How lessons learned from the 2016 campaign led US officials to become more open about the Iran hack

By The Associated Press

WASHINGTON (AP) — The 2016 presidential campaign was entering its final months and seemingly all of Washington was abuzz with rumors about how Russian hackers Democrats’ email accounts breachedwhich led to the publication of internal communications that appeared designed to advance Donald Trump’s campaign and harm Hillary Clinton’s.

There was one notable exception, however: The officials investigating the hacks remained silent.

When they finally released a statement a month before the election, it was only three paragraphs and did little more than confirm what was already publicly suspected: that there had been a brazen Russian attempt to interfere in the vote.

This year, there was another foreign hack, but the response was markedly different. U.S. security officials moved more quickly to assign blame, detailing their findings and blaming a foreign adversary — this time Iran — a little over a week after the Trump campaign revealed the attack.

They accused Iranian hackers of targeting the presidential campaigns of both major parties, part of a broader effort to sow division in the American political process.

The candid response is part of a new effort to be more transparent about threats, a task made easier by circumstances that were not as politically volatile as in 2016, when a Democratic administration was investigating Russia’s efforts to help the Republican candidate.

But it also likely reflects lessons learned from previous years, when officials charged with protecting elections from foreign adversaries were criticized by some for withholding sensitive information and by others for meddling in politics.

Suzanne Spaulding, a former official at the Department of Homeland Security, said agencies realize that releasing information can help thwart the efforts of U.S. adversaries.

“This is certainly an example of that: going out quickly and saying, ‘Look, this is what Iran is trying to do. It’s an important way to build public resilience to this propaganda effort by Iran,'” said Spaulding, now a senior adviser at the Center for Strategic and International Studies.

The August 19 statement from security officials followed an announcement from the Trump campaign that a breach had occurred, reports from cybersecurity companies linking the breach to Iran and news articles revealing that media organizations had been approached with apparently hacked material.

However, officials claimed their response was unrelated to these developments.

The FBI, which made the Iran announcement along with the Office of the Director of National Intelligence and the Cybersecurity and Infrastructure Security Agency, said in a statement to The Associated Press that “transparency is one of the most powerful tools we have to counter foreign malign influence operations designed to undermine our elections and democratic institutions.”

The FBI said the government had refined its policies to ensure that information is shared as it becomes available, “so the American people can better understand this threat, recognize its tactics, and protect their voices.”

An ODNI spokesperson also told the AP that the government’s assessment emerged from a process to inform the public about election threats that brings together representatives from various intelligence and national security agencies.

The framework outlines a process for investigating and responding to cyberthreats against campaigns, election offices, or the public. When a threat is deemed sufficiently serious, it is “nominated” for additional action, including a private warning to the target of the attack or a public announcement.

“The Intelligence Community is focused on collecting and analyzing intelligence on foreign malign influence activities, including those by Iran, targeting U.S. elections,” the agency said. “Prior to this notification, the IC had relevant intelligence that gave rise to a nomination.”

The bureaucratic terminology belies the way the intelligence community has tracked election threats since a wholesale reorganization in 2016, when the threat of foreign interference was underscored by Russian hacking.

“In 2016, we were caught completely off guard,” said Sen. Mark Warner, D-Va., the chairman of the Senate Intelligence Committee. “There were some clues, but no one really understood the magnitude.”

That summer, U.S. officials watched in fear as Democratic emails stolen by Russian military hackers were leaked online in piecemeal fashion. By late July, the FBI had launched an investigation into whether the Trump campaign had colluded with Russia to influence the election. The investigation ended without a single finding that the two sides had colluded criminally.

At the White House, officials debated how to inform the public of their assessment that Russia was behind the hack-and-leak. There was debate over whether such a statement might have the unintended consequence of making voters suspicious of the election results, thereby helping Russia achieve its goal of undermining confidence in democracy.

Then-FBI Director James Comey wrote in his book, “A Higher Loyalty,” that at one point he suggested writing an op-ed in a newspaper documenting Russia’s activities. He described the Obama administration’s deliberations as “extensive, deliberate and very slow,” culminating in the pre-election statement, followed by a longer intelligence community assessment in January 2017, which said Russia had developed a “clear preference” for Trump.

“I know we were concerned about whether we should say something and when we should say it, and things like that, because in the case of the Russians, it seemed like they were favoring one candidate over another,” James Clapper, then the director of national intelligence, said in an interview.

In 2018, Congress passed a law CISAthe Department of Homeland Security’s cyber arm to defend against digital attacks. Four years later Center for Foreign and Malicious Influences was established within the ODNI to track attempts by foreign governments to influence Americans, including before elections.

Bret Schafer, a senior fellow at the Alliance for Securing Democracy, a Washington-based organization that analyzes foreign disinformation, said he was pleased that the center did not appear to be “hampered in the early elections by some of the partisanship that has paralyzed other parts of government trying to do this work.”

Still, there have been obstacles and controversies. Shortly after Joe Biden won the 2020 election, Trump fired the head of CISA, Christopher Krebs, for refuting his baseless claim of election fraud.

Even during the 2020 elections, The New York Post reported that it had obtained a hard drive from a laptop that Hunter Biden had dropped off at a Delaware computer repair shop. Public confusion ensued, as did claims by former intelligence officials that the laptop’s emergence bore the hallmarks of a Russian disinformation campaign. Trump’s national intelligence director, John Ratcliffe, soon afterward refuted that assessment with a statement saying there were no signs of Russian involvement.

In 2022 the work of a new office called the Disinformation Governance Board was quickly suspended after Republicans raised questions about its relationship with social media companies and raised concerns that it could be used to monitor or censor Americans’ online traffic.

Legal challenges about government restrictions in the area of ​​freedom of expression, the government’s ability to share information with social media companies has also complicated although Deputy Attorney General Lisa Monaco said in a recent speech that the government is again sharing details with the private sector.

Earlier this year, Warner said he was concerned the US was more vulnerable than in 2020partly because of the reduced communication between the government and technology companies. He said he is pleased with the recent work of the government, which has included a greater number of public briefings and warningsbut worries that the biggest test is likely yet to come.

“The bad guys aren’t going to do most of this until October,” Warner said. “So we have to be vigilant.”