Election insecurity
The Trump administration's bureaucratic undoing of election security efforts
Welcome to Trusty, a weekly newsletter exploring how technology is changing the ways people build trust by guiding you through the top headlines from Silicon Valley, D.C., Wall Street and beyond. Subscribe below to get future issues delivered straight to your inbox!
Hey Trustees!
I promise not to inundate you with another hot take on the Democrats’ impeachment inquiry. However, this week’s issue does link back to President Trump and efforts to undermine the integrity of American elections.
But first, some news from the tech world, which had a busy week of its own:
ANTITRUST TURF WAR
Antitrust efforts encountered political hurdles this week as Federal Trade Commission Chairman Joe Simons and Department of Justice antitrust chief Makin Delrahim complained to members of Congress about jurisdictional disagreements and insufficient resources in the agencies’ efforts to investigate potential anticompetitive behavior by big tech. While Democrats generally favor boosting funding, Republicans are less inclined to do so until the agencies resolve their turf war. In the meantime, consumers will likely be the ones to suffer as tech companies evade closer scrutiny from regulators.
Emily Birnbaum / The Hill
SNAP FACEBOOK DOSSIER
The FTC’s antitrust investigation into Facebook turned up a dossier kept by Snap’s legal team, dubbed “Project Voldemort,” detailing the ways Facebook tried to undermine Snap’s business. The document referenced efforts to discourage social media influencers from referencing their Snap accounts on Instagram, which Facebook owns, and suspicions that Facebook was preventing Snap’s app from trending on its own platform. If true, these allegations add to the already large body of evidence of Facebook’s aggressive growth tactics.
Georgia Wells + Deepa Seetharaman / Wall Street Journal
HOUSE TECH INVESTIGATION
The House Judiciary Committee asked more than 80 companies how Amazon, Apple, Google or Facebook may have harmed their businesses. As part of its ongoing investigation, the committee sent formal requests for information, which it kept private to protect the companies against retaliation. That came on the same day as the committee publicly asked the big four tech companies for “scores of documents, including the personal emails and other communications from dozens of top executives.”
Jack Nicas + David McCabe / New York Times
Steve Lohr / New York Times
UBER SEXUAL ASSAULT LIABILITY DODGE
Uber prioritizes avoiding liability over passenger safety when investigating allegations of sexual assault, according to more than 20 current and former members of its Special Investigations Unit. In a process they called “broken,” employees said they are “forbidden by Uber from routing allegations to police or from advising victims to seek legal counsel or make their own police reports, even when they get confessions of felonies.” They said the focus is instead on keeping drivers on the road using a “three strikes” system, and that executives have the ability to override investigators. Even when kicked off Uber, drivers often just end up driving for Lyft.
Greg Bensinger / Washington Post
YOUTUBE VERIFICATION POLICY REVERSAL
YouTube walked back proposed changes to its verification policy after panic among its creator community. Creators worried the new policy would have led YouTube to revoke verification for many of their accounts, significantly impacting their ability to monetize content. The (partial) reversal highlighted an ongoing struggle among social media platforms to develop consistent policies toward determining “legitimate” accounts, a strategy meant to increase trust in the platforms that has often had the opposite effect. Facebook, Instagram and Twitter have all received backlash for missteps on this front in recent months.
Casey Newton / The Verge
FACEBOOK APP PURGE
Facebook said it has suspended tens of thousands of apps as part of an ongoing investigation sparked by the Cambridge Analytica scandal. The company initially said in May that it had suspended 200 apps for improperly collecting user data in violation of its policy, but this latest announcement revealed that the investigation has massively widened in scope. In total, Facebook said it has investigated millions of apps and suspended tens of thousands, which it claimed were the products of just 400 or so developers.
Zoe Schiffer + Nick Statt / The Verge
WEWORK CEO RESIGNATION
WeWork founder Adam Neumann stepped down as CEO this week and had his voting power reduced, while its executives and investors weighed massive layoffs. As I detailed in last week’s issue, the company has already had a rough month, postponing its IPO amid criticism over its valuation, governance structure and Neumann’s behavior. That culminated this week in his resignation (though he will remain nonexecutive chairman). But even with this move, WeWork’s financial woes — which include the $47 billion it owes in lease payments — won’t go away anytime soon.
Lauren Feiner / CNBC
Cory Weinberg / The Information
GOOGLE CONTRACTORS UNIONIZE
Google contractors in Pittsburgh voted to unionize, marking a significant development for a company where contractors outnumber full-time employees. The workers in Pittsburgh, who are employed by a firm called HCL, voted 49-24 in favor of unionizing, citing concerns over lower wages and worse benefits than their Google employee counterparts. The vote came as Google faces increased scrutiny over its treatment of temp workers and contractors following employee protests earlier this year.
Brian Conway / Vice
CALIFORNIA DATA PRIVACY PUSH
The millionaire activist behind California’s landmark privacy law proposed a new ballot initiative that would further expand data rights for California residents. The proposal would also impose tougher regulations on companies that collect personal information and create a new state agency to handle enforcement. Alistair MacTaggart, the real developer behind the effort, said that the current law — which doesn’t even go into effect until 2020 — “now seems insufficient.”
Tony Romm / Washington Post
TECH COUNTERTERROR GROUP FORMALIZED
A group of tech companies announced that their joint initiative to counter extremist content will become a formal, independent organization. The new entity, called the Global Internet Forum to Counter Terrorism (GIFCT), originally started in 2017 as a data-sharing operation between Microsoft, Facebook, Twitter and YouTube as the companies faced criticism for allowing terrorist groups to use their platforms to radicalize and recruit followers. The pressure increased again in March after a mass shooting in Christchurch, New Zealand, where the shooter live-streamed the act on social media.
Emily Birnbaum / The Hill
UN CYBER PLEDGE
The United States and 26 other countries belonging to the United Nations signed a joint agreement stating that all countries should follow international law when operating in cyberspace. The agreement was vague and didn’t specify what punishment should look like, but did condemn attacks that “target critical infrastructure,” “undermine democracies and international institutions,” and “undercut fair competition” in the global economy.
Kevin Collier / CNN
TIKTOK CENSORSHIP
TikTok, a popular social media app owned by Chinese tech company ByteDance, censors content that undermines Beijing’s political narratives. Documents leaked to The Guardian reveal policies that instruct moderators to either remove or isolate videos mentioning Tiananmen Square, Tibetan independence, or Falun Gong, a banned religious group. The news comes amid existing allegations that China has been suppressing TikTok content related to the Hong Kong protests for political reasons.
Alex Hern / The Guardian
CHINA EMBEDS WITH HANGZHOU TECH COMPANIES
China will embed government officials at 100 local companies in its tech hub of Hangzhou in a move to increase government oversight of the private sector that could fuel concerns among some U.S. policymakers that Chinese firms are too cozy with Beijing.
Stu Woo / Wall Street Journal
POTUS WEIGHTS CYBERATTACK ON IRAN
President Trump is weighing a possible cyber counterattack against Iran following a drone and missile strike on oil fields in Saudi Arabia. The New York Times reported that the Trump administration is debating whether it could “send a strong message of deterrence with a cyberattack without doing so much damage that it would prompt an even larger Iranian counterstrike.” This reflects an evolving discussion among national security and cyber experts over how to respond to cyberattacks by foreign adversaries.
David Sanger + Julian Barnes / New York Times
Election insecurity
According to the transcript of Trump’s call with Ukrainian president Volodymyr Zelensky, which his administration released Wednesday, Trump made a comment that seemed to reference a debunked conspiracy theory about the hacking of Democratic National Committee servers during the 2016 elections (Axios has this helpful breakdown).
Trump’s belief in said conspiracy theory reflects a fundamental lack of understanding about how servers and cybersecurity investigations operate, as well as his continued skepticism of the U.S. intelligence community’s consensus that Russia meddled in the 2016 presidential election. As Axios’ Joe Uchill put it:
“For a president to keep repeating that something so easily explained was amiss in the Russia investigation is profoundly concerning.”
But President Trump’s comment is also “profoundly concerning” because his skepticism has hindered (traditionally bipartisan) efforts to address election security, despite repeated warnings from cybersecurity experts, intelligence officials, and lawmakers about the specter of cyberattacks by foreign actors.
Trump’s antipathy toward the issue has made it politically toxic for Republicans to advance election security bills. As a former Democratic Senate staffer told the Washington Post:
“It would put Republican senators in an awkward spot of having to vote against election security or vote for it and potentially anger Trump or anger some of his base if he were to tweet how bad the bill is.”
After years of blocking election security legislation, Senate Majority Leader Mitch McConnell (R-KY) recently reversed course amid pressure from conservative activists and agreed to allocate $250 million in funding. But an analysis from the Brennan Center pegged the cost of even basic security measures at more than $2.1 billion over the next five years, meaning McConnell’s gesture hardly solves the issue.
However, instead of wading too far into the swamp of legislative politics, it’s worth highlighting a few examples where the Trump administration has undermined election security on its own through the executive branch.
Red tape
July 2017: Trump tweets that he and Russian president Vladimir Putin discussed forming a joint cybersecurity task force to address election security issues, an idea that both sides of the aisle strongly rebuke.
May 2018: Politico reports that Trump’s national security advisor, John Bolton, has eliminated the cybersecurity coordinator position on the National Security Council, which “many experts and former government officials criticized as a major step backward for federal cybersecurity policy.”
July 2018: CNBC reports that, 19 months into Trump’s presidency, his administration has no coherent election security strategy.
November 2018: ProPublica reports that the Election Assistance Commission, the agency responsible for helping local jurisdictions improve their cybersecurity, “has either been missing in action or working to thwart their efforts.”
February 2019: The Daily Beast reports that in the Cybersecurity and Infrastructure Security Agency, which was created under the Department of Homeland Security in November 2018, two task forces “assembled to fight foreign election interference are being dramatically downsized.” While the task forces apparently weren’t intended to be permanent, DHS downsized one of them “before its members produced a thorough assessment of what happened during the 2018 elections.”
February 2019: DHS’s inspector general, the agency’s internal watchdog, reported that it had identified staff “concerns that CISA is not adequately staffed to provide support to state and local election officials.”
May 2019: the DHS inspector general also reported that “despite Federal requirements, DHS has not completed plans and strategies critical to identifying emerging threats and mitigation activities, and to establishing metrics to gauge progress in securing the election infrastructure.”
April 2019: the New York Times reports that, after White House Chief of Staff Mick Mulvaney told then-secretary of the Department of Homeland Security Kirstjen Nielsen not to bring up election cybersecurity with Trump, Nielsen “eventually gave up on her effort to organize a White House meeting of cabinet secretaries to coordinate a strategy to protect [the 2020] elections.”
April 2019: Politico reports that the Office of the Federal Chief Information Officer, which helps federal agencies develop IT and cybersecurity best practices, is suffering from dysfunction, an exodus of personnel and low morale (employee satisfaction had dropped to 19 percent). The inefficacy appears to stem from senior leadership’s lack of either IT expertise or clear priorities for the office.
June 2019: Politico reports that Brian Newby, director of the Election Assistance Commission, “has blocked important work on election security, micromanaged employees’ interactions with partners outside the agency and routinely ignored staff questions, according to former election officials.”
July 2019: Director of National Intelligence Dan Coats resigns after repeated attempts by the Trump administration to water down assessments by Coats criticizing Russian efforts to influence American elections and politics.
The takeaway
The “Trump administration” consists of thousands of individuals, and some have made progress toward defending the country’s election infrastructure against cyber threats. However, those efforts come in spite of — not because of — Trump’s attitudes toward election security.
State and local election administrators are often severely underfunded, under-resourced or lack technical expertise, meaning they need assistance from federal agencies like the Department of Homeland Security and the Election Assistance Commission. If those agencies are themselves underfunded or run by political appointees who undermine their election security initiatives, foreign adversaries could have a significantly easier time manipulating future U.S. elections.
If you enjoyed Trusty or think someone you know might, please subscribe and share below! Thanks for reading and stay tuned for next week’s issue!