The Sources for Some Russian Voting Hack Stories Will Not Be Prosecuted
Yesterday, former Homeland Security Secretary Jeh Johnson spent 90 minutes meeting with the Senate Intelligence Committee’s Russian investigators.
Today, Bloomberg reports that Russian probes of election-related targets was far more extensive than previously reported, reaching into 39 states. It relies on three unnamed sources for the story, either including, or in addition to, at least one former senior US official.
In Illinois, investigators found evidence that cyber intruders tried to delete or alter voter data. The hackers accessed software designed to be used by poll workers on Election Day, and in at least one state accessed a campaign finance database. Details of the wave of attacks, in the summer and fall of 2016, were provided by three people with direct knowledge of the U.S. investigation into the matter. In all, the Russian hackers hit systems in a total of 39 states, one of them said.
Another former senior U.S. official, who asked for anonymity to discuss the classified U.S. probe into pre-election hacking, said a more likely explanation is that several months of hacking failed to give the attackers the access they needed to master America’s disparate voting systems spread across more than 7,000 local jurisdictions.
One former senior U.S. official expressed concern that the Russians now have three years to build on their knowledge of U.S. voting systems before the next presidential election, and there is every reason to believe they will use what they have learned in future attacks. [my emphasis]
The report also uses the document allegedly leaked by Reality Winner as corroboration and confirmation of one of the companies targeted, rather curiously included as a parenthetical comment.
(An NSA document reportedly leaked by Reality Winner, the 25-year-old government contract worker arrested last week, identifies the Florida contractor as VR Systems, which makes an electronic voter identification system used by poll workers.)
The Bloomberg story is critically important, as it should provide pressure on the Republicans for real protections for voting systems, even if they’ll probably ignore that pressure. It provides far more details than the Winner document did. That said, much of this information might come out formally in Jeh Johnson testimony before the House Intelligence Committee.
I raise all this to note that the treatment of Bloomberg’s sources will be dramatically different than that of Winner. I’d bet there won’t even be a referral for this story, especially if it relies on (as is likely) information shared by people protected by the speech and debate clause and/or people who might have been original classification authorities (OCAs — the people who get to decide whether something is classified or not) for this information in the past.
Perhaps that is as it should be. Perhaps our democracy has unofficially agreed that OCAs and congressional staffers should serve as kind of a relief valve, the place where classified information may be leaked without criminal penalty. Perhaps we believe those kinds of people have a better read on whether the interests of leaking outweigh the sensitivity of an issue. Though obviously, when OCAs like David Petraeus become impossible to punish (or former SSCI staff director Bill Duhnke, who was the FBI’s primary suspect for the Merlin leak, but who was protected by the Senate’s refusal to cooperate), that creates a profoundly unequal system of justice. Reality Winner can be prosecuted even while people leaking similar — perhaps even more sensitive — information within weeks might not even be investigated.
To be clear, I don’t want Bloomberg’s sources to be investigated. But we need to acknowledge the double standards for leakers in this country.