Democrats scrambling to protect data from election hackers — but there’s no road map
Hacker (Photo: Shutterstock)

While the hackers that attacked the Democratic National Committee dropped a lot of information and documents, more is coming.

According to a Politico report, political candidates are already asking new campaign managers what they're doing to protect against hacks. The Democratic Congressional Campaign Committee already moved from email to an encrypted messaging app for communication. Everyone is warning against campaigns being hacked.

Democrats have also told consultants to start using Wickr to encrypt their communication inside the DCCC, but they've been slow to comply, putting the Democratic Party at risk again.

While smaller campaigns at the state or local level won't be the major target that Hillary Clinton and the DNC were, state Democratic Party chapters are being told to get on the same page. They see the only way to prevent another hack in 2020 by creating a culture of careful staffers now.

“I just don’t think there’s anyone whose job it is, really. There’s no clearinghouse,” campaign manager Michael Ambler told Politico. He's working on the Maine gubernatorial race. “For finance or fundraising or field, there are best practices … passed down from older campaigns. There really isn’t anything comparable for data security.”

Republicans are reportedly doing the same. While their data wasn't leaked in 2016, hackers warned that they hacked both the DNC and the Republican National Committee.

“There’s no recommendation on our side,” said Republican consultant Brad Todd, who deals primarily with Senate and House races.

Democratic committees, by contrast, are eager to impliment protections. They've hired new chief technology officer, Raffi Krikorian, and they're conducting anti-phishing drills. Even DNC Chairman Tom Perez is using the secure messaging app Signal, according to a BuzzFeed report. For candidates, they're developing a "campaign toolkit" that can help those running for office protect their data.

The DCCC has followed suit with the use of Wickr and encrypting their data. But when it comes to requiring consultants use it, they're not as strict.

“They’re advocating it in theory but not pushing the practice,” one Democratic consultant who deals with the DCCC said. “They could say, the DCCC will not be on your calls or emails without Wickr. But they’re not. None of my campaigns are using Wickr at the moment. Change is really tough, and email is the central funnel.”

One DCCC aide called it “irresponsible” for consultants not to protect their communication with the DCCC. One of the things the DCCC does is ask their candidates to send the research they've done on themselves that they assume their opposition is doing. They had much of that information stolen last year and want to ensure it's protected.

“The committees have to be repositories for this information, and that makes it important for them to show they can handle it,” a second Democratic operative said.

For campaigns, they're giving recommendations but not requiring campaigns take the dramatic strides. Higher profile campaigns, however, are taking it seriously and hiring their own cybersecurity firms.

Cybersecurity is “really one of the most challenging things I’ve dealt with as a manager, because it’s not my expertise and it’s not the expertise of the majority of people who work in this business,” said campaign manager Anne Caprara, who works for Illinois Democrat J.B. Pritzker.

Republicans are in the same boat.

“I will say that we have a full-time cybersecurity team on staff,” said NRCC communications director Matt Gorman. “The first rule of effective cybersecurity is not to talk about cybersecurity measures. That said, it is an absolute priority for us. For over a year we’ve taken considerable steps to heighten our posture.”

Candidates are starting to ask vendors questions about how they encrypt their data too.

“I’m definitely finding an appetite for candidates to be more secure than they were,” said GOP consultant Kyle Robertson. Though, he warns there's no way to prevent an attack in a "decentralized world."

“You could never really control what emails people use to communicate,” he said.

Even a breakout session for a Progressive Change Campaign Committee training focused on data protection

“They basically talked about different apps and different platforms that [campaigns] could use,” said progressive candidate Dr. Rob Davidson. “It was an hour-and-a-half breakout session, [but] it wasn’t in-depth. It was one of the add-on ‘Oh yeah, campaign security’” sessions.”