The impact of the catholic vote posted by catholic universitys institute for policy research. It is live at 9 00 a. M. Eastern. Were live with technical and policy experts looking at the implications of the militarys use of artificial intelligence. Watch both on cspan2. Tonight on the communicators, scott walton, resident in senior fellow at the policy institute and the Senior Vice President at Public Knowledge talk about their opposing views of the at t time warner merger and what that means for telling communications. They are interviewed by bloomberg. Content. Er he is right. That is the way the vertical merger could be competitive. If they treat their own that is going to be the Biggest Issue that the Justice Department will want to look at. Concedes what you get out of your breakfast out of your smart refrigerator, when you go to work in the morning, when youre walking by mcdonalds on the way to work, and can combine that with content that you get from this to dissect every element of your life. Watch the communicators tonight at 8 00 a. M. 8 00 p. M. Eastern on cspan2. Now election in Cyber Security professionals on how results are examined and verified. Protecting the system. This Aspen Institute event is about an hour and a half. Welcome to the Aspen Institute. Im charlie firestone. We are a nonpartisan nonprofit policy program that addresses andimpact of Communications Information technology on Democratic Institutions and values. I can think of no more basic Democratic Values and free and fair elections. Its essential to the legitimacy of government and the faith of the people in the democratic process. Program hasrs this looked at issues of elections and cyberspace, campaigns in cyberspace, and American Media and voter information. We have been very interested in this topic for many years. The electoral process has been called into question in a couple of ways. There have been allegations of fraud and rigging in the election. We wanted to address it directly. There are allegations of foreign governments hacking institutions. Of theluence the outcome election. For these reasons we have allied with the Election Verification Network. 185 professionals. Officials,ection Computer Scientists, attorneys and others who look at the election verification process and are also assiduously nonpartisan. The question we face is how do we know that the votes we cast are the votes that are counted and reported . We have a great panel to look at this question. Im very proud of the group weve been able to assemble. Gardo on our panel is edh cortez. Is the chief election officer of virginia. He has been at this issue over 15 years. The assistants attorney general for National Security until only a couple of days ago. Top nationalions security attorney overseeing 400 employees responsible for protecting the country against espionage,al espionage sabotage, terrorism, Cyber Breaches and other National Security interests. We have Susanna Goodman who is director of common clauses voting Integrity Campaign aimed at repairing and strengthening Voting Systems at the state and national level. Coauthor of a very important report called secret ballot at risk. Is the former chairman of the federal election , appointed in 1991 by president george h. W. Bush. He served as general counsel to senator john mccains president ial campaign. He is our go to election lawyer. He was very involved in all of the reports dating back to the 90s and also known to many of us as the lawyer for stephen c, americans for a better tomorrow tomorrow. Is david sanger who is the National Security correspondent and dean of the New York Times washington office. Senior writer who has identified this issue. Wrote a seminal article on it with Charlie Savage a couple months ago. David, take it away. Hashanks to Walter Isaacson given us the space and encouragement on doing this. I cant think of a more central issue for the Aspen Institute to be taking up. Its really at the intersection of fundamental Building Blocks of our democracy. And fundamental questions of what kind of society we want to begin what kind of defenses we want to have. Of a better panel for putting this together and im delighted to see we have a full house. Let me leave it in at what may be the biggest difference we are seeing this year. Concerns asys had susanna and others have written about. Security of secret ballots, the ability to get to the polling place, the ability to have the insurance that your vote is being counted accurately. This year we have suddenly had a new layer of conserving. Concern. I think its the first time we have ever had the serious allegation that another nation state seeking either to influence the outcome or simply disrupt the conduct of the election. Those are quite different things. I thought i would start with you, john, and your newly one freedom newly won freedom. To measure every word about whether you are speaking for the administration. I thought i would ask you to take us a little bit through the discovery by the Obama Administration and the Justice Department that you were facing for the first time a nationstate adversary in russia the just to take at face value the statement came out from the department of Homeland Security two weeks ago suggests that in fact they were seeking to actively get engaged. Not only break into political entities like the dnc but to weaponize and release that information. Tell us a little bit about the debate about how to respond to that. Put two trends together. A nationstate attempting to gain information by hacking into election campaigns or other infrastructure isnt new. As chief ofjob staff to the director of the fbi i first met the Obama Campaign and the Mccain Campaign in 2000 when we were informing each of them separately and in a classified setting that later became declassified that there emails had been compromised by china at the time. They werement was inside the system in order to gain strategic intelligence. I wanted to know how these individuals thought that i might try to use against some of those campaign individuals depending on who was elected. Not that they would do what is sometimes referred to as doc doxxing. Russia we also have a long history of russia trying to run influence campaigns were in the United States along with the rest of the World Without revealing that it is sponsored the russian government or russian intelligence will try to plant stories in newspapers or other venues to influence the outcome of the election. We have seen russia attempt to undermine democracy recently in countries outside of the united and europe as the germans have publicly discussed or in elections in other parts of the world. What we saw here was a tobination of the ability get in through new technology to obtain information and then marrying it with a campaign to undermine confidence in the democratic system by releasing weaponize thing or using it to x along with other methods. There is one we all should have been able to see whats coming. With as we have moved more of our infrastructure from analog to digital form over movedst 25 years we have almost everything we value from analog to digital. 97 is now digital with the exception of david who continues to write on napkins. [laughter] we call that analog. We didnt just make it digital. We connected all of this data to the internet. A medium that was fundamentally never designed with security in mind but designed to communicate. On the cusp of the next transformation. It may be as significant as the transition from the horse and orgy to an automated car from a car with a driver to a driverless car. 2020 we estimate 70 of the cars on the road will essentially be computers on wheels. This isnt just what we are seeing in this case which is weaponize and information. We are moving almost everything thee that functions electrical grid, cars, pacemakers, drones we are connected to the internet of things. Make theant do is same mistake we did when we moved from analog to digital in the first instance, which is we cant systematically discount the risks posed not as to whether this works but whether it will work in all the same bad guys that will move to the new technology. Crooks, terrorists, nation states. Those who want to actually illegally with a political agenda. All of those same actors are going to try to exploit this internet of things. We have to build in security by design on the front end which we are not doing effectively enough to date. Comeinternet of things with things that make them unsecure. We needed enforcement regime to show that there can be deterrence. We will come back to the internet of things question because it raises so many for all of us. In the case of dealing with russia imposes a particularly difficult deterrence issue. Your time in office i think you made enormous progress in making it clear that if there was an attack on the United States at various times there was going to be the u. S. Response. Managed to do in dykemans in the iran attack on the banks indictments in the iran attack on the banks. Have begun to establish that even without using Intelligence Data you can build a court case. When youre dealing with russia its a lot more complicated. Lot more complicated because we have so many other things going with russia. ,iscussions over syria, Iran Nuclear Negotiations at various points. Its a big complicated relationship. Us inside the considerations you have been about how one deals with trying to deter russia. But itd strike back now may not be the right thing to do at this moment when you are only a week and a half out from the election and they are going to have another response. You are right to put it into historical frame. The approach of taking nationstate related intrusions out of the world of intelligence where the primary consideration yourearning about adversary and protecting your sources and methods to one in which doing the investigation and attribution in such a way that one can make it public. That was important because if you dont figure out who did it and theres no deterrence and you cant apply all the usual calculus we have applied to try to prevent nationstates from doing disruptive things to those who would do us harm. Doing the investigation attribution in a way that we can be public about the results. We have been willing to accept that may cost. At times it may improve the tradecraft of an adversary. Imposing consequences. That may sound like a commonsense approach because we have applied it in so many other fields. Area and we this really only first started reorganizing government to move down this path in 2013. When we brought the first case in the spring of 2014. We have brought actions against korea. Iran, north i think there are common traits with the attack against sony. Attack againstan a company or a victim. It was an attack against our values. They were trying to undermine a core value which is free speech. As part of this relatively fastmoving transition to this new approach each time we have contemplated in an action there has been a lot of discussion around the situation room table just like we have one we think about how to confront the terrorist threat or proliferators. In those other areas where we have gotten good and are at a fast pace each of the Department Agencies has a playbook. Heres what i can do under my legal authorities. Heres a range of options i could apply. The Treasury Department might say we could apply sanctions against the individual or state responsible for this action. Here ormight say criminal indictments or here is information we have collected in a way that we could make public. The commerce Department Might say we can use an authority we to designate certain entities as those who are counter to National Security interests of the United States and make it impossible to do business with them without an export license. Theres diplomatic measures one can take. U. N. Resolutions, military options. Options. Unter cyber depending on the particular authorities that will be different. From defense of things, Homeland Security could do ranging to covert action or openly declared military action. We have gotten very good at applying that framework of coming up with a response with these other threats. What is new is applying it against nationstate cyber actors. You have seen us run this rcise with sony resulting in less than 28 days publicly naming north korea and introducing sanctions. There are some things you see and some things you dont but there will be consequences. Need to investl in creating a maximum amount of tools for a decisionmaker to use when it comes to Cyber Threats or activity. That is something in terms of things the next administration can focus on to put resources and figuring out who did it put resources into continuing to develop those tools or playbook. They ran an important point in this of you have heard phrase which is we are going to respond at a time and place of our choosing. That is our doctrine in terms of the types of consequences. Although we are going to figure out who did it, make public who public thatake there will be consequences it doesnt mean in every case what the consequence is will be public. I think thats to preserve the maximum amount of options for the decisionmaker to craft the response that best suits that particular adversary and the scale of what they did. It is vitally important and sometimes it gets conflated. To apply we have tried this framework of imposing consequences and making it public it gets very much analyzed within government and terms of the relationship with that particular country. When we in guided five members of pla for stealing across to things like leadpipe designs. Theft there that is was a lot of discussion about what does this mean for china and how is this carefully tailored to china. Similar people said north korea is notoriously difficult to impact. Sense to evenny try to impose a consequence with north korea . With iran people said you just signed this deal why would you take action against iran for denial of service attacks over two years ago . A place where to we stop analyzing these in relation to the particular country. When you commit destructive attacks whether it is affecting hundreds of thousands of customers and costing millions of dollars by attacking our banking system, stealing from private companies for economic we are going to figure out who did it, make it public and impose consequences tailored to what you did. That sends a message not just to each country but to all the other countries as they try to figure out a framework were going to apply. Means continuing to clearly articulate what those red lines are. When we consider it to have caused harm. Susanna, you have seen lots in which election systems in the United States have gone wrong. Before we all gathered here you mentioned a really interesting case in colorado. Tell us what your biggest concerns are and then tell us how the addition of a nationstate after coming into this makes this a hard problem to solve on the ground in the states where many of the states dont have the advantage of the Intelligence Briefings that john would get every morning at his old job. Im part of the Election Verification Network which is a consortium of Computer Scientist advocates and state policymakers. For as long as we have been in existence which is over 10 years we have been looking at this issue of what happens in the elections when the machines we rely on fail . Either the equal books where we check in or the statewide Voter Registration based or the machines. These are questions we have been looking at for a long time. We have come up with remedies for this. One thing we love to point out is that the folks that are most we recommend there always be a paper ballot or a paper record. This is championed most wholeheartedly by the Computer Scientists. By the people that Love Technology the most. That invented the cryptography that allows you to buy and sell stuff over the internet. The geeks that love the computers say you need to vote a paper or there needs to be paper record that you have verified for every vote cast. There are five states that have no paper backup and a number of states including some swing states that have only partial. Thats right. Its better than it was. Paper is the gold standards. Those states do other things. There are other ways those states handle those problems. In 2004 4000lina votes were lost on this computerized Voting System. The election was in limbo for months. Paper youont have just cant go back and recount. When you have close elections they put those paper ballots up on the internet and said you decide. Transparency,l of scrutiny, reliability with paper. Does North Carolina now have full paper . Absolutely. It always takes a crisis. Many of the states that moved to paper moved bec