How lessons learned from the 2016 campaign led US officials to be more open about Iran hack

WASHINGTON — The 2016 presidential campaign was entering its final months and seemingly all of Washington was abuzz with talk about how Russian hackers had penetrated the email accounts of Democrats, triggering the release of internal communications that seemed designed to boost Donald Trump's campaign and hurt Hillary Clinton's.

Yet there was a notable exception: The officials investigating the hacks were silent.

When they finally issued a statement, one month before the election, it was just three paragraphs and did little more than confirm what had been publicly suspected — that there had been a brazen Russian effort to interfere in the vote.

This year, there was another foreign hack, but the response was decidedly different. U.S. security officials acted more swiftly to name the culprit, detailing their findings and blaming a foreign adversary — this time, Iran — just over a week after Trump's campaign revealed the attack.

They accused Iranian hackers of targeting the presidential campaigns of both major parties as part of a broader attempt to sow discord in the American political process.

The forthright response is part of a new effort to be more transparent about threats. It was a task made easier because the circumstances weren't as politically volatile as in 2016, when a Democratic administration was investigating Russia's attempts to help the Republican candidate.

But it also likely reflects lessons learned from past years when officials tasked with protecting elections from foreign adversaries were criticized by some for holding onto sensitive information — and lambasted by others for wading into politics.

''This is certainly an example of that — getting out there quickly to say, ‘Look, this is what Iran's trying to do. It's an important way of building public resilience against this propaganda effort by Iran,''' said Spaulding, now a senior adviser at the Center for Strategic and International Studies.

The Aug. 19 statement by security officials followed a Trump campaign announcement that it had been breached, reports from cybersecurity firms linking the intrusion to Iran and news articles disclosing that media organizations had been approached with apparently hacked materials.

But the officials suggested their response was independent of those developments.

The FBI, which made the Iran announcement along with the Office of the Director of National Intelligence and the Cybersecurity and Infrastructure Security Agency, said in a statement to The Associated Press that ''transparency is one of the most powerful tools we have to counteract foreign malign influence operations intended to undermine our elections and democratic institutions.''

The FBI said the government had refined its policies to ensure that information is shared as it becomes available, "so the American people can better understand this threat, recognize the tactics, and protect their vote.

A spokesperson for the ODNI also told AP that the government's assessment arose from a process for notifying the public about election threats that brings together representatives from several intelligence and national security agencies.

The framework sets out a process for investigating and responding to cyber threats against campaigns, election offices or the public. When a threat is deemed sufficiently serious, it is ''nominated'' for additional action, including a private warning to the attack's target or a public announcement.

''The Intelligence Community has been focused on collecting and analyzing intelligence regarding foreign malign influence activities, to include those of Iran, targeting U.S. elections,'' the agency said. ''For this notification, the IC had relevant intelligence that prompted a nomination.''

The bureaucratic terminology obscures what for the intelligence community has been a wholesale reorganization of how the government tracks threats against elections since 2016, when Russian hacking underscored the foreign interference threat.

''In 2016 we were completely caught off guard,'' said Sen. Mark Warner, D-Va., the chairman of the Senate Intelligence Committee. ''There were some indications, but nobody really understood the scale.''

Inside the White House, officials debated how to inform the public of its assessment that Russia was behind the hack-and-leak. There was discussion about whether such a statement might have the unintended consequence of making voters distrustful of election results, thereby helping Russia achieve its goal of undermining faith in democracy.

Then-FBI Director James Comey wrote in his book, ''A Higher Loyalty,'' that he at one point proposed writing a newspaper opinion piece documenting Russia's activities. He described the Obama administration deliberations as ''extensive, thoughtful, and very slow," culminating in the pre-election statement followed by a longer intelligence community assessment in January 2017 that said Russia had developed a ''clear preference'' for Trump.

''I know we did agonize over whether to say something and when to say it and that sort of thing because it appeared in the case of the Russians that they were favoring one candidate over the other,'' James Clapper, the then-director of national intelligence, said in an interview.

A Bumpy Road

In 2018, Congress created CISA, the Department of Homeland Security's cyber arm, to defend against digital attacks. Four years later the Foreign and Malign Influence Center was established within the ODNI to track foreign government efforts to influence Americans, including before elections.

Still, there have been obstacles and controversies. Shortly after Joe Biden won the 2020 election, Trump fired the head of CISA, Christopher Krebs, for refuting his unsubstantiated claim of electoral fraud.

Also during the 2020 elections, The New York Post reported that it had obtained a hard drive from a laptop dropped off by Hunter Biden at a Delaware computer repair shop. Public confusion followed, as did claims by former intelligence officials that the emergence of the laptop bore the hallmarks of a Russian disinformation campaign. Trump's national intelligence director, John Ratcliffe, soon after rebutted that assessment with a statement saying there were no signs of Russian involvement.

In 2022, the work of a new office called the Disinformation Governance Board was quickly suspended after Republicans raised questions about its relationship with social media companies and concerns that it could be used to monitor or censor Americans' online discourse.

Legal challenges over government restrictions on free speech have also complicated the government's ability to exchange information with social media companies, though Deputy Attorney General Lisa Monaco said in a recent address that the government has resumed sharing details with the private sector.

Earlier this year, Warner said he worried the U.S. was more vulnerable than in 2020, in part because of diminished communication between government and tech companies. He said he's satisfied by the government's recent work, citing a greater number of public briefingsand warnings, but is concerned that the greatest test is likely still ahead.