Referred to the Committee on House Administration, and in addition to the Committee on Science, Space, and Technology, for a period to be subsequently determined by the Speaker, i…
This bill amends the Help America Vote Act of 2002 to require penetration testing as part of testing, certification, decertification, and recertification of voting system hardware and software by accredited laboratories.
It tasks the Director of NIST with recommending entities for accreditation to perform penetration testing, with the Election Assistance Commission (EAC) voting on accreditation.
The bill also establishes a five-year Independent Security Testing and Coordinated Vulnerability Disclosure Pilot Program for Election Systems (VDP–E) to enable vetted cybersecurity researchers to test vendor election systems and coordinate disclosure of vulnerabilities, subject to rules (including a typical 180-day embargo and vendor obligations to provide patches).
On substance the bill is moderate in scope, technocratic, and contains compromise elements (pilot, voluntary participation), which improves its prospects. However, it introduces legally sensitive protections (CFAA/DMCA safe harbors), a FOIA exemption, vendor obligations to share code/patches, and a ’deemed certification’ backstop—elements that can generate pushback from multiple stakeholder groups and invite amendments. Absence of explicit funding and potential intergovernmental tensions add uncertainty.
Relative to its intended legislative type, this bill is a substantive policy change that is generally well-structured: it amends HAVA, assigns roles to federal agencies, prescribes timelines, and creates a defined pilot program with legal safe harbors and FOIA exemption. It integrates cleanly with existing statutory provisions and supplies a number of concrete procedural mechanisms.
Transparency vs. secrecy: progressive worries the FOIA exemption reduces public oversight; conservative may welcome the exemption to prevent leaks.
Transparency vs. secrecy: progressive worries the FOIA exemption reduces public oversight; conservative may welcome the exemption to prevent leaks.
A liberal/left-leaning observer would generally view the bill as a constructive step to strengthen election cybersecurity by requiring penetration testing and by creating a coordinated vulnerability-disclosure pilot that brings researchers and vendors together.
They would welcome mandatory penetration testing in certification processes and the safe-harbor provisions that allow researchers to test without immediate legal risk.
At the same time they would be concerned about limits on public transparency (the FOIA exemption), possible gatekeeping from strict vetting that could exclude independent researchers, and whether under-resourced local election officials will get timely help.
A centrist/moderate would likely view the bill as a pragmatic, technical improvement to election cybersecurity that uses established federal technical bodies (NIST, EAC, DHS/CISA) and a limited pilot to manage risk.
They would appreciate voluntary participation for vendors, safe-harbor protections for researchers, and the use of a 5-year pilot rather than a permanent broad program.
Key centrist concerns would be clarity on costs and responsibilities, operational timelines (90- and 180-day deadlines), and appropriate oversight to prevent abuse of exemptions.
A mainstream conservative would approach the bill with mixed feelings: supportive of stronger election security in principle, but wary of expanding federal involvement, new regulatory steps tied to certification, and potential exposure of sensitive systems to outside researchers.
They may appreciate the FOIA exemption as protecting sensitive vulnerability information but worry that broad researcher access (even if vetted) and federal coordination could lead to federal overreach or mishandling.
Concerns would also include potential costs imposed on vendors or states, and whether safe-harbor protections unintentionally legalize intrusive activities.
Reached or meaningfully advanced
Reached or meaningfully advanced
Still ahead
Still ahead
Still ahead
On substance the bill is moderate in scope, technocratic, and contains compromise elements (pilot, voluntary participation), which improves its prospects. However, it introduces legally sensitive protections (CFAA/DMCA safe harbors), a FOIA exemption, vendor obligations to share code/patches, and a ’deemed certification’ backstop—elements that can generate pushback from multiple stakeholder groups and invite amendments. Absence of explicit funding and potential intergovernmental tensions add uncertainty.
The bill has not accumulated any surfaced votes yet.
Transparency vs. secrecy: progressive worries the FOIA exemption reduces public oversight; conservative may welcome the exemption to preven…
On substance the bill is moderate in scope, technocratic, and contains compromise elements (pilot, voluntary participation), which improves…
Relative to its intended legislative type, this bill is a substantive policy change that is generally well-structured: it amends HAVA, assigns roles to federal agencies, prescribes timelines, and creates a defined pilot…
Go beyond the headline summary with full stakeholder mapping, legislative design analysis, passage barriers, and lens-by-lens tradeoff breakdowns.