I’ve been following the Russian American election hacking story between speaking gigs, physical meetings, international travel, winter storms, and holiday planning. Finally I have a few minutes to write about this here.*
Overall, I’d like to caution people at this moment. There’s a lot of hysteria surging through politicians, mainstream media, social media, and multiple government agencies. I recommend taking a deep breath and stepping back from the panic for a few minutes.
To begin with, amidst the sober statements of experts, there is an awful lot of incompetence in these accounts, starting with the Democratic party’s National Committee. For example, the story about the DNC IT guy mistyping “legitimate” instead of “illegitimate” and thereby enabling the hack (here) is painful and darkly funny, especially for anyone who works in or around IT. Also comic is the way the DNC people didn’t believe the real FBI was calling them. Guccifer 2.0‘s follow-up flubs are entertaining (and is this the first international incident where Google Translate played a role?). This hack seems to really depend on, and succeed despite, some basic human weaknesses, that ancient zone of security flaws.
More importantly, there is also a great deal of mysterious behavior by US agencies and actors. I still can’t tell if the FBI’s responses, which some have characterized as too slow or ineffective, were lame or overcautious or stymied by other forces . Perhaps they just doing things according to correct procedure. Surely there is a great deal of backstory here which we can’t see clearly, due to the FBI’s established secrecy and the problem’s complexity. Yet the FBI’s head is on the defensive.
Meanwhile, President Obama is playing this very cool. His Friday press conference (transcript) urged calm and projected quiet, folksy strength (“I felt that the most effective way … was to talk to [Putin] directly and tell him to cut it out”). I don’t know if this soothing strategy is because US cyberwar capacity is hard to use in this situation, because he doesn’t want to start an escalating conflict with Russia as he leaves the office (to Trump), or as a tactical ploy, as he has actually launched a gigantic covert response and is covering it up with chill.
In fact, much of the story is mysterious at a basic level, which isn’t surprising, given that it’s an ongoing saga about, of all human enterprises, espionage and counterintelligence. These are fundamentally about secrecy and misdirection. Unsurprisingly, it’s hard to follow what’s actually happened, especially in real time, as multiple press accounts appear and contradict each other. For most people it is all too easy to grab onto a congenial narrative fragment and hold on for dear life. Remember that James Angelton used to describe thinking through spy stuff as being trapped in “a wilderness of mirrors,” quoting TS Elliot (“Gerontion”):
These with a thousand small deliberations
Protract the profit of their chilled delirium,
Excite the membrane, when the sense has cooled,
With pungent sauces, multiply variety
In a wilderness of mirrors.
Remember, too, that Angelton knew a lot more than the rest of us, being head of US counterintelligence for may years. If someone in a position of power and information access found it difficult to track the reality of espionage stories in real time, perhaps the rest of us should have more than a few grains of salt at the ready.
So far, many of us do not. I’m both amused and saddened that many people recently worried about fake news are now deciding an awful lot based on a handful of anonymous CIA leaks. Setting aside that agency’s near-century of epic secrecy and misinformation, CIA hasn’t exactly covered itself in glory recently, with its assessment of Iraqi WMD or Saddam Hussein’s war-making capacity. Are we really that eager to trust them without a shred of skepticism? Similarly, so many people worried about the NSA are now taking admiral Clapper‘s statements uncritically. Further, how many people are relying for information and news on the social media they criticized a few weeks ago? We have lost our recently-won sense of critical distance. *This* is the time for information and digital literacy, friends!
For example, by the phrase “hacking the election”, are we only referring to the emails phished and sent to Wikileaks? Is that the entirety of the hack? If so, that’s a pretty low bar for “hacking an election.” Instead, note how Wikipedia describes the entire hack:
On October 7, the DNI and DHS stated the intelligence community was confident Russia had directed Democratic National Committee (DNC) cyber-attacks and the release of its private documents…
Is that all? If so, the hack story is really about the DNC, and a handful of people therein, not the election as a whole.
As Fred Kaplan describes it – and know that he’s furious about the hacks:
there would have been no ruckus if the Russians had simply hacked emails from the DNC and the Clinton campaign; that’s what intelligence agencies do, if they can: collect intelligence on what the presidential candidates and their close aides are saying and doing, what kinds of policies they might pursue.
“There would have been no ruckus.” That’s a strong statement, but Kaplan continues:
What’s different this time around is that the Russians leaked cherry-picked excerpts of these stolen files to WikiLeaks, which passed them on to the scoop-happy mass media. In short, the Russians didn’t merely engage in “passive intelligence collection”; they weaponized what they collected. They didn’t merely hack files to learn about U.S. politics; they then strategically planted damaging bits from those files in order to shape U.S. politics.
That’s the main charge. The “hack” consists of phishing, then sharing for web publication. The hack is also not disinformation, for those readers who like their spying stories, but the spreading of actual, unaltered documents.
President Obama and other officials have stated repeatedly that election mechanisms (voting machines, the vote counting process) were not compromised. Kaplan again: “There is no evidence—nor is anyone claiming there’s evidence—that the Russians tampered with voting machines or registration rolls.” It’s not the whole election nor America itself nor the reputation of democracy that Russian hackers hit, but instead one small organization that’s part of one of our two major political parties. (Yes, the parallel Republican entity was hit, but Moscow did nothing with the results (so far), and nobody seems excited about this part.) Moreover, the “hack” was a pretty simple spear phishing exercise through email, which was enabled by an IT staffer’s, er, misstyping. We’re not talking about elite haxors cracking killer passwords or finding sophisticated back doors into subtly organized databases.
It behooves us, then, to not overstate things. We can think more clearly and react more judiciously if we focus less on hype and panic and more on what we can actually learn. For example, when the New York Times dubs this hacking expedition as a “perfect weapon“, that’s clearly a bit much. Remember that panics over national security are historically fine opportunities to commit a variety of mistakes and abrogations of civil liberties. As the admittedly skeptical Intercept advises,
If we’re going to blame the Russian government for disrupting our presidential election — easily construed as an act of war — we need to be damn sure of every single shred of evidence. Guesswork and assumption could be disastrous…
The question, then, is this: Do we want to make major foreign policy decisions with a belligerent nuclear power based on suggestions alone, no matter how strong?
Did the DNC email hack tip the election from Clinton to Trump? It seems unlikely. The Wikileaks coverage occurred in September and October, when Clinton was flying high in the polls. Clinton really dropped in the week before the election, when Wikileaks was not on the agenda, compared to numerous other topics and themes.
If we want to see Putin tipping the election to Trump, we also have to assume that the Wikileaks emails, risotto recipes and all, seriously influenced voters across the country. There’s little evidence of this in exit polls and, indeed, during the lead-up to the vote. AS Jack Shafer points out,
the recent campaign, in which Trump spent about a third of what Clinton did on TV ads yet prevailed, proves that the masses are not susceptible to all the advertisements that money can buy. The volume of Clinton ads clearly dwarfs the combined output of Russian propaganda and disinformation but still did not change enough minds to win the prize.
There was very little in the Podesta emails to shake voters. Most of the juicy stories confirmed previous concerns, from the fabled secret banker speeches (pretty dull stuff, at least in transcript form) to some in the DNC being anti-Bernie Sanders. Meanwhile, the list of reasons that drove Trump voters to the polls, and those that kept voters from pulling the Clinton lever, are extensive: economic stress, racism, anti-PC-ness, various gender politics, fear of ISIS, etc.
If I’m right, and many are overstating the power of this DNC hack, we can ask cui bono? Who is served by this jittery mixture of hyperbole and panic?
To begin with, I nominate Democrats who don’t want to examine their truly catastrophic election. They might well prefer to focus on Moscow instead of Brooklyn. That’s human nature, and also safe politics for those implicated by impending criticism. Talking about Putin instead of the failure to reach out to the Rust Belt is a practical move.
Additionally, how many warhawks are gladdened by heightened tensions? Think of defense contractors, cybersecurity agencies, older people with minds shaped by the Cold War and still seeing red, not to mention various people throughout the Department of Defense who want us to focus military attentions on Russia. (Here’s a small instance.) Ginning up Russophobia is, as we know from the 20th century, a reliable way to get Americans behind a massive military drive, with its concomitant civil liberties restrictions. Are we really willing to support these beneficiaries through our panic?
Instead let’s step back for a minute and actually use our digital literacy tools of skepticism. Let’s recall the methods librarians have developed, and not race warlike into that wilderness of mirror.
Caveat1: yes, there could well turn out to be more fire than smoke. We may learn of a more substantial hacking threat over time, as better information sifts out (and we do some of the sifting).
Caveat2: in case anyone was wondering, I don’t support the Trump campaign. No am I a Russian agent.
(thanks to my multiple Facebook friends for taking the time to think through this with me; phishing photo by Renate Meijer)
*I was actually thinking of doing this as a tweet storm. I might try that out.