As someone who’s had a years-long front row seat to Russia’s efforts influence US politics, former Facebook Chief Security Officer Alex Stamos has a pretty solid read on what we can expect from the 2018 midterms. Stamos left the company last month to work on cybersecurity education at Stanford.
“If there’s no foreign interference during the midterms, it’s not because we did a great job,” Stamos said in an interview with TechCrunch at Disrupt SF on Thursday. “It’s because our adversaries decided to [show] a little forbearance, which is unfortunate.”
As Stamos sees it, there is an alternate reality in which the US electorate would be better off heading into its next major nationwide voting day but critical steps haven’t been taken.
“As a society, we have not responded to the 2016 election in the way that would’ve been necessary to have a more trustworthy midterms,” he said. “There have been positive changes, but overall security of campaigns [is] not that much better, and the actual election infrastructure isn’t much better.”
Stamos believes that it’s important to remember that foreign adversaries can’t dictate the outcome of an election with any kind of guarantee. What they can do — and what he calls his “big fear” — is that they can still mess everything up in a way that calls the entire system into question.
“In most cases, throwing an election one way or another is going to be very difficult for a foreign adversary but throwing any election into chaos is totally doable right now,” he said. “That’s where we haven’t moved forwards. ”
Stamos gave examples of attacks on voter registration sites that lose voter data or denial-of-service attacks on the day of elections.
“With a disinformation campaign at the same time, you can make it so that you have half the country that thinks the election was thrown,” he said.
To a foreign adversary seeking to undermine US democracy, creating that kind of doubt isn’t very technically difficult. Even with no votes changed and no voting systems breached, a little doubt goes a very long way toward accomplishing the same goals as a more sophisticated hacking campaign.
Stamos cites new ad funding disclosures as one substantive change that will help make US democracy healthier, but more efforts need to be taken.
“Russian interference or not, we do not want a future where campaigns and candidates are cutting up the electorate into smaller and smaller pieces — so I think ad transparency is the first step there,” he said.
In some cases, those efforts will require a major shift in the way both the US government and private social media companies have conducted themselves. For one, as he wrote in Lawfare, the US needs “an independent, defense-only cybersecurity agency with no intelligence, military or law enforcement responsibility” rather than a patchwork of agencies each partially responsible for cybersecurity defense.
The news may not be great for 2018, but a strong dose of realism now will amplify the clarion call to do better before 2020.