The U.S. House Committee on Homeland Security is conducting a hearing on election security tomorrow. It’s part of a series the new Democratic majority in the House is holding related to the H.R. 1 legislation on election security, campaign funding, and government ethics, entitled the “For the People Act.”
“Election security should not be a partisan issue, but Congress has done far too little to prevent foreign election meddling after Russia interfered in the 2016 election,” committee Chairman Rep. Bennie G. Thompson (D-Miss.) said in announcing the hearing yesterday. “The 2020 election season has already begun. The American public deserve to be fully confident in the security and integrity of our elections.”
The scheduled witnesses include several current officials: Christopher C. Krebs, director of the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security (DHS); Thomas Hicks, chairman of the U.S. Election Assistance Commission; California Secretary of State Alex Padilla; and Alabama Secretary of State John Merrill. Noah Praetz, a former director of elections for Cook County, Illinois, and Jake Braun, executive director of the Cyber Policy Initiative at the University of Chicago, also are on the roster.
Just Security asked several experts what questions they think would be fruitful for discussion at the hearing.
Joshua Geltzer, founding Executive Director of the Institute for Constitutional Advocacy and Protection as well as Visiting Professor of Law at Georgetown University Law Center
- What improvements have been made to the federal government’s sharing with relevant technology companies of information regarding threats to election security, including threats to data integrity (such as hacking vote counts) and threats to discourse integrity (such as spreading misleading election-related information on social media)? Is there now a standardized process and channel for sharing as much information as possible, as quickly as possible, with the private sector; and, if so, who in government has responsibility for continually revisiting and refining the process and channel?
- What are the mechanisms for the federal government to provide state, county, and local officials with cybersecurity training, tools, and information? Has receptivity increased? Where is there still reluctance to accept federal election security assistance, and what is the plan for addressing that reluctance?
- What are the mechanisms for jurisdictions across the country to share the latest election security threats or even reported threats with each other as well as with the federal government, so that patterns and similarities can be swiftly identified and used to address threats quickly?
Beth George, former Deputy General Counsel at DoD for legislation, policy and oversight, and current partner at Wilson, Sonsini, Goodrich, & Rosati
- Before the last election, DHS reported that 36 of the 50 states had adopted Albert sensors to protect their systems. How many have currently installed these systems? It has been reported that at least two states have declined to install them. How many have declined at this point? Which states are they? Acknowledging that no single piece of software or hardware will solve all cybersecurity vulnerabilities, does DHS believe those states have an adequate alternative to an Albert sensor to monitor their systems?
- The National Institute of Standards and Technology cybersecurity framework (NIST CSF) has been widely touted by DHS and other parts of the government as the best framework for cybersecurity. How many states are using the NIST CSF to manage their election infrastructure cybersecurity? Should states be required to meet certain NIST goals?
- Last year, DHS ran a “Tabletop the Vote 2018” exercise. How many states participated in that exercise? What were the lessons learned? What is the timeline for implementing those lessons learned?
Jonathan Zittrain, George Bemis Professor of International Law at Harvard Law School and Co-Founder of the Berkman Klein Center for Internet & Society
- Our election security efforts are complicated by the fact that some with likely deep insights into the motives and activities of foreign adversaries – our foreign intelligence community – are rightly separated from the electoral apparatus due to civil liberties concerns. How can we get the best possible intelligence into the hands of those overseeing elections without undermining this essential firewall?
- Many threats to the integrity of our elections are unfolding on private platforms such as Facebook. Should Congress and federal agencies be sharing and receiving more with these platforms to aid them in enforcing better moderation policies? If so, what additional telemetry should they be sharing and how? And how would you think through the civil liberties implications of any stepped-up sharing?
- The more general question drawn from the two above: This hearing is entitled “Defending Our Democracy: Building Partnerships to Protect America’s Elections.” Assuming that at least some of these partnerships will involve private-sector partners, how will we draw the line between effective election oversight and governmental overreach with civil liberties implications?