As Social Critic readers know, there has been no blow-by-blow effort to dissect news of the ongoing Trump-Russia investigation. The reason? Doing so relies too heavily on speculation. Until special counsel Robert S. Mueller III weighs in, the jury remains out. Of course, that hasn’t stopped a bifurcated mainstream media from leaving little doubt in the minds of their respective readers and viewers as to how guilty — or innocent — President Trump is of Russia-collusion allegations. Caught between the competing partisan wings of the American media, one can expect that from time to time key “dots” will fail to connect in the public mind. This is one such time.
The first under-reported development centers around the revelation that FBI Director James Comey, according to the Inspector General Michael E. Horowitz, made use of a Gmail account to transact FBI business. This is relevant not simply in the context of whether or not classified information may have been conveyed over a Gmail account — which Comey denies — but because the Russian “hack” began with phishing emails.
Phishing is not a new phenomena. It occurs when an email user opens an attachment or clicks a link to a website that falsely appears to be legitimate for the purpose of changing a password, address or updating an account. Virtually all email users — particularly those who make use of “freebie” Internet accounts such as Yahoo!, Hotmail and Gmail — are subjected to phishing attempts. Typically these efforts, when successful, lead to the theft of payment information, infection of one’s computer with malware or a ransomware attack in which a criminal entity attempts to gain control of a user’s computer to hold personal data hostage until the victim agrees to pay a fee.
Phishing is nothing new. This method of accessing business and personal data has existed since the 1990s — a reason computer users have been admonished for years to keep their antivirus software up-to-date, not to open unsolicited email attachments or follow outbound links. However, early on in the reporting on the Russian hack, the fact that the meddling was facilitated by the use of a non-secured email account — Gmail in the case of Hillary Clinton’s campaign chairman — was lost, and media began to employ shorthand to convey what occurred: “hack“.
To be clear, it is essential that the Department of Justice continue in their efforts to root out any and all forms of foreign interference in our electoral process. As the Mueller investigation continues, however, a “teachable moment” remains largely overlooked. The degree to which high-level political figures are vulnerable to surveillance at the hands of hostile actors, foreign or domestic, ought to concern all Americans regardless of party affiliation. After all, it’s not just national security that’s on the line when sensitive information falls into the wrong hands. Also at stake is the all-too-real possibility that our elected leaders and high-level government officials may be extorted or blackmailed using data hostile actors obtain.
Despite the knowledge that Gmail accounts are not “locked down” by government cybersecurity measures, former FBI Director James Comey also made use of a Gmail account to transact FBI business. In other under-reported news, we learn that Sec. Clinton’s use of a private email server was also allegedly hacked by a foreign entity. This contradicts the FBI’s repeated assurances that Sec. Clinton, while “careless”, was not compromised while serving as Secretary of State.
For those who have been scratching their heads as to how the FBI characterized Sec. Clinton’s use of a private email server in her official capacity as Secretary of State as “careless” (not a crime) vs. “negligent” (or similar prosecutable offense), we have an answer. No less than FBI Dir. Comey engaged in his own unsafe email practices — practices that may have violated the terms of his own security clearance! — which carry an inherent risk of exposing our most trusted government agencies to criminal, if not foreign, manipulation.
There is no telling how many other top government staffers are carrying on much the same as Sec. Clinton and former FBI Dir. Comey. However, it isn’t a stretch to imagine that crossover between employer-supplied computers, accounts and smartphones and personal devices and accounts — blurring lines between work and personal use — are a widespread practice. (Indeed, the IG report confirms that Sec. Clinton’s top aides were also using the likes of Yahoo! and other non-secured personal email accounts.) Conceivably, because “everybody’s doing it” — high-level officials mixing the use of government-issued accounts and devices and personal accounts and devices “as a matter of convenience”, as Sec. Clinton put it — the FBI has lost its will to prosecute anyone for engaging in an all-too-common security violation. (Potentially, it would cost too many people across too many agencies their security clearances. Worse, it would open up too many individuals to prosecution — in which case it would not follow for the FBI to “single out” Sec. Clinton, particularly in the midst of a presidential campaign.)
The drama of the past two years in many ways lands at the feet of President Trump, who’s controversial rhetoric and off-the-cuff remarks on Twitter are a never-ending source of consternation on any given news day. And yet the broader concern — a concern that transcends the present administration — is how we will protect the integrity of government institutions and the sanctity of the American electoral process going forward.
Responding to this challenge in a way that translates political outrage over Russian interference into constructive reform will require us to return to a topic far more fundamental than the partisan spin that characterizes so much of our political news: legislative reform. Campaign workers and top government officials, elected or non-elected, must be compelled to play by the same security rules rank-and-file government employees must observe every single day as a means not only to safeguard their security clearances but the institutions of government in which they serve.
While media coverage of IG report revelations often amounts to little more than a staking out of the usual partisan corners on the Trump-Russia investigation, the report also serves as a sobering reminder to observe best practices in every aspect of our political process. Recovering from this contentious and bitter period in American politics isn’t going to happen simply because Donald Trump’s time in office ends — be it to term limits, indictment or impeachment. We must come to terms with the fact that intrusion by hostile criminal elements — threats within and without — are an unyielding reality of today’s digitally-dependent society.
Among the WikiLeaks revelations that received little attention in the wake of the Democratic National Convention hack appears an email written by Eric Walker, a deputy communications director. Walker titled an email he sent to other DNC staffers “‘The dumbest thing I’ve ever read’, which linked to a Buzzfeed headline: ‘These Experts Think The DNC And RNC Are Both Horrible At Cybersecurity.'”
The 2016 article critiques the Democratic and Republican National Committees, alike, for giving out USB drives at events. Walker’s flippant response to a legitimate cybersecurity threat? “The thesis: we hand out thumb drives at events, which could infect the reporters/attendees’ computers,” he writes. “So that means that we’re bad at cybersecurity. Okay.”
Never again should American citizens learn that those who work for political causes or government agencies take a cavelier view of the risks they are taking with the fragile public trust. Russians meddling in the election is bad enough — yet it’s only part of the story. What matters in the long term is how many more doors into the very heart of America’s political and national security interests we ourselves leave wide open.
As we approach 25 years into this so-called Digital Revolution, Congress should demand a higher standard of accountability for all campaign staffers and security-clearance holding federal employees who deviate from secured government systems for routine — let alone sensitive — communications. The federal government is overdue for “zero tolerance” cybersecurity legislation. Absent such reform, we can be sure that foreign interference will remain a fact of life not only during elections — with predictably chaotic, divisive and demoralizing results — but in lesser-appreciated day-to-day government operations. Reinvesting in the integrity of our government institutions and the validity of our electoral process is to recognize the paramount role of cybersecurity for which ignorance of such risks is no longer a valid excuse.