Election security bill would let DHS set cyber standards
Sen. Ron Wyden, Oregon Democrat, announced plans Thursday to pursue legislation allowing the Department of Homeland Security to establish mandatory cybersecurity requirements for elections.
Speaking at an event in D.C., Mr. Wyden said he will include a new measure giving power to DHS in a revamped version of the Protecting American Votes and Elections Act, or PAVE Act, previously introduced in 2018.
“The Election Assistance Commission sets standards for voting machines - but those standards are 100 percent voluntary,” Mr. Wyden said at the Election Verification Network annual conference at George Washington University, according to prepared remarks released by his office. “Not only are voluntary cybersecurity standards not working, but it’s clear that the Election Assistance Commission, or EAC, is the wrong agency to be in charge of election cybersecurity.
“My bill would give an agency that does have that security expertise the power to set minimum security standards for voting machines, election management computers, and other election systems,” he said. “The Department of Homeland Security has that expertise and my bill puts DHS in charge of setting those standards.”
Mr. Wyden, a member of the Senate Intelligence Committee, said offer he would introduce the bill in the weeks ahead as part of an effort to achieve an “election security moonshot.”
In addition to granting DHS authorities to set standards for voting systems, Mr. Wyden said his revamped PAVE Act will include two “common-sense cybersecurity measures” previously included in his original proposal: hand-marked paper ballots and post-election risk-limiting audits.
Its passage would allocate hundreds of millions of dollars for states to purchase updated equipment to count paper ballots, and the federal government will foot the cost of auditing elections after the fact, he said.
“As you may have noticed, the 2020 election is right around the corner,” Mr. Wyden said. “There’s not a lot of time left to put secure systems in place before voters head to the polls. I’m telling all of my colleagues that this is a five-alarm issue and we need to get moving right away.”
Republicans are likely to raise objections, however, particularly in light of the provision granting powers to DHS, Mr. Wyden acknowledged.
“One of the obstacles I’ve run into over the past year is the argument that elections are a state’s rights issue,” he said. “Some Republicans even say it would be unconstitutional tyranny for the federal government to set mandatory election cybersecurity standards. I don’t buy that. Article 1, Section 4 of the Constitution says, and I quote ‘The Times, Places and Manner of holding Elections for Senators and Representatives, shall be prescribed in each State by the Legislature thereof; but the Congress may at any time by Law make or alter such Regulations.’
“I’m a lawyer in name only, but that is perfectly clear. Congress has the power to set the rules for federal races,” Mr. Wyden added. “There’s no reason for this to be a partisan issue. Every valid vote, Republican or Democrat, should be counted. It is the most basic constitutional right that ensures our government is legitimate. But turning good ideas into law won’t be easy.”
My. Wyden’s previous iteration of the PAVE Act garnered the support of 14 co-sponsors, none Republican, prior to stalling in the last congressional sessions. A companion bill introduced in the House by Rep. Earl Blumenauer, Oregon Democrat, similarly gained nine Democratic co-sponsors before dying on Capitol Hill.