Democrats stump for election security, blast McConnell at hacker conference

By Eric Geller

LAS VEGAS — Democratic lawmakers emerged from the world’s largest hacker conference this weekend with a clear message: Congress must pass legislation to mandate better U.S. election security.

In panels and interviews at DEF CON in Las Vegas, where a roomful of hackers demonstrated ways to breach insecure voting machines, those lawmakers focused their fury on the man proudly blocking their bills.

“Why hasn’t Congress fixed the problem? Two words: Mitch McConnell,” Sen. Ron Wyden (D-Ore.) said during a Friday keynote address to a packed and largely supportive room at DEF CON’s Voting Village.

Rep. Ted Lieu (D-Calif.), one of a handful of computer scientists in Congress, told POLITICO that when it came to his biggest election security concern, “I have two words: Mitch McConnell.”

The Senate majority leader has repeatedly blocked votes in the upper chamber on two House Democratic bills that would require voting machines to produce paper records, mandate post-election audits and impose security requirements on election technology companies.

Election security experts overwhelmingly say these provisions are vital for protecting the democratic process. But McConnell has argued repeatedly that states, not the federal government, should decide how to run their elections.

It’s “stupid to have the view that states have the right to have poor election security,” Lieu told POLITICO.

“The federal government certainly has [a] responsibility to make sure that we have strong election security all over America,” he said after he and a group of congressional staffers met with cyber experts. “No state has a right to have voting machines that can be easily hacked.”

Lieu, Wyden and Rep. Jim Langevin (D-R.I.), the co-chair of the Congressional Cybersecurity Caucus, all spoke at DEF CON about the need to better protect elections in 2020, when Russian hackers are expected to resume a digital assault to undermine confidence in U.S. democracy.

“We were much better protected in 2018, but not perfect,” Langevin said during a Friday morning panel with Lieu and cyber experts. “There are further preparations … that are ongoing right now to make sure that we are protecting our election system and our infrastructure going forward.”

Wyden told POLITICO that touring DEF CON’s Voting Village, which was crowded with election equipment and hackers eager to break into it, was an eye-opening experience.

“What really struck me,” he said in an interview, was seeing an electronic poll book made by VR Systems, the Florida company suspected to have been referenced in special counsel Robert Mueller’s report as the victim of a Russian intrusion.

“Why hasn’t Congress fixed the problem? Two words: Mitch McConnell,” said Sen. Ron Wyden.
“Why hasn’t Congress fixed the problem? Two words: Mitch McConnell,” said Sen. Ron Wyden.

“I said to myself, ‘I sure wish Mitch McConnell could see this who’s-who of hackable systems,” Wyden said. “It’s incredible.”

In a series of “villages” spread across the Planet Hollywood hotel on the Las Vegas Strip, hackers this weekend demonstrated vulnerabilities in everything from cars to medical devices — often with the eager participation of manufacturers grateful for the free security help.

But since the creation of the Voting Village in 2017, the small community of election vendors has resisted that kind of engagement, forcing organizers to scavenge devices from sympathetic local governments and even eBay.

Lieu said this attitude was emblematic of the industry’s deep problems. “Manufacturers of election equipment have no incentives to improve their products,” he told POLITICO. “If something goes wrong, they literally can’t be sued, because what exactly will you say is the harm that a plaintiff could actually bring?”

That’s why House Democrats are pushing bills to regulate these companies, he said.

But those bills — H.R. 1 (116), the For the People Act, and H.R. 2722 (116), the SAFE Act — have run aground in the Republican-controlled Senate.

“I am not going to let Democrats and their water-carriers in the media use Russia’s attack on our democracy as a Trojan horse for partisan wish-list items that would not actually make our elections safer,” McConnell said in a fiery floor speech on July 29, responding to critics who have called him “Moscow Mitch.”

Democrats have dismissed McConnell’s claims about partisanship as posturing intended to obscure the widespread support for their measures outside of Congress.

“Requiring paper ballots is not a Democratic or Republican issue,” said Lieu. “It’s just a better election security issue.”

And in his DEF CON speech, Wyden didn’t shy away from linking McConnell to the Kremlin.

“It sure seems like Russia’s No. 1 ally in compromising American election security is Mitch McConnell,” he said.

The majority leader “knows full well that blocking election security legislation makes it easier for Russia and other foreign powers to attack the next election,” Wyden added. “And my sense is this is a price Mitch McConnell and Donald Trump are willing to accept.”

Lieu echoed that criticism in the interview. “I think you have to ask, why would Mitch McConnell not want to improve election security?”

Asked for comment on the Democrats’ attacks, a McConnell spokesperson pointed to the majority leader’s floor speech.

“Requiring paper ballots is not a Democratic or Republican issue,” said Rep. Ted Lieu. “It’s just a better election security issue.”
“Requiring paper ballots is not a Democratic or Republican issue,” said Rep. Ted Lieu. “It’s just a better election security issue.”

Wyden told DEF CON attendees that they should contact their lawmakers to advocate for election security legislation. But as he acknowledged, only McConnell has the power to resolve the impasse.

Asked how he planned to change McConnell’s mind, Wyden rattled off four names.

“Cory Gardner, Joni Ernst, Susan Collins, Thom Tillis,” he said, referencing the Republican senators facing tough reelection battles next year in Colorado, Iowa, Maine and North Carolina. “If enough people weigh in with them, then what do they do? They go to the leader and say, ‘This is important.’”

Wyden said he’s discussed election security issues with his Republican colleagues, including media reports revealing new vulnerabilities in voting technology.

“Every time another one of these stories comes out, I’ve had Republican senators say, ‘I see what you’re talking about,’” he said. “I mean, they’ve seen some of these stories. It’s not as if they don’t see them.”

Not all Democratic lawmakers are convinced that a pressure campaign can force McConnell’s hand.

“You’re counting on people who haven’t demonstrated a willingness to want to do the right thing in a long time when it comes to our democracy,” Rep. Eric Swalwell (D-Calif.) told POLITICO on Sunday before delivering the Voting Village’s closing keynote.

The only solution, Swalwell said, was for Democrats to win the Senate and the White House next year.

Swalwell compared the issue to gun violence prevention. “They have benefited far too long from doing nothing,” he said. “I don’t see them changing their behavior. You’re just going to have to win. They’re not coming around.”

Both Wyden and Lieu said it was vital for other lawmakers to visit DEF CON and learn about cyber threats to elections and other industries.

“I think they’ll learn a lot,” Wyden said. “I’m going to go back and tell them, maybe we all ought to go together.”

Wyden sounded optimistic about the prospects of breaking McConnell’s election security logjam.

“America has shown, when our national security and our well-being are on the line, we can move in a hurry,” he said. “This isn’t a two-house effort. This is one house.”

More Coverage: Interactive: The scramble to secure America's voting machines