Russia’s Unconventional Election IT Strategy

It turns out my post on the digital campaign tools of the two major presidential candidates was a bit incomplete because it didn’t address outsourcing to foreign powers. The tech world is abuzz over the emails pilfered from the Democratic National Committee, probably by Russia, and shared with the world by Wikileaks with impeccable timing: just as the Democratic Convention was starting.

Did Russia Do It?

We don’t know for a fact that Putin is responsible for the hack, but the signs point in that direction. Trump has extensive ties to Putin’s Russia, from his campaign manager to this military advisor, energy advisor, and his recent investors.  So you don’t have to be a conspiracy peddler to see that Putin is at least pulling for Trump. But that doesn’t mean Putin hacked the DNC.

Wikileaks’ Julian Assange says there are more emails to come and Trump himself is inviting the Russians to dig deeper:

“Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing,” Trump said during a news conference at one of his South Florida resorts. He added later, “They probably have them. I’d like to have them released.”

Asked whether Russian espionage into the former secretary of state’s correspondence would concern him, Trump said, “No, it gives me no pause. If they have them, they have them.”

The emails cited by Trump are from Clinton’s time at the State Department, where her use of a private server prompted a federal investigation. The FBI concluded that no prosecution was necessary.

Is There More to Come?

I don’t know whether that’s actually treasonous, but it’s certainly an unprecedented ask that’s raising a lot of eyebrows. [UPDATE: Trump says he was only kidding.] It’s always alarming when politicians encourage others to do things of questionable legality. And I’m not talking about President Obama’s video urging the FCC to reclassify Internet Service under Title II since that may very well have been lawful. This is a whole different thing.

Security analyst Bruce Schneier speculates that voting machines may be one of Putin’s targets:

Even more important, we need to secure our election systems before autumn. If Putin’s government has already used a cyberattack to attempt to help Trump win, there’s no reason to believe he won’t do it again — especially now that Trump is inviting the “help.”

Here’s where influential young entrepreneurs go to escape the noise, and how they draw strength from quiet moments.

Over the years, more and more states have moved to electronic voting machines and have flirted with Internet voting. These systems are insecure and vulnerable to attack.

I think Schneier to be little hyperbolic here. Voting machines per se aren’t connected to the Internet, so regardless of how flaky they may be internally, it’s going to be difficult for a hacker in Russia to get into the voting machine at your local precinct because there’s no way in except through a virus in the machine’s code; they would have to use something like a USB stick to corrupt a voting machine. But the votes recorded by these machines are read by an IT system at the county level, which forwards results to a state level system, which reports national results. Each of the systems as at these three levels is hackable, but probably not in way that spreads across the nation.

What’s Russia’s Next Move?

So the most likely voting attack would be one that creates chaos by invalidating the initial count in such a way that manual procedures would be required to construct the real figures. The realistic scenario is a tally on election night that declares one candidate the winner, let’s say Trump for the sake of argument. If this count is flawed, audits will most likely disclose it and then a more hands-on tally would be undertaken. The manual tally would take a long time to to complete – think 2000 Florida recount in several states. If the second tally doesn’t agree with the first, the conspiracy nuts would have a field day, there would be massive litigation, and the ultimate winner would be considered illegitimate by many because “the system was rigged.”

The foreign enemies of the US would gain more from a chaos scenario than from electing their preferred candidate, whoever that may be. So we should expect some scrambling over the next three months to do what we can to protect voting and vote counting from hacks.

This could all be a distraction since we don’t really know for certain that Russia hacked the DNC. It could be that one or members of the DNC was using an insecure email system that makes it easy for people to break into an email account by requesting a password change; in fact at least one personal account on Yahoo! was hacked:

Just weeks after she started preparing opposition research files on Donald Trump’s campaign chairman Paul Manafort last spring, Democratic National Committee consultant Alexandra Chalupa got an alarming message when she logged into her personal Yahoo email account.

“Important action required,” read a pop-up box from a Yahoo security team that is informally known as “the Paranoids.” “We strongly suspect that your account has been the target of state-sponsored actors.”

Chalupa — who had been drafting memos and writing emails about Manafort’s connection to pro-Russian political leaders in Ukraine — quickly alerted top DNC officials. “Since I started digging into Manafort, these messages have been a daily oc­­­­currence on my Yahoo account despite changing my p­­a­ssword often,” she wrote in a May 3 email to Luis Miranda, the DNC’s communications director, which included an attached screengrab of the image of the Yahoo security warning.

“I was freaked out,” Chalupa, who serves as director of “ethnic engagement” for the DNC, told Yahoo News in an interview, noting that she had been in close touch with sources in Kiev, Ukraine, including a number of investigative journalists, who had been providing her with information about Manafort’s political and business dealings in that country and Russia.

Trump and Russia Too Close for Comfort

So it’s easy to see the basis for the supposition that Russia was involved, as well as the belief that Trump and Putin are too close for comfort. Manafort acted as a campaign consultant for Viktor Yanukovych, the former Ukrainian president (regarded as a Putin puppet) who was forced from office by the Euromaidan protests that began in 2013. Yanukovych doesn’t even speak Ukrainian, so his election was not exactly “business as usual.” [Disclosure: The U. S. State Department sent me to Ukraine two months before the protests started to give speeches under the “U. S. Speaker Program“, a wonderful experience in which I connected the dots between culture, technology, and democracy.)

So the election drama is building and information technology is at the heart of it all. It’s wise not to overreact to Schneier’s prophecies of doom – that’s what he does for a living – but it’s wise to check and double-check the integrity of our vote counting systems. Regardless of which candidate each of us supports, we should all support the idea that the will of the electorate should determine who occupies the Oval Office for the next four years.