tv UC Irvine - Hacking Elections - Panel 2 CSPAN May 25, 2018 4:17am-5:17am EDT
next week in c-span. election system vulnerabilities were the focus of a recent conference on hacking. election officials from los angeles and orange counties shared their views on some of the changes needed to help ensure the security of both. this is one hour. thank you very much and thanks for coming here. now that we're all suitably -- suitably freaked out, we can talk about some solutions and then we can listen to the computer science experts and engineers come back to further scare us after this panel. let me introduce my colleagues here. we really have an incredible group of people here today. to my immediate right is candace holk. candace holk has been involved
in cyber security and cyber risk management issues for over a decade. professor holk first developed expertise in technology security and directed the scepter for election integrity at cleveland state university. working on election security led professor holk to seek training at carnegie mellon university where she earned a master's degree. and she was a cyber security engineer with the cyber and risk resilience team before returning to cleveland marshall where she is now. to her right is dean logan who needs no introduction in the election community nor does -- well, honestly, none of these panelists do. dean logan is the register recorder and county clerk for los angeles county, california, the nation's largest, most diverse local election jurisdiction serving more than 5.2 million registered voters which, of course, is more than some states.
in addition to serving as the supervisor of elections, dean records rural property documents, maintains birth records and does a lot of other things. but one thing that's very interesting, he serves currently as the president of the california association of clerks and elections officials. and he has more than 25 years in experience of elections at the local and state government levels. and finally to mr. logan's right is neil kelly who is the registrar of voters for orange county, california, the fifth largest voting jurisdiction in the united states serving more than 1.5 million registered voters. mr. kelly has led that office through the largest cycle of elections in the county's 129- year history. and he's the past president of the national and california associations of elections officials. and one thing that makes me particularly proud to be up
here with these three panelists is that they have been deeply involved and shown great leadership and are incredibly well regarded in the election verification community amongst people who have been studying and following election security issues. and they're incredibly well versed but also incredibly well respected. and most importantly for our purposes, incredibly thoughtful about the issues that are facing us and the challenges that are facing us. so what we're going to talk about today are legal and policy solutions to election systems vulnerabilities. so we've heard a little bit about active measures. if we can go down a credible rabbit hole and see at least the end of that hole, i think, in the next hour of this panel about the different ways we are at risk and our elections are
vulnerable to hacking our other types of manipulation. what we want to talk about today is what policy makers and lawyers can do and maybe what policy makers ought to do in the future to try to protect our election systems. so i want to start off. if folks would like to maybe just -- maybe i'll just start with my neighbor candace. maybe just a few very brief thoughts to kick us off and we'll just give candace, dean, and neil a moment to maybe share a few of their initial thoughts and reactions to this issue and where they think we are now given what we know about 2016 and what we know about how -- how elections have been administered and how election technology has developed and been implemented over the past decade or two. >> thank you! and thank you so much for
inviting me. one thing i'd like to say at the beginning is that california, in so many ways, is an anomaly nationally. i'm from pennsylvania and ohio. and the election systems are very different in certain ways as far as the administrative structures and especially the knowledge and commitment to cyber security. than, for instance, the two gentlemen to my right. these guys are on top of stuff in ways that most the nation are not. and so i'd just like to say you'll hear from the technical panel, some good friends of mine. and we -- one thing to understand is that all of the voting systems that are used in about 85 to 90% of the nation right now have software that
was developed back in the '90s. not really good software now. they were designed at a time when we didn't have the kinds of threats that we know now. we have election offices that were not and have never been properly staffed, trained, supported in the kind of cyber security knowledge and techniques that are needed to deal with the threats that we have on the horizon. david mentioned the importance of paper ballots and indeed that is the best solution because we need paper ballots that can be counted through electronic means but then we have to audit in a very careful manner to ensure that those scanners have not been hacked. so you're going to hear more about that, i trust, from the technical panels. but i just have to tell you that if you do eliminate all of
those information war aspects that our first panel was talking about, so you're blocking russia and other hostile adversaries. where are they next going to turn? one of the easiest low lying areas. it is already very easy, low hanging fruit. our states are using completely inaudible equipment that basically says, hey, come hack us. we're not looking. we have no means to check. you can change our elections. we won't have the capability to find it out. we won't be able to trace you. we're not looking. hey, have a ball. so that's more than enough that are needed to change the election totals -- or i should say partisan totals in congress. the ability to change confidence in elections and on and on. so finally i would just mention we have never had federal minimum standards for voting system security.
to this day, that is. and california is way ahead. and these guys -- so they're abnormal in a good way! >> thank you for holding this forum. we are increasingly invited to be part of a dialogue like this. neil and i were both in sacramento last week as a joint legislative hearing talking about this very subject. i would start by saying that i think the good news is that dialogue is happening and it's happening in lots of places lots of people. we certainly appreciate the kudos to california and by and large agree with that. i think we are ahead of the curve in california. but that doesn't mean we can rest on our laurels and it doesn't mean there's not work to be done here either. i think what is clear in the first panel that was really
interesting. it really set up the dynamic that there are elements of this that our election and administration issues need to be addressed. but this is not simply an election and administration issue. it goes well beyond that. and the concern and the documentation that the disinformation campaigns and the propaganda and their impact is having an effect. and it's having an effect on elections and administrations on the outside. that is very challenging for us to deal with. so we can spend a lot of time and we should and will spend a lot of time dealing with the nuts and bolts and mechanics of elections and administrations, hardening that and making sure it's secure, making sure we're transparent about that and making sure there's lots of growth to be done there. the harder job i think for all of us is how do we combat the impact that the misinformation or fear that's out there is having on the general public about something that's
fundamental like the safety and impact of their vote. i think where we see that in california is -- in a state that is not generally a purple state where you have newer generations of voters coming in. in l.a. county, voters under 30 are the pleural of the registered voters -- plurality of the registered votessers. and i think there's turnout with the disinformation and the sense and belief of the impact of the power of your vote and the significance it has in our society. and i think we have to work hard to fight against that. general cyber security issues from an elections and administration standpoint, it's really no different than other sectors, than health care, transportation, energy. there are protocols and there are patches and new information coming out all the time. it's on us to make sure we're watching those things. we know the threats are out there.
we know that people are trying to ping our systems, penetrate our systems. we have to have the resources for that. we have to make sure that security is something that's constantly developing and it's a 24-hour, 7-day a week operation. it's not good enough to shut the doors, turn off the lights when you leave at night. you need somebody watching all the time. and that's something that -- i think there's a -- i believe there's a growing awareness about that. but there are places that are getting that right and places just now realizing the need for that. secondly i think it's important to recognize that with these threats are -- the security comes in multiple levels. there is information technology security that is what we talk about a lot and give us focus. but on top of that, there has to be operational security. there has to be procedural security and on all the things that go aaron with that.
it is election -- go along with that. and these functions are complex. we volkswagen all the time. if you talk to people who work in polling places today, what we ask of our poll workers and what we ask people to do on that election day is insane when you think about it. we wouldn't design a system around that. the layers and the number of complexities involved in that and the number of points in vulnerability are huge. but they also serve a purpose in terms of checks and balances, chain of custody and those things. so we need to constantly look at that and address that as well. so i think there's a lot to be done. i think that there is a growing awareness in the elections community for the need of this. i think we're threatened by a narrow market of technology and providers for voting systems in this country, something that's allowed to happen and it's junk rather than getting larger. that in and of itself is a threat. and we have a resource issue.
i mean, you cannot talk about the heightened threat and the need to address the issues we're talking about in this room today. and we talk about it in really large, booming terms like the booming foundation of this society. we do not see this as foundational to our presociety. you're not going to achieve those protections with the way elections are resourced today. and we have to talk about that at the local, state, and federal level if we want to really tackle this issue. >> yeah. and when you think about -- when you think about election administration, right? when you think, for example, about how hard banks work to protect -- to protect the money they're holding, how hard banks work to make sure that an atm properly dispenses money and aappropriately reflects -- appropriately reflects balances, they do a good job. but there's still a lot of identity theft and online cyber theft.
but that amount of theft may be tolerable, may be insurable for banking. that doesn't work for elections. yet elections are much more complex. imagine an atm that you have to use that's connected to a bunch of other atm's other people are using and yet you have to make sure that the person using that atm remains anonymous. that's very, very difficult to do. and this is, you know, old news. and it's a tired metaphor for people that have been obsessing about this the way we have for a number of years. but steven sotloff still -- -- it's still a useful thing to think about. neil? >> i think dean and candace kept that presentation nice and well said. i don't have a whole lot to add. but shortly after i started in orange county, 14 years ago, people asked me, did you think you'd have to be an i.t.
manager for this? i said, no. and then they asked me, did you think i needed to be a security manager? no! i don't know the next task that will be needed! although i think having a high tolerance for nonsense needs to be a bullet point. you asked specifically about where we were in 2016 and where we are today in that preparation. we have a ways to go. i don't think anybody in this room will offer that point. but i will say i am very proud of the efforts that have been made thus far. and i think we've made a lot of effort towards protecting elections in 2018. but i'll tell you now -- and and i'm a big proponent of auditing. and i'm sure we'll look at that in a little bit, to ensure the accounts are correct and to make sure those put in power and who won the elections are the correct choices. i want to talk a little bit about the -- candace touched a bit on no regulations or
standards for security in this country. those guidelines 2.0 have some good placeholder items in there for future development. now that being said, we have a ways to go before we have those systems developed. so we have a lot to do to work now. one of the gentlemen you'll hear from on the next panel, we served on the national academy on science, engineering, and medicine voting committee. we had an opportunity to hear from general mike hayden, former cia director, nsa director in an unclassified briefing. i asked him the direct question. i said, i'm from orange county, california. i will be responsible for a couple of the most competitive congressional races in the entire country. we'll be right here in our county for a few months. and i said, what is the likelihood now that we know what these bad actors did in
'16 that they're going to repeat that same action? or will it be new actions that they will come forward with? and he didn't hesitate in his response. he said, they will be targeting congressional races, targeting other elections. you heard that from the previous panel. so we have, again, a ways to go. but i'm looking forward to the dialogue. >> on that chilling note, i want to pose a question. what we'll do is we'll pose a series of questions to the panelists and let them -- let them respond and then we'll take questions at the end of this panel. my first question for this group: now that we know about russia and other adversaries' plans, capabilities, and intentions. what are ways to respond to such threats using the laws, regulations, and election official discretion and other discretion officials may have that currently exist? what tools do we have in our toolbag at this time to take
action? to sure up our election systems? >> great question. and i'll -- as one of the -- are either of you -- okay. urge candace just asked, are either of you lawyers? maybe that's the next question. what's the next expertise you need? anyway. >> so, um, i've given a good deal of thought about this since i've been an election law professor as well as involved in this security aspects of elections. and one of the areas of untapped power -- david in particular, please take this back to the justice department if you're still here -- for monitoring elections, federal elections in this country for decades. at no point have they ever brought in technical elections
experts to help, quote, monitor that process or conduct random forensics evaluations of the election equipment afterwards. we have simply had the feds watch whether people are able to access their voting booth without impediments. we need to rethink what the feds are doing as far as what it means to monitor the right to vote on election day. and that information should have been available. and the power should have been used in 2016 and before as a random check! and that's appropriate. the feds have the power and should be doing it. another one is, we have a law on the books from the eisenhower
era to require elections to be maintained for 22 months after the election. now, the justice department wrote interpretive guidelines for that preceding electric voting. they have not responded to update those rules ever since. so election officials have been routinely wiping various kinds of electronic media. well, that also thwarts any ability for checking, ascertaining, attribution. you want to go through the list. that's got to be that power. that responsibility needs to be rethought. i have personally talked with people at the justice department repeatedly. and, yes, it'll be hard. but talk to some of us who already know some of them, some of us. we could have a work group to put together a set of guidelines to work. that needs to be done. and those are powers that
already exist. legislation that already exists. we need to ascertain that period of time between elections and inauguration or taking the oath of office is very short. and so we've got to plan for what our activities are going to be not only before but also in that period immediately after to assure that the election has not been hacked. we need to plan in advance. we know what the procedures are. and we need to make sure that we have our procedures that are going to be able to uncover any kind of hacking, tamp everything, whatever,. that deters misconduct and it assures the public that those in charge of the system will not just be offering our confidence that the election hasn't been hacked but we're going to offer proof. and we're going to show you in advance the kinds of tools we're using to assure the
election has not been hacked and if, for instance, it has been, we've also got the tools in place for being able to recover and restore the voter's intent. and that's what neil has already said, the audibility comes in. but that also means that we have to assure those jurisdictions are still using unaudible machinery. all electronics that can be easily hacked will be illegal. so there is some pending, federal legislation on that. there's been pending federal legislation for ten years. there's been legislation in each of these states. that is a legal reform we need. and i would just remind you many of us think about the right to vote as only our right to vote. but remember no one vote independently means much. it's through the collection of votes that we then produce rule results.
that means if you're in one state where you have those measures and others are not, you're impacting all people. central pennsylvania was one of the problem states in 2016. we have all of philadelphia and all of pittsburgh and allegheny counties using all electronic systems but many other counties that are using the auditable, paper ballot type systems. so it means the entire statewide counts are in doubt, threatening the legitimacy of the entire election. so i would just leave you with those thoughts. >> thank you. neil? >> so i want to talk about a couple things. i think the three things i would say out of the gate is, update the equipment. and there's a big discussion around that. the other is lower instant gratification. we need to get away from this
concept of, you much these results in a very short window of time. otherwise, we won't be able to do what candace is suggesting. i think we need to head in that direction. and finally, provide a ring of security. i want to get into that a little further. before i do that, i want to give you a quick background on homeland security and what's happening at the federal level. i thought that candace talked nicely about that. i will say there are certainly state officials and local official that is would respectfully disagree with the federal involvement with elections to the degree candace is suggesting. but that's a further discussion. in january of 2017, department of homeland security designated elections as critical infrastructure. i won't assume you know what that means. very briefly. election infrastructure can now be compared to, say, the hoover dam. so the same level of protections we place on a national level to protect the hoover dam is the same we're doing for elections. in fact, when you look at the
documents that are being produced, they kind of mirror what's being done on the electrical water, air grids for sub sectors in those infrastructures. so i was appointed to what's called the government coordinating council for homeland security that will oversee this rollout and implementation at the federal level with homeland security. there are 24 of us on that board, half of which are secretaries of state from around the country. and the other half are either state or local election officials. and there's some good work being done on there. i want to tell you about a couple things. one is a sector specific plan being developed right now. and that'll give tools and resources directly to local elected officials. this is something i think that's critical. if you think about it, we have about 9,000 district election offices around the country. 9,000. and they all operate kind of in
their own independent environment around the country. so providing support to them will be critical. we're only as good as our weakest leak. if you look at our database, for instance, you're only as good as the weakest link in that database. i think that's very important. that sector specific plan will be done here in the next hopefully couple of weeks. it's being done very quickly to be able to get that information out to elected officials. also the information sharing fusion centers. so there are several of these around the country under the homeland security umbrella. we -- the gcc has set up an information sharing national system for attacks, threats, threats of attack against our election infrastructure. and this information sharing will be pushed down to local election officials through the states and a communication protocol has been worked out
over the last couple weeks. i'm very hopeful in that regard we'll see quick action once that ssp is released. when it comes to the ring of security -- so i'll use orange county as the example because it's what i know. i'll tell you what we have done in the last couple months to protect our election infrastructure. physical security surveys were done in earnest with both dhs and the f.b.i. as well as our local law enforcement partners. you would not think that -- well, county campus security is pretty good. but the kind of level of security that we're talking about for physical security is much more enhanced over what it was just a year ago -- year and a half ago. we put improvements in place in that regard on the physical side, established partnerships with federal, state, and local law enforcement agencies. this is very important. and i take issue with some of the things that have been in the media sometime ago regarding when did this all start in well, the reality is
both dean and i were contacted in the spring of 2016 by federal law enforcement related to several attempted intrusions. no intrusion took place but several attempted intrusions. so that's been going on for some time. administrative, technical tools. if plans in case we have an issue. and we in orange county will be conducting a pilot risk eliminating audit in june we hope to use as a demonstration to the state that this is the direction we think we should be going. and there actually is some work right now on a bill at the state level to reduce audits in california. that would mirror kind of what colorado has done although dean and i say we're in california so quit talking about colorado. and then finally -- yeah. proactive list maintenance.
i can't say this strongly enough. we try to educate voters to look at your voter registration information. verify the accuracy of that. verify the party you're registered in. verdict financial aid your address. that's very important when that -- verify your address. that's very important. also looking at audits on voter registration systems. in my humble opinion based on all the information i've learned at homeland security and all the work i've done at the national level, quite frankly, the voting systems are talked a heck of a lot more than the voter registration systems. and the voter registration systems have vulnerabilities. and they have vulnerabilities that are not talked about at the same level. and that concerns me. >> and those systems were often the target -- >> we're the target. >> -- of the attack. and it were often places where attacks were successful -- or at least people got in. so it's not necessarily that the machine -- well, who cares if the tally is right if x
number of people are lopped off of that group of people who are able to vote in that particular election? dean? >> so i would just add a few things to what canada das -- candace and neil have both said. i think there are a lot of things administrators can do under current law. that varies from state to sate like so much of the election process. but there is discretion to go beyond the minimum standards for auditing and for transparency. and i think right now given the environment we're in, transparency is a key part of it. i think as election officials, we need to build a relationship with the public that we serve with our constituency so that when this disinformation -- at least the disinformation about the mechanics of how elections are run, that we can trust the source of information where they can fact check that. when there's a social media message out there or an e-mail campaign that says republicans vote on tuesday and democrats vote on wednesday, that we have
established ourselves as a trusted and reliable source that people can find out what day do i actually vote on? it sounds very simple but it's -- it's historically not necessarily been something that election administrators have spent a lot of time on. so part of that is having a presence on social media and how you talk about these things. so when the stories come out, is it really hacking or is it disinformation? is it really about the system that's being used in your jurisdiction or was it the system used in pennsylvania? those types of things. having the -- taking the time and expending the resources to be that voice of clarification. i think also to neil's point, we have in the last year have now available to us a whole menu of checklists, recommendations and opportunities to utilize resources to check the security of our systems. most of that because of our decentralized nature is voluntary. but it is available to all jurisdictions.
so making sure that your local election administrator is accessing that information and that they're going through those checklists and making sure they're having. back to my comment about security being an activity not a destination. that's ongoing. the other thing as odd as it sounds is to use this moment in time as a bully pulpit to talk about the limited market and availability in this country. and to make sure we're not just asking for resources to be handed out but resources tied to the policy provisions that have been shown to work. so things like the paper ballot, limiting audits. to be vocal about that now. so i think those are things that can be done. you know, it is tricky because right now anything that happens in an election, whether it's local or federal, right now the
public perception is that it's automatically hacking. so how do we demystify that and make the distinction between what's hacking, what's an administrative error, what's a political debate? for most people, those things all get merged together. and generally -- and we know there's data out there to show this. generally it's the satisfaction or belief that whether your vote is counted is linked to whether the person you wanted to win won the election or not. and we can't and shouldn't control that. but we need to be able to talk about it in terms that give people that confidence. and you can open up your process, bring in security experts. i sent a team from my staff to the defcom packing village to show the vulnerability of the voting systems. if we don't know the vulnerabilities, we can't respond to them. the final thing i'd say is, you know, right now today under the current environment, we have to secure the elections through
the resources that are available, the education and engagement that we can have through the public and partnerships with academia, information technology, security experts and all that. that's the way we're going to guarantee the security of the 2018 election of not placing federal agents in our polling systems. >> can i ask something? dean mentioned the transparency piece of this. we have to balance the transparency and security. that can be a fine line for election administrators to walk. and we're going to see that certainly in 2018 and pull out further in 2020. i want to add not just to the election administrators but what can voters do, right? and one of the things i'd encourage folks to do is volunteer as a poll worker. i'd hate to use the tsa technology, but if you "see something, say something." those administrators can be valuable.
and those monitoring the polls can be helpful. i know some of my colleagues would probably strangle me over saying that. but i think it's important for the public to be out there monitoring. >> how do people sign up? >> go to you know website. we'll sign -- our website. we'll sign you up in 2 minutes. >> let me get my pen out. >> and train you! >> yes. like neil said, it's part of that education. making sure voters know what they can do to protect their vote, too. they can. there are a lot of opportunities to hand over your ballots to other people to be influenced. but you can control that. and we need to do a better job of educating people that. there are ways in most places -- this will vary from state to state. but in california, you can marry sure your vote was received and make sure it was counted.
or if there's a provisional ballot -- there's this myth mostly coming from the swing states that provisional ballots ballots are throw away votes. in california, 80 to 90% of those votes always get counted in an election. and there are ways to know that vote got counted. we need to do better about getting out word on that. >> can we do a 2-minute detour? i think this is just useful. how to vote 101 for folks in the audience. one follow question i have is how do you check your ballot to see if it was counted? >> well, if it's a vote by mail ballot in california, most counties -- i think all counties you can go to the county's website and do a voter look up feature. feature. it'll tell you whether the ballot has been mailed to you. if you've voted and returned it, it'll tell you if we've received it and whether we've processed it and whether it was challenged and what you can do about that.
same thing with provisional ballots. casting a poll on election day. there's a toll free number you can call or go online and check the status of that as well. >> i would add in orange county we have a new program called oc ballot express we'll be launching here in a few weeks. and we're now putting tracking information on the return envelope as well. so you have a full circle of visibility from the moment the ballot is printed, you will know all the way into your mailbox, carrier's hands to the mailbox, back to us, and what was the result. was it rejected or accepted? >> as a quick detour, followup question, one of the main reasons ballots are rejected is the signature doesn't always match the signature that was signed when folks registered to vote. is there a way to check your signature against the one on file? >> a couple things about that.
first, there's legislation in california that would mandate what many counties already do voluntarily. that if we have a mismatch, we allow the voter to cure that. the tricky part is with the motor voter registration and automated voter registration policies, a lot are coming from the dmv database. so if you used a signature pad, sometimes they can be ten years old and were on first generation signature pads so they're not good signatures. so the best way to check is look at your driver's license. did the signature on your ballot envelope, does it look similar to what's on your driver's license? that's a good indication. i'll take a little bit of a detour on this. i get on my soap box about that. but i think this issue of signature verification is actually an issue that if we don't look seriously at it in the coming years is going to become the next form of
administrative disenfranchisement. that simply people don't have consistent signatures anymore. there are so many processes that are singularly used with signatures. and then ultimately if you're voting by mail, your ability to make sure your ballot will be counted. so i wish i knew the solution to that. but the fact we have that as the exclusive way of verifying and providing access to so many processes is a vol thermometer. >> i have more -- vulnerability. >> i have more that don't sign the ballot than we have mismatches. we reach out to folks to cure that issue. and just to follow up on the dmv issue and your ballot being counted, when individuals sign
with their finger at dmv, it appears it's done with a crayon. so it's very difficult to match that up. >> yeah. i don't know if you've ever been -- when i sign the credit card statements at rit-aide or something, to be honest, it's never like my actually signature. so that's an area. but this stuff is complicated. and even getting down to something as basic that you verify the person checking in is registered. i think if we have time, we could get back to l.a. county's visa app program. but let's move on to possible policy changes. possible improvements. we've talked about some of them. risk eliminating audits. that's seen as one of the most promising policies.
i want folks to offer, if you could wave a magic wand and implement one major policy change in election administration or in our elections laws that would help people be able to vote, what would that be? >> to help them be able to secure the vote. >> i should say to secure their vote. >> i'd go back to the voter registration system. it would be to have a requirement for audits on the voter registration system. i want to give you some quick examples of this. so if you took a snapshot or moment in time of that database, which is very complex. over a million and a half records. and many more millions of historic records. you can compare where you are in time now to where you should be. for instance, we have about 1100 deaths that occur -- i don't want to bring this discussion down. but about 1100 deaths that occur in orange county every month. it's easy to compare those numbers in the database and
say, are we are we should be? what's more difficult is to compare the rate of party changes that are taking place in the database. and if you had tools to be able to detect those anomalies or to detect issues that may be occurring in the database not detectable at first glance, that would be invaluable. i'm working on a tool to do those checks. that would be my magic wand. that would be the one. >> i think it would be widespread adoption of the voting act. california is a local option than a statewide solution. the voter's choice act is you can address many of those issues neil talked about
because you can cure those issues at the same time you're voting. so we actually can capture all of those issues when the voter is right in front of us. it moves us away from the single days, single pieces of equipment that's outdated for so long and allows us to adapt the voter specious to the way people are actually functions in society so we meet them where they are instead of having them find us on election day. >> and here in california, we have paper ballots. they are scanned with optimal scan machines. there's still still computerization. that's not true around the country. and candace probably knows because she's so immersed in these issues just how many percentage-wise are not paper ballots and do not have what people in the election verification community call
verified paper trails. we do have that. you can see the ballot on paper. that's auditable. the way it's audited and if that's adequate, there's some controversy to that. but we have, you know, -- in my view -- much safer election systems than in some other jurisdictions. so my question for candace is, given the fact that we still have direct electronic recording machines and dre machines in many jurisdictions, including swing state jurisdictions, what would your magic wand piece of policy change be? >> there is a piece of federal legislation pending that would fund the transition to paper based systems to all those jurisdictions that audit systems and would also provide
moneys for personnel. many don't have personnel trained for those uniques. the larger jurisdictions and more forward thinking like many of those in california do. but this is a huge omission for us nationwide. but the legislation is pending. it hasn't been moving. this could be a game changer for election security nationwide. but it has to be passed. as dean was saying earlier, we're talking about fundamental resource issues. many of these jurisdictions nationwide are smaller counties, cash strapped. the election officials have been told repeatedly, do not bring us a budget that asks for anymore money. just don't or your job is in jeopardy.
and vendors have threatened election officials that if they have any defects in their machines that could cause the company embarrassment, that the cost of their supplies for elections will skyrocket. so these are documented events. so election officials have been pressed on both sides. we need more resources to update in light of the risks to our most fundamental cig rights. and we as a -- civil rights and we as a public should support this. let me mention that election offices and most county governments are under no requirements to disclose any breaches of their information systems. so keep in mind one of the reasons we have breach laws in 41 states now requiring disclosure of breaches is because we wanted there to be
pressure on those companies to invest in security apparatus and they would be shamed otherwise. but also they would be fined. we are not doing that in the election world. we need to understand that we cannot hold election officials accountable and strip them of the equipment and support they need. and that's really what's been happening. i have long been an advocate of election officials, offices, and staffing support because they would never -- these offices were not designed to be information systems management offices and yet that's the path before them. and certainly not cyber security offices. so that would be my recommendation. >> thank you. and i have a comment on that. first i'd like to say, if folks want to ask questions, we have time for a very short number of questions. there are microphones on either
side of the stage. i want to comment on that because, you know, you mentioned funding. and a lot of the issues that seem rather alarming can be fixed with simple funding. why do we have those machines? it's not necessary. it's not a plot. it's the fact that we just don't have funding in many cities and counties and jurisdictions around the country. right? and the reason we have a lot of these machines is because the help america vote act in the 2000 election funded a lot of these machines. there's not been another one? >> i want to make a quick comment on that. the interesting thing historically is arguably the help america vote act not only provided a funding but mandated the move to that kind of
equipment. >> it did. >> and it was a knee jerk reaction to what happened in the 2000 election. and it was believed the solution was to get rid of punch voting would be better. this has at least one electronic piece of voting equipment in every polling place. that money was spent very fast on substandard equipment that was not developed with voters or usable in mind. it was developed because there was -- usable in mind. it was develop -- usability in mind. it was developed. there needs to be guidelines on use of that funding. >> and good choices, right? >> right. and that market isn't much better today than it was back then. >> first of all, i'm very fortunate to be here in orange county.
and candace is right, though. there are many election offices around the country much small irand don't have those -- smaller and don't have those resources available to them. to that end, there's still over $300 million in funds not used. so there's the potential to bring those offices. in california, there's about $130 million it's proposed in the governor's budget for replacement of systems here in california. it's a great start. we'll need more funding down the road as well. >> if i could just mention one other thing about hava, the help america vote act. instead of solving the problems of florida, 2000, basically nationalize them. right? we intensified them and nationalized them. so it's a problem. >> we have a question here. >>
>> i hope they write down what you say and give us a bill number! >> oh, alex! where are you? bill number? the -- >> the question was: is there a bill number to the federal legislation that she -- >> the first letters are -- is it senate? >> s226. >> s.2261. >> okay. >> thank you. you can see we work together! >> candace was calling on alex hallderman who will be joining us for the next panel. we have just a few minutes left. i want to ask our panelists if you have any final thoughts or con lewding thoughts. a lot of -- concluding thoughts. a lot of interesting recommendations here and insights here. and one of the goals that i wanted on this panel is a bit of an inside look at the underappreciated aspects of this conversation.
i've certainly learned some things up here. so would anyone like to provide final comments? >> oh, thank you. so the first thing that comes to mind is, there's no finish line to this race. it'll be ongoing from here on out. we know the dynamics of change. there's been a paradigm change. that's clear. i'm hopeful, though, that we are making positive impacts on protecting our election systems although we have much further to go. here in california, we're fortunate that we have a very strong i believe secretary of state office that's supportive on these efforts in protecting vote cal here in california. but each election office, all 58 counties have to provide many more resources than are available perhaps at the state level and they need to do that at the local level. and i would just say that i'm optimistic for 2018. and not to provide that chill factor, but as we've been
sitting here, my network has been scanned about 3,000 times from i.p. addresses from oversees. so this is occurring on a daily basis, hourly basis. and we need to be diligent all the way through election day and beyond. >> i think i would just say that we have seen the impact on disruptions from misinformation. we've seen the impact of disruption from political discourse. if we're really serious, we need to actively disrupt the market for voting systems. we need a broader market and we need to move to a point where voting systems are publicly owned and publicly operated. if, again, if we're going to call this the most fundamental part of an open society, then the ownership and availability of the sources have to be revealed in the public sector as well. we can move to more ajill
voting systems. -- agile voting systems. we have the steps to be on the offense with those threats. but to do that, we need the systems that can do that. there are a couple of us in the nation that are working hard to move in that direction. but we need a regulatory environment and resource environment to support that. >> i agree with both of my colleagues here. and i strongly endorse what they're saying. i would mention that you in california are extraordinarily fortunate to have the quality of election officials that you have here and also the election infrastructure that exists from the state through most the counties because speaking from pennsylvania it's -- and ohio has been doing better since our national misfortune in 2004. but it's a very uneven
situation throughout the nation. we really do need the public to speak up and to say, this is more important than a new road! this is more important than whatever else. this is the fundamental part of your government! this is -- and you either speak up and start putting pressure on our public authorities -- yours are already responsive to a great extent in california. but nationwide, we've got to redress this problem. so i would say that it's -- you're lucky in so many ways to be in california!!! and just -- just try to lend support for the reforms that we do need. the threats are out there. your next panel will tell you. we can do a lot more.
we've got to quick denying that thought that the problem exists or that we can make some significant improvements. >> thank you so much. i want to end on a note of optimism. if you take just a few ingredients, you can go a long way towards solving these problems, right? so neil talked about list auditing. regular auditing of the registration database. having a voter verified, paper ballot trail. you have the ability to see your ballot as a voter, physical ballot. and that can be tracked. chain of custody. best practices to make sure the ballots are kept in secure places and that we know none are lost. certification standards. security best practices.
we can fund security best practices. and finally, risk eliminating audits. you can compare your audits with results. and depending on the margin of the election, you can usually audit a very, very tiny number of ballots and increase your reliability on that -- increase your estimate of reliability on that election to the high 99%. right? it can be done. it is not easy. but it's also not impossible. and i want to thank our panelists very deeply for being here today. coming up live on friday, president trump will be the commencement speaker at the u.s. academy. our coverage begins at 10:00 a.m. eastern on c-span. on y-span 2, a couple events on venezuela's recent presidential
elections. first we hear from juan cruz who serves on the national security council in the trump administration. and later in the morning, a conversation with a former president of the venezuelan national assembly at 11:00 a.m. eastern. this marks great skill as a grand strategist. what is that? he knew the advantages of shock and a. and this is how he -- awe. and this is how he unified germany in the '60s. then having done that and achieved his objective which was the unification of germany, he stopped and became a consolidator rather than an instigator. and his next 20 years in power as german chancellor were devoted to trying to build reassuring alliances to build a
web of alliances with all of germany's neighbors so they would get used to the idea of a unified germany. so it was that distinction between shock and then knowing when to stop and do something else, reassurance. >> yale university john lewis gattis anhis book on strategy. sunday night at 8:00 eastern on c-span's q&a. now, the scepter for the national interests hoist a panel discussion with -- center for national interests host a panel discussion. this is an hour and 40 minutes. there's a hush. i guess that means i should start. all right! thank you very much, everyone, for joining us today.