WASHINGTON — The risk of hacking into voting systems on Election Day is remote and unlikely, some election officials and experts said Wednesday during a hearing that was briefly hijacked by Rep. Elijah Cummings’ impassioned criticism of Georgia Secretary of State Brian Kemp.
“Do you understand how African American people, Hispanics and others might be upset when people…are blocking them from voting when they are paying taxes and working hard and doing everything they’re supposed to?” Cummings demanded. “And not be able to vote? Do you understand?”
Kemp, co-chair of the National Association of Secretaries of State’s election committee, was at the House Oversight Information Technology Subcommittee to testify about states’ ballot security measures.
Cummings pressed Kemp on why Georgia asked for and received federal approval to reinstate a requirement for photographic identification to register to vote.
“We were simply trying to match the state form with the federal form,” Kemp said.
Cummings demanded documents and information showing how many Georgia residents were not allowed to register to vote because they did not provide proof of citizenship. Kemp responded that he did not have that information available and would “look into it.”
While the hearing was bookended by Cummings’ speeches on voter disenfranchisement, the nearly three-hour hearing mainly focused on ballot cybersecurity.
“There is decades worth of experience sitting at (the witness) table looking at this issue,” said Subcommittee Chairman Rep. William Hurd, R-Texas.
And all of that experience translated to varied views on what could happen in terms of a cyber attack during the election and what should be done to prevent it.
The consensus among the government officials was clear: The outcome of the election will not be influenced by a cyberattack.
“We have confidence in the overall integrity of our electoral system,” Andy Ozment, assistant cybersecurity secretary at the Department of Homeland Security, said. “As the threat environment evolves, the Department (of Homeland Security) will continue to work with state and local partners to make…resources available to the public and private sectors.”
Last month, DHS Secretary Jeh Johnson told election officials across the country that the U.S. Election Assistance Commission, the National Institute of Standards and Technology and the Department of Justice would be able to offer assistance to state and local election officials in securing their systems.
But Kemp won’t be taking Johnson up on the offer.
“The D.C. response to these attacks (on the Democratic National Committee database, among others) has been to take steps towards federalizing aspects of elections, election systems and standardizing security measures,” he said. “There is a better way to face these attacks…than what has currently been proposed by DHS with designating election systems ‘critical infrastructure.’ ”
Kemp explained that voting systems are not networked together and not connected to the Internet, making threats that could undermine the outcome of the election are extremely unlikely. The levels of physical and technical security at each of the voting systems are sufficient, he said.
But Professor Andrew Appel, chair of the Computer Science Department at Princeton University, said different technologies used at precincts could, in fact, pose a threat.
When asked by Hurd whether a cyber attack could change the election outcome, all testifying said no except Appel, who said it’s a “possibility.”
“In the U.S., we use two general kinds of voting machines: optical scanners and direct-recording machines,” he said. Optical scanners scan a piece of paper where the voter has indicated their choice, while direct-recording machines use a touchscreen.
Appel said that even though the machines are not connected to a network, a virus could be distributed through ballot definition cartridges.
His solution? Use optical-scanners and paper ballots. Paper ballots can be recounted later, negating any errors incurred through the use of fraudulent technology.