RIP Democracy
May 12, 2020 12:47 PM   Subscribe

Even as to disinformation, the best-known and perhaps most overrated of their tactics, they have innovated, finding new ways to manipulate Americans and to poison the nation’s politics. Russia’s interference in 2016 might be remembered as the experimental prelude that foreshadowed the attack of 2020. - Franklin Foer in The Atlantic.

Foer talks to the people who are, or have been, responsible for election security and it's not looking good for 2020.
posted by tommasz (40 comments total) 30 users marked this as a favorite
 
I think he means RSVP
posted by blakewest at 1:15 PM on May 12, 2020 [2 favorites]


From today’s Wash Post: Florida becomes hot spot in the election security wars

“Officials there have yet to say whether they'll accept $20 million in federal money that lawmakers and experts say is vital to manage a surge in voting by mail and other changes brought on by the novel coronavirus.”

I’m in Florida and this shit makes my blood boil. Both of Florida’s senators are corrupt and the governor is a Trump boot licker. If election security is still a big question mark at this point I don’t have high hopes for anything approaching a smooth federal election in Nov.
posted by photoslob at 1:26 PM on May 12, 2020 [17 favorites]


Podesta fell victim to a generic spear-phishing attack: a spoofed security warning urging him to change his Gmail password.

On bit of very doable legislation would be to require browser software to eliminate clickable links. Bingo, a zillion attack vectors are nullified. Piss off marketeers but that's what laws are for.
posted by sammyo at 1:51 PM on May 12, 2020 [1 favorite]


require browser software to eliminate clickable links

I think you must mean email software; browsers not having clickable links means you kind of can't have browsers.
posted by a snickering nuthatch at 1:54 PM on May 12, 2020 [18 favorites]


Argh yes, quite right, I blame the covid or perhaps my post was intercepted by russian hackers. Anyway as all email passes through some well defined hubs, the removal of links from emails is very doable.
posted by sammyo at 1:58 PM on May 12, 2020 [1 favorite]


No study has quantified how many votes have been swayed by the 10 million tweets that the IRA has pumped into the digital world; no metric captures how its posts on Facebook and Instagram altered America’s emotional valence as it headed to the polls in 2016.

The example this observation is buried in is a description of a 'test' the russians did, sending tweets or txt messages for a free hotdog on a certain corner they could monitor on a webcam. Funny hack but does not demonstrate that elections can be hacked no matter how lame the security of most organizations.

Now how about a national program giving free hotdogs to anyone wearing an "I voted" sticker. Sure a bit of dog-fraud would occur but I bet it'd cost a few million and be pretty darned effective.
posted by sammyo at 2:06 PM on May 12, 2020 [3 favorites]


Clicking back to his initial entry, he realized that he had accidentally typed an extraneous quotation mark into his home address. The fact that a single keystroke had short-circuited his registration filled Cable with a sense of dread.

[...]

Though it wouldn’t have given the average citizen a moment of pause, Cable recognized the error message on the Chicago Board of Elections website as a telltale sign of a gaping hole in its security. It suggested that the site was vulnerable to those with less beneficent intentions than his own, that they could read and perhaps even alter databases listing the names and addresses of voters in the country’s third-largest city.
Oh god, are they saying it was passing unsanitized input to SQL queries? Oh god.
posted by biogeo at 2:06 PM on May 12, 2020 [33 favorites]


Clearly some programmers haven't read the obligatory XKCD.
posted by Greg_Ace at 2:10 PM on May 12, 2020 [21 favorites]


Oh god, are they saying it was passing unsanitized input to SQL queries? Oh god.

Yes. Most bespoke software is of this level of quality and security because typically the people getting the contracts for those jobs are more experts in getting the contract than anything else, and local governments are typically not going to want to spend more on these pieces of software than the "my neighbor's 14 year old nephew is pretty good with computers" rate.
posted by PMdixon at 2:11 PM on May 12, 2020 [32 favorites]


Yes. Most bespoke software is of this level of quality and security because typically the people getting the contracts for those jobs are more experts in getting the contract than anything else, and local governments are typically not going to want to spend more on these pieces of software than the "my neighbor's 14 year old nephew is pretty good with computers" rate.

My typical experience is the cost to the company (or gov't agency) of the kickoff meeting, in gathered in-house salary (as hourlies x the meeting duration), snacks, etc. is more than they have budgeted for my part of the entire project.
posted by maxwelton at 2:41 PM on May 12, 2020 [14 favorites]


On the day of the 2018 midterm elections, a group claiming to be the IRA published a grandiloquent manifesto on its website that declared: “Soon after November 6, you will realize that your vote means nothing. We decide who you vote for and what candidates will win or lose. Whether you vote or not, there is no difference as we control the voting and counting systems. Remember, your vote has zero value. We are choosing for you.”

The claim was absurd, but the posturing had a purpose. If enough Americans come to believe that Russia can do whatever it wants to our democratic processes without consequence, that, too, increases cynicism about American democracy, and thereby serves Russian ends. As Laura Rosenberger, a former National Security Council staffer under Obama who runs the Alliance for Securing Democracy, put it, “They would like us to see a Russian under every bed.

Judging by this year’s presidential-primary campaign, they have been successful in this effort. When the Iowa Democratic Party struggled to implement new technology used to tally results for the state’s caucus, television panelists, Twitter pundits, and even a member of Congress speculated about the possibility of hacking, despite a lack of evidence to justify such loose talk. American incompetence had been confused for a plot against America.
(My emphasis.)

This is essential to understand. The "Russian trolls" (I don't think that term really fits but apparently it's what we're going with) operate under the same principle as terrorists. Yes, their immediate actions cause damage, but their real aim is to psychologically manipulate their targets into believing that they are stronger, more powerful, and more dangerous than they really are. Because once that belief is accepted, it becomes true. Did the Russian government and its proxies interfere in the 2016 election? Of course, but was their interference the sole decisive element? Certainly not. Had our own home-grown right-wing media not been running a decades long propaganda and disinformation campaign, had James Comey not decided to break FBI policy and interfere in the election at the eleventh hour, etc., etc., Kremlin-sponsored interference would have been a blip. But by claiming victory for their tactics and implying that they'll be able to do it again, whether or not that's true and whether or not it will have a significant direct effect, they undermine people's confidence in the democratic voting process and thus their confidence in democracy itself, which is the only thing they actually need to achieve. Whether America is incapable of electing strong leaders like Hillary Clinton would have been because the voting process is actually compromised, or whether it's incapable of doing so because Democratic voters are too demoralized to turn out to vote, is immaterial to Putin and his allies goal of being able to more freely exert regional hegemony without effective American opposition.

And furthermore, I would assume that from the perspective of the leadership within the Internet Research Agency, whether weak and/or pro-Putin leaders are elected because of the actions of the IRA, or whether their victories are only perceived to be due to the IRA, is also immaterial. All that matters whether the IRA's bosses and funders are convinced that they're getting a return on their investment. If a rogue FBI director was actually responsible for twisting the election, who cares as long as Putin and his cronies are convinced that the IRA played a key role?
posted by biogeo at 2:49 PM on May 12, 2020 [26 favorites]


It's not just the contractors, it's also very difficult for government agencies to get quality developers in house, because (at least where I am) the civil service rules haven't been updated in 20+ years and the higher level positions are always promoted from within, so you can't pull anything other than entry-level talent from the outside. The best talent in software development is chasing a higher salary than ~50k out of college, especially when they get a couple years of real experience.

So that kind of stuff is all over the place. A guy I know found a way to change the fee when renewing your car registration, by altering some hidden post fields on the DMV website. Go ahead, ask how good the guy I knew working as a sysadmin for the board of elections was at his job. Hint: It involves a lot of fantasy football.
posted by mrgoat at 2:49 PM on May 12, 2020 [12 favorites]


American incompetence had been confused for a plot against America

and America now has a President who has fully internalized this confusion, to the extent that he can create endless new plots against America just by keeping on breathing.
posted by flabdablet at 3:16 PM on May 12, 2020 [4 favorites]


Once I worked for a company that was at a weird intersection of cutting edge infotech and government and manufacturing.

At that job, I worked with a large team sourced by a giant worldwide consulting firm that does tons of government work. They re-engineered a major process within my company, a process that touches several different departments.

They sold it to us on an "easy in, easy out, one bill and you're set, we'll hit your ridiculous timeframe even though we don't have all the requirements yet." I can't believe that my grandboss and great-grandboss fell for it, but they did.

There were a couple of trustworthy folks in there, but the baseline quality was shockingly low. Their "architect" in particular is someone who I have bottomlessly low professional respect for. His "technical specifications" were copy and pasted out of legacy documents from other clients, sometimes without the names scrubbed. They would go on for pages and pages about antifeatures we had specifically declined in our solution. When I asked questions like "how are you going to solve the upsert race condition when your target system doesn't natively support upserting?" he had no idea what I was talking about. Neither did any of his developers. He covers for this with an ability to talk and talk and talk and talk. Placation, all I ever wanted.

They're still not done that job yet.

So I think about that, and I think about securing voting systems, and I despair.
posted by Sauce Trough at 3:29 PM on May 12, 2020 [20 favorites]


His "technical specifications" were copy and pasted out of legacy documents from other clients, sometimes without the names scrubbed. They would go on for pages and pages about antifeatures we had specifically declined in our solution. When I asked questions like "how are you going to solve the upsert race condition when your target system doesn't natively support upserting?" he had no idea what I was talking about. Neither did any of his developers. He covers for this with an ability to talk and talk and talk and talk.

The breadth of applicability of this strategy can drive me to some pretty bleak misanthropy at times. It remains genuinely mysterious to me why this sort of figure is applauded by the larger culture rather than spurned as one would a well poisoner - cf Grimes' boyfriend.
posted by PMdixon at 3:37 PM on May 12, 2020 [7 favorites]


If enough Americans come to believe that Russia can do whatever it wants to our democratic processes without consequence, that, too, increases cynicism about American democracy, and thereby serves Russian ends.
Did the Russian government and its proxies interfere in the 2016 election? Of course, but was their interference the sole decisive element? Certainly not.
biogeo

But the problem isn't that Russians superhackers control American democracy. What increases cynicism, or at least my cynicism, is that the current administration openly mocks the very idea of Russian or any foreign interference, or any possible electoral issues except if they might help the Democrats. They have made it very clear that they don't care at all about election security or integrity, except when it is a convenient tool to hamper their opponents. This isn't conjecture or paranoia, they have openly and explicitly said this.

How are we supposed to have any faith in the American electoral process when the people in charge of it have so blatantly discarded any pretense of oversight? Maybe this is exactly what the Russians want, I don't know, but it's very discouraging.
posted by star gentle uterus at 3:53 PM on May 12, 2020 [9 favorites]


"Never share the 'superstitious belief' in the state and never forget that the state, even in the most democratic republic… is simply a machine for the suppression of one class by another." - V.I. Lenin, 1918.

If not now, when? Revolution in our lifetimes.

marxist.com

posted by Sheydem-tants at 4:15 PM on May 12, 2020 [8 favorites]


No study has quantified how many votes have been swayed by the 10 million tweets that the IRA has pumped into the digital world; no metric captures how its posts on Facebook and Instagram altered America’s emotional valence as it headed to the polls in 2016.

This is not putting it strongly enough. There have been lots of studies attempting to quantify the effects of the Russians on mass public opinion, but almost none of them have shown any measurable effect. And this is not surprising: out of billions of Tweets and Facebook posts, the Russian activities were a drop in the bucket, and usually indistinguishable from similar but much larger populations of domestic right-wingers and other home-grown trolls. Most of the studies I've seen have shown how little information Americans get from social media relative to other sources (such as TV; but of course the main thing is no information at all); and that of the information they do get from social media, the vast majority of it was domestic; and of the tiny minority of that info those that got anything from the Russians at all got, most of it was pretty similar to the dreck they were already consuming. So there have been lots of attempts to measure it, but it's not that it is especially unquantifiable, it's just so small as to be almost undetectable.

But by claiming victory for their tactics and implying that they'll be able to do it again, whether or not that's true and whether or not it will have a significant direct effect, they undermine people's confidence in the democratic voting process and thus their confidence in democracy itself, which is the only thing they actually need to achieve.

This is the crux of it, and why I have spent so much time here and elsewhere tilting at the windmill of trying to explain that, in and of itself, the trolling probably made no difference. In terms of direct effects on individuals on Twitter and Facebook, it was likely insignificant. In terms of how it's portrayed by media and campaigns, and the effects those portrayals have on public opinion and especially elite opinion, those effects are much more significant. The number of people turned off of politics because their TV told them the Russians control it all far exceeds the number of people actually affected by those Russians. And the corrupting effect it has on elite and educated discourse, where public opinion shifts are constantly and erroneously being attributed to Russian trolls, is also deeply damaging because it misidentifies to source of electoral losses or opinion shifts. The best way to resist all this is to realize that it's all part of a BS campaign that is mainly targeted at elites who read the Atlantic, and the actual on-the-ground trolling is mainly just window dressing to energize the fear-mongering of the elites. Sure, we need good defenses within Facebook and Twitter against these coordinated activities, but the most important defense through November is not getting carried away by innumerate fears that these online potshots have much significant effect in themselves.
posted by chortly at 4:57 PM on May 12, 2020 [14 favorites]


Somebody should tell Putin.

No really, it sounds like some hacker/devs found a niche where they could hang out on the internet, fire off a bunch of junk trolling that just happened to align with what was rolling along, an they probably have great stats that they put Trump in the white house. Making bank and hanging out on the web, best scam ever. Someone tell Putin he was scammed.
posted by sammyo at 7:18 PM on May 12, 2020 [3 favorites]


The framing of this as RIP Democracy rather than, say, American tolerance for libertarianism and anti-government politics finally coming home to roost, makes me sigh.

Democracy is under threat but in most places it's breathing.
posted by Merus at 7:28 PM on May 12, 2020 [12 favorites]


Making bank and hanging out on the web, best scam ever. Someone tell Putin he was scammed.

As I recall from some of the reports, it's a pretty poor job. I think Putin knows what he's buying, just as all scammers do: just enough work-like activity to give a plausible impression that democracy is being hacked, while the actual objective is just standard propaganda. How many other super-science potemkin weapons programs have followed the exact same playbook since the cold war began?
posted by chortly at 7:51 PM on May 12, 2020 [5 favorites]


Anyway as all email passes through some well defined hubs, the removal of links from emails is very doable.

This is the opposite of “doable”. As in impossible.

Your “some” is actually thousands upon thousands, and the ones not currently outside the jurisdiction of the US Gov would be there ages before any legislation could get going.
posted by sideshow at 10:08 PM on May 12, 2020 [2 favorites]


> This is the opposite of “doable”. As in impossible.

Also email with links removed would be as useless as a web browser with links removed.
posted by flug at 10:11 PM on May 12, 2020 [1 favorite]


Putin this, Putin that; the supreme court did a pretty good job of undermining democracy in 2000, and then again a decade later, in 2010 with Citizens United, and again 3 years after that, when it struck down key provisions of the voting rights act.

I'm pretty sure the RNC, and to a lesser degree the DNC, and the powerful business and military interests they serve are just as interested in undermining Democracy, and Democratic Institutions, as Putin is. They have different goals, and rationales for doing so, but c'mon, Americans are much better at creating puppet "Democracies" than the Russians ever were, or will be. Yes, it sucks that the US is turning into a version of the 3rd world Kleptocracies it has forced on countless other nations, but if the Russians are truly the cause of this, I'll eat both Errol Morris' and Werner Herzog's leather shoes.
posted by nikoniko at 12:09 AM on May 13, 2020 [3 favorites]


You don't need the Russians to explain how terrible American politics is. But they sure come in handy to avoid responsibility by career Democrats for losing 2016 and about to lose the 2020 elections.
posted by MartinWisse at 12:13 AM on May 13, 2020 [3 favorites]


FOX News blaring 24/7 in most boomer houses: must be the Russians.
posted by MartinWisse at 12:14 AM on May 13, 2020 [1 favorite]


All this "Russians did it" baloney is just warmed over Cold War propaganda thirty years past its sell by date, of no interest to anybody but the chattering classes and the easily fooled, to explain why the Democrats keep losing elections that don't amount to "because they keep chasing the mythical reasonable Republican and are wary of actually promising anything other than convoluted schemes of tax support rather than raise the minimum wage".
posted by MartinWisse at 12:21 AM on May 13, 2020 [7 favorites]


The Russians, and any/every other powerful nation (or corporation/conglomerate/fund) that has aspirations of becoming a global hegemon would be foolish not to take advantage of the internal rot that has been festering in American society for decades.
posted by nikoniko at 12:22 AM on May 13, 2020 [2 favorites]


Still, even if Russian involvement may have been overestimated, I do wonder if Russia's success in 2016 was observed by Chinese intelligence and thus inspired their own influence and disinformation activities in Hong Kong, Taiwan, and also places with significant overseas Chinese communities like Australia.
posted by FJT at 1:19 AM on May 13, 2020 [1 favorite]


Just a counterpoint to all of this talk - I agree that the Russian ops were probably not effective enough to sway the election (though of course the margin of victory was only a few thousand votes in a handful of swing states, so how confident can we really be.)

But the fact that the disinformation campaign exists at all, plus the spear-fishing of the Democrats, plus the Trump campaign's unapologetic wooing of the Russians added up to a legitimate concern. It seems too cynical to declare that it was all hype.
posted by anhedonic at 3:37 AM on May 13, 2020 [4 favorites]


Interesting piece, I agree with MartinWisse and others that there was already plenty fertile soil in the US for these seeds to be sown in.

Re. the scale of impact - if this is on the scale of the internet then it's hard to parse out. If you combine it with the Cambridge Analytica/Facebook/Palantir/etc. industrial-scale targeting of analytics-generated micro-ads aimed at swing voters in swing constituencies, then there is at least a possible hypothesis there. The IRA could still be agnostic of the actual outcomes, too - they might just be interested in doing it for the lulz. And CA/Palantir etc. would have a no direct connection to the troll farms.

Something else interesting that is buried in this piece - literally bracketed off: "In 2017, Ukraine was targeted again, this time with a similar piece of malware called NotPetya. But instead of extorting Ukraine, Russia sought to cripple it. NotPetya wiped 10 percent of the nation’s computers; it disabled ATMs, telephone networks, and banks. (The United States is well aware of NotPetya’s potency, because it relied on a tool created by—and stolen from—the National Security Agency.)"
posted by carter at 4:51 AM on May 13, 2020 [3 favorites]


Podesta fell victim to a generic spear-phishing attack: a spoofed security warning urging him to change his Gmail password.

Podesta didn't just stupidly fall victim. He correctly forwarded the email to an IT aide for confirmation who replied "It's legitimate. You need to change your password."

The IT aide had mistakenly typed "legitimate" instead of "illegitimate." There will always be human error as a factor in any security system.
posted by JackFlash at 6:30 AM on May 13, 2020 [7 favorites]


The IT aide had mistakenly typed "legitimate" instead of "illegitimate."

This is what you get when folks think they have to use big words to look all wise and smart and shit. Don't say "legitimate" when you mean "real" or "illegitimate" when you mean "fake".

pardon my inflammable language
posted by flabdablet at 6:49 AM on May 13, 2020 [3 favorites]


It's not all hype, it's just that it's so much less important than the basics like homegrown American voter suppression, homegrown American election tampering, and homegrown American corruption.

Nobody is happier that the leftish side of the spectrum has been distracted with RUSSIA DID IT than people who spend billions on American elections: the Mercers, the Kochs, those kinds of people.

Democrats are doing a world-class job derailing effective electoral reform in this country by chasing a ghost wearing an ushanka.
posted by turntraitor at 7:35 AM on May 13, 2020 [5 favorites]


> Democrats are doing a world-class job derailing effective electoral reform in this country by chasing a ghost wearing an ushanka.

HR1,, the first House bill in the current session of Congress, is "a sweeping electoral reform bill". It passed the House 234-193, but Mitch McConnell refuses to bring it to the floor of the Senate. Clearly, this is the Democrats' fault.
posted by tonycpsu at 8:13 AM on May 13, 2020 [12 favorites]


This is what you get when folks think they have to use big words to look all wise and smart and shit.

Don't use a big word where a diminutive one will suffice.
posted by DreamerFi at 8:50 AM on May 13, 2020 [3 favorites]


Unequivocally! Eschew sesquipedalian circumlocution.
posted by flabdablet at 8:54 AM on May 13, 2020 [5 favorites]


This piece does provide some useful perspectives, but the Tom Clancy-esque setup -- replete with Jack Cable as the gritty operative hampered by institutional inertia and swole lingo like "their hard drives were fried", "digital sledgehammer", "casing the joint", "all-out digital war" -- does nothing to connect those perspectives to the reality that the fissures in US democracy have little to do with Russian meddling, and more with other factors, including a global shift in power away from the post-WWI, US-led world order. I think Trump was elected because he promised to re-assert & re-establish US dominance, and I think a lot of people felt & feel that this right & proper.

Which brings me to my second thought. Yes, Russia meddles. They shouldn't. Period. But the reality is that they do, like all major powers. And of course they will do so in a way that's actually at least somewhat effective, otherwise what's the point? But this piece reads to me like that is not just unacceptable (which it is), but also somehow unthinkable; like the Russian actions are just incomprehensible ("It’s impossible to know their reasoning"), like it could only emanate from a moral framework that's skewed beyond all recognition. Like it's not just the meddling that needs to stop (which it does), but like it's unfathomable how or why interests that run counter to US interests could or should even exist.
posted by dmh at 8:55 AM on May 13, 2020 [2 favorites]


Putin Is Well on His Way to Stealing the Next Election

O RLY? Do you think he could do a worse job than Trump? Can't wait to hear The Poor Donald's concession speech.

Anyone But Trump 2020.
posted by cenoxo at 10:51 AM on May 13, 2020


Metafilter: pardon my inflammable language
posted by sammyo at 4:51 PM on May 14, 2020


« Older hes not the messiah, he's a very naughty boy   |   SERENITY NOW! Jerry Stiller Has Gone to Air His... Newer »


This thread has been archived and is closed to new comments