H.R.1—A Step in the Right Direction
We’ve said it many times and it bears worth repeating: foreign interference in U.S. elections is a threat to our democracy. The security of critical election infrastructure is the focal point of the OSET Institute’s mission. So, OSET leadership was pleased to learn that on January 3, 2019, the opening day of the 116th session of Congress, the newly elected House Democratic majority, led by Speaker-designate Rep. Nancy Pelosi (D-CA-12), will have its first order of legislative business—House Resolution #1 (“H.R.1”), a comprehensive election reform bill.
The new House majority leadership intends to send a clear message: H.R.1 is “a bold reform package to restore the promise of our democracy — a government of, by and for the people.”
Rep. John Sarbanes (D-MD-3), the Chair of the Democracy Reform Task Force and the bill’s chief sponsor, revealed several key initiatives to restore and defend democratic ideals. The draft bill includes attempt to:
make it easier for eligible voters to register to vote;
end partisan gerrymandering;
enhance election integrity;
remove special-interest “dark money;” and
boost election security.
Specifically, as to election security, the lawmakers advocate a “national strategy to protect our democratic institutions, improve election vendor oversight, and increase federal support for state security upgrades, including paper ballot voting systems.” These goals replicate several of the recommendations set forth in the January 2018 Final Report of the Congressional Task Force on Election Security, co-chaired by House Committee on Homeland Security Ranking Member Rep. Bennie Thompson (D-MS-2), as well as the language and tenor of the proposed Election Security Act, introduced by Thompson.
Election Security is a Bipartisan Issue
The occupant of the White House, be it a Republican, a Democrat, or an Independent, should support, as a matter of national security and state sovereignty, a bipartisan-crafted election security bill. At the very least, Cabinet officials responsible for protecting elections from adversarial nation-state hacking—the Department of Homeland Security (“DHS”) and the Department of Defense (“DoD”)—should be able to speak with a unified voice. But recently, this was not the case. DHS and DoD officials have told different versions of the events that took place on November 6, 2018, Election Day.
The Midterm Election—Interference or No Interference?
On October 19, 2018, with less than three weeks before the midterm election, Dan Coats, the Director of National Intelligence (“DNI”) issued a Joint Statement from the ODNI, DOJ, FBI and DHS on Combatting Foreign Influence in U.S. Elections. The statement reported:
“Currently, we do not have any evidence of a compromise or disruption of infrastructure that would enable adversaries to prevent voting, change vote counts or disrupt our ability to tally votes in the midterm elections. Increased intelligence and information sharing among federal, state and local partners has improved our awareness of ongoing and persistent threats to election infrastructure. Some state and local governments have reported attempts to access their networks, which often include online voter registration databases, using tactics that are available to state and non-state cyber actors. Thus far, state and local officials have been able to prevent access or quickly mitigate these attempts.”
By Election Day, DHS had set up a Nation Cybersecurity Situation Awareness Room, a web portal, for state and local election officials, as well as election technology vendors, to assess and share information about potential cyber attacks to the nation’s election infrastructure.
DHS reported its findings on press calls every three hours. During the 12:00 pm EST briefing, Homeland Security Secretary Kirstjen Nielsen said, “…cyber actors are scanning systems for possible vulnerabilities at the same level they normally do.” Later in the day, Secretary Nielsen said “[a]t this time we have no indication of compromise to our nation’s election infrastructure that would prevent voting, change vote counts, or distrust the ability to tally votes.” Additionally, DHS officials said that “…had not seen any attempts to launch distributed denial of service (DDoS) attacks on state and local government websites that report preliminary election results.” At 9:00 pm EST, the hour when many of the polls closed across the country, DHS officials reported that “Despite a few scares, there [was] no evidence of any cyber attacks against election infrastructure.”
However, the DoD, perhaps with the benefit of a month’s hindsight, now tells a different version of the DHS story. On December 1, 2018, Defense Secretary James Mattis said “There’s no doubt the relationship [with Russian President Vladimir Putin] has worsened. He tried again to muck around in our elections just last month, and we are seeing a continued effort along those lines.”
What does the retired four-star general mean by “muck around”? Does he mean what Nielsen means? That DHS merely just witnessed “run-of-the-mill activities” like systems scanning of state and local government election websites, or did Mattis’s phrase “muck around” mean something akin to one, or more, of these types of election attacks:
Type-I: Defamation attack (an attack intended to delegitimize an election);
Type-II: Disruption attack (an attack to negatively influence voter participation/turnout, or an attack to disrupt electoral processes); or
Type-III: Subversion (an attack that manipulates devices, machinery, or systems, that can result in the altering of recorded votes).
The public will have a better explanation of what foreign interference, if any, occurred on Election Day. A recent Presidential Executive Order (“EO”) requires public transparency of foreign interference. Executive Order 13848, signed by President Trump on September 12, 2018, requires the Director of National Intelligence DNI (currently Dan Coats), to deliver a report on foreign interference in the midterm election.
The EO broadly defines “foreign interference” as:
…any covert, fraudulent, deceptive, or unlawful actions or attempted actions of a foreign government, or of any person acting as an agent of or on behalf of a foreign government, undertaken with the purpose or effect of influencing, undermining confidence in, or altering the result or reported result of, the election, or undermining public confidence in election processes or institutions.
Most importantly, DHS Secretary Nielsen, along with the Attorney General, must deliver a report to the President with evidence of facts, namely, among other things,
…the extent to which any foreign interference that targeted election infrastructure materially affected the security or integrity of that infrastructure, the tabulation of votes, or the timely transmission of election results.
[EO Section 1. (b)(1)].
Foreign Interference is Here to Stay
Let’s be clear: whether there was (or wasn’t) foreign interference in the last election, adversarial nation-state electoral interference is here to stay. We are at a critical point in the health of our democracy. And with the first primary states of Iowa and New Hampshire to vote on February 3 and 11, respectively, we need compromise across the aisle—and we need it right now. After all, Putin (for one example) cares little whether Russia’s cyber victims are Democrats, Republicans, or Independents. This is true of other foreign state actors with a hostile agenda toward the West in general, and the United States in particular.
Is the 116th Congress up to the Challenge?
Rep. Steny H. Hoyer (D-MD), the House Democratic Whip, expects to bring H.R.1 to the Floor, before the end of January. However, House Democrats are pessimistic that H.R.1 can be passed, in its entirety, by a split Congress. They expect that election security, framed as a bipartisan issue, will continue to fall on deaf partisan ears (notwithstanding late breaking news that in fact, the NRCC experienced eMail hacking during the 2018 midterm cycle). Instead, Democrats will probably shift their strategy, but only after they’ve offered a bold statement with the introduction of the first House Legislation. Over time, some measures might be separated into smaller bills to garner more Republican support in the Senate. But again, if none, or some of the proposed reforms are not passed in 116th Congress, Pelosi, Sarbanes, and the rest of the party’s bench will look ahead to the 2020 elections, when they hope to retain the House while also regaining a majority in the Senate, not to mention the potential for winning the White House.
The OSET Institute will watch this space and continue to report on the journey of H.R.1, beginning in the House, and perhaps onto the Senate, before reaching the President’s desk.
Perhaps the 116th Congress will deliver.
For Further Reading
Department of Homeland Security — Kirstjen Nielsen
Department of Defense — James Mattis
About the Author
Joy London is the Associate General Counsel and Director of International Development at the OSET Institute, where her work focuses on critical democracy infrastructure, election law, public policy and international government relations. Joy earned her JD from Temple University School of Law and is licensed to practice law in the State of New York. Ms. London has held several positions at international law firms, and most recently, worked at one of the Big-4 management consulting firms. She earned a Master of Professional Studies in Cyber Policy & Risk Analysis from Utica College, and published a Capstone research paper: The Threat of Nation-State Hacking of State Voter Registration Databases in U.S. Presidential Elections.
 There were several bipartisan attempts to secure elections during the 115th Congress: the PAPER Act-H.R.3751 ; the SAVE Act-S.2035; the Secure Elections Act-S.2261 and S.2593; the DETER Act- H.R.4884 and S.2313. On December 7, 2018, Sen. Mark Warner (D-VA) said that if the bipartisan-crafted Secure Elections Act “made it to the Senate floor, it would receive at least 80 votes in favor of passage.”