NASHVILLE — Tennessee's top election officials sought Tuesday to assure state lawmakers about the integrity of voting procedures here, outlining a number of security measures they've taken to protect against potential disruption.
Secretary of State Tre Hargett and state Elections Coordinator Mark Goins reiterated to Senate State and Local Government Committee members that Tennessee wasn't among the 21 states the U.S. Department of Homeland Security notified late last year about attempted breaches of their systems by Russians in the 2016 elections.
"We were one of those states that had not been breached," Hargett said, but added his agency, which is also responsible for business, charitable and other filings, is constantly the target of email spammers and "phishers" seeking to obtain sensitive information such as user names and passwords.
"Each and every day we are under attack, cyber attack," Hargett said.
Goins and Hargett said federal officials initially wouldn't share information about attacks with Tennessee and other states because top officials had no security clearance. That has since changed, the two officials said.
In fact, Goins said, state officials now have a "good relationship" with federal officials and FBI experts, and Tennessee Department of Safety and Homeland Security personnel have since provided training for Tennessee election officials.
"We certainly put into our training cyber security, and it will be something we're focusing on now and it's something we'll be focusing on going forward," Goins said.
Similar training, Goins said, is being extended by his office to officials in the state's 95 county election offices.
Goins said that the main "threat" he sees Tennessee facing is on election night when 95 locally run election offices send their results to the state, which then posts results to its website.
"We felt like our biggest threat in Tennessee [is] that someone would come in and try to embarrass us by changing election results on our website. In other words, you're not going to change it on the local level because that's where the results truly are housed. But they have a mechanism to get the results to us."
While it wouldn't impact the election outcome, Goins added, it could shake voters' confidence.
He said "we spent months on developing a system to where if something like that were to happen, it'd be extremely isolated to where we can control it and also come up with a communications plan on how to inform the public."
That is "what's keeping me up at night," Goins said.
Another agency official in Hargett's office said that as a result of working with them, workers "are getting more and more sensitive to those types of emails." Moreover, changes to operational systems are carefully controlled in terms of timing, testing and use of security questions.
Hargett was questioned by Sen. Richard Briggs, R-Knoxville, about a November 2016 claim in a letter that Shelby County voters' personal data was compromised in 2008.
The secretary said he asked the Tennessee Bureau of Investigation to look into the claim. The problem, Hargett said, arose from Shelby County serving as a pilot project for a company's electronic system that contained voters' names and some personal identifying information.
The secretary said the company apparently did "lose chain of custody" in what "may have been a perfect storm."
It remains "not exactly clear," Hargett said, adding the state has since made clear to vendors that if they want to have a pilot project in Tennessee, "it's their responsibility it [information] does not leave the county." He called the 2016 letter "misleading" because the "good news" was that voters' Social Security numbers were not part of the database.
Meanwhile, Senate Democratic Caucus Chairman Jeff Yarbro of Nashville pressed Hargett and Goins, both Republicans, about Tennessee's participation in multi-state voter data collection, known as the Interstate Crosscheck System, which is intended to ferret out voter fraud across state lines.
The program was initiated by Kansas Republican Secretary of State Kris Kobach, who later became controversial for his claims about the extent of fraudulent voting nationally as the vice chairman of President Donald Trump's now-disbanded election integrity commission.
Tennessee and 20 other states send their voter registration files to Kansas, where their names and some identifying personal information is compared with other states in an effort to find duplications. States then can seek to purge them from voting rolls.
The Washington Post last year reported that a group of academics found the CrossChecks program rife with "false positives."
Yarbro said there were also "deeply troubling" reports about the Interstate CrossCheck System's security, adding it is "difficult to overstate the carelessness."
Moreover, the Democrat said, studies say a "novice hacker could get in and really do some damage." And he questioned why Tennessee doesn't use a consortium formed by other states that he said had better performance and security.
"How do we justify continuing to be involved in that?" he asked Goins of CrossCheck. "How do we use that data?"
Goins said Tennessee works to verify what CrossCheck sends.
"It's not just matching first name, last name, birthday. It's looking for signatures," he said, adding Tennessee asks to see actual voter registration forms from states where there has been an apparent match. "If we have a question, that person may be removed. But we're painstakingly thorough. We follow the process."
That includes sending letters to voters' home addresses asking them to verify their information is correct before the state seeks to purge them from voting rolls, Goins said.
During the 2016 election, Republican officials' purges of infrequent voters in states such as Tennessee and Ohio triggered complaints that their efforts were overly aggressive and disenfranchising legitimate voters.
Complainants sued Ohio and won in the U.S. 6th Circuit Court of Appeals, which also covers Tennessee. The case is now before the U.S. Supreme Court, which heard oral arguments in the case last week.
Contact Andy Sher at email@example.com or 615-255-0550. Follow him on Twitter at @AndySher1.