Hacking Voting Systems to Be a Federal Crime in US

Criminals caught hacking into a federal voting system in the United States are to be charged with a federal criminal offense. 

The Defending the Integrity of Voting Systems Act was unanimously approved by the House of Representatives last week after gaining a green light from the Senate last year. The legislation will make hacking federal voting infrastructure a crime under the Computer Fraud and Abuse Act. 

Senators Richard Blumenthal, Sheldon Whitehouse, and Lindsey Graham put their political differences aside to introduce the bill with bipartisan support in 2019. Having gained the approval of the Senate and the House, the legislation will now be sent to the president to be signed into law. 

Blumenthal said in a statement that the bill's successful passage through the House on September 21 had come at just the right time to protect the safety of the 2020 presidential election, for which voting began on September 18 in four states.  

"Our adversaries have shown a willingness and capability to hack the infrastructure that powers our democracy, however, our laws and enforcement lag far behind this dire threat," said Blumenthal.

“This bill must now quickly become law so every vote counts. Nearly a month out from our 2020 elections, there’s no time to waste.”

The origins of the bill stem from a report shared by the Justice Department’s Cyber Digital Task Force in July 2018. 

In the report, the task force noted: "The principal statute used to prosecute hackers—the Computer Fraud and Abuse Act (“CFAA”)—currently does not prohibit the act of hacking a voting machine in many common situations. In general, the CFAA only prohibits hacking computers that are connected to the Internet (or that meet other narrow criteria for protection)." 

The task force warned that electronic voting machines that are typically not connected to the internet would not meet those criteria.

"Consequently, should hacking of a voting machine occur, the government would not, in many conceivable circumstances, be able to use the CFAA to prosecute the hackers. (The conduct could, however, potentially violate other criminal statutes.)," noted the task force.  

What’s Hot on Infosecurity Magazine?