Should Hacking Voting Systems Be a Federal Crime? (S. 1321)

What is S. 1321?

(Updated July 6, 2021)

This bill was enacted on October 20, 2020

This bill — the Defending the Integrity of Voting Systems Act — would make it a federal crime to hack any voting systems used in a federal election and allow the Dept. of Justice (DOJ) to pursue federal charges against anyone accused of such crimes.

Argument in favor

Malicious actors, especially hostile foreign nations, are actively seeking to undermine U.S. elections by hacking voting machines and other parts of election systems. It’s important to punish criminals who engage in election hacking, and this bill would lay important groundwork for doing so.

Argument opposed

This bill is far too narrow and toothless to meaningfully protect U.S. elections. Although it empowers federal prosecutors to bring charges where they otherwise couldn’t do so, it doesn’t strengthen the integrity of voting systems themselves, which should be a higher priority than tweaking criminal code.

Impact

Federal elections; election hacking; voting machines; election infrastructure; and the DOJ.

Cost of S. 1321

A CBO cost estimate is unavailable.

Additional Info

In-Depth: Sponsoring Sen. Richard Blumenthal (D-CT) introduced this bill to make it a federal crime to hack any voting systems used in a federal election:

“As the Special Counsel’s report on Russian interference demonstrates, America’s elections infrastructure is the frontline of foreign governments’ efforts to subvert our democracy. Our legislation to protect voting machines will better equip the Department of Justice to fight back against hackers that intend to interfere with our elections. This bill shows that securing the nation’s elections and cyber infrastructure can be a bipartisan cause, which I look forward to discussing with our colleagues."

Original cosponsor Sen. Sheldon Whitehouse (D-RI) adds that this legislation is needed to ensure Americans’ faith in the electoral system: 

“Russia and other hostile actors are continuously bombarding the cyber defenses of our critical infrastructure in an attempt to sow chaos and distrust. Protecting the instruments of our democracy from these attacks and safeguarding Americans’ faith in the integrity of elections are bipartisan goals."

Lead Republican cosponsor Sen. Lindsey Graham (R-SC) says this bill is necessary to defend against a range of hostile actors:

“Russian interference in the 2016 election exposed just a small piece of our adversaries’ cyber capabilities. Seeking to undermine American democracy and our standing on the world stage, hostile nations like Russia, Iran, China, and North Korea work every day to develop new cyber weapons to deploy against the United States. We should be particularly vigilant of our voting systems. This legislation provides the Department of Justice the ability to investigate and prosecute those who seek to manipulate elections systems equipment. Congress should act quickly to pass this bill to help protect us from further attempts to interfere with the 2020 election."

This bill passed the Senate by unanimous consent with the support of two bipartisan cosponsors, including one Democrat and one a Republican.

Of Note: In 2018, the Attorney General’s Cyber Digital Task Force Report concluded that foreign influence operations are a persistent threat against U.S. elections. The report noted:

“Cyber operations could seek to undermine the integrity or availability of election-related data. For example, adversaries could employ cyber-enabled or other means to target election-associated infrastructure, such as voter registration databases and voting machines, or to target the power grid or other critical infrastructure in order to impair an election. Operations aimed at removing otherwise eligible voters from the rolls or attempting to manipulate the results of an election (or even simply spreading dis- information suggesting that such manipulation has occurred) could undermine the integrity and legitimacy of our free and fair elections, as well as public confidence in election results. To our knowledge, no foreign government has succeeded in perpetrating ballot fraud, but the risk is real.”

The AG’s task force also emphasized the importance of investigating and prosecuting those who violate U.S. laws and seek to disrupt elections:

“[I]nvestigating and prosecuting those who violate our laws, disrupting particular operations, and exposing covert foreign activities can be useful in defending against this threat. It is therefore critical that the Department consistently evaluate existing law and policy governing its actions, as well as its strategic approach to the problem. In the short term, the Department must use all current authorities to counter the foreign influence threat, working closely with the IC, DHS, State and local governments, and where appropriate, the private sector.”

In its report, the AG’s task force also noted that it may not currently be able to prosecute election hacking under the federal law governing computer intrusions. In its report, the task force notes that electronic voting machines may not qualify as “protected computers” under the Computer Fraud and Abuse Act (CFAA, a 1986 law that prohibits unauthorized access to protected computers and networks or access that exceeds authorization, such as an insider breach).

The task force says that the CFAA generally only prohibits hacking networked computers that are connected to the Internet, and says that voting machines generally don’t meet this criteria because they “are typically kept off the internet.” Consequently, the report goes on to argue, “should hacking of a voting machine occur, the government would not, in many conceivable circumstances, be able to use the CFAA to prosecute the hackers."

Given this interpretation of the CFAA, the government requested legislation to amend the CFAA to specifically cover voting machines so there isn’t any ambiguity — which is exactly what this bill does. Sujit Raman, associate deputy attorney general, testified to the Senate Judiciary Committee’s Subcommittee on Crime and Terrorism that “[e]xpanding the definition of a protected computer to include electronic voting machines will strengthen confidence in the integrity of our electoral system and ensure that any attempts to manipulate the results of an election can be prosecuted to the fullest extent under federal law."

However, Mark Rasch, a former federal computer crimes prosecutor now in private practice in Maryland, contends that the CFAA has been interpreted fairly expansively in the past. He argues that the government is concerning itself with a theoretical and academic argument that’s unlikely to have traction in a U.S. court were a defendant to argue that “hacking a voting machine is not hacking under the CFAA because voting and elections are not commerce." He adds that federal jurisdiction for hacking voting machines is already satisfied under the current CFAA simply because voting machines are used for federal elections, and many machines used in the U.S. today were purchased with federal money made available under 2002’s Help America Vote Act. Thus, Rasch argues, “clearly you have sufficient federal nexus that you can make [election hacking] a federal crime [without this bill].”

In the lead up to the 2018 midterm elections, senior U.S. officials warned of Russian interference. In an appearance at the White House press briefing on August 2, 2018, Director of National Intelligence (DNI) Dan Coats, FBI Director Christopher Wray, then-Homeland Security Secretary Kirstjen Nielsen, NSA Director Paul Nakasone and National Security Advisor John Bolton discussed Russia’s ongoing efforts to interfere in the upcoming elections and assured the public that the Trump administration was doing everything it could to address the challenge. DNI Coat said, “we continue to see a pervasive messaging campaign by Russia to try to weaken and divide the United States” and noted that Russia wasn’t the only threat, adding that “We know there are others who have the capability and may be considering influence activities.”

Special Counsel Robert Mueller’s report said, “We understand the FBI believes that this operation enabled [Russian military intelligence] to gain access to the network of at least one Florida county government” during the 2016 election. On May 14, 2019, Florida Governor Ron DeSantis confirmed the report’s findings. In a news conference, Gov. DeSantis said, “Two Florida counties experienced intrusion into the supervisor of election networks. There was no manipulation” or anything that affected the final vote count.

In comments at the Aspen Security Forum in July 2018, FBI Director Christopher Wray said efforts to target specific election infrastructure haven’t been seen even though other “malign influence efforts” are evident:

“We haven’t seen yet an effort to target specific election infrastructure this time [in 2018], but certainly other efforts — which I would call malign influence efforts — are very active and we could be just a moment away from it going to the next level. To me, it’s a threat that we need to take extremely seriously.”

Media:

• Original Cosponsor Sen. Sheldon Whitehouse (D-RI) Press Release
  
• VICE
  
• Cyware (Coverage, 115th Congress)
  
• The Hill (Coverage, 115th Congress)
  
• NPR (Context)
  
• Report of the Attorney General’s Cyber Digital Task Force (Context)
  

Summary by Lorelei Yang

(Photo Credit: iStockphoto.com / gorodenkoff)