DHS Says Election Systems “Critical Infrastructure,” Making Federal Takeover Possible
On Friday, the Department of Homeland Security (DHS) declared the nation’s electoral systems “critical infrastructure,” potentially giving the federal government control over the electoral process, traditionally — and constitutionally — a function of state and local governments.
“Given the vital role elections play in this country, it is clear that certain systems and assets of election infrastructure meet the definition of critical infrastructure,” DHS Secretary Jeh Johnson (shown) said in a press release announcing his decision.
Johnson made the designation pursuant to a 2013 presidential directive, which identified 16 critical sectors, such as energy, financial services, and healthcare, that DHS is required to help protect. According to the Associated Press, “The designation announced Friday places responsibilities on the Homeland Security secretary to identify and prioritize those sectors, considering physical and cyber threats against them. The secretary is also required to conduct security checks and provide information about emerging and imminent threats.”
The Homeland Security chief said the designation would enable DHS “to prioritize our cybersecurity assistance to state and local election officials” and make “clear both domestically and internationally that election infrastructure enjoys all the benefits and protections of critical infrastructure that the U.S. government has to offer.”
Johnson first floated the idea of making the designation in August, when there were few credible claims, let alone actual evidence, of any tampering with voting systems or elections offices. At that time, many state officials expressed skepticism that federal assistance was needed and argued that putting their electoral systems on DHS’s radar could lead to a federal takeover of all elections.
Perhaps the most prominent critic of the “critical infrastructure” designation is Georgia Secretary of State Brian Kemp, a Republican. In August, Politico reported:
During an earlier interview with the site Nextgov, Kemp warned: “The question remains whether the federal government will subvert the Constitution to achieve the goal of federalizing elections under the guise of security.” Kemp told POLITICO he sees a “clear motivation from this White House” to expand federal control, citing Obama’s health care law, the Dodd-Frank financial-reform legislation and the increased role of the Education Department in local schools.
Democratic secretaries of state told Politico they, too, were concerned about Johnson’s plan. Vermont Secretary of State Jim Condos called it “the nose under the tent.” His counterpart in Connecticut, Denise Merrill, noted that the DHS designation might well lead to “federal intervention that would not recognize differences among the states.”
Johnson’s Friday announcement coincided with the release of a report from the intelligence community claiming — still without offering any evidence — that Russian president Vladimir Putin ordered a hacking campaign against Democratic Party nominee Hillary Clinton. Undoubtedly the Obama administration expected the report to bolster Johnson’s assertion that his designation was needed “now more than ever,” and indeed most news reports have tied the two together; yet notably, the intelligence report plainly stated that Russia had no involvement in “vote tallying.”
That fact was noted by the National Association of Secretaries of State (NASS), which said in a statement opposing Johnson’s action, “No credible evidence of hacking, including attempted hacking of voting machines or vote counting, was ever presented or discovered in any state.” Johnson’s classification of elections systems as critical infrastructure “is legally and historically unprecedented,” the group said, “raising many questions and concerns for states and localities with authority over the administration of our voting process.”
The secretaries have good reason to be concerned. In his announcement, Johnson said “election infrastructure” means “storage facilities, polling places, and centralized vote tabulations locations used to support the election process, and information and communications technology to include voter registration databases, voting machines, and other systems to manage the election process and report and display results on behalf of state and local governments” — in short, anything and everything involved in the electoral process. While Johnson claimed that his designation “does not mean a federal takeover, regulation, oversight or intrusion concerning elections in this country” and federal assistance would only be offered at the request of state and local election officials, Kemp told Politico in August that the current legal definition of “critical infrastructure” “would allow the Department of Homeland Security or anybody else to come in and get into our systems.” (DHS seems to be trying to do that already, having repeatedly attempted to hack into Georgia’s voter-registration database.) Furthermore, as the AP reported, Johnson’s “designation allows for information to be withheld from the public when state, local and private partners meet to discuss election infrastructure security — potentially injecting secrecy into an election process that’s traditionally and expressly a transparent process.”
NASS also points out that far from improving cybersecurity, centralizing electoral affairs in Washington would actually have the opposite effect. Currently there are about 10,000 separate state and local jurisdictions involved in the electoral process, and their electronic voting machines are not connected to the Internet. Hackers might be able to infect some of the machines in some of the states, but it is unlikely that they could conduct such a campaign on a nationwide basis.
Moreover, giving the DHS some measure of control over the electoral process could well open the entire process up to executive branch manipulation, former Federal Election Commission member Hans von Spakovsky warned in an August column. “Designating the nation’s election system as ‘critical infrastructure’ under a post 9/11 federal statute,” he wrote, “may be a way for the administration to get Justice Department lawyers, the FBI, and DHS staff into polling places they would otherwise have no legal right to access, which would enable them to interfere with election administration procedures around the country.”
At least one prominent lawmaker had kind words for Johnson’s Friday announcement. “In the long term, this will put our electoral systems on a more secure footing and maintain public confidence in our elections,” said Mississippi Representative Bennie Thompson, the top Democrat on the House Homeland Security Committee. “I commend Secretary Johnson for making this important decision.”
Kemp, however, remained staunchly opposed to it. “This action is a federal overreach into a sphere constitutionally reserved for the states,” he told Politico in a statement. Saying it “smacks of partisan politics,” he called on the incoming administration of Donald Trump to reconsider the decision. Kemp has also asked Trump to investigate DHS’s attacks on his office’s computer systems.
“Election infrastructure,” Johnson said, “is vital to our national interests.” If so, why, then, should Americans entrust it to people who are busily engaged in the very activity from which they claim to want to protect us?
Let the bombshells begin. Nonpartisan government watchdog outfit Judicial Watch just announced its receipt of 216 pages of documents containing the private email messages of former Homeland Security director Jeh Johnson, as well as those of three other top agency officials.
The other three DHS officials included in the Freedom of Information Act request made by Judicial Watch were deputy secretary Alejandro Mayorkas, chief of staff Christian Marrone and general counsel Stevan Bunnell.
And perhaps the biggest finding was the fact Homeland Security, under Barack Obama’s White House, was hardly the bastion of solid cybersecurity. Not only was the department spoofed by phishers, but Johnson’s own claim of making great “strides in cybersecurity” was revealed – mockingly – as complete bunk.
The emails contain messages about Johnson’s scheduled meetings with the Kuwaiti ambassador and with several Interior Ministry officials tied to Saudi Arabia’s government. They also give a behind-scenes peek at Johnson’s discussions about a $4.5 million online scam from West Africa that roped in unsuspecting consumers – and that hit at him personally.
Among the messaging, Judicial Watch reported:
- Kuwait’s ambassador to the United States emailed Johnson’s private, unsecured account to explain how he was trying to schedule a meeting for him with Kuwait’s interior minister;
- Kuwait’s ambassador to the United States emailed Johnson’s private account to also explain how he was trying to set meetings for Kuwait’s interior minister with top-ranked officials at the CIA, FBI and DNI;
- The U.S. ambassador to Saudi Arabia emailed Johnson at his private and unsecure account to discuss specifics of a looming meeting in Jeddah at Saudi’s Interior Ministry;
- The Department of Homeland Security’s chief of staff, Marrone, emailed several messages about the earnings of Lockheed Martin and about a project procurement;
- An unidentified individual emailed from a spoofed Johnson account about the potential to receive money from “an abandoned fund worth U.S.D. 4.5 million in West Africa,” if they only provided their personal information – a batch of messages that were later identified as part of a phishing scam.
In another email, Johnson also was found to have run down details about his department’s “strides in cybersecurity,” a message that included his “Progress Report” speech, Judicial Watch found.
“It is ironic and disconcerting that Secretary Johnson and his aides touted Homeland Security’s great ‘strides in cybersecurity’ while using unsecured, private web-based email accounts that the Department has officially prohibited,” said Tom Fitton, Judicial Watch’s president, in a written statement. “The fact that the documents found in these email accounts were so heavily redacted and that Johnson’s name and email account were spoofed in a phishing scam is indicative of just how lax communications security was inside Homeland Security during the Obama administration.”