Protecting National Security or Covering for the Administration?

Protecting National Security or Covering for the Administration?

The Trump administration’s zeal to stop leaks of classified data may be running headlong into the public’s interest in learning the full extent of Russia’s interference in last year’s election, including possible collusion between Russian hackers and the Trump campaign or Trump associates.

Arrest of Alleged Leaker Spotlights Clash Between Efforts to Stop Leaks and Public Interest in Transparency

The Trump administration’s zeal to stop leaks of classified data may be running headlong into the public’s interest in learning the full extent of Russia’s interference in last year’s election, including possible collusion between Russian hackers and the Trump campaign or Trump associates.

Federal authorities disclosed on Monday that they’ve charged a 25-year-old government contractor with mishandling classified information from the National Security Agency (NSA). Reality Leigh Winner, who reportedly left the Air Force in February soon after completing an assignment at the NSA’s headquarters in Maryland, was arrested on Saturday.

The Washington Post reported this morning that Winner has told the FBI that she mailed classified information from her home in Georgia to an unnamed news outlet, “which she knew was not authorized to receive or possess the documents.”

The Trump administration has vowed to pursue leakers of classified information aggressively, arguing that disclosures can put U.S. intelligence operatives around the world at risk. In Winner’s case, the arrest may also serve to stifle disclosures of additional information about Russia’s election hacking, including information concerning possible links between the hackers and the Trump campaign.

Word of Winner’s arrest came as The Intercept, an online news site, published details of an NSA report on a cyberattack the agency said was run shortly before the November election by Russian military intelligence operatives. The NSA document said the attack targeted at least one U.S. firm that produces voting software and sent “spear-phishing emails” to more than 100 local election officials. The firm was not named but the Intercept said the report included references to “VR Systems,” a Florida-based vendor of electronic voting systems used in eight states.

The Intercept said it obtained the NSA report from an anonymous source. The Intercept published an edited version of the document, redacting several portions at the request of NSA officials who persuaded editors that disclosure would not be in the public interest.

“The report indicates that Russian hacking may have penetrated further into U.S. voting systems than was previously understood,” The Intercept said. The NSA analysis “does not draw conclusions about whether the (Russian) interference had any effect on the election’s outcome and concedes that much remains unknown about the extent of the hackers’ accomplishments,” the website said.

But even without conclusions, the report underscores longstanding concerns among U.S. elections officials and independent analysts that our elections are dangerously vulnerable to cyber sabotage. While there is no evidence yet that hackers have altered vote counts, analysts worry that the increased use of computerized systems, particularly those that do not produce a paper record of each ballot, makes it possible for hackers to manipulate results and go undetected.

Common Cause is among a group of organizations that has been lobbying state legislatures across the country to tighten ballot security by using systems that produce a paper record of each vote, are subject to robust post-election audits, and do not use the internet to cast or transmit votes. The National Institute for Standards and Technology has concluded that ballots transmitted online cannot be secured or kept private.

Read “Protecting the Vote in 2016,” Common Cause’s review of registration and voting systems in 11 swing states.

Pamela Smith, president of election integrity watchdog Verified Voting, agreed in a blog posted this morning that even if VR Systems doesn’t facilitate the actual casting of votes, it could make an alluring target for anyone hoping to disrupt the vote. “If someone has access to a state voter database, they can take malicious action by modifying or removing information,” she said. “This could affect whether someone has the ability to cast a regular ballot, or be required to cast a ‘provisional’ ballot — which would mean it has to be checked for their eligibility before it is included in the vote, and it may mean the voter has to jump through certain hoops such as proving their information to the election official before their eligibility is affirmed.”

###