>> this weekend on "book tv," the milford readers and writers festival in milford, pennsylvania. starting saturday with pulitzer price winning writer susan falud, "in the dark room," and alan alda, "if i understood you, would i have this look on my face." francis fitzgerald and phil clay discuss writing about war and former harper collins ceo jane friedman on the future of book publishing. on sunday at 1:00, fox news ian drew napolitano on his book "it is dangerous to be write when the government is wrong." and authors julie maloney and jewels evans on the power of the written word. weekend on c-span2's "book tv."

up next, security experts and election officials talk about efforts to prevent cyberattacks during the midterm elections. this discussion is hosted by new york university at their washington, d.c. campus. it's 1:15. good afternoon, everyone. is this on? no? yes. is this good? all right. thank you. good afternoon. welcome to the brennan center for justice. first of all, i just want to thank nyu's john brademas center

and the great team here, nyu team in d.c., who always make us feel welcome. i'm larry norden, the deputy director of the democracy program at the brennan center. and just to repeat, because i was told i can't say it too much, andrea's discussion of how you can keep up with our work, you can find us online at brennancenter.org, follow us on facebook and twitter and listen to our podcasts on icloud. for those of you that don't know, the brennan center is a non-partisan law and policy institute that works to reform and revitalize and, when necessary, defend in our systems of democracy and justice. we've been deeply engaged in addressing the many issues surrounding election security to protect our constitutional

democracy for over a decade. so i'm sorry to disappoint folks, we won't be discussing rod rosenstein or robert mueller or judge kavanaugh today, but we are here to discuss a somewhat related topic, election security. and as we hurdle to election day 2018, in fact voting has already begun for military and overseas voters and in many places early voting has begun for all voters, it's impossible to escape discussion of the vulnerability of our election infrastructure, cyber attacks, foreign meddling, and there's really no doubt for the cause of all of this discussion. in 2016 the russians attacked our elections and our intelligence agencies have told us that we should expect more this year, and especially in

2020. much has happened at the local, state and federal level to reinforce our election infrastructure and election security since 2016 and we're going to talk a little bit about that today. at the same time, many have criticized the lack of action on the part of congress and the president. i include myself among them, to take dramatic action since 2016. and in fact at this point there's little more in terms of big actions that the states can do in the remaining days before the end of voting. so that brings us to our conversation today. where are we on election security? what's being done to protect, detect, and recover from any cyber attacks this fall? and importantly, once we get

through this election, what do we want to see our federal and state policy makers do to keep us safe in 2020 when the stakes may be even higher? so, to discuss these pressing issues and questions, i'm grateful to have an exceptional panel here with me today. and i invite you all, i'm not going to go through everybody's bio, we've got very impressive bios for all four of our panelists. you can find the full bios on the brennan center's website, on our events page. i'll just give a very brief introduction. to my immediate right is laura grace. she's the election protection manager for the lawyers committee for civil rights under law. and to her right, and i guess for those facing your left is

edgardo cortes the former commissioner of elections and election security advisor for the brennan center for justice. to his right we have brenda cabrera who's the general registrar and director of elections, voter registration and elections for the city of fairfax. and finally last but not least noah praetz, director of elections for the office of cook county clerk, david orr. as noah and i were discussing before we started, and many of you probably would guess, cook county is one of the largest in the top five in local election jurisdictions in the country. so i'm just going to begin with a kind of lightning round of questions that really nobody that works in our space wants to

answer. so i'll give them to you and make we could answer them in order and you could choose which ones you want to answer. the first question is what are you most worried about? would you even know if the russians or chinese or some other hacker hacked into our election system? would you know that in realtime or would it take a while to find out? and so that we don't leave everybody in a panic, what are you doing to prepare for these things? laura. >> okay, thank you. thanks to the organizers for bringing this all together today. the lawyers committee leads a coalition called election protection, which is the nation's largest nonpartisan election protection, voter protection effort in the country. so from our viewpoint, we're worried about anything that prevents voters from accessing the process, whether that's being able to register, vote, or have their votes counted ultimately.

obviously there are a number of cyber security issues that are of concern, but we're also concerned more broadly about election technology, mishaps or problems that can occur that put up barriers for voters trying to access the process. in terms of what we're doing, through our nationwide coalition and our state coalition partners, we are advocating election officials to prepare as much as possible for these -- for anything that might happen on this front, making sure that contingency plans are in place and that officials are trained in what to do when something goes wrong, when a machine breaks, and making sure that those solutions are really voter centered and are reasonable and not creating additional barriers for voters. we run a hotline voters can use and deploy poll monitors around the country to also help on the ground.

>> edgardo. >> thank you, larry. i think heading into november, my biggest concern, you know, equipment failures at the poll place, which prevent individuals from being able to cast their ballots. but i think for me on the cybersecurity front, i think statewide databases and the potential for incorrect information or some sort of impact to a statewide database that will create all kinds of confusion and chaos at the polling place. so the focus, i think laura mentioned, just working with election officials to look at making sure that there are some low-tech contingency plans to deal with these potential high-tech problems. so making sure that election officials have done that and have things like sufficient provisional ballots on hand and backup paper poll books, things that will keep the process going and allow people to vote, even

if we do end up in kind of a worst case situation. so that would be my greatest concern heading into november. >> so at the local level, i think what we're always concerned about is what we don't know could happen. that's always concerning. this year, obviously there's a greater emphasis on election security, so we do a lot of contingency planning. we're fortunate to have a paper balloting system so the advice is to order enough ballots for everyone. we have enough provisional supplies for everyone to vote provisionally. we download things and have things available ahead of time to make sure that if the system were to go down that we could continue to service the voters. >> thank you. yeah, it's important when we

talk about things like election systems we recognize that's an umbrella term, which covers all of the digital services we rely on. one of those services is a voting system, which is generally way harder to get to than the other digital services. but we've got websites that put out election results, websites that put out voter information. we've got electronic poll books and command centers. each of these have a stronger internet presence. they're more networked. therefore, they're a likelier target or easier target for our adversaries. everybody in the election community now has accepted the admonitions of our intelligence community that there are actors with the capability and intent to disrupt our business. sure, there are nation states, but there are also nonstate actors and individuals, so the entire election community has focused a lot on security. it's important to reframe

security a little bit because it can't just be about defending systems. you know, in the corporate world, defending systems is difficult and you can look at uber, equifax, hbo, sony, companies that have invested hundreds of millions if not billions of dollars to defending systems. in the election sphere we rely a lot on building resiliency, and that is the ability to detect when something bad has happened and to recover from it. that's where we're spending a tremendous amount of our time and that's where a lot of the recommendations like the one the brennan center put out recently, are focused. not just on defending systems but on continuing a strong business practice even in the event of a successful intrusion. that's where we put most of our efforts. >> so for people in the audience who may not spend their days thinking about elections, we heard a lot of contingency plannings and resiliency. could you give a concrete example? and it doesn't have to be

because of a hack, but something that might go wrong in one of these connected systems and what the planning is to recover from them? >> sure. i'll hop in real quick. so things like unofficial election results that get put out on election night, they're not real results, they're not coming from your tally system, but you can imagine how frustrating it would be if all of a sudden your website, a county's website was putting out results that ultimately didn't match what the true results were. so we think of ways to harden defenses for them. one of the great things that the private sector is stepping up in this area, both google and a company called cloud fare have offered free d-dos protection, some additional hacking protections. that's really helpful. the department of homeland security to their credit especially in this area offers cyber hygiene or scanning.

they have the bandwidth to protect all 8800 election officials' websites across the country to let us know what our vulnerabilities are so that we can quickly put in mitigations. so you do have to kind of role play the idea that the website is taken down and you start to build a list of, okay, can we get out results through twitter? what if our twitter account is taken down. can twitter harden the accounts? yeah, they will. they can harden the accounts of the election official and administrator and the officials and you think about backups. luckily in our field we all do that by our very nature. i think what we're doing now is sort of building 300-page playbooks so in the event of something you flip right to the sort of -- the symptom and it comes -- we've got our answers right there. these are the five people you call, these are your vendors, this is the law enforcement you called, this is your fbi contact, and a lot of your efforts have been spent making sure business continuity re-establishes pretty quickly.

>> anybody else want to add to that? >> i can just tag on to that. a lot of what we do relies on information that we get and relies on the internet, and so as much as we can keep a copy of that information on file so that we are not dependent on the internet if something should go down, which happens even outside of this emphasis on security, we do scan our computers. we have a relationship with dhs to do that. we're in constant contact with our i.t. department for things that they will help us with, but i think having a paper -- we do paper poll books. so if the information were not available to us, we could recreate everything we need to to conduct the election. >> i want to change directions and talk a little bit about -- we're in washington, d.c. -- the

role of the federal government in all of this. as i said in the introduction, congress and the president have gotten grief about not doing much in the face of a hostile power attacking our elections in 2016. i think that may give folks the impression that the federal government is doing nothing. i know you've been involved with some of the steps that the federal government has been taking since 2016. maybe you can talk a little bit about that. >> sure. the first thing that happened was in january of 2017, secretary jeh johnson and the obama administration named elections as a critical infrastructure sector. meaning there's a level of federal involvement, federal care that is automatically triggered. in order to support that, homeland security quickly pulled together a group of public

stakeholders. they've been working together for nearly a year to try to drive dhs's policy in this area. the secretaries of state have zealously guarded the elections institution. state election directors bring the idea that they need to institute and protect the institution of elections. they've got a slightly different flavor. us locals, where the rubber meets the road almost everywhere, have a different set of priorities. we've all been working together to make sure dhs is working properly and not overstepping their bounds. i think it's working really well, much to the credit of the leadership of the secretaries of state and the state election directors. and with dhs, it's important to point out the folks that are tasked with this, regardless of the top level administration's approach, the people in dhs are

working really hard to defend the institution. >> i don't know if anybody else wants to comment on whether or not they found the federal government's involvement to be helpful, not helpful the last couple of years. >> i can talk about that. i was with virginia's election commissioner and last year i was involved in a lot of the discussions and interactions between dhs and the states and the local governments one of the biggest obstacles we encountered in 2016 as we started getting information about potential threats to the system is that there was really no communication process in place between the federal government and states and locals to know where to get information from or who to direct potential concerns to and so i think a lot of the focus last year and into this year has been improving that. i think also the establishment of the election infrastructure,

information sharing and analysis center under dhs to kind of set up those parameters and getting all the states signed up, a lot of local governments signed up for participation in that and for all the kind of services that get offered there has been a huge step forward. there has been kind of -- a lot of interaction and discussion, movement around improving that communication. there are obviously disagreements about the extent that the federal government should be involved or can be involved but i think aside from those kind of more policy-related questions, there have been some actual concrete steps that have been taken over the past year and a half to really prepare for the 2018 elections and get everybody a lot better positioned. >> edgardo, you mentioned policy. one thing that congress hasn't done anyway is really pass any legislation related to election

systems security. there is this bill, the secure elections act, which i believe i read this morning there will be an even newer version of this reintroduced by senator langford, republican from oklahoma. this bill has the support of democrats and republicans. can you talk about what the bill is, at least in its previous forms, and whether you think it will be helpful or not? >> sure. i think there is -- at least of this morning, reporting that toward the end of this week, early next week, there would be a new version introduced, but unfortunately it hasn't gotten action yet. it was scheduled for a committee vote and that kind of got pulled. but the bill does a couple of things.

the first is, it formalizes in legislation the communication process i was talking about between the states and the federal government. it memorialized it and makes it a federal requirement under federal law, the information sharing and kind of communication flow is happening going forward. so regardless of the administration, regardless of who is in charge, it kind of continues on. and a couple of other key things, it requires things like election vendors. to report cyber incidents. right now there's no requirement that if a vendor provides election technology, if they have a breach of their system, there's no requirement to report that either to their customers or the federal government and so this would really set up a requirement for reporting those incidents so that everybody can address them properly. one of the biggest things in the act that's a point of contention is the requirement for effective

post election audits, in particular risk-limiting audits. i think the current version has reduced that a little bit. the idea to move to paper overall for our voting systems, you have some independent, verifiable record of the votes cast and you go back after the election and confirm that those ballots were counted accurately. it's having people take a look after the election to make sure the machines were tallying correctly. there's kind of this whole -- there was money that went out to the states early this year for election cyber security. it certainly is not everything that's needed in the states. i think it will be helpful and

has been helpful to the states. as we move forward. but i think it kind of speaks to the need that's out there. hopefully the passage of the secure elections act or something similar along those lines with come with some continuous line of funding for states and local officials. i think cyber security is a really expensive undertaking, and elections have become much more expensive, resource intensive to run. we need that federal involvement to make sure that there's some money there to put in these minimal requirements. >> does anyone want to comment on the secure elections act specifically or what they would like to see? what more they would like to see from the federal government? maybe nothing. >> i'll take it. in my mind, there are two priorities. this is me personally. one is to make sure there are

voting systems with paper artifacts that can be hand counted for an audit. simply because our institution has sort of two virtues. to put out election results that are true and trusted, and even if the technology were bulletproof, which it isn't today, and may never be, the trusted virtue is hard to establish in the political realm. the idea that an eighth grader could verify the election results as right is important. you don't need a degree in crypto graphic hashing to trust results. they could both be true but to get to that virtue of trust i don't see anything other than a paper artifact that can get you there. that's one priority. clearly there was not enough

money was invested to ensure that the investment wasn't made that could move them along. the other priority, though, certainly is to get expertise in every local election officials office. we're a big office, 100 employees. we partnered with the chicago board of elections and hired a professional because when you get 20 e-mails a week from an information sharing center and get great recommendations from the center for internet security and from the brennan center, somebody has to be able to ingest that. it's barely possible in our office but we're doing it. but most of the countries, 800 election officials come with staffs of three. the idea that they can absorb the information, build the best defenses, institute the best audits, the best recovery plans without boots on the ground is a bit unfathomable.

i'll just point out in illinois we have employed a team of cyber navigators, digital defenders that will partner up with local election officials and be their information security professional for the next couple years. we think that's a model that most states should employ. obviously we're all wrestling with different challenges. i hope the illinois experiment works out, and i look forward to other states adopting it. i know some are, indeed, doing that. >> city of fairfax is a lot smaller than cook county but probably a bigger than a good percentage of election jurisdictions in the united states. do you want to talk to anything that noah mentioned? has there been share between smaller localities and bigger localities? >> i think the advantage we have in the city of fairfax is that

we are a little closer to d.c., so we're a little more aware of the different resources and partnerships that we can do. there are localities my size or smaller that do not have i.t. departments. so as noah was saying, you're being asked to ingest and respond to an awful lot of information that you don't really understand. i think i get ten or more e-mails a day about election security. i think the resources and these partnerships would be really helpful. i think it is important to note that while cook county is in top five, there are a whole lot more city of fairfax small localities in the united states than there are, and we need resources. >> we've had in the news paperless touch screens. noah touched on that a little bit. in georgia, we had a federal

judge, although she denied a preliminary injunction motion to enjoin the state from using the paperless touch screen machines they have there, she made pretty clear in her opinion that she was concerned about their security and that the plaintiffs were likely to ultimately succeed based on security concerns to force the state to get rid of these machines on the argument that they're violating voters' constitutional rights. within the past couple weeks, the national academy of sciences joined many other experts in saying that these machines should be replaced as soon as possible. one of your controversial moves, edgardo as electioning supervisor was decertifying these paperless machines being used in virginia. do you want to tell us about

that process and why you did it? again there's been a lot of concerns about the fact that, as noah mentioned, about 20% of voters will use those machines this fall, what that means? >> sure. >> noaa mentioned during the first question that there were a couple of things about building resilient systems, protecting ultimately, our decision in virginia boil down to the fact that he couldn't identify the paperless systems are not there was no way to identify if there had been

inappropriate access. even if we had been able to do that there is no way to recover from that system or that system breach. once you change those records. there is nothing to go back to, no way to recover, the inability to recover from it and not even know if there is a threat in the first place really makes it not a resilient system. we made the tough decision in advance of the november election to force quite a number of local governments to deploy new voting equipment. they had a paper record which provides that independent record. scanners go down as well, become inoperable. but if that happens you have the actual votes that were cast on paper, the ability to

recover from that. that was the deciding factor in virginia in pushing everyone to paper. i think it has been -- we did an earlier round of decertification back in 2015. that was around a specific system, and some security concerns. i think ultimately it made the voting process more resilient and really improves the process for voters. >> i want to add a tag, that is the best policy, adoption moving forward. obviously we are administering elections now. with the equipment we have now. those 20% of the voters should feel strongly, the secretaries of state in those areas take this incredibly seriously. the state election directors in most areas, coming close to city administrators, are filling the top-notch control

holes. they are putting in all the defenses they can. these are low probability given they are -- low probability relative to the other systems we rely on. voters going into this election need to feel and should feel very confident the people charged in tasks with protecting the administration election are getting what they pay for. moving forward, as a policy, i think we ought to be adopting one that eliminates the possibility of catastrophic election failure. are speaking for implementation and not november. >> i think know what is right. i think one of the things we have been promoting for contingency planning is in terms of recovery and ability to address issues that those

locals governments, states that are using paperless and have emergency backup ballots printed and ready, encased our equipment failures, ultimately you want as an election official and voter for the process to keep going be able to continue voting regardless of what's going on with technology. >> rentacar you have actually -- brenda, you have actually administered, and dealt with the consequences of the decertification. can you tell me about the difference in those two systems? >> sure. i was in a large locality for 25 years and then i transitioned to where i am now in 2015. when i got the job they were on a particular system and by the time i took over the position

edgardo cortes had decertified the equipment they were using. fortunately for me i had been through a long german process previously so i was able to put that into effect in my smaller locale. i think there is a lot of emphasis on the piece of equipment you get, have to get new equipment, and while that's important, i think the things that take the most time to get used to are the process changes that happen. your election officers will have a different process, your voters will have a different process in the precinct. you also have accessibility questions about when you are going from a dre that is in itself accessible, ada compliant equipment, you may not have two different pieces of equipment in your precinct in order to vote in a paper system. also, ballots and paper, it's a lot of paper. it's a different way of getting the ballot, and we have absentee voting.

we are now not relying on machine to give the voter the proper ballot. we have to have those ballots and we have to have enough for votes in different ballots. i think the cost of those ballots is something that sneaks up on people. that is something you have to consider, it's an ongoing cost. you did not have it before when you are working on the dre. i defended the dre when we had them because i wanted the voters to be confident in the system that we had. but i am happy now to have a paper-based system. i tell people we can essentially re- create the election if we have to if we have any indication that something has gone wrong. the other thing that is challenging, i think is the messaging. we really employed our election officers and gave them specific words of encouragement to the voters. because they are on the front

line on election date when the voter comes in and says why are we going back to paper and why are we doing this? messaging is important to people as well in the transition. >> brenda, one of the things you're not able to do with these systems, which you had a pilot a couple of months ago, was something called a risk limiting audit of the system afterwards end of the election. this is something caught in the election security world we keep hearing senators ask about it, i'm not sure they really understand what they are. maybe you can help everybody understand why there has been so much talk of risk limiting audits of our elections and what that means and how it went? >> i would be pretty confident they don't know what it means.

it has taken me some time to understand what it means. the first thing i had to understand was that a risk limiting audit is a very specific thing. it is not me sitting in my office trying to figure out how can i build confidence for my voters, how can i audit this election that we just had? it's a specific set of steps you take to do that. the gold standard of coming for an election is a hand count and while that may not be as scary in my locality which is small, even though understaffed, that is just enormous task to undertake after every election in really large localities. so a risk limiting audit allows you to mathematically create a sample that will give you a level of confidence that when looked at my hand, will reflect the outcome of the

election. or if it doesn't, it will show you that you have a problem and what that problem might be. >> so i suppose in theory one of the benefits is that you are counting the minimum number -- you are and counting the minimum number of paper ballots you need to have confidence that the election -- that the wrong candidate didn't win basically? >> i refer to it as math magic. and i think that is another thing that happens when we talk about risk limiting audit, people get caught up in the math and how it works. i discovered there's a lot more to talk about in a risk limiting audit than how you get to the sample size . we did three different kinds in the city of fairfax, we basically hand-counted and entire precinct, we did batch comparison where we had a sample size of about 69 ballots

and we compare those two what the machine said, how the machine said it counted that ballot. and then we also did a bowling audit which requires -- a polling audit which requires a different sample size, about 200+ ballots for that one that would be a lot less than having to count the entire election and that also introduces a certain amount of other human error with it as well. >> if i might add, in colorado and rhode island, if there is a discrepancy the sample side -- size grows. conceivably you could get to the point we need to handcuff the entire election. this is done prior to certification. you are guaranteed to get to a point where you have proven, a full hand count or you got to the confidence level that the software matches the hand count.

both picked out the same winter. that is the true interest of virtue we all try to establish as election officials. >> thank you for that correction, i said election results but in fact this is supposed to happen before certification, there is no official results yet. >> we are all wrestling with trying to get the value, even if our codes are not up-to- date. >> in virginia it is not than before certification. >> i don't want you to think i forgot about you, you are running -- helping to run the election protection hotline, i don't know if we have said the number, 1866 our vote. this is where voters call in the hotline to talk about experience -- problems they are experiencing and to seek assistance. it doesn't just happen on

election day, this year i think it's november 6. it seems so far away. it doesn't just happen november 6. in fact you were working over the primaries. how do voters process all of this when they're hearing all this talk about cyber attacks and election attacks, what are you hearing from them? >> certainly and just to echo we do run the 8--- 1-866 our vote. we're launching tomorrow live to help voters with any types of problems or assistance they need. on this particular issue, it does seem like voters are bit more alert to the constraints of the day, talking about cyber security issues, but as a practical matter when they go

to the polls we have voters call in when they face problems with technology and the polling place. whether that's the voting machine or a problem with the voter registration system. one thing i think is worth reemphasizing is thinking through when there is a problem, what happens? for example we have voters the call that say, i filled out my pallet but when i went to put my ballot in the scanner it wasn't working so they put my ballot in a secure location and are going to check it later we are reporting to make sure this is known and through our network we let the election officials know they need to make sure the scanner is fixed. but the voters themselves, their ability to vote wasn't impacted by the problem. compared to voters who call when eight bre machine is broken and that's the only option in their polling place, they've been working -- waiting for an

hour now they have to go to work in the can't come back because the polls close before i get to leave work. is a real problems that impact voters and disenfranchised people because there aren't contingency plans in place that a reasonable options. we do through our hotline because number of reports like these into her best to advocate to election officials to think through the practical impact that it will have on voters. one issue we did have a number of calls about was in l.a. county during the california -- do now to what we know not to be a cyber security issue but a software issue, 120,000 voters, their names were missing from the polls when they went to vote they were told they weren't on the registry. thankfully in that case polling

officials immediately telling voters to cast a provisional ballot. the county board of elections were quite transparent and public about the issue as it was happening. voters who had cast a provisional ballot, it was counted. there is no extra effort required on the part of the voters. in that case despite the significant error and a serious issue that was later reviewed by external auditors and proper follow-up been done with voters to inform them of what happened and remedy the issue, those voters were able to vote. their vote was counted in the voters themselves didn't have to take any extra step to vote. more recently in maricopa county, arizona when poll books and ballot precincts were set up on time many locations didn't open for hours later. polling officials didn't really know what they were meant to do

in that situation. the information wasn't consistently shared with voters , provisional ballots were not always being provided. there were early vote centers available around the county but other low income voters or those with transportation limitations the had to go to work able to cast a ballot. these really can have significant impacts on voters and their ability to access the process. >> take a second to highlight the l.a. county? those provisional ballots are part of federal law. that resiliency is baked into the system, i think it's a good news story. because while the type of thing that happened there was a software problem, locally, the impact is the same as what is a

-- one of our voter registration bases going down. there is resiliency built into the process to help overcome or withstand even a successful attack. it's a good news story that something that is available nationwide in all states and counties are set to implement it. >> but training of officials and contingency planning -- >> having enough provisional ballots, -- >> it's great that los angeles had that. so i am told that we should -- it's time for questions from the audience. how are we doing this? are we having people come down? >> there are two microphones on either side and while we are waiting for people to come down i'm going to ask one last question. make this lightning round again. i want you to imagine all of you we made it through 2018, no

problems and everything went great. what are the big things you were thinking about fixing, tweaking, personally where you work or if not that what you hoping to see the state or federal government to ahead of 2020? >> we are trying to buy new election equipment. that's easier to defend and provide better capability of detecting error and recovering, and we've got to institute that over the next couple of years we've heard about how the changes are hard to handle. that's going to be a top priority. >> i think for me having conducted this audit for virginia is is the first audit virginia did call the law came into effect in july of this year. and we have a lot of work to kind of hammer out the details of that, implement audits in different kinds of localities.

localities. do a cross locality audit that involves different people with different machines and how we are going to do that. i think that will be my focus in the next couple of years. >> i think postelection heading into next year i'll be focused on nationally pushing that 20% of places that don't have paper- based systems to transition because they will have time before the presidential to do that and then coinciding and going along with that is the push for audits like rendered talked about. getting people more comfortable with them and looking at how to conduct them and whatever their unique set up is so they are ready to do that. >> it is twofold from our point of view. advocating to election officials to make these changes, moving to paper ballot makes a much smoother voting process in a

more secure process. in the long run. but also trying to shift to a more proactive outreach in reaching out to voters. simple things or simple actions voters can take like checking their name on a voter registration role for the deadline comes even if you are a long-term voter it's a long time good practice to take on and make sure if there are any issues with the voter registration database they are addressed in advance and folks are able to vote. hoping that not just the election protection our partners hoping to be more proactive outreach from election officials to really push that message to voters. >> great. >> my name is george ripley, i work with audit elections usa. we are working on the aspect of the ballot image created in the new digital scanning equipment. as opposed to the older

technology which is still used in significant amounts here in the country. the digital scanners take an actual photograph of each ballot. and it is from that image that the cast vote record is obtained. so you put your paper ballot in, the paper ballot gets a picture taken of it and it gets put in the safe box. -- >> i'm meant to say make it a question. -- i meant to say make it a question. a known addressed ballot image audit yet. perhaps one of you could do that. >> i can address that.

from our perspective, having people check the paper is the most effective and best way to do this. when you are looking at digital images and digital records you have the same potential issues around malicious software or other problems you may encounter in a paperless system. that is why we have been promoting and talking to folks about doing the paper ballots or risk limiting audit because that's we are going to get the record check. >> the only thing i would add to that, i think you would agree, there's nothing wrong with using digital images to audit. it's just that that should not be all that you're doing. there's plenty you could learn from that but at the end of the

day you need to make sure you're looking at the paper as well. >> it's a good point and there are a lot of things you can learn from the digital images. not just on the audit side from the voter side. you can look at images around valid design and problems the people may have, does a lot of good things you can do with those images, our focus has been on the paper-based audit. >> do you want to go first? >> i'm stephanie with the secure elections network, invisible groups working on election security. we are trying to let our activists know what to do to make sure they are registered to know the hours of polling and to know if they need a ride. is there an online site they can go to or is there a number, does your 866-our vote help

with that was there something else you recommend? >> the hotline which will be live from tomorrow through election day can help voters with any kind of information they need. any obstacle preventing them from voting. if they don't know where the polling places, they don't know how to check their name, our volunteers are ready to help with that. if they need to find a resource to find a ride to the polls we can direct them to local resources. of course if they face bigger problems or bigger issues when they go to vote at the polls like long lines or broken machines we are also ready to help. the 866-our vote hotline is available and 866 our vote.org is also a great resource. >> that is fabulous. that is really important. thank you. if i could put in a plug, please do your audits before

you certify the election. >> can i put in a quick plug, the secretary of state's and election directors have sites built to provide information uniformly to everyone in the state. election directors, their own website, what county and state they live in, those are great avenues. also i want to point out, facebook, the take a public information that each of us are giving them about registration polling places, the hours, they make that public up to every election. and you do a polling place searching google that information is coming from us through api and being published out to you. finding election information should not be a problem. the best trusted source is the state election official in the local election official. >> for our volunteers at 866 our vote we are directing voters to state and county

websites which can be difficult to find but we help close that link for voters having trouble. >> i am beth and i was just registering high school students today that's why i'm dressed like this. i'm also with the league of women voters and ime precinct chief at an election. i was looking over the security checklist and i think where i am we do a very good job with all of these., i was reading also page 1 and page 2 about the connectivity for wireless networks. and we use ipads to check in voters. but they are linked to each other using bluetooth and they are using the high school wi-

fi. so we have 5000 voters in this precinct and there are over 200 intercounty -- 200 precincts. it says to have a strong password you will change after every election. but with over 200 precincts should we have a variety of passwords that we are using? and how secure is that with bluetooth with the ipads checking in, they sync with each other. >> i will take that, it sounds like you are a northern virginia locality. >> i didn't say that. >> in virginia we established electronic poll book standards a couple years ago. the required testing and certification not just to make sure they work appropriately that they meet state security standards. i think those pads in

particular had specific requirements about how they get deployed, the use of networks to make them as secure as possible. certainly the preference is to not have other systems come with the wireless functionality big ten. there are some state requirements around security but they have to meet and also at the local level they are deploying, they are doing secure storage and updates prior to elections. there doing the password deployment. they are taking the additional steps at the local level before they field them to make them as secure as possible heading into the election. >> another thing to add is having paper backups in the poll place and enough provisional ballots that if something goes wrong, it happens every election somewhere with

electronic poll books that there is a problem, and having enough you can get through a couple of hours of voting on provisional ballots while they try to figure things out is critical. >> what scares me is if there was someone -- we have the paper poll backup. and we have to double check that everything is correct. but during the day where using the ipad and checking everyone in. if something happened, if someone says this is my name and id but we show they have been checked in that day, if someone has somehow gotten into the wireless network and started hacking that, we are stuck. >> your voting provisionally and you have a number of weeks after the election to resolve it. >> right, but i can't tell if someone has -- you got to have the numbers matching they are coming in. >> this is a tough area, we

cannot eliminate responsibly all risk. what we do is manage it, we recognize the ability to be digitally connected to a precinct and know what their bandwidth is and how many people are coming in and if there are lines, to get that value i'm going to trade the possibility that this bluetooth wireless access point could create another set of problems. as administrators we are constantly managing risk. to move back in time to a place where we eliminated the mall i think would make us pretty irresponsible. yes, it's in perfect, but the provisional ballot covers the baseline. the voter gets to vote, the administrators work through the specific problem. have information in front of you and says they have voted, you might be in more of a bind

having to talk through why you push them down that path. but it's a reasonable risk -- reward balance decision and we have a ton of those we make and they are all highlighted now especially as we think about connectivity and cyber exposure. >> it hasn't happened. i'm just thinking about it. >> it's a great question and i'm glad you asked. i think a lot of us who study elections are concerned, there has been a huge increase in the use of electronic poll books for good reason. as noaa pointed out. we certainly have to be focused on we are keeping up in terms of what we are doing in backup contingency planning and security to make sure we are keeping up with all the change. >> thank you. >> it depends.

>> i think the concern over wireless connectivity in general is once you start to allow the road of wireless connectivity and internet connectivity that opens up avenues for wrote -- remote access. that is where you get the balance that he was talking about. i think the push for securing and taking a closer look and perhaps developing national standards around security, something that should be looked at. >> we have two more questions. >> i am mark, a member of the virginia house of delegates, nice to see a couple virginians on the panel. probably why i am here. i'm concerned about cyber security. a bill introduced was one to get rid of the paper ballots in virginia. i was glad to see your recertification edgardo. we had a contested house of delegates election. i think a recount is where the

rubber meets the road. think people aren't as concerned when someone wins 55- 45 when every ballot counts, that is when every ballot counts. we had an election in virginia where they had to draw by lot and there was a real question over which ballots should've been counted or not. i'm going to be introducing into list -- legislation this year but my question is paper ballots are great, they are the gold standard. but in the recount procedure, what they do is run it through the scanner first. and then they only examine the ballots that are over counted or undercounted. in that procedure people are telling me the dirty secret is to run them through a scanner one day and you run it through different scanner another day in the count is different. the over count, the undercount, sometimes ballots fade. that is scary to me. my question to all of you is, what can we do to make sure our scanners are accurate, do we

need better risk limiting audit procedures or maybe we need , frankly when the scanners are different, that people go in and hand count the votes which is what i would like to see. i would like for you to talk about scanners and how we verify them. >> i will step lightly into that question. from risk limiting audit standpoint if you have a close margin that fell within the recount, in virginia it's 1%, you would be doing a full recount anyway. if it falls within the recount. and not to get into law but if the candidate actually asks for it to be done. the recount standards are different from election day standards. so you end up hand counting some ballots you didn't hand count on election day.

that is almost always going to create some challenges because you are looking now at voter intent. we had a ballot in the city during our audit where the voter clearly over voted the ballot. and the machine did exactly what the machine was supposed to do and counted that as an over voted ballot. but, it was clear looking at the ballot, when the voter crosses out two names and circles a name and says i want this one, it's clear the voter intent is that they want that candidate. again, the machine responded to that ballot exactly as you would want them to do. as long as you have a law that requires a different methodology for a recount than it does for election day, you are potentially going to come up with differences in your account.

but you should be able to explain those counts. in our recount we could explain everything, where the numbers differed, we could clearly show the ballot and say, this is different because this vote got counted as a vote for here are on election day it did not. if you're coming up with a recount and you are not being able to essentially go back and say this is a difference because we had as many ballots that were marked or counted differently or adjudicated differently because of voter intent, then you know you have something you need to look into with your machine. in our case that was not the case. >> accam lately respect -- i completely respect what you're saying. you are right about that. i have no problem with that. my question is scanners themselves, you run the same set of ballots through one scanner and it says 65 votes, four over

votes and six under votes, you run it through different scanner and may have a different account. my question is what are we doing to make sure the scanners are accurate? >> we should replace most of them. all of our technology is pre- iphone. this is what the facts are on the ground. we don't invest in elections at the local, state or federal level. we have a handful of vendors that work hard but on very slim margins. there are technology problems the can be solved if there is a functioning market. and there isn't. there is some really good new technology, the new scanners from each of the vendors are really good but most of the country hasn't been able to employ them, last real employment -- employment was in 2002, were all rubbing our nickels together to see if we

can patch all technologies. the heart of it is right there. >> i think one of the -- with the scanners themselves you're looking at a couple of things. you are looking at, in terms of ensuring the scanners are counting appropriately, the first thing we've been talking about and a lot of officials do is to do logic and accuracy testing in advance of the election for 100% of your voting equipment. that is going to identify potential issues in advance of the election with programming of the machines, or with how the machines are taking certain ballots. really having a rigorous and thorough 100% logic and accuracy testing. i think validating the counts. we talk about the risk limiting audit, i think brenda mentioned the law that was passed has it coming after certification, i think moving it precertification gives you the assurance that those

scanners were counting accurately and that gives you the confidence and how they are counting. and establishing like brenda said the voter intent. having those standards set up in advance of the election or in advance of any recount so there is an agreed-upon basis for tackling ballots the don't go through the scanner. over votes, under votes. all sorts of things. having those guidelines ends -- and standards set head of the election that feeds into having a successful recount process where you have confidence, you build confidence along the way in both the programming equipment and equipment itself that it's counting accurately heading into a recount and incorporate testing in the verification prior to a recount as well. >> thank you.

>> we have five minutes and three questions. i'm going to ask you to quickly identify yourself, quick weston and we will try to answer them. >> name is david from pittsburgh, pennsylvania where i'm involved with a number of groups. have a case to be argued before the pennsylvania commonwealth court on whether we can have local, like allegheny county, appointed expert commission with cyber security people to review the machines because all of these vendors have different equipment, strengths and weaknesses to create an optimum system. but, it came to my attention in the past week or so that one of the counties in the northeast of the state has an election director that has personal ties with one of the vendors who she is very much pushing for the replacement of their equipment. pennsylvania has to replace all of its equipment throughout the state. so i am wondering what sort of protections and looking at the

relationships that the election directors of influence over this may have with the choices. we have the same issue in allegheny county where it seems to be back room dealing and not open in the review of the equipment. that's my question. >> thanks. the next two questions? >> i'm lisa, i am with the league of women voters in arlington. my first question is a quick comment, the league has also a hotline called vote 411.org and it provides information about ballots and voting. and the second thing is, has any funding been anticipated down the road for voter education to prevent such things as over and undercounting?

so voters know if they're filling out a paper ballot and they change their mind, they made their mark in the oval or the square, and they change their mind and realize they did it wrong, that the important thing to do, the thing they must do is to turn that ballot into the election chief and get a fresh ballot. >> thank you. final question. >> my name is erica i'm also with the brennan center. tilting on the question about voter education, i wonder if any of you can speak to efforts to educate voters about what are the reliable sources of information, we have seen misinformation campaigns come up, letting people know about the availability of the website of the secretary of state and that is the best option. >> especially given that when we're talking about foreign interference in elections, and what happened in 2016, a big part of that is misinformation

on social media in particular. it seems like we have three, two questions somewhat related. kind of precautions can be taken? a review of election director decisions and purchase of equipment. will kind of education is being done or can be done around things like over voting and improperly marking ballots. and more generally about getting voters reliable sources of information. you want to take one? >> local procurement codes drive how the decision is made. i don't know how to advise you be on that but i assume there is one in the county and state that would drive decision- making. with respect to voter information, it's tough because most of the country, we all make different choices on what

ballots are given and how to use them. it's hard to put out national information. one of the interesting a lot more and work paper ballots, over votes show back up. one of the nice things about ballot marking devices is they can prevent certain errors, over roads being one of them. -- over votes being one of them. we are short on resources. as we try to measure what we invest in, in light of the -- or intelligence committee, most of our efforts now are going to working internally to make sure we are as resilient as possible and the sacrifices can often be some of these other outreach activities. it is certainly a priority for great many election officials. there is a constraint and that

is resource. >> just the voter education piece. i think that after our first recount in my locality with paper ballots, we learned a lot about how voters interpret instructions. so we changed our instructions and we post those instructions right in front of the voter. i will say that it's amazing how many times the voter doesn't see what is right in front of them. but we are reactionary in that way. we look at what happens in the selection and we will do our best to try and troubleshoot that for each election going forward, responding to where the sign is, what the sign says. and all of that. i also have the advantage in the city of having a newsletter , full-color newsletter of many pages the coast to every voter

in my city. finding those avenues where you can get information out to as many voters as possible. we live in the information age but i feel like it is harder and harder to know how to actually get information to the people where they are looking. >> i think on the procurement side, we know general procurement requirements, on the election official side, one of the things i've been cautious of, and i know a lot of election officials are, taking notice of the appearance of those, it's a very small field when you're talking about vendor officials, kind of an extra caution for election officials to take note and avoid any appearance there something inappropriate going on. if they are using and following the procurement rules that

should follow them from a safety standpoint making sure they are making appropriate decisions. on the education side, unfortunately noah is right, the resources, there are not enough resources to do all the things that need to happen right now. on the spectrum of where the resources go, unfortunately voter education ends up being for the bottom of the list because election offices have to keep the system running. they have to employ the staff the run the polling places. the have paper ballots, they have to cover the tangible costs so unfortunately the voter education piece gets short changed. i think that's where there are folks like the voter protection highline that are promoting where you can get information, helping people find that information, being the trusted source to get it. and filling in the gaps where

the election offices don't have the resources to reach. >> you want to close us out? >> touching on the misinformation piece and how that can be managed. i think all of us in many different ways are doing what we can to counter misinformation. as brenda said unfortunately we people get information and digest information is so decentralized it makes it difficult to find one solution that will work for all types of media, every platform. i know that many of the big social media companies are looking into this issue and we and our partners are getting recommendations on what might be done. but in addition to that, i think unfortunately a lot of the onus falls on us, in this room, as people who care about voting and know how to find the correct information can't know what the trusted sources are, be able to find a state or county election board website to verify information.

where you see misinformation or here misinformation, reporting that are flagging that on twitter or facebook, doing what you can to disseminate accurate or trusted sources of information. this is unfortunately a multipronged approach were all going to need to collectively take as a country. justin -- just encouraging any avenues you have to counter misinformation and encourage you to take those. i know we are doing our part to do that as well. >> thank you everyone. i'm going to stick around for a little while if there are questions we weren't able to answer. maybe other panelists will be able to as well. in the meantime we can give a round of applause. thank you all. [applause] while congress is on break

for the midterm elections we are showing american history tv in prime time. tonight it's a conference on the american west hosted by the aspen institute. historians talk about westward expansion, kit carson and other mountain men and the impact westward expansion and on the civil war and slavery. american history tv and prime time begins at 8 pm eastern. and on c-span this evening, 19 days before the midterm election and seven it congressman scott perry debates george scott. lied -- live coverage gets underway at 7 pm eastern. and on c-span 2 president trump campaigns in montana for republican u.s. senate candidate matt rosendale whose running against john tester. live coverage on c-span 2 and with the free c-