From Russia With Love

41 Pages Posted: 20 Sep 2017 Last revised: 21 May 2019

See all articles by David Thaw

David Thaw

University of Pittsburgh - School of Law; University of Pittsburgh - School of Information Sciences; Yale University - Information Society Project; University of Pittsburgh - Graduate School of Public & International Affairs

Date Written: February 12, 2019

Abstract

Over a decade of scholarship has examined the questions associated with “Election Security” and “Election Hacking.” Overwhelmingly (if not exclusively) these efforts have focused on the critical questions associated with maintaining the confidentiality, integrity, and availability of voting information systems. There are available solutions for these types of problems, both technological and legal. Furthermore, in the event such “alterations” to voting records were detected, both legal and political redress mechanisms are available or could be made available under our current constitutional framework. Election Hacking is a problem which can both be managed and for which redress exists.

This Article focuses primarily on a different problem -- election "Influence Operations" -- for which legal redress does not, and potentially cannot, exist. Overwhelming evidence exists suggesting that foreign intelligence and espionage agents engaged in complex campaigns designed to influence the outcome of national elections in recent years. Such activities clearly would be unlawful under U.S. law, and there is a strong argument that the conventions of international law prohibit these activities as well. But regardless of either prohibition, the effect remains – people either changed how they voted or whether they voted. And they did so voluntarily, thus rendering any legal redress impossible, and rendering political redress extraordinarily unlikely.

This Article argues that the 2016 U.S. Presidential election illustrates a critical example of the vulnerabilities of representative democracy in the context of a highly-interconnected, “cyber” world. The Article presents a typology for distinguishing these challenges from other types of electoral interference. Attempts to persuade individual whether or how to vote, or “Influence Operations,” are nothing new – individuals and governments have spent enormous resources (lawfully and unlawfully) throughout history attempting to persuade voters to act one way or another. What changes in the Information Age is the ability to execute such operations, at scale with manageable cost, and the ability to disguise the identity or origin of those operations sufficiently long to achieve the desired effect – “persuading” enough voters to alter an electoral outcome.

The primary goal of this Article is to shed light upon a previously under-explored area of election interference through “cyber” means. The visceral reaction of many to feeling disenfranchised through fake news raises the spectre of reactionary policymaking that threatens fundamental constitutional principles – a process which already has begun. By developing a framework for understanding the scope of electoral interference problems, and identifying the legal and technical challenges and options for responding to such problems, this Article seeks to inform the policy debate to craft effective deterrence, mitigation, detection and redress mechanisms before such problems occur again. The greatest victory of a foreign adversary in this context is not in getting their favored candidate elected (although such would not be insignificant) – it is in undermining the electorate’s confidence in elections, a process which ultimately leads to political destabilization. By addressing these problems up front, we can – at the very least – substantially reduce any loss of confidence resulting from future unlawful electoral interference operations.

Keywords: cybersecurity, elections, hacking, risk management

Suggested Citation

Thaw, David, From Russia With Love (February 12, 2019). U. of Pittsburgh Legal Studies Research Paper No. 2019-11. Available at SSRN: https://ssrn.com/abstract=3038308 or http://dx.doi.org/10.2139/ssrn.3038308

David Thaw (Contact Author)

University of Pittsburgh - School of Law ( email )

3900 Forbes Ave.
Pittsburgh, PA 15260
United States

HOME PAGE: http://www.davidthaw.com

University of Pittsburgh - School of Information Sciences ( email )

Pittsburgh, PA 15260
United States

Yale University - Information Society Project ( email )

P.O. Box 208215
New Haven, CT 06520-8215
United States

University of Pittsburgh - Graduate School of Public & International Affairs ( email )

Pittsburgh, PA 15260-0001
United States

Register to save articles to
your library

Register

Paper statistics

Downloads
125
Abstract Views
992
rank
226,072
PlumX Metrics