GOP Seeks to Close Federal Election Agency

By Erica Orden, The Wall Street Journal

19 July 17

ouse Republicans are seeking to defund the U.S. Election Assistance Commission, the sole federal agency that exclusively works to ensure the voting process is secure, as part of proposed federal budget cuts.

The defunding move comes as the EAC is working with the Federal Bureau of Investigation to examine an attack late last year on the agency’s computer systems by a Russian-speaking hacker.

House Republicans say the EAC no longer is necessary and that the Federal Election Commission could bear its responsibilities. They also say the agency’s work duplicates efforts at the Department of Homeland Security and FBI and that it improperly interferes in the right of states to conduct their elections.

“People supporting the EAC are quite frankly proponents for a greater federal role in our elections,” said Rep. Tom Graves (R., Ga.) at a June committee hearing on the proposal to eliminate the agency. “States themselves, they’re responsible for all the elections. We do not have a federally run election system.”

However, Democrats have said Russian meddling in the 2016 election has boosted the importance of the EAC. The agency helps train local officials on such tasks as recruiting poll workers and, during last year’s campaign, distributed memos keeping election officials apprised on potential vulnerabilities in voting systems.

The commission “has a unique task that they’re best situated to accomplish,” said Rep. Mike Quigley, an Illinois Democrat who has been fighting to preserve the agency.

Mr. Quigly said that the intelligence community judgment that Russian President Vladimir Putin ordered a campaign of interference in the 2016 election makes it the “worst time” to try to eliminate the agency.

“Cutting funding to it is a green light to Putin to do it again,” said Mr. Quigley.

The Election Assistance Commission said in December it was “working with federal law enforcement agencies to investigate the potential breach and its effects.” It said recently it has thoroughly scanned its systems to make sure there are no additional security concerns.

The commission provides election-management guidelines and develops specifications for certifying voting systems, though responsibility for administering elections ultimately falls to state and local governments.

The hacking probe is being conducted at the same time the FBI is undertaking a broader investigation into Russia meddling in the 2016 presidential election, including attempts to get into state election databases, and whether anyone working with President Donald Trump’s campaign colluded in the effort. Mr. Trump and his campaign have denied any collusion with Russian hacking.

It is unclear if the EAC hack is part of that review; the FBI declined to comment on the matter.

The hack appeared to include a breach of the EAC’s administrative-access credentials as well as access to nonpublic reports on flaws in voting machines, according to Andrei Barysevich, an analyst with cybersecurity firm Recorded Future.

Access to the reports could have allowed someone to exploit flaws in voting machines, Mr. Barysevich said. The stolen credentials could have been used to install malicious code on the EAC site, thus potentially infecting any user of it. The users could include state election officials, who might then use a thumb memory stick to interact with other machines, such as ballot machines not connected to the internet.

The security firm, which assessed the hack as having likely occurred in November, turned the information over to law enforcement in December, and Mr. Barysevich has been cooperating with the FBI on its probe.

“There’s nothing in the EAC’s reservoir that can’t be found elsewhere but it certainly is an attractive place to look,” said Gregory Miller, co-founder of the nonprofit Open Source Election Technology Institute, which works to build secure voting technology and systems. “The hack should be concerning because it continues to demonstrate a pattern of behavior and methodology” regarding the targeting of election systems, he said.

The hack was discovered Dec. 1 by Recorded Future, which for one month prior had been tracking a hacker it dubbed “Rasputin.”

The hacker had used the same technique to penetrate other systems that Recorded Future had been monitoring, Mr. Barysevich said, and in December the firm spotted “Rasputin” in an underground market attempting to sell the EAC credentials to “unfriendly” Middle Eastern governments.