Robert Mueller’s latest indictment in his investigation of Russian interference in the 2016 election is chock full of extraordinary details. Its most breathtaking revelation, however, is just how scary-good America’s cyberspies are.
Mueller’s indictment shows how a dozen Russian military intelligence officers probed, hacked and pilfered the servers of the Democratic National Committee, the Democratic Congressional Campaign Committee and the campaign of Hillary Clinton. It lists their names and ranks. It details how they paid for things (in bitcoin) and what they researched, which programs they used and how they tried to hide their tracks. It reveals the phony personas some agents used in their online interactions — “Alice Donovan,” “Jason Scott” and “Richard Gingrey.” And it has a tantalizing detail about the campaign’s timing: On the same day that then-candidate Donald Trump publicly asked the Russians “to find the 30,000 e-mails that are missing,” for example, the Russian hackers probed Clinton’s personal servers.
All of this makes for compelling reading. But it also reveals an irony about online privacy. The very government capabilities derided five years ago as potential invasions of privacy were necessary in pinning blame on a foreign government that used much cruder techniques to not only read the communications of American citizens but release them on the internet. Put another way, we need Big Brother to expose the snooping of little brothers.
And the threat Russia posed to the privacy of Democratic Party officials such as John Podesta and Neera Tanden is not fleeting. Foreign states and private actors pose a grave and continuing threat to the privacy of American citizens.
Think of the many hacks in just the last few years. There was the 2014 hack of Sony Pictures before the release of “The Interview,” a spoof of North Korea’s dictator. That hack exposed the e-mails and personal messages of Hollywood executives and movie stars. The FBI and U.S. intelligence pinned it on North Korea, shortly after the attack, but they have not released the kind of detail found in the Mueller indictment.
Or consider the case of Elliott Broidy. Earlier this year, news outlets began publishing a trove of his personal e-mails that showed how Broidy, a Trump fundraiser, lobbied the president to fire then-Secretary of State Rex Tillerson. Broidy reportedly wanted the U.S. to take the side of Saudi Arabia and the United Arab Emirates in their dispute with Qatar. Broidy now alleges in a lawsuit that the hack was a Qatari plot, which the Qataris deny.
It’s hard to overstate the importance of the U.S. intelligence community in these cases. Despite the growth of the private cybersecurity industry, this kind of crime is very hard to investigate and prove, especially if the suspected culprit is a foreign state or entity. The U.S. government has capabilities that are not available to the private sector. If the victims of foreign-state hacking ever want to receive justice, they will need the digital spying infrastructure of the National Security Agency.
This is not to say that the government poses no threat to privacy. The leaks of intercepted phone calls between the Russian ambassador and Trump’s first national security adviser, Michael Flynn, were dangerous. So was the leak about former Trump campaign aide Carter Page being under federal surveillance. The U.S. government was also wrong to hide its collection of telephone metadata from the public until former contractor Edward Snowden exposed this program.
But when foreign governments such as Russia hack the accounts of U.S. citizens and make public their private communications, Americans will invariably rely on U.S. intelligence agencies to learn about it. And in this new kind of political warfare, attribution is the first step toward deterrence.