Press coverage of Russian intelligence attempts to hack into U.S. voting systems during the 2016 election played an important role in alerting state elections officials to the threat because government warnings were inadequate, according to a bipartisan Senate Intelligence Committee report released this week.
The most detailed such news story, based on a classified National Security Agency document, appeared in The Intercept last June. A former NSA contractor, Reality Winner, has been charged under the Espionage Act for allegedly leaking a top-secret document describing the Russian attempt to penetrate voting software. The Intercept received the document featured in its June 5, 2017 Russian hacking story anonymously. (This reporter is the director of the Press Freedom Defense Fund, a division of The Intercept’s nonprofit parent company, First Look Media Works, which has contributed funds to Winner’s defense.)
In implicitly conceding the impact of The Intercept’s story, as well as other coverage, the new Senate report detailing the committee’s investigation of Russian election meddling makes the case that the leak helped state officials around the nation begin to address the threat of Russian hacking into American voting systems. It is a remarkable and paradoxical assertion from a government that has used the full force of the law to pursue Winner for allegedly sharing the document with a news organization. The committee’s conclusions offer strong support for the argument that disclosing the document was in the public interest.
The Senate report states that Russian attempts to target U.S. voting infrastructure began “at least as early as 2014” and continued through the 2016 election. The Intercept story and others published earlier may have provided a wake-up call to state and federal officials about their vulnerability to the Russian cyber campaign. The Senate report says that “many state election officials reported hearing for the first time about the Russian attempts to scan and penetrate state systems from the press or from the public Committee hearing on June 21, 2017.” The Intercept story ran less than three weeks before that hearing.
The report notes that the Department of Homeland Security and the FBI issued alerts that were “limited in substance and distribution” in the summer and fall of 2016. “States understood there was a cyber threat but did not appreciate the scope, seriousness or implication of the particular threat they were facing,” according to the report. “The Committee found that DHS’s initial response was inadequate to counter the threat,” the report says. The DHS’s notifications in the summer of 2016, coupled with a public statement by the DHS and the Office of the Director of National Intelligence in October 2016, “were not sufficient warning.”
Although the DHS provided warning to IT staff in the fall of 2016, notifications to state election officials were delayed by nearly a year. It wasn’t until September 2017 – “and only under significant pressure from this Committee and others”— that the DHS told chief election officials in targeted states about “the scanning activity and other attacks and the actor behind them,” according to the report.
Prodded by the Senate committee and greater public awareness of the threat, the DHS is now working more effectively with state election officials, the report says.
A so-called Election Infrastructure Information Sharing and Analysis Center has been established to share information with state and local election officials. The DHS has also hosted a classified briefing for state chief election officials and is working to provide security clearances for those officials.
Among the recommendations of the Senate committee’s report is a call for the intelligence community to improve information-sharing on threats and to “put a high priority on attributing cyberattacks both quickly and accurately.” It adds that the DHS “must create clear channels of communication between the federal government and appropriate officials at the state and local levels.”
It also sees a role for the media in disseminating information about such threats. “Election experts, security officials, cybersecurity experts, and the media should develop a common set of precise and well-defined election security terms to improve communication,” the report notes.
Although other news outlets reported on threats of Russian intrusion into the U.S. elections system, The Intercept’s June 2017 story was distinctive in that it relied on government information not authorized for public release. The New York Times referred to The Intercept’s reporting in its own coverage of the Senate report, noting that a “National Security Agency analysis leaked last June concluded that Russian military intelligence launched a cyberattack on at least one maker of electronic voting equipment during the 2016 campaign, and sent so-called spear-phishing emails days before the general election to 122 local government officials, apparently customers of the manufacturer. The emails concealed a computer script that, when clicked on, ‘very likely’ downloaded a program from an external server that gave the intruders prolonged access to election computers or allowed them to search for valuable data.”
The government appears to recognize that The Intercept’s story played a critical role in warning American elections officials about the threat, yet the Senate report comes at a time when the Trump administration has continued to take a draconian approach in its prosecution of Reality Winner. Prosecutors have successfully pushed to have her denied bail and have sought to argue that she caused significant damage to national security. While senior government officials like former CIA Director David Petraeus have been given what amount to slaps on the wrist in leak cases, Winner remains incarcerated even as the Senate is effectively lauding the leak for which she is charged.
Reality Winner’s mother, Billie Jean Winner Davis, was critical of the government for jailing her daughter for actions that the Senate now implicitly applauds. “The fact that my daughter Reality Winner has been jailed for nearly a year, accused of doing what the committee is indicating DHS should have done but would not do, is hard to deal with,” she said. “Why would someone accused of providing concrete proof of a cyberattack on our election, when our government would not, be condemned and called a traitor to the country? Would this committee and DHS have taken the measures cited if the NSA document had not been released? Would the Russia investigation continue at all if this information had not been released to the American people?”
She added that it made no sense that such information that should have been given to the American public was considered classified.
“There’s the classification issue and lack of communication from our intelligence agencies to Congress,” she said. “Should the information regarding the Russian cyberattack on our election systems have been classified? Now that the information has been released and reviewed, does it still warrant classified status? Reality Winner’s defense is restricted from referencing or reviewing the information and document she is accused of releasing because this document remains classified. Why? Is this document still classified as a means to ensure Reality Winner and her legal team cannot defend her against the espionage charges?”
Update: May 9, 2018
This story has been updated to include comment from Billie Jean Winner Davis.