By Joseph Marks
Senate Majority Leader Mitch McConnell (R-Ky.). (Aaron P. Bernstein/Reuters)
As Congress returns this week, Mitch McConnell remains the one-man roadblock for Democrats' election security bills. He's still refusing to allow a vote, even as Democrats deride him as “Moscow Mitch” and accuse him of inviting Russia to interfere on Republicans' behalf in the 2020 election.
But why is McConnell so staunchly opposed?
Republicans and Democrats offer a fairly straightforward theory: McConnell is wary of drawing the ire of President Trump, who has repeatedly wavered on whether Russia interfered in the presidential contest — and seems to view traditionally bipartisan discussions about election security as delegitimizing his unexpected 2016 victory over Hillary Clinton.
“This is a narrative that the White House doesn’t want to approach,” David Jolly, a former Republican House member from Florida and an outspoken Trump critic, told me. “The president’s not comfortable talking about it. He’s someone with a fragile ego. And McConnell is happy to coordinate with this White House. That’s the only thing that explains it.”
McConnell is likely also concerned about the political fallout for Republican senators, several of whom have supported and even co-sponsored election security bills in the past, says a former Democratic Senate staffer who worked extensively on cybersecurity issues during the Obama administration.
“It would put Republican senators in an awkward spot of having to vote against election security or vote for it and potentially anger Trump or anger some of his base if he were to tweet how bad the bill is,” said the former staffer, who spoke on the condition of anonymity to speak frankly.
The issue has become political firestorm on the campaign trail — and a key talking point for Democrats who point to testimony from intelligence officials and former special counsel Robert S. Mueller III warning that Russia is eager to compromise the integrity of the 2020 election, and states and localities complain they don’t have enough money to fix digital vulnerabilities on their own.
Senate Minority Leader Charles E. Schumer (D-N.Y.) has openly speculated that McConnell's reticence is because he hopes Russian President Vladimir Putin, who officials say directed the hacking and disinformation operations to aid then-candidate Trump in the last election, will try to help the president and other Republican candidates next time.
McConnell himself has doubled down on a wonkier argument: that any federal election security mandates would trample on states’ rights to run their own elections. In an impassioned 25-minute Senate floor speech last month, he claimed Democrats' real goal was “nationalizing election authorities” and that they were pushing for “partisan wish list items that would not actually make our elections any safer.”
A McConnell staffer told me that “we don’t engage in hypotheticals about potential support for legislation that doesn’t exist” — though Democrats have introduced numerous election security bills this Congress. Democrats are largely united on bills that would mandate that states use paper ballots and perform cybersecurity audits, require candidates to disclose foreign agents’ efforts to interfere in election races, and deliver $1 billion in election security cash to get it done.
Jolly, like several other people I spoke with, expressed disdain for McConnell's states’ rights argument. “If a state was [physically] attacked by a nation-state, we wouldn’t rely solely on that state or their National Guard to respond,” he said.
Daniel Schuman, policy director for the liberal advocacy group Demand Progress who writes a popular newsletter focused on congressional technology priorities, compared McConnell’s argument to claiming the federal government shouldn’t help states recover from hurricanes and other natural disasters.
From McConnell's perspective, there has been real progress on this issue already. The McConnell staffer pointed to $380 million in election security funding that Congress appropriated to help states with election security in 2018 and to several smaller bills the Senate has passed related to election security, including one that would deny entry into the United States to foreign citizens who violate U.S. election laws.
The staffer also provided excerpts from a letter McConnell sent last month to Kentucky’s top election official stating that “the Senate will continue to consider serious bills that attend to real obstacles that still face federal, state, and local authorities as they work together to secure our elections.”
Yet polling shows election security is also a lower priority for voters than hot-button issues such as immigration and health care, Jolly pointed out, which means there’s less political pressure on McConnell to push on election security and risk upsetting Trump. “This is a failure of leadership by McConnell and it’s a raw political consideration,” Jolly said.
It appears unlikely McConnell will shift course and allow votes on substantial election security bills later this Congress. But several people suggested, however, that he might support delivering another chunk of money to states to improve election protections — so long as no election security mandates came with it.
Sen. Ron Wyden (D-Ore.), who sponsored one of the most mandate-heavy election security bills — which would require that states use hand-marked paper ballots and conduct rigorous post-election audits — told me last month that he’d strongly oppose giving states more money without requiring them to follow cybersecurity best practices.
But other Democrats may be more willing to make the compromise.
United States Office of Personnel Management in Washington. (Sarah Silbiger for The Washington Post)
Wikipedia. (Peter Byrne/PA Wire)
Paul Nakasone, Commander of the U.S. Cyber Command (Zach Gibson/Bloomberg News)
The command posted 11 samples of malicious software to VirusTotal, the tool Cybercom uses to share examples of malicious software with the cybersecurity research community — all of which appeared to be linked to the hermit kingdom, according to cybersecurity researchers.
The release also appeared to be timed to a national holiday in North Korea celebrating the nation’s founding, as Andrew Thompson, a threat analyst at the cybersecurity company FireEye, noted on Twitter.
Attribution, subtle or otherwise, is a key component in any deterrence strategy. You need the adversary to know that the myth security researchers have been perpetuating, that cyber offers a non-attributable venue to conduct attacks, does not apply against your capabilities.— Andrew Thompson (@QW5kcmV3) September 8, 2019
Here’s more on the release from Axios’ Joe Uchill. And background on VirusTotal and North Korea from CyberScoop’s Shannon Vavra.
— Coming up:
- The Senate Appropriations Subcommittee on Department of Defense will meet Tuesday at 10 a.m.