In the wake of Robert Mueller’s investigation into Russian interference in the US electoral system, experts warn the nation is just as exposed as it was in 2016, raising new concerns about the 2020 presidential election.
More than two years after intelligence agencies exposed Moscow’s efforts to exploit weaknesses in the US democratic system, technology companies and state governments have yet to come to terms with a foreign power’s meddling in domestic affairs of state.
When it comes to the 2020 presidential vote, the US faces many of the same vulnerabilities that made its electoral system a prime target In 2016 — and perhaps some new ones, said Doug Lute, a former American ambassador to Nato and retired Army lieutenant-general who has taken up the cause of US election security.
“We are more prepared in the sense that we are more aware. But we are little better prepared in terms of actual security,” said Mr Lute.
He noted that Russia’s strategy in 2016 resembled an age-old Russian military doctrine: to attack on a broad front, assess strengths and weaknesses, then prepare to reattack vulnerabilities — a potentially dangerous scenario for 2020.
“My sense is 2016 looks, in retrospect, like a broad-front probing effort by Russian authorities to learn about our voting system, to uncover our vulnerabilities and then take those findings back into the central Russian system where they can assess their next move,” said Mr Lute. “My guess is they learned a lot in 2016, so if they intend to play us again they will come back with more sophisticated attacks in 2020.”
According to the justice department’s summary of Mr Mueller’s report there were two main efforts by Russia to influence the 2016 election. The first involved a Russian organisation called the Internet Research Agency, whose aim was “to sow social discord, eventually with the aim of interfering with the election”, according to the summary.
The second revolved around computer hacking, specifically the efforts of “Russian government actors” to obtain Clinton campaign and Democratic party organisation emails and disseminate them through intermediaries, including WikiLeaks.
Ahead of the 2018 midterm elections, Congress allocated $380m to safeguard the US voting system from cyber security attacks. While top US officials cited attempts by Russia to interfere in that vote, the absence of any large-scale efforts along the lines of what happened in 2016 has caused some to wonder whether Russia largely “sat out” the midterm vote, and is holding its fire.
J Alex Halderman, a professor at the University of Michigan who has studied the vulnerabilities of voting machines, cited a bipartisan Senate investigation which found that Russia in 2016 had gained access to voter registration databases in many states.
While those states found no evidence that Russia had used that access to manipulate the voter registration data — altering a voter’s name or street address, for instance, so that it no longer matched the voter’s ID — the fact that they had secured that access was troubling, said Mr Halderman.
“Had they done that, had it gone undetected, it would have caused major chaos on election day. We were lucky that Vladimir Putin chose to not pull the trigger,” he said, referring to the Russian president. “Unfortunately, in a lot of the country there are pieces of election infrastructure where that’s still the case and where we don’t have sufficient technology to protect and it’s really a question of whether our adversaries choose to strike.”
Mr Halderman noted that about 40 US states still used election technology such as voting machines that were a decade or more out of date. Many of those states were not applying software patches. Perhaps most concerningly, about a dozen states still make widespread use of machines that do not have any paper trail, he added.
Technology companies, however, insist they are better prepared than they were in 2016 to deal with outside interference in elections.
Facebook says it is now able to remove millions of fake accounts every day thanks to advances in artificial intelligence. The social media company has also partnered with independent fact-checkers to verify articles posted on its platform. If the fact-checkers deem something false, it is less likely to appear on users’ news feeds, though it will not necessarily be blocked altogether.
Twitter has tightened its rules on fake accounts so that it can now remove users who use stolen avatars or biographies.
YouTube is also concerned about fake news spreading on its platform, especially through videos advancing conspiracy theories. The site has hired an army of users from around the country to help it decide what it should and should not accept on the platform, but admits it has a problem with videos that push its rules without breaking them.
Videos that suggest certain conspiracy theories without actually promoting them, for example, are allowed to remain up, but are now less likely to feature as recommendations for users.
Problems remain. Two reports delivered to Congress last year found that the level of Russian interference had been worse than previously thought, and warned that the technology industry was still not being open about the scale of the problem.
The reports also found that interference was shifting. Russian cyber agents, according to the study by New Knowledge, a cyber security company, were increasingly targeting Instagram, where users engage with and share images more than any other platform.
Instagram says that, in response, it is now providing users with more information about accounts, such as when they were set up and where they are located.
Another problem is that in their efforts to remove disinformation, some companies risk running into different political controversies.
Google, for example, has been criticised by several prominent Republicans for the way in which it deems certain news outlets to be more trustworthy than others, which some in Congress believe is being used as a way to suppress conservative voices. The company denies this.
Mark Warner, the vice-chairman of the Senate intelligence committee, said it was time for all parties to be more hands-on, particularly with 2020 around the corner.
“We know that in 2016, the Russians tried scanning or attacking elections systems in at least 21 states while simultaneously orchestrating a co-ordinated misinformation campaign targeting American voters,” he said. “As we head towards the 2020 presidential elections, we’ve got to be more proactive in protecting our democratic process.”