WASHINGTON — Adam Schiff was in the audience at the 2018 Aspen Security Forum when a Microsoft executive mentioned an attempted hacking of three politicians up for reelection. It was the first that Schiff, then the top Democrat on the House Intelligence Committee, had ever heard of it.
Schiff said he thought it was “odd” that Congress hadn’t been briefed. He got in touch with high-ranking officials in the intelligence agencies, and they didn’t know about it, either. It turned out that Russian hackers had unsuccessfully tried to infiltrate the Senate computer network of then-Sen. Sen. Claire McCaskill, D-Mo., and other unidentified candidates.
Two years later, Schiff says that breakdown is still emblematic of the disjointed effort among government agencies, Congress and private companies as they try to identify and address foreign election interference. But this year, with President Donald Trump adamant that Russia is not interfering and his administration often trying to block what Congress learns about election threats, it’s those private companies that often are being called upon to fill the breach.
Lawmakers welcome the help from the private sector and say the companies have become increasingly forthcoming, but it’s a haphazard way to get information. It allows the companies to control much of what the public knows, and some are more cooperative than others.
“If a company wants to publicize it, that’s great,” says Virginia Sen. Mark Warner, the top Democrat on the Senate Intelligence Committee. “But what happens when they don’t want to bring it to the attention of the government?”
That’s what happened in 2016, when Russia spread disinformation through social media, including Facebook, Twitter and YouTube. Those companies were slow to recognize the problem and they initially balked at government requests for more information. But after Congress pushed them publicly, they gradually became more cooperative.
Now, Facebook and Twitter give Congress regular briefings to the intelligence committees, issue frequent reports about malicious activity and are part of a group that regularly meets with law enforcement and intelligence officials in the administration.
Microsoft, which is part of that group, announced last week that Russian hackers had tried to breach computers at more than 200 organizations, including political campaigns and their consultants. Most of the hacking attempts by Russian, Chinese and Iranian agents were halted by Microsoft security software and the targets notified. But the company would not say which candidates or entities may have been breached.
Lawmakers say the private sector can only do so much.
“It’s certainly important that the social media companies participate and cooperate, which they have not always done in the past, but that does not in any way replace the analysis that is done by the intelligence community, and I believe that analysis should be shared with Congress,” says Sen. Susan Collins, R-Maine, a member of the Senate Intelligence Committee.
That relationship between intelligence agencies and Congress has grown strained since Trump took office. He has has doubted the agencies’ conclusions about Russian interference in 2016 and he fired, demoted and criticized officials who shared information he didn’t like.
The current director of national intelligence, John Ratcliffe, a close Trump ally, tried to end most in-person election security briefings — a decision he later reversed after criticism from lawmakers from both parties. But Ratcliffe maintains that his office will not provide “all member” briefings for all lawmakers, citing what he says were leaks from some of those meetings this year.
Lawmakers say that in restricting what’s given to Congress, the administration is effectively restricting what it tells the public about election security and misinformation. That threatens to sow confusion, just as foreign adversaries such as Russia are hoping for.