The federal government wants to help states keep hackers from manipulating the November election, amid growing fears that the U.S. political system is vulnerable.

But Georgia’s top election official is balking at the offers of assistance — and accusing the Obama administration of using exaggerated warnings of cyberthreats to intrude on states’ authority.


Georgia Secretary of State Brian Kemp’s objections add to a bumpy start for the Department of Homeland Security’s attempt to shore up safeguards for the election, during a summer when cyberattacks on the Democratic National Committee have called attention to weaknesses across the electoral system. Cybersecurity experts call tougher protections long overdue for parties, political advocacy groups and voting machinery, but DHS’ efforts risk becoming caught in the same partisan arguments about state sovereignty that have hung up programs such as President Barack Obama’s Medicaid expansion.

“It seems like now it’s just the D.C. media and the bureaucrats, because of the DNC getting hacked — they now think our whole system is on the verge of disaster because some Russian’s going to tap into the voting system,” Kemp, a Republican, told POLITICO in an interview. “And that’s just not — I mean, anything is possible, but it is not probable at all, the way our systems are set up.”

During an earlier interview with the site Nextgov, Kemp warned: "The question remains whether the federal government will subvert the Constitution to achieve the goal of federalizing elections under the guise of security." Kemp told POLITICO he sees a “clear motivation from this White House” to expand federal control, citing Obama’s health care law, the Dodd-Frank financial-reform legislation and the increased role of the Education Department in local schools.

Election officials in other states expressed less fear of Washington but said they understand why some might worry about an expanding federal role in election security. Homeland Security Secretary Jeh Johnson said this month that he’s considering whether elections should be classified as “critical infrastructure,” affording them the same kinds of enhanced protections that the banking system and the electrical grid receive.

To some election officials, this sounds like the first stage of a more intrusive plan.

“I think it’s kind of the nose under the tent,” said Vermont Secretary of State Jim Condos, a Democrat. “What I think a lot of folks get concerned about [is] when the federal government says, ‘Well, look, we’re not really interested in doing that, but we just want to give you this,’ and then all of a sudden this leads to something else.”

“Elections have always been run and organized by the states,” said Connecticut Secretary of State Denise Merrill, another Democrat. “And I think there has always been a fear that there would be federal intervention that would not recognize differences among the states.”

Merrill added that it’s unhelpful to have such alarming rhetoric about election security crop up so close to November.

“We’re not happy about anything that serves to make people concerned about the safety of the election at this point,” she said. “I think it’s wrong to think that there’s some sort of threat that isn’t there.”

But security experts have long warned that elections are vulnerable to digital tampering, and flaws in voting technology are well-documented . And as Florida’s 36-day presidential recount showed 16 years ago, poor state and local decisions about election technology can unleash chaos onto the entire nation.

Joe Kiniry, an election digital-security expert and the CEO and chief scientist at Free & Fair, said it’s “par for the course” for states to assert that their systems are secure.

“These are exactly the same kinds of statements made by every large organization about their security until they are the next Sony, Target, or, hell, NSA,” he said.

Bruce McConnell, a former DHS deputy undersecretary for cybersecurity under Obama, rejected Kemp’s suggestion that states should fear greater federal involvement in elections.

“I think it's pretty clear today which is the greater risk to the republic: citizens losing complete confidence in our election system, or the states working carefully with Washington to prevent disaster while keeping the 10th Amendment well in mind,” said McConnell, now the global vice president at the EastWest Institute. He was referring to the Bill of Rights provision that declares limits on federal authority.

Fears of cyber-tampering in the political process mounted after the release of the stolen DNC emails in July, which forced the resignation of then-Chairwoman Debbie Wasserman Schultz and raised worries among supporters of Hillary Clinton about hackers using future document dumps to mount an October surprise. Cyber experts have blamed those and other breaches on Russian hackers, leading Clinton supporters to allege that Vladimir Putin’s regime is trying to steer the election to Donald Trump.

In response, several lawmakers of both parties have urged the administration to improve cyber-protections for parties, political groups and election offices. So did a bipartisan group of security experts from the Aspen Institute, who said in July that “voting processes and results must receive security akin to that we expect for critical infrastructure.”

Johnson told reporters Aug. 3 that DHS “should carefully consider” that question. Twelve days later, he held a conference call with state election officials in which he discussed a possible role for Washington.

But Kemp called it “troubling” for Johnson to raise the critical-infrastructure issue “before ever talking to the secretaries of state or the election officials.”

Kemp also argued that “a definition of critical infrastructure” in current law “would allow the Department of Homeland Security or anybody else to come in and get into our systems.”

Asked which laws the secretary had been referencing, David Dove, Kemp’s chief of staff, pointed POLITICO to several sections of the U.S. code that direct DHS to develop best practices and response plans for critical infrastructure protection. But these statutes do not grant the department clear authority to impose itself on states.

A DHS spokesman declined to comment on Kemp’s constitutional concerns, but a former White House cyber policy official said Kemp is wrong about the law.

“The concern about … ‘we’ll be designated as critical infrastructure and then we’re going to be regulated’ is just based on a false premise,” said the former official, who requested anonymity to speak candidly.

Instead, the ex-official said, companies can often benefit when the government declares their systems to be critical. Among other assistance, that gives them access to a DHS program, dubbed Einstein, that monitors networks for known hacking threats. Sony Pictures Entertainment gained access to those services after DHS lawyers classified the company as critical following a devastating late-2014 cyberattack, which the Obama administration has blamed on North Korea.

Far from decrying government intervention, the former official said, companies listed as critical cyber entities have said they don’t get enough federal help. “Companies that have been put on the cyber list have just complained, ‘We don’t get anything for this. We have no support.’”

Kemp stood firm, arguing that it was clear during Johnson’s conference call with state election officials that a regulatory push “was obviously something that had been in the works.”

“Everybody that was on that call was in lockstep with Secretary Johnson,” he added.

But other people on the call disputed that characterization.

“Johnson articulated that he was not interested in intervening, regulating or overseeing the election process,” said Condos, the Vermont secretary of state. Merrill, from Connecticut, said she recalls that Johnson “specifically said they weren’t talking about regulation.”

Still, Merrill said, she agreed with Kemp that “we don’t really know what it does mean when they say they would offer assistance.” She noted that states already work with FBI offices and the U.S. Election Assistance Commission, the agency Congress created to help improve election administration after the Bush v. Gore soap opera.

On the call with Johnson, the state officials accepted his offer to create an election cybersecurity partnership committee.

Not everyone is convinced that the risk matches the alarm, however, even though some security researchers have commandeered voting machines with frightening ease. Dove said researchers have succeeded only in favorable conditions that are unlikely to exist during real elections — plenty of time and no security guards.

But experts who have audited voting systems condemn that argument.

“We heard these same complaints a decade ago when people started [looking at] could you hack Microsoft operating systems, or Adobe,” said one voting security researcher who asked not to be named, citing political sensitivities. “We would get: ‘Oh, that’s just a lab environment. That could never happen in the real world.’ And of course, we all know, it does.”

State election officials frequently point out that their voting machines are not connected to the Internet and so are not susceptible to many forms of remote tampering. But keeping the machines offline is not a cure-all. In 2006, Princeton University researchers developed a digital virus that hopped among voting machines via the cards that election workers use to program them.

“There’s no doubt in my mind that if someone wanted to, they could cause viruses and other malware to spread from one voting machine to another,” the voting security researcher said.

All the state officials, including Kemp, told POLITICO that they welcomed DHS’ help if it meant merely identifying cyber threats and warning states about them.

“Anybody that wants to assist us in what we’re trying to do … that’s something that we’d be interested to entertain,” said Alabama Secretary of State John Merrill, a Republican. “We would believe that they would have our best interests in mind.”

Still, Kemp accused the news media and the federal bureaucracy of raising unwarranted fears of election cyberattacks at the worst possible time.

“It would have been nice for us to have been brought into this situation beforehand to get the perspective,” he said, “because quite honestly, all this did was help blow a lot of things out of proportion, and now every election official across the country's having to deal with these issues in the middle of a presidential election.”