President Trump is holding American election security hostage in a bid to suppress votes in his reelection campaign.

On Tuesday, Trump tweeted that “No debate on Election Security should go forward without first agreeing that Voter ID (Identification) must play a very strong part in any final agreement. Without Voter ID, it is all so meaningless!”

In other words, he is explicitly acknowledging that he will allow known vulnerabilities in American election security infrastructure to remain as inviting targets to foreign adversaries of the United States — unless he gets his way on a long-standing Republican priority.

But the evidence is clear: Foreign attacks on American democracy are an urgent, ongoing threat to national security that could result in the entire democratic process being rigged or hacked. On the other hand, voter fraud — the problem that voter ID legislation is ostensibly trying to solve — has already been solved. It’s a minuscule problem that poses virtually no threat to American elections.

In late July, the Senate Intelligence Committee — a committee led by Republicans — reported that the Russian government targeted election systems in all 50 states during the 2016 election. While there is no evidence of changed votes, Russians gained access to systems that would have allowed them to change voter data, to delete voters from the voter roll, or to change voter information in at least one state. The report also highlighted that foreign adversaries continue to stage attacks on American democracy. They are happening right now.

Worse, the outdated voting machines used in several states are easily hackable. Furthermore, despite official statements that voting machines are never connected to the Internet, researchers discovered that 35 election systems have been accessible online, including some in crucial swing states. In the past, hackers trying to demonstrate the borderline comical level of security in some voting machines successfully turned one of them into a “Pac-Man” game.

In the 2018 elections, 12 states still relied on direct-recording electronic (DRE) voting machines that do not create an auditable paper trail. If they are hacked, there’s no reliable way to be sure exactly what voters intended. Votes could be changed and nobody would be the wiser. The hackers would get to decide who our leaders are — and they would possibly even get away with it without anyone noticing.

Therefore, it’s not a question of whether or not American voting machines will be hacked. It’s a question of when. And all signs point to 2020 being a prime target.

Russian information warfare during the 2016 election was child’s play compared with what is coming. In the future — and likely as soon as 2020 — there will be a series of copycat attacks as other foreign adversaries of the United States realize how cheap and effective such attacks can be against a country that refuses to fix glaring vulnerabilities. Moreover, domestic copycats will likely get in on the game, hacking campaign servers and digitally breaking into election infrastructure to cause chaos or support their favored candidate.

In some ways, the biggest threat is the risk that American citizens will lose all confidence in the integrity of their elections. Democracy cannot function when people suspect — potentially with good reason — that their elections were stolen.

What would the United States do in 2020 if, say, every voter with the surname Martinez was deleted from voter registration databases in Florida? What if voting machines were hacked in Pennsylvania? Or what if the machines or the databases were shut down altogether, creating chaos and enormous lines on Election Day? These aren’t far-fetched scenarios. They are realistic possibilities if we do not act to prevent the obvious threats staring us in the face.

The House has passed common-sense reforms aimed at mitigating some of these threats. Mitch McConnell (R-Ky.) is doing a favor to the Kremlin by continuing to block it from an up-or-down vote in the Senate. But now Trump is also holding election security hostage, saying he’ll refuse to even debate urgently needed fixes until legislation mandating voter identification is passed.

In short, foreign attacks on American democracy are a real threat. Widespread voter fraud, on the other hand, simply is not.

One comprehensive study of voter fraud from 2000 to 2014 found just 31 fraudulent ballots out of 1 billion cast during that period. That’s one case of voter fraud for roughly every 32 million ballots. That study is representative of a consensus from academic research, government investigations and court cases. Americans are more likely to get struck by lightning than to commit voter fraud.

Strict voter identification laws (particularly those in states that mandate cards but force voters to seek them out and pay for them) routinely result in the disproportionate disenfranchisement of poor and particularly minority voters — demographic groups that tend to vote against Republicans. The evidence is clear: Far more legitimate voters are blocked from voting by strict voter identification laws than the comparatively tiny number of fraudulent votes that would be blocked.

Trump is using election security — a core part of America’s national security — as a partisan bargaining chip. Congress must act swiftly and make clear that the urgent threat to American elections from enemies foreign and domestic is neither a partisan issue nor one that can be used as political leverage to tick off another item on the Republican wish list.

Read more: