that the elect of their own will to try to act, because they can business.small -- to explain to some people that if you want to see a great russia again, somehow you shall try to do something. >> thank you very much. please join me. [applause] >> thank you so much for being with us.

>> the impact of the catholic vote posted by catholic university's institute for policy research. it is live at 9:00 a.m. eastern. we're live with technical and policy experts looking at the implications of the military's use of artificial intelligence. watch both on c-span2. >> tonight on the communicators, scott walton, resident in senior fellow at the policy institute and the senior vice president at public knowledge talk about their opposing views of the at&t/time warner merger and what that means for telling communications. they are interviewed by bloomberg. content.er he is right. that is the way the vertical merger could be competitive. if they treat their own -- that

is going to be the biggest issue that the justice department will want to look at. concedes what you get out of your breakfast out of your smart refrigerator, when you go to work in the morning, when you're walking by mcdonald's on the way to work, and can combine that with content that you get from this to dissect every element of your life. >> watch the communicators tonight at 8:00 a.m. -- 8:00 p.m. eastern on c-span2. now election in cyber security professionals on how results are examined and verified. protecting the system.

this aspen institute event is about an hour and a half. >> welcome to the aspen institute. i'm charlie firestone. we are a nonpartisan nonprofit policy program that addresses andimpact of communications information technology on democratic institutions and values.

i can think of no more basic democratic values and free and fair elections. it's essential to the legitimacy of government and the faith of the people in the democratic process. program hasrs this looked at issues of elections and cyberspace, campaigns in cyberspace, and american media and voter information. we have been very interested in this topic for many years. the electoral process has been called into question in a couple of ways. there have been allegations of fraud and rigging in the election. we wanted to address it directly. there are allegations of foreign governments hacking institutions. of theluence the outcome election. for these reasons we have allied

with the election verification network. 185 professionals. officials,ection computer scientists, attorneys and others who look at the election verification process and are also assiduously nonpartisan. the question we face is how do we know that the votes we cast are the votes that are counted and reported? we have a great panel to look at this question. i'm very proud of the group we've been able to assemble. gardo on our panel is edh cortez. is the chief election officer of virginia. he has been at this issue over 15 years.

the assistants attorney general for national security until only a couple of days ago. top nationalion's security attorney overseeing 400 employees responsible for protecting the country against espionage,al espionage sabotage, terrorism, cyber breaches and other national security interests. we have susanna goodman who is director of common clauses voting integrity campaign aimed at repairing and strengthening voting systems at the state and national level. co-author of a very important report called secret ballot at risk. is the former

chairman of the federal election , appointed in 1991 by president george h.w. bush. he served as general counsel to senator john mccain's presidential campaign. he is our go to election lawyer. he was very involved in all of the reports dating back to the 90's and also known to many of us as the lawyer for stephen c, americans for a better tomorrow tomorrow. is david sanger who is the national security correspondent and dean of the new york times washington office. senior writer who has identified this issue. wrote a seminal article on it with charlie savage a couple months ago. david, take it away.

hashanks to walter isaacson given us the space and encouragement on doing this. i can't think of a more central issue for the aspen institute to be taking up. it's really at the intersection of fundamental building blocks of our democracy. and fundamental questions of what kind of society we want to begin what kind of defenses we want to have. of a better panel for putting this together and i'm delighted to see we have a full house. let me leave it in at what may be the biggest difference we are seeing this year. concerns asys had susanna and others have written about.

security of secret ballots, the ability to get to the polling place, the ability to have the insurance that your vote is being counted accurately. this year we have suddenly had a new layer of conserving. -- concern. i think it's the first time we have ever had the serious allegation that another nation state seeking either to influence the outcome or simply disrupt the conduct of the election. those are quite different things. i thought i would start with you, john, and your newly one freedom -- newly won freedom. to measure every word about whether you are speaking for the administration.

i thought i would ask you to take us a little bit through the discovery by the obama administration and the justice department that you were facing for the first time a nationstate adversary in russia the just to take at face value the statement came out from the department of homeland security two weeks ago suggests that in fact they were seeking to actively get engaged. not only break into political entities like the dnc but to weaponize and release that information. tell us a little bit about the debate about how to respond to that. put two trends together. a nationstate attempting to gain information by hacking into election campaigns or other

infrastructure isn't new. as chief ofjob staff to the director of the fbi i first met the obama campaign and the mccain campaign in 2000 when we were informing each of them separately and in a classified setting that later became declassified that there e-mails had been compromised by china at the time. they werement was inside the system in order to gain strategic intelligence. i wanted to know how these individuals thought that i might try to use against some of those campaign individuals depending on who was elected. not that they would do what is sometimes referred to as doc doxxing. russia we also have

a long history of russia trying to run influence campaigns were in the united states along with the rest of the world without revealing that it is sponsored the russian government or russian intelligence will try to plant stories in newspapers or other venues to influence the outcome of the election. we have seen russia attempt to undermine democracy recently in countries outside of the united and europe as the germans have publicly discussed or in elections in other parts of the world. what we saw here was a tobination of the ability get in through new technology to obtain information and then marrying it with a campaign to undermine confidence in the democratic system by releasing weaponize thing or using it to x along with other methods.

there is one we all should have been able to see what's coming. with as we have moved more of our infrastructure from analog to digital form over movedst 25 years we have almost everything we value from analog to digital. 97% is now digital with the exception of david who continues to write on napkins. [laughter] >> we call that analog. >> we didn't just make it digital. we connected all of this data to the internet. a medium that was fundamentally never designed with security in mind but designed to communicate. on the cusp of the next transformation. it may be as significant as the transition from the horse and orgy to an automated car

from a car with a driver to a driverless car. 2020 we estimate 70% of the cars on the road will essentially be computers on wheels. this isn't just what we are seeing in this case which is weaponize and information. we are moving almost everything -- thee that functions electrical grid, cars, pacemakers, drones -- we are connected to the internet of things. make thean't do is same mistake we did when we moved from analog to digital in the first instance, which is we can't systematically discount the risks posed not as to whether this works but whether it will work in all the same bad guys that will move to the new technology.

crooks, terrorists, nation states. those who want to actually illegally with a political agenda. all of those same actors are going to try to exploit this internet of things. we have to build in security by design on the front end which we are not doing effectively enough to date. comeinternet of things with things that make them unsecure. we needed enforcement regime to show that there can be deterrence. we will come back to the internet of things question because it raises so many for all of us. in the case of dealing with russia imposes a particularly

difficult deterrence issue. your time in office i think you made enormous progress in making it clear that if there was an attack on the united states at various times there was going to be the u.s. response. managed to do in dykeman's in the iran attack on the banks -- indictments in the iran attack on the banks. have begun to establish that even without using intelligence data you can build a court case. when you're dealing with russia it's a lot more complicated. lot more complicated because we have so many other things going with russia. ,iscussions over syria, iran nuclear negotiations at various points. it's a big complicated

relationship. us inside the considerations you have been about how one deals with trying to deter russia. but itd strike back now may not be the right thing to do at this moment when you are only a week and a half out from the election and they are going to have another response. >> you are right to put it into historical frame. the approach of taking nationstate related intrusions out of the world of intelligence where the primary consideration yourearning about adversary and protecting your sources and methods to one in which doing the investigation and attribution in such a way that one can make it public. that was important because if you don't figure out who did it and there's no deterrence and

you can't apply all the usual calculus we have applied to try to prevent nationstates from doing disruptive things to those who would do us harm. doing the investigation attribution in a way that we can be public about the results. we have been willing to accept that may cost. at times it may improve the tradecraft of an adversary. imposing consequences. that may sound like a commonsense approach because we have applied it in so many other fields. area and we this really only first started reorganizing government to move down this path in 2013. when we brought the first case in the spring of 2014. we have brought actions against korea.iran, north

i think there are common traits with the attack against sony. attack againstan a company or a victim. it was an attack against our values. they were trying to undermine a core value which is free speech. as part of this relatively fast-moving transition to this new approach each time we have contemplated in an action there has been a lot of discussion around the situation room table just like we have one we think about how to confront the terrorist threat or proliferators. in those other areas where we have gotten good and are at a fast pace each of the department agencies has a playbook. here's what i can do under my legal authorities. here's a range of options i could apply. the treasury department might

say we could apply sanctions against the individual or state responsible for this action. here ormight say criminal indictments or here is information we have collected in a way that we could make public. the commerce department might say we can use an authority we to designate certain entities as those who are counter to national security interests of the united states and make it impossible to do business with them without an export license. there's diplomatic measures one can take. u.n. resolutions, military options. options.unter cyber >> depending on the particular authorities that will be different. from defense of things, homeland security could do ranging to covert action or openly declared military action.

we have gotten very good at applying that framework of coming up with a response with these other threats. what is new is applying it against nationstate cyber actors. you have seen us run this --rcise with sony resulting in less than 28 days publicly naming north korea and introducing sanctions. there are some things you see and some things you don't but there will be consequences. need to investl in creating a maximum amount of tools for a decision-maker to use when it comes to cyber threats or activity. that is something in terms of things the next administration can focus on to put resources and figuring out who did it put resources into continuing to develop those tools or playbook.

they ran an important point in this of -- you have heard phrase which is we are going to respond at a time and place of our choosing. that is our doctrine in terms of the types of consequences. although we are going to figure out who did it, make public who public thatake there will be consequences it doesn't mean in every case what the consequence is will be public. i think that's to preserve the maximum amount of options for the decision-maker to craft the response that best suits that particular adversary and the scale of what they did. it is vitally important and sometimes it gets conflated. to apply we have tried this framework of imposing consequences and making it public it gets very much analyzed within government and terms of the relationship with that particular country. when we in guided five members

of pla for stealing across to things like leadpipe designs. theft there that is was a lot of discussion about what does this mean for china and how is this carefully tailored to china. similar people said north korea is notoriously difficult to impact. sense to evenny try to impose a consequence with north korea? with iran people said you just signed this deal why would you take action against iran for denial of service attacks over two years ago? a place where to we stop analyzing these in relation to the particular country.

when you commit destructive attacks whether it is affecting hundreds of thousands of customers and costing millions of dollars by attacking our banking system, stealing from private companies for economic we are going to figure out who did it, make it public and impose consequences tailored to what you did. that sends a message not just to each country but to all the other countries as they try to figure out a framework we're going to apply. means continuing to clearly articulate what those red lines are. when we consider it to have caused harm. >> susanna, you have seen lots in which election systems in the united states have gone wrong.

before we all gathered here you mentioned a really interesting case in colorado. tell us what your biggest concerns are and then tell us how the addition of a nationstate after coming into this makes this a hard problem to solve on the ground in the states where many of the states don't have the advantage of the intelligence briefings that john would get every morning at his old job. i'm part of the election verification network which is a consortium of computer scientist advocates and state policymakers. for as long as we have been in existence which is over 10 years we have been looking at this issue of what happens in the elections when the machines we rely on fail? either the equal books where we

check in or the statewide voter registration based or the machines. these are questions we have been looking at for a long time. we have come up with remedies for this. one thing we love to point out is that the folks that are most -- we recommend there always be a paper ballot or a paper record. this is championed most wholeheartedly by the computer scientists. by the people that love technology the most. that invented the cryptography that allows you to buy and sell stuff over the internet. the geeks that love the computers say you need to vote a paper or there needs to be paper record that you have verified for every vote cast. >> there are five states that have no paper backup and a number of states including some swing states that have only partial. >> that's right.

it's better than it was. paper is the gold standards. those states do other things. there are other ways those states handle those problems. in 2004 4000lina votes were lost on this computerized voting system. the election was in limbo for months. paper youon't have just can't go back and recount. when you have close elections they put those paper ballots up on the internet and said you decide. transparency,l of scrutiny, reliability with paper. >> does north carolina now have full paper? >> absolutely. it always takes a crisis. many of the states that moved to

paper moved because of similar incidents. we have collectively urged policymakers to move to paper and that's why the united states has moved -- many new systems have paper and that's terrific. regardless of whether it is a machine failure or glitch or human error loading the software actoror a nationstate bad , the failsafe is the same. it's paper. it's using that paper in recounting and auditing. -- seen thisemed challenge before but i don't think the remedy is different.

us about how you look at this as you are administering this in virginia. the first big fear we have heard about in the past couple of months hasn't been about the casting of the ballots since we are all in agreement that most voting machines are off-line. some voting by veterans and a few other exceptions. of course the registration rolls are online. we do have ways of backing that up. i'm a new voter in virginia. i registered just before the deadlines. i go in a week from tuesday. i've got whatever evidence i was given at the time i registered but they can't find me. what happens in a practical matter? >> in virginia and across the

country we have elections being administered at the state and local level. a lot of dedicated folks. something regardless of whether it's a paper-based system or electronic system a lot of our job is to look at what the risks are involved and figure out how to mitigate those risks as we set up our procedures. in virginia we have had a big change since the last presidential election related to electronic transactions. a completely paper-based voter registration process to have an online voter registration. we have moved our dmv to electronic registration. we went from a fully paperless -- and september 73% of registration transactions were

electronic. building in that security upfront. building and the ability to audit so the situation you mentioned in terms of voters showing up. the dmv process, we took it paperless. that we build very carefully with the dmv to create an audit process for all those transactions. somebody for whatever reason doesn't appear on the poll books on election day and they are issued a provisional ballot which they have the capacity to do and it gives us some time to research it at the local and state level. process welete audit can trace back to when this person went to the dmv, what kind of transactions they conduct. be able to pull any additional records the dmv had we have all those processes in place.

happen.these issues it's how do we deal with them to make sure voters are able to cast the ballot and that it's going to count. that has really been our focus at the local level to make sure virginia voters have the ability and that confidence in the iftem that when they go even they encounter an issue at the polling place that we have a way to resolve it and steps in place that their vote is ultimately going to get counted. >> the department of homeland security has offered its services to come in and basically scan the system and look for vulnerabilities. they offer this after reports had scanned hackers togetherof states seen

warnings about arizona and illinois. is -- do you take that what kind, and if so, of things did they look for and find? >> virginia, when it comes to cyber security reparations. looking at our system has been ahead of the curve on this. we have had a big focus on cyber security. a lot of the recommendations and information that's homeland security and our federal partners have been putting out our things we have already been doing. routinely scanning our system to look for potential vulnerabilities and how to mitigate those and resolve them. we work very closely with our whereid agency to nature

-- to make sure we are monitoring those. there was growing concern -- we were the first state agency to partner with virginia national guard to conduct a cyber assessment. we have a lot of things. we are happy to share with other states to look at how they can improve that awareness and network cyber security. some we were able to do and look at and take advantage of before the election. there were a lot of other things they let us know they had available postelection. look at how we can strengthen our cyber security even more. i think the discussion around homeland security and the treatment of elections is a great discussion to have. not enough attention has been paid to security in the elections process.

unfortunately, it has taken a backseat to everything else that is going on in terms of administering the election. unfortunately, the timing of that discussion has that into -- fed int all the fears there are out there. oit is not that we are not confident, it is remaining vigilant. team that have a dhs looked at your systems? what did they discover? >> we had folks from virginia national guard billion. we won't go into what specifically they found. i am happy to say that we have not found any specific threats against our system. we are in a good position. we continue to work with dhs and state level homeland security

partners and everybody else in maintaining -- >> did you find any evidence that your system had been scanned by this russian hacker group that had scanned the other state? beenr state id system has scanned. there's this routine scan that goes on everywhere. they agency puts out a report every year about how many times. we have not been given any indication that there has been any attempt to access our system inappropriately. >> access it or scan it? do you believe the russian hacking group that access the other states also scanned virginia? was there any attempt to download voter registration? >> there was no reason to

believe there was any attempt to do anything like that. >> you were lucky enough to be on the federal election commission in an analog age. good timing. as you look at the nature of the , welem, tell me first off are in this situation where the states run all of this but the fec is supposed to oversee it. very little authority over what they can mandate the states to change. give us a survey of what the federal government can do and whether or not you think that the emergence of nationstate actors giving interest to this process what role the federal government should have? >> the title, federal election commission, is a misnomer and confusing people who do not

understand our system. it would be more appropriate to call us the federal campaign-finance system. we have essentially zero to do with the running of election day activity in the united states. it was not set up that way. it is neither good nor bad. at the current moment where we are worried about everything being interconnected and the ability to control or in fact computer systems from the top down, it is probably good that the united states has one of the most decentralized election systems in the world. we have 50 states. each state runs its own election system. the states have counties. in almost every state, the counties run the election systems or the cities.

they have local officials in charge of how that is done. part of the national discussion post florida in 2000 is should there be national standards, either federally mandated or at least funded through money appropriated by congress to improve our election system? --ention has been between between thehas been obvious benefits of having somebody look at what is happening and establish standards that become the gold standards we hope states will live up to versus our very strong tradition of truly local control with hundreds of thousands of volunteers on election day and tens of thousands of election officials

across the country. we have reached some compromises . as in anything, sometimes we have lurched the wrong way. after 2000, there was a sense we should mechanize. one of the mistakes we made was diving into computer systems without a paper trail and the wentthat if something wrong, maliciously or not, we would not be able to figure out what happened and how people actually voted. there has been the move that we ballots,towards paper or at least a paper trail where it is possible to figure out what happened. i think a benefit of the discussions that have gone on in the last couple weeks is the awareness of the vulnerability of your machine systems.

machine systems. the distinction i want to make is even if we are talking about states that have machines, the phrase that john used is moving from orson buggy's to a modern -- horse and buggy system to a modern one. of thethe antithesis internet of things. these machines are not interconnected. if you have a voting machine, it sits in a warehouse. it is examined before hand. it is examined afterwards. the state does not have the money or the interest in trying to hook everything up. they are still largely freestanding. aboutr you are talking the all books people are being

checked in with, even there there has been only, push me. can check information and make changes from there. the disadvantage we have seen is if there is a glitch in the system, nobody can check in. the entire system does not work. states are understanding they must have freestanding devices. that is largely where we are as a country. you could think of this as things that can go wrong on election day. a statehem is not that actor could enter a central election system that does not exist and change the national tabulation that does not exist and change the results of the winner of the election. you could do that in other countries that have exactly that system.

it federal system. we do not. you would have to be dealing with something at the county level or messing around at the state level. that would have so many checks and balances, and our system is so transparent in terms of what the press can see and the weight results are passed back and results the way that are passed back and forth. johnson, the secretary of homeland security said that maybe we should designate the election system to be a form of infrastructure. if we look around the city, the washington monument is considered critical infrastructure. defense systems are considered critical infrastructure. maybe there is an aspect to this.

not white the list yet. election system is not. with heard the director of the national security agency make the interesting observation that we need to rethink our critical ,nfrastructure list entirely less around the buildings and --s visions and more around less around buildings and institutions and more around data flow. what difference would it make if our election system, the underpinning of our democracy was considered critical infrastructure? wouldn't you have state saying this is the beginning of a federal takeover of what has always been a state process? >> do we consider this to be

critical infrastructure and what is the value of the designation? of course it is critical infrastructure. perhaps not to our daily lives, but our entire system of government and constitution and representative democracy. nothing is more critical than having an election that is transparent, successful. and credible and believable. i cannot think of a greater threat to a democracy than suggesting that either the numbers can be cooked or that the system can simply be disrupted, which i think is the greater threat, so that people cannot successfully vote and we come away from election day thinking that the election was disrupted and therefore democracy did not work. it is completely critical to our and to theovernment

believe citizens have in a working democracy. the question becomes do you designate it as part of the nation's critical infrastructure, and what does that mean? the good news out of any such designation is the possibility of establishing national standards such as a paper trail that you want to make sure all states can meet. the risk is the one that you mentioned, which is that states will see this as a federal takeover of elections. the problem with that is the substantive risk is that you would ironically federalize it and centralize it in a way that makes it more vulnerable. you would not want to do that. the other is that i don't think you want to have an unproductive warte, reliving the civil

between the federal government and the government and the states over who is in charge of elections and centralization. you want to reach a place where you have good national standards and states can figure out where to meet on their own. you don't want to say everyone has to buy this computer system. you want to say you should have a system that meets the following certifications, that works, that is transparent, that you can count the votes if something goes wrong. establishing standards is useful. remembering that one reason some states are behind in this is a funding issue. not that there is not money there, but they have allocated it somewhere else. it is expensive to make changes and expensive to do ongoing security. maybe part of that is saying that there will be federal funding to enable even the

sometimes it, and is counties and municipalities paying these costs. if there is a designation, it have to be clear that this is a helping hand, not assuming control. be unsuccessful i think. >> you raised the internet of things issue before. one of the big concerns is that you would have on election day a day like we had last friday where there was an internet of things organized attack on a company that was basically one of the operators of the switchboard of the internet. dns in new hampshire. it did not bring everything to a halt. it slowed things down. doing internet searches, getting

stories of the new york times, we take that personally. you can imagine an election day when people are trying to figure out how to get to the polls and where they should go vote and how to take the bus and all that. up the system. do the kind of disruption have just heard of. what do you do about that? the friday case, the early indications were that it was not the russians. generally, trevor makes a good point, it is called the back to the future deterrents strategy. connect digital to the internet, it is not safe. sophisticated

criminal group have the capability and desire to get into your system, they will keep trying. once you accept the premise that they can get in, the next part of your strategy has to be how do you handle the risk mitigation matter. whether you are a company or government agency, what do i need to make sure that it still works if the worst happens and someone gets inside? that may range from keeping something in paper form or to give another example, the russians attacked the ukrainian electrical grid. reasons that was not as effective as it could have been is that infrastructure is 30 years old. people still have the expertise to work the system manually. much of the design of the infrastructure was not

connected. >> you're talking about the attack over the christmas holidays last year where they had to throw old switches to get the grid up and running. >> absolutely. as we take risk mitigation, there are costs. there are costs to efficiency. having 9000 or 10,000 different sites, there are costs, but there are also gains to not having everything connected electronically or digitally. that applies to our finance sector and electrical grid and voting system equally. we don't want to not take advantage of these gains in technology, but it does mean we need to think about how we are still able to operate the system manually. if you are worried about disrupting people's ability to

gain access to the internet on election day, talk about it publicly before hand so people do not panic. creating resilience. >> as you think about your list of things that worry you the most that could happen one week from tuesday, how much does a ddos attacked like last friday rank in your list of concerns? virginia, when , wetalk about mitigation have voter facing aspects and actually conducting the election. when it comes to that potential, all election officials have backups in place. we work with them on contingency planning and planning for all

sorts of emergencies. we have had everything from power outages to earthquakes in virginia on election day. when it comes to voters and finding the information they need, we have been looking at how to make sure that our system is accessible. we partner with a lot of people to put that information out so that we are not dealing with a single point of entry for voters. we work with the voter information project to make sure that our polling place data is available for voters. read before our election ofdline, we had a huge surge registration activity. we have learned lessons from that in terms of figuring out contribute -- to distribute information more. we are well-positioned. we have learned if our system is

not accessible, we have a content network where we have a specific error page that can direct them to different resources that are not on our system. we are making sure voters still have the ability to get the information they need and to feel confident they are going to the right place to vote and their vote will count. i think it is certainly a concern. keptiday our system functioning on friday. we have been planning for those things for a while. it takes resources. agency, we learned that despite the fact that elections are a core function of government, administering free and fair elections, when it comes to funding, election agencies at the state and local level, we are not i don't even

know where we are in terms of the overall state budget. we get that little amount of funding. our policymakers, our legislators, the folks that are figuring out how to properly fund government and make sure we can provide these services, making sure they are making it a priority. i assume after we get past this election, after this election it usually takes some crisis moment to spur action. the last round of federal funding we got around elections was after the 2000 election. we are hopeful nothing like that happens. we will work with our legislators and provide funding so that we can make this work and do the things we have been talking about here and make sure with these can deal

threats moving forward. >> your list. hack andince the dnc the release of the e-mails were that they wake-up call -- big wake-up call. we have seen a drumbeat of different organizations saying that states need to be prepared and have contingency plans. if it is not nation state actors, it is a hurricane, a storm, problems that election administrators know about. there has been a drumbeat to prepare. that is good. the one area i am concerned about is there are for military and overseas voters 31 states that allow military and overseas voters to return their ballots by e-mail. e-mail is hackable.

it is not secure. report and it is not secure. it is not a good way to vote. we now havencerned, evidence that a nationstate is interested in the outcome of our election. i would urge military and overseas voters to cast a paper ballot. to sendre required those blank ballots to voters. some states allow voters to mark those ballots and send them back by e-mail. would you e-mail me your social security number? if you would not do it with your social security number, you should not do it with your ballot. unfortunately because states sanction it, in voters minds it must be secure. they would not let me do it if

it was not secure. that is the problem. some states have done some cryptographic things. those are still not secure because you can still get into the server. that is something i am concerned about. there is a trend for this. people want to do things on the internet. they want to vote on their smartphone. why can't i both from my computer? upre are companies popping every day saying they have the solution. if you cannot keep nationstate actors out of the department of vcense, good luck with the group that funds a little $5 million internet boeing company. it is not safe. it worries me. >> we have about half an hour left. i want to get questions from our group here. you get the first.

>> i am reassured by the decentralized and unconnected form of our system. i am really glad that we are looking at this before the election. what are some red flags after the election that might concern us about what happened at the election? in other words, can we see now what things might have happened that would be a red flag that we should say that is a real concern, maybe those results are not accurate? >> i don't think we will be in a situation where we would say the verified results at the end of the process may not be accurate. if your question is, what would we look at election night or the

next morning and say there is something wrong with those tentative, preliminary results and we need more information or need to go back and do a recount , that will depend a little bit on the state system. i would back up and say the first issue is going to be an election day issue. -- there attempts empts to affect the working of the national internet system? does that mean that state election commissions are not accessible to the public? is there evidence that people ing having trouble vot in a given state or locality? flags that get picked up immediately.

because of the transparency and decentralization, both parties will have election observers and lawyers focused on all of that. as a person in the mccain election day process, there is a nerve center of people in every state that are looking at that. there is snow somewhere. that is not an internet problem. that is an election day problem. a judge and ask for the hours to be extended? there is a hurricane. do you say as new jersey did that you can vote after election day in certain places? we are designed to look at that and react to it. we have a judicial system where we can go in and say we want you to change how elections are run for this reason in this place. that gets litigated.

one party may think that disadvantages them and object. afterwards, every state has a system certifying the results of the election, going back and crosschecking. if there are missing numbers from a present or a machine did not work, then the system kicks in to deal with that. when we getelection through all of this, we will want to go back and look at the question of what more can the federal government do? needed?e funding is i think the conversation changes over time. said, why, everyone don't we vote by internet? i can stick my card into the machine and get money out, why can i not stick my card and and vote. it was the computer scientists

who said wait a minute. there are issues we have not fully addressed. over time --ed when i was in the mccain campaign and these people in suits came to see us and said we cannot tell you who we are, but you should know that a foreign nationstate has seized control of your computers. they can do anything they want with your computers and e-mail and records. we said, what did you just say? what does that mean? that was eight years ago. andink the public is behind the reality of what is out there in terms of the ability for people to at least intrude and read. and now to leak to somebody to put that out there. that will have an effect on how we look at things going forward.

it will affect how election officials are working for interconnectivity and give them pause. i think election officials are going to say, do we really want to connect all those? that was not a conversation that was as common couple of years ago. >> we will start right here. >> thank you very much. first of all, thank you for posting this. this.ting there are two sets of threats we face in this particular election. there are cyber threats, and there are digital threats. the cyber threat you laid out in some detail today. my question on that is, is the cyber threat we're looking at in

this election exclusively russia, or are there multiple players that may be at work in that realm? amazing no and it is ,ne has mentioned the t word and i'm about to do that. he is going to keep us in suspense because he is questioning whether this will be a fair election. and that realm, two components, one is voter fraud, and the other is frenchman. disenfranchisement. is there a concern on the part of anybody on the panel on either of those analog options? voter fraud and disenfranchisement.

is that bogus or is there some validity to that? >> why don't we asked john to take up the question about other nationstates and susanna for the disenfranchisement. >> something that trevor said. comparedc was behind to those who have had the expense. we were in part responsible for that because we were not stating publicly what we were seeing. there were good reasons for that and a history with adversaries like russia where we would treat this type of activity like an intelligence collection problem. we would try to observe each other's capabilities and assume this was used for strategic intelligence gathering.

things can clearly be used ranging from that to physical loss of life. it became more important for us as government officials to be able to talk about what we were seeing. it was only 2011 that we name china and an actor of financial espionage. iran, north korea, china, and mayia where the four adversaries in the space. the intent is to undermine confidence in the integrity of -- the kindecause of mischief they can cause. it makes it very hard for them .o do what they want to do it is hard for those in an

autocratic society to understand that here in a democratic society, being public about what they are trying to do makes it an effective. -- ineffective. we should worry about other nationstates and organized criminals. yes. this is not particularly a russia issue when it comes to undermining our elections. when it comes to how we make the system resilience or who the bad guy is, you can come through and list folks who would have the motive, and that might help in terms of how you devise your defenses, but we absolutely need to think more broadly than any particular threat aftctor. disenfranchisement

issue. donald trump has said there is going to be voter fraud. we have seen the academic inearch out there looking at person voter fraud, which is what he is talking about because he wants citizen observers to go to certain places to make sure people are not putting on a disguise and voting. that is in person voter fraud. existeally does not empirically. maybe there are one or two cases , but we can dismiss that as a threat out of hand. what we are concerned about is the impact of people who are going to be observing, being a force of intimidation for voters. with athis -- we work large coalition of groups to run

an election protection hotline. we have already seen behavior which is intimidating to voters where people are filming and taking down license plates. things which are intimidating to voters trying to cast their ballots. for solving a problem which does not exist, in person voter fraud, having observers come down to the voting place and challenge voters to ask them if they are registered to vote, i think is worse is actually voter suppression and intimidation and should be reported if you see it. it should be reported to the election authorities. hotline andl our put in and let folks know. if we get enough of these, we

have litigation. it is a real concern. >> this has been an interesting collection for a lot of reasons. there is a tension between the republican elected officials across the country and the party nominee on some issues. on this issue, you have seen republican elected secretaries of state saying exactly what democratic officials are saying, rigging you are talking about press coverage or broader societal issues, that is one thing. result onn that the election day is going to change because there is going to be actual fraud at the polls and people who are not registered are going to be voting, or assuming someone else's identity, there i think both

party's elected officials have been really clear. our system is designed to make sure that does not happen. when i was on the mccain general counsel eight years ago, based on noise at that stage, we did a careful analysis of the threats we have on election day. butthe apocryphal issues, what are we actually concerned about? the answer that came back has historically been absentee voting. voting, meaning someone gets 250 ballots, they go off and they come back and they are all signed and voted. who actually voted those? that is different than election day where we had a high level of certainty. we have a lot of safeguards. that is not the problem we had. >> thank you.

suzanne forthank mentioning the views of our computer scientist as to the issue of online voting. these and not just the experts, these are the people web design the cryptographic protocols that say it is ok to purchase a book or music online, but do not rely for votiforeboding -- in thinkg you. made an interesting analysis of how we deal with cyber threats broadly. rationalizing state actors by saying the u.s. will identify you and respond, that assumes that you have repeat players and not one actors. this may just require general

resilience to these kinds of attacks. the question is the problem of attribution. movies, one ofnd the populists is of course we have someone in between the u.s. and the russians who is trying to provoke an action by one great power against the other. it seems to me in the realm of cyber attacks, and we have seen this, it is a real concern. to what extent going forward do you think we will be able to effectively manage the issue of attribution when there are so many different degrees of risk and so many different degrees of response? >> i think that is an important question. i think for some time there were those who assumed because we were public about attribution, we cannot do it. it is hard, but it is not impossible. the difficulty right now in

doing attribution, at least for a government actor with the collaboration of victims, and that is something we need to change by increasing those who are willing to come forward, whether those are the vendors working with election systems or private companies that have been hacked. where we can do investigation in attribution with high confidence in the intelligence community or wearing my prosecutor has where we can reach unreasonable doubt before a jury of her peers, just like on the defensive side, i think there was a mistake in that we turn this overly technical. the idea was that you had your technical expert that speaks a language i do not understand as a policy maker or law enforcement.

they will tell me at the end of the day either they know who did it or they cannot be known who did it. not how we investigate and other areas and it should not be how we investigate here. instead we are using all sources the way we normally would. that means having access to human beings, figuring out what they can tell you about what occurred. that means technical analysis. it means using things like in haveony case where you these profilers, the hero analysis unit at quantico where they look at a crime scene and would say, there are certain things about and would say, there are certain things about this crime scene that were not necessary to affect the ground. they wanted to have an impact on the viewer by situating the body in some way. that is horrifying but also useful in giving us insight to

who this person is. to use the cyber equivalent in the sony case, it was one of the first times we used a behavioral analysis with a cyber background. there was certain malware that was required to turn the computer into a brick or exultation -- exultation. they also put up a splash screen with a visual image. they left things that do not have to do with turning the computer into a brick or stealing information but is designed to have an impact on the viewer. you can look and see whatever actors with these similar tradecraft in the past, and does it match up here, and it did. you combine that with technical analysis to get your whole picture. for acertainly true consequential actor.

you need to make sure you have a high degree of confidence. there is a reason why we discourage the policy approach of having private companies take action into their own hands because it is hard to do, and you don't want people guessing wrong. there will be the case where purple certainly -- people use cutouts. i call this the blended threat. we're always seeing this. we had someone who hacked into a private company installed identical -- identifiable information and asked for $500 in bitcoins. from the victim perspective, that looks like a low-level crack. on the backend, that was taking personally identifiable information and getting it to one of the world's most dangerous terrorists and taking that information and turning it

into a careless. they were taking advantage of a criminal act or to turn it into a terrorist actor. on thesimilar activity electronic army where in addition to actions on behalf of syria where they feign a attack on the white house. the was to make a dollar on stock market. this is going to increase the amount of time and money they spend too high their tracks. they're going to leverage criminal groups to confuse the victims as to who might be responsible. >> we'll have about 10 minutes left. we'll have short questions and short answers. right there on the aisle. >> thank you. [indiscernible]

my question is about what are the strategies, or are there strategies in institutions and think tanks and groups who are going to be prepared after this election to have the ability to start education and communicating with those who will say this election has been rigged? there will be cyber threats and many things you talked about. how are we going to begin to reach those who feel disenfranchised because their candidate did not win? is there an entity or strategy that we can think about now that will project beyond the election rigged., it was not writte -- rigged.

>> is that other than running the most transparent election can. does virginia have a way of addressing people? >> for us the important part is not waiting until after the election we have been working with local election officials because of everyone's heightened concerns and all these questions they are not sure. her us it is a good day when the voter goes in and does not have to think about the process and background. that is not where we are right now. they are asking a lot of things. areake sure that we informing voters and making them feel both the process now so that on election day regardless of the result they are confident the votes were tallied

accurately and the election was done fairly. and after the election in terms of the process that all the states have, we call it can this in virginia where we review everything that happened on election day at the local level and send that to us at the state level and review it again before the results are certified. that is a public process where people can see and observe and see what happened. if there are changes from those on official results on election night, people know exactly what happened and why those changes were made. all of those things that go into it. we have been focused to make sure we are educating folks about the rss and helping them understand how this works so that they are comfortable with it heading into election day. if we wait until after, we'll have about one and a half weeks

left, if we wait until after the election, it is a lot harder to convince people after the fact that it is fair. we have been doing that up front. >> we are tight on time. any other steps can think of? >> it is a critical point in question. we have to build bridges and have everybody feel like they are part of this. don't take your marbles and go home and be bitter. bring this country together. a lot of folks have said this. the mechanics of how you do that through churches or civic organizations or political thates, i think one thing is a little outside the box, but part of the same problem is fixing how we draw the lines. the redistricting problem in this country is huge. there are many, many people who have one choice when they go to vote or congress or state legislator because of the way

lines are gerrymandered. that is a serious problem. does the work for all of us. religious organizations, the aspen institute, to tackle this critical problem. >> i thought i saw a hand over here. you.icrophone is coming to is there a possibility that issues of cyber security where voter integrity might impact or challenge our interpretation of the constitution and once again voting issues come before the supreme court? >> this would not be a good moment for the supreme court to have to deal with a partisan dispute. i think more broadly the questions that are coming up as

we in the country talk through these is do we have a contribution of -- constitutional right to vote ? we have a constitution that was written when only some citizens have the right to vote. the senate used to go through legislatures and the presidency used to go through the electoral college not connected to the popular vote. given where we are, shouldn't we recognize a constitutional right to vote, which would have the effect of making access something that cannot be denied as opposed to a privilege -- could not be denied without good reason, as opposed to a condition privilege. that should be some of the discussion we see in voter id

cases and redistricting cases where the court has found a constitutional right to be free redistricting, but has said we do not know how to judge or create the standards that say this is partisan redistricting and wrong. i think you will see more constitutional discussion of these voting and redistricting and probably campaign-finance issues as well. >> if i could go to. microphone coming to you. >> this is a fascinating discussion. i wonder a couple things. importance of the the local process. horse has note left the barn for enough people.

one candidate and a lot of his followers are certain that this election is going to be stolen, and they will probably not be persuaded by any collection of facts. >> who wants to grab that one? [laughter] >> it is interesting because i'm not sure the feeling is it is going to be stolen, but the feeling is if we lose, it must have been stolen. that goes to the good question about how voters view this. withyou are in a situation a geographic disparity that we have. , myr the last election younger brother told me, and he was a romney supporter, and he told me i do not understand how this happened. do you think there was fraud? i do not know anybody who voted for obama.

that is the geographic disparity i'm talking about where you have people saying everybody i know is voting for my candidate, therefore if he loses, there must be something wrong with the results. the good question is how does the winner -- either side i suppose because both sides are deeply entrenched at this stage, both sides have voters the know people only voting for their candidate, how does the country expect that result that never mind accepted in the sense of saying now we have a president, just in the sense of accepting the legitimacy of the results. some of that comes from this sort of discussion. and the actions of all of those secretaries of state in both parties going out and talking

about the safeguards we have in the system. perhaps between now and election day there will be a greater understanding that if it happens, if your candidate loses, maybe they did not get as many votes, and you should be arguing about why not as opposed to the sense that somehow those were stolen. >> join me in thanking our panel. [applause] gojoin me and saying that out and vote. thank you. [captions copyright national cable satellite corp. 2016] [captioning performed by the national captioning institute, which is responsible for its caption content and accuracy. visit ncicap.org] c-span's washington journal live every day with news and policy issues that impact you. coming up this morning, jim

pinkerton will join us to discuss the latest news on the 2016 campaign trail, including his recent article about the foreign-policy choices facing a potential donald trump administration. senior fellow at the brookings institution will be on to talk about marijuana legalization, which is on the ballot in five states. he will also discuss conflicts with federal and state laws, especially in states where cannabis is legal. university of texas school of law constitutional law professor will join us to talk about the legal issues at play in the fbi's probe of hillary clinton's e-mail. be sure to watch "washington journal" coming up at 7:00 a.m. this morning. join us for discussion. valley norilicon peter teel talks about the election and his support for donald trump.

coverage from the national press club coming up on >> c-span brings you more debates from key senate races. democrat jim gray debate for the kentucky senate seat. wednesday night at 8:00, live coverage of the louisiana senate debate between a field of candidates. at 9:00, kelly ayotte and maggie hassett debate for the new hampshire senate seat. watch the debates on the c-span networks, c-span.org and listen on the c-span radio app.

history unfolds daily. >> this week on "q&a," journalist and author larry tye. he discusses his book "bobby kennedy: the making of a liberal icon." brian: larry tye, your new book on bobby kennedy starts out this way in the preface -- history remembers robert f kennedy as he was in his crusade for president in 1968. a racial healer, a supporter of the poor and the last progressive knight. why did you begin your book that way? mr. tye: that is what drove me to write the book and that is only a piece of the story.

if that is all we know, we don't know nearly enough. brian: on the same page a little later, you bring up senator joseph mccarthy. mr. tye: the most counterintuitive piece of bobby kennedy's history is his early and close relationship with joe mccarthy. bobby kennedy in his early days was a cold warrior. he did not just believe there were threats in the soviet union but that they posed a threat the same way that mccarthy believed in america and he believed joe mccarthy was the one guy in that era that was really taking the fight to them. so he went to work for him enthusiastically and to understand bobby kennedy's beginning and what he became in the end, we have to understand his relationship with mccarthy. brian: mccarthy was a republican from wisconsin. what triggered -- i know you spent a lot of time in massachusetts, but what triggered your interest in this particular biography? mr. tye: i had grown up with bobby kennedy as an iconic