Jan 16, 2020

Axios Codebook


Greetings, Codebook readers, and welcome to 2020! This is Axios managing editor Scott Rosenberg filling in at the helm here for a spell.

Today's Codebook is 1,488 words, a 5.5-minute read.

1 big thing: Russia already won the fight to taint U.S. elections

Illustration: Aïda Amer/Axios

If Russia's goal in meddling in U.S. elections has been to undermine trust in the democratic process, it has already won — and the U.S. isn't even starting to take the sort of steps that might reverse that outcome.

Why it matters: Free, fair and trusted elections are the cornerstone of the U.S.'s claim to moral authority. We're only beginning to fathom how badly Vladimir Putin has wounded the American system.

The big picture: While the U.S. government and security industry has focused on defending against cyber threats to election processes and voting machines, Russia has exploited our political divisions — and a U.S. president uninterested in stopping it — to sow doubt in American fundamentals.

In the 2016 election, Russian information operations, modeled on previous interference in nations like Ukraine and the Baltic states, hacked the Democratic candidate's campaign and relied on professional manipulators, gullible Americans and bots to spread propaganda.

  • The operations, and Russia's responsibility for them, have been widely confirmed by U.S. intelligence and exhaustively documented by the Republican-led Senate Intelligence Committee and the Mueller investigation.
  • "The goal was to mess with us, so that no matter who becomes president, the United States is harder to govern, and that over the long run, democracy becomes harder to sustain," media scholar Siva Vaidhyanathan told NPR.

There were many calls for a 9/11-style response to the 2016 attack, but President Trump has viewed efforts to investigate and defend against Russia's threat as direct challenges to the legitimacy of his own election win.

  • After 2016, Democrats argued that Putin succeeded in helping Trump to the White House. Republicans argued in turn that Democrats who continued to talk about Russian interference were themselves helping Putin by undermining trust in elections.
  • The winner all around? Putin. Whether the Russian operations actually swayed votes doesn't matter. That Americans are fighting over the question does.

What they're saying: A C-SPAN/Ipsos survey last October found that barely half of Americans believe the 2020 elections would be conducted openly and fairly.

It's not all Putin's fault. The reasons for the distrust go beyond Russia's interference:

  • Many Democrats feel that manipulative redistricting and the Electoral College dilute the impact of their votes, particularly those of urban and minority voters.
  • The last two times Republicans took the White House from Democrats, in 2016 and 2000, they did so while losing the popular vote.
  • Republicans, meanwhile, have long argued that Democrats frequently engage in voter fraud, though actual evidence of such crimes remains slim to nonexistent.

What's next: It may be too late to try to protect trust in U.S. elections and time to start thinking about rebuilding it from the ground up.

  • That might be an impossible project for a Trump administration that has shown little interest in it — and that large parts of the electorate blame for the problem.
  • It would be a tough undertaking, too, for a potential new Democratic administration in 2021, which would inevitably be blamed by unhappy Trump voters for a range of misbehavior, real or imagined.

The bottom line: Russia set off an information bomb in 2016 that cannot be un-exploded. Putin's master strategy has been effective, and it's extremely difficult to counter.

Meanwhile: Monday the New York Times reported that Russian hackers from the military intelligence unit known as the GRU successfully targeted Burisma, the Ukrainian gas company that once employed Hunter Biden as a board member.

Our thought bubble: Public awareness of the Burisma hack cuts both ways politically.

  • For former Vice President Joe Biden's campaign, it means document dumps could happen at any time, with accompanying media frenzy and potentially damaging revelations.
  • For the Trump campaign, it means that any such revelations will come pre-tainted with a Russian label.
2. Trump, AG Barr target Apple over phone encryption

Attorney General William Barr speaks during a press conference on the shooting at the Pensacola naval base, Washington, D.C., Jan. 13. Photo: Win McNamee/Getty Images

In a situation that greatly resembles the aftermath of the 2015 San Bernardino shooting, the Justice Department wants access to encrypted iPhones tied to the Pensacola Naval Air Station shooting, Axios' Ina Fried reports.

Apple, for its part, is strongly hinting it will challenge a demand to do so — while President Trump is on a Twitter offensive demanding that Apple "step up to the plate and help our great Country, NOW!"

Why it matters: Whether law enforcement has the right to access encrypted data on smartphones remains unsettled, and it's one of the most hotly debated issues in tech, with no clear middle ground.

  • Apple will, with a court order, provide law enforcement with data on its servers, including data backed up from iPhones.
  • However, in the past, the company has refused requests to access encrypted data on the phone, which could be accomplished only through rewriting its software, such as to allow an unlimited amount of guesses at a user's passcode.
  • With its statement Monday, Apple is suggesting it will take a similar stance here.

Flashback: In the San Bernardino case, Apple challenged the FBI under similar circumstances. The case was never resolved legally, and it ended when the FBI withdrew its request after the agency had found another way into the phone.

Apple, for its part, said, "We reject the characterization that Apple has not provided substantive assistance in the Pensacola investigation."

  • "Our responses to their many requests since the attack have been timely, thorough and are ongoing," the company said in a statement to Axios.

Our thought bubble: The New York Times reports that some inside Apple felt the Feds should have tried harder to decrypt the Pensacola phones using third-party tools before ratcheting up the confrontation so quickly.

  • That could have defused the conflict and, as with San Bernardino, left the legal questions unresolved.
  • But legal resolution may be just what Attorney General William Barr — who's been outspoken in pushing tech firms to cave on "back doors" — wants.

Go deeper: Distrust of tech could be encryption's Achilles' heel

3. Windows bug saga points to a kinder, gentler NSA

For as long as there has been a Microsoft Windows, there have been Windows bugs, but this week's report of a major and massive security hole in the operating system came with a twist: The flaw was reported to Microsoft by the National Security Agency.

Why it matters: Instead of keeping knowledge of the bug to itself, holding onto it for possible offensive use as it has sometimes done in the past, the NSA chose to tell Microsoft about it so the firm could alert users and issue a patch.

This could mean that the NSA is turning over a new leaf. That's what Anne Neuberger, director of the NSA Cybersecurity Directorate, told reporters on a call Tuesday announcing the incident.

  • “This is ... a change in approach ... by NSA of working to share, working to lean forward and then working to really share the data as part of building trust," Neuberger said, per the Washington Post.

But it doesn't necessarily mean that. It's possible that the secretive security agency simply felt that the Windows issue — a flaw in a Windows module — was simply not of operational use. Or the NSA might have decided that the information was going to come out anyway and got ahead of the story.

Flashback: Any change in the NSA's stance is likely in response to the deeply embarrassing position the agency found itself in over the past decade.

  • NSA exploited its secret knowledge of a Windows vulnerability for its own purposes for several years.
  • Then a hacking group known as the Shadow Brokers started leaking the agency's tools in 2017.
  • That led to the costly and disruptive ransomware attacks WannaCry and NotPetya.

NSA's efforts to restore trust have also included its Ghidra project, which last year released open-source tools for unpacking malware code.

4. Democrats seek answers on Iran cyber threats

House Democratic leaders pressed the Trump administration Wednesday on how it is preparing telecom companies for possible cyberattacks from Iran after the killing of Iranian Gen. Qasem Soleimani, Axios' Margaret Harding McGill reports.

Why it matters: Iranian hackers have been known to attack U.S. businesses, and fears that they could turn their attention to key U.S. infrastructure — including communications networks — spiked following Soleimani's death in an American airstrike.

Driving the news: House Energy & Commerce Committee Chair Frank Pallone and communications subcommittee chair Mike Doyle want to know the steps the administration is taking to ensure telecommunications providers are prepared for possible cyberattacks.

  • Pallone and Doyle stress the importance of protecting smaller communications providers from threats and ask if network providers have already experienced an increase in attacks.
  • They are seeking a briefing by Feb. 5 from Department of Homeland Security Acting Secretary Chad Wolf and Federal Communications Commission Chair Ajit Pai.
  • “To protect the American people, the government must proactively work with industry to identify potential threats and aid carriers in the defense of critical communications infrastructure," Pallone and Doyle wrote.
5. Odds and ends

Codebook will return in two weeks. In the meantime, I welcome your feedback and tips! Just hit "reply" to this newsletter.