Monday, January 15, 2018

Russian Interference in Elections: Fancy Bear is Not Exactly What We Had in Mind

Excuse the long title, but whenever humorist Roy Blount Jr. would run across something totally contrary to his expectations, he would say mildly, "Well, that's not exactly what I had in mind."  By a convoluted series of circumstances, we in the U. S. have become vulnerable to election interference by a foreign power in a way that few people anticipated.  This is a lesson in how novel technologies and aggressions can outwit both legislators and organizations dedicated to preventing such aggressions.  And novel countermeasures—some of them possibly costly in both money and convenience—may be needed to deal with them.

Historically, it has been difficult for non-U. S. citizens or foreign countries to interfere with U. S. elections.  While the fear of such interference has always been present to a greater or lesser degree, my amateur historical memory does not bring to mind any significant cases in which a foreign power was clearly shown to have acted covertly in a way that provably influenced the outcome of a national election.  Laws prohibiting foreign campaign contributions acknowledge that the danger is real, but if such interference happened in the past, it was so well concealed that it never got into the historical record. 

Ever since there were governments, there have been privileged communications among those in power which, if disclosed in public, might prove to be embarrassing or even illegal.  But until recently, these communications took place either by word of mouth, by letter and memo, or by phone.  And considerable espionage work has to be done to intercept such communications.  You have to have a spy or a listening device in place to overhear critical private discussions.  You have to steal or secretly photograph written documents, and you have to tap phone lines.  All of these activities were by necessity local in nature, meaning that a foreign power bent on obtaining embarrassing information that could sway an election had to mount a full-scale espionage program, with boots on U. S. soil, and take serious risks of being caught while engaged on a fishing expedition that might or might not reveal any good dirt, so to speak. 

Then came the Internet and email.

While much email physically travels only a few miles or less, it passes through a network in which physical distance has for all intents and purposes been abolished.  So if I email my wife in the next room, somebody in Australia who simply wants to know what I'm emailing can try to hack into my emails and, if successful, can find out that I'm asking her to get crunchy raisin bran at the store today.  Nobody in their right mind would bother to do such a thing, but the Internet and email have made it hugely easier to carry out international spying on privileged communications of all kinds.  The kinds of spying that used to be done only in wartime by major powers can now be done by a few smart kids in some obscure but hospitable country.  And here is where Fancy Bear comes in.

A private security firm in Japan has discovered signs that the same group probably responsible for hacking the Democratic Party's emails during the 2016 elections is trying to mess with the Congressional elections coming up later this year.  An elaborate mock-up of the internal Senate email system has been traced to this so-called Fancy Bear group, which evidently has ties to Russia.  Such a mockup would be useful to entrap careless Senate staffers who might mistakenly reply to an email that looks legitimate, but is in fact a kind of Trojan horse that would allow the Russians (or their minions) access to all further emails sent through what looks like a legitimate site, but is in fact a trap. 

I am not a cybersecurity expert and won't speculate further on how the Fancy Bear people do their dirty work.  But the fact that they are still out there working to steal emails and release them at times calculated to throw U. S. elections one way or the other, brings to mind two things that we need to consider.

1.  Messing with electronic voting is not the main cyber-threat to our election system.  Much concern has been expressed that electronic voting systems are not as secure as they should be.  While this is probably true, it doesn't appear to be a significant problem that has actually resulted in thrown elections, except perhaps in small elections at the local level, and usually by accident rather than by design.

2.  We may have to trade some Internet freedom for security in guarding U. S. elections against foreign interference.  The moral innocents who designed the Internet back in the 1970s made the mistake of assuming that everybody who would use it was just like themselves, or rather, their polished-up image of themselves:  sincere, forthright, open, and filled with only good motives.  One wishes that the concept of original sin had been included in every computer-science curriculum since the discipline began in the 1960s, but that isn't the case.  The radically borderless and space-abolishing nature of the Internet brings foreign threats and interference to everyone's doorstep.  With the click of a button in Uzbekistan, Maude in Indianapolis can read the latest fabricated scandal on Facebook about the guy she was thinking of voting for, or hear on the news that his private emails to his mistress have been posted on Wikileaks. 

Not that I condone elected officials who have mistresses.  But these are examples of the kinds of things that can go on once everybody routinely uses a medium which, under present circumstances, is about as private as yelling your credit card number to somebody on the other side of Grand Central Station.

To make email as secure as the U. S. Postal Service, we obviously require more rigid and well-organized security protocols than we have had up to now.  My own university has recently gone to a two-step verification system that is inconvenient, but greatly heightens the security of certain privileged communications such as entering grades.  It may be time for everyone concerned in elections—political parties, governments, and private citizens—to agree to some kind of inconvenient but more secure email approaches, applied uniformly with government regulation if necessary, so that we can get back to where we were in terms of preventing outsiders from interfering with our most characteristic action as a democracy—electing those in power.

Sources:  The AP report by Raphael Satter "Cybersecurity firm:  Senate in Russian hacker crosshairs" was published on Jan. 12 and carried by numerous papers, including the Washington Post at 

No comments:

Post a Comment