Skip to main content

tv   Election Security Preparedness  CSPAN  June 25, 2018 11:14am-1:03pm EDT

11:14 am
today, a discussion on the upcoming presidential election in mexico. we will hear from scholars about the possible outcomes in the major issues facing the candidates. that is live from the wilson center at 1:00 p.m. eastern here on c-span2. >> this week the c-span bus travels to juneau, alaska as part of our 50 capitals to work with help of our cable partners gci. the bus continues the trip across alaska by ferry to the city ahead of our stop in their banks. be sure to join us when we will feature our visit to alaska. watch alaska weekend on c-span, c-span .org or listen on the c-span radio app.
11:15 am
>> next, a look at the security preparations ahead of the 2018 midterm elections. the senate hearing included testimony from state and local officials from missouri, minnesota and illinois. they talked about their efforts to protect election info structure. there was also testimony from a cyber security advisor from the homeland security department. this is just under two hours. >> the committee on rules and administration will come to order. i'm glad our witnesses are here and you had the patience we need to today to get to votes done on the floor particularly grateful that my fellow missourians are here. secretary of state jay ashcroft and the next panel is county clerk from my home county and both of them have not held the job that i once held so it's
11:16 am
particularly good to see you here and the rest of you on the panel. as we begin our review of federal elections senator klobuchar and i are in agreement that the best point is to start with you. the best starting point is start with state and local officials who, through the history of the country, have been responsible for election administration and they are responsible to people who choose them to do their job. clearly, elections are the keystone of democracy and they are dependent on the county officials or election directors of secretaries of state and many others they are dependent on how to volunteer at their polling place. during the 2016 election cycle state and local election officials were tested and like they had not been before by cyber attacks and we anticipate that these attempts will
11:17 am
continue and attempt to interfere with the process will continue. we want to make sure that we are doing a we can to help you support these attempts. the state and local governments need access to timely and actionable information and technical assistance when they need it. of our goals is to find out more about the information sharing that is occurring between federal, state and local officials and were more about your concerns and your thoughts on that. in 2070 the department of homeland security designated our countries election info structure to be critical in the structure and this designation began the formalization of information sharing and collaboration among state, local and federal governments through the creation of a government coordinating council. some of our witnesses today have already been on the newly formed counsel. more recently in the 2018 on the bus congress appropriated
11:18 am
$380 million to the us election assistance commission to help states enhance their election info structure. as of this week, 38 states have requested $250 millio of that money and about 150 million of it is already been disbursed to the states. finally the attempts to influence the 2016 elections have spurred many calls for additional laws and i remain open to learning more about where those gaps are and how we approach those gaps in a way that continues to let local officials do their job to be sure there is maximum confidence in what happens on election day. glad all of you are here and certainly it is a pleasure for senator klobuchar and i to work together on this and for me to work with her. we have had a long history of working together but just this year starting to be the top ten
11:19 am
individuals on this committee and senator klobuchar, i reckon as you for your opening statement. >> thank you very much, chairman plant. this committee jurisdiction is clear and we have jurisdiction over federal elections and obviously, there's been a lot of committees looking into this issue as part of investigations including judiciary on which i serve. in the end, we want to get someone on and make changes i think it is important that this committee way in and the bills will be going through this committee. according to the department of homeland security 21 states election systems were attempted to be hacked into by foreign countries and that would be russia and this was established by the intelligence hedge under president obama but also by the intelligent heads in sworn testimony under president trump and, i think, it was former
11:20 am
senator coates, now the director of intelligence of our country that sd he believes that they will get bolder in the next elections. i don't think we need to get more direct than that to know that we must act in the secretary of state pompeo said when he was cia director that he has quote, every expectation and quote that russia will target the us midterm elections. those are the facts from our forces and rather than just admire the problem we have to look at what we can do to make things better. one of the things that we have done and i appreciate the input from the secretary of state including my own who is here, thank you, i will note that minnesota has highest election turnout in the country nearly every year including last year. excuse me, illinois -- and so, we are continuing that record a
11:21 am
lot of that is the election laws we have in place from the same date registration and other things that made it possible but are subject today is how to protect our elections and how to make them more secure with the facts that we have that we allow our state election officials to get information in real time about taxes across the country because hack us once, shame on them, hackers twice, shame on us. if we don't do anything about it because we know it happened and it will happen again. in illinois they got as close as the voter data information. so, we have a bill, senator langford and i along with senator harris and graham and warner and for and heinrich and collins called the secure election act and we have been working to make changes and introduce it as amendments but it does four things. first of all, it improves information sharing between
11:22 am
local election officials, cyber security, experts and national security personnel. second, providing for the development and maintenance of cyber security best practices. we all know that there are five states that don't have backup paper ballots and there's something like nine more that have partial backup paper ballots and while we are not mandating what each state does and we do not want each state to have the exact same election equipment we think that would be a problem and it could potentially lend itself to more break-ins. we think it is important that we have some floor and standards that given what we know i don't think we be doing our democracy any good if we did not sure that we did not put in some floors. third, the bill will promote better auditing. our pick up after system which i
11:23 am
mentioned and finally, focus on providing the election officials with much-needed resources. as you know, we will able to get $380 million to be immediately distributed to the state, not play money, but money going out right now to states across the country based on population and we do not have some complicated grant process that would of slowed things down and the money went directly to state election officials as long as the state legislator authorizes it to get accepted and gets to work to update their systems. that is what we've been focused on want to thank you for your involvement and we think we know what the facts are in the evidence and i will end with this and a reminder of what is at stake. in 1923 years before sputnik and the internet joseph stalin, then general secretary of the soviet
11:24 am
communist, was asked about a vote in the central committee of his party. stalin was unconcerned about the vote. after all, he explained that who voted was completely unimportant. what was extraordinarily important, he said, was who would count the votes. now 95 years later those words echo in this room as we realize that this country, the leader of this country, but american was once again trying to influence who counts about how the votes counted by having to hack into our systems. we cannot have that happen and i don't care for democrat, republican, i don't care who you are for in the presidential race or who you are for in the senate races but this is about the integrity of our democracy. thank you, senator blunt. >> thank you, senator klobuchar. i want to thank the witnesses again for joining us to gate.
11:25 am
unfortunately, the weather and airplane delays made it impossible for some to join us. we have your comments for the records so you can use as much or as little as that is you want to and we will have it for the record, no matter what. secretary, we are glad you are here and eager for you to start. >> thank you, chairman blunt, ranking member klobuchar, district committee members for the opportunity to join you today for this important discussion regarding the security of our elections. my name is mentioned and is my distinct privilege and honor to serve as the 40 sector estate the great people of the state of missouri. as was noted, this is an office administered at one time or the chairman of this committee. i decided to unprotected estate because my four children. my goal was to ensure that their voices and those of future
11:26 am
generations would continue to be heard at the ballot box. the priorities of my campaign was to an legislation not increase the security of our votes and every registered vote, if you are registered, you can go. your vote will count. elections are the bedrock of our democratic republic. they are how we the people consent to be governed. the integrity of these elections is of the utmost importance. everyday when i go to my office in jefferson city and i know my fellow election officials across this country share that same concern and dedication. i welcome today's conversation to talk about election security preparations but before we move forward we should briefly look back to the impetus of why we are here today. allegations that outside actors threaten the integrity of our election during the 2016
11:27 am
election cycle. these allegations are important to understand that after two years of investigation there is no credible and i could strike credible and just put evidence there is no evidence that these incidences caused a single vote or a single voter registration to be improperly altered in the 2016 election cycle. it was not our votes or our election systems that were hacked. it was the people's perception of our elections. secondly, every reported cyber incident in 2016 involving state election systems was first detected by state election authorities, not the federal government. in each case election authorities brought the incident to the attention of federal authorities, not the other way around. this is not to say that our elections are perfect and there is no flaw or unlawful corruptions of votes or vote totals but the evidence indicates that voter fraud is an exponentially greater threat than hacking of our election
11:28 am
equipment. while before elections, [inaudible] there was race for the missouri house in missouri that was decided by one vote. yes, one vote. election authorities conclusively determined in an election there were two voters who also happen to be family members of the victorious candidate who voted illegally. despite the fact that the candidates role admitted in a court of law and pled guilty to illegal voting their nephew now serves in a missouri legislator. consequently, any meaningful enhancement to election security must take the conference of approach to ensure that every legal and registered voter is allowed to vote and if the vote is not deluded by any voter fraud, malfeasance or ineptitude. moreover, we must avoid knee-jerk reactions that would give voters a false sense of security. steps must be taken to improve the communication between agencies regarding cyber threats election security. states have and will continue to
11:29 am
work with federal agencies regarding list of new legislation. however, any new mandates must remedy the failure of federal agencies to communicate and work with local election authorities. since 2012 the national association of secretary of state has passed times a resolution calling on the federal government to meet its statutory obligations to share information with state election officials. while we wish to continue to work in partnership with federal agencies and one way to done that is states have teamed up in september by having a national election security summit in st. louis missouri and we have requested [inaudible] including the secretary of dhs estate officials, vendors, technology experts and local election officials get together to improve processes and let people know elections are secure.
11:30 am
as important as information sharing is there are other ways beyond information sharing. state election official should remain in control of elections. i learned that winning an election does not make election expert any more than watching a fourth of july celebration makes you a rocket scientist. by noting an irony that just over ten years ago similar individuals were here in washington dc explaining what happened in a federal election. we were told that the answer was to go electronic and put it on computer and now we're back again. with the utmost respect i will continue to work in local elections and work with the federal government at the level but the expertise is required. >> good morning, chairman blunt, ranking member klobuchar and distinctive numbers of the
11:31 am
committee. my name is jim and i am vermont's 38 secretary of state and also the president-elect of the nonpartisan national association of sectors estate. in addition i also serve as a member of the department of homeland security election info structure subsector government cordoning counsel, dis --dash gdc. i will become the new president and i have every intention of continuing the positive work current president of indiana and those who served before here nasa is fortunate to have had in had leaders and outstanding leaders and i'm proud of this association. thank you for the chance to appear and to address what is happening at the national level. work specific to vermont and my [inaudible] state and local
11:32 am
election officials and federal government have worked very hard to create a productive relationship since a critical infrastructure designation for election systems and generate 2017 as you may know nasa and its members raise many questions about the federal overreach into the end ministration of elections and clearly clearly a lake in local and state responsibly. we remain vigilant about federal overreach we work together to ensure that it functions in an effective way. thus we have chosen to improve the medications between the state and federal government and achieve our shared goals. in particular, we've utilized the infrastructure sub [inaudible] to open comedic
11:33 am
asian channels and guide future collaborative election security endeavors. as i transition i will take the place on the executive committee of the gcc. it's my objective to continue his vital work. [inaudible] i would like to thank you and your colleagues for appropriating the remains of help america vote act two states in the recent omnibus bill. it will go a long way to help states strengthen and improve their election systems. our upgrades will be an ongoing challenge for the federal funding received will be regrettably insufficient to do all that we want or need. however, we are grateful for the federal funds that are provided at this time. in vermont, we requested our 3 million-dollar grant of the dollars of the us elections commission and the eac has
11:34 am
provided this in a very quick way and it is within three or five days of receiving our application they get the money to us. i want to thank them publicly for providing a simple and quick method of getting that money to us. in regards to specific plans our office in vermont plans to implement to the 2018 primary to factor of 400 authentication to access our lectures management system. we've conducted an additional round of agitation by the independent vendor the spring that will do so at regular intervals going forward. will follow the 2018 general election and every general election going forward with the robust audit of our election results using state-of-the-art auditing technology.
11:35 am
this plan is in addition to what we currently are already doing three mandatory election trainings with municipal courts, pulling the cyber summit which renamed the vending our democracy and we convened state and local partners to inform vermont of our effort and build confidence in the integrity and partners included the department of homeland security, msi tech and from the internet security and homeland security department of public safety and of course, our town clerks. some of the acknowledged best practices that vermont is using includes paper ballots, no internet, daily backup of our voter registration systems and daily monitoring of traffic to our site and blacklisting of known problems and periodic [inaudible] it will end by thinking this committee again for inviting me and my peers to testify and for giving me the
11:36 am
opportunity to speak about this important matter on behalf of vermont. and the court to answering your questions. >> secretary simon. >> thank you, chairman blunt, ranking member klobuchar. i appreciate the opportunity to be here today. in my judgment election security in general and cyber security in particular poses the number one threat to the integrity of our elections both nationwide and in the state of minnesota. i've been on this job for three half years and i could asked once in a while whether it's at a family gathering or someone i bump into on the street what is your biggest surprise in the job. you've been there for a while now and what is it? my answer is always the same. my biggest surprise a certificate is the extent to which my time and energy and focus is spent on the cyber security issue or election security issue in general. it is something that came up to
11:37 am
some people's minds suddenly and it was a big wake-up call and that is not a essential part of the job. the good news is that in 2016 minnesota passed the test and we engaged a lot of different partners including our partners the state and local levels including looking for outside eyes and ears to cast our systems and so we passed the test and we kept out the folks were trying to get in. from our vantage point we don't care who it is. we don't care if it is russia or another foreign government or nongovernment or the guy next door we don't care what the politics are, we don't care what candidate they support or not. this is not about democrats or aliens but about us as americans. we passed this test which is great but we know we found out after the election that minnesota was one of the 21 states targeted by that was the
11:38 am
exact phrase that the department of homeland security used in briefing us and letting us know about that threat. we know we have to be vigilant and now we have a lot more information. the good news here is that the glass is half full is that minnesota and i believe every other state is a far better position now going into the selection that we were going into the last election even though we pass the test in the last election. as senator klobuchar alluded to, minnesota is probably old-school and we have paper ballots and that's the bedrock of our system. it is hard to hack paper and although there are electronic components further on down the line we feel that we have it wellin hand as well as state laws and some of the resources we need to attack the things. second, we think we have benefited from the critical and structure designation from the department of homeland security in terms of expertise and in terms of value added in terms of a good partnership after a rocky start. with those folks from the department of homeland security, it is good as well. dhs has put together a
11:39 am
government coordinating council and although that is good i think it could be even better than it is right now. finally, we have the tension of not only you and your colleagues in congress but at the national and local media and that is very good. in minnesota and i never miss an opportunity to brag about my state we are number one and 74.7% of registered voters are eligible voters, i should say, voted in the last election and were proud of that. it means that it hits particularly close to home for us in minnesota. we appreciate the federal partnership that we have received so far and i want to say once again i want to thank everyone including senator klobuchar as part of getting that $380 million and it is critical and crucial and we will plan to use every penny of that
11:40 am
for a good effects. it will go a long way. however, i would respect leah crossed that those in congress -- while we don't want to look a gift horse in the mouth and i am grateful for that money it is expensive and recommendations that we get from the permit plant security all helpful they have a price tag. is not always accounted for and i ask respectively that you consider that a well. on the policy side, i'd be remiss if i didn't put in a word for senator langford and senator klobuchar were advised and i do think that it's a legitimate federal interest. we do have floors, not seals, night micromanagement but some federal that we are talking and not just doing her own thing in her own way and we attain that
11:41 am
[inaudible] if for no other reason than that, i think it is important. i thank you, mr. chair and ranking member klobuchar for your continued efforts and cooperation. we look forward to a robust partnership in the future. >> mr. masterson. >> thank you, chairman blunt, ranking member klobuchar and members of the committee. thank you for today's opportunity to testify regarding the department of homeland security ongoing efforts to assist state and local election officials and those who own and operate systems with improving the resilience of elections across america. for over a decade i worked with state and local officials to advance the use of technology to better serve american voters. the last two years of service the commissioner at the nitrates
11:42 am
election assistance commission working to modernize standards used to test voting systems and provide best practices to help support election officials and since 2016 respond to threats against our nation's election systems. noise serve as senior advisor for dhs focused on the work that apartment is doing to support the thousand election officials across this country and this decade of war i can tell you the absolute best part is working on the professionals seated at the table that administer elections. in the face of real sophisticated threats these officials have responded by working with us, state and local resources in the private sector and academia to mitigate risk and improve the resilience of the process. election security is a national security issue. our mission at dhs is to ensure that the system of the necessary information in support to assess risk and protect, detect and recover from this. the support can come in many forms whether offering no-cost technical assistance or specific threat information we stand
11:43 am
ready to offer support based on needs. through the collective efforts we have already seen significant progress. state and local officials support them and they are at the table working with us. we have created the government coordinating council of private-sector counsel who collaboratively work to share information and share best practices and develop strategies to reduce risk. we have created an election infrastructure with members from all states and hundreds of jurisdictions. the fastest-growing stock structure in info structure. we've increased the availability to free technical assistance across the sector. the offers a variety of services such as cyber security assessment, intrusion detection capabilities and information sharing awareness and response.
11:44 am
progress being made as clear as is evidenced by the testimony of our your today. across the country sector's estate state election directors and local election officials are taking the steps necessary to respond to this new and evolving threat environment. take for example, indiana, in addition to being engaged in value partner with us at dhs she is taken advantage of our information services and increases monitoring capabilities and access controls. in addition there working to better secure their counties through implementation of postelection auditing. this is true across country. with seen firsthand the progress being made at the local level as well. recently under secretary chris within orange county, california where we were briefed on the cyber security playbook. this has more advanced network
11:45 am
monitoring and intrusion detection and the implementation of more robust, official post election to ensure accuracy. this greatly enhanced the resilience of orange county's election system. it publicly committed gets it on the counties work to get voters the information they need to have confidence that the roads will be counted accurately. elections are run by state and localities and across the 50 states and five territories there over 10000 jurisdictions that are responsible for elections. the systems, processes and procedures vary greatly but the local administration of elections empowers voters to engage directly with the process and those who run it. it brings me to my final point. for those voters who have questions or concerns regarding the security or integrity of the process i implore you to get involved and become a poll worker, watch pre-election testing of the systems. check your registration information before elections, engage with their state and
11:46 am
local election officials and most important, go vote. best response to those who wish to undermine faith in our democracy is to participate and to vote. the department will continue to coordinate and support state and local officials to ensure the security of our election infrastructures and cyber actors can come from anywhere internationally or within us borders and we are committed to ensuring a coordinated response from all parts of government to help plan for and mitigate these risks. before i conclude i want to take a moment to thank congress for the legislative [inaudible] specifically, we still miss work the final passage of legislation to create the cyber security and introduction security agency at dhs. this reflects paperwork we carry out everyday on behalf of the american people. i look forward to outlining elections and i look for to your questions.
11:47 am
>> thank you. we will have a five-minute round and if everyone could state but close to that and people have other questions will have another five-minute round. we do have a second panel but want to take a full advantage of this panel. let me ask first the three sectors of state that this is yes, sir no should the federal government be required to share information with jurisdictions that are being impacted by known threats? >> yes. >> yes. >> yes. >> for the three of you again, should it also -- should that include both the state and she state election official as well as the specific jurisdiction? >> i would say yes to that. >> i agree. >> yes. >> mr. masterson, how would you determine, i know one of the things i believe you mentioned in your testimony was you have to have some sense that someone was ready to receive that
11:48 am
information in terms of cyber understanding and threat assessment and how would you accomplish that with all the local election jurisdictions in the country once you see they have a threat? who should you notify? >> so, the goal in the department is to ensure broad notification across the sector which is why we work to create the election info structure information sharing and analysis center so there is an avenue by which threat information and risk information can be shared broadly. engaging with the government coordinating council that it [inaudible] how best to share information down to the states and all the way down to the locals to ensure that they have what they need and it is done in a way they can to get and it is actionable. they can use it to mitigate
11:49 am
threats and sector systems. >> in terms of probably sharing you mean you would also probably share with some information with people who could potentially face this threat and is currently facing a federal not. >> yes, senator. that is correct. that's how we share information within critical infrastructure is to try to boil down the nature of the threat and the information necessary for owners and operators to protect their systems across the sector. >> not sure how clear we are on your view of what elected or appointed local official and what kind of qualification they had to have if any besides having that job for you to share this information with them. >> senator, in order to receive the information from [inaudible] they need to be local election officials or their support staff. the it staff is eligible. we are working within the sector to craft this information sharing such as that executives like the effect have the
11:50 am
information they need to make decisions from the policy and the minister standpoint but that the it officials and the technical folks have the technical information they need to respond and protect the systems. >> is a possible that you would be sharing with the technical official persons something you are not be willing to share with elected officials? no, senator. all information is available to any of election officials. it's a question of who can best use that information to effectively protect the systems. >> on the voter registration side for the secretaries do you have any sense of how many attempts there are to get into that system? surgery assignment mentioned the appropriately that it doesn't really matter who is trying to get in but you don't want them to get in whether it is a local political operator or foreign government or someone who is just seeing if they can get into that system and manipulate it in some way. is that something that often
11:51 am
happens in people are testing the system to see if they can get in question. >> mr. chairman, yes, that is something that is known to happen quite often. again, we did pass the test which is good but those people capable of poking and prodding and the analogies they come to you is imagine a car thief casing a parking lot. maybe he goes there a day or two in a row and he answers traffic patterns and try to figure out is there a way in and that is what goes on in can go on quite frequently in the case of all the states are presented here. but for whatever reason the car thief did not go into the parking lot and we like to think it's because of the great cyber protections but truth be told we might never know the real reason but we were able to keep them out and there are people casing parking lots and it's up to dhs to tell us who they are, and what they've done. with respect to the 26 election we do not know until thomas
11:52 am
"after words" but they're doing a better job everyday that. >> senator, is this a common thing that people are trying to test the systems? >> every day. in talking to my it manager -- our entire operation we would probably receive several thousand scans a day. >> secretary ashcroft? >> i was a 100,000 scans a day and we cannot say which of those are targeted and we cannot treat them all as if they're treated toward elections because of the find one way and they will go from there to elections. we treat them as if they are all attacks. >> i will come back to you on this topic and how do we narrow down which of those should be reported and followed up on and i will now go to senator klobuchar. >> thank you, senator blunt. we are pleased to having the
11:53 am
selection hearing and i will avert my colleagues. i am glad they are here and i'll start with senator durbin. i wasn't kidding that i would defer to you with questions. [laughter] i am pleased you are here having the support hearing. why don't you go first, senator durbin. >> thank you. i was on the senate judiciary committee and chairman of the constitution subcommittee and there was a lot of talk about voter fraud. voter ids. reducing the time he would be allowed to vote so i took the hearing on the road and we went to ohio, cleveland ohio, went to florida and called election officials just like yourself to both parties, republicans and democrats, and answer the following question -- your state just changed voter requirements to require the voters to prove with voter id and to limit the places read about and to limit
11:54 am
the time you can vote and what has been the incidence of voter fraud in ohio, in florida, that allow you to conclude that you had to put these new burdens on voters? the answer was none. none. for the record i would like you to view elected officials to pick ten years and would you report to this committee and if you report to the screening austin years, the votes have been cast in your state and how many people have been convicted of voter fraud in and your state or federal court in the same period of time? i don't know that you will have this on the top of head but here's what i have concluded -- the statement secretary ashcroft that you made is it has to be addressed for the record and here's what he said. voter fraud is an exponentially better threat than hacking, exponentially greater. we tell you what happened in
11:55 am
illinois because we blew the whistle. we are one of 21 states hacked by the russians and they got into our voter file and someone left a wormhole in there and they got into the voter file. they had the capacity and think good they did not use it but they could have changed a digit on each of our addresses and make a chaotic situation in the polling place for people to adapt about. resulting in hundreds of thousands of ballots and i'm not sure how that would've ended but they did not do it. the goodness they did not. but that was there and i could count on both hands the cases of voter fraud in the state of illinois in the last several election cycles and the convictions are even fewer. when it comes to this it is exponentially greater threat to our voting system then voter fraud and exponentially and i don't want to say that but i hope that we are ready because we put thank you for the 380 million -- that is good.
11:56 am
we have 13 million in illinois and i wish we had got more. in 2002, we produced ten times that amount, $3.8 billion to modernize our voting system and i think the russians are after us again. i hope i am wrong. i think other countries are after us again and if we spend all the time worrying about making it more difficult for honest american citizens to vote instead of worrying about what the russians and others will do to invade our election systems, shame on us. i hope that we take this seriously i hope that all the states have a paper trail. ours does, thank goodness, and i hope every other state does but if i don't and i hope they will do just that. secretary, interstate minnesota what will you use the funds for? >> well, thank you senator durbin. we will use the klobuchar funds
11:57 am
to use the one and a half-million of a 6.6 million to redo what is called our state wide voter registration system which goes by other names and other states but it's a primary database the very one that unfortunately in illinois suffered a breach in the very one that most of the 21 states that i am aware of was the intended target. >> what you told me was that -- what happened? you said we left a little opening but we did not realize it was there and they got in the wormhole and they were in our system and they had the capacity and there's no evidence they changed a single registration or vote so i agree with the witnesses who said that and from an illinois perspective that was true, too. but the potential was there for a dramatic change. did you see the same potential in terms of voter information and the voting process? >> without giving room at -- to
11:58 am
the bad guys i don't want to do that. i think every system has full mobility. we, in tracing, do our very best to successfully make sure we took care of those wormholes and we summoned people to find them and asked for people to probe and poke and pry in find them so we can fix them which we did. as a result, i think we and -- this is what many states have done we had managed to rebuff or to the way those who get in which is good but i like to say this is a race without a finish line. there is no in zone when you get. there is no place to get across. you have to stay one step ahead of the bad guys. and the bad guys get smarter every year and some are funded by foreign governments with virtually unlimited resources. it keeps us awake at night.
11:59 am
>> senator cortez mastro. >> thank you. thank you all for being here. i want to thank you for this important hearing. let me just associate myself with senator durbin's comments initially. i was trait general in nevada and i can tell you i can count on one hand the type of voter fraud that we saw and most importantly we caught it and prosecuted it. this idea that somehow there is widespread voter fraud occurring across this country that needs our immediate attention is false. i think that we need to correct the record and use accurate data but let me open us up to the panel as well. in nevada a majority of the counties are rural and the obviously placing the funerals in conducting elections in the state. the counties don't have the resources the more populous county has like a dedicated it
12:00 pm
support so in your states how have you addressed that unique challenge of election security base by the rural communities? what can we do to help support them? >> thank you, senator. we go directly from the state level to the towns. ... . >> we approached it basically because of the way we are set up. >> senator, in minnesota we have 87 counties. only 9 of the 87 counties have full-time, year round election staff. in most of the counties, which
12:01 pm
are rural, at least non-urban and metropolitan, those folks who win elections also wear many other hats. they do property taxes. they do drainage and ditch work. they do other things and they don't have the luxury of focusing only on elections. so that's where i think, if i may, the federal partnership comes in. it costs money. it takes training. so hennepin county which is minnesota, they may have the resources to erect these kind of defenses. other counties may not be so fortunate. so that's where i think there is a federal role to play with money and resources to make sure everyone in every state, regardless of where they're living or what kind of community they live can ensure that the community is there. >> is that behind the request for additional funds in your statement? >> yes. it was. in part. i mean, i think making sure we have an even playing field no matter where in minnesota is very important. >> okay. thank you.
12:02 pm
anyone else? >> in missouri we have really 116 election authorities. we have some counties that are -- we have counties with roufl -- roughly 2,000 voters. our office works with them. we've had meetings with our directors of elections going around the state to reach out them on new type of security admissions. we're holding a national conference both for secretary of state and for national officials and local election officials on september 110th and 11th. we're putting most of our effort into making sure they have actionable things they can do and the resources to do it. and i would add one other thing. when we passed voter id in missouri, we actually increased accessibility to the ballot. we actually have individualized individuals that would have been turned away that were allowed to vote on the new law. i understand illinois doesn't
12:03 pm
work as well as missouri, but in missouri we can secure our ballots and make sure every registered voter can participate and their voices heard. >> thank you. i think we can also do automatic voter registration and make sure everybody has access to vote. but let me also say i think you need to know this. i work very closely with the election officials. in fact, i think it's true. everybody should volunteer. i volunteered in clark county on the election site when i was assistant county manager. i want to convey the election officials in nevada have told my office that dhs has been great to work with. extremely helpful. generous with their services and knowledge. so thank you for that. i really appreciate it. one of the things they told me, however, and i'm curious if you're hearing this and if this is true. and it's not a negative thing. it's that there's too much information. that they don't have the bandwidth to process the daily dhs updates and have difficulty figuring out what pieces of information are for them and
12:04 pm
establishing priorities and learn the information overload. are you hearing the same thing? >> thank you, senator, for the question. i think this may go to chairman blunt's question as well. we have heard some of that. and part of what we're trying to tackle, you know, as you establish a new sector, this is a new flow of information to election officials is fievending the balance to -- finding the bam to the information and prioritize what they really need to know but ensuring the technical folks or i.t. folks that perhaps need a little more detail and more constant updates have that as well. and so i think we're finding that balance as we work with the government coordinating oun kril and some of the folks at the table to create that tailored information. so we'll get better as we build that relationship and share that information. but, yes, that's something we've heard and we're working to get better at. >> thank you. >> thank you, senator. >> thank you, chairman blunt. and let me just before i ask a couple of questions, we had a
12:05 pm
previous secretary of state by the name of diana duran who made these just widespread accusations about voter fraud. and our state very conscientiously went through thousands and thousands that have been reported. and after review, it came down to several -- i mean, just a handful of unintentional minor errors. there is no -- no one was ever prosecuted. there was never any real fraud that was found. and so i think we need to be fair and very careful. she got wonderful headlines. for weeks there was all this activity. oh, there's fraud. there's fraud. and then when it finally trickled out and everybody reviewed it, there was nothing there. so i want to focus again, secretary ashcroft, on the quote that senator durbin asked you. and the evidence indicates that voter fraud is an exponentially
12:06 pm
greater threat than hacking voter. what independent academic studies back up that claim? >> the senator's own words back it up. because the senator says the allegations showed that there was no votes changed. no registration has changed by hacking. and yet i gave concrete evidence of an election being changed by the fraud. as far as i'm concerned, if the elections are changed by fraud be it individuals overseas, anything that stops the voice of the voting public from being heard and then making a decision, that's a problem. and what i said in my remarks is still true. we should take a comprehensive approach to make sure no votes are changed by fraud, mall fees ans -- mall fees ans, criminal
12:07 pm
ineptitude. we should know every voter's vote counts. >> you didn't ask my question. the statement here exponentially greater threat. so what proof do you have? we're all against fraud. nobody wants fraudulent voting. but what proof, independent studies, to back up your claim? it's exponentially greater and -- >> i will say it as simple as possible. your colleague admitted that no votes were changed. no voter registrations were changed by the alleged hacking. i gave you an concrete example proven by the court of law that individuals pled guilty of changing an election. no one senses the votes being changed. an entire election being changed. that's exactly what i'm speaking to. i don't know how i can make it more clear, sir. >> and this is for all the secretaries here.
12:08 pm
and, mr. masterson, if you have anything to add, i would be happy to hear it. only 59% of states have drawn down their hoba funds. we know that every state's election infrastructure is vulnerable in some way, shape or form. and we also have heard over the years that elections are underfunded. let me ask each of the secretaries have you drawn down your hoba funds? and if not, what is preventing you from doing so. it's a pretty simple answer. i don't need a big lecture on that one. >> the first state to drawdown the hoba fund. >> okay. you've drawn them all down. >> vermont has already drawn down their 3 million. >> mr. simon. >> thank you, we have drawn down our fund. >> do you want more? could you use more? >> if you send it, we will use it, sir. >> same? >> yes. actually what i think what we really need is ongoing -- if you
12:09 pm
want to call it maintenance, cyber security is an evolving science. and it's an evolving practice. and we have continuous needs going forward. >> same. >> i would respond to that. >> thank you. >> and in your conversations with other secretary of state, do you hear reasons why other states aren't drawing down these funds? >> senator, i would say that some of the states have to deal with legislative action that needs to be taken in order to accept federal grants. so some of the states may be required to do that first. or it could be from their administration. the governor's office may have to approve it before it can be drawn down. i think there are other states who are probably trying to plan out what they're going to be doing with the money just before they get the money. >> yeah. mr. ashcroft, do you have a comment on that? >> i would say they did a phenomenal job getting it out
12:10 pm
quickly. if it would have been a week later, we would have ran into problems. >> senator, i just want to make a difference between the initial money. that we have drawn down. the latest chunk what we've been calling the share money, unfortunately because of frankly itical fight in our legislature at the end of the session, we weren't able to get access to that 6.6 million this year. now, that was totally unavoidable outcome and an unfortunate one. we think we'll be okay. the sooner we can get that money, the better. >> thank you for letting me go over a little bit. >> senator. . >> thank you very much. and just to clarify, mr. simon, you will be able to access that money in the future and the governor appears to want our secretary of state's office to get that funding; is that correct? >> that's correct. >> okay. it was just part of a larger fight over something that as you described it was unfortunate. it wasn't about the money. and so you mentioned senator
12:11 pm
simon that the bill strikes the right balance per state. this is a secure elections act. can you expand on this? >> well, i, along with my colleagu colleagues, i think regardless of party, will always emphasize the role of states in administering the elections. and i dare say there's anonymity among secretaries of state. but what i like about the balance that the secure election act is striking, and i know it's a work in progress, is this realization that feelings are not okay. that each if it's just a question of a federal interest in making sure something is done, irrelevant of how the states choose to do it is important. i highlight it in my testimony here the process. the coordinating council is already coming up with communications protocols. and my understanding of the latest version of the secure election act is there's an acknowledgment there that that
12:12 pm
communication can come in many different forms, including and not limited to what they come up with. but the important thing there is communications not just up and down but sideways. local government, state governments, federal governments, maybe some non-federal actors in some situation. i think that alone is a cause for the federal government to assert some interest in making sure that this communication is going on. an election attack in minnesota can, perhaps, be linked to or have very real effects on election in vermont or anywhere else. so i think that communication is important. so i have it as that particular aspect. but i think a recognition of the prime see of the state role and making sure things get done they can choose how the things get done. i think that's the right balance. >> okay. secretary, you mentioned that was a great job at distributing
12:13 pm
the fund and could you comment on the role that eac has done in securing the cyber security. >> certainly. they've been a very valued partner with us they provide information. obviously we have to submit an approved pn to them how we're going to spend the money. and i think -- i may differ from some of my colleagues, but i think that the eac plays an important role in our elections process across this country. and needs to have the resources it needs to operate. and also really badly needs to have congress appoint a full quorum, at least a quorum so that they can -- their board or their commission can actually operate. >> and you mentioned your support of post election audits earlier. can you expand on the importance of conducting audits and how it relates to voter confidence? >> i think that that's extremely
12:14 pm
important for all the -- for the integrity of our elections. we in vermont do use paper billion lo ballots and we do a post election ballot. we do 5% of our towns. and we do 100% of the ballots from that town. 100% of the races on that ballot. so we do a complete audit of that election. we feel that the confidence level that we have with it is close to 100% as you can be. so it's -- post election audit is something that i believe should be something that is included in the secure elections act as it is. >> secretary simon, same question but about paper ballots and how you see them as an advantage. >> it's a huge advantage post 2016. i mean, the fact that minnesota is proudly old school has served us well. and we've seen how many states
12:15 pm
that are -- who were once perhaps sold on the vision of the paperless future are now understanding that, no, paper is good after all and are going in the direction of most of the states in having a paper ballot. it's very hard to hack paper. and although in minnesota the paper is fed into a machine, under state law that cannot, should not and is not connected to the internet. so that's a sen tall part of our system. >> and then you've been able to get results fairly quickly with this system? >> yes. the results can be reported very quickly in the counties and the local governments are outstanding partners in making sure we get that information out. >> okay. i can charge you and then maybe ask two questions. >> no, go on. >> okay. i'm going to focus on some of the things that come out. first of all, i'm not going to go on about voter fraud, but i will note of a decision that came out just yesterday in kansas where a kansas judge struck down kansas's voting rejs
12:16 pm
stration law that -- registration law that they introduced that the secretary had introduced that was very restrictive. and he had made this case that there were -- it was the tip of the iceberg of the people he had found who had somehow fraudulently voted. and the judge here looked at all of the evidence and found that it was a very small number and said that there was, in fact, no iceberg. this is their words. only an icicle largely created by confusion. and this is a very thorough review of this. and this is based on my own experience as the county attorney in minnesota's biggest county where we had to review cases that were referred to us from the secretary of state. and i had a full-time investigator. this is right on the front line looking at these i would echo these remarks. because i remember specific
12:17 pm
cases, handful of cases people referred to. the couple who the voting line went right through the school board and to their house and that meant each could vote in two elections. and then they asked me where they were supposed to vote, and we did research and said it was where they sleep. and then the wife called back and said what if we slept in separate beds on two sides of the line. i don't -- i mean, this is serious stuff. but the kind of cases i saw, and we did prosecute a few, they said the republican wouldn't have a vote in minneapolis so he decided to vote twice. told that to the investigator. but those were so rare. and most of the cases were a dad and a son with the same last name and same first name and it was confusing. so they had a total legal right to vote. so i do want to remember this decision, which really encapsulates what we've seen in these studies all across the country. and that our efforts should be
12:18 pm
much more on trying to get people to vote, which secretary o of states are in such unique positions to do to encourage them to vote. to get the numbers up. don't want iowa to beat us in voter turnout or we don't want wisconsin to beat us. but that is what we should be doing and not -- and be honest about what's going on here with these numbers. and then the other thing we have to be honest about is not that the votes would change in the last election, but they tried and they tried hard and they got into the illinois data bank and those kind of things and they tried in 21 states. and when our own intelligence people under president trump are telling us that russia is emboldened, are telling us that we're at risk, i think we have to pay attention to it. and i appreciate and that's why we're having this hearing. so my question of the panel, just say yes or no, the 2018 primary already happening across the country, general election 139 days away. you're on the front lines.
12:19 pm
confirm yes or no do you see elections are a potential target and do you see this as a priority? >> it's already a priority to us and we're already securing things. >> do you see election security. >> i think that's a very big topic and we have been working quite a while. >> simply put yes. >> yes. >> okay. >> yes. >> okay. >> and secretary ashcroft when your testimony, do you believe that information sharing from the government to the states is important and that it should be improved? if you want, you can elaborate on that. >> yes. there have been serious problems with people in dhs. they told states about instances, but they couldn't tell us who they told. they hadn't told chief election officials. they might have told a local election official. we've had problems with things
12:20 pm
being classified far and above what they should be classified. so they couldn't tell that to election authorities and we couldn't respond. >> very good. well, no, i've seen that and that's well put. and it must be incredibly frustrating when you're trying to do your job and we discussed already the post election audit process. we talked about paper ballots and how important this money is. and mr. masterson, in a recent article you wrote about some of the great work election officials are doing around the country. do you believe that state and local election officials can benefit from this sharing that we talked about. this is not just the immediate information about the threat that we need to have happen but also best practices. >> absolutely. yes. >> i went trhrough all of those because that's the elements of the secure election act. very tricky, huh. and so we're just hoping that we
12:21 pm
can get this through. and i know the senator is working very hard to do that. but thank you all. >> thank you, senator. let me start back to where i was a minute ago. in the secure election act which is a work in progress apparently that we will take up at some point, one of the requirements there is if an election agency has reason to believe an election cyber incident has occurred within the election system, they are to notify the department -- that would be the department of homeland security. that was earlier defined as any ins dented -- any incident involving an election system. so clearly from the numbers that have been shared here, that would be an unreasonable thing to do. i think maybe mr. masterson in the interest of time, i think we
12:22 pm
may have to come back to the gcc, how do you write that in a way it make sense. you don't need a thousand a day or 100,000 a day notices that somebody is trying 20 get into the system. so we need to figure that out. and do you want to comment on that? >> yes, mr. chairman, i would agree completely. i think finding that balance is something we've been discussing in the gcc. none of these folks or the local need notice that their microsoft patches are out of date. they're aware and working on that. and so what is the balance. a notification with regard to threats, vulnerabilities and incidents and finding that balance. so happy to report back and work with that. >> exactly. and on the audit trail, do all three of your states require an audit trail? do you require a paper ballot trail? yes or no. >> yes, we do. >> yes, we do. >> yes. >> same -- the same response yes or no should the federal government make an audit trail, a paper audit trail a
12:23 pm
requirement to have federal assistance? >> i don't think so. >> i do think so. >> i think there is a federal interest in making sure that there's some audit -- some audit process. >> well, now, what i'm asking about is should there be a way to recreate the actual election itself? and i don't know quite how to do that without paper, even if you had a machine that was not accessible to the web. >> i believe states are moving to do that without federal legislation. so that's why i don't think the federal legislation needs to be done on that. >> but in all three of these cases, you have that? and on the audit requirement, how specific do you think that needs to be? if there is some -- in this bill there's -- i think a specific -- you have 5%. should that be left up to you, or should we tell you whether 5%
12:24 pm
is enough or not depending on how close the election was? >> that's a great question, senator. and i think that really there should be some flexibility in the type of audit as well. i mean, we hear a lot these days about risk limited audits. risk-limited audits are a great way of doing it if you have the systems in place that allow you to do it. and right now there's only a handful of states that can actually do that. the system that we use, as i said, we're actually talking internally about increasing the 5% to maybe 8% or even 10% of our town's post-election. and we feel very confident that it's actually even better than the risk-limited audit. because it actually looks at 100% of the ballots that are cast in a town and 100% of the races. so you're auditing the entire ballot bag essential at that time. >> any comments from the two of
12:25 pm
you on that? >> when i was teaching, i taught statistics, i think that the language should just give probability interval or confidence intervals as opposed to a specific percentage for a very close race you need to look at more. if it's an 80-20 race, you don't have to look at as many ballots. >> i would say the more flexibility, the better. there are states, without throwing any under the bus here that are not represented, that don't have any meaningful sort of audit. and it strike me that there's federal interest or making sure there is some audit process. >> when you do the audit, do you count the ballots the same way they're counted on election day? >> yes. >>. >> how about you. >> we use completely different tabulators. >> but you don't hand count them or anything? >> no. in fact, in our experience, the hand counting is actually proved to be the most error. >> secretary ashcroft? >> we don't hand count everything. other times when they do we work with the local election
12:26 pm
authorities on those rules. >> and would you give a direction in that post election audit to election authorities locally and they do the recount, or you do the recount? >> the local election authorities do the recount. >> how about with you? >> we do the audit. >> so the ballots come to you in the state capitol and you do the audit, or you go -- >> we do a public audit where we use the auditorium in the governor's building. and we have the ballots delivered to us by the local boards of civil authority from each of the towns that have been randomly selected. and they deliver those ballots to us. we do our work, seal those ballots back up into the bag and deliver them back to the towns. >> how do you do it? >> that is it done at the local level, not by our office. but we then follow up by second staff some weeks later and do a post election review of that audit. >> right.
12:27 pm
all right. i think they'll be more questions for the record. and certainly secretary ashcroft and i are really glad that all of these states have all of these great good government traditions. our tradition is not quite that great. and if you look at the 2000 governors race in missouri, i think there's a post election investigation that finds out lots of people voted who shouldn't have, including a dog. and we don't know exactly how the dog voted, but the dog was the person who was a registered voter and the ballot was cast. so we're not -- we're not -- to get this discussion where i think it should be, the federal government is not about to do things that encourage voter fraud. and the discussion that voter fraud doesn't happen is not really before the committee today. but i look forward to your reports back of what kind of voter fraud you've had. i think, secretary ashcroft, within the last year we had one election set aside by a court --
12:28 pm
two elections set aside by a court, and then they had to have the election again. was that absentee voter fraud, or was that voter fraud at the voter place? >> it had to do with absentee ballots. there were serious allegations of absentee voter fraud. they didn't have to prove the voter fraud. there was enough smoke the court said to do it. >> we have courts that say you have to have the election over again. we just have a burden that illinois doesn't have or other states that don't think this is ever a problem. >> it's a problem. it happens not to be the problem we're dealing with in this bill, in this hearing or right now. so thank all of you for coming. we've got a vote coming up before too long. so if our next panel will come up, we'll have some questions for our local election officials. one of which is from the illinois jurisdiction that somebody actually got into as opposed to the 21 jurisdictions that people tried to get into.
12:29 pm
[ inaudible conversations ] [ inaudible conversations ]. >> okay. . >> oh, okay. he is not in that jurisdiction? >> correct. >> do we have something on him? >> yeah. let's introduce these two people. . >> all right.
12:30 pm
a our two witnesses here are director of elections working under cook county clerk david orr. i'm not quite sure if we're going to find out if it was your jurisdiction or another one. and jane shoulder from springfield, missouri, where i live and vote and has a job. let's start with mr. graets and mr. shoulders and we'll have a few questions for both of you. >> thank you, chairman. i'm the director of elections in cook county, illinois. and it's a real honor to be here. as election administrators, when we certify results, we have to fill not just power, but legitimacy. legitimacy that comes from the essential american belief that our elections reflect a trusted and true counting of voter choices. that legitimacy must be secured. election officials have been working and securing votes and voter records for a very long time.
12:31 pm
when i started in the business prior to 2000, we served mostly as logistics managers. like wedding planners, making sure the right list of people came together in the right place with the right stuff. after bush beat gore in the health american vote act, a new era of acts and we became legal compliance and i.t. managers. but the 2016 election and all advice shared since showed that sophisticated attacks are to be expected, and therefore we must become cyber security managers. spared by this need to defend against foreign enemies, officials have been working successfully to find a good balance of federal involvement in elections without trampling on the authority of states. good progress is being made. state officials who protect state-wide voter registration everywhere and more systems in some states and where often the spokes people defending our
12:32 pm
institution deserve great credit, particularly up to the 2016 election. however, and at the risk of being overly broad, i must underscore today that local election officials are the ones who control, secure and runny lections. we locals run and over 8,000 nationally on the front lines of this new battlefield. we deploy a variety of network connected digital services, such as voter registration systems, information websites, unofficial website displays, electronic poll books, not to mention the less connected vote county systems. each of these is a target for our adversaries. once county officers, we're facing down powerful adversar s adversaries, like an innovating army. we need to buy support and resources. first, for modern defendable technology and hand counted
12:33 pm
audits which can get additional confidence that digital results are accurate. and, second, more critically today, we have a pressing need for topnotch security personnel with the skills to navigate the current cyber mind field. in cook county we studied this, undertaken significant efforts of securing our infrastructure in helping raise awarenessecosy. we conclude that the decreased likelihood of attack, each official must have access to an election security officer. most election officials don't have that today. we suggest this be handled by a brigade of digital defenders or cyber navigators. these navigators should adopt a mantra of defend, detect, recover. they can help us improve defenses, following the specific recommendations of the center for internet security or the defending visual democracy
12:34 pm
program at harvard. it will also help us secure our recovery plans for when they penetrate the first and second line. to accomplish this, the navigators will secure free support from homeland security, state governments and companies like google and cloud flair. they'll work with state and county i.t. staff. and with vendors who support locals much of their support. finally, they'll have a culture of security that can evolve to threats. incidentally, illinois lawmakers recently required that they be spent on a navigator program, and our state officials are worki working aggressively to create one. we have resilient system and voters are taking this very seriously. but voters should also understand that without continued investment in people and products, the possibility of a successful attack increases.
12:35 pm
some of these candidates are already apt to call their defeats into doubt. a new digital feat could turn sore losers to cynicism, disbelief, even revolt. that's the reaction the enemies of the united states want. the bottom line is we cannot eliminate every chance of breach. but we can make sure that successful attacks are rare. and we can provide assurances that we are prepared to recover quickly when they do happen. we can do this with support at the local level. but democracy is not perfect. as churchill noted, it's the way government accepts all of the others. we need to protect it. and we'll regret it if our democracy is damaged because we looked away and failed to support it at this critical moment. thank you, and i look forward to any questions. >> thank you. mr. shuler. >> good morning chairman and distinguished members of the committee. thank you for the opportunity to
12:36 pm
offer testimony. i'm honored to serve as a clerk in greene county, missouri. the county clerk in each county of our state is responsible for several administrative duties for the county. these duties include tax administration, secretary at the board of equalization, life nota notary issuance, retention of voter records, voter registration and election administration. election administration is clearly the most visible of all i just mentioned. election officials across the state take seriously as we work to make sure that each correct ballot is given to the voter and the ballots are correctly tabulated. it's important to recognize that each state is unique in how they're unique and not being responsible for several other administrative duties. in the large part it's decentralized state by state and county by county.
12:37 pm
we protect against cyber attack on our elections. the advantage of being centralized for local officials is also a challenge as it goes to voter election data and election ruls on election night. it's fair to say that the majority of county clerks in rural missouri are depending on the efforts of their election service providers who provide voting equipment services, the secretary of state's office and the coordinated efforts of the homeland security and the citizens commission to be against cyber threats. i currently serve on the board. i appreciate their continued efforts for information on security preparedness to state and local election officials. they work with the dhs and national association for secretary of state is welcome and optimistic these good efforts will continue and be further enhanced through one of the provisions within the secure elections act that would change the technical guidelines in the committee to the technical advisor board.
12:38 pm
and because of that include cyber security experts as part of it. i believe changes like this are needed. the bill on the current information sharing that was not in place prior to 2016 election on the current to continue improving cyber security information shared to local election officials in a common way to help mitigate possible cyber attacks in future elections. i do want to address one issue that was on page 23, lines 3, 4 and 5. it says each election result is determined by tabulating mark ballots handed device. i strongly recommend the state marked paper ballots. i believe the opportunity for fraud in electronic ballot casting system that does not have the paper trail is too great. to this point, part of the post data requirements in the state's code requires a manual count of the voter paper ballots based on a random drawing by a bipartisan team not less than 5% of the voting precincts on election day. being able to share voters that
12:39 pm
the paper ballots they cast were randomly select to be recounted by hand is critical to help earn confidence that the certified election results in the 2016 general election were accurate. less focused not be underestimated is the possible intended cyber attack to alter electronic-based photos that are more commonly used in place when checking in vote rs on election day. the minute you check in the voter is enormous and convenience voters appreciate as we see their wait times are reduced. this can become the source of real issues on election day if voters who have not voted are informed on election day that they already had voted or their name cannot be found to check them in to vote. i'm sure you would agree with me that this is a perfect recipe for voters becoming very angry and provoke chaos to ensue. as we think through these issues, it's evident that a majority of our local election officials who balance so many duties for the county and often
12:40 pm
have no resources available to monitor and prevent incoming cyber attacks need outside help from the bhs and their secretary of state to help them withstand future cyber threats due to voter registration data and the tabulated election results on election night. it's for these reasons that i recommend that the dhs in coordination with our secretaries of state assess state by state where the weakest vulnerabilities are based on counties and i believe it can be provided to help ensure the integrity of our election be protected before it's too late. as i conclude, firmly elections are the cornerstone of our freedom, and we must all work together to protect that freedom and the integrity every time a voter cast his or herbal lot. i believe we're up to a cast if we do it together. thank you for holding today's committee hearing and the nation as we prepare for this november. and i look forward to answering the committee's questions. >> thank you. how many registered voters
12:41 pm
billion do you have in springfield? >> 85,000. >> and how about you. >> 1.5 million. >> was it your system penetrated by -- >> it was believed to have been a russian hacker. >> it was a state-wide system. illinois is a little different. the state director of elections would have been the person that we would have seen on 60 minutes. >> so it was the state-wide illinois system? >> that's correct. >> and is it your view that more problems are likely to be created on election day by getting into the registration system than the likelihood of getting into the accounting system? >> sure. we've got a broad throughout the surface area. we rely on a number of different systems. the network conductivity of voter registration systems is certainly much greater than voting systems. and, therefore, more -- an
12:42 pm
easier target for adversaries. >> i would concur. and certainly that's an issue in durham county, north carolina in 2016. very small scale. but if you would increase that scale, you could easily see the issues that it would create on the day of election. >> and the option of pro vilings voting -- provisional voting as senator durbin suggested earlier that would quickly overwhelm the system if you have all kinds of people trying to cast their ballot. >> right. they're looking at a backup system in case that would occur for a county. but clearly even that is going to be fairly technical and hard to accomplish. but we're looking at that. >> if i might put out too in illinois we've got election day rej station, which in and -- registration, which in and of itself is a policy decision lawmakers made, particularly in the event of an issue with the voter registration database. it's now ten seconds longer than
12:43 pm
our normal check in. there's way to do it. but it's a decision that not only helps the voters but it makes the security of the whole system much more resilient. >> i assume it would be a good register in ten seconds you could also do what you need to to cast a provisional ballot pretty quickly then. >> sure. >> that same system was designed to accommodate? >> yes, sir. ten seconds marginal increase. >> right now our provisional process would not allow for that to happen quickly because of the process in filling out the envelope, all of the details that go along with that. where certainly illinois may be ahead of us in regard to that. >> do you have a way to monitor how many people might be trying to access your system from outside the system? >> that would be through our information systems team. and they keep that information pretty close to the vest. but we're fortunate in greene county. we have that type of help
12:44 pm
available. but clearly in our smaller counties i was visiting with one of my fellow county clerks before today and they said we are not prepared if something of this scale would occur to be able to defend themselves. >> i was in a location in st. louis a couple of weeks ago where they have where the principle provider of the ipad voting day system, they were just transitioning 51 counties in minnesota to that system. they just got the entire country of canada as a client. and one of the things they were doing while i was there, they had three summer interns and two other people who just all the time tried to get into the systems that they're responsible for. so this is something who spends all day every day. >> right. >> trying to secure a system by trying to penetrate a system. and if they find those spots so
12:45 pm
you have -- you can have people doing that. >> sure. i mean, attacks are very valuable sort of efforts to ensure that your defenses are holding up as you would expect. homeland security has offered that to all of the states and locals. we just had a vulnerability assessment through them, and it's quite interesting what the good guys are capable of as well. >> but the good guys -- the whole thing of cyber instruct is the good guys have to be successful all of the time and the bad guys only have to be successful once to do great damage. and before i turn to senator, mr. schoeller, you would like to see a paper ballot as part of a national requirement. >> i would in terms of you think about the measurement that's used and all of the different things. but particularly when you're visiting with voters, a voter wants to see something tangible. and i think the tangibility of paper is going to give them much
12:46 pm
greater confidence. and i think when it comes to federal elections, that is for president. but for the balance of congress and the house and senate, that being able to give them that assurance that, yes, we can always go back. >> uh-huh. >> and look at a paper trail versus something that's on a screen that is based inside a system that we have to trust, i think voters are going to appreciate that type of assurance. when i visit voters back home, i rarely have a voter that disagreed. in fact, i can't think of one time. >> and when you do a post-election audit, you count those by hand? >> county equipment. we -- no less than 5% of the voting precincts we do and their bipartisan teams, they're recounted by hand. and one of the things that i think is important is that even if you do it with a machine, how would you know something has been compromised if you haven't compared to the paper ballot.
12:47 pm
clearly the machine when you have an accurate election does do a better job of counting the ballots. i'm talking about in the case where clearly fraud has occurred. then the paper ballot is going to be the evidence you need in terms of if you need your system inside the machine is compromised. >> thank you, senator. >> thank you very much, mr. chairman. so we're talking about why doesn't everyone just vote from home, which is great when you can mail in a ballot. we know that. but vote from home from your computer and that means no paper record of anything. could you comment about that. >> i think that's 100% inappropriate for civil elections. >> i thought it ironic because this is the first term when i ran for this office in 2014. that was actually a common theme that i heard. >> right. i was hearing it and i kept thinking about our state with -- i'm not going to keep dwelling on it with high voter turnout. but that involved a paper ballot. >> incredible integrity.
12:48 pm
>> incredible integrity. but it involved people that could vote by mail. and we made that even easier. but they had actual paper ballot they did and it was in the machine. but, you're right, that's what people were talking about. why can't you do it from the home computer and have no backup, right? >> right. and that's one of those things that i actually had to disagree when that viewpoint was put forth. one city in particular i remember. and even after they became elected, there was a group of speakers and they all were talking about this. >> like voting from facebook. >> correct. >> but they actually disagreed. and i went and i thanked them. i was the only election official that day, that was prior to 2016, that didn't think that was a good idea. but i think we have evidence now from 2016 that clearly that's a convenience that we just can't afford. >> uh-huh. very good. so, mr. schoeller, in your testimony you supported the secure elections act, increase
12:49 pm
of cyber security expertise and what is currently the technical guidelines and provisions. we talked about that. do you think that that's very important to have this post-election audit? >> i do. and certainly -- and one of the things i want to recognize is when we do these audits, they're very transparent. they're very open to the public. and that's something that you cannot put a value on. >> uh-huh. and thank you for supporting the secure elections act and your testimony, and i think it must be hard to be used as an example in illinois that they got that close. but it must make it more of a concern in your state. >> certainly. it hits home. >> uh-huh. very good. and are people aware of it, do you think? >> oh, yeah. i mean, our voters come to us. and we're lucky in illinois because we can tell a strong story. we start at the end. we've got a piece of paper that every voter looked at.
12:50 pm
so worse case scenario, an attack, full meltdown of all systems, we can recreate an election that's trusted and true. if you want to keep talking about election security, most people walk away. some will engage. we were able to talk that way nationally. this would be probably the last hearing of this sort we'll have. it's voters get worried about having their private data taken? >> sure. >> i mean, it could happen at the same time. but it's a different concern. >> luckily we have data sets that we keep on voters who have a tremendous amount of pi. but it's certainly something that we protect. >> uh-huh. >> and, of course, we've been talking about the fact that homeland security didn't come forward with the information. when did you find out about the -- >> well, it happened at the state level. and i know as much as anybody else who lives 60 minutes.
12:51 pm
they shut down the state-wide voter registration system sometime in the summer. and then we started asking questions. we're a bottom up state. each county has their own voter registration system and then we share data up to the state board of elections, which is also another sort of resilient policy choice. because even if the state board system had been taken down, we would have all been able to operate pretty seamlessly. >> uh-huh. and i think this is just a secondary concern that people aren't always focused on is that the hacking could also result in stealing of private voter information. >> of course. >> the people -- stuff like that. so we've been talking a lot about dhf. but you both mentioned eac briefly in your testimony. and could you talk about the role that the election commission has played in improving cyber security. >> sure. so i said on the executive
12:52 pm
committee government coordinating council and i sit alongside the chairman of the eac and the president of nast and this sort of confederation is working really well to figure out our names and what's become clear to everybody, including homeland security, is the vital role that they have played for 15 years has been a significant partner there. they're trusted source. i think dhs has been able to rely on them significantly. we sure have at the local level. >> and, mr. praetz, you discuss cyber navigators in your testimony. and mr. schoeller mentioned that not all election authorities have access to a team dedicated to protecting them, which you noted. can you both discuss how cyber navigators can provide local election officials with a much needed resource and expertise.
12:53 pm
>> i think that's an issue you mentioned. ne have a number -- they have a number of white papers. they're trying to do all they ki think the issue, and this is my broader testimony for the record, often times the local official are so overtasked with all of these various administrative duties. they don't have a bunch to be able to handle. they don't have access to the information just by the logistical way their job occurs every single day. and that's why i think if we can have programs that are there to help, like bill mentioned this morning, i think that's going to be the type of help that our local election officials appreciate. because they are concerned. they are worried. they realize they don't have the technical background or capabilities or the local help to be able to get that protection they need. and one of the things when i mentioned -- i think the other issue is that sometimes they'll go out to somebody there local to get help. but how do they know if the help
12:54 pm
being provided is what they need. and i think that's another thing and part of helping educate local election officials is, okay, this is a product or a company you can trust. we get a lot of information from companies, you know, telling us they'll help us in terms of cyber security. but what product is actually really needed versus what are we just spending money on that would be frivolous and not really protect us at the end of the day? >> very good. thank you both. >> my last question for both of you, and there may be questions in writing, do you see any potential for unnecessary duplication with the eac and the new involvement of homeland security? is there -- and if you do, is there a way we can thoughtfully try to deal with that? >> i have no concerns there. i think homeland security has got quite a broad plate of responsibilities. now, i'm glad that they're able to share some of their
12:55 pm
cyber-specific resources. i think it's critical to have an institution dedicated solely to election support that will not get pulled into other issues. >> mr. schoeller. >> i think the issue is broad enough that the coordination is good. and i think the ac in terms of the other areas they help out in terms of the clearing house for best practices of a local election officials, those types of things they provide the dhs is not going to provide. but i think when it comes to protecting ourselves in terms of the cyber world, i don't think it can be too broad at this point. >> and as an interface, you would be comfortable reporting things to eac that then they would report on to homeland security if they decide it necessary? >> yes. >> and, correct, we didn't -- the information sharing protocols that the gcc has developed, that's not the exact design. but i have no doubt that the officials at the hcc and gas
12:56 pm
will share information. >> thank awe of -- all of you. we started a couple of votes we need to go to. we appreciate you and the other witnesses being present today. the record will be open for a week from today and there may be some questions that come to you in writing. and if they do, we hope you would respond to those as quickly as possible. the hearing is closed. >> thank you. >> thank you. [ inaudible conversations ] [ inaudible conversations ]
12:57 pm
[ inaudible conversations ] [ inaudible conversations ]. >> you should get those rendered right away. so we did that. and that was probably the most immediate thing we can do. and homeland security is clearly all kicked up from the complaints from the secretary of
12:58 pm
state and hearings that we've seen. they couldn't -- they couldn't keep hiding the information from the secretary of state. so they're seeing some of this happen where you heard from them where people are getting in the right classification so they can get the information. but the secure elections act and also there's more to provide sharing of data. and that's why it may not -- my short answer here is we got the money out. we would like to get more money out. but we got money out immediately. and if we don't pass it before 2018, we can still pass it after that. >> well, and a number of things what we heard here this morning was most of the things that the secure election act would require happen appear to be happening right now. and we can improve on that and we can restructure that communication where it needs to be restructured. the effort to go ahead and step forward and do these things.
12:59 pm
and then figure out how you would more clearly define this. hopefully we can get that done before the 2018 elections. as the senator just said, the responsibility of local officials to conduct elections and the determination of the dhs after the election last time that this was critical infrastructure still are important factors in moving forward. and i think there's focus on what needs to be done here. and i think we heard a lot of that today. >> just for a second, can you talk about how this compares to 2016 now that threats as you see them now in this year. >> i think we're in a much better place than we were in 2016. they're more aware. more notice we can give in 2016 to local officials would have been a good thing. but you have to be pretty unaware of what's going on as a
1:00 pm
local election officials and not have a sense that there's not things out there that you can be concerned at a higher level than in the past. [ inaudible conversations ]. >> senator fisher came. i think we got accomplished what we needed to accomplish. thank you. [ inaudible conversations ]. >> real quickly on the sca, that allocates additional funding, right? >> yes. >> and we're still -- i mean, i would get it done. we tried to get it on the mdaa. we have tried to get it done by itself. we tried to get the whole bill on the budget act. and we're trying for the appropriations to see what we can do to get some of it on there. . . .
1:01 pm
you don't want the next homeland security secretary to not know what they are doing. you want in law that they have to share this information. >> i think more money, more money. >> right. and remember, look at these major hacks into companies like sony. come on. think about all the money they put into their security and these are actual internet companies that have been hacked. think about everything that just happened with facebook, all those things. you've got these guys in small companies all of the country and they are supposed to sum up think they're all protected when major u.s. companies are being hacked. that's just not fair to them and that's what i don't think it's just for fun that they are here
1:02 pm
saying they need more resources. these are national security hacks and that's why the federal government has to play a role. >> there is a debate on the bill. is it over resources and how much resources -- >> we got the initial, i was going to say that bad word, tromped their cook at the initial amount of money we ask for but i would say it's more about what is the floor. what we should we tell states what to do in the we want to preserve their individual systems we don't have a nationwide attack, that would be a disaster. we would rather have it be in one county than in the whole country. we had to pick out the floor we expect of them and then i think there's some debate about that come how much we should be able to tell them what they have to
1:03 pm
do. since we know what happened in one county, will hurt the whole country. that's what russia trying to do. even if they just take one county outcome it hurts the integrity of our whole democracy and hence the id we should have his support for what we expect states to do. the. >> the secretary has expressed a range of opinions on a prescriptive the federal requirement should be. what is your position on that? >> -- [inaudible] literally any audit, in the audit. >> we just want on its. [inaudible] [inaudibleve

14 Views

info Stream Only

Uploaded by TV Archive on