President ial debate, go to cspan. Org using your desktop, phone or tablet. On our special debate page, you can watch the entire debate choosing between the split screen or the switch camera option. You can go to specific questions and answers finding the content you want quickly and easy. Create clips of your favorite debate moments to share on social media. Cspan. Org on your desktop, phone, or tablet for the president ial debate. Now, a look at potential cybersecurity threats to the president ial election and the u. S. Electoral process. Kim zeter, Senior Reporter from wired moderated this event. From the Atlantic Council, it is 90 minutes good afternoon, welcome to the Atlantic Council and the october Atlantic Council. Im director of the Strategy Initiative here. I am Deputy Director of the center on international security. We run cyberrisk wednesday here hosted by us and in collaboration with our partners at Christian Science monitor with the pass code. This afternoons conversation is on hacking the vote. I feel like there should be some ominous music here when i say that. It is part of our cyberrisk series and very timely. I woke up to a radio story on exactly this topic. It is particularly timely discussion and a particularly distinguished group of panelists that will examine our threats ranging from historical paper systems to current voting xau terse to internetbased voting in many other countries. Really, a great panel to help us put this whole story of hacking the vote into some context and with some real substance hyped behind it. I would like to welcome those who are watching online. I encourage you to join the conversation on twitter using accyberand acscro cough and cmmpasscode. We have seen how cybercrimes could impact Voter Registration. Voting computers, they are really Voting Computers. Even the outcome of the election. The act of tampering with and undermining trust in the electoral process goes back much further than this election. It goes back perhaps as long as there have been elections, though the mechanisms have changed over time. The idea of influencing and possibly changing the outcome of elections is nothing new to foreign or domestic players. This is an International Problems just as much as an american. There are several examples in europe and latinamerican where the fear of cyberinsecurity are used to influence Public Opinion before, during, and after elections. In fact, in your seats, you will find a report from two years ago discussing many of these issues and the recommendations contained in it, that are still very relevant today. Those of you online will not find that report in your seats but we will post a link to it so that you can find that as well. Here in the u. S. , Voting Authority started rapidly implementing Voting Solutions to make voting accessible and efficient in the help american vote act in 2002. A number of Electronic Solutions were illconceived or have not aged well in the 14 years since. It certainly wont come as a surprise to the people in this room and online, that computers, even Voting Computers are hackable. Additional alarms ring when it comes to Voter Registration information and assistance for tabulating votes which may be dangerously vulnerable even to relatively low skilled hackers. However, it is not just Voting Technology thats at risk, weve started to see recently in particular hacks of Political Parties and other entities that can highlight the vulnerability of the entire electoral and political process. The daily leaks we have been seeing lately are having an impact on the political campaigns. While leaks have been common, these kind of hacks really do represent a new level of scale often dubbed as the electronic watergate where tradition many responses may no longer work. The possibility that more Sensitive Information is waiting to be released at an opportune moment could create opportunities for foreign powers seeking to interfere with president ial elections or even criminal entities. With one president ial candidate, warning his support es that the election is going to be rigged, quote, unquote, hackers may not even need to compromise Voting Computers or systems to undermine the Peoples Trust in the Election Results. Merely a credible claim of doing so could compare voters to cry foul and undermine the legitimacy of the vote at home, in the United States and abroad as others look at the outcome. Today, we are here to find out what is truly knew about the cyberthreats, what actions will best preserve trust in our elections and what can be done in general. Before i ask the panelists to join us here on the stage, let me briefly introduce them. I will start with jeremy p epstein. He is on loan to the innovation office. He was sent by sri to the National Science foundation secure and trust worthy cyberspace program. Also joining us is joseph hall, chief tech nolist and directory of the internet architecture project at the center for democracy and technology. I serves on the board of the california Voter Foundation, the verified Voter Foundation and the fccs computer liability council. Please to welcome masimo tomisoli, the permanent observer for the International Institute for democracy and doctoral assistance. His resume includes work at the organization for Economic Cooperation and in the Italian Ministry of foreign affairs. Finally, kim zeter will be joining us to moderate this discussion. Kim has been covering cybersecurity since 1999, including more of a decade at wired magazine. She is a journalist and author who is wellknown for covering this range of issues. We are looking forward to her leading this discussion with us today. As always, again, thank you to our media partner pass code, the Christian Science monitors new guide to security and privacy. Thank you all for joining us on here and online. Let me invite the panelist to come join us to get us started. Thank you for coming. Good afternoon, everybody. He covered some of the answers i was going to go over. I want to give you some context for why we have a discussion today about hacking the vote, hacking the Voting Machines. We are talking about hacking the vote this year, unlike any other year. We are talking about two kinds of hacking, as he discussed in his intro, not only technically hacking the Voting Machines but hacking the minds of voters. What do we mean when we talk about hacking Voting Machines and how did we get here . Dl started with 20002 the help america vote. It was passed in the wake of the 2000 debackle, the bush v. Gore p p out of florida. It was intended to provide disabled voters, voters that had hearing or sight impediments to give them the ability to vote without assistance in the polling place so they could have a private vote. Federal government allocated about 4 billion to states so they could purchase accessible Voting Machines. Instead of buying one or two that they considered accessible, they decided to go on a shopping spree and replace all of their Voting Systems with touchscreen Voting Machines in many precincts. They are also called direct recording electronic machines, dre. They didnt have a paper trail until academics and voting activists made an issue of it. There was no ability to check the vote and verify it record the vote that the voters intended to choose. We now have some that produce a paper trail and states that have opted for optical scan machine. You are choosing your choices and it gets scanned into an electronic machine. That is problematic in the same way dres are when you dont have an audit. If you af paper trail and dont do anything with it, simply having the paper trail doesnt mean anything. We are going to talk about all those issues and influence hacking. I wanted to start because the help america vote act was passed in 2002. States bought machines. We have had them for over a decade. Problem throughout that decade with machines and elections. We have had some resolutions. Some states have turned off wifi. There are other problems, the process of elections. Maybe we should talk about the win vote and why it is here. Jairmy brought this beauty 23u8 machine, known as the worst voting machine in america. They were decommissioned. They had 3,000 of them. Maybe you will explain why we had it. A lot of it has been electronics and software but a lot is also about the physical access. How many of you can see what im holding . You can have one as a souvenir if you would like. This is a key that is cheaper than the key that opens hotel minibars. This is what secures the usb key that stores all the votes it is symptomatic that it is very trivial protection. They were in use in virginia, mississippi and pennsylvania. They are the only three states that ever used them. Virginia was by far the largest market for them. When they were decommissioned, it was after the state discovered they had wifi enabled that could not be turned off. We didnt realize it couldnt be completely turned off. It turned out it used the wep encryption method. For those geeks in the room, you will know that was known to be a compromised system ten years ago. It takes a couple of seconds to compromise it. It turns out it didnt matter, because the password on it was abcde and couldnt be changed. It turned out it was just a windows machine and you could connect with any other windows machine and download or modify the files. You needed the administrator password. That was admin. It wasnt too hard to break into these. The good news is that the state recognized the problems. After a decade . They had been using them for a decade. When they finally looked at them they said, oh, four letter word and got rid of them. About 80 of all voters this year will use optical scans. There are three states that are dre, without paper trail, im sorry, five states. South carolina. New jersey, delaware, georgia, and louisiana. Five states have no paper trail, new jersey, delaware, georgia, louisiana, and South Carolina then, there are another ten states where depending on where you live, you might or might not have a paper trail. It is great to have a paper trail. If nobody looks at t there is no audit, it does no goods. Relatively few states do audits and there are unique cases like virginia where it is illegal to do an audit. We can get into that if you care. So this machine you wanted to give away. When they were decommissioned, i got about 50 of them donated to me by the state. I have been distributing to universities and museums literally around the world for the purpose of research if you are interested in having one. Please let me know. This one is available to a good home. We know at least five states are voting on dre machines without a paper trail. Lets look at the issue of whether or not Voting Machines are still hackable today. This machine certainly was. Now, it is being decommissioned. Given be there has been so much focus and pub lisity about the system and their hackability, have we see any progress in the sense of how they are being used today . Has wifi been disabled . Have the machines been secure td in a better way . Do we know . I definitely think we are in a better state than we were last decade. Three out of four voters will cast a ballot using a paper ballot or on something that creates a paper trail. In addition to the geographic distribution, we talked about, you can be can ha you can be confident three out of four people have a paper record. It is different on the audit side. Some of the audit styles people are doing the whole reason to do an audit is to check the computer tally of the voting computer against a manual tally looking at the actual paper records. Thats a way of sort of arriving at ground truth. I think i would like to claim a little bit of the responsibility for fact that Voting Machines and the procedures around them have gotten considerably better since the last decade. The election Systems Commission deserves a lot of credit. Thats the federal agency that is tasked with helping local election jurisdictions run secure, robust, useable elections. Over time, their testing procedures have gotten better and more sound. The trick is any Computer Security person will tell you testing only gets you a certain level of confidence. There is always going to be ways to get around it. Some of the things im not so confident about are things like tamperevident tape. We put these numbered seals over seams of the Voting Machines and if you try to hack your way in and get in there and mess with the brains inside, you have to pull that piece of tape up. It will it looks like it has been messed with. It says, void, void, void. Typically, a heat gun, something that anybody thats been in a shop class, is all you need to lift that tape without disturbing it. Plenty of examples like bad keys that are not as good. I think the fact that we have been a little rigorous about saying, please dont ever do networking on these machines. Virginia is one of the few places i dont even want to state it. There was something you could do from like across the street to one of these machines. Do you want to talk about that . You could use a pringles can attack, it is an effective antenna for wifi. You can log in from across the street and manipulate the votes. It was the only machine in use in the United States that had wifi. You didnt even need that. As i recall, any voter in the precinct who had a smartphone could connect to the wifi that the voting machine was using and get access. There are these concepts of voting like one we Call Software independence, which is the notion that any undeticketable error in the software of the machine should not result in an in indy textable error in the outcome. Thats why we have things like paper trail and a set of crypto graphic voting methods that arent widely used. Some of us worry about them in other ways. Those can provide some sort of hard check against the softwear being bad oiz who. We have two ways of hacking, connected to the internet, doesnt have to be directly connected and proximity hack, if you can access the ports while you are in the poll booth or if you can access while they are in storage before they are distributed. Many of these sit in schools and feeders overnight or they sit in an insecured warehouse for years in between elections. You hear people say these Voting Machines arent connected to the internet. That should give you a little bit of comfort but not a whole lot. As dan wall lec said recent letter, there was malicious hacking before we had the internet and the network. There were things called very few people may see or know what they were but they are viruses that are transmitted by floppy discs, media that you can put in and out of the machines. When i was at princeton, people designed a virus for this machine used throughout the entire state of georgia. This was a machine where the default password was 1, 2, 3, 4. They designed a virus that would do this, in one election, say the primary election, you would get access to the back of the machine and stick a usb stick on there thand would install. Between the two elections, that would have the opportunity to go from that machine to the election management system, the one computer that tells all the other machines, here is what the ballots are going to look like for the next election. The programs of the Voting Machines and all that through the other elections. Thats the way of installing a piece of malware on a device that over a longer period of time spreads itself. Think about what kind of tackers will do that. It will not be something that woke up and said, oh, man, maybe we want to hack the vote. What you are going to have is much more sophisticated and longterm entities like nation states that are more likely to employ techniques like that. Georgia is not a swing state by any stretch of the imagination, but there are platforms that may be susceptible to these kind of slower proximity hacks. It is interesting that georgia did that sort of test. Georgia actually had a problem with Certified Software in i think it was 2008. They had all these touch screens in the warehouse and using officials at georgia tech who were helping them. About two weeks before the election, these helpers went in and upgraded the software on these debolt systems and no one had oversight over the software. They sem pli said these machines needed to be upgraded and they installed on thousands of machines. Thats sort of a problem of process. You can have an external actor that gets access to these machines and you can have a problem with upgrading machines at the last minute in a way that software is not examined or certified. If you are doing something intentionally, you can design it in such a way it disappears once it has caused its problems so that someone examining the code afterwards will not be able to see the malicious codes presence there. There was an interesting case in iowa a number of years ago thats very much like that where there was an upgrade to the windows operating system on i dont remember which brand of machine. It turned out it had a certain feature which meant that each voter quh th voter when they stepped up to the voting machine, it would prehighlight whoever the previous voter had worked for. It was a feature of how windows worked, nothing intentional. Nobody recertified it, because they didnt think changing the version of windows would cause a change in the voting bemay have yo behavior. Doug joans talk bs that at the university of iowa. We are talking about remote and proximity hacking. Internet voting, while it is not a huge problem. Elec officials are very keen for internet voting. Why in is crucial for Going Forward and why the young generation of voters with smartphones, this is what they want. They do. They seem to think there is nothing wrong with they do Everything Else online. Why shouldnt they be able to vote online for more convenience. How widespread is internet voting right now and some of the issues around it . There are more than 30 states that allow internet voting for military and overseas vote certificates. In the case of alaska, any voter can vote online. There are no standard for internet voting sis stis. The National Institute of technology that is charged with writing these standards has declined to provide standards saying we dont know how to do provide the standards and how to do it. As im saying more than 30 states are doing so and doing it on their own. Earlier we talked about in terms of external reviews and theres nothing public that i have seen from anywhere other than here in the district of columbia with the in fa nant phase of the hack where they made the robots and the election. There was a sample election and not a real election of course, and they played the fight song for every voter. How many votes were accounted for . Its pretty haurd to find that information out. Most states do not breakout the source for the votes. And they dont say that this many came and this many were in person and absentee and so on. Its hard to tell. In virginia i was on the commission that looked at this and i think that there were somewhere in the range of 10,000 voters that were eligible if the internet voting passed, there were 10,000 people that would have taken advantage of it out of the voting population of four and a half million. How many states and why is virginia opposed and lets talk about exactly what an add at this time involves. Absolutely. Theres an effort since 1964 of counting the computer results without having to do a full recount and its 100 percent of a manual tabulation and the Voting Machines picked from the certain polling places and they use various ways and numbers to pick a set of polling places in every county that they recount every ballot in the voting places and compare that to the Election Results. This is the number thats put in the statue and 100 percent and 200 percent and thats going to position it on. If its close like pennsylvania for example and then a mandatory recount and thats a half percent margin that you go. Theres a new thing of audits and thats just australia ballot and thats a secrete ballot and thats in the last century and this thing is talking about youre going the trands form elections around the world and theyre called wrist audits. Thats a way of counting the paper to asewsure that you have the outcome and to say that if what you reported and everything that people wait for Election Night and thats correct they have a high probability of correcting that bad outcome. So they are very different than the one percent and the idea is that you look at the margin of the race and a few other factors and then you tune the sample that you pick to be and to give you the confidence that you need. So for example if the race is extremely close and the bush race is in florida in 2000 o, you may have to do a full recount. For most cases that theres a five percent margin, the way this we do this is we count as few as we need to. If you confirm the results you end up enlarging the samp having the paper is one thing and then theres another thing and thats what were lagging in mind. And nine states wait. No. No. 13 states have some post election and it tends to be one percent and five percent and these things that are not tune to the margin of the race. Theyre not very well designed. There are a whole bunch in mexico and california have provisions in the law to bring them in and do a sample and compare them and decide if you want to count them all. One said if jill steil starts to win in a big margin is that something is off. It wont be within the margin of a recount and an audit is the only way to discover it. Not that i have anything against jill stein, but its a surprising count. Virginia seems to be the only state that its illegal. I say illegal because its with an asterisk. If every race on the bat lot was considered by ten percent and then certified by the state, it does not make a difference and then you can do an audit. Cannot do an audit any other time. Its not an audit to have an opportunity to correct the outcome. They will say you have screwed that up. Dont do that again. They did and this was an improvement or a small improvement and the outcome of the audit was that the results were pretty similar and then that will never exactly be the same as the original. You have to know that theres differences because youre going to have human differences in how they look at the color circles or the machine differences. The conclusion was it was very close and that was the study and if you file the taxes and they audit you and say that everything is okay, you will never be audited or considered again because you know how to do it perfect. The irs does not work that way, but that was the outcome of that examination. Small county. The votes were there after the ballots and after athe election where they while they were scanning the ballot, they bought them and scanned all of the bat locals and nerve when they compared. There are what we call audits and process auditing. Process checks that everything that goes into making the results was done correctly. Thats where its very hard to do that right thats where we do and they all derive from ait. Lets switch it for a moment. Lets talk about and we have never had this situation before or have we . Its quit common over seas and its quit successfully in the elections in the past. Give us an idea of sort of where we are for this kind of situation in the u. S. Is it true that we have had it before . And you mention examples in the u. S. Of the states that adopted it. Outside of the u. S. There is, i would say, they experienced in india in countries like the philippines and brazil, for example. Youre referring specifically to the machines again. Im referring to machines again, but they are also experiencing internet voting in some cases. Although that is not the rule for the latest political elections in those countries. Talking about audit, i think you can get what does that mean in terms of auditing a system, so to speak . If the folk why us is on election day, there would be a lot of interest in looking at the numbers and focusing on these statistical techniques if you have the means that are related to the availability of a paper trail that can be used. But auditing system, auditing the process before election day, three, four months before election day is also practice that nations are trying to introduce in their best implementation of the guidelines adopted internationally. There are examples from the osce in europe and also the carter center. Both developed handbooks on observing electronic voting. These are actually drawn from general principles that belong to the election per se not necessarily electronic voting. They have specificity that are related to the medium, to the technique. Just to give you an example, you mentioned the risks related to internet voting, but if you assess them, you would look at how data that are produced through electronic Voting Machines, for example, are processed by computers that may be hooked to the internet. So that is a direct access to the internet that is not normally considered part of the label category internet voting, still presents risks of manipulation. Let me just support the Russian Security firm of a lab that identified last friday on an italian tv he was interviewed. He was asked, what is the biggest threat to democracy in your view . He said it is internet voting, in his view. Unless the environment and procedures and the systems are safe enough there will be a growing tendency towards using these means of voting, and there would be risks, high risks of reaching manipulation, before, during and after elections. In fact, that applies also in different ways to the history of voting, also to paper ballots. So what we had to learn was how observing elections can introduce elements of independent assessment that can help election management bodies to make the environment for voting safer, and to increase also the confidence by voters in the system, which is one of the challenges of the u. S. System now. Just one, not the only one. In the recent paper from harvard university, 85 challenges to the integrity of the elections in the u. S. These ones, the risk of hacking is only one of the five. You have the regulation of campaign financing, issues about the polarization, and therefore trust among Political Parties in the electoral procedures. You have issues of, of course, lack of professional standards in electoral management, especially in highly fragmented environment where elections are managed. I would say the most important one is lack of Public Confidence in the electoral process. All of these are interrelated, although we focus now on just one of them. I think this should address all of them at the same time. Lets talk about some of those latter ones influencing and things. There have been reports and concerns Associated Press might get hacked. Of course we are relying on them for the results. What is the potential and what are the possibilities when monitoring election for preventing that kind of influence hacking . The results are not all in, especially in a country as large as the u. S. Where you have multiple time zones youre dealing with and youve got partial results being reported on one coast while another coast is still voting. How do you address that issue of false reports coming out other than sort of securing aps computers and trying to monitor that . Let me answer in a simple way. What is an Election Observer Mission . It is a group of people who visit a country. You may have in that Group Expertise that focuses on the technology. You have other experts. You have media experts, for example. You have legal experts who looks at how the system is defined, designed in order to internalize processes of electronic voting. And you have longterm observers that i think gathers and analyzes the longterm observers. And can monitor how the media are reacting and influencing public views about the election. This is a combination of expertise in a process that is not just a week or month but covers the entire electoral cycle and can provide avenues for addressing together with the electoral management bodies, the bodies that are responsible for the management of the elections, i think issues like Public Confidence is a result of i would say manipulating behaviors by media. Another response to that is you need to be really patient on election day. This is one thing working on elections you learn quickly Election Officials get no days off six to eight weeks before election days. Please thank them for doing what they do because its hard work. On the other side, youre not going to have a very high confidence number on Election Night. A. P. Works very hard, 5,000 reporters, whatever. A great story from 2014 ukraine can illustrate how you really need to be careful what you rely on on Election Night. In 2014 in the ukraine in march of that year, a russian affiliated hacker group started poking around the ukraines Central Election Commission site and may 21st four days before the end of the election day, the entire Central Election Commissions server infrastructure was hosed. Someone had gotten there and run rampant with destruction in terms of pulling things apart and speaking of software, 12 minutes before the close of polls, the main website that reported the results reported the ukrainian right leader had won. Instantly the Russian State Television station started reporting that was the outcome of the election. This was exactly a hack designed influence the hearts and minds of ukrainians and russians. In ukraine they have paper ballots they delivered to a place in kiev. It took a while to get their servers back up, but two to report what was the high confidence results from the paper ballots. You should see anything on Election Night being potentially the right answer, but that understand it takes in a lot of states a couple of weeks, even three weeks to get at what is the official correct answer, which is called the canvass. Dont be so concerned. Its not going to be out of the world if we get weird results on Election Night. I have a feeling the likelihood of that is small. Did you want to add anything . Okay. In addition to sort of hacking potentially media outlet, there are some issues about the Election Results coming from county websites. We had some issues about ohio at one point where the website that was delivering the results was being maintained by a Third Party Company who had ties to republican party. So there was this issue raised of even if you had the Voting Machines covered and security Voting Machines you felt confident in, those results that were then being fed through this system that was telling everyone, especially in a state like ohio which is always a crucial state in president ial elections. So i guess youre talking about being calm and waiting for the final results, but really on Election Night we call the president , we call the winner. I understand what youre saying about back tracking later on, but that is what happened with bush v gore. Cnn called it and had to back track. It is the academic consensus that election ended up being called incorrectly. That can influence subsequent voters. This is the problem having election day as a natural experiment where we run it on one day is susceptible to attacks like server attacks. For example, there are things called epoll books. When you go and vote, you sign in and they check your name off on a list. For the longest time those have been paper. Increasingly those are moved to laptops or tablet computers. We had cases in the past where the computers wouldnt start or crashed or something or didnt have a network connection. They didnt make sure you didnt vote on this side of the city and then vote. There is very little, if any evidence of what we call voter impersonation fraud which is why that one candidate dan talked about should step up and give us evidence of what hes talking about. These poll books, things can happen to them. Ive heard from many Election Officials we have contingency plans and we have paper copies of these. I worry, if we have congressional staffers that have been there over 10 years, you experienced this. In the state of maryland you have this thing, the poll book crashing or not being able to work. People cant sign into vote. You get in these lines and the polling place cant open. That may delay the opening by a couple of hours. For those who have to commute a long distance, it may be the only time you have to vote. Some people have the luxury coming back later in the day. You can ask your election official, do you have a contingency plan . Hopefully they involve printing out the roster you used to use. You may not be saving money which is often part of the impetuous to move to these kinds of things. You are making sure even if those things dont work, you can start voting right then and there. You have a contingency plan. Well be opening up for questions in a minute. Have in mind if there are questions you want. You talked about this is a way to disenfranchise voters. In georgia it was a huge problem. County after county was reporting epoll books was down. A lot of voters were showing up and their name wasnt in this electronic data base. It may have been at the Central Data Base but they hadnt updated it. If they were registering at the last minute, it didnt get in the poll book. Usually the process is you can vote on a provisional ballot. You get a paper ballot. That vote is sort of, that ballot is set aside until they can verify you are a registered voter. Often times they dont have a provisional plan. Again, voters wont come back if theyve been there in the morning, they are not necessarily going to come back in the afternoon to recast a ballot. Huge problems. Not just Voting Machines, epoll books, Registration Data bases. Voter registration systems. We spent the whole 2000 as academics and hackers worried about vote changing and this year its becoming sort of apparent the registration year. Always talking about virginia, even though it is where i live, the Voter Registration system in virginia crashed on tuesday i think it was tuesday. The last day you could register. So now there are lawsuits about extending the date for Voter Registration. There is no reason to believe this was malicious. It was an overload like what used to happen on ecommerce sites the days before christmas where everyone tried to place their orders and couldnt handle it. Now they learned how to do that for ecommerce. We havent learned yet for Voter Registration. So some people will be disenfranchised. Facebook will nudge you and say, where you live, the last day to register to vote is this day. I have a feel, i cant prove it, but i have a hunch some of that leads into these kinds of things. Man, todays the last day. Everyone gets an alert at the same time. So blame facebook. It is one of the criteria, one of the usual questions used in assessing internationally elections, but it is not the only one. Having a plan is good but not enough. The other question very important is, is there a training for the election management body offices to implement that plan . Having a plan on paper is really good, not enough. Remember, the people manning those polling places are often volunteers who have just been recruited in the last 24 hours to man those polling places. Usually more earlier than that. Ive been a poll worker and i find out three people call in the morning sick and youre the only poll worker that day. This is a good emphasis of things we do in the larger realm of Cyber Security we dont do as much in election Cyber Security which is for data breach types of scenarios, if if youre an enterprise that doesnt actually sort of have a fire drill around what you do when you had a data breach, youre not doing it right. This is the point. We want to see Election Officials and bodies actually Running Drills as if, hey, its election day. This happened. What do you do. A number of years ago i was giving a guest lecture at an university. I was asked how old is the average poll worker . One student raised his hand and said old. I said how old he said really old. I said how old and he said like 35. So the actual average age of a poll worker in the United States according to the election commissions system is 73. Think about that when we ask them, and im getting there, im not there yet but getting there. When we ask folks to set up complex technical systems on election day and run them securely. We are asking and trouble shoot them. Were asking a bunch of folks who are not i. T. Specialists who grew up before they had computers and networks and all that sort of stuff. We are asking them to be our i. T. Experts for the most important thing that happens in our country. We have to recognize these things are hard to do. Really good point. Volunteer to be a poll worker. Im one. Lets take questions. Do we need a mike for them . Thank you. The congress, as you said, passed appropriation in 2002 to update voting equipment. I dont think there is anybody in this room that has a computer or smart phone dating from 2002. So was our Dysfunctional Congress derelict not putting more money into updating . And if i may, you mentioned the ukraine experience. Does putins hacking crew have the ability on Election Night in this country to put a finger, a thumb on the scale in favor of either donald trump or just general disconcerting the American Public . And for that matter, there are elections in European Countries of significance to us in the next couple of years. Could he do the same for a right wing candidate in france, germany, wherever . Thank you. Ill address the first part of it about the finances, which is that there have been proposals in front of congress. Theres actually a bill that was just introduced recently to provide federal level funding johnson and it historically prior to help america vote act, it was a state responsibility from a financial perspective to purchase Voting Machines. In a way its not surprising after that one shot were done and congress isnt inclined to put more funding. In in virginia, there was a proposal by the governor to provide funding to localities to replace machines like this and that did not pass. There was just no incentive. Nobody got elected, whether to congress or the presidency or even the city council by saying im going to spend more money on better Voting Machines. Its the perennial stepchild. When any Government Official has a choice between filling a pot hole or putting money in elections, they are going to fill the pot hole. You hear about elections maybe two or four years, you hear about the pot hole every day, which is unfortunate. We do need more regular federal funding of elections. It would have to be structured like highway funds. You are going to have all the shenanigans that happen in terms of things you have to agree to do to accept those funds. Thats just how politics works. As to your question about putin having a thumb on the scale, were not sure. I say that meaning you could think of elections as a meadow that hasnt seen a lot of predators. So we have a lot of entities, beings, Election Officials optimized for a place that hasnt seen a lot of predators. Its not a bad thing we have predators now because we have to adapt to work in this environment. Something we didnt talk about is the u. S. s history, the cia of directly influencing elections 1948 with the christian democrats in italy, the chilean elections in 1964, 1970 that resulted in a coup. Its strange we are crying human foul when weve done it over 100 years. [ inaudible ] i would say the technical thing about putin is hacking the president ial election is probably the hardest thing to do in this election. Youre much more likely to see your proverbial tony soprano hacking one county to ensure Waste Management bond was passed. I think thats where you are going to see the first detectible evidence in the u. S. Of a vote hack. I dont think something that crosses that many states is as attractive. If you can get suburban philadelphia and its close enough, there pay be places that dont have paper trails that are, like for example dolphin county, i tweeted about this, Dauphin County uses machines from 1985. I remember those computers. They were a lot of fun, monochrome, oh, boy. I could drop this off in the red square and russians couldnt hack it. The only responsives seen close to correct was depends how high you drop it. I would like to add one thing to this interesting question which is about a recent bill that has been introduced to the committee on september 20th on election infrastructure and security promotion. This aims at designating election electronic infrastructures as infrastructures of critical strategic importance to the nation. Now, these would allow a response that could even be military response in the worst scenario including by engaging in this response allies in nato. Cyber security is about striking the balance between Cyber Defense and cyber offense. Is there enough consistency in our Intelligence Systems between the two . Because the weaknesses of the systems that should be addressed in order to protect, to make our electoral environments safer are also potential entry points for attacking other systems. So is there consistency in our societies when they deal with intelligence in Cyber Security between the defense and the offense . I think there is not enough clarity of that. It would be interesting to see whether this bill could actually imply imposing some restrictions on the cyber attack side of these conundrum of Cyber Security. So this has been a very frustrating thing for me and probably all of you, as well. You see one story in the news that says that putin could hack the president ial election. Then another story says its not going to happen. Thats where youre falling. So its really an unknown. We wont know until we know, essentially. We may not know. The scariest part. Something i say a lot, these systems arent designed to keep the kind of evidence you want to detect those kind of attacks. They are not designed to be resistant against nation state kinds of attacks. Even then, if youre going to attack one of these machines, it didnt work, you would make it fail to look like a garden variety computer error. Like the blue screen death. Those kinds of things thats something id keep an eye out for. If we see marked uptick in errors and strange kinds of things, that could be the only evidence we see of mischief. Well never know. Its hard to really bound that kind of stuff. Of course, machines are specifically designed so it doesnt say who voted for kim and who you voted for, joe. To give you privacy. The side effect of that is if theres problem, its like, im kind of surprised if i knew who you voted for, maybe i could say i could have sworn you told me blah, blah, blah. Because we cant do that, its very hard to detect strange things. Its like in 2012 there were comments, precincts in philadelphia where obama got 100 of the votes. Was that tampering . There are allegations there was. If you look at the history, no, thats a precinct that is really democratic. Similarly there were precincts went nearly 100 for mitt romney in other places. Things that look strange isnt necessarily wrong. Its hard to tell the difference between something that looks strange and something that is strange. Good point. Okay. I voted this morning in virginia. Its a little bit disconcerting now learning that even though i asked about whether there was a paper track kept of my vote, to learn they cant audit the system even if they do keep a record of it. But my question relates to your discussion has been primarily as to the capability of hacking, and taking into account what you just said about detecting hacking in the past, other than in chicago in the 20th century, which had a reputation for fraud, is there much evidence or any evidence as to how much fraud or hacking has been done in the 21st century up to this point . Theres a lot of evidence of accidental bugs. Sometimes its hard to tell the difference between a bug and a hack. Because the symptoms are the same. There is a county in ohio had a case where their machine was misprogrammed. I think you wrote an article. I probably did. If you and i are living in the same precinct, the order of the candidates on your ballot and my ballot will be different so no one has an inherent advantage of being first. They misprogrammed the ballot rotation so the programs came out wrong. There was a bug. We have lots of evidence of things like that going wrong. We dont have evidence of hacks. Miscalibrated machines. Noncyber attacks. Maybe thats not the right word. I believe this wasnt in chicago but was someplace in illinois where we had poll workers running the same ballot through an optical scan machine a couple hundred times. They didnt think they might actually compare the total number of votes on the memory to whats in the basket, the number of ballots. Hey these dont match, well just actually count the ballots over again. We have seen that. Theres a whole bunch of absentee ballot fraud. Someone will go to a nursing home, have everyone sign their ballots blank, take them and fill them out and do stuff with them. Theres examples of that. Theres very little, if any, maybe four instances, i can get you a paper that cites this stuff called voter impersonation fraud which one candidate seems to be concerned with. Its hard to tell. Coming to a polling place representing youre a different individual and doing that a number of times in other places. We dont see a lot of that. In terms of Voting Machines, we have problems where after the election they find memory cards from Voting Machines that havent been accounted for and theyre in the trunk of someones car, a poll workers car, Something Like that. Or you have, again, is it intentional or not . Its hard to say. Did someone forget to take in the tallies . There is a known bug in the debold gem system which is one of the systems that tabulates where under certain circumstances even when you put the memory cards into it to say give me the grand total for the whole county, it loses certain ones. I dont know exactly when it loses it. Its only certain versions of the software. This happened in california a number of years ago and happened last year or maybe this year in tennessee in a local election where three precincts out of 100 or five out of 100 werent counted until they actually went back and did the canvass joe was talking about. Got the final results and discovered, oh, we dont have the results for the xyz church and abc Elementary School so they went and found them. Its hard to know what is a glitch and something intentional. There was a Superintendent School race where every one out of 100 votes for this one candidate got dropped by the machine. That was in virginia. Thats right. The candidate lost the race by 2 of the votes. 2 of the votes was about 1,600 and she lost by 1,600 votes. It was a bug. And so we have lots of evidence of things like that going wrong. We dont have evidence of hacks. Miscalibrated purchases, thats a problem with touch screen machines. There are terrestrial like noncyber attacks. We very evidence, for example, i believe this wasnt in chicago but was in someplace in illinois where we had a bunch of poll workers running the same bolt through an optical scanning machine a couple hundred times thank you. John nicholson at the british embassy. Cant hear. You John Nicholson at the british embassy. So the system we use is very different from whats been described by the panel. It is paper and pencil, hand counting. Sort of the equivalent books are sort of printed off and scored off when you vote. Clearly, that doesnt eliminate the possibility of voter fraud and there are historical examples. How many choices does a vote ver to make . In an a general election, its one choice. I wonder if you were designing a system from scratch what you would design at this point given what youve been talking about. That opens up my question about the Los Angeles County vote system. Theres a couple counties in the u. S. That have been so fed up with the United States is the only country that seems to think it can buy Voting Machines on a free market and thats going to work out. Everyone else puts out specifications and a request for bids and you buy it as a an country. Were huge and our federal government cant tell our states what to do in elections. But two counties, l. A. County, california, Los Angeles County, california, and travis county, texas, have decided theyre so fed up with whats available on the market theyre going to build their own. Travis its mostly on paper, its a Design Concept and software that works. In l. A. County, theyve spent the past five years working with a storied design firm ido with about 15 million to produce a new voting machine and they have five prototypes now. This is essentially what we call a ballot marking device. Its a big pen. You walk up to it with a bank ballot, it sucks it in. You interact on a touch screen top cast your vote. It fills out your ballot for you. It doesnt keep information, how many votes or anything like that. But it will pull the data off it to do the count. You put that the ballot in a ballot box. Those are later scanned en masse at a central facility. You have to keep the chain of custody very, very secure. Then its the most secure Voting System i have seen that seems to be at the state of development that its in right now. It uses a dual chip trusted computing architecture. Each piece of software for each device is crypt tote graphically signed so the county is the only one who can put a given piece of software on the machine. So the reach around the back and stick a usb stick that wouldnt work unless you did complicated stuff. They had two goals, one was redesigning the interaction of the voter. Theres a bunch of neat things theyve done with accessibility. It is trying its best to replicate the security of like an optical scan system with a touch screen system. Basically you can think of it as a very expensive like million dollar, very expensive pen that fills in your ballot for you. Its going to be open source. All the software, all the hardware you can take the ought cocad files to your metal bender and theyll stamp out a bunch. The idea is to have a system that Anyone Around the world could build off of. If you dont like the hardware, you can changing that, too. Im hopeful that this sort of this effort to you know, have a more open way of designing things would go deliver, you know, one increased usability but also the kind of security that we expect and Something Like linux and other kinds of things which arent by their nature open Source Systems we use elsewhere arent innately secure but can be more secure if used in certain ways with certain kinds of tools used to analyze them. Just one small correction. I believe travis county, texas, put out their rfp. Cool. This week, last week . Last week. Joe would know. Joe would know. Do you have a question back here . Did that answer your question . Im sorry. Hi, david. I wish we just one very small comment. So los angeles, the average election has 100 things on the ballot to vote on be. 11 languages. Thats why as much as i love the simple hand counted paper ballot concept and there are people in the United States who think we should do that, i dont think its workable. For i a large county. For a large county unless we completely rethink how we elect our government. The Voting Machines are a side effect of these complex elections. Can we borrow a parliament . Where youve got a 25page ballot. The david turetssk y. Isnt a big part of the problem that we try to set this up in a way that is between 6 00 a. M. And 7 00 p. M. So that any problem causes the most chaos possible be . You were talking about electronic poll books, talking about what in cyber world we talk about as an Incident Response plan. Theres so little time to react. And what happens at a polling place is if the electronic poll books start working and youre starting to check people in on those and then they stop working, even if you had paper poll books, you dont know whos already voted in the electronic poll books. So youre in an extremely chaotic situation. Theyre going to try to fix the electronic poll books first. What happens is they try to do that is the lines grow longer if its near a peak part of the day. What happens when the lines grow longer is people dont move their cars and so fleas no parking and theres utter chaos on the roads. And by trying to jam all of these voters into such a short window, which means the problems are harder to prepare for, solve, and resolve quickly, isnt that the biggest risk to the credibility of our elections more so than the outcome being challenged through changed through hacking . I just want to point out that the trend now is towards a longer election cycle. We now it used to be in order to do absentee ballots, right, you had to be out of the country and you had to prove that you were going to be out of the country years ago, this is the only way you could vote outside of the actual election day and you could vote on a paper ballot. States have relaxed those rules now. I dont know what the percentage is about the number of voter whos now vote from home using a paper ballot. Depends on the state. You have to be willing to give up the privacy of your vote because its on a paper ballot, it comes in with your name on it. Its no longer a private vote. There are processes in place in the election offices so they check the envelope, make sure youre registered and theres an inner nfl. They put the unopened inner envelope in a ballot box and dont open that till later. Theres very strong process security to ensure that your ballot is secret. However, doesnt always work if youre the only absentee voter in your precinct, someone was telling me about a story about that, we know how many absentee ballots we know who it was. A lot of jurisdictions have been moving towards vote centers. So having you can vote over this twoweek period at five different facilities around the city or the county or whatever. For example, i think colorado and maybe washington, one of those two is doing something where they send everyone a ballot in the mail and you can return them. You can surrender it and vote in person somewhere else if you want to. Those are i could go on forever about those because theres some things that are not so good about those kinds of models but that tends to alleviate this what we call the load or the scaling problem with having everything on one day. Its like a tuesday when everyone has to work even though you should be able to get time off for it. Do we know how many voters are voting prior to an election these days as opposed to the ones voting on election day. Its considerable. Some places permanent absentee in california is the like 60, 70 of all voters. Its going to did i have a lot by state. Some states still require excuses. You can only do it if you have one of these eight different reasons. So you cant generalize from one state to another. Okay. There is also the aspect, if i may of getting the meet yad results. Get going results immediately. The rush toward having results as soon as possible. That is also interesting. I had the opportunity a couple of weeks ago to meet with a high level Litigation Firm from a country that had elections recently and they used e voting to a large extent. And he stated that the results were well accepted but he also added they were immediate. Just a few minutes after the closing of the polling stations. And then his comment was also they were all well accepted but because we hadnt a closed election. So if you have a closed election, that is the political risk. In the highly polarized political context when you have a close election, irrespective of the technology, eventually, there will be room for disputes and possibly also in some cases even violence for not accepting the results. And that is irrespective of when you get them. So i voted on yom kippur. Dont tell my rabbi. And what if something exciting happens in tonights debate and i say oh, i really wish i hadnt done that. This is the downside of having an extended polling time is its hard for candidates to decide when to do their advertising, the logistics and the strategy of advertising and when to drop those bombshells and so on changes. So its not just the mechanics of voting that changes. It changes everything about our elections. How many more questions do we have . We can go for a couple hours. Theres people behind you, too. I completely missed that side over there. Lets go with this question first. Thats the left wing. Thank you. I live in oregon which has had totally vote by mail for years. And basically, you get your ballot in advance. You can fill it out anytime you want. You can mail it in as long as its going to arrive by election day or drop it in drop botches and it has a secret sit envelope so your vote is still secret. Dr. Hall seemed to indicate there are problems with that. Im wondering. I use vote by mail. I cant do my job without i cant go to the polling place, just the nature of what i do. So im a big fan in terms of convenience. It is one of the deep dark secrets in terms of voting security that to put it another way, before about 1900, election day was a payday for most americans. 85 turnout. They could actually observe you putting a ballot in a ballot box and there were very distinctive colors. It was easy to figure out how it went. Thats why we adopted the australian ballot which is a secret ballot where all the candidates look the same and no one has big letters. When we adopted that uniformly in the u. S. , turnout went down to 20 because there was no longer this incentive push or pull, they had to have civic reasons to want to vote, not compensatory or monetary reasons for going to vote. So thats the thing that concerns me is you can have coercion, buyin, you can say hey, i know a person who does the opposite which is really strange where they will sign their ballot and give their ballot to their lawyer with about 500 bucks and say vote who you think i should vote which is very strange and is totally illegal at least where this person lives, West Virginia it wouldnt be illegal because the constitution in West Virginia allows you to show anyone your ballot after you cast it before you marked which is the only state that allows you to do that. The reason im down on vote by mail is it reduces the secret element or privacy element. Secrecy is id really like you not to tell anyone else how you voted. Unfortunately, vote by mail is not going anywhere. It does have the level of enfranchisement in highly rural areas is unparalleled. Its better than internet voting because you have a permanent paper record that can be audited. Two quick things. One is for people disabilities, vote by mail makes it harder for them. They have to have someone else fill it out for them. Unless they have a marking device on their computer it, just reduces someone who has motor impairments or visual disabilities. The other thing is, it increases the level of undervotes because theres no machine to check, did you correctly color in the circles or did you put a check mark or people do amazing things, they circle the name of the candidate they like a circle instead of filling out the circle . You cant read those. I had an election official tell me the other day had he someone who came in who said i dont need your instructions. Im a p. H. D. And proceeded to circle the circles and it got kicked out by the voting machine and he was like im a p. H. D. But i cant follow instructions. They rarely can. Modern day literacy. There was a question back here. Then i come to you guys, sorry. Youve all mentioned a couple different scenarios that have happened. Hold it closer. Is this better . You mentioned in ohio where there was a third party that had access to the networking. Thats very typical. Third Party Company that was sort of managing the aggregation of the votes from the different counties and reporting them to the county website. Got it. There was also some discussion of hacks of Voter Registration rolls. Could you illustrate what the outcomes could result from the access or compromised networks or databases that would result from these activities . Sure. So for example, in ohio, in 2004, we had a machine that, and this is when we were using mo dum, telephone modem based transmission of results from the polling place to the central facility. We had a machine that phoned into the central facility and basically reported twice as many votes as it is had actually recorded at a time where with they werent using encryption on a connection, they were using something called a crc which is not appropriate for this kind of thing. We dont know what happened. It could have been a cosmic ray. But you could imagine with access to the network itself, you can fiddle with the bits in realtime because this isnt hard to change stuff that flies by. Unfortunately, there are a lot of instead of saying unfortunately, there is Something Like anywhere from 8,000 to 10,000 election jurisdictions in the country. Most of those dont have a full fte, full time staffer for their elections operations because that person has to do titling, clerking, all sorts of other stuff, too. So you Better Believe theyre going write a contract that says hey, you take care of as much of this as you can. Thats why i think theres a great opportunity for some sort of like cloud provision for these kinds of folks, something that could at least, i dont know who should do that. I don know who should do that, so i dont know all the answers but thats the kind of thing you can imagine trying to abstract away either where you dont need to trust the third party which is what i prefer using napsy kinds of things that will ensure that i think were a little far away from that, but, you know, having maybe someone else run infrastructure for folks so that they dont have to sort of either, you know, pay someone out of their pocket who may not do it very well. So thats a not very satisfying answer. Was that sufficient . [ inaudible ]. Its very easy to imagine this. So Voter Registration data is the most useful data for reidentification attacks. If you heard of deidentification of data in health or other kinds of things where they remove certain kinds of identifiers to be able to share that data more widely. Voter Registration Data because many people are in it and it has very specific types of key data like the last four of your social, your date of birth, your home, your phone number, in some Southern States your ethnicity and other things like that theres already a motive to get access to that kind of data and to have that kind of stuff. So illinois Voter Registration hack where 90,000 individual records from ex filtrated from their staging system thats a good example of something you do. In terms of influencing the vote you can imagine an attack that would remove 5 of the voters from the registration rolls from one particular party and given how close our elections are, check out wikipedia, duvengers law, the only law in Political Science basically said if you have a system thats first pass the post, a system where the majority wins you regress to a twoparty system with very close margins. Removing 5 of the voters from one party or the other could be a perfect attack for influencing the vote. Were actually out of time, but i promised you guys that you would get your questions in, so if you can ask them quickly and keep your answers brief, please. So i will try and be brief. Im concerned mostly about the perception thing because we have this copy of the report that i know joe was here at the Atlantic Council two years ago on the stage with my boss, i work for congressman land tariff vin, he was skyping in to talk about that. So i think that, you know, its really great to see all this focus on election cybersecurity, but a lot of it is tied to the dnc hacking. I mean, there were Voter Registration databases that were getting dumped online and people were finding them for years before arizona and illinois. So how you know, i think the focus is good, but i think that the biggest concern is the perception that people will have that the election is illegitimate. How do we build resiliency in the electorate to deal with that fact . One of the great threats to our Voting System from where i sit is rain. That drives downturnout like nothing else. I mean, you can dis en franchise 5 of the population that would show up or the voters that would have shown us but it was raining, we try to build resiliency. How can we build resiliency in the populous because we know the dnc has been hacked. Even if we dont have the specific examples and its hard to figure out in terms of the Voting System itself the idea that dissemination about Something Like that is going to be hacked is we have past evidence that these things have been hacked so how can we build residency in the american populous to deal with that fact . Three word answer, evidencebased elections. So being able to demonstrate to folks that this is how its supposed to operate, this is how it operated, dont worry, any mischief, you know, im going very its extremely complicated how you do that, but to the extent we can base trust on the evidence that these systems are resilient thats as good as we can do. People can still worry and thats their problem. I would agree. I would also say for today part of the answer is diversity or complexity, depending what you want to look at it can be our friend and i think is our friend. Its just too damn hard because every state does things differently, every county does things differently. Its awfully hard to have a largescale impact as joe says, its easy to fix the Wastewater Treatment bond but its really hard to change big things because theres just so many Different Things that get crosschecked against each other. And our Election Officials do a fabulous job with not nearly enough resources so we need to not blame them when things dont go the way we always hope because they are doing a fabulous job given their limitations they have. I also agree. The technology is just a fragment of a mosaic that has to be consistent and that is the system. The people should be confident in. Quickly. [ inaudible ]. Please. I promised you, sean. Thanks so much, kelly, i appreciate it. Dr. Hall, you referred to elections as a meadow with very few predators. I was curious other than nation states what some of the other malicious actors look like and if theres any intelligence that leads you to believe that tony soprano is trying to hack an election in suburban philadelphia. So i dont have any evidence that there is any organized criminal that is actually trying to do this. I do think that we see nation state influences in the gus fer kinds of stuff, but im a little wary to attributing that directly to whatever. It seems reasonable. I do think that there are folks who just recognize how valuable some of the data is and that there are people who are, you know as i forgot your name, im sorry, but as he was stating there have been security researchers have found, you know, databases that campaigns have not decommissioned of like all voters that include not only the list of their names but appended commercial data, so even if you have had the addresses removed for all the federal judges in a Voter Registration list if the campaign adds the addresses back on all of a sudden that federal judges address is publicly available and is a very sensitive piece of information. There are people who and there is also sort of the i dont know what to call them, the lols folks, the folks long theres fun to be had here. People poking out all the scripting vulnerabilities on trumps system [ inaudible question ] the second we candidate that is attractive to them they will be elected. Its hard to predict. The one election that i know of that was fixed was the u. S. Rowing association. Why would someone fix an election for the u. S. Rowing association . I dont know. But somebody did. I dont remember if that was an insider or outsider attack. I dont remember. But it sometimes boggles the mind what people think is worth their effort and so im not going to presume who is or isnt, whether its lolsic or nation state or a campaign that has gone off the rails and is willing to try whatever they want, whatever they can in you know, in a neighborhood election. There was a case in one of the colleges in Southern California where a student put keen loggers on the machine in the Student Union building because they really wanted to be elected to the Student Council. Its like, you know, come on, its not that important to have that on your resume, but how many federal crimes but just commit . And the fbi caught them and locked them up for trying to hack the Student Council election. So we need to wrap up but before we go i do want to sort of throw this out there as a Public Service announcement about calling in on election day if you discover problems. There is a group run by a Legal Coalition and i will let joe talk about it. Its very helpful, its been in existence for i dont know how many elections at this point. Since 2002. People can report in problems, long lines, toucher machines not recording what they are intending to report, e poll books not being up and running, any problems you can report to this legal group and they can provide assistance. There are partisan efforts but this is a nonpartisan effort, check out 866ourvote. Org or call 1866ourvote and you can ask questions, you can get help, they will even send a lawyer out if youre having Serious Problems that require legal intervention. That multiple jurisdictions. Nationwide. Every place you can vote in the United States of americas he will be on the ground and available. Thank you. Join me, please, in thanking all of the panelists here for a great discussion. On the campaign trail today Hillary Clinton will be joined by senator elizabeth warren. The two appear together at a rally in manchester, new hampshire, with live coverage at 12 30 on cspan. We will hear from newt gingrich, van jones and Patrick Kennedy and they will look at ways to prevent opioid overdoses and provide addiction treatment. Thats live at 3 30 eastern also on cspan. While congress is on break until after the november elections, were featuring American History tv programs that are normally seen weekends here on cspan 3. Tonight congressional history, at 8 00 eastern former senators bob dole and nancy