Russian hackers probed election systems in all 50 states, a new Senate report confirmed Thursday.
The report comes one day after former special counsel Robert Mueller told Congress that the Russian government is working to meddle in U.S. elections “as we sit here.”
“It wasn’t a single attempt,” Mueller said Wednesday of Russia’s 2016 election interference. “They’re doing it as we sit here. And they expect to do it during the next campaign.”
The bipartisan report by the Senate Intelligence Committee released Thursday confirmed previous comments by the Department of Homeland Security (DHS) that Russian hackers scanned election systems in all 50 states ahead of the 2016 presidential election. DHS initially acknowledged Russian attempts to hack into election systems in just 21 states.
[…]
Democrats used Mueller’s testimony Wednesday as the backdrop to bring a trio of election security bills to the Senate floor, but Sen. Cindy Hyde-Smith (R-MS) blocked each one in succession.
Two of the measures, one by Warner and the other by Sen. Richard Blumenthal (D-CT), would require campaigns to report offers of foreign support. The third, by Sen. Ron Wyden (D-OR), would have allowed the Senate Sergeant-at-Arms to help secure personal electronic devices belonging to senators and their staff.
Hyde-Smith has not said why she blocked the measures, but Senate Majority Leader Mitch McConnell (R-KY), has long opposed bringing election-security measures up for vote. Last year, for example, Senate Rules and Administration Committee Chair Roy Blunt (R-MO) accused McConnell of blocking another election security bill, explaining that McConnell believed the issue “reaches no conclusion.”
“[McConnell] has a long history of opposing election reform,” Wyden told ThinkProgress earlier this year. “And he’s got people in his caucus who’ll do a lot of the heavy lifting for him.”
Senate Intel Committee Chairman Richard Burr (R-NC), and Vice Chair Mark Warner (D-Va.) each issued statements with the report’s release. Burr said that in 2016, the United States was “unprepared at all levels of government” for attacks on election infrastructure, and has improved in the time since. Burr noted that the Department of Homeland Security and state election officials have a much better working relationship than before, but that “still much work remains to be done.”
It’s unclear whether Burr considers federal elections security legislation as part of the work that remains to be done. Mitch McConnell, Burr’s Republican colleague and the Senate majority leader, has prevented most of this type of legislation from coming to the Senate floor, arguing that Congress has done enough and that pending election security legislation is merely the Democrats’ effort to usurp states’ rights and bolster their chances at the polls.
Warner, who a day ago was part of a group of Congressional Democrats that blasted McConnell for holding up election security legislation, alluded to the need to get past the partisan gridlock. “I hope the bipartisan findings and recommendations outlined in this report will underscore to the White House and all of our colleagues, regardless of political party, that this threat remains urgent, and we have a responsibility to defend our democracy against it,” he said in a statement.
The report notes that the Russian operation dates back to “at least 2014.” It reveals that state and local officials, who are mostly in charge of running elections, “were not sufficiently warned or prepared to handle an attack from a hostile nation-state actor,” and that officials at all levels of the government debated whether to publicly acknowledge what was happening, with some concerned that disclosing it “might promote the very impression they were trying to dispel—that the voting systems were insecure.” At the time, McConnell took an active role in preventing further public disclosure of the Russian operation, theWashington Post reported in December 2016.
Hacking individual voting machines would be an inefficient way to throw an election. But J. Alex Halderman, a computer scientist who has tested vulnerabilities for more than a decade, testified to the Senate committee that he and his team “created attacks that can spread from machine to machine, like a computer virus, and silently change election outcomes.” They studied touch-screen and optical-scan systems, and “in every single case,” he said, “we found ways for attackers to sabotage machines and steal votes.”
Another way to throw an election might be to attack systems that manage voter-registration lists, which the hackers also did in some states. Remove people from the lists—focusing on areas dominated by members of the party that the hacker wants to lose—and they won’t be able to vote.
One former senior intelligence official told me, “If I was going to hack such a system, I’d leave the records alone and corrupt the tally software”—the programs that count the votes and transmit results to a central headquarters. The transmission is done through a network, which is vulnerable to hackers. Some data are transmitted from the voting machines via USB ports, which are also easy to hack.
In the past decade, many states have installed voting machines with paper backups. (One of the measures blocked in the Senate this week would have required them.) But the Senate report notes that 19 states do not conduct complete postelection audits to compare these ballots to the electronic results; five of them do not audit at all. Paper backups mean little if nobody looks at them.
Computerized voting might be inherently vulnerable. Matt Blaze, who holds the McDevitt Chair of Computer Science at Georgetown Law, said at a hacking conference in Washington earlier this year, “Voting security is by far the hardest problem I have ever encountered.”
That last link does have a proposed solution, if you’re not too depressed to read it. But as with most things in this life, if we want to make progress on fixing the problem, we have to first solve the Mitch McConnell problem.