WASHINGTON – U.S. Senator Amy Klobuchar (D-MN), Ranking Member on the Senate Rules Committee with jurisdiction over federal elections, and Senator Ron Wyden, (D-OR) a senior member of the Senate Intelligence Committee asked the FBI to explain its response to the potential Russian hack of VR Systems, a Florida-based election software company. In a letter to Federal Bureau of Investigation (FBI) Director Christopher Wray, Klobuchar and Wyden pressed the FBI to explain what steps it took to investigate a potential hack of VR Systems. The company provides election software, including electronic poll books.
The Mueller Report revealed that “[i]n August 2016, GRU officers targeted employees of [redacted], a voting technology company that developed software used by numerous U.S. counties to manage voter rolls, and installed malware on the company network.” VR Systems has since confirmed to the media that it was the unnamed voting technology company in the Mueller Report.
Despite the fact that VR Systems equipment malfunctioned in several North Carolina precincts in November 2016, leading to long delays at the polls, it’s unclear what steps federal agencies took to investigate the extent of Russian hacking, and whether malware was responsible for the failure of VR Systems’ electronic poll books.
“While the Mueller Report revealed several new details about Russia's attempts to interfere with our election in 2016, Congress and the American people still do not have a complete picture of the federal government's efforts to detect and defend against this attack against our democracy,” the senators wrote.
Klobuchar has been leading the fight to protect our future elections from foreign interference. Last month, Klobuchar introduced the Election Security Act with 40 Senate cosponsors. The Election Security Act would require backup paper ballots, provide $1 billion in election security grants to states for cybersecurity improvements and audits, strengthen federal response to election security interference, and establish accountability measures for election technology vendors.
Last month, Klobuchar also reintroduced the Honest Ads Act with Senator Mark Warner (D-VA), Vice Chairman of the Select Committee on Intelligence, and Senator Lindsey Graham (R-SC), Chairman of the Senate Judiciary Committee, to help prevent foreign interference in future elections and improve the transparency of online political advertisements. Graham carries on the bipartisan legacy of the bill from the late Senator John McCain (R-AZ), former Chairman of the Senate Committee on Armed Services. Russia attempted to influence the 2016 presidential election by buying and placing political ads on platforms such as Facebook, Twitter and Google. The content and purchaser(s) of those online advertisements are a mystery to the public because of outdated laws that have failed to keep up with evolving technology. The Honest Ads Act would prevent foreign actors from influencing our elections by ensuring that political ads sold online are covered by the same rules as ads sold on TV, radio, and satellite.
In December 2017, Klobuchar introduced the Secure Elections Act with Senators James Lankford (R-OK), Senators Kamala Harris (D-CA), Lindsey Graham (R-SC), Richard Burr (R-NC), Mark Warner (D-VA), Susan Collins (R-ME), and Martin Heinrich (D-NM) to strengthen election cybersecurity in America and protect against foreign interference in future elections. The Secure Elections Act would streamline cybersecurity information-sharing between federal intelligence entities and state election agencies; provided security clearances to state election officials; and provided resources for states to upgrade election security. Senators Klobuchar and Lankford are currently working to re-introduce the Secure Election Act.
Klobuchar has also lead on other election security legislation including the Global Electoral Exchange Act and the Invest in Our Democracy Act of 2019.
Klobuchar has sent numerous letters urging departments, agencies, and private companies to improve election security. In April she led a letter the DHS and FBI to establish a task force combining the efforts of social media platforms, local election officials, and also reporters and independent researchers, in finding and stopping disinformation and misinformation campaigns. In March, Klobuchar and the Ranking Members of the Committees on Homeland Security, Armed Services, and Intelligence sent a letter to the 3 biggest voting machine companies in the US asking tough questions about election security. Klobuchar has also sent numerous letters to the DHS and its Cybersecurity and Infrastructure Security Agency (CISA), urging them to prioritize election security measures.
The full text of the letter can be found below:
Dear Director Wray:
We write to better understand the steps that the FBI has taken to investigate potential cyber intrusions by the Russian government into election technology vendors.
In April of 2019, the Department of Justice released a redacted copy of the Report On The Investigation Into Russian Interference In The 2016 Presidential Election by Special Counsel Robert Mueller ("the Mueller Report"), which described how Russian government hackers targeted U.S. election infrastructure. The Mueller Report revealed that "[i]n August 2016, GRU officers targeted employees of [redacted], a voting technology company that developed software used by numerous U.S. counties to manage voter rolls, and installed malware on the company network."
VR Systems, a Florida-based manufacturer of voter registration software and electronic pollbooks has since confirmed to the media that it was the redacted voting technology company in the Mueller Report. In a May 16, 2019, letter to Senator Wyden, VR Systems described how it participated in an August 2016 conference call with law enforcement. Participants in that call were apparently asked by the FBI to "be on the lookout for certain suspicious IP addresses." According to VR Systems, the company examined its website logs, "found that several of the IP addresses had, in fact, visited our website" and as a result, the company "notified the FBI as we had been directed to do." VR Systems indicates they did not know that these IP addresses were pmi of a larger pattern until 2017, which suggests that the FBI may not have followed up with VR Systems in 2016 about the nature of the threat they faced.
While the Mueller Report revealed several new details about Russia's attempts to interfere with our election in 2016, Congress and the American people still do not have a complete picture of the federal government's efforts to detect and defend against this attack against our democracy. To that end, please provide us with complete answers to the following questions by July 12, 2019:
- What steps, if any, did the FBI take to examine VR Systems’ servers for evidence of a successful cyber breach after the company alerted the FBI, in August of 2016, to the presence of suspicious IP addresses in its website logs? If the FBI did not examine VR Systems’ servers or request access to those servers, please explain why.
- Several months after VR Systems first contacted the FBI, electronic pollbooks made by the company malfunctioned during the November 8 general election in Durham County, North Carolina. In the two and a half years since that incident in Durham County, has the FBI requested access to the pollbooks that malfunctioned, and the computers used to configure them, in order to examine them for evidence of hacking? If not, please explain why.
- VR Systems contracted FireEye to perform a forensic examination of its systems in the summer of 2017. Has the FBI reviewed FireEye’s conclusions? If so, what were its key findings?
- Ahead of the 2020 elections, how is the FBI ensuring that local and state election officials feel comfortable reporting potential cybersecurity incidents? How will the FBI improve the speed and completeness of the information it shares with election officials, so they have the knowledge of the threats they need to do their job?
Thank you for your attention to this important matter.