Election hacking, as we understand it today, is not a cybersecurity issue
He writes:
But it’s not at all obvious to me that the success of Russian meddling in the 2016 election was primarily the result of failures in the nation’s cybersecurity posture. Although cybersecurity issues were implicated in the election, they did not play a central role, and formulating the problem as mostly one of “improving cybersecurity” against Russian hacking of our computer and communications systems is highly misleading. It may even be dangerous, if it diverts our attention from more critical issues.
….
As far as is known on the public record, the only Russian activities of any consequence were the email hacking of the Democratic National Committee (DNC) and John Podesta. That is, Russian hacking did compromise these email accounts and thus falls within the ambit of the NSPD-54 definition of cybersecurity. (Cyberattacks on the election-related systems of 21 states and at least one voting-systems vendor were less consequential; public reporting to date has not shown that these attacks had any actual effects on the integrity of the voting process.)
It is true that during the election, a great deal of public attention focused on the DNC and Podesta emails. But even if these emails had never been compromised (and even if the inconsequential Russian attack on election-related states had never occurred), other Russian efforts to affect political discourse during the election would have been unaffected; these largely successful efforts are by now well documented. For example, Facebook has acknowledged that approximately 126 million people may have been seen content from a source associated with the Russian Internet Research Agency, a known troll farm. Twitter retrospectively identified 36,746 automated accounts tweeting election-related content as Russian-linked. These accounts generated 1.4 million election-related tweets, many of which received additional exposure through liking and retweeting. Google identified about 1,100 videos with 43 hours’ worth of content on YouTube tied to the Russian campaign, of which a few dozen had in excess of 5,000 views each.
The U.S. intelligence community’s assessment of Russian interference in the election reflects both elements: The report stated that “Moscow’s influence campaign followed a Russian messaging strategy that blends covert intelligence operations—such as cyber activity—with overt efforts by Russian Government agencies, state-funded media, third-party intermediaries, and paid social media users or ‘trolls’.” That is, the Russian campaign involved both cyber activity and other overt efforts.
It further noted that “when it appeared to Moscow that Secretary Clinton was likely to win the election [that is, at the beginning of the U.S. election campaign], the Russian influence campaign began to focus more on undermining her future presidency.” At that stage, the goals of the Russian campaign were to “undermine public faith in the U.S. democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency.” Indeed, had Hillary Clinton won the election, it is hard to believe that the nature of American politics in this alternative universe would be significantly different than it is today in reality.
Lin concludes:
Based on what is known today, improving the cybersecurity posture of the U.S. election infrastructure is certainly a useful measure to take, and the Secure Elections Act is an important step in that direction. But make no mistake—even an enacted, fully funded and well-implemented Secure Elections Act will not ameliorate the effects of Russian efforts to increase the polarization of the U.S. electorate.
For this reason, a focus on preventing the hacking of election systems is misleading and dangerous—it distracts us from the real danger to the republic today, which is the toxic nature of political discourse in an internet-enabled information environment that Russia can manipulate in entirely legal ways. Dealing with this danger will force us as a nation to ask whether the information environment should still be characterized as an information marketplace in which the antidote to bad speech is more speech and good ideas rise to the top. If nothing else, the political events of the past year or two have called that premise into question.
Read the article: Herb Lin, “Election hacking, as we understand it today, is not a cybersecurity issue,” Lawfare (5 January 2018)
