Pending Legislation In U.S. Congress, Part III

DHS, Technology 9 Minutes
Even though it is agreed Congress should revamp election security laws, there is no agreement on how.

Election security is a subject much on the minds of lawmakers and policymakers in Washington in this election; however, how the Congress should respond is a matter much disagreed upon. House Democrats have passed a number of bills to address a range of problems in the United States (U.S.) electoral system, but Republicans have generally rejected their proposed policy solutions, in no small part because of White House opposition. Moreover, President Donald Trump has steadfastly opposed any legislation intended to address future Russian interference in elections. Consequently, the prospects of any election security legislation being enacted are virtually nil even if lawmakers have steadily increased the amount of money the federal government is providing states to shore up security through the Election Assistance Commission’s grant program. These bills are nonetheless worthy of notice, for if Democrats capture the White House and Senate, it is very likely they will make a run at enacting election security legislation along the lines of some of these bills.  

In July, a deal was struck to add the “Intelligence Authorization Act for Fiscal Year 2021” (S.3905) to the “National Defense Authorization Act for Fiscal Year 2021“ (S.4049) but without an election security bill included in the package as reported out of the Senate Intelligence Committee: the “Foreign Influence Reporting in Elections Act” (FIRE Act) (S.2242). The sponsor of the FIRE Act, Senate Intelligence Committee Ranking Member Mark Warner (D-VA), went to the Senate floor to protest the striking of his bill and to announce his plans to offer it as an amendment and force a vote:

The  committee  voted  14  to 1 to  pass an intel authorization bill that included  the  FIRE Act,  the  act  that  I  just described, so that if a foreign government interferes or offers you assistance  or  offers  you  dirt,  you  don’t  say  thanks;  you  call  the  FBI.  So  you  can  imagine  my  surprise  and  frustration  when  I  learned  of  a  backroom  deal  to  strip  the  FIRE  Act  out  of  the  Intelligence   Committee’s   legislation   because  of  a  supposed  turf  war  with  another committee. I  am  back  again  today  because  the  security  of  our  elections  cannot  wait.  Let’s  not  hide  behind  process  or  jurisdictional  boundaries.  The  stakes  are  far  too  high  to  continue  the  partisan  blockade  of  election  security  legislation  that  we  have  seen  over  the  last  3  years. If,  behind  closed  doors,  my  Republican  colleagues  want  to  strip  this  legislation  out  of  the  NDAA,  then  I  am  going  to  offer  it  up  as  an  amendment  to  force  an  up-or-down  vote  and  put  every   Member   of   this   body   on   the   record: Are you for election security or are you for allowing foreign entities to interfere  and  offer  assistance  with  no  requirement to report?

Prior to its inclusion in the FY 2021 Intelligence Authorization Act, Warner had asked unanimous consent to take up the FIRE Act multiple times but was met with Republican objections each time. And there are other election security bills Republicans have continued to block, including:

  • The “Duty To Report Act” (S.1247) “to require reporting to the Federal Election Commission and the Federal Bureau of Investigation of offers by foreign nationals to make prohibited contributions, donations, expenditures, or disbursements.”
  • The “Senate Cybersecurity Protection Act” (S.890) “to protect the personal technology devices and accounts of Senators and covered employees from cyber attacks and hostile information collection activities, and for other purposes.”
  • The “Securing America’s Federal Elections Act” (SAFE Act) (H.R.2722) (see below)
  • The “Secure Elections Act of 2019” (S.1540) (see below)

The “Secure Elections Act of 2019” (S.1540) was cosponsored by 40 Democrats but has not been acted upon by the Senate. In her press release, primary sponsor, Senator Amy Klobuchar (D-MN), claimed the bill would do the following:

  • Require states use paper ballots.
  • Establish cybersecurity standards for voting systems vendors.
  • Fund grants for states to improve and maintain the security of their election systems, to provide cybersecurity training to election officials, and to implement post-election risk limiting audits.
  • Require the Director of National Intelligence to assess threats to election systems 180 days before an election and require the Department of Homeland Security and the Election Assistance Commission to issue recommendations to address threats.
  • Require the testing of voting systems nine months before an election.
  • Require the President to produce a national strategy for protecting democratic institutions.
  • Create a National Commission to Protect United States Democratic Institutions.

Yet, last summer, the Senate took up and passed two election-related bills addressing facets of the cybersecurity challenges. In July 2019, the Senate passed the “Defending the Integrity of Voting Systems Act” (S. 1321) by unanimous consent that would “make it a federal crime to hack any voting systems used in a federal election” according to the Senate Judiciary Committee’s website. In June 2019, the Senate also passed the “Defending Elections against Trolls from Enemy Regimes (DETER) Act” (S. 1328) that “will make “improper interference in U.S. elections” a violation of U.S. immigration law, and violators would be barred from obtaining a visa to enter the United States. The House has yet to act on these bills, and Democratic Leadership is likely not to let them come to the floor to maximize their leverage in getting their bills through the Senate.

In February 2019, the House passed the “For the People Act” (H.R. 1) by a 234-193 vote, a House Democratic priority bill that would seek to bolster the cybersecurity of election systems across the country, among other policy goals. If this bill were enacted as written, there would be significant changes to current regulation. However, it was unlikely the Senate will take up this bill as written, and any measure in the Senate regarding election security would be more circumscribed. And, Senate Republicans blocked efforts to take up this bill.

Regarding the cybersecurity of election systems, the bill includes a process by which cybersecurity standards would be established for election infrastructure vendors and would also authorize grants for states and localities to upgrade and secure their election systems. For example, “qualified election infrastructure vendors” must agree “to ensure that the election infrastructure will be developed and maintained in a manner that is consistent with the cybersecurity best practices issued by the Technical Guidelines Development Committee” and to promptly report cybersecurity incidents to the Department of Homeland Security (DHS) and the Election Assistance Commission (EAC).

The bill would authorize $1.7 billion in funding for the EAC to make grants to states for a number of purposes, including “to carry out voting system security improvements” to undertake the following

(1) The acquisition of goods and services from qualified election infrastructure vendors by purchase, lease, or such other arrangements as may be appropriate.

(2) Cyber and risk mitigation training.

(3) A security risk and vulnerability assessment of the State’s election infrastructure which is carried out by a provider of cybersecurity services under a contract entered into between the chief State election official and the provider.

(4) The maintenance of election infrastructure, including addressing risks and vulnerabilities which are identified under either of the security risk and vulnerability assessments described in paragraph (3), except that none of the funds provided under this part may be used to renovate or replace a building or facility which is used primarily for purposes other than the administration of elections for public office.

(5) Providing increased technical support for any information technology infrastructure that the chief State election official deems to be part of the State’s election infrastructure or designates as critical to the operation of the State’s election infrastructure.

(6) Enhancing the cybersecurity and operations of the information technology infrastructure described in paragraph (4).

(7) Enhancing the cybersecurity of voter registration systems.

The package requires “qualified election infrastructure vendors” (i.e. “any person who provides, supports, or maintains, or who seeks to provide, support, or maintain, election infrastructure on behalf of a State, unit of local government, or election agency”) to meet these requirements:

  • [T]o ensure that the election infrastructure will be developed and maintained in a manner that is consistent with the cybersecurity best practices issued by the Technical Guidelines Development Committee.
  • [T]o maintain its information technology infrastructure in a manner that is consistent with the cybersecurity best practices issued by the Technical Guidelines Development Committee.
  • Reporting cybersecurity incidents “involving any of the goods and services provided by the vendor” to the EAC and DHS within three days of discovery
  • “[T]o permit independent security testing by the [EAC]…and by the Secretary of the goods and services provided by the vendor pursuant to a grant”

H.R. 1 would also change the Department of Homeland Security’s organic statute to make “election infrastructure” a critical infrastructure sector. In January 2017, then Secretary of Homeland Security Jeh Johnson expanded the Government Facilities Sector to include an Election Infrastructure Subsector. However, if H.R. 1 were enacted, then the election sector would be the 17th critical infrastructure sector and a future Secretary could not rescind this designation as one may with Johnson’s addition of state and local elections systems to the Government Facilities sector.

The Committee Report detailed the addition of the “Honest Ads Act” to H.R. 1:

  • The Honest Ads Act updates the rules that apply to online political advertising by incorporating disclosure and disclaimer concepts that apply to traditional media, while providing regulatory flexibility for new forms of digital advertising. This will help ensure that voters make informed decisions at the ballot box and to know who is spending money on digital political advertisements that they view.
  • It also expands the definition of public communication to include paid internet or paid digital communications, and amends the definition of electioneering communication to include certain digital or internet communications placed or promoted for a fee online.
  • Finally, the bill requires that large online platforms (defined to include those with 50,000,000 or more unique monthly United States visitors) maintain public databases of political ad purchases. This is a concept that already applies to broadcasters, who must maintain public files of political advertisements. The online data- bases maintained by the platforms will provide the public with in- formation about the purchasers of online political ads, including how the audience is targeted. Political advertisements are defined to include those that communicate messages relating to political matters of national importance, including about candidates, elections, and national legislative issues of public importance.
  • Finally, the Honest Ads Act requires all broadcasters, cable or satellite television and online platforms to take reasonable efforts to ensure that political advertising is not purchased by foreign nationals, directly or indirectly.

Thereafter, House Democrats brought pieces of H.R. 1 to the House floor for separate votes in attempt to push Senate Republicans to take up the bill and if they do not, to put them on the record as opposing the reforms House Democrats think are necessary, including bolstering the cybersecurity of voting systems. In late June 2019, the House considered and passed the “Securing America’s Federal Elections (SAFE) Act of 2019” (H.R. 2722) also largely along a party-line vote. In the Committee Report, the House Administration Committee explained the bill:

  • H.R. 2722 provides critical resources to states and localities to bolster election infrastructure, including necessary funds to replace aging voting equipment with voter-verified paper ballot voting systems and implement additional cybersecurity protocols. The bill also helps states and localities plan for future elections by providing ongoing maintenance funding on a biannual basis. The legislation provides grant programs for states to implement required risk-limiting audits, a best practice audit system that confirms election outcomes with a high degree of confidence.

The House took up this bill and passed it by a 225-184 vote, but the Senate has not considered it.

The House took up and passed its third major bill on election security in 2019 the “Stopping Harmful Interference in Elections for a Lasting Democracy Act” (SHIELD Act) (H.R. 4617), that addresses two of the technological facets of foreign disinformation campaigns aimed at U.S. elections according to the House Administration Committee’s summary:

  • Helps prevent foreign interference in future elections by improving transparency of online political advertisements.
    • Russia attempted to influence the 2016 presidential election by buying and placing political ads on platforms such as Facebook, Twitter and Google. The content and purchasers of those online advertisements were a mystery to the public because of outdated laws that have failed to keep up with evolving technology. The SHIELD Act takes steps to prevent hidden, foreign disinformation campaigns in our elections by ensuring that political ads sold online are covered by the same rules as ads sold on TV, radio, and satellite.
  • Prohibits deceptive practices about voting procedures.
    • Independent experts have identified voter suppression tactics the Russians used on social media, including malicious misdirection designed to create confusion about voting rules. The SHIELD Act incorporates the Deceptive Practices and Voter Intimidation Prevention Act to prohibit anyone from providing false information about voting rules and qualifications for voting, provides mechanisms for disseminating correct information, and establishes strong penalties for voter intimidation.

The House passed H.R. 4617 by a 227-181 vote with all Republicans present voting no and one Democrat joining them. Again, the Senate did not take up the bill.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Published by Michael Kans

An attorney who specializes in technology policy, law, and politics with other areas of expertise.

Published

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s