Senators Martin Heinrich (D-N.M.) and Susan Collins (R-Maine) recently introduced a comprehensive cybersecurity bill aimed at securing technology used in US elections. The bill includes funding a bug bounty program for systems manufacturers and a grant program for states to upgrade technology.
The most important implication of this bill is reaffirming the assertion that technology used for elections constitute critical infrastructure. This was first asserted by President Obama’s last Department of Homeland Security Head Jeh Johnson in January, when suspicions of Russian meddling in the presidential election was first beginning to coalesce.
This categorization has faced intense opposition by state governments and state election officials as it would give the federal government powers to oversee and regulate the election process. At the the time, Johnson tried to quell those fears by insisting that the designation only means a prioritizing of election machines in cybersecurity and does “not mean a federal takeover...concerning elections in this country."
On the surface, the bill, dubbed the Securing America’s Voting Equipment, or SAVE, seems to only provide assets to the states, and no real attempts to usurp their authority. The bill focuses a lot on intelligence sharing, a big issue in the wake of the 2016 presidential elections that saw signs of hackers probing election systems. The federal government apparently delayed sharing with these states what it new about the probes due to security clearance issues.
The SAVE bill seeks to address this problem by granting clearance to key state election officials and other appointees. In this way, states would be able to work with federal agencies in addressing any identified threat to the soundness of cyber infrastructure. The money the bill earmarks for bolstering and upgrading election systems is also a good thing.
But make no mistake, the bill would potentially open a Pandora’s Box of intrusions by Washington into elections, potentially at every level of government. The bill in the end would write into law the “elections as national infrastructure” definition. This would sweep up elections into the general trend we are seeing in Washington of fervently trying to identify and secure cyber systems at the national level.
Taking a step back from the state vs. fed argument regarding authority over election processes, we all have to be honest that election cyber infrastructure is in need of some upgrades. The alleged Russian probe was certainly a red flag to this vulnerability, but you don’t need to take the government’s word for it. At a recent DefCon hackers conference in Las Vegas, participants were able to pull off a number of hacks on several commonly used voting machines, including gaining remote access.
The question policymakers and administration officials will be confronted with is ultimately, how much responsibility falls on centralized authorities in Washington and how much lies with more local governments?