Considered opinion: Election securityHow the U.S. has failed to protect the 2018 election--and four ways to protect 2020

By Alex Stamos

Published 24 August 2018

If the weak response of the Obama White House indicated to America’s adversaries that the U.S. government would not respond forcefully, then the subsequent actions of House Republicans and President Trump have signaled that our adversaries can expect powerful elected officials to help a hostile foreign power cover up attacks against their domestic opposition. The bizarre behavior of the chairman of the House Permanent Select Committee on Intelligence, Rep. Devin Nunes, has destroyed that body’s ability to come to any credible consensus, and the relative comity of the Senate Select Committee on Intelligence has not yet produced the detailed analysis and recommendations our country needs. Republican efforts to downplay Russia’s role constitute a dangerous gamble: It is highly unlikely that future election meddling will continue to have such an unbalanced and positive impact for the GOP.

With the flood of news this week, it would be easy to miss recent announcements from two of America’s largest and most influential technology companies that have implications for U.S. democracy. First, on Tuesday morning, Microsoft revealed that it had detected continued attempts at spear-phishing by APT 28/Fancy Bear, the hacking group tied to Russia’s Main Intelligence Directorate (known as the GRU). Later that day, Alex Stamos, former chief security officer of Facebook, notes, a friends and former colleagues of his, in a Facebook post, unveiled details on more than 600 accounts that were being used by Russian and Iranian groups to distort the information environment worldwide.

Alex Stamos writes in Lawfare that

The revelations are evidence that Russia has not been deterred and that Iran is following in its footsteps. This underlines a sobering reality: America’s adversaries believe that it is still both safe and effective to attack U.S. democracy using American technologies and the freedoms we cherish.

And why wouldn’t they believe that? In some ways, the United States has broadcast to the world that it doesn’t take these issues seriously and that any perpetrators of information warfare against the West will get, at most, a slap on the wrist. While this failure has left the U.S. unprepared to protect the 2018 elections, there is still a chance to defend American democracy in 2020.

From 2014 until very recently, I worked on security and safety at Yahoo and then at Facebook, both companies on the front line of Russia’s information and cyber-warfare campaign. From that vantage point, the facts are indisputable: There was a multiyear effort by a coalition of Russian agents to harm the likely presidency of Hillary Rodham Clinton and sow deep division in America’s political discourse. The uniformed officers of the GRU and the jeans-wearing millennial trolls of the private Internet Research Agency turned American technology, media and this country’s culture of discourse back against the United States. Stymied by a lack of shared understanding of what happened, the government’s sclerotic response has left the United States profoundly vulnerable to future attacks. As a security leader in my former role at Facebook, my personal responsibility for the failures of 2016 continues to weigh on me, and I hope that I can help elucidate and amplify some hard-learned lessons so that the same mistakes will not be made again and again.