overhead shot of people casting ballots in voting booths

Voters in Las Vegas in 2022. (Photo by Anna Moneymaker/Getty Images)

commentary

The Misguided Emphasis on U.S. Political Campaign Hacks

On the spectrum of threats to free and fair elections, the airing of campaigns’ dirty laundry would be lamentable but hardly warrants catastrophizing.

Published on August 27, 2024

The United States currently has over three dozen active, ongoing national emergencies on issues ranging from transnational narco-trafficking to political repression in Belarus. One of them, initially declared by former president Donald Trump in 2018, is due to be renewed by the White House in coming weeks: It addresses foreign interference in U.S. elections. The original executive order, which deems “the unauthorized accessing of election and campaign infrastructure” and “the covert distribution of propaganda and disinformation” as an “unusual and extraordinary threat” to U.S. national security, gained renewed urgency in August when Iran attempted to hack the accounts of the U.S. presidential candidates’ advisers.

However, as this particular emergency stretches into a seventh year, which aspects of the threat truly remain unusual and extraordinary? More critically, the latest hacking attempt offers a reason to question the wisdom of linking the technical mechanics of the vote and the integrity of the campaigns themselves under a single “election security” umbrella.

2016 Is Calling

Intercepting and capitalizing upon private conversations is the world’s second-oldest profession—a well-documented fact that often gets overlooked, even by those individuals and organizations that stand to lose the most. Iran’s attempted hack—and leaking of pilfered emails from the Trump campaign to reporters—bore all the hallmarks of Russia’s 2016 hack-and-leak operation. In both cases, potentially embarrassing details about intracampaign, intraparty dynamics, never meant for public consumption, threatened to spill into the open and dominate headlines. These domestic political scandals mirror similar ones in foreign affairs: from the notorious interception and leak of then U.S. assistant secretary of state Victoria Nuland’s private frustration with the EU in 2014, to German officials’ sensitive discussions about arms for Ukraine a decade later. In most cases, more robust communications security practices might have spared headaches for the victims. Meanwhile, the dent these exposures made on the course of history is, at best, fodder for speculation.

Russia’s brazen influence operations in 2016—which included a range of cyber intrusions, online propaganda, and in-person lobbying—prompted an unprecedented securitization of U.S. elections. While there were no indications of foreign attempts to alter vote tallies, the United States rapidly marshalled policy and funding to prevent and counter foreign interference of any kind. Dedicated cybersecurity and information-sharing efforts—now led by the Cybersecurity and Infrastructure Security Agency under the Department of Homeland Security, with support from other government organizations, the tech sector, and civil society—have arguably made each successive election tally more secure against technical disruption. Although state and local acceptance and participation in federal election security efforts is largely voluntary, trust and collaboration among these entities has been laudable, effective, and continuous.

Influence or Politics?

However complex, the casting and tallying of votes is still a relatively closed world: Systems and networks can be conclusively mapped. Identities and activities can be authenticated and authorized. Anomalies can be detected and remediated. Paper ballots and public audits can (and should) be put in place as redundancies. But by comparison, the world of public discourse is an infinitely more complex and unknowable one. A baseline, optimal model is elusive. There are few standards of measurement for, identifiable root causes of, or reliable barriers against so-called foreign influence—much less in such a nakedly partisan political contest and in a free and open media environment.

In poker, as author James Gleick once wrote, re-shuffling the deck almost certainly changes your luck, “but you don’t know for better or for worse.” The same holds true for public opinion—which has never been free from skullduggery, attempts at manipulation, or pure bad luck. It was and remains unclear, if not wholly unknowable, how foreign subversion aimed at public discourse (as opposed to technical processes) might affect voter sentiment and behavior. Add to this the fact that U.S. voters have become increasingly polarized and their views largely solidified, and the impacts of foreign influence become even more muddled. It is easy to presume that history and public opinion are traveling along a determined track, and that foreign subversion somehow knocks them off course. But ultimately, even the most robust election security initiatives will fail at distinguishing the effects of malign foreign influence from those of purely domestic politics.

On the spectrum of threats to free and fair elections, a breach of political campaign emails and the airing of dirty laundry would be lamentable but hardly warrants catastrophizing. Yes, the perpetrators should rightly face legal and foreign policy responses, and efforts to combat these attempts should be robust and continuous. But casting threats of voter interference and campaign hacking as equally probable, equally preventable, and equally consequential might itself risk “undermining public confidence in election processes or institutions,” as the executive order states. That the mechanics of American elections must be free from foreign interference is both a realistic and uncontroversial policy goal. That American public discourse about elections could be free from any “foreign influence” is a categorically different objective, with far dimmer prospects for success. Forthcoming policy and messaging from the White House should take these distinctions into account, acknowledging—as Washington has in other cybersecurity arenas—that resilience and adaptivity beat wholesale prevention as a strategy when it comes to safeguarding public discourse.

Fortunately, in the most recent case, journalists and media outlets have been more cautious about covering illicitly acquired, insider materials—likely weighing their authenticity, newsworthiness, and the prospects of potentially advancing a broader operation hatched by a U.S. adversary. This kind of restraint is a positive step. It signals a recognition that Tehran and other adversaries are banking on American entities to capitalize on these kinds of attacks—usually in pursuit of their own legitimate interests—to compound the disruptive effects. Government, media, or civil society working to deny this impulse can become its own form of deterrence.

Foreign hack-and-leak operations targeting political campaigns are conceivably a threat to the integrity of elections. But they are also the subject of domestic media scrums and partisan attacks, a watering hole for padding bureaucratic budgets, and a marketing bonanza for the cybersecurity industry. The declaration of a national emergency was necessary, in part, to use the threat of economic sanctions as a warning to adversaries such as Russia and Iran to exercise restraint toward U.S. elections.

But the odds of success in this regard are long, however noble and necessary the declaration is. Hack-and-leak operations are attractive to foreign adversaries simply because they are frequent, deniable, low-cost, and relatively easy. Shielding American public discourse from this kind of subversion—whatever the impact may or may not be on election outcomes—probably depends as much, if not more, on incentivizing restraint far closer to home.

Carnegie does not take institutional positions on public policy issues; the views represented herein are those of the author(s) and do not necessarily reflect the views of Carnegie, its staff, or its trustees.