NYT has a story reporting that that there has been almost no forensic analysis to find out whether Russian attempts to tamper with localized voting infrastructure had any effect on the election.
After a presidential campaign scarred by Russian meddling, local, state and federal agencies have conducted little of the type of digital forensic investigation required to assess the impact, if any, on voting in at least 21 states whose election systems were targeted by Russian hackers, according to interviews with nearly two dozen national security and state officials and election technology specialists.
It’s a worthwhile story that advances the current knowledge about these hacks in several ways. It reveals that several other election services companies got breached.
Beyond VR Systems, hackers breached at least two other providers of critical election services well ahead of the 2016 voting, said current and former intelligence officials, speaking on condition of anonymity because the information is classified. The officials would not disclose the names of the companies.
It reveals a local investigation (which had already been reported) into one county that used VR systems, Durham, North Carolina, did not conduct the forensic analysis necessary to rule out a successful hack.
In Durham, a local firm with limited digital forensics or software engineering expertise produced a confidential report, much of it involving interviews with poll workers, on the county’s election problems. The report was obtained by The Times, and election technology specialists who reviewed it at the Times’ request said the firm had not conducted any malware analysis or checked to see if any of the e-poll book software was altered, adding that the report produced more questions than answers.
And it describes other counties that experienced the same kind of poll book irregularities that Durham had.
In North Carolina, e-poll book incidents occurred in the counties that are home to the state’s largest cities, including Raleigh, Winston-Salem, Fayetteville and Charlotte. Three of Virginia’s most populous counties — Prince William, Loudoun, and Henrico — as well as Fulton County, Georgia, which includes Atlanta, and Maricopa County, Arizona, which includes Phoenix, also reported difficulties. All were attributed to software glitches.
That said, the headline and the second framing paragraph (following the “After a presidential campaign scarred by Russian meddling” one above) suggest no one else has been looking at this question.
The assaults on the vast back-end election apparatus — voter-registration operations, state and local election databases, e-poll books and other equipment — have received far less attention than other aspects of the Russian interference, such as the hacking of Democratic emails and spreading of false or damaging information about Mrs. Clinton. Yet the hacking of electoral systems was more extensive than previously disclosed, The New York Times found.
That’s particularly churlish given that NYT’s story so closely resembles a superb NPR story published on August 10.
Both stories focus on Durham County, NC. Both stories start with an extended description of how things went haywire as people showed up to vote. Both rely heavily on someone who worked Election Protection’s help lines on election day, Susan Greenhalgh.
It’s not just NPR. One of NYT’s other premises, that no one knew how many states were affected, was reported back in June by Bloomberg (which gave an even higher number for the total of states affected). Another detail — that local officials still don’t know whether they’ve been hacked because they don’t have clearance — has been reported by Motherboard and NPR, among others.
And, like both the NPR Durham story and the Bloomberg one, NYT also invokes the Intercept’s report on this from June.
Details of the breach did not emerge until June, in a classified National Security Agency report leaked to The Intercept, a national security news site.
But unlike Bloomberg (and like NPR) NYT doesn’t mention that Reality Winner is in jail awaiting trial, accused of having leaked that document (as I noted about the Bloomberg article, it’s highly likely the multiple “current and former government officials” who served as sources for this story won’t face the same plight Winner is).
I get that outlets may have a policy against naming someone in a case like this. But if you’re going to claim people aren’t paying attention to this issue, it’s the least you can do to actually inform readers that someone risked her freedom to bring attention to the matter, and the government has successfully convinced a judge to prohibit her from even discussing why leaking the document was important.
By all means, let’s have more analysis of whether votes were affected. But let’s make sure the people who are actually trying to generate more attention get the credit they deserve.