Election vendors are 'prime targets,' need oversight

A new report from the Brennan Center for Justice shows the importance of federal oversight for private election vendors who participate in elections.

Allen G. Breed/AP/File
A voter puts a ballot card into a voting machine during a demonstration in Raleigh, N.C., Aug. 16, 2019. A new report says private companies involved in everything from manufacturing voting systems to maintaining voter registration databases need federal oversight.

The private companies that make voting equipment and build and maintain voter registration databases lack any meaningful federal oversight despite the crucial role they play in U.S. elections, leaving the nation's electoral process vulnerable to attack, according to a new report.

On Tuesday, the Brennan Center for Justice issued the report, which calls on Congress to establish a framework for federal certification of election vendors. The authors say this could be established as a voluntary program, similar to how voting machines are certified, with incentives for state and local election officials to use vendors that have completed the process. It would include the establishment of federal standards and the ability for federal officials to monitor compliance and address any violations.

The report's co-author Lawrence Norden acknowledged it was too late for any of this to happen in time for the 2020 presidential election.

"Even if [Congress] had the will, it couldn't be passed in time," said Mr. Norden, director of the Election Reform Program at the Brennan Center. "This is another security vulnerability that Congress hasn't addressed."

Mr. Norden said congressional inaction has increased the pressure on state and local election officials to secure their voting systems and have measures in place should something go wrong. Although Congress sent $380 million to states last year for election security, Mr. Norden said it was a "drop in the bucket" of what is needed as state and local election officials look to fund the replacement of outdated and insecure voting systems, an increase in cybersecurity personnel and additional security upgrades.

The Brennan Center, which is based at New York University School of Law, said in the report that the most logical agency to handle federal oversight of election vendors would be the U.S. Election Assistance Commission. But that agency has been hobbled in recent years by a reduction in federal funding and leadership vacancies.

Although two commissioners were added this year, the agency is searching for a new executive director and general counsel.

The report acknowledges the commission does not have the authority that would allow it to certify election vendors. But the commission could take steps through its existing certification program for voting systems to ask vendors to provide details on cybersecurity practices and ownership information, according to the report. There have been concerns about foreign ownership of election companies operating in the United States.

"Private vendors' central role in American elections makes them prime targets for adversaries," the report said. "Yet it is impossible to assess the precise level of risk associated with vendors or how that risk impacts election security."

The report notes that just three companies provide more than 80% of voting systems in the U.S. and that other systems like voter registration databases and electronic pollbooks are also supplied and, in some case, maintained by vendors.

A report by The Associated Press last year found the leading voting-related companies had long skimped on security in favor of convenience and operate under a shroud of financial and operational secrecy despite their critical role in elections.

Federal officials have said they are mindful of the important role of election vendors and have sought to boost communications and information sharing through the formation of a group that brings together representatives of the Department of Homeland Security and election vendors. This includes the major firms of Election Systems and Software, Dominion Voting Systems, and Hart InterCivic.

There are also efforts underway to develop a program that would allow authorized security researchers access to election equipment so vulnerabilities within election systems can be identified and addressed. The industry has faced criticism for not embracing these outside reviews.

The report noted that other industries also viewed as critical to national security, such as defense contractors, face substantial oversight and must comply with various requirements.

Mr. Norden said much of the focus within election security has been on the machines and how best to secure them but critical questions remain about how secure the vendors themselves are. He noted that former special counsel Robert Mueller described in his report how Russian agents in 2016 targeted employees of a voting technology company and installed malware on the company's network. Details on what happened and the extent of the breach have not been made public.

"Vendors are responsible for election security in a way that folks probably don't understand," Mr. Norden said. "When we talk about election security, we talk about what election officials are doing, but we've left this big part of the puzzle out of the discussion."

This story was reported by The Associated Press. 

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Election vendors are 'prime targets,' need oversight
Read this article in
https://www.csmonitor.com/USA/Politics/2019/1112/Election-vendors-are-prime-targets-need-oversight
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe