The Free Internet Project

June 2019

FBI Confirms Russian Government Hacked Voting Data of Two Florida Counties

In the Mueller Report, Special Counsel Robert Mueller III concluded that the “Russian government interfered in the 2016 presidential election in sweeping and systematic fashion.” [Mueller Report link] While exposing the details of these Russian efforts, the Mueller Report identified one state in particular—Florida—as a key target of the Russian hackers (at p. 51). In Volume I of the Mueller Report, the Special Counsel’s Office indicated that the FBI believed the Russian government had gained access to voting data possessed by “at least one Florida county government.” In recent days, however, Florida Governor Ron DeSantis and other top officials learned in a series of confidential briefings that the FBI and Department of Homeland Security believe two Florida counties were hacked prior to the 2016 election.

According to the Mueller Report, a Russian intelligence service, known as GRU, sent spearphishing emails to over 120 email accounts used by Florida county officials responsible for administering the 2016 U.S. election. The spearphishing emails contained an attached document coded with malicious software (commonly referred to as a Trojan) that permitted the GRU to access the infected computer. In spite of the breaches, the FBI have not found any evidence that there was any manipulation of voter data, vote counts, or election results in 2016.

Following the confidential briefings, a bipartisan choir of both officials and constituents demanded the identity of the counties that fell victim to Russian interference. In response, Gov. DeSantis acknowledged that he was required to accept the terms a non-disclosure agreement prior to being briefed by the FBI. The terms of the NDA reportedly prohibit DeSantis from confirming or repeating the confidential information to unauthorized individuals. Since publicizing this agreement, DeSantis has received significant criticism from an array of officials who believe the Governor should have pushed back at the request to agree to the NDA. However, the terms of a 2003 executive order require the FBI to obtain an NDA before people without security clearances, such as DeSantis and his staff, are briefed on sensitive or classified information.

Many advocates of government transparency have questioned DeSantis’s legal standing to sign an NDA on the matter due to the broad nature of Florida’s public record laws. Barbara Petersen, president of the First Amendment Foundation, said that a long line of past court rulings makes it clear that Florida officials cannot agree to keep a document confidential if it is shared with them, even if the official does not retain possession of the documents. However, Petersen concedes that an NDA would may be appropriate to protect confidential information given to DeSantis verbally.

With the next election approaching quickly, many Floridians are less worried about what happened in 2016 and more worried about how to prevent this meddling in the 2020 elections. Last year, the Florida Department of State distributed more than $14.5 million in cybersecurity grants for federal elections to the state’s Supervisors of Elections. In addition, the Supervisors of Elections were given $1.9 million dollars in state funding to purchase and install Albert network monitoring sensors. These sensors are used by election organizations to detect cyber threats and quickly alert officials when data may be at risk. Albert sensors were developed as a supplemental form of the DHS’s Einstein project, which focuses on detecting and blocking cyberattacks within federal agencies.

[Sources: Politico, Palm Beach Post, My Sun Coast, GovTech.com, Orlando Sentinel, Learn.cisecurity.org]