An interesting document came to light this week. The document, obtained by Time, outlines the Obama administration’s plan to respond to a cyber-threat to the 2016 election: specifically, a threat to the operation of voting systems on Election Day.
Time describes the administration as “quietly produc[ing]” the plan in October 2016, and summarizes key provisions thus:
President Obama’s White House quietly produced a plan in October to counter a possible Election Day cyber attack that included extraordinary measures like sending armed federal law enforcement agents to polling places, mobilizing components of the military and launching counter-propaganda efforts.
That’s a lot of, um, federal firepower – as we’ll see, very thinly based on any lawful authority.
The “cyber threat” drumbeat from the administration
To those who were following LU’s coverage of the DHS effort to take over state voting systems, it won’t be a surprise that the Obama administration had such a plan. Homeland Security Secretary Jeh Johnson planned to declare state voting systems to be “critical national infrastructure,” and to therefore come under an unprecedented level of federal supervision, on the pretext that security concerns must override the states’ constitutional authority over voting procedures and systems.
About the time the newly discovered plan was being worked, Jeh Johnson was trying to get the states to request federal help for election-systems security, playing up the potential for cyber-attacks on the election. The states weren’t buying it – which in at least one case turned out to be a good call. After the election, Georgia discovered repeated intrusion attempts into its state voter database detected coming from a DHS-registered IP address.
It was detecting an intrusion attempt on 15 November, a week after the election, that alerted the IT security folks for the Georgia Secretary of State site that the DHS attacks were going on. [Georgia Secretary of State Brian] Kemp publicly demanded an explanation of the 15 November attempt last week. (It was unsuccessful, incidentally, as all the previous attempts were.)
But that attempt turned out to be only the most recent one. On 14 December, Kemp’s office confirmed that there have been at least 10 intrusion attempts from the DHS address, starting in February 2016. Several of them occurred just before the election dates this year.
Immediately after public release of the intelligence community report on Russia and the 2016 election – which notably lacked any evidence that Russia had intruded into any voting system, or had had any impact whatsoever on the outcome of the polling – Johnson declared voting systems to be “critical infrastructure.” (The date was 6 January 2017.)
The backlash from the states was just as immediate. Shortly after Trump’s inauguration, all 50 states appealed to the new president to rescind that last-minute declaration by Obama’s DHS.
And we mustn’t forget this odd little warning in October, from “U.S. intelligence and law enforcement officials”:
U.S. intelligence and law enforcement officials are warning that hackers with ties to Russia’s intelligence services could try to undermine the credibility of the presidential election by posting documents online purporting to show evidence of voter fraud.
In other words, somebody might undermine the public’s confidence by pretending that the election had been interfered with. (Highly ironic prediction, of course.)
That warning sank without a trace at the time. Given the Obama plan uncovered this week, the warning appears to have been issued to prepare the public for a contingency specifically envisioned in the plan, summarized here by Jack Crowe at the Daily Caller News Foundation:
Specifically, the plan detailed the necessity of a FBI and Department of Justice joint effort to address “any post-election cyber incidents,” including “planted stories calling into question the results.”
That, of course, was back when virtually all Democrats expected Hillary Clinton to win.
Purpose of the Obama effort
In light of all this activity, it’s arresting to note that, according to the secretaries of state, the Obama administration never warned them of any Russian effort to hack or interfere with their election systems.
But after the election, the general theme of “Russian hacking” was flogged incessantly starting right around the turn of the new year, when the FBI and DHS released a report assessing that Russians had hacked the DNC email system, and the Washington Post went off the journalistic deep end with multiple quickly-debunked stories about supposed Russian cyber-intrusions.
The outline of the Obama plan, now made public, sheds more light on what the desired end-state seemed to be for all this theme-planting about cyber threats. Although nothing in the nature of the threat itself would suggest the need for an armed federal response, the outline makes it clear that that’s what Obama was preparing for.
The great majority of the verbiage addresses intelligence, monitoring, and coordination among federal agencies, principally DHS, DOJ, and the FBI. It’s easy to be lulled into a sense that this plan is unremarkable, given the legitimate – if remote – possibility that there might be a direct cyber-attack on the voting process.
But a few key passages reveal the plan’s apparent underlying intent, because they don’t make sense. Here’s one, from page 4 (see the embedded document at the Time link at top):
This [command post, at FBI headquarters] will serve as a national center to monitor and track Election Day activities both cyber and non-cyber. In the event of an election-related incident requiring a substantial DOJ and DBI response (e.g. violence at polling places, coordinated voter intimidation, or a significant cyber incident), an Incident Command Post will be established by either the local FBI Field Office or the responsible FBI Investigative Division.
The whole plan is about responding to cyber threats, and is introduced clearly, at the outset, as outlining “the coordination of federal government activity in support of the cybersecurity of election infrastructure.”
So the sudden detour into “violence at polling places” and “coordinated voter intimidation” is a red flag, the reason for which is not overtly obvious from further references in the text. It seems to have been inserted to create an impression of the need for an armed response, even though that need would not logically have anything to do with a cyber threat.
It’s also important to point out that disorder at the polls is a county and state problem. Armed responses should be by sheriffs’ departments and local police; if a governor wants to request federal help, that’s up to him. There was not one scintilla of prior evidence that any expected violence at the polls in November 2016 would justify a peremptory federal intervention.
The next interesting passage is on page 12, in the section listing the federal agencies and their divisions and stand-up teams that might be involved in responding to a major cyber incident on Election Day. The Department of Defense is the final one listed:
The Department of Defense (DOD) may support civil authorities in response to cyber incidents based upon a request from a federal agency, and the direction of the Secretary of Defense or the President. Support may be provided based on the needs of the incident, the capabilities required, and the readiness of available forces. Available forces for incident response in a federal status could include the Active and Reserve components, to include National Guard.
After seeing 5 other agencies with 22 divisions and teams listed in the plan, we are justified in wondering what it is the uniformed DOD could do about a cyber threat to the election that the vast array of civilian agencies, divisions, and teams is not capable of doing. Just what was it the Obama planners expected to come of such a cyber threat?
The final passage of interest is on pages 13-14 of the plan. The document abruptly acknowledges on page 13 that armed feds are “restricted” in responding at polling places:
Pursuant to 18 U.S. Code § 592, armed federal personnel, including federal law enforcement agents, are restricted in responding to an active polling place in an operational capacity.
So suddenly, out of the blue, we’re talking about an armed federal response at polling places – in a plan to counter cyber threats.
The plan then continues:
It is important to note that the Department of Justice has concluded that armed federal law enforcement agents may, where otherwise appropriate, respond to a cyber or other incident at a polling place that has caused it to cease functioning (i.e., when balloting has entirely ceased at that location).
So: an armed, federal response to something that is clearly within the administrative purview of the state to address?
The apparent reasoning here goes beyond specious to non-existent. The next passage outlines the types of voting felonies that fall under federal jurisdiction, seemingly as a way of justifying the armed federal intervention envisioned. But such felonies may be prosecutable after the fact; that doesn’t mean that any of them justify elbowing state and local authorities aside in an armed takeover of a polling place.
Especially not when we’re talking about a cyber incident. Even if it became clear on Election Day that some extraordinary cyber incident was affecting the vote in multiple states, there is simply no reasonable scenario in which the remedy would be for the feds to run into polling places and point guns at people.
Rather, we would expect to have a lot of governors on the phone with the president and each other, working to figure out what happened and what to do next – in a peaceful, orderly manner – to make sure we eventually had an election whose outcome the people could trust.
Knowing the American people and their overwhelmingly law-abiding habits, I would expect them to behave peaceably – if watchfully and with concern – under such circumstances.
If the Obama administration was expecting something else, the most likely reason would have been that the administration itself was planning something else.