Information Warfare: The Florida Election Hack

Election hacking in Florida, municipality hacking in Baltimore, and President Donald Trump’s handing of classification authorities to Attorney General William Barr share some characteristics. Our strategies lag behind the realities of dealing with information in the age of the internet. We need to start thinking differently about how we handle information; when to withhold it and when to share it.

I’ll write three posts on ways to think about those situations. We have to find better ways to deal with information and its misuses.

It has taken some time for the story of voter record hacking in Florida to come out, and we still don’t have most of it.

Russian hackers accessed voter data in two Florida counties, but, according to federal authorities, did not change the vote count itself. They may have taken data on voters, which seems to be public. The method of attack was spear phishing, in which an email contains links that install a trojan horse on the target computer. (Reminder: Don’t click on links in suspicious email.)

On May 14, federal officials  briefed Florida Governor Ron DeSantis on the hacking. DeSantis says that he had to sign a nondisclosure agreement that prohibits naming the counties. This is not unusual when someone without a clearance is allowed access to classified information.

But why is this information classified, and what exactly is classified?

If Florida election officials are to provide a secure election next year, they need to know

  • which parts of their system were accessed and how
  • what the hackers did with their access
  • how hackers might affect vote totals
  • what steps to take to avoid these problems

This information will be useful to election officials in other states too. And the general public has a right to know what happened in 2016 and may be happening today.

There are two reasons for not making that information public. First, it is likely part of the counterintelligence investigation complementing Robert Mueller’s investigation into the 2016 election and may need to be kept quiet to protect that investigation. Second, the FBI and DHS, the investigating agencies, claim that making it public will impact their sources and methods. This is a common claim of intelligence agencies, probably too common. More on that later.

A leak says that Washington County was one of the counties hacked by Russia’s GRU, the military intelligence agency. It’s likely that we will hear about the other. A strong statement from the investigating agencies on what they found would be the best way to bolster confidence in the electoral system. Legislators have expressed concern about the secrecy, and we can hope that they will press for more information to be made public.

Making this information public could also serve as a warning to the hackers: We know what you are doing and are watching out for you. This message is in the news already, but giving specifics would make it more credible.


Cross-posted to Balloon Juice.