Proposed cybersecurity bills would ‘prohibit’ internet-connected voting systems

A pair of comprehensive, complimentary election infrastructure reform bills, which will be first introduced in the House of Representatives, Wednesday, seeks to take all voting machines offline, offer funding for election cybersecurity research and to broadly mandate the use of hard paper ballots across the U.S. by 2018, Cyberscoop has learned.

A pair of comprehensive, complimentary election infrastructure reform bills, which will be first introduced Wednesday in the House of Representatives, seeks to prohibit certain voting systems from being connected to the internet, offers funding for election cybersecurity research and mandates the use of paper ballots across the U.S. by 2018, FedScoop has learned.

These two pieces of legislation — named the “Election Infrastructure and Security Promotion Act of 2016” and the “Election Integrity Act,” respectively — are being sponsored by Rep. Hank Johnson, D-Ga., a lawmaker whose constituents will rely on paperless ballots to cast their votes in November’s presidential election.

“In the wake of the DNC server hack and well-documented efforts by states to suppress the vote, citizens are rightly concerned,” Johnson said in a statement. “We must work to reduce the vulnerability of our crucial voting systems, protect the security and integrity of our electoral process, and ensure all Americans have the opportunity to vote.”

The Election Infrastructure and Security Promotion Act of 2016 will require the Department of Homeland Security, or DHS, to designate voting systems as critical infrastructure — an important reclassification move already under consideration by DHS Secretary Jeh Johnson. In practice, this change would result in a budget adjustment that puts election systems on par with power grid protection.


Notably, the Election Infrastructure Act will seek to compel states to comply with relevant federal rules while incorporating additional security standards and testing measures. Under the rule, the National Science Foundation will be required to stand up a nondescript election technology development program.

Meanwhile, the Election Integrity Act specifically prohibits “election systems responsible for vote casting or tabulating” from being connected to the internet. Today’s voting machines, themselves, are not connected to the internet in U.S. polling places, though other components of the larger process — like states’ voter record databases, or VDRBs, online voter registration forms, or OVR, and e-polling books — rely on connectivity.

“We’re interested in verifiable paper audit trails, avoiding hair brain ideas for connecting machinery to the public packet switch network and ensuring some security standards get updated and finished,” said Gregory Miller, co-founder of the OSET Institute and Trust the Vote Project. Miller was involved in drafting both pieces of new legislation.

The Election Integrity Act would work to limit the purchase of any new voting systems that do not provide “voter-verified paper ballots” while adding proposed protocols designed in the case of a voting system failure.

$600 million in new funding is being requested to ensure that these processes are executed in FY 2017 and 2018.


“The individual, durable paper record must be able to be verified by the voter before casting; stored in a way to preserve anonymity of the voter; and used as the final authority over electronic records audits/recounts. Recounts and audits must include paper ballots of overseas/absentee voters,” a summary of the Election Integrity Act provided to FedScoop reads.

Data analyzed by Reuters and collected via the U.S. Census Bureau, Election Assistance Commission and Verified Voting Foundation reveal that 44 million registered voters, or roughly 25 percent of the current national total, live in jurisdictions that will use paperless systems come November.

Last week, DHS Assistant Secretary for Cybersecurity Andy Ozment said that DHS will not elevate election systems to critical infrastructure in the “near future.”

“[Importantly,] the security bill dealing with the infrastructure designation does not have [a] timeline component on it demanding DHS reclassify before the Nov. elections,” a spokesperson for Rep. Johnson explained in an email, “but, if the bill becomes law, it would be required to do so.”

Chris Bing

Written by Chris Bing

Christopher J. Bing is a cybersecurity reporter for CyberScoop. He has written about security, technology and policy for the American City Business Journals, DC Inno, International Policy Digest and The Daily Caller. Chris became interested in journalism as a result of growing up in Venezuela and watching the country shift from a democracy to a dictatorship between 1991 and 2009. Chris is an alumnus of St. Marys College of Maryland, a small liberal arts school based in Southern Maryland. He's a fan of Premier League football, authentic Laotian food and his dog, Sam.

Latest Podcasts