Last week, a day after the 2016 Republican National Convention wrapped up and three days before the Democratic National Convention kicked off, Wikileaks published 20,000 internal DNC emails, revealing what some call a problematic support of candidate (and now nominee) Hillary Clinton at the expense of not just Sen. Bernie Sanders, but anyone else that might have tried to challenge her. This has set off a firestorm among Democrats, especially among Bernie Sanders supporters, with many claiming they would rather stay home or even vote for Trump instead of supporting Clinton. When her name was mentioned during speeches, large portions of the crowd at the DNC have booed, even when it was Sanders speaking and calling for unity.
Someone (or some group) going by the name of Guccifer 2.0 claimed responsibility for hacking the Democratic Party network and turning the information over to Wikileaks, but this wasn’t the first time that the name had popped up. Back in June, Guccifer 2.0 had posted some items from the hack, saying that the claims at the time by security company CrowdStrike linking the hack to Russian intelligence services were incorrect. Some other evidence came out with original documents that contained Russian language strings, further cementing at least a Russian link, if not to Russian spies. As time has passed, the links to Russian intelligence have grown.
Aside from the uprising within the Democratic Party, this should raise some other questions about the propriety of Russia getting essentially directly involved in US politics. It used to be that accusations involved money being funneled from KGB (and later its successor, FSB) agents into some person’s account for tunneling into campaigns. I think most people would accept that for a nation to spy on its opponents’ politicians is expected, and that using the information to determine that nation’s course is acceptable.
This leak, however, would seem to attempt to directly undermine Clinton’s chances at becoming president. Whatever one may think of her, this is moving significantly past spying for data collection and getting into electoral manipulation. If the FSB or some other group linked to the Russian government has done this, what is its goal?
Most think it’s to increase the chances of Trump becoming president. Reasons suggested for this have included his comments on NATO, calling it “obsolete” and suggesting that US adherence to treaty provisions should depend on whether other states are pulling their weight, and those that aren’t should be prepared to defend themselves. Some of the nations falling short of the 2% GDP (PDF) contribution include numerous former Soviet states such as Lithuana and Estonia, and former Warsaw Pact states Romania, Bulgaria, Albania, Hungary, and Czech and Slovak Republics (formerly Czechoslovakia). Most of these countries lie uncomfortably close to Ukraine, where Russia, despite its protestations, has clearly been involved in the civil war, and should the Ukrainian government collapse and a pro-Moscow government come into power, several of them would be very concerned about their safety. Without the promise of the US upholding an Article 5 claim, at the very least, they may become more docile to Russian demands, and could go so far as to become subservient to Moscow, setting up a return to European Cold War politics.
Regardless of the reason, the leak reflects a significant problem with modern tech infrastructures, and especially with modern political campaigns. It’s not an understatement to say that the world pays attention to these campaigns because the campaigns affect the world. They’re also, despite the vast monies involved in modern campaigns, usually set up more for effectiveness and less for security, as shown by the December 2015 “hack” blamed on the Sanders campaign. If a “firewall” between data sets fails open (allows access when it goes down, as opposed to failing closed, where no access is allowed until the firewall is restored), it suggests that security in the rest of the network isn’t taken seriously despite the now-daily news about hacks against much more sophisticated networks.
Here, the Republicans’ lack of a significant data infrastructure may be a blessing: while the 2008 and 2012 Obama campaigns’ mastery of data collection and analysis are often cited as a major part of his wins, the failure to secure that data from remote parties could have sunk his chances instead. Trump’s bare-bones campaign may have something of an edge here, since there seems to be comparatively little for an attacker to go after.
(That doesn’t mean that the RNC hasn’t been hit, of course. If it has, that information just hasn’t been released. If they haven’t started quietly employing skilled professionals to check their infrastructure, they’re making a massive mistake.)
Most people complaining about the leak within the Democratic Party are interested in an overhaul of the nomination process, including scrapping the much-maligned superdelegate system. But perhaps at least as much focus should be placed on securing the DNC and RNC infrastructures. Functionality and security are trade-offs: the more you have of one, the less you typically have of the other. Perfect functionality, though, is useless if someone is able to just walk through the front door and take what they want. If Russia, China, or any other country can change the course of elections to their benefit because the parties skip security, the final result will be a net loss for the United States.