Trevor Timm is a Guardian US columnist and executive director of the Freedom of the Press Foundation, a non-profit that supports and defends journalism dedicated to transparency and accountability. Follow him on Twitter: @TrevorTimm
There is some circumstantial evidence that the hack may have originated in Russia, but there are many questions that haven’t been resolved
Since WikiLeaks published the DNC’s hacked emails on Sunday, there has been a flurry of accusations – including from the Hillary Clinton campaign – that Russian president Vladimir Putin orchestrated both the hack and the leak, in an attempt to help Donald Trump win the presidency.
First, it would certainly be disturbing if Russia is trying to affect our democratic process, but maybe we should wait until we see actual evidence before deciding,as some have, that Putin ordered hackers to help swing the US election on the eve of the Democratic convention?
It’s amazing how quickly the media are willing to forgo any skepticism and jump to conspiracy-tinged conclusions where Putin is involved. He has been linked toeverything from Brexit, Jeremy Corbyn, Greece and Spain. People treat him like an omnipotent mastermind who secretly and effortlessly controls world events. Here’s an idea: maybe we should stop giving him so much credit?
Yes, there is some circumstantial evidence that the hack may have originated in Russia, but there are also many questions that haven’t been resolved. As Adam Johnson detailed, when you look closely, the evidence is shoddy and often contradictory. Even in the New York Times article that spent dozens of paragraphs speculating about Russian involvement concluded at the bottom: "It may take months, or years, to figure out the motives of those who stole the emails, and more important, whether they were being commanded by Russian authorities, and specifically by Putin.”
The bulk of the "evidence” has come from the statements of cybersecurity firms FireEye and Crowdstrike, both of which have lucrative contracts with the US government. As FireEye’s CEO once made clear, his company has a financial stake in nation-state hacking tensions.
If the allegations involving Russia are true, there are plenty more logicalmotivations besides evil genius-level electioneering, and the media should probably stop feigning shock that a country would stoop to this level. As Edward Snowden pointed out on Twitter with an accompanying NSA document, "Our government specifically authorized the hacking of political parties.” The US has also considered hacking and then releasing sensitive and embarrassing information in China in retaliation for cybersecurity attacks, as the New York Times reported last year.
This is not to say people should not be angry or upset if Russia is trying to influence American politics, but if the US wants to place blame at the feet of the Russians, they should do so transparently and in public, without leaving it to anonymous officials and cybersecurity firms to make claims without providing hard evidence. The US started down this course during the Sony hack last year, and in this case, transparency might be the best deterrent in the future – which, by the way, is something both Snowden and the Snowden-hating national security blog Lawfare argued on Monday.
Beyond the geopolitical implications, this whole affair also brings up another issue that has been greatly debated over the past year: end-to-end encryption. Possibly the most ironic of all the emails consisted of a DNC official calling a BuzzFeed article "the dumbest thing I’ve ever read”. The article suggested both parties’ national committees had no idea what they were doing when it came to cybersecurity.
If politics led to logical conclusions, the disastrous hack of the DNC might encourage the party to take a much stronger stance embracing end-to-end encryption, which is a cybersecurity tool as much as a privacy enhancer. For example, if the DNC were communicating over WhatsApp – which is fully end-to-end encrypted so that anyone who breached WhatsApp’s servers would not have access to the content of the messages – they would have made it much harder for the hackers. In fact, Congressman Ted Lieu castigated his colleagues earlier this year for not using end-to-end encryption when communicating with staffers – for precisely the reason that it left them open to observation by foreign spies.
But we don’t live in a logical world, so we can probably look forward to politicians continuing to stoke cybersecurity fears and escalating international tensions without doing anything effective about it.