A Brief Guide to Russian Hacking of the U.S. Election
What do we know about foreign hacking into the U.S. election?
Quite a lot, actually, even if we don’t have a parking pass at CIA headquarters. But there is also a lot of confusion. Call it the “fog of cyberwar.”
The fog comes from several sources:
- Only snippets of information have been disclosed.
- No public investigations have been held, though some certainly will be.
- The CIA and FBI seem to have reached different conclusions, and the director of national intelligence has not adjudicated them.
- Donald Trump has rejected the idea that Russia was trying to help him get elected. And
- Democrats, seeking to blame anyone but themselves for their losses, have stressed Russia’s role. Some dead-enders have even said Russian interference invalidates the election results.
It’s time to clarify what we know so we can figure out what to do next.
What Do We Know About Cyber Hacking of the 2016 Election?
First, according to U.S. intelligence agencies, Russia engaged in a widespread cyber campaign directed at the election. The agencies have not publicly disclosed the details, fearing exposure of their “sources and methods,” the crown jewels of all counter-intelligence operations.
Second, the heart of Russia's campaign was collecting secret information, such as private communication among political operatives, and then disclosing that material selectively. They may also have tried to hack election databases in several states. It is unclear if they actually sought to manipulate votes, but, if they did, they had little success. There is zero evidence they changed any vote counts.
The impact of cyber espionage on the 2016 election came through information, not direct manipulation of the results. The information, dribbled out through WikiLeaks, was apparently accurate. The targets never contested any major disclosures as false or fraudulent, though that is certainly a danger in future elections. So far, U.S. spy agencies have not established that the WikiLeaks material came from Russia—or, if they have, they have not shared that nugget.
Third, the disclosures all hurt Hillary Clinton, not Donald Trump. That favoritism does not seem accidental, although it may have been aided by weaker cybersecurity on Clinton's side. The clear implication is that the hackers favored one candidate, or at least opposed the other. The likely reason is Hillary’s tough line on Russia after the failure of the “reset,” plus memories of Bill Clinton’s expansion of NATO into Eastern Europe in the 1990s.
Fourth, although the U.S. intelligence community has determined Russia did the hacking and that it was aimed at Clinton, invesitgators have not reached a consensus on the Kremlin's ultimate motivation. At the very least, Vladimir Putin and his agents were trying to sow doubts about the integrity of the American election process. At the most, they were trying to pick the winner.
They did succeed in sowing doubts. The unending stream of leaks added to Hillary’s woes and impeded her flailing efforts to put out a persuasive message. On the other hand, no one doubts that the votes were counted fairly and Trump won. Few, beyond conspiracy theorists, think outside interference was decisive in that victory.
What Should the U.S. Do Next?
Even if foreign cyber operations did not flip the outcome, they are unacceptable interference in American elections. What should we do next?
To begin with, we should recognize this attack for what it is: an assault on our shared constitutional foundations, which require fair elections, free from foreign interference. That is not a partisan issue, and it should not become one. That means we need a thorough inquiry into exactly what happened and who did it. And we need that done in ways that transcend partisan divisions.
The stakes involve not only the 2016 election, but future ones, not only the U.S. election but those in other democracies. Since Russia, China, Iran, and other nations have stakes in those, they will be tempted to interfere. The tighter the election, the greater the chances cyberattacks could change the outcome -- and throw that country into disarray. One way of raising the costs of such attacks, aside from better cybersecurity and tougher countermeasures, is to make sure any interference is discovered, disclosed, and punished.
A serious investigation should not be an excuse for denying the outcome of the 2016 election or for saying it was rigged by a foreign power. The election is over, and Hillary’s loss cannot be attributed to Russian interference.
If the investigation is to be serious and non-partisan, if it is to develop recommendations for future elections, then it cannot be left to Congress. Lawmakers will surely hold hearings, but, if previous hearings are any guide, they will be shallow, backward-looking, and filled with partisan grandstanding. They produce sound bites, not sound conclusions. In any case, the new Congress has a full agenda dealing with health care, tax reform, regulatory changes, executive appointments, a Supreme Court nominee, and more.
The best solution is a bipartisan commission. The model is the 9/11 commission, with a lower profile. It should have subpoena power and cooperate closely with intelligence agencies in the U.S. and abroad. Its mission should be more than pinning the tail on the Russian bear. It should be highlighting areas of vulnerability at the heart of our democracy: the right to free, fair elections.