The Senate Intelligence Committee released a bipartisan report on Thursday about Russian election interference. The heavily redacted 61-page report was bleak. It described how Moscow targeted election systems in all 50 states — and how the states were woefully unprepared to fend off and respond to cyberattacks. The committee’s first recommendation? Let the states keep doing their thing, ideally with some more help from the federal government, but only if they want it.
“States should remain firmly in the lead on running elections, and the federal government should ensure they receive the necessary resources and information,” the intelligence committee wrote as its first recommendation. Farther down its list of recommendations, the committee encouraged states to adopt better security practices: Institute two-factor authentication for user access to state databases, create paper backup copies of voter registration databases, purchase voting machines that leave a paper trail, implement post-election audits to ensure the accuracy and legitimacy of the results, and resist the push to connect voting machines to the internet.
These are good suggestions — ones that voter security experts have been pushing for years — but there’s nothing in the Senate Intelligence Committee’s report that explains how to make states go along with the plan. For that reason, Sen. Ron Wyden (D-Ore.), a longtime advocate of improving voter security, voted against the report. Instead, he submitted his own “minority views” in which he made the case for “mandatory, nation-wide cybersecurity requirements.”
“We would not ask a local sheriff to go to war against the missiles, planes and tanks of the Russian Army. We shouldn’t ask a county election IT employee to fight a war against the full capabilities and vast resources of Russia’s cyber army,” Wyden wrote.
The federal government’s response to the ongoing “assault on the heart of our democracy by a determined adversary” cannot be “limited to offers to provide resources and information, the acceptance of which is voluntary,” the Oregon lawmaker continued.
“We would not ask a local sheriff to go to war against the missiles, planes and tanks of the Russian Army.”
Wyden urged lawmakers to pass the Senate version of the SAFE Act, which requires election systems to use voter-verified paper ballots, address vulnerabilities in voter registration databases and election night reporting websites run by the states, and provide more money for states to use on election security efforts. The House passed its version of the SAFE Act last month, but only one Republican voted in favor of the bill. In the Republican-controlled Senate, the bill faces difficult odds of even making it to the floor for a vote.
Senate Majority Leader Mitch McConnell has repeatedly blocked votes on legislation aimed at protecting U.S. elections from foreign interference, even as intelligence and law enforcement officials warn that Russia and other countries will try to hack election infrastructure again in 2020.
On Thursday, hours before the committee released its report, McConnell blocked unanimous consent requests on two election security bills: the House-passed version of the SAFE Act and a separate bill that would require candidates and their affiliates to notify the FBI if a foreign government offers campaign assistance.
Republicans have offered a range of reasons for their reticence to pass voter security legislation. They often claim that any federal regulation of elections violates states’ rights to run elections as they see fit — a claim that contradicts the Government Accountability Office’s description of Congress’ role in congressional and presidential elections. Complaints from Senate leaders that the voter-security legislation is “partisan” indicate they expect that making elections more secure would help Democrats.
Republicans have also said they’ve already given the states enough money to fix the problem. This isn’t true. Last year, Congress provided $380 million to states to bolster election security. This meant that Pennsylvania, for example, got about $13.5 million. Experts say it will cost $50.4 million to $79.1 million to replace insecure paperless voting machines there.
As of last November, there were still four states in which every county relied on touch-screen direct-recording electronic (DRE) machines with no voter-verifiable paper audit trail (VVPAT), Wyden wrote. In an additional eight states, there were multiple counties in the same situation. DRE voting machines are easy to hack, computer scientists have shown — and without a paper audit trail, there’s no way to go back and check whether the results were changed. “Even bare minimum security best practices are not being met in many parts of the country,” Wyden wrote.
Although it’s true that many states have failed to upgrade their voting machines and implement better security practices because they don’t have the money to buy new equipment and train their staff, officials in some states just like doing things the way they’re used to doing it.
Louisiana, for example, is one of the states that uses touch-screen DRE voting machines with no paper audit trail. In 2017, a spokeswoman for the Louisiana secretary of state told HuffPost her office was looking to replace its 10-year-old voting machines — but they didn’t plan to purchase paper ballot machines because “people don’t like paper ballots at all!”