WASHINGTON – One of U.S. Sen. Amy Klobuchar's legislative priorities — protecting elections from cyberthreats — has stalled amid opposition from Republican lawmakers, the White House and election security advocates months before the midterm elections.
Amy Klobuchar's Secure Elections Act stalls in the U.S. Senate
Some secretaries of state question audit requirements.
The Secure Elections Act was scheduled last week for a vote in the Senate Rules Committee, where ranking Democrat Klobuchar sponsored legislation imposing stricter requirements on states for voting equipment and postelection audits.
But the bill was abruptly pulled from consideration after most Republicans declined to support it because some secretaries of state objected to the added federal oversight.
Now Klobuchar and committee Chairman Roy Blunt, R-Mo., who also backs the bill, are scrambling to find a compromise.
Klobuchar and other sponsors worked to build bipartisan backing for much of the year, gathering more supporters following Trump's news conference in which he sided with Russian President Vladimir Putin over U.S. intelligence agencies on the question of Russian interference in U.S. elections.
While the legislation could have still passed the panel, according to Klobuchar, it did not have enough GOP votes for Senate Majority Leader Mitch McConnell to later bring it to the floor.
"We were gut-punched by a combination of the White House and Republican leadership, but perhaps there are changes we can make to meet their concerns," Klobuchar told the Star Tribune.
Klobuchar introduced the legislation last December along with U.S. Sens. James Lankford, R-Okla., Kamala Harris, D-Calif., and Lindsey Graham, R-S.C., to ensure that the Department of Homeland Security quickly shares information about cybersecurity threats with local elections officials and provide money to states to enact cybersecurity measures and voting machine upgrades.
Congress previously approved $380 million for states in March, including $6.6 million for Minnesota.
Even though it's too late for Klobuchar's legislation to have a direct effect on the midterm elections, supporters say it would still send a strong signal that the U.S. takes election security seriously, and it would give states enough time to ramp up security for the 2020 elections.
Ineffective audits?
But the National Election Defense Coalition maintains that the bill, which now has 11 bipartisan cosponsors, would not be sufficient to detect election tampering. Policy director Susan Greenhalgh said she's disappointed that the legislation contains a "dangerous weakening" of language regarding requirements for postelection audits. The measure doesn't insist that a random sample of paper ballots be checked by hand — a method that Greenhalgh and other advocates describe as the most effective way to audit election results.
Critics charge that allowing officials to conduct an audit of election results based on electronic systems and images of ballots opens the possibility of relying on compromised information from an undetected cyberattack. Greenhalgh said several vendors are already selling electronic systems that allow users to just press a button to conduct an audit of those same machines.
She added that states should eventually head toward adopting a so-called risk-limiting audit, a highly rigorous type of postelection review that only Colorado has implemented so far. But those standards take years to adopt, and states are looking at tightening election security for the short term.
"One of the purposes of a postelection audit is to be able to detect and correct for the possibility that the computers have been hacked," said Andrew Appel, a computer science professor at Princeton University who has concerns about the bill. "What you audit are a bunch of electronic files that computers gave you. ... They can give you false files."
A White House spokeswoman said the Department of Homeland Security already has enough statutory authority to help state election officials improve security.
Vermont Secretary of State Jim Condos, who chairs the National Association of Secretaries of State, has voiced worries that the legislation's current standards for postelection audits will be too costly for states to follow. But Klobuchar had planned to put forth an amendment for another $250 million to help states, which she plans to support if it comes up in the Rules Committee again.
"If there's a major attack on any election, it's really an attack on our United States democracy, so while we respect the secretaries of state and their independent rights to make decisions, it's not like Arkansas and Maine can protect themselves by themselves from a cyberattack from a superpower," said Klobuchar.
She added: "They're going to have to listen to some of the security experts in terms of how they need to update their equipment."
Minnesota Secretary of State Steve Simon said the legislation strikes the right balance.
"It sets minimum requirements and it retains state control, and that's very important for secretaries of state," said Simon. "I do understand the concerns of some of my colleagues in other states ... and I think these are gaps that can be bridged."
Nothing in the legislation, he said, would be a particularly heavy lift for Minnesota.
In a statement, Blunt's office said that in order for a truly bipartisan bill to reach the floor, more support from the majority was necessary. Senators, including Klobuchar, had a classified briefing after the cancellation last week with Director of National Intelligence Dan Coats, FBI Director Christopher Wray and Secretary of Homeland Security Kirstjen Nielsen. Klobuchar said the officials seemed sympathetic but they didn't give an opinion one way or another on the legislation.
"The bill got changed some, but it was only to compromise so that we could get the bill passed," said Klobuchar. "The people that think we can make the bill exactly like they want it have seen now that it's very difficult to pass it through the Republicans."
Maya Rao • 202-662-7433
Our mission this election cycle is to provide the facts and context you need. Here’s how we’ll do that.