Skip to main content

tv   Key Capitol Hill Hearings  CSPAN  September 15, 2016 12:00am-2:01am EDT

12:00 am
what more should the administration be doing to protect us from foreign countries attempted hacking of our election systems? anybody? >> i think the short answer is providi providing availability teams to do network monitoring and other appropriate tasks to just go looking for it. >> okay.we should be looking more long term to improve the state's machinery of equipment at this time. i do want to make one comment as far as homeland security we already have that through the fbi and homeland security and ask you don't have to be a critical infrastructure to get the service. >> i take all concerns with
12:01 am
cybersecurity and elections very seriously. at the same time we face many other challenges to ensure every vote counts if we count both. some of the challenges are the direct result of human action related to older technology and as we have seen in the past even face risks from natural events such as major storms. i would like each of you to comment on how you would rate the current cybersecurity risk in the upcoming election as it relates to other issues. >> from my perspective, my entire orientation and of my organization it is looking at the cybersecurity risks and threats and so all of the other things you've talked about our outside of our purview with one
12:02 am
exception which is the contingency planning that the state and other jurisdictions and local jurisdictions are encouraged to do under the voluntary system guidelines can also protect against these other kinds of natural disasters and other things you've referenced. >> i would put at risk again as i indicated on election day very low for the same reason no state is on the internet. i find it difficult to hack something that isn't on the internet. all the machines, none of them are linked together. there are separate cartridges so they are independent. my bigger concern would be something of a physical nature, a physical threat that would be something much more difficult to deal with and i would put that at a very high number.
12:03 am
but as far as cyber attack other than what's occurring on a sidee side again there's been no change. that was more of a data collection attempts. i know in louisiana if you go to the online registration state if you went into my system to change the party affiliation you may think that you are accessing my entire system but you're not. you are a silo and a person behind the scenes drags out the information in the local register and puts it in the public eye or the registration so if someone hacked you get for the money hack you it wouldn't get the entire. >> i agree i think as noted, the officials are on high alert not just for this but for every election and in many states if it's tuesday is election day
12:04 am
because there are so many. not only are they trying to make sure the security and systems are in place and the process as a whole is secure but they are doing a good job probably better than ever before balancing that with access to all eligible voters to make sure that they have a good experience. so whether it is more people having access to the ways to vote, more people having easy access to the information like the vote act in louisiana and other states were more than before having access to early voting options i think officials around the country both democrats and republicans are doing a good job probably better than ever before balancing out the security concerns. >> at the end of the day, we need to worry about every problem. we have to worry about hurricanes, earthquakes and cyber issues and have plans in place to deal with them all.
12:05 am
the interesting thing is if you have plans in place for an earthquake the earthquake doesn't really care if you haveu have plans in place for cyber if your adversary knows it isn't going to work then they are not going to bother. so i think it's important to do the planning and forward thinking to make this not be a problem in the future. >> thank you very much. another quick question, we would all agree that making it easier to participate in the democratic process should be a priority. registering to vote and casting a vote shouldn't be an extra burden. for those that can't leave their homes were people with three jobs and a family of caregivers, how do we balance the efforts to make voting more accessible with the necessity of having secure elections? >> i would like to take a
12:06 am
slightly different attack. we work with the election assistance commission on accessibility and usability issues with regards to the voting systems so that people who have physical disabilities, whether it is vision impairment or mobility or other things do have access to voting systems that they can also use, and one of the advantages of the electronic voting systems is that we can improve over paper and pencil for example. >> first off, we do have early voting. we all remember the days that is no longer the case across the united states and we do have easy accessibility through
12:07 am
nursing home programs and compliance with visually impaired and the like. so i think there's been tremendous improvements made into the voting is probably easier today than it's ever be been. >> thanks to the efforts of the officials around the country and the election assistance commission and many others voting is easier today than it ever has been before. more people have access to the options and many including louisiana joined the information center which allows them to keep their data up to date and has resulted in registering about almost a million new voters and more people have access to the information where they can voted by mail or the early. that trend has been remarkable and i think we are going to see the benefits of it as it expands in many years to come.
12:08 am
>> we have heard about early voting and election voting centers. in austin texas, every precinct can handle any voter from the whole county. they did that because of redistricting to avoid chaos but it has an interesting benefit you can both near where you work then your home so there's a lot of opportunity for creative expansion of capability to vote without making radical changes in how we vote. >> thank you mr. chairman. >> the gentleman from california is recognized for his questions. >> thank you for holding this hearing i didn't expect that it would be as interesting as it's been. let me start with one question getting a sense of information on the one issue and then the
12:09 am
broad issue of whether or not the integrity of the voting process and system will be maintained is vital to the nature of the country and it goes to the heart of whether or not we are who we say we are if we don't have a process that has integrity, we don't have an election process. first let me ask you this. how many examples do we have where they've hacked into our elections from? >> i know of none and could be quitto bequite honest with you a question to secretary johnson, homeland security is therhomelan imminent threat known and his answer was no. that made several news agencies.
12:10 am
so i know a zero. i had a request from a russian embassy and i would suggest to you if i allowed that i would be run out of office but that is in the conversatioisn'tthe convers. but i know of zero. >> the nature of the threat is they don't want you to see them there. we can't assume if we haven't seen them that they are absent. we do know that we have established the motive on the e-mail server it is a motive that shows they did it for partisan purposes. when you combine -- >> what are the examples you just gave? >> this was reported in the press that they allegedly hacked the e-mail server with the intent of releasing for partisan purposes.
12:11 am
>> that's not the election process but it's an entity that is involved so they have the capability of getting into the various. but actually in the election process we have no examples of them hacking into the system and compromising the integrity of any specifics. >> the only example i am aware of happened in ukraine in 2014. >> we have seen the article after article about how russia is compromising the integrity of our system. and the panelists say that is false just to note. for those of us that -- we want the country to be safe but we also don't want to continually vilify russia and turned them into the bad guys.
12:12 am
if we have i an integrity in the system i think we have to look at how for some of these real threats to the integrity of the voting system and whether that is to say it's the old-fashioned way of -- the licensing has been around for a long time and we should be insisting on making sure we don't have people voting who are not eligible to vote because perhaps they are not citizens or they are here illegally. we have people who are trying to suggest we don't even have any real demands whether they are here or actually who they are they say they are when they go to vote. so we have a challenge to make sure the system is safe from being defrauded because the people of the united states,
12:13 am
their ballots are being negated by every other ballots that's cast by someone who doesn't have the right to vote. with that said, we did come to and this whole issue back in 2002 with the help america vote act. and just very quickly because my time is running out, that's been around now since 2002. congress passed the act specifically aiming to protect the integrity of the system. is our system now more or less at risk from cyber attacks due to this legislation, and very quickly if we could have the panel answer that. >> i think the legislation has improved our focus on security issues associated in the voting
12:14 am
system. my organization has been working with the commission for 14 years to provide the best guidance possible to the states and municipalities. >> i would certainly echo that comment and if you would allow me just to claw back on the previous comment, the whole russia argument has actually accomplished i think even if they are not trying we would have done it for them quite frankly. >> i agree i think the help america vote act has helped improve security but even more importantly, what we have learned since has help improve the act and i think the 2016 e. election will be one of the most secure that we have seen in recent memory that there is no question based on what we are talking about here and the conversations we are having they will be even more secure.
12:15 am
>> how did the help desk get rid of punch cards and the machines and that is a good thing it was two parties that helped create the eac which then could help improve standards and also helped to fund the purchase of new equipment. the equipment was largely purchased before the effort was in action and i think it would be an excellent thing to revisit to get the equipment up and standards. >> the gentleman from california is recognized. >> it was interesting to listen to my colleague from california inquire about the role of the russians in this election. the focus on the hearing is the voting systems but the question is not limiting to the voting systems and it's pretty clear that the russians have attacked,
12:16 am
have engaged in a cyber attack on the dnc and we have received reports on that i thought it was unfortunate that the republican candidate for president either thought it was a good idea or was making a joke about it. we don't know which, but this is a serious matter what we have been told is not just that the material has been taken but that the pattern is not just to release material but forge material and alter it in an effort to impact outcomes of elections ..
12:17 am
i think that is something we are concerned about but the question isn't really whether the actual vote tabulations could be altered because i don't think that is very likely that whether kiosks could be introduced into the system. that is the goal, the attack on the democratic hardee and i think it may also be the goal of the cyber attack on the state system. what could be done with this
12:18 am
voter information? obviously there are backups on the database to walter who can actually vote but what would happen if e-mails were sent to all of the voters or just the democratic voters telling them the date of the election has been changed or their precinct had been changed? would that create chaos in the system corrects a small percentage of those voters would. an e-mail missive by seeing them i do think that there is a vulnerability in the overseeing system. i remember we had a hearing talking about our lack of concern, a lack of concern that the electoral systems professionals had about e-mailing the ballot to these voters provided that the ballot itself was mailed in.
12:19 am
the more we think about it, with these hackings if you alter the ballot on the e-mail that you would again create chaos in the electoral system so i think that's really the goal here, is not necessarily to impact the tabulation although there may be efforts to do it, but to create long lines and people in the wrong places to create chaos and to attack the base and the confidence that the american people have and they are election systems, to long lines at and all sorts of mischief. i do think that to downplay the role that the russians have had in this is a huge mistake when you take a look at what they did to the dnc and the dccc and i will just close with this. i do think that it's been disappointing, the reactions have been disappointing, that if
12:20 am
you attack one of the major political parties somehow that's okay if it could be to your advantage. i like to think if the russians had attacked the republican national committee, the democrats would be as outraged as republicans because it's an attack on the merrick. it's not an attack on the party and the fact that there hasn't been outrage expressed at all levels of both parties about the effort of the russians disrupt this election is a sad commentary on the leaders of that party and also is very chilling when you think about what just happened. i see that my time has expired. i yield back to the chairman. sprey thank you ms. lofgren and the republican from louisiana.
12:21 am
>> secretary web in your opinion is the integrity and the security of the voting systems being the past president of the secretaries of states. you have i think some knowledge of the subject. do you think it's good, bad, average? >> congressman i would say it could. we did a survey before this hearing and begun a response and i think 19 to 20 states to try to ascertain that. aside from my knowledge of observing and i don't say i'm an expert but there's a lot of differences in the states and that's what makes it so unique that i feel very comfortable again in the representative from california just stepped out. keep in mind the democratic national convention, the component that was hacked was
12:22 am
the campaign site. each and every one of us, all of you have used a campaign commercial list to determine and the walk list in the neighborhood or whoever it might be. those are readily accessible. if you knew me well enough i might give it to you but the point being that is vastly different than the registration component and certainly vastly different than the election day component of equipment. so i think you have to understand that forefront to get into the subject. there's no one minimizing with happened at the them accredit national convention. i know i haven't and my colleagues and that makes no difference if you are red state, blue state or purple state but the bottom line is maybe it's just our knowledge of the system that gives us this feeling of somewhat overconfidence because i think this is a good ring that
12:23 am
we are going through. but we all remember the year 2000 when the world was going to end at one second after midnight. i'm still using batteries that my wife filed for that event. that does not mean that we did not have reason to believe with studies that we should have been prepared. we went through that gyration and when the school board goes out on the football game, if you were sitting in the stands you know what's going on and guess what? there are other people keeping track of those statistics at the same time. it's the same with the election system. if one component goes down we have various components that come in. it doesn't create a nuclear war and i can't speak to what happens in the ukraine. i can only speak to what happens in the united states and i will tell you the election systems in the united states just like many other things in this country in
12:24 am
spite of maybe what we think is the best system in the world. is it foolproof? absolutely not and i would also tell you there's no such thing as a perfect election. anybody who tells you that doesn't know what they are talking about because anytime you have 10,000 machines that play and 15,000 people from 65 things are going to happen. that's how you handle it then that's how you documented and move forward. so i'm very confident in it with the caution lights on. there's no disrespect to anyone who believes otherwise. we are looking at it. it has forced us to do so but i'm deeply concerned that i can speak to my democratic colleagues and my republican colleagues that have been on conference calls over the last several weeks of this issue. we are in unison. this is the worst situation we could be talking about as we enter this election. we are going through chaotic
12:25 am
election process where voters are more disgruntled than ever and we are adding to that dispensation. participation. in a very negative fashion and i feel very confident in saying i speak for all of my colleagues that we are deeply concerned with the rhetoric going on right now from the national press and we are not trying to minimize it. we are doublechecking but there's little that could be done in eight weeks. we just need to stay the course and have confidence in what we are doing and again i'm very confident that on november 9 you are going to wake up and you are going have unofficial results of who won the president of the united states. keep in mind it's unofficial. we go through that audit in every county, every parish, every state postelection with the official and you go to your
12:26 am
electoral college. >> thank you mr. ibrahim -- abraham. >> thank you mr. chairman thank you all for your testimony. mr. said to you emphasize that voters should feel confident in our voting system and they certainly have heard a lot of messages about the importance of that confidence here today and how it will lead to greater participation and certainly that's good for democracy. i think just getting information out to the public with the voting machines themselves are not connected to the internet is going to hell. there's a misconception about that. i am from oregon and we all vote by mail in oregon. we have done that for more than a decade. the very secure processor that also makes it very easy for oregonians to vote. the secretary of state's office mails paper ballots to each and every registered voter couple of weeks before the election along with the voter pamphlet with the information about the candidates and initiatives on the ballot so
12:27 am
they have plenty of time to not only studied the issues that fill out their ballots and get them and to be tallied by the local election offices. there are privacy and secure measures each step of the way. i was a trained election observer years ago and it gave me a lot of confidence to see each step of the way in to watch that tally happen at the elections office. so i wanted to ask you a little bit about are there lessons to be learned from a state like oregon that does use boat i'd mail and paper ballots for everyone and with a focus on the two different issues. there's a voting record and then there is what happens with the ballot and that tally at the voting machine. if you want to talk a little bit about those lessons that can be learned from that system and then i also want to ask i know this is concentrated work in development for the voting machines that you are now i understand working to identify systems dealing with the voter registration system. and before you respond both of
12:28 am
you i know that her wallace mentioned something about the possibility of a select the disenfranchising of voters by deleting them from the database. it's really easy in oregon to check whether they are still the database and getting the ballot early means there would be an early notice that maybe there was a problem assuming somebody did get through a very secure system. >> thank you. oregon and washington have that mail balloting in their states and there are lessons that other states are learning from that. not every state has the same and other states of rich different decisions about their population and that's entirely appropriate that states like california and arizona and some other western states offer the option of becoming a permanent male voter which you have to check a box and after that you receive the ballot for re-election. colorado has experienced and
12:29 am
california passed a summer bill that is a hybrid of sorts that every voter gets a ballot and they can choose to mail that ballot in our drop the ballot off at a site or go went early to an early voting site as mr. wallace mentioned or they can go on election day to a voting center. >> i don't mean to interrupt but to clarify and organize someone wants to vote in the elections office on election day they can stand in the booth and vote. anybody can do that. some people don't because it's easier to mail it. >> i think the states are learning from that experience and trying to figure out what's best for their state. oregon and washington and colorado and other states and their particular systems. also importantly brought up the notes between the voter registration system and the voting machines and tabulation devices themselves and particularly with mail voting it's very important because the voter lists are the way to
12:30 am
deliver a ballot to someone because that's able to generate the mailing to the voters. of course the states where they don't get ballots, they are usually receiving cards as a reminder and a question earlier about chaos i think was a very important question. i think there have been a lot of systems in place to avoid chaos in the last 10 to 15 years. one thing that's true now as particularly in a presidential election it's going to be very hard to avoid information about when the election is and what's going on. in fact i'm guessing a lot of people would like to get a way from information about the election so whether it's the work that facebook is doing pushing information about election day and how to find your polling place or google doing the same way with other tech partners in states partnering with those entities to make sure the information gets out, that's all a great protective measure to ensure
12:31 am
that if the voter does run into a problem or might think they might have a problem they can make sure they are getting it. c briefly talk about what this is doing with the action of living machines. >> your question involves the lifecycle from registration all the way through guidelines for the voting system. the voluntary voting guidelines that we work with involves the voting systems themselves but i think we have a decades long history of security as the management of risk exercise and i think the states have taken that very seriously with election officials in this state suggests that they are managing risks to the voting systems into the registration systems in a way that incorporates the best practices that nist has been promoting for a number of years.
12:32 am
>> icy my time has expired could thank you mr. check. >> thank you ms. bonamici and mr. loudermilk is recognized for his question. >> a very important issue and rightly we should be concerned about the integrity of our election system because we are only as good as the integrity of the selection system. after spending 30 years in the i.t. business this is something that is very important to me and an area that i do understand at least from the tech logical sigh. another area we have to be very conscious of is the federal involvement because typically whatever we get involved with doesn't run as well is that the state is doing it themselves so we are very conscious of the role the federal government plays and is very limited especially in an authority stance. i understand we do have things we can do as far as setting recommended standards but recently the secretary of homeland security has reported
12:33 am
saying the dhs is considering whether the state electoral apparatus should be designated as critical infrastructure. is this appropriate but in your opinion? >> is a policy decision that is way above my pay grade so i can have an impact that i can party for that. >> do you have any idea what the benefits or disadvantages would be of declaring visas critical infrastructure? >> i can't speak to that. i know nist provided a significant benefit in partnership with the error on the development of the cybersecurity framework for improving the cybersecurity of critical infrastructure that is receive a lot of attention and accolades but that's not limit to critical infrastructure. any organization of any size in and any sector is free to adopt that framework.
12:34 am
>> you are working with dhs to help the states understand the critical nature of their electoral systems? >> we are partnering with dhs and the department of justice on trying to understand how we can ensure wide dissemination of best practices and minister pahlavi's and as was mentioned earlier a request to dhs for assistance is not predicated solely on whether you are designated as critical infrastructure. that request can be made without hesitation. >> it does include the request, minder standing if it includes respect to scanning of systems for example but only upon request. >> so would be like a stress test on the system? are we applying lessons learned from the presidential commission on enhancing national
12:35 am
cybersecurity and making these recommendations? for the state's? >> it has not reached the stage of finalizing recommendations. those are not teen inc. in these guidelines. sort of in the reverse in the sense that the commissioners are actually taking a look at best practices and fielding discussions with the i.t. industry and the stakeholders around the country to try to develop the best possible recommendations for the benefit of this administrator in the next. >> so nist's stance on this is to work within the framework of the federal government to come up with recommendations that the states may or may not implement and the flexibility to where they could be customized to the states individual network's? >> that is correct. >> secretary how do you feel
12:36 am
about that? >> i do not think critical of the structures needed at all. as was indicated by mr. romine we can go to homeland security now we can get those tests by fbi. we have a committee and as a matter fact the secretary has been active in this process with several of us. it is one of the committee members we have appointed on nests to serve on homeland security's committee into best practices and the like are you most states are corporate in with their local fbi agents when needed and you know again i don't mean to be flippant but do we want to create a new tsa for elections in this country a new postal service? i just don't think we need that. the constitution says very vividly accepted the states in a time, place and manner in which we conduct elections. it's a constitutional issue and
12:37 am
i understand from the rhetoric that's not the intent but to go and put the national elections along with the banking system and the electrical grid in my position is way overrated, unnecessary and we can accomplish the same goals. it's not that we don't want the support and assistance when we needed that we can accomplish that in a far less intrusive way if we keep things on the past now and again i think the answer is new equipment to improve the systems. we are working on trying to get a system where you can vote anywhere in the state just like was represented earlier so critical infrastructure would be an absolute and i think i speak again, don't know of any secretary of state who has voiced an opinion that they want to be part of that. >> do feel that nist is doing is beneficial to you?
12:38 am
>> yes. >> do you feel in any way what is happening right now with --. >> no. >> thank you. i yield back. >> thank you mr. loudermilk and the gentleman from new york mr. tonka. >> thank you mr. chairman welcome to the palace and thank you for your information. mr. becker of the commission on elections administration recommended audits and voting equipment be conducted after each election as part of a comprehensive audit pro grant. according to verified voting approximately three-quarters of voters in november will be using voting machines with paper records of their vote and i just share concern perhaps about the potential for mishaps or potential hacking that voting machines with no paper trail. can you please describe the role auditability plays in elections
12:39 am
in individual voters casting their vote? >> thank you. we of course are its ability is important. it's very helpful when there is a permanent record that should need to be reviewed for some reason and in fact even if you are not sure whether the county is -- you can discover that and that is what i did postelection audit does. in 2014 about 32 states offered, had a requirement for postelection audits and i will be honest some are better than others. there are very good standard practices were states take random precincts across the state and check the paper count against the electronic count. there's even something called the risk limiting audit where you have a number of ballots you have to count to ensure the results as the election gets started and these are practices that are put in place in many states. what we are seeing it's easier
12:40 am
to audit the system when you have a paper record that the voter has reviewed and more voters are going to be paper than we have seen since hava was at it. states like florida that had used direct recording devices have switched my am an early voter but this is the first presidential election since hava where maryland will be using a paper ballot. i have recommended for years and along with the presidential commission that postelection audits are a good idea and having a system that allows for full and transparent postelection audit temp paper appears to be one the best for that and the best opportunity to ensure the election result are reflecting of the people. some may think you and secretary shepard would you please describe what you have in place in louisiana in terms of postelection auditing and how would you.
12:41 am
other states overall? >> well we do have a post-audit function. now we do not have a paper ballot system. we are looking at that when they go out for rsv -- rsvp but our screen on hava it pops up and gives you everything, every person you voted for in the position he voted for to give you one more opportunity to rectify that if you want to change it or if there was an error. pc a lot on highly sensitive machines an elderly person may be dragging a hand in it inadvertently hits the button below for a lady with long fingernails sometimes will have a problem. she will have the opportunity to rectify that. we audit at the end of each day on early voting to ascertain the correctness of the vote on the bow and sheets so to speak. >> there are paper ballots that
12:42 am
you are devising an audit process for. what whether some of those factors in the audit that you see as essential and have you looked at other states? >> we have actually gone out to denver, the county of denver has a similar situation that is now being used in california and other states with a paper ballot. the majority of folks want to bring that ballot in and put it into a box at a site. we have looked at that system and we have looked at the printing of a paper ballot instead of on the screen and going to a lockbox. i would be personally against the voter taking that ballot out of the precinct. i think there is one state that does that but overall to answer your question i think the systems are sound but everyone has to remember every state is different.
12:43 am
that is the uniqueness of the system. a lot of similarities but each state is very unique in their elections. some may have a week of early voting in some may have 30 days and some states can do early voting. that is the prerogative of the state. >> thank you very much mr. chair i yield back. >> thank you mr. tonka. it john penn from -- mr. davison is recognized from ohio, i'm sorry. >> thank you mr. chairman. dr. wallace or testimony addresses the possibility of inserting nowhere and voting machines themselves. can you elaborate on how malware can be loaded onto machines that are not connected to the internet and further explain what it means each and every voter machine has to be manipulated or is there different way where you can hack one machine and that would transmit about two other machines in the precinct. again even though they are not connected to the internet.
12:44 am
>> before we had an internet we have computers with drives and are computer viruses that could spread from one computer to another. electronic voting machines, some of them use memory cards and some of them have these battery packs. some of them have local area networks. studies conducted by the state of california the state of ohio in the state of florida found security vulnerability could take advantage of these engineered viruses where one compromise voting machine and then in fact eventually an entire fleet of machines for an entire county. >> so it's accurate to say that just because something is not connected to the internet that does not have a vulnerable -- vulnerability to cyberattack? >> being disconnected from the internet helps but is not a panacea. perhaps as secretary of state u.
12:45 am
can talk about i spoke with our secretary of state about their protocols but perhaps you can elaborate on how would you or how do procedures protect against that risk should something like that occur? >> i think it's important to remember that we never linked machines together. i know there are some systems that are being touted like a wi-fi in a multiple precinct site where you have wi-fi. that to me is a little scary but when you consider the concept of each individual machine that is delivered by my office now we are top-down system. so we are vastly different. ..
12:46 am
into that lapto the laptop and a closed-circuit send to my office. so, i mean to my knowledge no state interlocked machines so the concept of getting them in one machine with one cartridge and you miraculously change all 10,000 across the state is ridiculous because you have to go into each machine individually and have the programming. >> so you have one card that
12:47 am
goes to one machine. you mentioned a case study in ohio. maybe you can mentio could menth that vulnerability is. >> there was a similar study in california and each of the studies found ways that regular workers go through their standard procedures and standard operations to be used to transmit viruses from one to another. the election day you remove the memory card to collect the vote totals and can spread a virus and there are other details that vary from machine to machine and. >> host: does it increase or decrease that risk? >> it depends how it was built. i've been working to try to design something new where this
12:48 am
wouldn't be a problem. the reason why is they generate paper backups that could be audited against any electronic results. >> the machine itself has memory and it prints a tape that stays secure inside of the machine and you can audit any one of those, so it is a good system that has been tested a lot and will likely be front and center. doctor romine, you said in your written testimony that they partnered to develop science, tools and standards necessary for the viability and usability and security of the voting equipment for both domestic and overseas voters. how do you measure these improvements, how do you quantify them are there quantitative or qualitative
12:49 am
measures? >> they are both. >> they are both. i don't have the details on the measurement. i would be happy to provide those to you. i think the issue to a large extent than has been listening to the accessibility community, the human factors, the research that we have been able to do demonstrate certain changes that can be made to improve the accessibility and usability of the voting systems and we have documented those in various reports. i can give you pointers for the way in which the systems have been improved. >> my apologies my time has expired. >> ms. edwards is recognized. >> thank you mr. chairman and to the witnesses. i apologize i had to step out
12:50 am
for a bit but i came back because it is an important subject. i just want to be clear do you concur in the belief from the department of homeland security that it was the russian state actors that hacked into the attempted arizona and also the party hacking that occurred earlier in the year? >> i have no information on that. >> the only thing i know is the dnc issue. i don't know if they've ever determine where it came from. >> i don't have any specific information. >> you believe they are capable of making that determination based on the signature. >> i don't have any information to the contrary to support. >> i only know what i've read in the press.
12:51 am
>> in fiscal year 2015, you received about $1.5 million in appropriations from the eac that is down from the budget of two to 3 million in the previous couple of fiscal years. do you think that is sufficient for you to be able to provide the kind of certifications you need in the system's? >> we don't do certifications we do provide support through the development of guidelines and we also provide assistance in the voluntary laboratory accreditation program, the testing laboratories that do test equipment for certain states that choose to do that. obviously you can do more with more, but we believe that the current budget we are receiving
12:52 am
is adequate to continue to provide expert advice in security and interoperability ad security and interoperability for the voting systems. >> in part of your testimony, you indicated that i think it was your testimony that the technologies that we were using for these voting systems is now about a decade old for these systems. can you share with us what you believe if you had analyzed it what would need to be an updated version that would enable us to keep track of the technology development? >> there is a rash of purchasing the new equipment with a funding model that came through as a result of that. we've already seen some state go
12:53 am
to a second system after using the dollars. i think in talking with the state, there is a great desire to be able to leverage new technology that will improve access as well as integrity of the systems that would also be cheaper to maintain a hand i don't have a specific dollar figure if we were to replace all the systems nationwide, it is definitely in the billions. but to encourage systems that are more component-based that he was more off-the-shelf components that are easier to swap in and out so you don't have a system that has a 10-year-old touchscreen you can update as it happens i think i would bthat would be a huge adve to the officials and if they had the resources to do that, you would find them to do some
12:54 am
exciting things. >> i apologize that was your testimony. >> i apologize. >> -working for four years now to try to design a better machine and our intent is to use off-the-shelf hardware with customs hardware to the extent we can for that reason. when you buy a giant touchscreen computer from hewlett-packard and insert your favorite company you can get cheaper foreign key support and replace the machines whenever you need to and that helps reduce the maintenance and ongoing support costs. >> doesn't it increase the vulnerability? >> the design of the systems first and foremost produces a paper ballot so no matter what goes wrong you have these ballots to see and verify and everything else is gravy. >> as a conclusion i want to thank the secretary because i think in your testimony, you
12:55 am
indicated the secretaries of thf state across the country have confidence in this election and that is an important message to convey so we can make sure that we don't put al with all this tk depressed voter turnout so thank you very much. >> we are very concerned about the rhetoric and if i could add on the cost issue i do have just one louisiana currently we have roughly 10,000 voting machines that cost would it cost $5,200 each, so that is to replace them by today's dollars if you could get the machine. if we went to a system similar to what was indicated to you, overly simplifying the concept whether it be proprietary or store-bought less than $300 each. now you do need two to three per machine areas for the hardware cost for us in louisiana,
12:56 am
152 million on the replacement if you could get it, roughly 50 or 60 million. a third of the cost. and 75% of it is in the programming cost. the hardware is only ten or $11 million. >> the gentleman from illinois. >> i want to thank the witnesses for being here today. in my state of illinois, we had a lot of changes in the last several years. we now have the same day voting registration, 40 days of early voting extended grace. , absentee voting has a lengthy period of time, and couple that with some of the issues we had particularly in chicago with issues related to the voting i guess in terms of educating election judges and looking at
12:57 am
the methods particularly as it relates to the integrity of voting on election day and as we look at the potential hacking of machines is there a good model out there that has worked in terms of how we educate folks and i would also mention i was the assistant attorney and we would go out as prosecutors and be there at the voting booth and a lot of times we didn't know what we're looking for or what we were supposed to be doing. secretary, can you maybe shed a little bit of light on a few examples of what we need to be doing in terms of educating and working with our folks at the poll? >> the training is paramount that came out to all commissioners or poll workers
12:58 am
whatever you want to refer to them as. we do a strong component and assist with that and have a very unified videotape we use so we have consistency across the state, but we do have the training and certification and require them to get certified annually. that is a benefit because the better the experience. we also have people in larger precincts for questions promoting that let individuals take a look and actually vote that on the phone to use as a guide to have a better experience in the voting booth and the other thing to me that is the strength of the poll workers and the voting boards in the counties with regards to the
12:59 am
subject we are talking about today, we all know they've been there a long time. if you could think about the greatest deterrent both democratic, republican poll workers together do you realize someone would have to go against that 80-year-old lady that's been there i don't think that's going to happen whether democrat or republican and toomey that is one of the hidden jewels in the system you have the best state-of-the-art equipment or whatever we have you've got people on the ground looking at the process. it's fundamental and it's the same way we did it 240 years ago and i think that's something we
1:00 am
need to recognize in this whole debate. >> what you go through in louisiana, are you confident that type of education and training is consistent across the country? >> that i couldn't speak to. it is dominant across the country but i wouldn't say that every state does it that way >> with all these changes we've seen recently with voting and how we vote coming and i went through the litany there, what does the future of the voting look like? >> what we learned today is all 50 states will be voting differently coming and it's hard to make a broadbrush statement. i think that there will be a lot of hand marked paper ballots and a lot of computer technologies available and some states are tt are voting by ballot and that's okay.
1:01 am
>> thank you mr. chairman. >> i not recognize the gentleman from virginia. >> i think in your comments stated and wrote the 20 states in this electronic registration center found that went up 30. how do we motivate the other 30 to be part of it and is there any suggestion that we would ever require that? >> the electronic registration center is a data center to the states voluntarily choose to join and they share information to show when it's out of date so they can notify to make sure they get the right information and also reach out to all the people that are eligible to vote and to protect them to the easiest way to register. it was founded in 2012 so it's only 4-years-old and now 20 states so i think that's pretty
1:02 am
good for pre- k. 4-year-old but certainly we are working very hard with the states including virginia was one of the founding members to see more states join and many others are spreading the word and that is reducing cost and increasing integrity because they are not sending mail to people that are no longer there. the administration did recommend that systems and that has been a tremendously positive influence and i think by the time we get to the election we will be at more than 30 states as i talk to those around the country. >> in the testimony you talked how the requirement that mandates states is only 32
1:03 am
states right now and you wrote the mere possibility of the recount o for the audits acts aa deterrent. so what do we need to do with the other 18 states that don't have this post audit reconciliation of paper and electronics? >> i am a big fan of reconciling when you have both. many of the states that isn't an option because you don't have paper records like the entire state of georgia votes without any paper record so there is no way to do a meaningful audit. i would love to see the sunset of the machine and replace them with the next. there wa was the mentioning of e $396 million of authorized. is that enough to replace the old machines? >> i am not sure if we could do this on a shoestring or do
1:04 am
better to spend more money and do it properly i don't have a good answer for you today. >> many of you wrote about how the machines are connected to the internet. if they are not connected to the internet, they are at the point of time in the tabulation and i think someone else pointed out they are usually connected to the database 365 days a year. it'is that actually a strength e can talk about or -- when the most common question ever asked of me is when are we going to be able to vote on the internet and my answer is i hope never because the world is evil thing and we see it everything gets hacked into and that's why i am so adamant to make it much more
1:05 am
difficult. but the day we go on the internet, all bets are off. i want to cathy dot there are a couple of states that do allow the return of an overseas military ballots by the intern internet. alaska being one and i don't remember the other three. that is a small percentage of the overall vote but they do allow for the return. but i will say this in defense of that it is a secure military you don't just send them an e-mail and they have to get access and they have the ability to open the file up and do something with it so it is a little bit different but certainly under the argumentative discussion we have today it could be vulnerable.
1:06 am
>> on this requirement of reconciling paper and digital, is this a suggested standard or should it be? >> part of the system guidelines that we work with was a strong recommendation that there be in audit capability and certainly paper records to provide a robust way to do that but it doesn't mandate specifically. >> i now recognize myself for five minutes. i just spent two days in baton rouge. >> i came back with the representative and came back with them and he had the same expression to me.
1:07 am
i represent 36 districts in texas and we had -- but i had never seen anything like this, 30 inches in some spots and a population center like that. i would like to ask you a question. you said in your testimony that i am happy to report there is no evidence the ballot manipulation ever occurred as the result of a cyber attack. and on the other hand, if the paperless electronic voting systems were attacked we would be unlikely to see evidence of thinthe machines or the system i just want to hear both of your opinions on this matter. i'm pretty simplistic. i ask a simple question and i do not profess to be an expert that
1:08 am
icon at the derivative of saying if you are not on the internet with voting, how do you hack into the machines. i don't know much more than that but if you're not on the internet out in the cloud how do you hack individual machines with cartridges? >> thank you. the example we can look to to understand this is the virus that was engineered to damage the nuclear facility in iran that was also meant to be secure and wasn't connected to the internet, yet somehow it was able to do its job. we don't know many of the details but it's quite clear
1:09 am
where there is a well and a budget and a way i don't know whether that nation's adversaries have chosen to make that investment but i know that it is technically feasible and that's why it's important to take the medications into the steps against them. thank you very much. next question would be for you. is it possible for someone to conduct a cyber attack while pretending to be russian, chinese, north korean to falsely assign blame have you ever come across any instance of such. >> the issue of the cyber attacks broadly speaking is a well-known problem and nationstate actors will pretend to be others for the purpose of trying to throw off the
1:10 am
attribution so i'm not privy to how we have this attribution. i have to assume the people who said that know what they are doing. >> and then one more for you, considering the arrangement of the vulnerabilities and this is what you said a second ago, the range of the vulnerabilities that exist from electronic systems do you think that more states will return to the paper ballots and can you explain how it's the more secure option? >> there seems to be a trend if you consider the four states in five states now and in many cases it's not for the cost reasons. you have to factor that in. i will say this, you have to have some other protections and i think that oregon and some of the others do but i've also said the best and easiest way is
1:11 am
right here on my hand. when i mail out a paper ballot, i have no idea who votes that the ballot. i may be able to verify the signature that i can tell you that we are there and a couple cases in louisiana with a small jurisdiction where the individual campus goes and knocks on the door and says can i help you fill out the ballot and they do. the point being you have to have some checks and balances in the system even if you verify the signature with electronic machines so i always contend this is the easiest way to prevent fraud in the system and it doesn't mean that it's wrong to do it because i'm respectful
1:12 am
of the states and how we do it but in the entire subject manner, we have the $100.10 years ago and i think this would set the stage with the dollars and states in this country at this time we have $396 million of the voter appropriated dollars reportedly still out there. i gave you an example of what it would cost to replace the systems for $394 million may go a long way and if not completely retool all 50 states with the assistance from the federal government. but we can put away your on top of layer and as long as you can write a check, we will do it but at some point, you've got to use practicality and again, i myself and i think i speak for all 50 of us, we are very confident of the system we have.
1:13 am
we have the trifecta back up audits and the like and in the worst-case scenarios i'vworst cd here today, i am still very confident you may not have the results november 9 of the catastrophe hits that if you are a little patient we will get you the result of and you will have a new president of the united states. >> that is a good answer. i know i'm out of time, but what do you consider the chances of the states going back to the paper ballot? >> if for no other reason they are very expensive as the secretary told us earlier and for that reason if nothing else we are moving to paper sort of by default. >> the gentleman from illinois.
1:14 am
>> i think all the witnesses for the testimony and i have questions because some other ideas came to mind. let me ask a couple questions so i better understand. everyone does it differently in the idea of not having the machines directly connected to the internet makes sense but for example, if you do have a voting machine than usually at the end of the day when they closed and ththe clothes andthe votes are e those communicated from the polling place because i would expect that they are done often times over some sort of connection to the nest and then the other part of that is i go
1:15 am
online and have the results coming in to see the results they are displaying so hopefully it isn't a lack of understanding here but aren't there some connections that are going on? ..
1:16 am
mac i can tell you if you voted and i can reconcile the state. even in the transmission of those results even when you referred to there was a delay. there is a reason why we have that delay. to be able to detect interference in that process. even if it had occurred, delay in in getting official results, keep in mind on election night the election nights are unofficial. we know that from been elected. the news media is out there declaring winners before the polls are even close. our job is to make it accurate and effective. >> it's good to hear, is that the common way it is done everywhere? >> yes, pretty much. to my knowledge is way it is done. >> i can't speak to every place but in the places i know of the actually physically transport the cartridges or memory devices with the accounts that occurred in the precinct to the county
1:17 am
office which is often a frustration for people who are looking for election results. if they hit traffic or something like that there will be a delay in getting those results. compl. the problem with his voters get frustrated because there is a delay in in getting it because there's a physical transportation of the memory. >> i think hopefully that helps alleviate the concerns that people do have. it is not being transmitted electronically in a way that can be hacked into. one other question i had, the paper tapes and i certainly agree our great idea, how often, at what point would there be a check of those against the electronic numbers?
1:18 am
>> it usually dictates, it usually dictated will buy the closest of the election. usually a challenge or some major malfunction. typically it is triggered by a challenge by candidate, someone wins by ten votes or loses by ten votes and challenges that in requires a recount to be taken. we also very public with the certification of our machines, as you as a candidate or as a campaign can watch us certify those before hand and also when we reopen those machines to recertify, candidates are allowed to come in or representatives to actually watch process and watch that matching go on. i gave an example, testified last week at the eac on this
1:19 am
subject and if you can bear with me a minute it probably is a good representation of your question. i watched with major networks with an individual claiming he had a handheld device that said he could put early voting cards into them but as many times as you want to. i don't argue the point that you can have a piece of machinery like that. you do it at gasoline pumps and the like. but what i did question was in the early stages and never brought in anybody who brought in an election to dispute that. you have to allow for an early voting site that someone is going to sit there and keep injecting a card how many times are going to vote. we have have time limits in most states. at the end of the day, even if you have that piece of equipment you still have the programming of what engage that card. at the end of the day if there were a hundred people that came in to early vote by signature next to your name and we had 106
1:20 am
votes, we are going to be able to determine fight that number on that card that you don't see, that you voted six times. we don't do how you voted but we know you voted six times. so we will catch it. >> i am for chicago the. i'm from louisiana. so let's clean that up. >> we no longer throw ballot taxes in the mississippi river. >> we have a big lake to do that. >> thank you very much. i you'll i yelled back. >> yes sir, thank you. i now recognize the gentleman from illinois. >> reporter: thank you all for being here. this is such an important subject. i don't know if many more things more important than making sure that our ability to vote is
1:21 am
protected and that we feel confident that everything is being done to make it open and accessible to everybody in using technology to do that and making sure that we are protecting information and protecting that confidence that our polls are accurate, are voting booths are accurate and being abused in any way. i want to thank you for being here, thank you thank you for your work. it is clear the nature of our increasingly connected world has opened up new poll abilities which was on perceived and brought about great new things that we can all agree and improve our lives and functionality of our democracy. it does it in ways that we can exchange goods and services with others as well. a year ago i had a chance to visit with a group my colleague and i saw many of the innovative ways they are integrating technology into their services. they have online voting in many elections in most forms of bureaucratic paperwork are submitted online and more easily searchable for that. while this is encouraging i also realize realize that estonia has as many
1:22 am
people as new hampshire or maine so there are things they can do differently then we as a country of almost 330 million people can do. our states need the flexibility to innovate in the federal government's role should be assisting but not passing down new unfunded mandates which i hear so often from my constituents and from my local government officials on the challenges they face. if i could adjust my first question to doctor. regarding the recent cyber attacks on the voter registration in illinois and arizona, why would an individual organization want to hack into states voter registration information. are they looking for the same kind of information and other data breaches in the retail sector or just personal information? what is the purpose behind these attacks? >> there many different motives to describe. if we're talking about our garden variety, identity theft,
1:23 am
they just want to have the information in the database. if we if we're talking about the nation state actors, their motive could be to get information, but a lot of information is available through other channels. it could be to tamper with information. we have talked at length about the sort of chaos that could potentially cause. >> specifically with tampering, would it be possible to add voters or delete registered voters? >> if it's a database on the computer is simple possible to do all of those things. >> i wonder if i could ask you is the database part of the technical guidelines. [inaudible] >> the voluntary voting systems guidelines are principally for the voting system himself. however, we do have other guidance that my organization has developed over the years to protect information systems of broadly and would fall under
1:24 am
that category. i think yes, separation there is a legitimate way of trying to prevent certain kinds of interactions. >> so that separation is happening,. >> was actually happening in the states is something that i'm not privy to. >> also, from what is know, what kind of guidance for protecting voter registration databases were in place in the two affected states that i mentioned earlier? illinois and arizona. will this consider updates to include water registration databases? >> we will be considering that with regard to our partnership with the eac to provide guidance to the states and municipalities for protecting voting systems with their broader remit perhaps it's one way to look at it. the guidelines that we have in place for it systems have been developed over a number of years.
1:25 am
they involve integrity checks, identity management issues and other things that can protect information. so the cyber security framework that i alluded to earlier helps organizations to craft a way to manage risks in the space. >> again, my time is almost up so thank you for your work. please let us know how we can be helpful going forward. with that i yelled back to the chairman. >> you sir, i now recognize the gentleman from texas, mr. weber. >> thank you gentlemen. i want to do something before we get into this election discussion before we get into this election discussion today regarding the earlier comment of one of the members on the other side of the isle that she was appalled that there was no republican outrage over the russians apparent hacking of the d triple c. i would note that there is probably the same amount of outrage from the democrats over hillary clinton's dumping of a
1:26 am
bunch of emails and destroying evidence in a federal investigation. having said that, in full disclosure, i wasn't election clerk and election judge and a precinct chair a precinct chair for about 16 years in texas. the in missouri county. when we have good old-fashioned paper ballots. as one of the few who raise my hand when we said we want to pass resolution encouraging electronic voting. i said i said i don't i like the paper system, i don't trust the internet now is back in the nineties. it seemed as if we have come full circle. you'll all say that there some states considering going back to paper ballots. so here's a question for i guess all of you, one of one at a time. we'll start with you, what first of all how many states have paper? >> i think there's only five states that are completely without paper. there there some states in the middle that have a mix depending on the county of paper non- paper system.
1:27 am
>> what stays in your opinion has the best system? >> i don't have insight into the system that are being used. >> so you have not formulated an opinion in that regard. >> i don't have the data. >> fair enough. now if you say louisiana, i'm just saying,. >> it well the best system for which the people of that state feel comfortable in voting. >> touché. because, new hampshire, i mean you can just think of the righty that we have had across the board from the east coast to the west coast and oregon. just totally totally different constituencies, totally different comfort zones.
1:28 am
and some people still like going to vote in the neighbor's garage. and if that's what they want to do, then that, then that is good for that state. so, i mean that is the best answer i could give you. i would not, no i would not say that we are the best. although a few years ago they had a set number 18 which would surprise he. because i used to always say if you interview people in the streets of new york on late-night television show they would never mention louisiana as the top 20 but were there. there's not a lot, that's correct, but i think that is probably, i know that is a politically correct answer, but out of respect for all of my colleagues and all of the states. you have to make that decision. >> i would also be diplomatic here. i think if you asked most election officials throughout the country most would say that
1:29 am
the technology they are using, none is on the ideal system yet. they're looking for something new to come around. >> so you don't have an opinion about that. i think the particular state with work being done in los angeles county to come up with a system based on off-the-shelf components that's largely sensible is going to be instructive to the entire field. >> well. >> i'm going to the horn of three different states where i enjoy what they're doing. >> i like california's use of risk limiting audience where you can audit paper and compared to electronic you results. i like what florida has to wear they got rid of the paperless electronic voting machines. my. my parents live in fort lauderdale and they now vote in the later laser print printer on demand so they can have early voting and vote centers. florida is now doing remarkably good stuff. i've course have to say something good about texas. in travis county we are building a really great system and it could potentially be applied in many other places. >> are you from travis county? >> no i live in houston and grew up in dallas. >> okay so let me just also say here, having been the recipient of when a lot of those ballot boxes were carried, missouri
1:30 am
county is a big area and apparently reiger up it's like 40 miles north of the county seat. as an election judge and the general election and we would always take her democratic counterpart in the general election, take them down and turn them into the county. i've been on the receiving end when i took 45 minutes to an hour just for the drive time and people are wanting the results. what, the last question, is that right mr. sherman? >> what is the most critical time of a cyber attack? >> i would say a cyber actor who knows what they are doing is acting months to years in
1:31 am
advance. because they don't necessarily have access. >> i'm saying if they are going to affect the november election coming up, is that something done the night of, the week before? are you saying years that they get into the system years. >> you get in way in advance and then you have whatever effect you're trying to have. if your goal is to create chaos than you want your affect late. and it all depends late. and it all depends on what you're trying to do. >> okay. i yelled back. >> thank you. i appreciate that. i want to thank the witnesses for their testimony and the members for your questions. and the record will remain open for two weeks for additional written comments and written questions from members. with that that this hearing is adjourned. thank you. [inaudible] [inaudible] [inaudible]
1:32 am
[inaudible] debonis covering congress for "the washington post." read his reporting at on twitter @mikedebonis. the heads of the army, navy, marine corps and air force testify tomorrow morning about the armed services long-term budget needs. the hearing taking place as negotiations continue on capitol hill over military readiness under budget caps. live coverage of the senate armed services committee hearing at 9:30 a.m. eastern on c-span3. this weekend on "american history tv," on c-span3 -- saturday evening at 6:00 p.m. eastern -- >> in any war, in any time, weapons dictate tactics. you've probably heard that the civil war was fought with modern
1:33 am
weapons and antiquated tactics. that's not quite true. the civil war is actually an evolutionary war as both weapons and the men who employ those weapons learn different methods to fight with. >> author david powell talks about military theories, battle tactics and formations during the civil war. at 9:00, military historian michael neiberg talks about his book "potsdam" about the 1945 meeting of truman, churchill and stalin to negotiate the end of world war ii and the reconstruction of europe. >> the states of europe didn't interact enough. they weren't cooperative enough. the power in europe became a zero sum game. the problem was to merge europe together, create a european union and the phrase is already out there. so that france, germany, russia, poland don't see events on the continent as a zero-sum game. >> on sunday night at 8:00 eastern --
1:34 am
>> the idea that american presidents have always gotten the very best health care available in whatever era they lived, well, i want to tell you that this is a charming myth. and problems began almost immediately with george washington. >> parkway central librarian richard levinson on myths surrounding presidents and their health. he'll talk about how doctors have sometimes contributed to a president's death or saved them from dying without public knowledge. for our complete american history tv schedule, go to senator ted cruz warned commerce department officials today that they could face up to two years in prison for their efforts to hand over control of the internet's domain name system. politico reports the texas senator alleges they violated provisions outlined in the last government spending bill that prevents them from using funds to carry out the transition. at this three-hour senate
1:35 am
judiciary committee meeting, larry strickling said he's outraged by the suggestion and that he and his colleagues haven't started the transition which is set to begin on october 1st. >> this hearing is called to order. good morning. welcome to the witnesses. welcome to everyone who has come to attend. the internet is one of the most revolutionary forces ever unleashed on the world. this transformational technology has changed how we learn, how we communicate, how we do commerce. how we live our lives. people even meet and get married through the internet.
1:36 am
of course, the internet didn't invent itself. it wasn't invented by any politicians. it was invented by the incredible ingenuity of the american people with the financial support of american taxpayers. in the spirit of freedom and generosity that is the essence of our great nation, the american people didn't try to keep the internet just for themselves, but made it available for the benefit of all humanity. since the internet's inception, the united states government has stood guard over critical internet functions. in almost any other country, that power could have been used to deny internet access to websites that were deemed politically undesirable or unpopular or threatening. or simply disfavored by the powers that be. but not here. not in the united states. because of the first amendment to our constitution which affords more protection for
1:37 am
speech than anywhere else in the world, the united states government, as long as it has authority to oversee the infrastructure of the internet has a duty to eninsure that no website is denied internet access on account of the ideas it espouses. under the guardianship of the united states and the first amendment, the internet has become truly an oasis of freedom. but that could soon change. in 16 days, without seeking the consent of the american people, whouts seeking the consent of congress, the obama administration has stated it intends to relinquish the government's historic guardianship and give it instead to an international body known as icann. what is icann? it is not a democratic body. it is a corporation with byzantine governing structure designed to blur the lines of accountability that is run by
1:38 am
global bureaucrats who are supposedly accountable to the technokrats to multinational corporations, to governments, including some of the most oppressive regimes in the world like china, iran and russia. sadly, icann officials have already begun showing extraordinary affinity for china. the world's worst abuser of internet freedom according to freedom house in 2015. numerous icann gathering have featured chinese officials responsible for chinese government sensorship and propaganda. icann's recently departed president and ceo fadi shihadi made china a central focus within icann, and the future of that organization. mr. shihadi is on record saying from icann's standpoint, engagement with china is not an
1:39 am
option. if we do not engage with china at every level of our community, we frankly lose a part of our global legitimacy. it is striking that an organization we are being told we should trust with control of the internet believes legitimacy depends upon engaging in a regime that is the world's leading censor on the internet. silencing speech on the internet. and that imprisons democracy and human rights advocate and nobel laureate lu xiabo. he left after the transition plan was announced to leave for china's world internet conference. a conference that was rightly criticized for refusing to let "new york times" and "washington post" reporters cover it. as a result, reporters without
1:40 am
borders demanded a boycott calling china an enemy of the internet. and yet we are being asked to trust an organization without having our government have the authority to protect free speech to trust an organization whose former leader who shepherded this plan has gone to associate himself with and stand with those who are in the words of reporters without borders, the enemy of the internet. once the government is out of the picture, first amendment protections go away. the first amendment by its term binds the government. doesn't bind private individuals. that means when icann escapes from government authority, icann escapes from having to worry about the first amendment having to worry about protecting your rights or my rights.
1:41 am
imagine an internet run like one of our large private universities today. with speech codes and safe zones. an internet that determines some terms are too scary, micro aggressions are too troubling. why will not allow them to be spoken on the internet. imagine an internet run like far too many european countries that punish so-called hate speech, a notoriously malleable concept that has often been used to suppress views disfavored by those in power. or imagine an internet run by, like many middle eastern countries that punish what they deem to be blasphemy. or imagine an internet run like china or russia that punish and incarcerate those who engage in political dissent. now some will say none of that
1:42 am
parade of horribles will happen. there's nothing to fear here in handing control of the internet to this international group of stakeholders, this mini u.n. well, that's what this hearing is here to determine. is there something to fear? and i will point out a question i think a lot of americans are asking is, why risk it? the internet right now works. it's not broken. what is the problem that is trying to be solved here? that's what this hearing is about as well. i welcome the witnesses. with that, i recognize the ranking member. >> thank you, chairman cruz. we're here today to talk about the protection of internet freedom. that is an aim that i believe everyone in this room respective of their partisan stripes would
1:43 am
and will support. but i first i'm going to take a moment and talk about what should be happening in this committee hearing room. a hearing on the president's nominee to the supreme court, chief judgemaker garland. until february this year, i would not have thought our obligation to consider a sitting president's nominee to our highest court would be a partisan issue. yet six months has passed since the president nominated judge garland. six months without a hearing from this committee. six months since the president nominated someone and six months since we've had the opportunity for this nominee of impressive intellect, experience and character to answer questions before the american people. there's also important work i believe this subcommittee has left untouched so far. last month senator whitehouse and i support a letter to senator cruz to examine whether our statutes protect our
1:44 am
american elections from the interference of foreign entities. since then there have been even more reports of cyberattacks targeting multiple states, boards of election systems and warnings of this growing threat. unfortunately, this subcommittee has not yet responded to this concern, and it appears there may not be any such hearing in advance of our november elections. instead of deal with a vacancy on the supreme koufrt of the united states and foreign cyberthreats to our upcoming election, both issues which if unaddressed threaten the foundations of our constitutional democracy, we are here relitigating a complex and important issue, but which the senate has already reviewed in great depth. we are here today to have a hearing about the transition of the functions to a multistate holding. they've also had two full hearings on this topic in this congress. stewardship of the internet assigned numbers authority
1:45 am
relates to the technical coordination. and under its current contract with the internet corporation for assigned numbers and names, or icann, they verifies that establishes policies and procedures are verified when icann processes changes. once it's formed that verification, ntia authorizes the implementation. the transition about which this hearing centrally is concerned would remove ntia's intered myiary in this essentially clerical process allowing the process to be completed more quickly. it is not, as many or some have suggested, the united states giving up ownership of the internet. the united states does not own the internet and that bears repeating. today the united states does not own the internet. and transitioning of this internet management function that our government has had a small role in performing to a nongovernmental, non-u.n. group
1:46 am
of technical experts, is a process that has been ongoing since 1998 across both republican and democratic administrations. it is important that we execute this transition properly to ensure the security of our economy, our homeland and our fundamental value of freedom and expression. done properly and openly this can enhance our credibility on the international stage and allow us to continue to play a leadership role in keeping the internet free and open for decades to come. delayed, without good reason, or done improperly, we miss a key opportunity to demonstrate our leadership in the internet. that's why, since 2014, a multistakeholder community made up of businesses, many leading american businesses, technical experts, academics, civil societies and associations have engaged in a thorough and rigorous process to chart the course of this transition. the communities held over 600
1:47 am
conference calls, exchanged over 30,000 e-mails and i want to thank our witnesses today and especially thank those who have been a part of this process. these stakeholders have carried out the important task of ensuring the transition plan satisfies key values laid out by the ntia within our department of commerce. and those are briefly four. supporting and enhancing the multistakeholder model of internet governance. maintenance of the security, stability and resiliency of the internet. satisfaction of the needs and expectations of the global customers and partners and the maintenance of the openness of the internet. ntia has stated it would not accept a proposal that replaces its role in the functions with a governmental or intergovernmental solution. so after this labor intensive multistakeholder process over many years, the plan proposed by the community has not only garnerred the approval of the ntia and has the schts technology companies, industry
1:48 am
groups and civil society organizations who share our profound interests in the freedom, security and economic opportunity represented by the internet. mr. chairman, i ask unanimous consent that a number of importment statements and articles in support of this transition be entered into the record. >> without objection. >> there are many. i will briefly mention there's an open letter to congress signed by microsoft, amazon, google, dell, facebook, intle, hp, the internet association, internet infrastructure coalition, internet society, u.s. chamber of commerce, articles for former secretaries of homeland security, chiefs of staff, ambassadors, seven civil society groups and many others. this san important part of the record of this hearing. this is an important part of what this multistakeholder community meeting means. household name, global leading internet names founded and headquartered in the united states. ideas are exchanged and viewpoints debated. it's also a market place for
1:49 am
global business and as one of the leaders of the senate global freedom calk urks we must engage with individuals, the private sector and other governments to work to preserve the internet as an open platform for commerce and communication. there's been a lot of charged rhetoric about this transition in recent months. i'm eager to hear from our witnesses and move beyond the rhetoric and to understand in detail how this transition can protect u.s. interests and ensure the security and stability of the dns and promote the ability of free expression and global commerce to flourish. one of the most profoundly transformative opportunities and technologies of our time. thank you. >> thank you, senator coons. the chairman has asked to give an opening statement as well. senator grassley. >> the openness and security of the internet of principal importance to all of us who use the internet around the world and yet it is the united states
1:50 am
stewardship and its role over key internet management functions that helps to ensure this openness, security and stability. today this administration intends to end this role, not for technical considerations but for political reasons. this is happening despite the fact that the number of significant questions related to transition remain unanswered, including whether the transition will yield an unconstitutional transfer of united states government property, how the transfer will affect human rights and free speech issues, if u.s.-controlled top level domains such as dotgov and dotnel could be compromised or if the government corporation for assigned names and numbers
1:51 am
will be subject to increased antitrust scrutiny. here at the committee, we continue to engage with the administration about this transition and, to date, answers we received have been very inadequate. it's clear that the administration hasn't conducted a thorough legal analysis of many issues outstanding. in icann, we see an organization that was blasted just this past july by an independent review panel for its inability to carry out basic duties of self-governance. the review panel found that icann board governance committee has, quote, failed several transparency obligations, engaged in cavalier treatment of constituent requests and failed to undertake an examination of
1:52 am
whether icann's staff or contractors complied with their obligations under the articles and by laws of incorporation. these raised serious concerns about the abillities of icann to exercise proper corporate oversight and call into question icann's organizational maturity. these types of governance problems make icann susceptible to corruption and abuse. icann's contract and the united states' continued oversight. such concerns especially when it comes to accountability and transparency are reasons why i have always questioned if the transfer is in the best interest of the american people and global internet users. despite the administration's intention to give up iana
1:53 am
functions, contract, these concerns still persist indicating that this course is misguided and, at beasst, premature. i appreciate senator cruz, your taking the leadership during this hearing and look forward to what the witnesses have to testify about. >> the witnesses in our first panel are the honorable lawrence e. strickling who serves as the assistant secretary for communications and information and administrator for the national telecommunications and information administration. the ntia. the graduate of the university of maryland and harvard law school. mr. strickling preefrsly served as a senior official at the federal communications commission. in the private sector, he served in senior roles of communication service providers, including allegiance telecom incorporated and core express incorporated.
1:54 am
mr. goran marpy is the president and ceo of the internet corporation for assigned names and numbers, icann. a graduate of the university of gothenberg school of business, economics and law, he previously served as director general at the independent regulatory body, swedish post and telecom authority. prior to this, he held the position of ceo and founder of app gate, a swedish security software company and worked as a country manager for cisco in sweden. i would ask both of the witnesses to rise and raise your right hand. your left hand will do. and i hope that you recover soon. do you affirm the testimony you are about to give before the committee will be the truth, the whole truth and nothing but the truth, so help you god? very well, mr. strickling.
1:55 am
we'll hear your testimony first. >> chairman cruz, chairman grassley, ranking member coons and members of the subcommittee. thank you for the opportunity to come here today to testify for freedom. specifically internet freedom. i come here to testify for free speech in civil liberties. i come here to testify in favor of completing the transition of the u.s. government's stewardship of the domain name system to the global multistakeholder community because doing so offers the best hope of protecting internet freedom. protecting internet freedom and openness has been a key criterion for the transition from the day we announced it. the best and most effective way is to depend on the community of stakeholders who own and operate transact business and exchange information over the myriad of networks that comprise the internet. free extraction is protected by
1:56 am
the open decentralized nature of the internet, the neutral manner in which the technical aspects are managed and the commitment of stakeholders to maintain openness. freedomhouse reported recently that internet freedom around the world has declined for the fifth consecutive year, but its prescription for defending internet freedom was clear. it was to encourage the u.s. government to complete the transition to a fully privatized domain name system. what will not be effective to protect internet freedom is to continue the iana functions contract. that contract is too limited in scope to be a tool for protecting internet freedom. it simply designated icann to perform the technical iana functions of managing the database of protocol from ters, allocating ip numbers and processing changes to the root zone file. it does not grant ntia any authority over icann's day-to-day operations or the organization's accountability to the stakeholder community.
1:57 am
extending the contract as many have asked us to do could actually leave to the loss of internet freedom we all want to maintain. the potential for serious consequences from extending the contract beyond the time necessary for icann to complete implementation is very real and has implications for internet freedom and the credibility of the united states and the global community. privatizing the domain name system has been a goal of republican and democratic administrations since 1997. prior to our 2014 announcement to complete the privatization, some governments used ntia's continued stewardship to justify their demands that the united nations or the international telecommunications union or some other international body of governments to take control over the domain name system. failing to follow through on the transition or unilaterally extending the contract will only embolden authoritarian regimes to intensify their advocacy for
1:58 am
government-led or intergovernmental management of the internet via the united nations. as former homeland security secretary michael chertoff and retired vice chairman james cartwright of the joint chiefs staff recently wrote, rejecting or delaying the transition would be a gift to those governments threatened by a free and open internet. over the past two years, the global internet community comprised of businesses, technical experts, public interested groups and governments having engaged in one of the most comle. ing demonstrations of a multistakeholder process ever undertaken. given the intensive level of effort that went into constructing the transition plan and obtaining support from it from all sectors of the community, businesses, civil society and technical experts, it is no surprise that they support the transition. they want to see the united states follow through on its longstanding bipartisan commitment to privatize the do map name system. the transition raises moan questions. none are more important than the
1:59 am
ones asked in march 2014. at that time we also said we would not accept the plan that replaced ntia's role with a government-led or intergovernmental solution. upon the community's completion of the plan, ntia led an interagency review to ensure the plan met these criteria. during this review, the department of justice assessed whether the transition presented any competition issues. and at the end on june 9th, we found the plan satisfied each and every one of our criteria. sig november kantsly in the more than three months since we announced our analysis, no one has taken issue with our conclusion that the plan satisfies these criteria. despite the open and transparent process that developed the plan, misperceptionsth in misrepresentations about the transition continue to circulate. we'll have time to talk through those at our -- through the testimony this morning, but
2:00 am
given the -- my name is nearly expiring, let me close with a commitment and observation. my commitment is this. after the completion of this transition, ntia and the u.s. government will continue to be a forceful advocate to protect and advance american interest. we have always been active participants in icann and other international venues addressing internet freedom. nothing about the transition will reduce the level of effort we put in to representing american interests on these important issues. as to the observation, let me quote an analysis released yesterday by the r street institute whose mission is to promote free markets and limited government. quote, in reality, the internet isn't ours to give away. if congress blocks the transition, it will only make it more likely that the internet will be hijacked by authoritarian governments and special interests. mr. chairman, and members of the subcommittee, i urge you, do not give a gift to russia and other


info Stream Only

Uploaded by TV Archive on