In two long-awaited congressional events this week—Robert Mueller’s testimony before two committees, and a Senate Intelligence Committee report about Russian meddling in 2016’s presidential election—threats to 2020’s elections were raised, but little light was shed on the specifics.
When House Intelligence Committee member Rep. Will Hurd, a Texas Republican, asked Mueller about possible Russian interference in the 2020 election, Mueller gave one of his more ominous replies.
“It wasn’t a single attempt. They are doing it as we sit here, and they expect to do it during the next campaign,” Mueller said.
Across the Capitol, the Senate Intelligence Committee released a highly redacted report detailing Russian surveillance and probing of voting infrastructure in 21 states. While one state IT contractor at the time “attributed the attack to Russia and suggested that the activity was reminiscent of other attacks where attackers distract with lots of noise and then ‘sneak in the back,’” the report reiterated what’s largely known: that in 2016’s presidential election only one state’s voter registration data was exported, and no vote totals were altered.
Apart from describing the technical steps taken to infiltrate election office computer systems, little more was described than what was stated in an “October 11, 2018 DHS [Department of Homeland Security] Intelligence Assessment.” It said, “We judge that numerous actors are regularly targeting election infrastructure, likely for different purposes, including to cause disruptive effects, steal sensitive data and undermine confidence in the election.”
Thus, in both instances, Mueller’s testimony and the Senate report, what Russian intelligence agencies might be doing that’s new or different in 2020 was largely left unsaid. Nor, in Mueller’s case, was it explored by follow-up questioning, including noting that the country’ election officials have taken many steps since 2016, including working with DHS to harden systems.
That void is unfortunate, because the Mueller report goes into great detail about what occurred on two major fronts, cyber-security attacks on election system infrastructure and the political disinformation campaigns on social media. And since 2016, many election officials have taken unprecedented proactive steps to test and harden state voting infrastructure. At the same time, far less has been done to effectively counter online propaganda.
What Was Mueller Referring To?
“I don’t know what’s in Mueller’s mind, and nobody followed up on that,” said David Becker, executive director of the Center for Election Innovation and Research, which, among its many focuses, tracks cyber-security efforts. “My guess is he meant all forms of interference he referenced in the report: misinformation and also election infrastructure and targeting of campaigns.”
Mueller’s report delved in a half-dozen areas of campaign meddling—some areas that domestic political activists also plied, and at much larger scales. Those areas, listed in a summary from the Brennan Center for Justice at New York University Law School, were: disinformation and propaganda; weak security and infrastructure; voter suppression; other forms of assistance in campaigns (stealing documents by hacking); campaign official conflicts of interest (potential cashing in); and obstruction of justice.
Of these areas, two have the most direct impact on voters. The first, voting infrastructure, has seen unprecedented steps taken since 2016 to harden the voting systems against hacking and cyber-attacks. Election administrators from all states, representing 1,800 jurisdictions, have worked with DHS and the Center for Internet Security, to test and safeguard their computers. Fourteen voting system vendors also participate in this project, which is unprecedented. The CIS project is one of several national efforts to help officials secure voting machinery before 2020, the National Association of State Election Directors reiterated Thursday.
The second sphere of Russian election meddling concerns propaganda and disinformation, namely fabricating intentionally polarizing groups and stances on social media, and then using the biggest platforms’ targeted advertising to provoke and incite different domestic cohorts. (Needless to say, it may be shrill to overly worry about Russian efforts, when President Trump has provided a nonstop stream of incendiary content and encouraged right-wing media to work on behalf of him and his 2020 campaign.)
Curbing Hackers vs. Curbing Propaganda
Federal actions to counter foreign meddling as well as extremist and fake news have been constrained—not going much past DHS’s partnerships with state and local officials. Legislation has been stymied, such as H.R. 1, the Democratic-controlled House bill, which did not even get a hearing in the GOP-controlled Senate.
Meanwhile, the big social media platforms, led by Facebook’s requiring more disclosure from its political advertisers, have taken steps to lower the profile of incendiary content. Although right-wing media have criticized those steps as censorship, self-policing efforts—notably Facebook’s—have been criticized as ineffective, while contractors hired by Facebook, YouTube and Twitter have found the content vetting deeply traumatizing.
Thus, when it comes to specifying what Mueller was referring to when he said Russians “are doing it as we sit here,” the educated guesses lean to more activity in the propaganda sphere, as opposed to hacking infrastructure. That conclusion is based on a simple observation: that it’s easier for partisans to sow doubt among voters via accessible online media than it is to effectively breach computer voting infrastructure.
“That’s partially because election infrastructure is a hard target,” said Becker. “Voter confidence and attitudes are a very soft, hard-to-protect target.”
Consider one of the latest DHS public-education efforts, which, despite the White House’s missives mocking Russian meddling, is quite serious about election security. DHS just released a smart flyer underscoring that sowing misinformation is easier than hacking computers.
DHS’s flyer, “The War on Pineapple: Understanding Foreign Interference in Five Easy Steps,” can also be applied to domestic partisans. It shows how fake controversies can be created—in this case, “Does Pineapple Belong on Pizza?”—and then amplifying and distorting tactics can take “the [fake] conversation into the real world.”
Social media accounts can be created, renamed (“ProfPizzaUSA”) and used repeatedly to disseminate “bad information and [to] make our positions more extreme by picking fights,” DHS said. It gave examples of messages in a fake fight over pizza toppings. “Being anti-pineapple is un-American!” “Millennials are ruining pizza!” “Keep your pineapple off my pizza!” “What’s wrong with plain old cheese?” It concluded, “What started in cyberspace can turn very real, with Americans shouting down Americans.”
Some of the coverage following Mueller’s testimony said that some overseas adversaries, namely Iran, already have begun to deploy such divisive tactics. Cyber-security experts such as Alex Stamos, Facebook’s former chief security officer who is now with Stanford University’s Cyber Policy Center, and who helped produce an extensive report on 2016’s hacking and 2020’s threats, said that targets abound—starting in Democratic Party circles.
Obvious 2020 Targets for Disruption
“If I were the Russians, I’d be involved in the Democratic primary right now,” he said, at a forum discussing the Center’s report. “I’d be trying to build online bases of support for all of the candidates… Not pushing any pro-Russian propaganda; just pushing stuff on behalf of every single candidate, and then building a population of people who I can turn against whoever the eventual nominee is. And then I’d attack the certainty of the election.”
Of course, any domestic or foreign actor can ply these tactics. Still, there are reasons why 2020’s opening contests could be attractive targets. State Democratic Party organizations in the first and third states—Iowa and Nevada—are holding party-run caucuses that may offer a telephone- and email-based voting system for the first time. The national party has yet to grant its final approval, but will continue its review in Washington on July 30-31.
With two-dozen Democratic presidential candidates and only a handful who can emerge in the top tiers after the caucuses, there likely will be a lot of disappointed voters ripe for online badgering. Unlike the government-run voting systems that election officials have been hardening since 2016, Iowa’s and Nevada’s state parties have not yet finished building their “virtual caucus” systems to be used seven months from now.
As Sen. Ron Wyden, D-OR, said in minority comments at the end of the Senate Intelligence Committee report, “The defense of U.S. national security against a highly sophisticated foreign government cannot be left to state and county officials.”
Steven Rosenfeld is the editor and chief correspondent of Voting Booth, a project of the Independent Media Institute. He has reported for National Public Radio, Marketplace, and Christian Science Monitor Radio, as well as a wide range of progressive publications including Salon, AlterNet, the American Prospect, and many others.