Democracy and Cybersecurity
- July 14, 2018
- Clayton Rice, Q.C.
On June 5, 2018, Professor Jack Goldsmith of Harvard Law School and Stuart Russell, a visiting fellow at the Belfer Center at Harvard University, published a Hoover Institution essay titled Strengths Become Vulnerabilities: How A Digital World Disadvantages The United States In Its International Relations. Their central claim is that the United States is disadvantaged in the face of soft cyber operations due to constitutive features of American society including “the nation’s commitment to free speech, privacy, and the rule of law; its innovative technology firms; its relatively unregulated markets; and its deep digital sophistication”.
Goldsmith and Russell argue that these strengths of American society “create asymmetric weaknesses that foreign adversaries, especially authoritarian ones, can exploit”. They do not assert that the disadvantages of digitalization outweigh the advantages. But they are pessimistic. And, it appears to me, much of the discussion of “asymmetric weaknesses” is applicable to democratic societies generally – societies that are committed to free speech, privacy and the rule of law.
In a report titled Cyber Threats To Canada’s Democratic Processes (2017) prepared by Communications Security Establishment (CSE), one of Canada’s two domestic intelligence agencies, it was concluded, at p 4, that Canada’s democratic process was targeted by “low-sophistication cyber threat activity” during the 2015 federal election. Whether that remains the case depends on “how state adversaries perceive Canada’s foreign and domestic policies, and on the spectrum of policies espoused by Canadian federal candidates in 2019”.
Many economic, intelligence, military and cultural assets embedded in digital form on computers and computer networks are potential targets for adversaries. Goldsmith and Russell list the following reasons why computer networks form “large attack surfaces” that are hard to defend:
- The networks inside the United States are largely in private-sector hands or at least are connected mainly through private-sector communication channels.
- Computers and computer networks (software and hardware) invariably contain vulnerabilities that can be exploited to gain entry.
- The number of threatening offensive actors has exploded due to the fact that any computer connected to the Internet is potentially accessible to anyone on the Internet.
- Cyber-weapons are inexpensive to develop and employ and thus are widely available.
- The Internet practically eliminates distance as a barrier, which means that offensive actors can hit the United States from practically anywhere.
- The Internet’s architecture makes anonymity and spoofing (fake emails or web pages disguised to appear genuine) easy, which further facilitates unauthorized entry.
- Digitalization enhances the impact of insider threats.
- Compared to nondigital systems, digital systems permit enormous scaling by adversary actors of exploitation, copying, circulation, and attack.
The conventional wisdom that the Internet would be a force to open up totalitarian states is being “flipped on its head” because authoritarian societies, like Russia, do not face the same threat from digital adversaries as do open societies. Goldsmith and Russell say this, at pp 9-10:
“Russia constricts and regulates the sources of news information and does not depend on a genuine democratic election process that can be disrupted by manipulating public information. The United States, by contrast, has democratic elections, extravagant freedom of speech, and a notoriously free and unregulated news media. It is much easier for an adversary to achieve effects through social media, to engage in successful doxing operations, to promulgate fake news, or to engage in online propaganda when there are multiple news and information outlets that are not under the control of the government. Digital networks in an open society not only make it easier to spread false or disruptive information; they also make it harder to counter the false or disruptive information with truthful, coherent information.”
Doxing is the practice of publishing true and damaging information, often stolen, about an individual or organization usually contained in records that were previously private or difficult to obtain. A central feature of the Russian operation during the US election campaign in 2016 was the phishing attacks that stole information from the Democratic National Committee (DNC) and released it to the public. The authors continue, at pp 10-1:
“An equally important part of this operation was releasing the stolen information in daily increments that ensured continuous, extended, and amplified coverage through the US media. Just as the 9/11 attacks used airplanes, a valued commercial instrument, as a weapon, Russia weaponized the US media. The US media, in turn, churned the information released by Russia to Hillary Clinton’s detriment in ways that the US government could not even think about trying to control. And once it became clear that the operation was sponsored by Russia, the politically fragmented US media churned that information, too, in ways that the government could not control. The ongoing investigation of the Russian operation has proved to be politically divisive, has called into question the legitimacy of US electoral integrity, and has further fragmented American society – once again, in ways the government could not attempt to manage.”
On July 13, 2018, Robert S. Muller III, Special Counsel, US Department of Justice, issued an indictment of twelve Russian intelligence officers in the hacking of the DNC and the Clinton presidential campaign. In an article titled 12 Russian Agents Indicted in Mueller Investigation published by The New York Times on the same day, Mark Mazzetti and Katie Benner described the 29 page indictment as “the most detailed accusation by the American government to date of the Russian government’s interference in the 2016 election, and it includes a litany of brazen Russian subterfuge operations meant to foment chaos in the months before Election Day”. The article contains a link to the eleven count indictment. Count 1 begins:
- In or around 2016, the Russian Federation (“Russia”) operated a military intelligence agency called the Main Intelligence Directorate of the General Staff (“GRU”). The GRU had multiple units, including Units 26165 and 74455, engaged in cyber operations that involved the staged releases of documents stolen through computer intrusions. These units conducted large-scale cyber operations to interfere with the 2016 U.S. presidential election.
Count 1 goes on to allege that during March through November 2016 conspirators hacked the email accounts of volunteers and employees of the Clinton campaign, hacked into the computer networks of the Democratic Congressional Campaign Committee (DCCC) and the DNC implanting malware and stealing emails, and staged the release of tens of thousands of the stolen emails and documents using fictitious online persona including “DCLeaks” and “Guccifer 2.0”. Count 1 further alleges that, under false identities, the conspirators used a network of worldwide computers and paid for the infrastructure using crypto currency.
The specific statutory allegations include conspiracy to violate the Computer Fraud and Abuse Act, 18 USC s 1030 by: (a) knowingly accessing a computer without authorization; (b) intentionally causing damage without authorization to a protected computer; (c) falsely registering a domain name and using that domain name in the course of committing an offence; and, (d) knowingly using a means of identification of another person during and in relation to a felony violation (aggravated identity theft). Other counts allege conspiracies to launder crypto currency (principally bitcoin) and to hack protected computers to steal voter data.
In an article titled Russia Indictment 2.0: What to Make of Mueller’s Hacking Indictment published by Lawfare on June 13, 2018, a team of contributors concluded that the indictment “shows a significant and successful U.S. counterintelligence operation that gives insight into the breadth and scope of U.S. attribution capabilities” and “represents a tightening of the ring in the story of criminal prosecution for the 2016 election hacking”. The indictment alleges that the hacking conspiracy was ongoing at the time individuals in the Trump campaign were in contact with Russian conspirators raising the prospect of more straightforward aiding and abetting liability. As the contributors concluded – stay tuned.
One more thing. This is the investigation over which the President of the United States fired FBI Director James Comey.