The Free Internet Project

August 2019

U.S. Federal Election Commission's Proposed Rule to Require Campaign Reporting of Receipt of "Valuable Information" and "Compromising Information"

In response to findings that President Donald Trump’s 2016 presidential campaign received election assistance from foreign entities, the Federal Election Commission (FEC) has proposed new rules to limit foreign election contributions.  [More from NPR] . Earlier this year, two entities—Sai, Fiat Fiendum, Inc. and Make Your Laws PAC, Inc.—petitioned the FEC to amend the definition of “valuable information” under 11 CFR part 100. 

Specifically, the proposed changes would narrow the commission’s legal definition of a contribution by defining “valuable information” as information that:

  1. Is not freely available to the public;
  2. Is provided to a person regulated by the Federal Elections Campaign Act . . . at a cost less than the market rate or by a person not hired by the recipient to generate such information;
  3. Would cost a non-trivial amount for the recipient to obtain at their own expense; and
  4. Is information that would likely have the effect of influencing any election for federal office or that parties or candidate committees have traditionally expended money to obtain.

If accepted, the following definition will be codified at 11 CFR 100.57.

The proposed regulation outlines two types of “valuable information”: “foreign information” and “compromising information.”

  • Foreign information” would include any information that comes from a source that is prohibited from making contributions under the Federal Elections Campaign Act.
  • Compromising information” would include information that could be used to blackmail or otherwise compromise any candidate for Federal office (including indirect coercion, such as of a candidate’s family), regardless of the source.

If any campaign official was offered or received either of types of information, the regulation mandates that they report this contact to the FEC within three days. Upon learning of a campaign receiving such information, the regulation requires the FEC to initiate investigations, provide a report to the FBI, and, in the case of “compromising information,” provide a report to every reasonably identifiable person against whom such information could be used. Once the FEC has learned of this information, the regulation requires the agency to provide a report to any other law enforcement entity with likely jurisdiction over the matter. Fourteen days later, the FEC must also publish a report on the matter.

Ellen L. Weintraub, the chair of the FEC, signed a notice about the potential new restrictions, further emphasizing the importance of curbing foreign interference in elections. Previously, on June 13, 2019, Weintraub published a statement regarding illegal contributions from foreign governments. “It is illegal for any person to solicit, accept, or receive anything of value from a foreign national in connection with a U.S. election,” she reiterated. “Any political campaign that receives an offer of a prohibited donation from a foreign source should report that offer to the Federal Bureau of Investigation.”

Currently, the FEC is seeking public comment on this proposed rule. This comment period ends on September 30, 2019. After this phase, the rule will be voted on by the FEC commissioners. In accordance with FEC agency policy, four votes are needed for any official action to proceed. Considering the agency currently has four confirmed commissioners out of six possible, this rule would need a unanimous vote in order to become law.

This administrative action echoes similar efforts in the House and Senate to pass increased election security protections in response to Russia’s interference in the 2016 presidential election.

Federal Judge Orders Georgia Election Officials to Upgrade Voting System Before 2020

On Thursday, August 15th, Federal District Court Judge Amy Totenberg ordered the state of Georgia to upgrade its election systems before the state holds its presidential primary election in March of 2020. The 151-page ruling describes Georgia’s election system as “antiquated, seriously flawed, and vulnerable to failure, breach, contamination, and attack.” Although she has previously ordered Georgia to upgrade its election systems, Thursday’s order marks the first time Judge Totenberg has set a specific deadline that Georgia officials must meet.

Georgia is one of a handful of states that relies exclusively on electronic voting systems that do not provide a paper record. Election security experts have roundly criticized such systems, noting that they are vulnerable to hackers and susceptible to logistical problems. Indeed, election security experts have identified a number of significant security breaches that occurred during the 2018 election.

Due to these concerns and previous orders from Judge Totenberg, Georgia had announced plans to upgrade its voting systems prior to Thursday’s ruling. In July, Georgia’s Secretary of State Brad Raffensperger publicly announced that the state would purchase new electronic voting machines from Dominion Voting Systems. The machines will print out a paper ballot and a QR code that  both voters and election officials can use to verify vote tallies. The Associated Press notes that while Judge Totenberg has praised the new machines as “an essential step forward out of the quagmire, even if just to terminate use of antiquated voting  system,” plaintiffs remain skeptical of the new machines, specifically questioning the extent to which voters will be allowed to verify their selections rather than relying on a printed QR code. Because of these concerns, plaintiffs have publicly announced their intention to bring separate litigation over the newly proposed machines.

Judge Totenberg’s ruling was prompted by a motion from plaintiff voters and election security advocates asking the court to force Georgia officials to use paper ballots during upcoming 2019 municipal elections. Citing logistical concerns, Judge Totenberg held that the state would not have enough time to implement a paper ballot system in time. However, she notes that use of the current system “past this 2019 cycle of elections is indefensible given the operational and constitutional issues at stake.”

The ultimate effect of Thursday’s ruling is to prevent Georgia from reverting to current election systems if newly proposed voting machines are not rolled out in time for 2020 elections. As a result, Georgia will have to resort to a paper balloting system in 2020 if new systems are not in place. In preparation for this contingency,  Judge Totenberg’s order requires the Secretary of State to “address errors and discrepancies in the voter registration database” and test the use of a paper balloting system in a handful of jurisdictions during the state’s upcoming municipal elections.

Summary of Senate Intelligence Committee Report: “Russian Efforts Against Election Infrastructure”

On July 25, the Senate Select Committee on Intelligence published Volume I of a report on Russian Active Measures Campaigns and Interference.  The report stems from the committee’s bipartisan investigation into a wide range of Russian activities relating to the 2016 U.S. presidential election. Volume I reaffirmed the Intelligence Community Assessment (ICA)  that  Russian intelligence accessed elements of multiple state or local electoral boards prior to the 2016 presidential election. According to the Report, DHS concluded that the Russian government likely researched the electoral system in place in all 50 states. In fact, by September 2017, DHS concluded that 21 states were explicitly targeted by Russian government cyber actors.

The Committee determined that “scanning” of election-related state infrastructure was the most widespread activity conducted by the Russian government prior to the election. Scanning is a form of reconnaissance where an adversary searches for weaknesses, access points, and vulnerabilities. Dr. Samuel Liles, Acting Director of Cyber Division for the Office of Intelligence and Analysis, characterized these activities as “analogous to somebody walking down the street and looking to see if you are home. A small number of systems were unsuccessfully exploited, as though somebody had rattled the doorknob but was unable to get in . . . [however] a small number of the networks were successfully exploited. They made it through the door."

It should be noted that the Report provides no evidence that votes were changed, vote tallying systems were manipulated, or that any voter registration data was altered or deleted during the 2016 election cycle. Despite this, there is reason to believe that Russia will continue to escalate its interference in future elections. When testifying before the Committee, Michael Daniel, former Assistant and Cybersecurity Coordinator for President Obama, warned that mapping is done “so that [Russia] could actually understand the network [and] establish a presence so [they] could come back later and actually execute an operation.” Moreover, in an addendum providing the additional views of Senators Harris (D-CA), Bennet (D-CO), and Heinrich (D-NM), the Report states that “Russian operatives undoubtedly gained familiarity with our election systems and voter registration infrastructure—valuable intelligence that it may seek to exploit in the future.”

At the end of the Report, the Committee provided a comprehensive list of recommendations aimed at preventing Russia from interfering in future elections.

1.  Reinforce States' Primacy in Running Elections

The Committee recommends reinforcing the role of each state in administering elections while the federal government should ensure they receive the necessary resources and information. This recommendation received pushback from Senator Wyden (D-OR) who calls for mandatory, nation-wide cybersecurity requirements. Wyden argues that Congress's constitutional role in regulating federal elections is well-established and that the Russian attacks are too complex and too serious to be left solely to state and local officials. Wyden went so far as to say that “[w]e would not ask a local sheriff to go to war against the missiles, planes and tanks of the Russian Army. We shouldn't ask a county election IT employee to fight a war against the full capabilities and vast resources of Russia's cyber army.”

2.  Create Effective Deterrence

The Committee recommends that the U.S. establish an international cyber doctrine to limit certain cyber activity. This doctrine would be similar to the existing international norms and treaties about the use of technologies and weapons systems. The government should treat a violation of this doctrine would be viewed as a hostile act and will be responded to appropriately. The Committee made it clear that the U.S. “should not limit its response to cyber activity; rather, it should create a menu of potential responses that will send a clear message and create significant costs for the perpetrator.”

3.  Improve Information Gathering and Sharing on Threats

The Committee recommends that the federal government, state governments, and local governments should establish clear channels of communication between one another. While this may seem rather rudimentary on its face, one of the key components of information sharing about elections is security clearances for appropriate officials at the state and local level. Since the 2016 election, DHS has compiled a list of officials to contact in every state if there is a threat. In addition, DHS is seeking to obtain security clearances for up to three election officials per state. Lastly, federal officials are working to declassify information in order to provide the greatest possible warning to state and local officials without compromising our own national intelligence.

4.  Secure Election-Related Cyber Systems

Despite the expense, the Committee recommends that cybersecurity needs to become a higher priority for election-related infrastructure. To do this, election officials should work with DHS to evaluate the security of their election systems, voter registration systems, state records, and other pre-election activities. The Report stated that in 2016, “cybersecurity for electoral infrastructure at the state and local level was sorely lacking.” The Committee additionally recommends that DHS creates an advisory panel to give expert-level advice on how states and localities run elections. Using this advice, DHS should develop procedures and processes to evaluate and routinely provide guidance on relevant vulnerabilities associated with voting systems.

5.  Take Steps to Secure the Vote Itself

The Committee recommends that states act with urgency to replace outdated and vulnerable voting systems. At a minimum, any machine purchased going forward should have a voter-verified paper trail and remove (or render inert) any wireless networking capability. This is because paper ballots and optical scanners are the least vulnerable to cyber-attack. However, in order for paper ballots to be a legitimate means of tallying votes, there must be a secure chain of custody for those ballots. For this reason, the Committee recommends that states reexamine their safeguards against insertion of fraudulent paper ballots at the local level. Lastly, the Committee recommended that vendors of election equipment be briefed about the vulnerabilities in both the machines and the supply chains for the components of their machines.

6.  Assistance for the States

Finally, the Committee outlined its assessment of how the federal government can assist state and local governments in ensuring free and fair elections. State officials told the Committee the main obstacle to improving cybersecurity and purchasing more secure voting machines is cost. In March 2018, Congress appropriated $280 million in grants aimed at improving election security. Among other things, these funds will go toward replacing voting machines, hiring additional IT staff, updating software, and contracting with vendors to provide cybersecurity services. The Committee recommends that the Election Assistance Commission—the entity responsible for administering the grants—regularly report to Congress on how the states are using those funds, whether more funds are needed, and whether states have both replaced outdated voting equipment and improved cybersecurity.

Above all, this Report serves as a reminder that since 2014, Russia has been exploiting weaknesses in the American electoral system in order to sow discord and distrust among the American public. As former Deputy Director of the FBI, Andrew McCabe, told the Committee, the Russians “might not be effective the first time or the fifth time, but they are going to keep at it until they can come back and do it in an effective way." The committee plans to release several more installments of its report in the fall, focusing on the "Intelligence Community Assessment (ICA) of Russian interference, the Obama Administration’s response to Russian interference, the role of social media disinformation campaigns, and remaining counterintelligence questions."