August 06, 2018

Regular cyberattacks plague electoral system, courts—and it’s not just Russia behind them

The next frontier in foreign interference is the American judicial system, according to a panel of national security experts on Aug. 4 at the American Bar Association Annual Meeting in Chicago.

“We start with the alarming premise that our American democracy is under attack,” said Suzanne Spaulding, senior advisor for homeland security at the Center for Strategic and International Studies, during the program, “Attacks on our Institutions of Democracy: The Role of the Judicial System.”

“Clearly one of the most appealing elements of our democracy is this reality of an independent and impartial judiciary and justice system,” Spaulding said, noting that Russia’s efforts to undermine the 2016 elections were the “most recent expression” of Moscow’s “longstanding desire” to undermine democratic order and institutions. “Part of Putin’s objective here is …to undermine our faith and confidence in our democratic process… first and foremost for his own population, but also around the world where we compete for influence,” she said.

Spaulding is the former undersecretary of the National Protection and Programs Directorate at the Department of Homeland Security, serving from 2011-17. Responsible for safeguarding the election infrastructure, Spaulding and her team were well aware of Russian efforts to undermine trust and confidence in the U.S. judicial system long before the 2016 elections. Looking for evidence, what they saw the Russians doing included cyberattacks to gain access to voter registration information and doxing, such as stealing emails they thought were embarrassing and destabilizing to the United States and publishing them.

“As we started looking, we began to see the narrative emerge,” Spaulding said. “Russia exploits divisions and vulnerabilities of our own making. They pick up on and add fuel to flames of divisive issues around immigration and racial injustice and fan the flames of those issues.”

Spaulding said that those issues can “bump up against the courts” and have implications of public confidence in the courts.

Beyond their efforts online, Spaulding said the Russians have television shows dedicated to pushing misinformation about the American judicial system, and named two, “The American Lawyer” and “Loud and Clear.”

Social media is also a strong tool of the Russians. Spaulding noted a website that monitors Russian social media accounts called Hamilton 68, which is run by The Alliance for Securing Democracy, a bipartisan, transatlantic initiative housed at The German Marshall Fund of the United States. While at DHS, she asked them what they saw emerging from the “noise.” She said they saw the same thing: a “sustained campaign to undermine public confidence in the justice system,” one that targeted prosecutors, the FBI, Department of Justice, and the key figures behind those offices, such as Robert Mueller and James Comey.

“What Putin has done to his own population is to cause them to give up on the notion of truth,” Spaulding said. ”They are so bombarded with mistruths and changes in direction, they have despaired the notion that they can determine what the truth is and that there is objective truth out there. And if you think about the role of the courts as arbiters of fact finders of the truth…you really are in danger of entering into a post-truth world.”

Judge Margaret Sweeney of the United States Court of Federal Claims urged the audience not to let the attacks go unchecked.

Cyberattacks by the Russians are now in the headlines, but such efforts aren’t limited to that country.

Sweeney said when the judiciary encounters cyberattacks, the entities behind them are most often fronted by entrepreneurs who want to sell information about decisions before they are announced…onto the dark web. She said people hack for various reasons, including to find out whether they should buy or sell stock in a company.

“Court databases contain lots of proprietary information that competitors want and foreign governments want,” Sweeney said.

She said that many foreign governments use theft as their research and development, and added, “We have to be vigilant about stopping people and countries from trying to infiltrate our system.”

Sweeney said courts have seen “disturbing cyber intrusions” in terms of attacks on specific judges. One public court website was brought down and replaced with a picture of a judge at that court hanging from a noose.

She said when misinformation is launched against judges and the courts, it’s important for people and organizations to speak up because judges can’t defend themselves. “It’s very dangerous that we can’t speak up and say that’s not true.”

Sweeney said as chair of the cybersecurity committee of the Judicial Conference, “I can assure you that the judiciary’s top administrative priority is cybersecurity.”

“We look for the very best tools available to keep us current, secure and safe. Because we know the only way that the public will remain confident in us is if we’re protecting the data. If we’re compromised, how can they trust us?” she asked.

Sweeney said firewalls are not good enough to prevent malware. Recently her husband was scheduled to receive chemotherapy at a Washington, D.C., hospital, but was unable to receive treatment because someone had hacked the MedStar computer system. The medical organization had to pay the ransom in order for routine work of the hospitals and doctor offices to proceed.

Elizabeth Rindskopf Parker, dean emeritus of the University of the Pacific McGeorge Law School and the former executive director of the State Bar of California, said, “No matter how good the security, there will be breaches.”

Parker advocated civic education as a route to a more informed public to help prevent cyberattacks.

The moderator for the program was Harvey Rishikof, chair, ABA Standing Committee on Law and National Security Advisory Committee.                                            

The program was sponsored by the ABA Standing Committee on Law and National Security, ABA Judicial Division, and ABA Cybersecurity Legal Task Force.