vendor’s objections to the village raise questions about its willingness to proactively address security vulnerabilities. Speier seconded that criticism of voting-equipment vendors, though didn’t mention any by name.
“There’s not a tech company in my region that doesn’t have an army of software engineers that are always fixing bugs,” said Speier, who represents California’s 14th District, bordering Silicon Valley. “And these are the premier Fortune 50 companies. So for us to allow [voting equipment vendors] to have such a hands-off relationship with authenticity is deeply troubling.”
Regardless of the extent to which voting vendors use third-party testing, there is still much to be done to secure voting equipment, according to Speier. She pointed to a decade-old flaw in a popular voting ballot machine made by ES&S that the report highlighted.
“It’s our obligation – the Congress of the United States – to guarantee to the American electorate that the equipment and software is fail-safe to the greatest extent possible,” Speier said.
Putting sufficient money toward that goal, however, has been a challenge.
In March, Congress allotted states $380 million to better secure their election infrastructure, funding that isn’t enough to replace less-secure paperless voting machines that are used in several states. After the midterm elections on Nov. 6, attention in Washington will turn to what can be done to make the 2020 elections secure from foreign interference.
“If the Democrats were to retake the House, I think there would immediately be a strong bill to provide ample funding to provide more safeguards,” Speier said.
“[The] only way we’re going to fix this, in my view, is for the Congress to require that for federal elections the following steps have to be taken: paper ballots, optical scanning, audits,” she said.