With the approach of the United States’ 2018 midterm elections, concerns have been expressed by many regarding the security and integrity of the voting process. Given the news how suspected Russian agents actively sought to use hacking and influence operations to sway voters in a particular direction during the presidential election, the concern is legitimate, even if there was no evidence that votes were actually altered in 2016. The preservation of the democratic voting process has been thrust into symbolic “red line” territory that needs and should be protected against foreign interference. Indeed, the Department of Homeland Security re-enforced this by elevating election infrastructure to the status of “critical infrastructure” in early 2017.
Clearly, hacking and gaining unauthorized access to those systems and devices associated with the election process is something that deserves immediate attention. After all, many countries would ostensibly agree that breaking into computers is a criminal offense, regardless if data is taken, destroyed, or altered. In the 2016 U.S. presidential election, there were clear incidents where suspected Russian hackers stole data, and even compromised voter-related records, resulting an indictment of Russian nationals on a wide variety of charges ranging from conspiracy to commit fraud, money laundering, and identity theft, to name a few.
However, while it makes perfect sense that there should be no factor prohibiting, manipulating, or changing votes, trying to stop outside influences from disseminating information – whether it be false or not – is a bit more challenging, especially for those governments that support such liberties of freedom of speech and freedom of the press. Such rights do not come with the asterisk of having to be true or objective. After all, the dissemination of information is a hallmark of a democratic society whether an audience agrees with the subject matter or not. Whether the audience elects to believe such information or be influenced by it is entirely a free choice. Perhaps this is why there is evidence that Internet “trolls” have already been observed replicating the behavior that garnered so much attention after the 2016 presidential election. As of late July 2018, Facebook said it has uncovered a coordinated disinformation operation ahead of the 2018 midterm elections. Twitter has followed suit removing accounts the company identified as related to Iranian propaganda.
The government has gotten involved trying to be proactive in curbing this online element. In July 2018, the Department of Justice published a report in which it detailed its efforts to improve security for U.S. elections, highlighting how foreign agents used influence operations via social media platforms. Then in August, the Federal Bureau of Investigation announced its “Protected Voices” initiative to mitigate influence operations targeting future elections. Part of this effort is to raise awareness among political campaigns about the best ways to defend against attempts by all categories of hostile actors to infiltrate their information technology infrastructure.
Of course, the question that lingers is the one that will be answered after the fact – will this be enough? Suffice to say, aside from the online trolling activity, the volume is greatly reduced as compared to 2016. This is due to the fact that it is only a mid-term election of Congressional members and not the Executive Office. Cyber malfeasance will likely keep to the trolling activities of propaganda/disinformation/misinformation, web-page defacements by hacktivist actors, and distributed denial-o-service attacks against political and election-related sites.
Establishing cyber security strategies and the implementation of security measures into election equipment is something that remains to be done. Outdated equipment, decentralized operations, and lack of a coherent process and framework to safeguard the election process are areas that need to be addressed in the near term. But focusing on “fake” or “misleading” news seems more like going after low-hanging fruit than putting a dent into the real problem governing election security. Like jihadi sympathizers, trolls can create new accounts as quickly as old ones are targeted and dismantled. Such games of “whack-a-mole” tend to favor the moles rather than the ones trying to take them out, despite gaudy data statistics.
The real test of whether the U.S. actually applied “lessons learned” will come in two years with the next presidential election, particularly if the political climate between the candidates is as contentious as it was in 2016, and the potential international implications are as equally disconcerting. Any successful repeat of the activities that were outlined by the Intelligence Community would be an abject failure and demonstrate negligence for not mitigating known threats. For two years the problems have been identified and discussed; let’s hope it doesn’t take another two years to start actually coming up with solutions.
This is a guest post by Emilio Iasiello