Making Sense of the Russian Hacking Saga

A quick trip to an alternate timeline:

New York Times, December 7, 2016

  • Trump Campaign Claims Times' Coverage Skewed Election
  • "Hacked" Emails Responsible for Trump Loss

    In a dramatic announcement, failed presidential candidate Donald J. Trump accused the New York Times and the Russian FSB of sabotaging his campaign by hacking and releasing emails from the Trump campaign's mail servers.

    Mr. Trump announced a campaign to convince members of the Electoral College to vote for him even if their state had voted for Mrs Clinton.

    "A source inside the FBI told me that the Russians released these emails because they wanted Crooked Hillary to win," Mr Trump said. "They call electors who change their votes 'faithless electors' but we should call them 'faithFUL' -- faithful to what Alexander Hamilton meant electors to do. They should vote for me, to prove to Vladimir Putin he can't corrupt American elections."

    President-Elect Clinton's spokesperson issued this statement: "As we saw before the election, Mr Trump refused then to promise to accept the election results, and continues to refuse, even going so far as to attempt to subvert the electoral process by suborning electors. President-elect Clinton won fair and square, and Mr. Trump is, at best, grasping at straws."

So I admit it: the "what if a Republican said that" trope has gotten to be so much a cliche that I honestly hate to use it. The problem is, it's so often right.

For the last several weeks, people in the Democratic Party, the press, groups of crazies like Media Matters, and individual nuts like Keith Olbermann have been pushing this idea that the Rooosians are hacking our elections, doom!

So get out your tinfoil hats and let's see if we can make some sense of this mess.

What we know for certain. Starting on July 22, 2016, WikiLeaks started releasing emails obtained from the Democratic National Committee going back well into 2015. These emails proved to be, at the very least, embarrassing to lots of people involved with the Hillary Clinton campaign: they resulted in Debbie Wasserman Schultz being forced to resign as head of the DNC when it became clear she and the DNC were conspiring behind the scenes to prevent Bernie Sanders from being nominated; they also revealed that Donna Brazile, acting head of the DNC, had been passing supposedly confidential debate questions to the Clinton campaign.

In November, WikiLeaks started to release emails obtained from John Podesta's personal email accounts. These also proved embarrassing for many reasons -- not just because of the campaign, but by exposing Podesta and the Center for American Progress conspiring to use political pressure against private citizens, in one notable case very successfully intimidating Roger Pielke Jr. into leaving the Climate Change debate entirely.

There is one more thing we know: with the exception of a desultory attempt to claim the emails had been modified, there has been essentially no attempt to deny the illicitly obtained emails were authentic.

How were the emails obtained? The consensus of the legacy press and the Clinton campaign has been that the emails were "hacked." Now, any time you read a news story about anything relating to computer security, it's worth remembering that to most people in either media or politics, the word "hacked" means "this happened somehow with a computer and computers are scary." In this case, what people really mean is that somehow someone illicitly got access to a bunch of embarrassing email.

What we know is this: There were active Russian efforts to hack both Democrats and Republicans. To anyone with even a vague knowledge of intelligence and counter-intelligence -- say, anyone who has read a detailed history of World War II, or a John LeCarré novel -- the basic reaction to this should be, "well, duh." The Russians are almost certainly trying to hack various email systems -- as well as trying to intercept Internet traffic, exploit zero-day flaws, seduce young and impressionable (and old and lonely) staffers, dig through trash, and everything else that has been part of spying since Ur and the Assyrians. So are the Americans. And the Israelis. And the Chinese. And the Germans and the French and pretty much everyone else.

(Just as an aside -- if the Russians were hacking the DNC successfully, I wonder what happened to the clintonemail.com server...)

In the case of the Russians, though, we have something more, since we have a number of statements on the part of the DNI and the DCIA that there were active Russian attempts to hack U.S. servers. And I have sources of my own who confirm the intelligence community really does have good evidence the Russians were involved.

There's another point here: while the Russians were trying to hack both parties, there are only some unsubstantiated assertions the hackers were successful with the RNC computers. The RNC has repeatedly denied they were successfully hacked.

WikiLeaks says they didn't get the emails from the Russians. This is one of those things that we don't know how to evaluate. WikiLeaks honestly has a pretty good record of their released data being the real thing. When Julian Assange and Craig Murray are willing to come out publicly and say they got these emails from a disgruntled DNC staffer disgusted with what happened to Sanders, we ought to at least consider it.

On the other hand, it's exactly what we'd expect if Assange really were a front for Russian intelligence.

What to make of that? I don't know.

What we can suspect. Now we come to the part where I dance. These are some things I find suspicious.

  • What is the evidence the Russians wanted to help Trump? As far as I can tell, the public evidence for this assertion is that derogatory information was leaked about the DNC and not the RNC. But then, the RNC tells us they weren't actually hacked.
  • Why did the evaluation change so quickly? In October, there was no evidence the Russians were taking sides. On November 17, there was no evidence the Russians were taking sides. On December 9, the CIA (according to anonymous sources) had decided it was an effort to help Trump, but the FBI disagreed. By December 16, the FBI reportedly came around.Here's one other thing we know: over that same interval, a Democrat-connected PR firm began a campaign to suborn electors.
  • It's possible everyone involved is telling the truth. That is, the Russians really did hack the DNC, and a DNC insider really did leak the emails to WikiLeaks.

This is an article that, by the nature of things, doesn't have any conclusions. There's too much we don't know. And yes, before someone starts up on "how dare you not trust the CIA?!," I'm just going to tell you, it's easy.

The CIA, like every other bureaucracy, suffers from the SNAFU principal: in most circumstances, bureaucrats will tell their bosses what they think the bosses want to hear. (Yes, this is not exactly the original SNAFU principal. For a longer exposition, see this Ignite talk I did some years ago.)

Intelligence assessments almost never say something with absolute certainty; they're usually phrased to lay out all possibilities and then say which ones seem most probable. When you hear that the intelligence says something certainly -- think "slam dunk" -- it means the SNAFU principle is probably in action.

After all these years, though, I am pleased to see the strange new respect the CIA is getting from the Left.

Did the Russians or WikiLeaks or both "hack the election"?

Now, here's where we run into a third version of the word "hack." No one is asserting that the Black Hats, whoever they were, actually affected the voting. (Well, there was one person at New York Magazine suggesting computer scientists were suggesting this, but no one took it seriously, including the computer scientists he was misinterpreting.) All that anyone is suggesting is that publishing the emails may have led some people not to vote for Clinton.

What to make of all this?

Here, at last, we wrap around to the little parallel-universe story that started this piece. We know that a number of emails, ranging from embarrassing to really really embarrassing and possibly criminal, were exposed by WikiLeaks, and after that Clinton lost the election.

This isn't the first time documents have been released -- whether by "hacking" or old-fashioned leaking. Think back to the Pentagon Papers, which were leaked to the New York Times, and published. I don't recall anyone at the time suggesting this was a threat to democracy, and even if it was, we seem to have survived. Certainly, repeated leakings of FBI investigations during Watergate were noble moments of journalistic perfection, not threats to democracy.

Now, we have leaked files that exposed real corruption in the DNC and real conspiracies against private citizens. We're told this is an attack on our democracy. At the same time, there was an ongoing effort to lobby, coerce, even threaten electors to get them to change their votes in the Electoral College.

So you tell me what the bigger threat to democracy is: Revealing actual facts about the DNC and the Clinton campaign? Or trying to suborn the electors and change the election results?