Evan Vucci/AP

There’s Nothing to Stop the 2018 Elections From Being Hacked

Congressional Democrats are pledging not to exploit stolen materials in their campaigns, but Republicans have declined to match that commitment, leaving the midterm races vulnerable to malicious interference.

Russia’s successful interference in the 2016 election—when Moscow hacked both Democrats and Republicans—has spurred fears of a recurrence in 2018. But although congressional Democrats are pledging not to use stolen or hacked materials in their campaigns this fall, their Republican counterparts have so far declined to match that commitment. That partisan split could leave the November elections open to malicious interference.

“There should be no doubt that Russia perceives its past efforts as successful and views the 2018 U.S. midterm elections as a potential target for Russian influence operations,” Dan Coats, the Director of National Intelligence, told the Senate Intelligence Committee in February. Then-CIA Director Mike Pompeo added that officials had “seen Russian activity and intentions to have an impact on the next election cycle.” “We need to inform the American public that this is real,” Coats said, “and that we are not going to allow some Russian to tell us how we’re going to vote.” Special Counsel Robert Mueller is investigating Russia’s interference in the 2016 election, which involved hacking the Democratic Congressional Campaign Committee and Democratic National Committee and leaking the documents via WikiLeaks and an online persona known as Guccifer 2.0.

Both parties face high stakes this November—Democrats hope to take back the House and the Senate, whereas Republicans are clinging to their majority as a wave of GOP lawmakers choose not to run for reelection. The committees’ senatorial counterparts, the Democratic Senatorial Campaign Committee and the National Republican Senate Committee, did not return requests for comment.

The DCCC is “committed” to ensuring that “illegally stolen and hacked materials are not weaponized in any campaigns,” its communications director, Meredith Kelly, said. A spokesman for the National Republican Congressional Committee—who requested anonymity to discuss the committee’s policies—was more circumspect, saying that the committee is “open to working with anyone to tackle cybersecurity issues.” Democrats are irked that the NRCC hasn’t responded to their written requests for cooperation, a decision the NRCC spokesman attributed to a lack of “trust.”

The divide has further complicated the parties’ ability to offer a unified response that could discourage future election attacks. “The antidote to future election hackings is unity, unity of Democrats and Republicans banding together to say we won’t weaponize what others stole,” Democratic Representative Eric Swalwell said. “If we take away a big stage for hackers to showcase their work, they’ll hack less. The GOP’s refusal to sign this agreement invites more attacks on our democracy. It’s time to unite.”

It is not clear how the NRCC would react if it were given a damning email or text hacked from an opponent. Setting aside the potential legal liabilities, using hacked documents in a campaign could encourage cybercriminals to continue meddling in U.S. elections. There is also never a guarantee that the stolen documents are authentic. Asked whether the NRCC is formulating policies or guidelines for its candidates surrounding the use of hacked material in campaigns, the spokesman said he “can’t comment on a hypothetical scenario.”

The NRCC, however, is already working to encourage its own candidates to protect themselves against attacks. At least one Republican official, former Republican National Convention deputy finance chair Elliott Broidy, says he was targeted by foreign hackers this year. Russian hackers gained “limited” access to RNC computer systems in 2016, former FBI Director James Comey testified last year. The spokesman reiterated that he “can’t detail our conversations with campaigns, but I will say that hacking and cybersecurity is something we’ve discussed at length with them.” He said later that Steve Stivers, the NRCC chairman, “is open to working with anyone to tackle cybersecurity issues.” A spokeswoman for House Speaker Paul Ryan declined to comment on the record.

Clint Watts, a senior fellow at the Center for Cyber and Homeland Security at George Washington University and a Foreign Policy Research Institute fellow, said the committee might be reluctant to issue a blanket statement objecting to the use of hacked material because it is often difficult to differentiate between material that has been leaked and material that has been hacked. “So if they make some kind of announcement, and then use something that they thought was leaked but was actually hacked, they’ll look like hypocrites,” Watts said. Still, he argued, “there should be a policy.”

Kelly did not respond to a request for clarification over whether the committees would refrain from weaponizing media coverage of hacked documents. The NRCC spokesman said only that the committee “recognizes that cybersecurity is a nonpartisan issue and will work with anyone on it.”

Vince Galko, a political strategist who served as a consultant on Republican Representative Ryan Costello’s successful midterm campaign in 2016, opted not to employ unflattering material hacked from Costello’s opponent Mike Parrish during that election. “When news broke that this material had likely been stolen by a foreign actor, we immediately said, ‘We’re not going to use it,’” Galko told me. He said that he could not speak to what other campaigns should do if they come across material that’s been “obtained in a nefarious way,” but noted that attack ads and other research used against an opponent need to be vetted. “The standards have lowered a bit,” he acknowledged, but the common practice is to provide a source for the claims you’re making against an opponent. If the claims rely on hacked documents, it is difficult to know whether they are authentic, he said.

Officials from both the NRCC and DCCC pointed to a letter written by the chairman of the DCCC, Ben Ray Lujan, to Stivers asking that the committees team up on combating hacking ahead of the midterms as the moment when efforts at cooperation went awry. Republicans were furious that the letter—in which Lujan asked Stivers for his “steadfast commitment that the NRCC will refrain from the use of any stolen or altered documents or strategic information as part of any past or potential future hack on our Committee or campaigns” and “strongly” rebuke the GOP’s use of “any illegally obtained information”—was promptly leaked to the press. An NRCC spokesman told me that, following “internal discussions last year to team up on cybersecurity” with the Democrats, the NRCC decided the DCCC “couldn’t be trusted to partner with us because shortly before we approached them, they engaged in a political stunt where they sent an intern with a cybersecurity letter that was immediately leaked to the press.” Lujan “saw and talked to Stivers numerous times before and after the letter was delivered and never once brought it up,” the spokesman added. “So we decided that they viewed cybersecurity and defending against hacking as a PR issue. Why would we partner with someone on such a sensitive issue that thinks like that? How could we trust them? And frankly, they’ve done nothing to disabuse us of that thought since.”

The DCCC pointed to Lujan’s letter, too, when asked whether it was prepared to commit to discouraging the use of hacked documents in the midterms. Kelly, the DCCC spokesperson, noted that the letter “went unresponded to by the Chairman’s counterpart.” In a statement last summer, the DCCC called the accusation that it had been behind the leak “a disturbingly flippant response to a simple request that we set partisan politics aside and work together to better protect our elections from foreign adversaries and their cyberattacks.”

In an earlier letter sent in August 2016, after the NRCC used a hacked document in an ad attacking Florida Democratic candidate Randy Perkins, Lujan asked Walden to publicly “oppose any use by the NRCC and other Republican campaigns of materials stolen by the Russians.” He received no reply, according to the Democrats. “We remain committed to cybersecurity and ensuring that illegally stolen and hacked materials are not weaponized in any campaigns, and are willing to work with anyone to protect the integrity of our elections,” Kelly said. An aide to Democratic Minority Leader Nancy Pelosi said that Pelosi “concurs with that pledge.”

“If you are an American, and are offered stolen materials on your opponent, pick up the phone, and call the FBI,” Adam Parkhomenko, a Democratic consultant and adviser to Hillary Clinton, told me. “If this is not something you are willing to do, there is a man named Robert Mueller who would be very interested in speaking with you.”