Robert Mueller, the special counsel who investigated Russian interference in the 2016 presidential election, emphasized that the interference in the 2016 presidential election was not a one-off event. "They are doing it while we sit here. And they expect to do it during the next campaign," Mueller said in his congressional testimony in July. A 61-page report from the Senate Select Committee on Intelligence sketches out just how helpless a local election IT staffer is against "Russia's cyber army."

Rick Hasen, chancellor's professor of law and political science at the University of California Irvine School of Law says Congress likely won't be passing election interference legislation on a federal level. Instead, the United States' counties and states–Hasen said he's watching the Georgia voting machine case carefully–are all that's between the 2020 presidential election and Russia's horde of hackers.

The National Law Journal spoke with Hasen about the legal roadblocks and threats facing the nation's voting infrastructure. The conversation has been edited for length and clarity.

What are some of our biggest election interference threats?

If you think about the 2016 election, we saw three different kinds of interference. The first was the intrusion into voter registration databases, which was the subject of the recent Senate report that shows that Russian government agents and others at least probed the election systems of likely all 50 states. These are not the systems that would count votes, but they keep records of people who are eligible to vote. So, the concern is that someone can mess with the voter registration databases or hold it hostage. Under this category, another potential form of interference is with other parts of infrastructure, such as the electrical grid or disruptions that could mess with Election Day. The second was the hacking of emails from the Democratic National Committee and other Democrats, and the release of politically embarrassing information. That's certainly something we could see again, and it wouldn't necessarily be done only to favor President Donald Trump or by Russian government agents. The third kind of threat that we saw in 2016 was social media manipulation, trying to use the polarization of American society to further drive wedges between the parties and ultimately try to help Trump get elected.

What makes our voting infrastructure particularly vulnerable?

The fundamental piece of information you need to understand the threat is that our election system in the United States is highly decentralized. This is unusual in advanced democracies. Usually the national government would be the one conducting the election on uniform machinery with uniform standards. Instead, the states have primary responsibility for running even federal elections, and that power is often devolved to counties. So not only are there variations between states, there are variations within the states. Those who are trying to prevent hacking and other forms of interference have to be aware of not one system, or even 50 systems, but thousands of systems with thousands of potential points of vulnerability. Some of those places that run elections are going to be resource-starved counties without adequate staffing or money to deal with the threat of a concerted attack from a foreign adversary.

Are there any legislative proposals to create a more centralized system?

There's been a tremendous amount of resistance on the Republican side to centralization. There's even resistance from some quarters toward assistance from the federal government out of a belief that the Department of Homeland Security's recognition of the voting process's critical infrastructure was a power grab. We did have Congress pass some legislation that would provide additional funding to upgrade voting machinery to make it less susceptible to interference. Additional proposals, for which there has been bipartisan support, have been blocked in the Senate by [Majority Leader] Mitch McConnell. So, it's unlikely that we'll see further significant legislation before 2020.

We're seeing things happening state by state in places like Georgia and Pennsylvania, which had among the most insecure voting systems, moving to adopt new voting machinery. And the federal government's primary role has been the provision of extra funding and expertise from the Department of Homeland Security. As a nontechnical person, it's hard to know if what the federal government is offering is adequate and helpful beyond what the states can do for themselves.

What lawsuits are you watching that could shape this area of the law?

One of the most important lawsuits is ongoing in Georgia, where there's been a fight over the security of voting machines. Georgia announced that it's going to buy a brand-new voting system, and some of the groups involved in the ongoing litigation are not satisfied that the new system is sufficiently secure. There's a divide among election reform and integrity proponents as to whether this newest wave of voting technology, which uses ballot marking devices, is secure enough. What these machines do is print out a QR code or bar code, as well as the names of candidates and ballot measures that the person voted for, on a printed receipt. When the ballots are counted, the code is scanned. The question is whether that machine-readable code, which is the basis for the vote count, is secure enough. Opponents say we don't know what's behind the code. I expect we'll hear something in relatively short order on this litigation, because the plaintiffs are trying to prevent the use of old machinery next year.