Bipartisan legislation formally unveiled this week would require the Department of Homeland Security to send notifications on breaches affecting the election systems.
Unveiled by U.S. Reps. Michael Waltz (R-Fla.) and Stephanie Murphy (D-Fla.), the legislation would require DHS to inform state and local officials and certain Members of Congress, as well as potentially affected voters.
The legislation, H.R. 3529, the Achieving Lasting Electoral Reforms on Transparency and Security (ALERTS Act), follows reports on Russian hackers gaining access to the computer networks of two Florida counties prior to the 2016 U.S. election.
“It has now been nearly two months since Florida delegation members were briefed by the FBI on the two hacked counties in Florida – and the voters in these counties still don’t know if Russians have accessed their personal data,” Waltz said.
The bill would require federal officials to promptly alert appropriate state and local officials and Members of Congress when there is credible evidence that an election system has been breached and voter information believed to have been altered or otherwise affected.
State and local officials would then be required to alert potentially affected voters of the incident.
A narrow exception is created for public alerts if such notifications are determined to potentially compromise intelligence sources or methods, or to negatively impact ongoing criminal investigations.
18 other Members of Congress cosponsored the bill, namely Florida Reps. Vern Buchanan, Charlie Crist, Ted Deutch, Mario Diaz-Balart, Matt Gaetz, Brian Mast, Debbie Mucarsel-Powell, Donna Shalala, Darren Soto, Ross Spano, John Rutherford, Debbie Wasserman Schultz, and Ted Yoho, along with Reps. Jodey Arrington (Texas), Brian Fitzpatrick (Pa.) and Kendra Horn (Okla.).
A March 2019 report concluded that, in the months leading to the 2016 election, Russian military intelligence officers sent spearphishing emails to more than 120 email accounts of Florida county elections officials. Thus, the network of at least one Florida county government was compromised in the attack.
In May, during a classified briefing with the U.S. Department of Justice (DoJ) and the Federal Bureau of Investigation (FBI), the Florida congressional delegation learned that Russia infiltrated a second county.
“We need a notification standard for election hacks, which will increase public transparency on the vulnerabilities of our election infrastructure and help strengthen our democratic process,” said Murphy.
“The FBI’s notification protocol is inadequate and unacceptable. Voters and state and local officials have the right to know when personal information has been compromised,” Waltz said.
Related: Russia Effort in 2016 US Election Was ‘Vast,’ ‘Professional’
Related: Florida Effort to Block Election Hacking Gets Extra $2M
