Skip to main content

tv   Key Capitol Hill Hearings  CSPAN  September 15, 2016 4:00am-6:01am EDT

4:00 am
this transition had been tested for 90 days and worked perfectly. that's absolutely true. but it's incomplete. the reason is that those technical transitions had been tied as all the copanelists hear have said, to preform of the accountability provisions that address how icann manages its policy. it is true that it's such a technical decision there's a host of policy that hides behind that is operated. we address sintellectual propery claims. it includes such things as whether or not dot amazon, top domains will be delegated and to whom. those are controversies without saying whether or not you resolved you can see they are issues that trench not upon
4:01 am
technical question but upon real issues of policy and governance that effect the globe all the way around. it is those accountability measures that haven't been test driven yet. before the transition was announced. the accountability of icann such as it was depended upon essentially the u.s. government's exercise of soft power. the persuasion behind the scenes, if you will so it wasn't an explicit control and secretary strickland is right about that, but nonetheless, it was implicit in many ways. that's what's going away. that sortth soft power control and what is coming in instead set of accountability measure that is will lead to empowered community that has the ability to, essentially, that has been tested in suggesting that the need for testing arises. i'm not flying alone out there.
4:02 am
that's what the i can board suggested earlier when the community suggested the sole membership model. they said that if that was the model to be presented and the path forward, it may be prudent to delay the transition and icann has demonstrated experience operating the model and ensuring the model works in a stable manner. it said that was necessary because the new model would upset the balance of power and influence amongst any of the groups within icann which can change based upon the willingness and ability to participate everything the board said is true as well. indeed, i will submit, and this is my opinion, but i would submit that the power community model is more complex and less well grounded in the simplicity of california nonprofit law and the empowered community line.
4:03 am
and so when i suggest that there's a need for a test drive. it is not of the technical system whether or not empower community works and it will not and indeed it is unlikely to last much longer than the time it works since many of those proposals will result in new provisions that would have to go through the new empowered community system. we'll have a chance to see it work. i like i favor this transition, i think it is essential. indeed i think it's essential for many of the reason that is you address for terry earlier. i just don't think that we know whether or not this one will work yet. as it's drafted now, the accountability side of this is a leap in the dark. it's a triumph of hope of experience, if you will, it isn't yet finalized in a way that gives me the confidence to
4:04 am
be short. has gone through a number of stress test. those are immensely useful, sbe lekia -- intellectual hypothesis. a trial period to allow it to operate under the new model completely for whatever period of time is necessary to demonstrate the utility and then completion, an irrevocable completion if the system proves itself capable. to you and it has thus far. thank you very much for that. allowing me to testify today. >> thank you very much. >> let me start by just making an observation for those
4:05 am
government employees who are concerned about whether the conduct they're being asked to carry out is consistent with federal law. mr. strickland pointed a language in the committee report that he said gave them the authorization to do so. as i noted in that questioning and committee report cannot supersede language passed into law. when mr. strickland did not tell you that committee report was a committee report for legislation that, itself, did not pass into law. whatever authority committee report might have for legislation that is actually passed congress and signed into law. a committee report that legislation for legislation that did not pass congresser roi --
4:06 am
letter could only be designed to have a chilling effect on witness participation and to disrupt the oversight functions of the subcommittee, which is seeking immediate answers to sign sensitive questions on an issue that has the full intention of the entire united states congress. i will note that it is more than
4:07 am
a little ironic, which has a direct working relationship with icann and the united states department of congress would seek to stifle individual speech in this way, which just so happens to be the main focus of today's hearing. this letter, unfortunately, perhaps, provides a glimpse into how ver i sign and icann can expect to conduct themselves, given the allegations against you, would you like to offer any rebuttal or response to the letter? >> we did issue a brief comment. i will say first, i've been in the think tank world going on nine years. it was not simply correction and we did note there were confusing word choices in our paper and we're happy to correct those. it was a threat, as you say.
4:08 am
the issue that we were getting at was simply to illustrate. we tend to agree that icann is probably not immuned from antitrust suit and the transition probably won't change that, our point really was to say, there are still unanswered questions about antitrust law. and the purpose of the paragraph that veri sign subjected to what such suits might look like and suggest that it's inherently tied up in controversy auctions in which it's lots of money at state and it has a direct financial interest. we were explaining that it would be unreasonable to expect the plfrs will not bring this kind of suit and antitrust litigation, whether frivolous or meritorious will be used to attack icann and discredit it by those who prefer to push to the i.t. model. >> would you say that threatening witnesses before senate oversight hearing is
4:09 am
consistent with an entity that we are being told we should trust to respect and protect free speech? >> no, sir, although i would just remind everyone this was veri sign and not icann. i'm not accusing anybody of anything. we were simply trying to explain that there are many unanswered questions. the administration says it has zero correspondence about antitrust issues, yet, you heard secretary strickland today say that there was, indeed, some consideration, that didn't turn up in the request that americans for limited government issues. the point of our paper there are many unanswered questions that would have been resolved in a better comment when they had taken public comment and issued full report the way the agencies are suppose to do instead of rubber stamping what icann proposed. >> today, if icann tried to implement a policy, threat and internet freedom. could the united states simply
4:10 am
refuse to renew its contract. >> well, yes, sir. and that is ultimately -- when i say that i support a partial transition, that's what i'm getting at. i'm distinguishing between the right, that's a personal transition, that is different from what you ask about, which is the ability to put the contract out for rebid, that is something ntia has threatened to do in the past. it nearly did so in 2012 and it has used that, as paul said, a soft leverage to discipline icann. that ultimately is the guarantor of this whole system. i just think we should be very careful before removing that bit of leverage, that decision is ir reversible one contrary to mr. strictly told you about nonviolating. >> that's a check that goes away as the transition proceeds. >> yes, senator.
4:11 am
>> following up on that point, in your written testimony, you said, icann exercises these powers as a global monopoly, by virtue of the powers who can sell domain names on line set out in the accreditation contract, they have a significant effect on the future of the internet and seeking additional powers that will further limit the openness of the internet, a working group hand selected by icann's then ceo propose a shift to put all of the world's information about who has registered domain name behind a single gated wall and give icann or its contractor sole power to authorize who is to see that reason and to audit and post penalties on kper net data that icann considers improper? >> that's correct, mr. chairman.
4:12 am
no now. >> now, we're told that in place of the government oversight, we should trust the international stake holders. i would note in your written testimony, secretary strickland said we should feel comfort that the government advisory council requires yuan minty. your testimony said voiced dissatisfaction with the president consensus rule for gaap decision so its impossible could change the method of improving device such that a majority could prevail over significant minority of governance, is that correct. >> yes, it is that's precisely what's stress test 18 asked. i was the first one to raise this by saying the government advisory committee could change its decision making method. but the bylaws were written in a way they will have to give
4:13 am
deference to that advice. we have changed the bylaws, mr. chairman, such that the governess can use any rule, but the only method of decision that our board at icann has to give deference and respect to is decisions reached through unit minty and the government resisted for two years they did not want to have to lock themselves in situation where the u.s. government could with one vote veto with a handful or majority of other governments want to do. those are the kind of fixes that we did specifically in response to that stress test. >> but, the bylaws could still change? >> the discussion of whether and how the bylaws change is true of any organization that lays down bylaws and corporation, any articles, always include a clause that say these can be changed with the majority. but we have gone far beyond the typical assurances of a ceo, former or current. we change the bylaws.
4:14 am
it says it shall be, in california. and if the icann tries to change those bylaws, it requires the approval of the community. the community can block that, the articles of incorporation indicate it has to be a california corporation. if they tried to change that, it would require the consent of the entire community before they could make that change. we have built in as many that we've can to guarantee they'll be subject to u.s. law and situated in california. >> you are correct most if not all have the ability to change. that's one of the reasons why we're not typically in the practice of handing over monopolies over vital infrastructure to private organization because that is too much unchecked power to trust, particularly a private organization, icann is not bound by the first amendment. one of the great services that
4:15 am
the united states of america provides to the world is following first amendment principles to prevent censorship, the alternative and i want to turn to you on this, your written testimony said, it is my view that it is indisputable that under the current proposal, governments, foreign governments, would significantly increase their power in icann versus the status quo. they have the ability to convey advice to the board and the board must implement unless opposed by majority vote. would you elaborate on that mr. rosenzweig? >> yes. before the transition occurred, they were capable of providing advice to the board, that the board was bound by its procedures to seek to negotiate with them, if you disagree with that.
4:16 am
under the internal operation procedures at the time, that advice would have to have been by consensus and the board would have had to have -- would have been capable of rejecting that advice simply by a a% pl50% plu vote of the board. in practice they tended to seek a super majority, but the statutory -- the board statutory majority was simply 50% plus one. the -- with respect to that advice, made two changes, one that enhanced the power by increasing the threshold for which it would be rejected and the other by institutionalizing the consensus requirement, still maintaining the status quo. in effect from where we were before to where we are now. the threshold for rejection has gone up. in addition, and to my mind much significantly, they've been invited to participate as a voting member in the empowered
4:17 am
community. that empowered community will have, as mr. strikling and all the others have said, significant oversight of the board. indeed that is the methodology by which we anticipate the multi stake holder model and for controlling icann board and staff activity. as of right now, they've not determined whether or not to seek that position. but in the event it does, it may very well seek to do so by majority vote, not by consensus vote. it's internal operating procedures, would suggest consensus for that as well. they'll subject to majority rule change. so we have gone to a place in which the board, by 50%, plus one could reject the advice and they had no formal say in oversight of the board to position in which there's a higher threshold and it's been
4:18 am
invited to sit as a voting member. i suggested two years ago that one of the key tests for the suitability of this, is that remains in a purely advisory role. the transition changes that. it remains to be seen, whether or not that will have significant effects or only partial effects, again, a reason why i suggest at least a trial period is necessary. >> and i want to make sure that it is absolutely clear to this committee and to the american people, your testimony is that if the obama administration's proposed transition goes forward, that it is indisputable overregimes hostile to free speech on the internet. >> i think the other government that loses pow ner this transition, is the united states government.
4:19 am
all the others gain power. >> and why, possibly, would it be in the interest of the united states to put forward a proposal that weakens the authority of the united states and that strengthens the authority of russia and china and iran? >> i'm not in a position to answer that question on behalf of the united states government, sir. >> well, hopefully the united states congress is in a position to answer that. one answer that we have been given by some witnesses is that we should rest comfort that icann once held accountable. once lacking any supervision. can be comfortable will remain domicile. i've been reading your testimony you wrote tf idea that pack up and move has been contemplate d
4:20 am
td -- discussed earlier in this hearing of discussing a parallel, legal, international structure, maybe in switzerland for icann and the senator's exchange with mr. strikly, it was suggested that perhaps that referred to something completely separate, independent and nonicann itself. and, yet, your written testimony suggest that interpretation is incorre incorrect. specifically you said in july the french sent swiss model that will instead of transforming to one country, one vote like the itu have icann assume international legal personality as "world icann on the model of the red cross; is that correct?
4:21 am
>> that's my understanding of the french senate report which i understand to be in reaction to the testimony. i do not know if that translation was accurate, but it certainly is there interpretation of what he was s saying and it is that there is no concrete assurance beyond an exchange of correspondents and dot mill will remain under control of the united states government. right now for consumers, that is an essential consumer protection, if you go to to see if that official government records, you have some degree of confidence that that is not an illegal scammer, if you go to,
4:22 am
you have some degree of confidence that this is not a phishing scam identity theft. under this transition, there's no assurance dot-gov and dot-mil will remain with the united states government s that right? >> there is no assurance beyond the letters exchanged which as i understand are not enforceable contracts. to the extent that you think that letters are themselves an assurance, then they stand in that stead. but i am puzzled by the argument that entering into a contract about these somehow derogation of sovereignty. i have not heard that until assistant secretary said that earlier today and so i haven't had the chance to think about that. but the government enters into contracts about its intellectual property and other property all
4:23 am
the time. so i want to see that analysis and think about that some more. i don't have that piece of answer for you. >> okay. thank you. >> thank you, mr. chairman. this has been an interesting engaging and long hearing. i want to thank you for being engaged about property and governance and control. and i will try my best in a few minutes to get to what i think are some core issues that still very much deserving of our time. and first, i must compliment you in using the word recoco in your testimony. we both agree that it is just all too rare that we have a naerg which that term is casually dropped into conversation. >> thank you. >> and perhaps it's a good sort of word to summarize the entire underlying challenge here which
4:24 am
is it that the construct, the very thing about which we're talking is very complicated. it has an architecture that is literally recoco in nature. and getting what, what is at stake and what is not at stake and what is in transition and not is challenging. and that's exactly why misleadi misleading or overheated red rick about what under way, avoiding that is really important. seeking control where none exists only results in the loss of influence. and it is exactly this sort of basic assumption that the transition is handing over a mondopol monopoly. a lever that allows complete control over the internet is exactly that, i think, misunderstanding. that is at the core of the different trajectory of the
4:25 am
questioning that the chairman and i pursued today. so first if i might, what is the risk of a fractured internet? are we handing over the keys to the kingdom and handing over the internet to regimes hostile to free speech or demonstrating good will and reducing the threat that there will be a parallel competitive structure for the dns and that that will tleed a future fracturing of the internet? >> i agree with you that it is the latter. the question is whether or not we'll keep to our own commitmentes to a governance
4:26 am
structu structure. the entire system we're discussing is in fact voluntary. so what we have in this instance sin fluns,en that influence is born of integrity and good behavior and keeping promises that we make. ambassador gross did an mazing job for the bush administration in pushing back on authoritarian regimes that were trying to get some momentum about bringing icann functions to an intergovernmental body. and did he so by reaffirming america's commitment to the multistake holder model and to an open internet. so you disempower people like ambassador gross whether you turn around and say just kidding, we actually think it's important that we keep control over this even though that control is ilucary wlachlt is the problem? what is the down side consequence to a delay?
4:27 am
i think that dhsh is all symbolism. and so the symbolic gesture of saying government needs to be involved. it needs to be us. we don't it this multistake holder community is capable of governing the internet. i think saying that has dire consequences. >> and let me make sure i asked an important question here. articulating great detail very unsatisfactory experience with an auction process. someone that worked for a private kplp that lived and died by the trade marks and also involved in very unsatisfactory action to secure our trade mark website, that sound like a really bad experience. i just want to make sure that i understand. you said something that surprised me. i perhaps hadn't read fully enough your testimony in advance. that changes in accountability, several of you have testified you've been critics of icann for a long time and yet are very
4:28 am
actively engaged in this process. the changes in accountability and transparency and process improvement that's have been agreed to are conditioned upon transition, is that correct? >> they are. the board put them in place but said they take infect upon the date of transition. now they committed that if the transition were delayed that they would work with the community to figure out what parts of those new by laws could still survive. remember, the changes we made over 215 pages assume that now the community can fire icann if they don't run the protocol names and services correctly. we would lose that capability if we never turn it over. then we would relitigate all of the powers that are essential to ensure we have decreased the power of governments in icann, not increased it. >> so let's stress test the proposition. we have both ends of the table that say the transition in general is a good idea.
4:29 am
we should privatise fully. but it's not ready yet. and there is too risky. interest tl are some demonstrated instances where ican has not performed to the level that we hoped. mr. horton raises a variety of areas where one can debate whether it really is or isn't icann's function to police the actions of registrars. certainly there are examples where their actions have not held up to the highest standards we would hope. in your view, do the risk of delay in this transition outweigh the risks of a staged transition where it is sort of temporarily given or the transition is done in a series of stages? >> yeah, the entire premise for a test drive or test period is completely mistaken. it assumes the new mechanisms that we designed would have any reasonable probability of actually being tested in two months or two years. remember, these are extraordinary powers to spill
4:30 am
the board, block the buy laws change and budget. it could be years, many years before those rever invoked. so the notion that all those mechanisms have to be tested would never provide an assurance that trance woigs ever occur. it's as if the u.s. constitution had lots of powers in there like articles of impeachment but england you this never let go of america until a test period occurred where all of the powers could be tested to their full degree. the internet is about a leech faith. the private sector community can challenge what icannz i would visit miss grove and mr. horton to engage within icann why we change the rules for new level of top level dough mains. ask misgrove what disquauction criteria would we have so an applicant with the hist like the one you claim you're competing with would not be allowed to compete.
4:31 am
and help us design ways to force icann's kblicompliance to investigate and respond. they have no power to do anything whatsoever to help miss grove or mr. horton. only the community can. and only with the new bilaws. the community could never have the capability to force icann into a tighter level of compliance. >> you're going to take a seat on the icann board. is he correct? >> he is. and i would like to just add on to his point about the test drive that the purpose of these powers is to encourage, one of them, is to pro actively encourage good behavior. nobody wants to spill the entire board of directors. what we want is to make sure that policy development processes are respected that icann implements those properly and the like. so i agree with that.
4:32 am
i think that as i move on to the icann board, to me, the huge challenge is that icann board has to embrace this. and they have to create a culture in icann that embraces these changes. i think that the process of unpacking the current accountability provisions in the bilaws would take years and be very disruptive to the community. the other thing is steve talks a lot about the powers. i want to talk about the creation of the independent judiciary at icann which we now have for the first time. that fundamental level of government has been missing at some level. we know that irps are affected. now they're going to be much more accessible. they are going to be binding and they're going to test icann
4:33 am
against a very clearly limited and enumerated mission statement and a set of commit mentes and core values that form the compact between icann and the community. i think that sets up a new atmosphere that will hopefully change. >> i just want to thank the entire panel for their testimony on this very kblikt complicated important subject. it seems to me from what i heard that it's important to grasp that icann and the current dns structure not the only way for the architecture of the internet to be managed and governed going forward and the risk we face of indefinitely delaying this transition or failing to keep america's word expressed over several administrations and several actions of congress that the risks outweigh the risks of the new structures succeeding. and on some level what we are
4:34 am
being asked to do in this transition to trust that the american private sector has actually done a terrific job of improving some of the flaws and failures and challenges. thank you for your service. >> thank you. ms. grove and mr. horton. they made reference to your testimony. would either of you care to respond to what he suggested? >> thank you so much, senator cruz. our experience as a bad experience and i understand how it can be chalked up to that. it is deeper than. that there was a story that prevented icann from being able to give our name to the other applicant because they had a number of uniformed dispute resolution policy decisions
4:35 am
against it already. that should have prevented it right there. icann didn't find the own guide book and there was no one accountable to help them to to do that. they decided to take a hands off approach it to. so even though it is complicated, even though people spent a the love time working on it and we do have a person that's involved in a multistake holder group on our behalf, you don't have to spend thousands of hours doing that or be an $800 an hour icann attorney to see sfru to bring the whole world of multistake holders together to hold icann to follow its own rules, it's going to be very challenging to hold them accountable at all. >> thank you. thank you for the opportunity to respond to. that as to the suggestion that i spent time getting involved in the icann process, i already lost countless hours of my life
4:36 am
doing that talking about compliance and other issues. the problem is that icann does not follow what is already written and already been developed by the multistake holder community in the registrar accreditation agreement. and as to why that happens, the sprob a fundamental one of transparency. when you try to get to the core of the problem, it's like a secret court. now part of the problem here is that multistake holder community is -- the fact that it's sop a good thing. but anybody can be involved in what is a very complicated process and it's hard for a lot of entities that had a stake in the future of the internet to be involved in these complicated and very bureaucratic groups without det dedicating a full time employee or employees to these processes. some of most motivated sectors are the registrar and the registry sectors which have a lot of power in the multistake holder community and do not want compliance to exercise the functions that are clearly
4:37 am
written in the registrar accreditation agreement. so that is part of the problem. >> thank you, mr. horton. i want to thank each of the witnesses on the panel. you know, i will say we heard a lot of interesting expert testimony. i thank you for the time you put into writing your testimony, to coming here and answering these questions. in my judgement the most powerful and most troubling testimony we heard today was that it was indisputable that this administration's transition if it went forward would increase the power of foreign governments including russia and china and iran. and decrease the power of the united states of america. i'm reminded of the 1970s when president jimmy carter chose to give away the panama canal.
4:38 am
and likewise today, the internet is working. and this is a solution in search of a problem. it is my hope that he exercise the article one authority and protect free speech. keep the internet free of the coercive authority of foreign government that's would love nothing more than to silence and censor free cheech. i want to thank each of the witnesses again for coming to testify and we'll keep the hearing record open for an additional five business days. it will be closed at the end of the business day on wednesday, september 21, 2016. this hearing is adjourned.
4:39 am
4:40 am
its heads of the army, navy, marines and air force testify tomorrow about the long term budget needs. the hearing taking place as negotiations continue on capitol hill over military readiness under budget caps. live coverage of the senate arms services committee hearing at 9. 306789 a.m. eastern on c-span3. the house is set to take up a resolution calling for the impeachment of irs commissioner john coskanin. the white house is weighing in saying the bill shows misplaced priorities. we spoke to a capitol hill reporter for more details.
4:41 am
mike debonis covers congress for "the washington post." here to talk about the irs commissioner impeachment resolution set for floor debate. who and what are behind this effort, mike debonis? >> sure, the resolution that is coming up was filed by two house republicans. john fleming and tim huelskamp, members of the freedom house caucus. they have been frustrated by the -- not only the allegations against the internal revenue service but by the failure of the -- what they allege, the failure of the current commissioner to comply with congressional subpoenas, provide testimony to congressional committees and otherwise restore trust in the agency. and they have also been frustrated by the fact that the chairman of the relevant committees, particularly judiciary committee chairman bob goodlatte hasn't moved forward
4:42 am
with a formal impeachment proceeding. they've filed this privileged resolution that short circuits that process and brings it directly to the floor. >> one of your current articles on "washington post".com has the headline impeachment showdown begins as house conservatives take aim at irs commissioner. is it possible this is a showdown not only with the administration but with house republican leadership? >> that's absolutely the case. i don't think this is a fight that speaker ryan or other members of the house republican leadership are particularly relishing at this point. i think that certainly there are conservatives who are very upset with the irs and not only the way that they handled their scrutiny of conservative political groups but also the way that they handled congressional inquiries into it. but i think that there is somewhat widespread -- i would say skepticism over whether impeachment is the right remedy
4:43 am
to what's gone on. no one has been particularly vocal about saying that this is a bad idea, but you have heard speaker ryan, the majority leader kevin mccarthy both say they wanted this process to regular order, which is code word for saying the relevant committee should take action rather than short-circuiting that process and taking it to the floor. >> they're getting together for a special meeting. what do you expect to happen? >> a classic house republican family conversation as they like to put it. they get together behind closed doors and mr. fleming and mr. huelskamp are going to be able to make their case for doing this. and i would expect that, you know, we would hear from probably chairman goodlatte, probably from other folks, speaker ryan is expected to be
4:44 am
in the room. and they are going to sort of make their cases to -- in terms of what is the best way forward on this. and we'll see later in the day how exactly that shakes out. >> the irs commissioner john koskinen has made a couple of visits to capitol hill meeting with members. what has he been saying in his defense? >> he has actually gone and spoken to some of his most pointed critics. he went into the republican study committee meeting. and basically his message has been this. even if you think i've done terrible things and deserve to lose my job, you should follow the usual impeachment process, and you should not be engaging in the short-circuiting of the process. you should, you know, the judiciary committee should have full-on impeachment hearings. i should be given an opportunity to formally present a defense. i should be granted due process,
4:45 am
and then it should be up to the judiciary committee to vote articles of impeachment and send them to the floor and if the house sees fit, send those to the senate for a trial. that's not the process we're in right now. >> is the only option here an impeachment for john koskinen? are there other methods of discipline that congress can mete out? >> y there's been some discussion of a censure. in fact, the oversight and government reform committee passed a censure resolution through the committee earlier this week. it has not gone to the floor. that is an option if that's what leadership feels that the conference is coalescing behind. but there are other options as well. i mean, to discuss the vote we're going to have tomorrow, you know, there are a number of ways that could be, you know, disposed of short of voting it down or voting it up. you know, it could be perhaps even likely will be a motion to send it back to the judiciary committee. in other words, say, hey, we are
4:46 am
going to follow the regular process here. and the committee determines that impeachment is warranted, we'll continue. there could also be a motion to table, which would basically kill this effort entirely. >> this impeachment issue, another ingredient in that bubbling issue of issues to get done before september 30th, what can you tell us in terms of an update on where we are on some sort of government funding measure to take us past september 30th. >> not a lot seems to have changed outwardly in the last 24 hours or so. harry reid, the democratic leader in the senate told reporters there were still multiple issues to be resolved. one of the, shall we say, the hairiest issues is whether funds
4:47 am
in the zika package are going to go to an affiliate of planned parenthood in puerto rico. apparently there is no resolution there, but if past is prologue, a quick resolution if, at least in the senate, if these negotiators find some common ground. the senate tomorrow is going to clear the water resources development bill, and leader mcconnell has made every indication he wants to go quickly to the cr, the funding package after that. >> mike debonis covering congress for "the washington post." read his reporting at on twitter @mikedebonis. the house will not vote to impeach him on friday after gop negotiators reached a deal to postpone the vote. the impeachment effort which is backed by congressman jim jordan's group put out a tweet. they reach an agreement with house leelders to hold
4:48 am
impeachment hearing next wednesday. the shouse back in at 9. 306789 a.m. eastern live on c-span. >> adams was not a good president. he was not a successful president. and if his career had ended at the end of his presidency, as his father's career ended at the end of his presidency, i don't think i would have written a book about him. >> sunday night on q&a, a columnist talks about his big "john quincy adams, militant spirit." >> the thing that strikes you. he's a politician. he's held elective office. he's done whatever you do to win. he didn't form alliances. he didn't do anything that you would do in order to be able to persuade people who otherwise might not go along with your agenda to do so. and so his four years in the white house were just pain. just pain.
4:49 am
everything was hard. he achieved almost nothing. >> sunday night at 8:00 eastern on c-span's q&a. now louisiana's secretary of state testify on efforts to prevent moting machines from being hacked. this house committee hearing is two hours and 15 minutes. welcome to today's hearing entitled protecting the 2016 elections from cyber and voegt machine attacks. we're here today to discuss the
4:50 am
subject of election security. it's hard to imagine a more bipartisan issue. election security is fundamental to the fairness of elections and democracy in the united states. elections are a key component of democracy and voting is the very essence of what president abraham lincoln meant when he said a government by the people. when our citizens vote, they choose a direction and set priorities for our nation. elections with integrity strengthen democracy. they confirm legitimacy and boost public trust in government. concerns with earlier versions of voting and election systems led to the passage of the 2002 help america vote act. this act requires the national institute of standards and
4:51 am
technology over which we have jurisdiction to work with the elections assistance commission on technical, voluntary guidelines for voting. today we'll discuss the current technical voluntary guidelines in place that -- in place for states to protect their voting and election systems. though these guidelines are voluntary, i hope to hear whether they are sufficient to safeguard our elections and whether states infeeffectively them. this discussion is timely as concerns are raised in recent months about the vulnerabilities of electronic voting machines, voting over the internet, and online voter registration. in response to the concerns, our discussion today will review the security of the election system in its entirety. we will examine what guidelines are in place, how we currently protect systems from potential technical vulnerabilities and what kind of work including research and development in my home state of texas is under way to protect future voting and
4:52 am
election systems. last year hackers stole personal information on more than 22 million current and former federal employees including those involved in our national security effort with the highest security clearances. the tacks voenter registration data bases in illinois and arizona are the latest instances of such attacks this time with alleged ties to russia. we have yet to take decisive steps to defend ourselves and deter attackers. the president says we're more tech tech know logically advanced than our adversaries. so why won't he take the necessary steps to prevent cyber tacks on our election systems by foreign governments?
4:53 am
this committee held half a dozen hearings on cybersecurity issues in this congress. we know it isn't enough to respond to cyber attacks with diplomatic protest. we're going to hear from witnesses today about how the federal government can help states keep our election systems secure. this administration and next administration has to take decisive steps to deter and sanction foreign governments in cyberspace. that concludes my opening statement and the ranking member of the gentle woman from texas is recognized for hers.
4:54 am
>> good morning. ensuring that our elections are fair and accurate is fundamental to our democracy. every instance of malfunctioning voting technology and without question every cyber attack by election system is significant. and all efforts to improve voting security reliability, privacy and access are welcomed and important. i am confident about the testimony of today's experts and many others that we are in a much better place today than we were ten or 15 years ago. the u.s. election system is
4:55 am
riddled with fraud and somehow rigged. they're not support bid actual facts and they threaten the election process we have relied upon for more than two centuries. i'm eager to hear from the distinguished panel today about the challenges of securing our election system in the digital age. and what actions have been taken at the federal, state, and local levels to strengthen cybersecurity. however, given the reckless rhetoric as well as other serious threats, our election system is facing, i want to take this opportunity to put the cybersecurity challenges in context.
4:56 am
further, there are few connections between individual voting systems and the ient it in. 75% of the voters will be able to var vie their swroet a paper ballot this fall. this compartmentalization and paper trail provides a strong fire wall against any cyber threats. the recently publicized attacks against voter registration roles in arizona and illinois are serious but have not resulted in any changes to voter data or to any voters. what i find most concerning is that they may be linked to the russian intelligence operation. so we must be vigilant. and i hope these incidents will lead to improve cybersecurity protocols and practices. while security of the election
4:57 am
system is important, voter access is funneled. al to our democracy. baseless allegations of widespread voter fraud have been used as an excuse to december enfranchise young voters through zprim in a torre voter id restrictions. news 21. a journalism program established by the carnegie corporation of new york and the js. and james l. knight foundation found voter impersonation fraud to be extraordinarily rare. and analysis of 2016 alleged electi election fraud cases in all 50 states from 2000 to 2012, out of 146 million registered voters identified only ten cases of voter impersonation fraud. you don't enact laws because 10 cases of fraud of 12 years unless you have anal tearer motive. fortunate lishgs the courts have
4:58 am
been right through the most blatantly discriminatory state laws. in addition to the state sanctioned voter id laws, the center for justice and others have continued to document cases of voter intimidation, deliberate spreading of m misinformation to keep minorities and students from voting. and other attempts to target and disenfranchise minority and young voters. these threats to tens of hundreds of thousands of eld jibl voters whether orchestrated by public officials or lone trouble-makers should be taken as seriously as a cyber threat. mr. chairman, i know my remarks have moved beyond the intended scope of this hearing. but you know how well how passionate i am about this issue. it is my hope that with this hearing we can have a thoughtful discussion of the challenges and actions that have been taken
4:59 am
related to cybersecurity and other voting technology issues while avoiding adding to the noise and confusion surrounding these issues just eight weeks from the crucial election. >> i yield back. >> our first witness is dr. charles romine, director of the information technology laboratory at the national institute of standards and technology n this capacity, he oversees a research program that develops and disseminates standards for inoperable, security, reliability of information systems which include cybersecurity standards and guidelines for federal agency and u.s. industry. he previously serve as a senior
5:00 am
policy analysis at the science of technology policy and a program manager at the department of energies advanced scientific computing research office. he received both his bachelors degree in mathematics and philadelphiaed in applied mathematics from the university of virginia. i'll now recognize the gentleman from louisiana, mr. abraham to introduce our next witness who happens to also be from louisiana. >> thank you, mr. chairman. it is my pleasure to recognize honorable tom shedler, the secretary of state from the great state of louisiana. he was appointed to the position in 2010 and was relekted in 2011. he was on the task force for emergency preparedness for elections. as secretary of state of
5:01 am
louisiana, he is commit froed tekting and defending the intel rit of every election in the state and worked diligently to streamline the election process. the results have been a more efficient and cost effective system with louisiana becoming one of the first states to implement online voter registration and the first state in the country to launch a smart phone app for voters to use to get timely election information. my pleasure for you to be here. i yield back. >> thank you. thank you, mr. abraham. our third witness today is mr. david becker, executive director and co-founder of the center for election innovation and research. mr. becker founded ceir to increase voter turnout and give election officials the tools they need tone sure all eligible voters can vote in a system with maximum integrity. prior to finding cier, he was director of the program at the poo charitable trust where he
5:02 am
worked on election administration. the reforms included using technology to provide voters with information they need to cast a ballot. mr. becker received both his undergraduate and law degrees from university of california at berkeley. our final witness today from my home state of texas is dr. dan wall 5: wallach, rice scholar at the baker institute for public policy at rice university. dr. wallach's research covers a variety of topics in computer security. this includes electronic voting system security where he served as the director of a ntf funded research center, a center for correct usable reliable auditable and transparent elections. he also served as a member of the air force science advisory board from 2011 to 2015. dr. wall allach earned the bachelors degree in nrl engineers and computer sciences
5:03 am
at uc berkeley and masters and phd from princeton university. we welcome you all. we appreciate your expert advice. if you will begin. >> thank you, mr. chairman. chairman smith, ranking member johnson and members of the committee, thank you for the opportunity to discuss our role in voting systems. improving voting systems requires an interdisciplinary collaborative approach. they mao be accurate and reliable, cost effective, secure and usable and accessible to all voters. the design and stad ardz must consider the diversity of voting processes and balance across the states. and none of these can be considered in a vacuum. the expertise in testing, certification, information security, trusted networks, software quality and usability and accessibility provides the foundation for our voting systems work but our experience working in multistake holder processes it s. critical. we must bring together election
5:04 am
officials, industry, technical experts, and advocacy groups to address this challenge. the role is limited to the research to develop standards, tests, guidelines, best pract e practices and assistance with laboratory accreditation that the election assistance commission and state and local jurisdictions may use at their discretion. since the signing of the help vote america act, we part nerd with the eac to develop the science, tools, staenld ardz necessary to improve the accuracy, reliability, usability and accessibility and security of voting systems. our joint accomplish mentes include new voting system guidelines, guidelines in support of military and overseas voters empower ment mark and the citizens ab seven tee voting. the establish. of a testing laboratory for voting equipment and testing and certification program upon when
5:05 am
r which many states depend. the technical guidelines development committee, a federal advisory committee to the eac charrod by nist assists in the development of the voluntary voting system guidelines. in 2015, the eac approved the tgdc's latest recommendations, voluntary voting system guidance or vvsg 1.1 with new requirements for human factors, audit and election logging and new security requirements on access control, physical security, auditing, software quality, and software integrity. to support overseas and military voters including the use of internet to cast absentee ballots this research concluded that deployed technologies and procedures o could mitigate manufacture the risks socialed with blank ballot delivery. but ballots over the internet were more serious.
5:06 am
based on that research, we documented best practices and considerations for election officials on the use of electronic mail to expedite transmission of voter registration materials and blank ballots. in early 2011, they analyzed current and merging technology that's may mitigate risk to internet voting. we also identified several areas where research and technological improvements are needed to ensure the security, usability and accessibility of internet voting. many of these challenges are not unique to internet voting such as strong identity management, protection against malware and resiliency of internet connected systems. the unique challenges of internet voting are the requirements and expectations notably ensuring the integrity of the voting process while protecting privacy. the eac recently organized public working groups that provide an open and transparent develop ment process and give the eac and state election officials the opportunity to
5:07 am
work directly with academic industry and federal government experts. the working groups help inform nist, the eac and tdgc. there are three election working groups, preelection, election, and post election that are providing insight on election processes. these groups are supported by four technical groups, cybersecurity, human factors, interoperability and testing. the election working groups take input from the technical groups to inform requirements develop ment for consideration by the tdgc. ensuring that voting systems are security and auditable is critical to providing trust and confidence in the vote prague ses. the cybersecurity technical group is developing guidelines and best practices to secure voting systems. the group is focused on election security best practices including physical security, auditing, and contingency planning. to provide a firm foundation for next generation guidelines, they're researching threats and
5:08 am
vulnerabilities to voting systems and best practices and technology that's can mitigate those risks. as part of that research, they cataloged published vulnerabilities and weaknesses in voting system software. the zboel to understand the types of vulnerabilities and voting systems by looking at historical evidence and creating a voting specific list of eventualer in anlts and mapping the weaknesses. this work is identified issues that should ab dressed in future security requirements and test methods and by voting system manufacturers. we're committed to continue collaborating with the eac and others to define our role. we leverage our research which is applicable to a wide variety of organizations and used by governments throughout the world. active collaboration is the only way to effectively meet this challenge. thank you for the opportunity to testify today on this working voting systems and i'd be happy to answer any questions you may have. >> thank you.
5:09 am
and secretary skedler? >> thank you. wanlt to thank the committee, chairman smith and ranking member johnson for the invitation to address you to day. i think it's very important for you to hear from actual election officials who actually conduct elections. and our job, at least in my opinion, is to make voting easier, more accessible and to make it tough to cheat. voters are questioning whether their vote will count. ed we are an all high alert. this whole exercise has put every one of the 50 states on working on national security issues with all national agencies in an effort to improve the system we have or to recheck the system we have. states are always evaluating mng plans. i'm dealing with 30 precincts from the record flood wheg in
5:10 am
the baton rouge area on contingency plans on what i'm going to do to move the presirvegts. are we concerned about potential interference into our election prosnes we absolutely are. we have some 10,000 jurisdictions of voting in this country. hundreds and thousands of voting machines and various locations. the complexity of the election system reinforced the election process. if you think about the complexity of that it makes it difficult for them to disrupt a federal election. specifically, while states have developed online registration, some 31 stace at the best practice to improve customer service they also developed different ways to guard against
5:11 am
intrusion. information clkted through our voting registration does not flow directly into our statewide system. instead of voting information is sent from a website to each perish register in the state of louisiana. they have direct access to the data base, not the voter. while it is disruptive to have registration systems hacked like we saw in illinois, voters can still vote. election day would still occur. anyone who discovers an issue has the option of a provisional ballot. and remember, no voter information was added or deleted in arizona or illinois. so far scientistses have succeeded in hacking voting machines when favorable
5:12 am
conditions exist. they do not exist on election day. including plenty of time and unfeathered access. there is no evidence that ballot manipulation has ever occurred in the united states. no state has internet voting. and our voting machines are never connected to the internet n louisiana, aulg machines are secured in state owned warehouses aushlgs maintenance including most up to date software applications as well as programming is performed by vetted secretary of state employees, not outside contractors, additionally before every election louisiana publicly performs and tests seal process in which we demonstrate that each machine is working properly before locked with a tamper proof seal. that testing process is also done at the -- end of each election day to demonstrate that each machine is functioning post election which is required by roughly 60% of the states.
5:13 am
and if necessary, the majority of states can make paper ballots and audits available if recount or review becomes necessary. finally, please keep in mind that timing is critical. elections are no longer one day events and voting is occurring right now as we speak. ballots have been printed, absentee ballots are in the mail and in person voting begins in days. to say this is not a good time for election officials to be discussing this subject instead of real time preparation is an understatement. the train has left the station. doing during a call with jeb johnson in mid august, my colleagues and i were sure there fwhob intent to declare an election estimate as part of th elections. i've been very vocal that no matter when it would occur that, would undercut the constitutional role of states and local jurisdictions.
5:14 am
it would complicate our ability to properly secure elections. there is not enough clear information on what the designation would mean or why it is necessary. states get what we need through existing networks including the united states elections assistance commission and the national institute of standards and technology which already identify the counter testing certification. in most standards needed to reveal science of tampering. there is a role for congress in. this most states purchase the voting machines using federal dollars, back in 2005. but there is bill interest on the hill when it comes to helping replace our aging systems. i suggest you revisit hava and see how an investment and voting technology can benefit our nation in the long yun. in the meantime, we received a sobering wakeup call on cyber attacks. states will continue to take a pro active approach to secure our election systems and i want to assure every american and i speak for all of my colleagues
5:15 am
and secretary of states association that next president will be determined by vote of the people and every vote will count. thank you for allowing me and my comments. >> thank you. mr. becker? >> good morning. thank you, mr. chairman and ranking member johnson for the opportunity to testify today on the important iru of security of our election system. i'm david becker, the executive director of the center for election innovation and research, a nonprofit working in partnership with secretary shedler and improve our elections. my experience goes back two decades as a trial attorney with the voting section of the bush and clinton administrations and i observed dozens of elections nationwide. then serve ford several years as the director of elections program at pugh write oversaw efforts to use technology to improve the suspicious and security of elections. as an initial matter, we should be clear about the election systems in place and what they each do and what if any relative
5:16 am
vulnerabilities might exist. voter registration data bases are a key election system and have been in the news a lot lately. there is a breech of the it illinois data base where personal data from several thousand vote areas pears to have been accessed n arizona, it appears the state detected and attempted hack of the state voter registration data base and prevented access of any private dat yachlt initial investigations suggest no voter data was changed. the voter registration list remained intact with the primary goal of the hack seemingly to be to access personal data for the purposes related to identity theft rather than to manipulate the voter list. while we should be vigilant, to my knowledge every state creates a regular backup of the voter registration lists. most states on daily basis. should anything go wrong with the data bases, the list can be reconstructed prior to the election. there are express concerned about the hack of the national democratic committee e-mail system that system is completely different than the election
5:17 am
systems in place. that was an tack on a centralized e-mail server which bears no analogy to the highly regulated systems in the states. the voting machines include paper ballots or electronic devices on which votes are cast and include vote tabulation equipment. and with regard to the systems, i can say that. no systems are 100% hack proof. elections in this country are secure. perhaps as secure as they've ever been and voters should be confident that their votes will be counted. there are four primary reasons that volters should feel confident. first, our election system is highly decentralized. each state governs the elections independently. and there are many individual election systems, counties and towns totalling 10,000 nationwide. that actually administer those elections. even within many states counties use different systems and dozens of different technologies and within the thousands of election jurisdictions, there are well over 100,000 election day
5:18 am
precincts where ballots are cast and collected. that's just on election day. not taking into account the thousands of early voting sites and mail ballots that will be utilized this november. thus, there isn't a single or concentrated point of entry for a hacker. rather there are thousands of points a hacker has to navigate to manipulate the results of a national election. second, voting machines are kept securely. these machines are subjected to rigorous protocols for chain of custody and testing in every jurisdiction. they're held under lock and key with additional protections in place to ensure that nobody without properly credentials can access the devices. it is exceedingly difficult to gain access to the machines and nearly impossible to gain access to more than one. prior to every election, not just federal elections but every time the equipment is used these machine goes through a series of tests to confirm they're working as intended, recording and tabulating votes accurately.
5:19 am
third, unlike voter registration data bases or e-mail systems, i know of no jurisdiction where voting machines are connected to the internet. this makes it nearly impossible for a remote hacker whether in moscow russia or moscow, idaho, to access the equipment and plant code or otherwise hack the system. without connectivity to have unfeddered physical access and enough time to sabotage one machine to impact the results on one device in one polling place, to manipulate a vote will have a conspiracy of hundreds of thousands and to go undetected. that brings us to the fourth reason. even if hundreds of thousands of conspirators operated undetected on a range of system defeating the testing and chain of protections, it would have know infect on the vast majority of election results because 75% of voters vote on paper ballots on a device that creates a paper record 367892 plus d.c. avs 2014, there is a post election
5:20 am
audit requirement that mandates they match the paper record to a digital record and recount the paper ballots. the states that require such an audit include the battle ground states of arizona, colorado, nevada, north carolina, ohio, pennsylvania, virginia, wisconsin and others. even if a grand conspiracy were viable, a post election audit requirement would discover it. there has been a lot of hyperbole surrounding this election. the process in place to ensure the integrity of our system should not be part of the political rhetoric. there are far more working quietly and collaboratively at the federal, state, and local level. an election officials across the political spectrum are working to secure or voting systems and reassure voters this election will accurately reflect voters choices. voters can play a role as well by attending preelection voting machine tests and especially volunteering to serve as poll
5:21 am
workers to see the process firsthand wlchlt it is federal oefdz offering assistance and resources to the states, state and local authorities offering best practices, this cooperation diligence will protect our elections in 2016 and safeguard future elections as well. thank you. i'd be happy to take any questions. >> thank you, mr. becker. doctor? >> chairman smith, ranking member johnson, members of the committee, it's a great honor to speak to you today about our nation's voting systems and the threats they face this november and the steps we might take to mitigate the threats. my name is dan wollach. i've been a professor of computer science at rice university. and my main message is that our election systems face credible cyber threats and it's prudent to adopt contingency plans before november to mitigate these threats. in particular, we've learned that russia may have been behind leaked dnc e-mails for the xprisive purpose of manipulating
5:22 am
our elections. we also learned of attacks on voter registration data bases in arizona and illinois. and that's only the ones we know about. there might be more. we must prepare for the possibility that russia or other sophisticated adversaries will use their cyber skills to attack our elections and they need not attack any county in every date. they can go after battle ground states where a small nudge can have a large impact. the decentralization that we heard about is helpful but it's not sufficient. my number one concern is our voter registration data bases. because they're online. and if an attack kerr damage or destroy the voter registration data bases, they can disenfranchise a significant number of voters leading to long lines and other difficulties. the provisional voting process requires filling out affidavits. it's slow. it takes time. and that wonld work for millions of voters. paperless electronic voting systems and tabulation systems
5:23 am
are also vulnerable. despite not generally being connected to the internet, these systems were unfortunately never efrpg neared with security in mind and expert analysis by myself and others have found unacceptable security issues. our biggest nation state adversaries have the capability to execute attacks against the systems. for example, russia was behind an tack of this kind directed at ukraine's 2014 election where a hacked tabulation system would have reported results favorable to rush yachlt ukrainians were lucky enough to catch this. our options again now and november are largely limited to contingency planning. if wur lue're lucky, we may det attacks before election day but we should prepare now in the same way we make plans for narlg disasters including running drills and exercises and having plans written out and thought through. if, for example, we were to
5:24 am
conclude on election day that our computer systems were unreliable, a contingency plan may to be run the paper ballots and rerun the election the next day. legislation following 2012's hurricane sandy appears for such mitigations. the details vary state to state. between now and november, we should also be aggressive at deploying expert teams to do security audits of relevant networks and systems particularly in battle ground states. if something is hacked, the sooner we know about it, the better. and my understanding is a critical infrastructure designation would allow stace to request assistance from the federal government in this role. we must also plan for the next few years after november's election is complete. roughly one-third, i also heard a quarter, i'm not sure the real number, a third of voters will use aging electronic voting systems with proven insecure designs. some new hybrid voting system designs with electronic user interfaces are being designed by los angeles county, california,
5:25 am
and travis county, that's austin, texas. these are the potential to substantially reduce costs and improve the security of our elections. if we do nothing, keeping our aging systems in service holds our elections at risk. as a quick note, our immediate future should not include internet voting. it is hard enough to protect the online systems that we already have. moving additional voters online increases risks. traditional hand marked paper ballots and the new hybrid systems from los angeles and austin are our best paths forward. as don rumsfeld said, you go to war with the army you have, not the army you might want or wish to have at a later time. we face a similar situation this november with our systems for voter registration, casting and tabulation. none of them are ready to rebuff attacks from our nation state adversaries nor can we replace them in time to make a difference. we can pursue a number of
5:26 am
pragmatic steps such as verifying the integrity of the backups and make contingency plans for how we may respond if and when we do detect election attacks. if we can determine that tampering within an election voting system did take place, we should have plans in place to print paper ballots or otherwise keep the election going. the sooner we can create and agree on the plans, the more resill yenlt our elections will be to foreign tavenlgt even if nothing goes wrong, and all this turned out to be nothing but hot air, we should treat these events as a warning with modest investment we can improve our practices and replace insecure equipment, defeating future attacks like this before they ever get off the ground. thank you. >> thank you. and now recognize myself for questions and dr. wallach, the first one is for you. you raised a lot of interesting issues. i guess my question is where do you think our election systems are the most vulnerable? what are the one or two areas that we need to guard against?
5:27 am
>> i believe my top concern is the voter registration systems because they are generally online. and if it's online, it's accessible from the internet and if it's accessible from the internet, it's accessible from the state adversaries. if you can either selectively or entirely delete people who you would rather not vote, the current provisional voting system cannot scale to support a large number of voters who are filling out affidavits and following that process. my second concern is the vote tabulation systems. generally speaking, these tend to be old computers running old operating systems and some cases windows 2000 where security patches are not even available from the vendor anymore. and that means that there are significant vulnerabilities where attacking a single point could result in an interesting result. >> okay. thank you. by the way, when i hear you all recommend paper ballots, i wince a little bit. those are -- those of us from texas have sometimes read about
5:28 am
what happened in 1950s where a ballot box was stuffed with paper ballots and it changed outcome of a senate race and perhaps elected the next president. i sometimes worry about paper ballots as well. let me address a question to all the panelists here today. we heard about the vulnerabilities. let me ask you to rate on a scale of one to five with five being the most vulnerable, the most at risk, where you think we stand both in this election and let's take the long view, this election and the next election. how vulnerable are we to being hacked not necessarily successfully hacked but how likely is it that there will be attempts to interfere in our election process by foreign countries? this election or the next? again, one to five with five being the greatest risk. >> it's a little hard for me to answer that question because it involves intent of bad people.
5:29 am
i don't have any background to be able to determine the level of intent. >> let's assume then that how likely is it that there would be intentional attempted hacking in the next two elections? >> if you want to -- >> it's not unreasonable to imagine attempts. in fact, as others have testified, there have been a couple of attempts to hack into vote are registration systems currently. i think most cios will tell you at most organizations will tell that you there's a sort of constant current of probing of their it systems. and so with respect to voter registration, i would say the possibility that an attempt could be made is not out of the question. with respect to the voter -- >> maybe i should say likely or unlikely. would you consider that?
5:30 am
easier way to describe it or not? >> it is still difficult for me to answer that question. i would say -- put it in between. i can't say it's likely. but i can't rule it out either. >> okay. thank you. second shedler? [ inaudible ] >> -- registration side of it as evidenced by the two states that have had a problem. one of which i -- if i want to understand the code was giving and the other one was detected immediately. i'd probably give it around a three. on the election day, 1 1/2 or two. >> okay. g thank you. >> mr. becker? >> yeah, i agree. i think -- i think it's not out of the realm of possibility that there will be an attempted hack before the election or sometime, any time as there was with the voter registration dat what ya bases. i think the chance that would be successful is down below 2%. i think vigilence is important. but it appears that primary goal here is to disrupt confidence in the election rather than
5:31 am
actually manipulate election results. >> so likely attempt, unlikely success? >> correct. >> okay. doctor? >> so in the cybersecurity lingo we often have the phrase advanced persistent threat that we use as a way of talking about nation state adversaries who have patients and skills and take the time and might do something years in advance. it's often the case that adversaries are present in very secure and highly protected networks for months before they're detected. so trying to rank the vulnerabilities, i'm going to rank them relative to access. i think our voter registration systems are most accessible so i'm most worried about them. i'm second airily concerned about the tap lags systems and then i'm concerned about the voting systems themselves particularly the paperless electronic ones. it's very hard for remote internet attacker to overwrite printed paper. >> okay, final quick question. what more should the administration be doing to protect us from foreign
5:32 am
countries attempted hacking of our election systems? anybody? >> i think the short answer is providi providing availability teams to do network monitoring and other appropriate tasks to just go looking for it. >> okay.we should be looking more long term to improve the state's machinery of equipment at this time. i do want to make one comment as far as homeland security we already have that through the fbi and homeland security and ask you don't have to be a critical infrastructure to get the service. >> i take all concerns with
5:33 am
cybersecurity and elections very seriously. at the same time we face many other challenges to ensure every vote counts if we count both. some of the challenges are the direct result of human action related to older technology and as we have seen in the past even face risks from natural events such as major storms. i would like each of you to comment on how you would rate the current cybersecurity risk in the upcoming election as it relates to other issues. >> from my perspective, my entire orientation and of my organization it is looking at the cybersecurity risks and threats and so all of the other things you've talked about our outside of our purview with one exception which is the contingency planning that the
5:34 am
state and other jurisdictions and local jurisdictions are encouraged to do under the voluntary system guidelines can also protect against these other kinds of natural disasters and other things you've referenced. >> i would put at risk again as i indicated on election day very low for the same reason no state is on the internet. i find it difficult to hack something that isn't on the internet. all the machines, none of them are linked together. there are separate cartridges so they are independent. my bigger concern would be something of a physical nature, a physical threat that would be something much more difficult to deal with and i would put that at a very high number. but as far as cyber attack other
5:35 am
than what's occurring on a sidee side again there's been no change. that was more of a data collection attempts. i know in louisiana if you go to the online registration state if you went into my system to change the party affiliation you may think that you are accessing my entire system but you're not. you are a silo and a person behind the scenes drags out the information in the local register and puts it in the public eye or the registration so if someone hacked you get for the money hack you it wouldn't get the entire. >> i agree i think as noted, the officials are on high alert not just for this but for every election and in many states if it's tuesday is election day because there are so many. not only are they trying to make
5:36 am
sure the security and systems are in place and the process as a whole is secure but they are doing a good job probably better than ever before balancing that with access to all eligible voters to make sure that they have a good experience. so whether it is more people having access to the ways to vote, more people having easy access to the information like the vote act in louisiana and other states were more than before having access to early voting options i think officials around the country both democrats and republicans are doing a good job probably better than ever before balancing out the security concerns. >> at the end of the day, we need to worry about every problem. we have to worry about hurricanes, earthquakes and cyber issues and have plans in place to deal with them all. the interesting thing is if you have plans in place for an earthquake the earthquake
5:37 am
doesn't really care if you haveu have plans in place for cyber if your adversary knows it isn't going to work then they are not going to bother. so i think it's important to do the planning and forward thinking to make this not be a problem in the future. >> thank you very much. another quick question, we would all agree that making it easier to participate in the democratic process should be a priority. registering to vote and casting a vote shouldn't be an extra burden. for those that can't leave their homes were people with three jobs and a family of caregivers, how do we balance the efforts to make voting more accessible with the necessity of having secure elections? >> i would like to take a slightly different attack. we work with the election
5:38 am
assistance commission on accessibility and usability issues with regards to the voting systems so that people who have physical disabilities, whether it is vision impairment or mobility or other things do have access to voting systems that they can also use, and one of the advantages of the electronic voting systems is that we can improve over paper and pencil for example. >> first off, we do have early voting. we all remember the days that is no longer the case across the united states and we do have easy accessibility through nursing home programs and compliance with visually
5:39 am
impaired and the like. so i think there's been tremendous improvements made into the voting is probably easier today than it's ever be been. >> thanks to the efforts of the officials around the country and the election assistance commission and many others voting is easier today than it ever has been before. more people have access to the options and many including louisiana joined the information center which allows them to keep their data up to date and has resulted in registering about almost a million new voters and more people have access to the information where they can voted by mail or the early. that trend has been remarkable and i think we are going to see the benefits of it as it expands in many years to come. >> we have heard about early voting and election voting
5:40 am
centers. in austin texas, every precinct can handle any voter from the whole county. they did that because of redistricting to avoid chaos but it has an interesting benefit you can both near where you work then your home so there's a lot of opportunity for creative expansion of capability to vote without making radical changes in how we vote. >> thank you mr. chairman. >> the gentleman from california is recognized for his questions. >> thank you for holding this hearing i didn't expect that it would be as interesting as it's been. let me start with one question getting a sense of information on the one issue and then the
5:41 am
broad issue of whether or not the integrity of the voting process and system will be maintained is vital to the nature of the country and it goes to the heart of whether or not we are who we say we are if we don't have a process that has integrity, we don't have an election process. first let me ask you this. how many examples do we have where they've hacked into our elections from? >> i know of none and could be quitto bequite honest with you a question to secretary johnson, homeland security is therhomelan imminent threat known and his answer was no. that made several news agencies. so i know a zero.
5:42 am
i had a request from a russian embassy and i would suggest to you if i allowed that i would be run out of office but that is in the conversatioisn'tthe convers. but i know of zero. >> the nature of the threat is they don't want you to see them there. we can't assume if we haven't seen them that they are absent. we do know that we have established the motive on the e-mail server it is a motive that shows they did it for partisan purposes. when you combine -- >> what are the examples you just gave? >> this was reported in the press that they allegedly hacked the e-mail server with the intent of releasing for partisan purposes. >> that's not the election
5:43 am
process but it's an entity that is involved so they have the capability of getting into the various. but actually in the election process we have no examples of them hacking into the system and compromising the integrity of any specifics. >> the only example i am aware of happened in ukraine in 2014. >> we have seen the article after article about how russia is compromising the integrity of our system. and the panelists say that is false just to note. for those of us that -- we want the country to be safe but we also don't want to continually vilify russia and turned them into the bad guys. if we have i an integrity in the system i think we have to look
5:44 am
at how for some of these real threats to the integrity of the voting system and whether that is to say it's the old-fashioned way of -- the licensing has been around for a long time and we should be insisting on making sure we don't have people voting who are not eligible to vote because perhaps they are not citizens or they are here illegally. we have people who are trying to suggest we don't even have any real demands whether they are here or actually who they are they say they are when they go to vote. so we have a challenge to make sure the system is safe from being defrauded because the people of the united states, their ballots are being negated
5:45 am
by every other ballots that's cast by someone who doesn't have the right to vote. with that said, we did come to and this whole issue back in 2002 with the help america vote act. and just very quickly because my time is running out, that's been around now since 2002. congress passed the act specifically aiming to protect the integrity of the system. is our system now more or less at risk from cyber attacks due to this legislation, and very quickly if we could have the panel answer that. >> i think the legislation has improved our focus on security issues associated in the voting system. my organization has been working
5:46 am
with the commission for 14 years to provide the best guidance possible to the states and municipalities. >> i would certainly echo that comment and if you would allow me just to claw back on the previous comment, the whole russia argument has actually accomplished i think even if they are not trying we would have done it for them quite frankly. >> i agree i think the help america vote act has helped improve security but even more importantly, what we have learned since has help improve the act and i think the 2016 e. election will be one of the most secure that we have seen in recent memory that there is no question based on what we are talking about here and the conversations we are having they will be even more secure. >> how did the help desk get rid
5:47 am
of punch cards and the machines and that is a good thing it was two parties that helped create the eac which then could help improve standards and also helped to fund the purchase of new equipment. the equipment was largely purchased before the effort was in action and i think it would be an excellent thing to revisit to get the equipment up and standards. >> the gentleman from california is recognized. >> it was interesting to listen to my colleague from california inquire about the role of the russians in this election. the focus on the hearing is the voting systems but the question is not limiting to the voting systems and it's pretty clear that the russians have attacked,
5:48 am
have engaged in a cyber attack on the dnc and we have received reports on that i thought it was unfortunate that the republican candidate for president either thought it was a good idea or was making a joke about it. we don't know which, but this is a serious matter what we have been told is not just that the material has been taken but that the pattern is not just to release material but forge material and alter it in an effort to impact outcomes of elections ..
5:49 am
i think that is something we are concerned about but the question isn't really whether the actual vote tabulations could be altered because i don't think that is very likely that whether kiosks could be introduced into the system. that is the goal, the attack on the democratic hardee and i think it may also be the goal of the cyber attack on the state system. what could be done with this voter information? obviously there are backups on the database to walter who can
5:50 am
actually vote but what would happen if e-mails were sent to all of the voters or just the democratic voters telling them the date of the election has been changed or their precinct had been changed? would that create chaos in the system corrects a small percentage of those voters would. an e-mail missive by seeing them i do think that there is a vulnerability in the overseeing system. i remember we had a hearing talking about our lack of concern, a lack of concern that the electoral systems professionals had about e-mailing the ballot to these voters provided that the ballot itself was mailed in. the more we think about it, with
5:51 am
these hackings if you alter the ballot on the e-mail that you would again create chaos in the electoral system so i think that's really the goal here, is not necessarily to impact the tabulation although there may be efforts to do it, but to create long lines and people in the wrong places to create chaos and to attack the base and the confidence that the american people have and they are election systems, to long lines at and all sorts of mischief. i do think that to downplay the role that the russians have had in this is a huge mistake when you take a look at what they did to the dnc and the dccc and i will just close with this. i do think that it's been disappointing, the reactions have been disappointing, that if you attack one of the major
5:52 am
political parties somehow that's okay if it could be to your advantage. i like to think if the russians had attacked the republican national committee, the democrats would be as outraged as republicans because it's an attack on the merrick. it's not an attack on the party and the fact that there hasn't been outrage expressed at all levels of both parties about the effort of the russians disrupt this election is a sad commentary on the leaders of that party and also is very chilling when you think about what just happened. i see that my time has expired. i yield back to the chairman. sprey thank you ms. lofgren and the republican from louisiana.
5:53 am
>> secretary web in your opinion is the integrity and the security of the voting systems being the past president of the secretaries of states. you have i think some knowledge of the subject. do you think it's good, bad, average? >> congressman i would say it could. we did a survey before this hearing and begun a response and i think 19 to 20 states to try to ascertain that. aside from my knowledge of observing and i don't say i'm an expert but there's a lot of differences in the states and that's what makes it so unique that i feel very comfortable again in the representative from california just stepped out. keep in mind the democratic national convention, the component that was hacked was the campaign site. each and every one of us, all of
5:54 am
you have used a campaign commercial list to determine and the walk list in the neighborhood or whoever it might be. those are readily accessible. if you knew me well enough i might give it to you but the point being that is vastly different than the registration component and certainly vastly different than the election day component of equipment. so i think you have to understand that forefront to get into the subject. there's no one minimizing with happened at the them accredit national convention. i know i haven't and my colleagues and that makes no difference if you are red state, blue state or purple state but the bottom line is maybe it's just our knowledge of the system that gives us this feeling of somewhat overconfidence because i think this is a good ring that we are going through.
5:55 am
but we all remember the year 2000 when the world was going to end at one second after midnight. i'm still using batteries that my wife filed for that event. that does not mean that we did not have reason to believe with studies that we should have been prepared. we went through that gyration and when the school board goes out on the football game, if you were sitting in the stands you know what's going on and guess what? there are other people keeping track of those statistics at the same time. it's the same with the election system. if one component goes down we have various components that come in. it doesn't create a nuclear war and i can't speak to what happens in the ukraine. i can only speak to what happens in the united states and i will tell you the election systems in the united states just like many other things in this country in spite of maybe what we think is the best system in the world. is it foolproof?
5:56 am
absolutely not and i would also tell you there's no such thing as a perfect election. anybody who tells you that doesn't know what they are talking about because anytime you have 10,000 machines that play and 15,000 people from 65 things are going to happen. that's how you handle it then that's how you documented and move forward. so i'm very confident in it with the caution lights on. there's no disrespect to anyone who believes otherwise. we are looking at it. it has forced us to do so but i'm deeply concerned that i can speak to my democratic colleagues and my republican colleagues that have been on conference calls over the last several weeks of this issue. we are in unison. this is the worst situation we could be talking about as we enter this election. we are going through chaotic election process where voters are more disgruntled than ever
5:57 am
and we are adding to that dispensation. participation. in a very negative fashion and i feel very confident in saying i speak for all of my colleagues that we are deeply concerned with the rhetoric going on right now from the national press and we are not trying to minimize it. we are doublechecking but there's little that could be done in eight weeks. we just need to stay the course and have confidence in what we are doing and again i'm very confident that on november 9 you are going to wake up and you are going have unofficial results of who won the president of the united states. keep in mind it's unofficial. we go through that audit in every county, every parish, every state postelection with the official and you go to your electoral college. >> thank you mr. ibrahim --
5:58 am
abraham. >> thank you mr. chairman thank you all for your testimony. mr. said to you emphasize that voters should feel confident in our voting system and they certainly have heard a lot of messages about the importance of that confidence here today and how it will lead to greater participation and certainly that's good for democracy. i think just getting information out to the public with the voting machines themselves are not connected to the internet is going to hell. there's a misconception about that. i am from oregon and we all vote by mail in oregon. we have done that for more than a decade. the very secure processor that also makes it very easy for oregonians to vote. the secretary of state's office mails paper ballots to each and every registered voter couple of weeks before the election along with the voter pamphlet with the information about the candidates and initiatives on the ballot so they have plenty of time to not only studied the issues that
5:59 am
fill out their ballots and get them and to be tallied by the local election offices. there are privacy and secure measures each step of the way. i was a trained election observer years ago and it gave me a lot of confidence to see each step of the way in to watch that tally happen at the elections office. so i wanted to ask you a little bit about are there lessons to be learned from a state like oregon that does use boat i'd mail and paper ballots for everyone and with a focus on the two different issues. there's a voting record and then there is what happens with the ballot and that tally at the voting machine. if you want to talk a little bit about those lessons that can be learned from that system and then i also want to ask i know this is concentrated work in development for the voting machines that you are now i understand working to identify systems dealing with the voter registration system. and before you respond both of you i know that her wallace mentioned something about the
6:00 am
possibility of a select the disenfranchising of voters by deleting them from the database. it's really easy in oregon to check whether they are still the database and getting the ballot early means there would be an early notice that maybe there was a problem assuming somebody did get through a very secure system. >> thank you. oregon and washington have that mail balloting in their states and there are lessons that other states are learning from that. not every state has the same and other states of rich different decisions about their population and that's entirely appropriate that states like california and arizona and some other western states offer the option of becoming a permanent male voter which you have to check a box and after that you receive the ballot for re-election. colorado has experienced and california passed a summer bill that is a hybrid of sorts that


info Stream Only

Uploaded by TV Archive on