Congress Wants Security Vulnerabilities Addressed to Thwart Foreign Interference
The CEOs of the three largest voting machine manufacturers testified before a U.S. Congressional committee on Thursday that they would be open to greater federal oversight of their equipment to help ensure the security of voting data in upcoming elections, including the 2020 presidential contest.
The hearing apparently was the first time these CEOs testified about their companies’ practices and issues ranging from cybersecurity to the use of foreign-made components in their devices.
The three companies – Election Systems and Software, Dominion Voting Systems and Hart InterCivic – have close to 350,000 voting machines deployed across the U.S. and represent more the 80 percent of the country’s voting machines, according to NBC News.
In a recent report, security researchers said they were able to easily hack into voting machines to alter data stored within the vote tallies, change the candidate options on the ballot display or gain access to the internal software controls (see: Report: US Voting Machines Still Prone to Hacking).
Asking for Oversight
The House Administration Committee hearing focused on the current state of voting machine security as well as concerns about the companies’ transparency.
In her opening remarks, Rep. Zoe Lofgren, D-Calif., the committee chairwoman, noted: “Despite their outsized role in the mechanics of our democracy, some have accused these companies with obfuscating, and in some cases misleading election administrators and the American public. There is much work to do, and much for Congress to learn about this industry.”
Video of the House House Administration Committee hearing on voting machine security
The three vendors agreed to Lofgren’s request that they share information with Congress about: cybersecurity incidence response; past cyber threats faced by the vendors; personnel policies, including background checks of employees; details of foreign investments; and supply chain information.
Lofgren advocated Senate passage of the Securing America’s Federal Elections Act, which has passed the House. The bill would require backup paper ballots, additional technology safeguards and additional funding for states to spend on election security.
Republicans and Democrats have been split over election security and how federal funds should be spent to secure the upcoming elections, with several bills proposed, but none winning approval in both the House and Senate (see: This Time, Election Protection Bill Gets Bipartisan Support).
Concerns About Foreign Components
Some committee members raised concerns about the voting machine manufacturers’ use of electronic components from Russia and China.
Tom Burt, the CEO of ES&S, which is the largest of the three firms, acknowledged that his company used some programmable logic devices from a U.S. company that manufactures its technology in China.
John Poulos, CEO of Dominion, noted that components such as LCD screens, chips and some other components in the company’s machines are manufactured in China. And Julie Mathis, the CEO and president of Hart InterCivic, said that some of her firm’s components are made in China as well.
Rep. Rodney Davis, R-Ill, the ranking Republican on the committee, noted during his opening remarks that none of the companies’ machines were hacked during the previous election and suggested that the committee should focus on different aspects of election security.
“Instead of getting into a winded debate today between paper versus electronic or state versus federal, let’s instead focus our efforts on areas within our federal reach that need improvement, areas where we may come to a bipartisan agreement,” Davis said. He has sponsored legislation to focus on banning foreign contributions to U.S campaigns and to ensure that online political ads disclose who paid for them.
What Needs to Be Done?
While the CEOs of the three companies noted that U.S. Department of Homeland Security’s categorization of voting systems as critical infrastructure has helped strengthened election security, they added that that certain changes need to be made to make the election infrastructure more safe.
“In light of cyberthreats to our nation’s elections ecosystem, we recognize the importance of a paper record, which is why ES&S was the first tabulation provider to ask Congress to pass legislation requiring an auditable paper record of every vote cast,” Burt said.
Mathis of Hart InterCivic suggested updating the U.S. Election Assistance Commission’s Voluntary Voting System Guidelines to include the latest cybersecurity practices.
“We encourage Congress and the [Election Assistance Commission] to continue exploring ways to apply federal oversight on all election technology, including areas of high vulnerability, such as voter registration, electronic poll books and election night results reporting,” Mathis testified.
2020 Election Security
Reports of Russian attempts to interfere in the 2016 presidential election and warnings about similar risks in 2020 have led to debate about the best ways to guard against hacking, disinformation and cyberthreats (see: Mueller: Russian Interference ‘Serious’ Threat to Democracy ).
In November, a report from the Brennan Center for Justice recommended that Congress should have the U.S. Election Assistance Commission take on more of an enforcement role (see: Report Calls for Enforcing Voting Machine Standards ).
In the report, the nonpartisan law and public policy institute noted voting machines, registration databases, ballot designs, websites and other infrastructure are maintained by private companies with little federal oversight when it comes to cybersecurity.