Cybersecurity

Let's Say Russia Did Hack the Dems. What Would Be a Responsible Reaction?

A guide to stripping the political outrage out of a national defense and policy issue.

|

Putin
Michael Klimentyev/ZUMA Press/Newscom

From the perspective of a Gary Johnson voter who regularly feels disenfranchised from the American electoral process and probably would stop voting entirely were it not for third parties and ballot initiatives, here's what the responses to the latest allegations that the Russian government hacked and leaked information from the Democratic Party to the press looks like:

Democratic partisans: "Having embarrassing emails and data about our inner workings released to the public is the equivalent of Watergate and Pearl Harbor combined. Why aren't more people outraged?"

Republican partisans: "If the Russians actually were involved, this is proof how weak a President Barack Obama was on the international stage. If only he had started a few more wars and droned a few more weddings!"

Nick Gillespie blogged this morning about how we needed more transparency from our own government and more proof that the Russian government was actually involved before we were to simply accept anonymous sources with unknown agendas.

But, as a thought exercise, let's accept it as truth. Let's say that the Russian government, under direct orders from President Vladimir Putin, hacked and released this inside info with the intent of influencing our election. What is the "right" way to examine what happened? Perhaps those of us with no political dogs in this hunt can give some advice.

1. Separate the Cybersecurity Issues from Hillary Clinton and Her Supporters' Public Humiliation

It's utterly impossible to discuss what sort of policy measures or responses America should consider when a good chunk of partisans are still resisting the reality that Clinton lost the election.

To be clear, to the extent we're certain there was "meddling" with the election, the interference was all about providing private messages and information to the public that cast the Democratic Party establishment in a bad light. Thinking that this seriously altered with the election outcome suggests a lack of belief in the agency of the average voter. Or to put it a different way: If you have such a low opinion of the American voter, your problem is not with the Russians or hacking but with the concept of voting itself.

It may be comforting in some really twisted way to think that this is proof that America is under attack instead of considering the possibility that millions of Americans simply didn't like your candidate, but that's not a path to actually addressing the matter at hand. Before selling this hacking as a massive violation of American government, keep in mind not just how many Americans voted for Donald Trump but how many Americans were forced to replace their ATM or credit cards over the past 12 months due to breaches in their security.

Folks are going to have a hard time selling this hack is something particularly special or nasty to the vast swaths of Americans who didn't support Clinton. So don't do that. It creates a weird sense that "the beltway establishment" is completely unfamiliar with a cybersecurity reality faced by ordinary Americans every day.

2. Making it About Donald Trump Is Dumb and Ignores the Actual Problem

Again, if we accept the premise that Russia wanted Trump to win and directly engaged in the hacking, it doesn't necessarily mean that using it to put Trump on defensive is an appropriate or effective response.

While there is some possibility electors may surprise us all, it's best at this point to accept that Trump is going to become president and approach any potential solutions with that reality in mind. That said: We know that Trump is thin-skinned and defensive when he believes he is under attack. And the political response to this has, perhaps even deliberately, created an environment that rolls these incidents into the massive ball of outrage about Trump winning. So, of course, we're going to get defensive tweets from Trump about all of this. And just like in the previous section, it diminishes the voters who supported Trump in the first place (again, probably deliberately).

But making this a fight about politics threatens to push it all away from a debate about policy-based solutions or what exactly the government should genuinely do about Russia's behavior. Making it so that Trump feels that the coverage of the hacking is deliberately attacking him personally could have the side effect of making him stubbornly resist solutions. Though, that might not always be a bad thing given that some people seem to think the solution is that we need a new cold war (or to say we're in one regardless of whether we want it or not).

3. Let's Maybe Not Desire Another Cold War with Russia

Yes, the Russian government probably wants to influence other large governments to install leaders and policies that are beneficial to its aims. This makes them different from other countries—how exactly? That a chunk of people are treating Russia's participation in our presidential election as particularly shocking or a sudden, stark development invites a master class in "whataboutism."

It would not be a surprise if some people (particularly in other countries) saw this story as America getting what it's got coming, not as some remarkably shocking breach of election norms.

This doesn't mean that America in any way should simply shrug at other governments' involvement in our electoral process, particularly when it involves breaches of technological security. The point is, it's absurd to act as though Russia has pulled out a new game of international political intrigue where America is totally unfamiliar with the dice, the board, the cards, and the rules.

To the extent that this election is a challenge to the way the American government operates, the challenge is truly from within. Again, as with the previous two considerations, when responding to the problem of foreign interests fiddling in our elections is to not to pretend that millions of Americans were tricked somehow into voting for somebody they didn't want. Russia didn't cause this election outcome, regardless of what they leaked, and the idea that response is to go after them in kind puts in a state of cybersurveillance gamesmanship that fails to make Americans safer but certainly gives our national intelligence agencies more work to do.

4. The Best Defense Is … a Good Defense, Actually.

The absolute worst possible policy response to this hack would be for America to prioritize counterattacks and an absurd tit-for-tat "cyberwar" with Russia and other possibly hostile administrations' over the cybersecurity of its own institutions and citizen privacy.

Are we supposed to ignore how much hacking of government information is a direct result of poor security practices by our government agencies or, you know, secretaries of state? And yet, our allies in the United Kingdom looked at all of this and still put into place a law that would allow the government to secretly demand tech companies and telecoms to insert encryption back doors that would allow officials to bypass communications security.

If the United Kingdom does require a communication company or service or application to insert a secret back door, guess who else will try to figure out how to take advantage of it? The Russian government. Or the Chinese government. Or the North Korean government. Or United Arab Emirate. Or some ring of identity thieves.

This is what the average citizen should be taking away from this incident and should be worried about. The way Western governments approach the use of technology in espionage and terrorism actively makes security weaker for all of us. Recall that when Apple resisted the call to help weaken its security to help the FBI break into the phone of one of the San Bernardino terrorists, Trump's knee-jerk response was to call for a boycott the company.

Trump does not have much interest or knowledge in cybersecurity, and the real danger of his administration is the possibility of following in the United Kingdom's footsteps, a government that prioritizes secret access over defense. And if that happens, then America could indeed face cybersecurity breaches that cause harms to our infrastructure (both political and actual) that are much greater than having embarrassing info released.