SaveSave story

Robby Mook: Election hacking bills wouldn't have stopped 2016 debacle

Voting booths
Voting booths. Genaro Molina/Los Angeles Times via Getty Images

Hillary Clinton's former campaign manager says the current focus on improving voting machine cybersecurity would not have prevented the last election's mess. Instead, he said, the major culprit was hacking campaign personnel and political parties.

Why it matters: Robby Mook saw first-hand the damage caused by the election hacking during Clinton's presidential campaign, and he is now part of Harvard's new Defending Digital Democracy Project on election security. He believes that securing voting machines is important, but cannot be the end of the election security conversation.

QuoteThere is some irony that the actions we are now taking would not have changed 2016. Sometimes we dwell on voting machines to our detriment.
— Mook

The details: In 2016, most of the damage caused by a believed-Russian effort to muddy the election came from hacks of Democratic groups and Clinton campaign Chairman John Podesta and the subsequent leaks of emails and other files.

  • While Russia is thought to have attempted to hack as many as 21 states' election infrastructure (including voter databases), there is no evidence that Russia breached any voting machine or directly altered any votes.
  • Nevertheless, the hallmark issue of election security appears to still be preventing an adversary from directly changing votes. In a letter Tuesday to House Science Chair Lamar Smith (R-Texas), Democrats on the committee wrote about the need "to ensure that their votes are appropriately counted and that foreign, domestic, or other actors do not surreptitiously interfere with, manipulate or otherwise unlawfully influence our election infrastructure, voting polls and election results."

What would have worked in 2016: "There are two things that would have protected information in 2016. The first is using two-factor identification. The second is using encrypted and ephemeral communication," said Mook. Ephemeral communications self-destruct after a limited viewing window.

  • The Clinton campaign used two-factor authentication — one reason, notes Mook, that while the Democratic National Convention, Democratic Congressional Campaign Committee and John Podesta's personal emails were hacked, the campaign wasn't.
  • The campaign switched to encrypted, ephemeral communications to discuss Russian hacking, worried that hackers might still have access to its communications.

Legislation focuses on both machines and other campaign infrastructure: There are several bills for election security currently under consideration, many of which include funding for both voting machine improvements and other aspects of the infrastructure, like voter databases.

Bottom line: Election security is national security, even when it concerns political party and campaign cybersecurity. "Obviously if someone steals internal policy deliberations, that's a risk to security if that candidate is elected," said Mook.

Mike Allen 5 hours ago
SaveSave story

Why Trump added a streetfighter to his legal team

Screenshot via Fox News

A new addition to President Trump's legal team — Joe diGenova, a former U.S. attorney who is well-known in Washington and has argued for the president on Fox News — reflects three White House realities.

The state of play: (1) The White House is digging in for a fight that looks to be longer and messier than officials had expected. (2) This is another example of the president responding to televised cues. Trump has spent most of his adult life in litigation, and obsesses about legal positioning in the same way that he is consumed by his press coverage. (3) It's another pugilistic voice at the table, and suggests that this weekend's attacks on Mueller won't be the last.

SaveSave story

Facebook reaches a tipping point

Illustration: Rebecca Zisser/Axios 

Of all the news crises Facebook has faced during the past year, the Cambridge Analytica scandal is playing out to be the worst and most damaging.

Why it matters: It's not that the reports reveal anything particularly new about how Facebook's back end works — developers have understood the vulnerabilities of Facebook's interface for years. But stakeholders crucial to the company's success — as well as the public seem less willing to listen to its side of the story this time around.