Senate Intel chair doesn't plan legislative push on election cyber

Sen. Richard Burr (R-N.C.) hinted that the Senate Intelligence Committee’s report on Russian interference in the 2016 election will be light on legislative proposals for Congress and focus more on recommendations to state and local governments about how best to protect the integrity of their election systems.

“The determination of how states run their elections: states. It’s their responsibility, and we don’t want to do anything to change that,” Burr said during a Dec. 6 Council on Foreign Relations event on hacked elections and online influence operations.

While Burr did not give a timeline on when -- or if -- the final report will be released to the public, he said he expects the committee will make the section on election security available to states before the 2018 election primary season kicks off in earnest. However, he downplayed expectations that the end product would contain recommendations for Congress.

“These are not necessarily initiatives that involve federal legislation,” Burr said.

Instead, the report will likely stick to “common sense” recommendations for state and local governments, such as increased election audit capabilities.

“I couldn’t in good conscience tell any state that it would be wise not to have a paper trail of the vote total,” he said.

There may be reasons for the committee’s aversion to legislation. Historically, the U.S. election infrastructure has been primarily run at the state and county level. The Constitution vests states with the authority to regulate election systems but allows for Congress to “at any time by law make or alter such regulations.”

This delicate balance of federalism can complicate any attempts to impose a top-down solution. During a Nov. 30 House Oversight and Government Reform Committee hearing on election cybersecurity, Susan Hennessey of the Brookings Institution told lawmakers that attempts to regulate the election system would likely not be well received by state governments.

“Notwithstanding the explicit override authority of Congress, perceived federal overreach is likely to meet strong resistance from states on political and policy grounds, if not necessarily constitutional objections,” she said.

However, Hennessey cited several actions Congress could take to shore up election systems, such as developing a national strategy for election cybersecurity, increased federal funding to states for election security and regulation of election technology vendors.

Burr echoed those concerns, citing the backlash that occurred among state governments when the Department of Homeland Security designated U.S. election systems as critical infrastructure in January 2017.

“I think it’s safe to say those secretaries of state in 50 states took great offense at what they perceived as Department of Homeland Security’s attempt to take over their election process in their state,” Burr said. 

At that same House hearing, Matthew Blaze, a professor of computer and information science at the University of Pennsylvania, called for the elimination of paperless direct recording electronic voting machines. DRE voting machines are one of the most widely used models across the country, but Blaze told lawmakers that they are vulnerable to physical tampering that could alter vote counts or make it impossible to conduct an accurate post-election audit.

“The design of DREs makes them inherently difficult to secure and yet also makes it especially imperative that they be secure," Blaze said. "This is because the accuracy and integrity of the recorded vote tally depends completely on the correctness and security of the machine’s hardware, software and data.”