Clinton and Putin meet in 2012 in Vladivostok.

Clinton and Putin meet in 2012 in Vladivostok. Jim Watson/AP file photo

Featured eBooks
2023 Pay and Benefits Outlook
Quantum-Mania Across Government
Smart Cities
Tech

What the DNC Hack Could Mean for Democracy

Suspected foreign interference in an American election might be a taste of what's to come.

Uri Friedman,
The Atlantic

|
Uri Friedman
Uri Friedman
Managing editor, Atlantic Council
The Atlantic

Analysts largely agree that the hacking of various arms of the Democratic Party, and the release of hacked emails that deepened divisions within the party just ahead of its presidential convention, is a big deal. But there’s less agreement about whether what we’re witnessing is fundamentally old or new. The answer to that question could shape not just the Obama administration’s response to the hack, but international norms on the limits to foreign influence in democratic elections.

Put simply: If, as some reckon, Russian intelligence agencies spied on the Democratic Party and then shared looted documents with WikiLeaks in order to intervene in the U.S. election, can that be tolerated? 

So far, only anonymous U.S. officials and private cybersecurity companies have designated Russia as the prime suspect in the hack. The U.S. government has yet to publicly accuse the Russian government of orchestrating the breach, let alone the leaks, and Russian officials have denied any involvement in the episode. Nevertheless, some argue that the Kremlin appears to have merely extended to America areinvented Soviet tactic that it has deployed for years at home and across Europe: Using a variety of measures—including the collection and dissemination of compromising information and disinformation—to meddle in politics, discredit the political systems of rival countries, and sow doubt, discord, and disarray. Analternative interpretation is that Russia is “crossing a big red line and setting a dangerous precedent: an authoritarian country directly yet covertly trying to sabotage an American election.” Still others point out that there’s a long history of countries, including Russia and the United States, secretly seeking to influence elections and public opinion abroad, particularly during the Cold War. Often these efforts are overt, even routine; in many cases they stop short of explicitly picking sides (think of Angela Merkel praising Hillary Clinton), and in some they don’t (think of Barack Obama’s plea for Britain to remain in the European Union).

As U.S. authorities investigate who was behind the hack, legal scholars and cybersecurity experts have been scrambling to sort the old from the new. Jack Goldsmith, a Harvard Law professor and former George W. Bush administration official, says there’s something novel about the mechanisms and scale of the intervention, in that it seems to have involved not just cyber operations, but also partnering with a third-party organization to publish a massive amount of data. That last step is what made ordinary espionage extraordinary—and what potentially invites more ambitious interventions in American democracy in the future. The U.S. government, he fears, may be unprepared for the onslaught:

The combination of pilfering sensitive information and then “weaponiz[ing] Wikileaks” or some similar organization will surely recur. … Foreign governments could “hack a voting machine,” “shut down the voting system or election agencies,” “delete or change election records,” “hijack a candidate’s website,” “dox a candidate,” “and target campaign donors.” …

The Russian hack of the [Democratic National Committee] was small beans compared to the destruction of the integrity of a national election result. … Election fraud is typically the responsibility of election officials working with law-enforcement officials. But when election fraud with national consequences is potentially threatened by foreign adversaries, it should become the responsibility of (at a minimum) national intelligence officials. But are they on this problem? Does the United States government have a well-worked out plan to ensure that our highly computerized and highly decentralized system for electing the President is protected from foreign disruption via cyber-exploitation or cyber-attack?

The operation, he adds, may also feel new, even if that’s not actually so, because of the context in which it’s occurring. “It seems different because it involves manipulation of an American election,” Goldsmith writes. “And it seems different because of the suggestion that a presidential candidate of one U.S. party, [Donald Trump], might be working with—or at least supportive of—a major foreign adversary’s efforts to covertly damage the rival presidential candidate.”  

As for whether the hack poses new legal challenges, Goldsmith notes that while cyber-theft violates U.S. law, many countries—with the United States in the lead—similarly defy domestic law in other countries when conducting cyber-espionage abroad.

International law is murkier. Cyber-conflict is a relatively lawless frontier of foreign relations. Over the last half century or so, an international norm of non-intervention in a country’s internal affairs has emerged, according to Lori Fisler Damrosch, a professor of international law and diplomacy at Columbia University. But the norm is clearer in the case of, say, one country using military force to alter another country’s borders or independence than in cases where the methods used to interfere in a country’s ability to make its own choices aren’t obviously coercive.

“There was long ago a crystallization of this idea that forcible intervention in other countries’ affairs was prohibited by customary international law and by treaty law,” Damrosch told me. “It follows almost like a syllogism that non-forcible techniques that are equally intrusive should be equally prohibited. But because those techniques are so diffuse, it’s much harder to see any bright lines.”

If foreign hackers release documents that damage a political party during an election, is that a violation of the norm of non-intervention? It’s difficult to say, particularly since it’s very hard to attribute cyber-attacks with anything approaching certainty to a government, or to ascribe clear motives to the attackers.

“It’s always been something of a gray area to know what is benign influence in international and domestic politics, and what is prohibited intervention,” Damrosch said. “I’m not sure that that effort is really amenable to new lawmaking.”

These considerations could all factor into how the Obama administration reacts to the hacks and leaks that jolted an already-tumultuous presidential election. Even if U.S. officials gather sufficient proof of Russian involvement in the operation, “they may not be able to make their evidence public without tipping off Russia, or its proxies in cyberspace, about how deeply the National Security Agency has penetrated that country’s networks,” David Sanger reported in The New York Times over the weekend. “And designing a response that will send a clear message, without prompting escalation [of cyber-conflict between the two countries] or undermining efforts to work with Russia in places like Syria, where Russia is simultaneously an adversary and a partner, is even harder.”

U.S. retaliation against Russia could range from naming and shaming Russia as the culprit, to imposing sanctions or issuing indictments against implicated Russian officials, to launching cyber-attacks against Russian intelligence services. The Obama administration resorted to several of these measures against North Korea in 2014 over its hacking of Sony Pictures. But the risks of antagonizing Russia are greater than they were for North Korea. As a result, the United States might ultimately decide to do nothing.

Yet not responding is dangerous too, according to Matt Tait of Capital Alpha Security, who has concluded that the hack was probably the work of Russian intelligence. A decision to not retaliate could serve as a “green light to using similar tactics in future.”

“Will we stand idly by as a foreign government mass-leaks spreadsheets of donor financial information or the names, addresses, and phone numbers of DNC LGBT supporters?” Tait asks. “Is it okay to let a foreign government interfere in a U.S. election unchallenged? This is what’s at stake in Russia’s DNC hack.”

And those stakes might only be increasing. Back in 2009, Zephyr Teachout, a Fordham Law professor who’s currently running for Congress, wrote that “Given the global impact of United States policy, twenty years from now massive efforts to influence United States elections—from outside its borders—will be routine.” At the time, she meant that the internet had enabled governments, corporations, and citizens of other countries to influence U.S. elections as never before. For example, she asked, what if Venezuela’s then-president, Hugo Chavez, had released a series of viral videos online in 2008 that personally attacked the Republican presidential candidate, John McCain? Would that have been a good or bad thing for American democracy?

A lot has changed since then. Chavez is dead. The U.S. Supreme Court’s 2010Citizens United decision allowed foreign entities to spend boundless money on American elections through U.S.-based corporations. The ensuing years have brought revelations of U.S.-Israeli cyber-attacks on Iran’s nuclear program andsuspected Russian cyber-attacks against Ukraine’s power grid. The intense interest in influencing U.S. elections has not abated, but the means of doing so have grown more pernicious.

If the U.S. government determines that a foreign government was behind the breach, what it does—or does not do—next could have far-reaching consequences for American democracy, and democracies around the world.

NEXT STORY: Dear Hillary: Where Are the Women In Your Energy Strategy?

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.