Bipartisan Bill Introduced to Combat Election Interference

A group of senators from both the Democratic and Republican parties introduced a bill in Congress in December 2017 that is intended to prevent foreign interference with American elections.

The bill is sponsored by Senator James Lankford, R-Oklahoma, Senator Lindsey Graham, R-South Carolina, Senator Amy Klobuchar, D-Minnesota, and Senator Kamala Harris, D-California. The bill would allocate federal government resources to states and help states identify and prepare for cyberattacks to elections. The sponsors hope to make the legislation law before the 2018 midterm elections.

Foreign Election Interference is a Hot Topic

There is speculation that the Russian government may have interfered with the 2016 US Presidential election. The Department of Homeland Security (DHS) believes that Russian government-connected hackers tried to get into some states' voter registration systems.

Central Intelligence Agency Director Mike Pompeo, appointed by President Donald Trump, also believes there was Russian interference in the 2012 and previous elections. Pompeo said during an Intelligence and National Security Alliance dinner in 2017, “they've been at this a hell of a long time.”

The SAVE Act

The bill introduced in December is similar to another bill which was introduced in Congress on October 31st 2017, the Securing America’s Voting Equipment Act, which was sponsored by Senator Martin Heinrich, D-New Mexico, and Senator Susan Collins, R-Maine.

Heinrich said, “until we set up stronger protections of our election systems and take the necessary steps to prevent future foreign influence campaigns, our nation’s democratic institutions will remain vulnerable.”

Voting Equipment Insecurity

Voting equipment is a significant cyberattack target, and some voting machines have been found to be easy to hack. The DefCon Voting Village last summer featured demonstrations with Diebold ExpressPoll 5000 and WINVote machines. WINVote devices have been found to be notoriously insecure in particular, as Kim Zetter wrote about in WIRED:

“If you voted in a Virginia election any time between 2003 and April of this year, your vote was at serious risk of being compromised by hackers.”

Zetter noted that the assessment reached by Virginia's board of elections forced them to decertify around 3,000 WINVote touchscreen voting machines after they discerned there were security issues, including a poorly secured WiFi feature.

“The problems with the machines are so severe that Jeremy Epstein, a computer scientist with SRI International who tried for years to get them banned, called them the worst voting machines in the country. If the WINVote systems weren't hacked in a past election, he noted in a recent blog post and during a presentation last week at the USENIX security conference, ‘it was only because no one tried.’”

Chris Galizzi looked at a Diebold ExpressPoll 5000 during DefCon Voting Village. “This is pretty surprising, I would think that they would hire manufacturers to custom-build these chips, but they're all standard, off the shelf. For hardcore copyists it would probably take them about three months and maybe $4,000 or $5,000 to make an imposter machine. You could easily make a prototype."

Will Congress Pass Legislation in time for the 2018 Primaries?

Both the bill introduced in December and the SAVE Act introduced in October are intended to prevent interference in 2018’s midterm elections, but the primary process begins very soon. Illinois’ state primary is the earliest, and will take place on March 20th. Congress may not be able to make the bills law soon enough to have any effect.

Meanwhile, Congress is known to act slowly. Representative Bennie Thompson, D-Mississippi said in regards to election security legislation, “I don’t think anything can come that fast, unless you are a tax bill or something like that.” Thompson co-chairs a House Democratic election task force formed to explore bolstering the country’s decentralized election infrastructure.

Securing the primary elections entails implementing software patches, replacing insecure voting machines, and possibly overhauling entire state elections IT systems.