Project Safeguarding Elections

Review of EU's Rapid Alert System to protect elections from disinformation and interference: did it work?

07/07/2019

The New York Times has a front page article critiquing the EU's new Rapid Alert System (RAS), which was established to identify disinformation related to elections and to issue a rapid alert, warning voters in the EU. Any EU member country can notify the EU office of possible election disinformation. The Rapid Alert System was set up as a part of the EU's Action Plan against disinformation, which followed on the heels of the East Stratcom Task Force, which is tasked with countering Russian disinformation. The NYT article reports that some in Brussels, where the EU's disinformation analysts are stationed, jokingly describe the Rapid Alert System as follows: "It's not rapid. There are no alerts. And there's no system." The NYT article includes one incident in which EU officials identified suspicious tweets about an "Austrian political scandal," which may have been from Russian trolls, but the EU officials--for whatever reason--did not issue an alert. In fact, the office never issued any alerts during the last election season, although officials claim that they were successful in protecting the EU elections from interference.

One expert the NYT quotes, Jakub Janda, the executive director of a Czech-policy group, described the Rapid Alert System as a failure: "It's a Potemkin village. People in the know, they don't take it seriously." Few countries have contributed to the RAS, although it is not clear the reason for the lack of submissions stems from members' low view of the RAS or simply the lack of problematic cases of election disinformation. EU officials defend the system as the first of its kind and the office is cautious about issuing an alert. Presumably, too many alerts would undermine its effectiveness.

Although the NYT article provides helpful information about the RAS, it seems too early to tell how well it operates after just one election. The fact that no alerts issued during the past election is not evidence, in itself, of a failure of the system. The EU officials' cautiousness in issuing alerts seems wise as their effectiveness would likely be diminished if alerts were frequently issued for every single piece of election disinformation. In some cases, an alert might give more viewers to a piece of disinformation, also known as the Streisand effect. More generally, the experience shows the complex set of issues regulators face in trying to ensure the integrity of elections. The EU does not take the same broad approach to free speech as the U.S. does, so the EU regulators have more authority to combat disinformation. Yet, even with more expansive power, it's not clear how EU regulators can best fight election disinformation online, where posts and ads can have an effect on people as soon as they are viewed.

House passes election security bill, H.R. 2722, Securing America’s Federal Elections (SAFE) Act

07/05/2019

On Thursday, June 27, 2019, the United States House of Representatives passed H.R. 2722, an election security bill aimed at strengthening the nation’s election system. Introduced by Rep. Zoe Lofgren (D. Calif.), the Securing America’s Federal Elections (SAFE) Act authorizes $600 million to update voting equipment to comply with new standards.

The SAFE requirements mandate that voting machines be manufactured in the United States, stay disconnected from the Internet, and produce paper records;
The SAFE bill provides an additional $175 million biannual appropriation for “sustainment” funds for maintain election infrastructure and
a $5 million grant program administered by the National Science Foundation (NSF) to research accessible paper ballot verification methods. [The Hill]

The bill passed the House floor in a near party-line vote 225 to 184; Rep. Brian Mast (R-Fla.) was the only Republican to vote for the bill. [Washington Post] In a party conference before the vote, House of Representatives Speaker Nancy Pelosi (D-Calif.) described the bill as an effort to “further strengthen the defense of our democracy.” At the same conference, Senate Minority Leader Charles Schumer (D-N.Y.) said, “We’re standing with our House colleagues today—we’re standing with the American people today, to protect the integrity of our elections.” Much of the Democratic support stems from the Special Counsel Robert Mueller’s report finding foreign political influence in the 2016 presidential election.

Though legislators from both parties have acknowledged the need for increased election security, the parties disagree how to achieve this goal. While congressional Democrats view the bill as a safeguard against foreign interference, their Republican counterparts view the bill as a form of federal encroachment into an area (overseeing elections) traditionally regulated by the states. Rep. Rodney Davis (R.-Ill.), the ranking Republican of the House Administration Committee, stated that the bill “focuses on forcing states to restructure their election systems through federal mandates and ignores states’ rights to choose the election system that best fits their unique needs.” [The Roll Call]

The bill faces steep opposition in the Senate. On Thursday morning, Senate Majority Leader Mitch McConnell (R-Ky.) deemed the bill a “nonstarter.” Citing Congress’s previous grant of $380 million to states for election security, McConnell believes additional funding unnecessary, as reported by the New York Times. On Tuesday, June 25, Sen. Amy Klobuchar (D-Minn.) tried to force a vote on a measure that would require backup paper ballots and authorize $1 billion in grants for states to improve election protection until Sen. James Lankford (R-Okla.) blocked the move. [The Hill] In the week prior, Sen. Marsha Blackburn (R.-Tenn.) similarly blocked Sen. Mark Warner’s (D-Va.) attempt to bring forth a bill requiring campaigns to report to the Federal Election Commission any foreign nationals who make donations or provide election assistance. [The Hill]

Criticizing Republican opposition to the bill, Sen. Ron Wyden (D-Ore.) emphasized how Democrats would spend the upcoming July 4th holiday “fanning out all across the country” to advocate for election security measures. “We’re going to have a simple message: pass legislation with provisions of the SAFE Act, and tell Mitch McConnell that the future of our democracy is too important for him to stand in its way,” Sen. Wyden expressed. [The Roll Call] Speaker Pelosi announced that election security officials would brief Congress on July 10 in an effort to further increase pressure on Leader McConnell. [The Hill]

Your Guide to Democratic Presidential Candidates' Proposals for Election Security

07/05/2019

With the 2020 election approaching, Presidential candidates are sharing their views on how to protect election security. Although candidate engagement with the issue ranges from detailed plans to single sentences in online platforms, election security is beginning to play a larger role in national conversations about democracy and national security. Below is a summary of where the Democratic presidential candidates stand in terms of strengthening election security. This post will be updated as more candidates offer their own plans and views.

Sen. Kamala Harris and Sen. Amy Klobuchar

Senators Kamala Harris (D-CA) and Amy Klobuchar (D-MN) are co-sponsors of one of the most comprehensive plans is the Secure Elections Act, S. 2261, introduced by Republican Senator James Lankford. The bill would require the Department of Homeland Security (DHS) to create an advisory panel charged with developing detailed standards for the purchase and operation of voting systems. DHS would then fund state efforts to implement the panel’s recommendations. Finally, the plan would create a “Hack the Election” competition to increase early detection of election cybersecurity threats. Notably, the legislation has achieved bipartisan acclaim. Its primary sponsor is Senator James Lankford (R-OK) and two other Republicans have signed on as co-sponsors. Despite this bipartisan support, opposition from President Trump and Senate Majority Leader Mitch McConnell have stalled Senate consideration of the bill, according to the New York Times. For more, visit Sen. Harris website and Sen. Klobuchar website.

Sen. Elizabeth Warren

Senator Elizabeth Warren (D-MA) has offered her own detailed election security proposal. Citing Russian interference in the 2016 election and outdated voting systems used by many states, Senator Warren calls for paper recording of vote tallies, post-election audits, and mandatory cybersecurity training for state election officials. Her plan would require the use of federally provided voting machines, a uniform federal ballot, and the development of a “security firewall” similar to Fort Knox. For more, visit Sen. Warren website.

Sen. Kirsten Gillibrand

Senator Kirsten Gillibrand (D-NY) has also been vocal on election security issues. She has called for increased cybersecurity training for military officials and worked with Senator Lindsey Graham (R-SC) to propose a national commission to investigate election security vulnerabilities. The commission would be tasked with reviewing election interference in 2016, review incidences of election interference in other countries, and making “a full and complete accounting of what emerging threats and unmitigated vulnerabilities” exist at all levels of government. For more visit, Sen. Gillibrand website.

Sen. Michael Bennet

Senator Michael Bennet (D-CO) has proposed, among other reforms, requiring social media companies to prohibit foreign nationals from publishing political ads on their sites. For more, visit Sen. Bennet website.

Former Rep. Beto O'Rourke (D-TX)

Rep. O'Rourke's platforms calls for improvements to election security that will "aggressively tackle interference in our elections." He specifically lists federal funding for states seeking to bolster their cybersecurity standards, provide paper balloting, and conduct "risk-limiting" election audits. Similar to Senator Bennet, he also mentions requiring social media sites to "disclose sponsors of political ads on their sites."

Vice Pres. Biden, Sen. Bernie Sanders, Sen. Cory Booker, and Mayor Pete Buttigieg - no detailed proposals yet

Still other candidates, including Joe Biden, Bernie Sanders, Cory Booker and Pete Buttigieg, have recognized the importance of election security in public statements or through their online platform, but have not issued detailed proposals on how they would address the issue. For more, visit the websites of Vice President Biden, Sen. Sanders, Sen. Booker, and Mayor Buttigieg.

Other candidates

Tech entrepreneur Andrew Yang believes that “Americans should be able to vote via their mobile device, with verification done via blockchain.” Other candidates have offered a range of ideas to address threats to election security. Former Governor John Hickenlooper (D-CO) and former Congressman John Delaney (D-MD) have each proposed the creation of a federal office designed to coordinate cybersecurity efforts, specifically including election security.

Pres. Donald Trump

President Trump’s 2020 campaign website highlights his administration’s sanctions against Russian entities, the expulsion of Russian diplomats, and creation of “the Election Infrastructure Government and Sector Coordinating Councils” as key election security achievements. These claims, however, conflict with public statements from the President, who has repeatedly waivered on whether he believes Russia interfered in the 2016 election at all. As recently as last week, President Trump appeared to joke about election interference commenting in a one-on-one meeting with Russian President Vladimir Putin at a G20 summit: "Don't meddle in the election, please." As noted above, President Trump has publicly opposed bipartisan legislation that aims to protect election infrastructure.

Summary

Given the prominence of election security concerns surrounding the 2016 election, it comes as no surprise that candidates are proactively addressing the issue in the run up to the next Presidential contest. A 2018 poll shows that 70% of Americans believe that Russia interfered in the 2016 election and 68% believe that the administration has not taken sufficient action to protect the election system from interference. As both Democratic primary candidates and President Trump tout their election security goals and accomplishments, it is clear that the issue will play a prominent role in the 2020 race.

Should tech companies do more for election security?: hard lessons from Russian social media warfare in 2016 U.S. elections

07/01/2019

Bill Gates, founder of Microsoft, joined the growing number of high-profile individuals demanding that the U.S. government step up its regulation of big tech companies. In a June 2019 interview at the Economic Club of Washington, DC, Gates said, “Technology has become so central that governments have to think: What does that mean about elections?” Gates focused on the need to reform user privacy rights and data security.

This concern comes following the details of a Russian-led social media campaign to “sow discord in the U.S. political system through what it termed ‘information warfare’” outlined in Volume I Section II of the Mueller Report. According to the Mueller Report, a Russian-based organization, known as the Internet Research Agency (IRA), “carried out a social media campaign that favored presidential candidate Donald J. Trump and disparaged presidential candidate Hillary Clinton.” As early as 2014, IRA employees traveled to the United States on intelligence-gathering missions to obtain information and photographs for use in their social media posts. After returning to St. Petersburg, IRA agents began creating and operating social media accounts and group pages which falsely claimed to be controlled by American activists. These accounts addressed divisive political and social issues in America and were designed to attract American audiences. The IRA's operation also included the purchase of political advertisements on social media in the names of American persons and entities.

Once the IRA-controlled accounts established a widespread following, they began organizing and staging political rallies within the United States. According to the Mueller Report, IRA-controlled accounts were used to announce and promote the events. Once potential attendees RSVP’d to the event page, the IRA-controlled account would then message these individuals to ask if they were interested in serving as an “event coordinator.” The IRA then further promoted the event by contacting US media about the event and directing them to speak with the coordinator. After the event, the IRA-controlled accounts posted videos and photographs of the event. Because the IRA is able to acquire unwitting American assets to contribute to the events, there was no need for any IRA employee to be present at the actual event.

Throughout the 2016 election season, several prominent political figures [including President Trump, Donald J. Trump Jr., Eric Trump, Kellyanne Conway, and Michael Flynn] and various American media outlets responded to, interacted with, or otherwise promoted dozens of tweets, posts, and other political content created by the IRA. By the end of the 2016 U.S. election, the IRA had the ability to reach millions of Americans through their social media accounts. The Mueller Report has confirmed the following information with individual social media companies:

Twitter identified 3,814 IRA-controlled accounts that directly contacted an estimated 1.4 million people. In the ten weeks before the 2016 U.S. presidential election, these accounts posted approximately 175,993 tweets.
Facebook identified 470 IRA-controlled accounts who posted more than 80,000 posts that reached as many as 126 million persons. IRA also paid for 3,500 advertisements.
Instagram identified 170 IRA-controlled accounts that posted approximately 120,000 pieces of content.

Since the details of the IRA’s social media campaign were publicized, big tech companies have been subject to heightened levels of scrutiny regarding their effort to combat misinformation and other foreign interference in American elections. However, many members of Congress were pushing for wide-ranging social media reform even before the release of the Mueller Report.

In April 2018, Facebook Founder and CEO Mark Zuckerberg testified over a two-day period during a joint session of the Senate Commerce and Judiciary Committees and the House Energy and Commerce Committee. These hearings were prompted by the Cambridge Analytica scandal. Cambridge Analytica—a political consulting firm with links to the Trump campaign—harvested the data of an estimated 87 million Facebook users to psychologically profile voters during the 2016 election. Zuckerberg explained that, when functioning properly, Facebook is supposed to collect users’ information so that their advertisements can be tailored to a specific group of people that the third party wishes to target as part of their advertising strategy. In this scenario, the third-parties never receive any Facebook users’ data. However, Cambridge Analytica utilized a loophole in Facebook’s Application Programming Interface (API) that allowed the firm to obtain users’ data after the users accessed a quiz called “thisismydigitallife.” The quiz was created by Aleksandr Kogan, a Russian American who worked at the University of Cambridge. Zuckerberg explained to members of Congress that what Cambridge Analytica was improper, but also admitted that Facebook made a serious mistake in trusting Cambridge Analytica when the firm told Facebook it was not using the data it had collected through the quiz.

Another high-profile hearing occurred on September 5, 2018 when Twitter Co-Founder and CEO Jack Dorsey was called to testify before the Senate Intelligence Committee to discuss foreign influence operations on social media platforms. During this hearing, Dorsey discussed Twitter’s algorithm that prevents the circulation of Tweets that violate the platform’s Terms of Service, including the malicious behavior we saw in the 2016 election. Dorsey also discussed Twitter’s retrospective review of IRA-controlled accounts and how the information gathered is being utilized to quickly identify malicious automated accounts, a tool that the IRA relied heavily on prior to the 2016 election. Lastly, Dorsey briefed the committee on Twitter’s suspicion that other countries—namely Iran—may be launching their own social media campaigns.

With the 2020 election quickly approaching, these social media executives are under pressure to prevent their platform from being abused in the election process. Likewise, the calls for elected officials to increase regulation of social media platforms are growing stronger by the day, especially since Gates joined the conversation.

[Sources: Mueller Report, PBS, Washington Post, CNN, The Guardian, Vox I, Vox II]

FBI Confirms Russian Government Hacked Voting Data of Two Florida Counties

06/11/2019

In the Mueller Report, Special Counsel Robert Mueller III concluded that the “Russian government interfered in the 2016 presidential election in sweeping and systematic fashion.” [Mueller Report link] While exposing the details of these Russian efforts, the Mueller Report identified one state in particular—Florida—as a key target of the Russian hackers (at p. 51). In Volume I of the Mueller Report, the Special Counsel’s Office indicated that the FBI believed the Russian government had gained access to voting data possessed by “at least one Florida county government.” In recent days, however, Florida Governor Ron DeSantis and other top officials learned in a series of confidential briefings that the FBI and Department of Homeland Security believe two Florida counties were hacked prior to the 2016 election.

According to the Mueller Report, a Russian intelligence service, known as GRU, sent spearphishing emails to over 120 email accounts used by Florida county officials responsible for administering the 2016 U.S. election. The spearphishing emails contained an attached document coded with malicious software (commonly referred to as a Trojan) that permitted the GRU to access the infected computer. In spite of the breaches, the FBI have not found any evidence that there was any manipulation of voter data, vote counts, or election results in 2016.

Following the confidential briefings, a bipartisan choir of both officials and constituents demanded the identity of the counties that fell victim to Russian interference. In response, Gov. DeSantis acknowledged that he was required to accept the terms a non-disclosure agreement prior to being briefed by the FBI. The terms of the NDA reportedly prohibit DeSantis from confirming or repeating the confidential information to unauthorized individuals. Since publicizing this agreement, DeSantis has received significant criticism from an array of officials who believe the Governor should have pushed back at the request to agree to the NDA. However, the terms of a 2003 executive order require the FBI to obtain an NDA before people without security clearances, such as DeSantis and his staff, are briefed on sensitive or classified information.

Many advocates of government transparency have questioned DeSantis’s legal standing to sign an NDA on the matter due to the broad nature of Florida’s public record laws. Barbara Petersen, president of the First Amendment Foundation, said that a long line of past court rulings makes it clear that Florida officials cannot agree to keep a document confidential if it is shared with them, even if the official does not retain possession of the documents. However, Petersen concedes that an NDA would may be appropriate to protect confidential information given to DeSantis verbally.

With the next election approaching quickly, many Floridians are less worried about what happened in 2016 and more worried about how to prevent this meddling in the 2020 elections. Last year, the Florida Department of State distributed more than $14.5 million in cybersecurity grants for federal elections to the state’s Supervisors of Elections. In addition, the Supervisors of Elections were given $1.9 million dollars in state funding to purchase and install Albert network monitoring sensors. These sensors are used by election organizations to detect cyber threats and quickly alert officials when data may be at risk. Albert sensors were developed as a supplemental form of the DHS’s Einstein project, which focuses on detecting and blocking cyberattacks within federal agencies.

[Sources: Politico, Palm Beach Post, My Sun Coast, GovTech.com, Orlando Sentinel, Learn.cisecurity.org]

U.S. Cyber Command works with foreign nations to defend election security from Russian interference

05/09/2019

On May 7, 2019, Maj. Gen. Charles L. Moore, the director of operations for Cyber Command, and other Cyber Command officers gave a rare briefing at its new Joint Operation Center. According to the New York Times: "American officials deployed last year to Ukraine, Macedonia and Montenegro, and United States Cyber Command officials said that their missions included defending elections and uncovering information about Russia’s newest abilities. Cyber Command will continue some of those partnerships and expand its work to other countries under attack from Russia, officials said Tuesday. The deployments, officials said, are meant to impose costs on Moscow, to make Russia’s attempts to mount online operations in Europe and elsewhere more difficult and to potentially bog down Moscow’s operatives and degrade their ability to interfere in American elections."

In an operation named "Synthetic Theology," Cyber Command took proactive measures to neutralize Russian efforts to interfere with the 2018 U.S. midterm elections by

taking offline temporarily the Internet Research Agency, a Russian trollfarm and source of disinformation,
sending direct messages to Russians propagating disinformation to identify them, and
deploying U.S. officers in Ukraine, North Macedonia, and Montenegro to defend their networks and gather intelligence on Russian activities. The commander of Cyber Command’s cyber national mission force, Brig. Gen. Timothy Haugh said the U.S. would continue such joint efforts with foreign countries. [sources: cyberscoop and NYT]

FBI Director Wray Warns of Russian Interference in 2020 U.S. Elections

05/09/2019

On April 26, 2019, FBI Director Christopher Wray warned of Russian interference in the 2020 U.S. elections. The threat is significant and constant. "“What has pretty much continued unabated is the use of social media, fake news, propaganda, false personas, etc. to spin us up, pit us against each other, to sow divisiveness and discord, to undermine America’s faith in democracy,” said Wray. “That is not just an election-cycle threat. It is pretty much a 365-day-a-year threat.”

The FBI, Department of Homeland Security, and NSA have all allocated resources to counter the Russian threat: According to the New York Times: "In response to growing threats from Russia and other adversaries, the F.B.I. recently moved nearly 40 agents and analysts to the counterintelligence division, the senior bureau official said in an interview this month. Many of the agents will work on the Foreign Influence Task Force, a group of cyber, counterintelligence and criminal experts. Officials have made that task force, initially formed on a temporary basis before the midterm elections, permanent. The Department of Homeland Security made its midterm election task forces permanent, folding them into an election security initiative at their National Risk Management Center. And the National Security Agency and the United States Cyber Command have also expanded and made permanent their joint task force aimed at identifying, and stopping, Russian malign influence, officials said."

Mueller Report on Russian interference in 2016 election released

04/18/2019

April 18, 2019 - The Report on the Investigation into Russian Interference in the 2016 Presidential Election by Special Counsel Robert S. Mueller, III was released, in redacted form, to the public today. The Report concludes: "The Russian government interfered in the 2016 presidential election in sweeping and systematic fashion."

"As set forth in detail in this report, the Special Counsel's investigation established that Russia interfere~ in the 2016 presidential election principally through two operations. First, a Russian entity carried out a social media campaign that favored presidential candidate Donald J. Trump and disparaged presidential candidate Hillary Clinton.

Second, a Russian intelligence service conducted computer-intrusion operations against entities, employees, and volunteers working on the Clinton Campaign and then released stolen documents. The investigation also identified numerous links between the Russian government and the Trump Campaign. Although the investigation established that the Russian government perceived it would benefit from a Trump presidency and worked to secure that outcome, and that the Campaign expected it would benefit electorally from information stolen and released through Russian efforts, the investigation did not establish that members of the Trump Campaign conspired or coordinated with the Russian government in its election interference activities."

Download the Mueller Report here

Singapore set to enact "fake news" law, Protection from Online Falsehoods and Manipulation Act

04/09/2019

Singapore's government is set to enact a controversial bill titled Protection from Online Falsehoods and Manipulation Act that would recognize broad authority for the government to order individuals and ISPs to remove "false statements of fact" aka "fake news" online. The bill can be dowloaded here. The Parliament is expected to pass the bill next month, ahead of the upcoming elections. Commentators and human rights organizations expressed concern that the bill authorizes the government to decide what content is false and to order corrections and removals of such content.

Section 7 of Part 2 of the law makes it a crime for people from doing an act "in or outside Singapore" "in order to communicate in Singapore a statement knowing or having reason to believe that--(a) it is a false statement of fact;" provided that it meets one of the following conditions in subsection (b):

Section 8 makes it a crime to make or alter bots "with the intention of (a) communicating, by means of a bot, a false statement of fact in Singapore; or (b) enabling any other person to communicate, by means of a bot, a false statement of fact in Singapore.

Part 3 of the Act grants broad powers for "any Minister" to issue a "Part 3 Direction" requiring correction or stop communication of the offending content. If the person does not abide by the order, the Ministry may order ISPs to block access to the content.

LIkewise, Part 4 authorizes any Minister to issue "Part 4 Directions" to ISPs to comply with a "targeted correction direction," "disabling direction," or "general correction direction." Both Parts 3 and 4 recognize the right to appeal the Directions to the High Court.

Disinformation in the 2018 U.S. Midterm Elections: Identifying Misattributed Photos and Visual Propaganda against the October 2018 Migrant Caravan

03/05/2019

In the final weeks of the 2018 midterm campaign, the GOP turn-out effort increasingly focused on a caravan of migrant asylum seekers making their way to the United States’ southern border from Honduras.[1] To emphasize the danger posed to the United States, an intense misinformation campaign centered on misattributed images began. Conservative Politicians and right-leaning media pushed out numerous false narratives about the caravan,[2] while right wing Twitter posters circulated numerous misattributed images, copied and described in detail below.

The Free Internet Project