Bad password
Examining infosec and our ever-eroding privacy.

How France beat Russian meddling (and we could, too)

Maybe we should borrow a cup of French Revolution from our allies.

Sponsored Links

Illustration by D. Thomas Magee
Illustration by D. Thomas Magee

Since we're all expecting Kanye West to be a Supreme Court justice by Monday, it will surprise no one to find out that the completely normal, perfectly-operating administration in the White House is blowing off a new threat of interference and hacking in the upcoming elections. "Robert Mueller and the nation's top intelligence official say Russia is trying to interfere in the midterm elections," Politico reported, "but Republican and Democratic lawmakers say the Trump administration is keeping them in the dark about whether the U.S. is ready."

This is a song people have been singing for a while — that Trump's completely not-compromised-by-Russia cabinet of crazies has been ignoring the issue and avoiding doing any work on preventing more of what happened 17 months ago. Unless, of course, cyber-warrior John Bolton is preparing to rip off his shirt and wrestle an actual Russian bear in the Oval Office, which is entirely possible at this point. It would at least make more sense than doing nothing.

But what could possibly be done, you ask? Lots, especially if you consider our disastrous 2016 election as a teaching moment — which is exactly what France did when it prevented Russian interference as well as Putin's attempts to disrupt and divide French society during their elections.

In a fascinating breakdown by the Center for Strategic and International Studies, we see not only exactly what France did to safeguard its democracy, but also a superlative road map for protecting ourselves. If anyone cared enough at the top, anyway. In Successfully Countering Russian Electoral Interference, CSIS outlined everything that happened to us when Trump got installed in the White House, and everything France did to successfully counter every inch of it. Which included playing some pretty amusing tricks on Russian hackers.

How to pwn America in five simple steps

Using the 2016 U.S. presidential election as "a reference case," Finnish researcher Mika Aaltola identified five stages of election meddling. They're like the five stages of grief, but for democracy.

Stage one was the use of disinformation "to amplify suspicions and divisions" — like everything we saw happen with Facebook, Reddit and Twitter's fake accounts, fake communities, and advertising, plus targeted campaigns using Cambridge Analytica data. Stage two was "stealing sensitive and leakable data," which came in the form of the 2016 Democratic National Committee email hack and dump where DNC emails were stolen by Russian intelligence agency hackers.

Enter the Marquis de Fraud: Stage three was "leaking the stolen data via supposed 'hacktivists.'" Which was obviously WikiLeaks, when it wasn't propping up Trump's BS or fooling US press into believing the CIA was trying to frame innocent Russian government hackers. Which brings us to stage four: "whitewashing the leaked data through the professional media." To which we should add the willingness and gullibility of US media outlets to report conspiracy theories (Stage One) as fact and let Nazis control the sham of a "both sides" narrative.

The final stage in Successfully Countering was "secret colluding [between a candidate and a foreign state] in order to synchronize election efforts." Of which we have a mountain of evidence and watch Trump's toadies dance their Cirque du Denial around every damn day. Just yesterday Trump tweeted, "Russia continues to say they had nothing to do with Meddling in our Election!" (Followed half an hour later by the announcement he'd be meeting with Putin, so I guess they had a call.) Even still, successfully Countering Russian Electoral Interference tells us there are lots of things that can be done regardless of having a president with Putin's hand in his back making his mouth move.

Mind you, France has a couple of advantages against these kinds of attacks. They have no electoral college, their voting structure is slightly different, France's population and media has long been ingrained with critical thinking

As in, they don't have outlets like Fox or Brietbart making up stories, nor are they like Facebook and consider them legitimate. Another advantage was that the Russian hackers thought this would be another rabbit run like Brexit or the US presidential elections. "Clearly, these individuals were overconfident and overestimated their ability to attract public attention and mobilize online communities," wrote CSIS.

On top of all that, the hackers were sloppy — my guess is they used Brexit and Trump as a template that was an ill fit for France. With the Macron staff emails hack and dump, "some of the fake documents were so absurd that the whole episode seemed amateurish," CSIS explained. "Interestingly, the accounts and bots that spread the misinformation were mostly in English because the leaks were first spread by the American alt-right community." Huh. It's almost like the "American alt-right community" is a front for something ... else.

So many mistakes to learn from

Anyway, the lessons learned in Successfully Countering were many, and focused enough that they could be reproduced in our country successfully. Straight-up, they learned from our glaring mistakes. "Paris benefited from the errors made by the United States: an overconfidence that disinformation campaigns would not work in the United States; reluctance to address the hacking of the Democratic National Committee; and a very delayed and muted response by the government."

Anticipating attacks, France set up "administrative, independent, and nonpolitical authorities" as watchdogs before the election who provided "technical and politically neutral expertise to ensure the integrity of the electoral process from start to finish." In addition, they ended the use of electronic voting to avoid cyber attacks. You know things are really bad when a veteran sex writer like me looks at that and thinks oh god indie watchdogs on the electoral process, what an incredibly sexy idea.

France also did the exact opposite of what Trump's administration is doing right now — as well as what Obama's administration did, which is stay quiet about it. CSIS explained, "From the start of the presidential campaign, the French government signaled — both publicly and through confidential diplomatic channels — its determination to prevent, detect, and, if necessary, respond to foreign interference." Is it getting hot in here?

If you're feeling the excitement that I am, just imagining this happening here, get your smelling salts ready, Bessie. Facebook was put under pressure from states and the public to actually do something about the spread of disinformation before the French election.

The results? "Ten days before the vote, Facebook announced that it '[had taken] action against over 30,000 fake accounts' in France," they wrote. "It was later revealed that the actual number of suspended French Facebook accounts was actually 70,000."

The French authorities also undermined propaganda outlets, and the Macron team denied press accreditation to RT and Sputnik. (CSIS reports that both outlets are still "occasionally banned from the Élysée's Presidential Palace and Foreign Ministry press conferences.")

But here's the really dirty part. "Knowing that they would be hacked, the campaign forged emails and fake documents themselves to confuse the hackers with irrelevant and even deliberately ludicrous information," detailed CSIS. "It worked by turning the burden-of-proof tables on the hackers. The Macron campaign staff did not have to explain potentially compromising information contained in the Macron Leaks; rather, the hackers had to justify why they stole and leaked information that seemed, at best, useless and, at worst, false or misleading."

Macron's team also didn't freak out and flail like the DNC did; instead they addressed the hack and dump directly in press and social media, largely because they'd already compartmentalized that they would be hacked, and trivialized the whole thing when it came out.

Going back to the five stages of democracy grief, by using all these strategies the French election only hit stage three. It would be like if we'd experienced all the disinfo and hate-baiting via Facebook (and Reddit and Twitter), then the DNC hack and dump, with US media getting overtaken by propaganda outlets. But then it stopped there, because everyone used critical thinking skills (and verified their damn stories), no one stumbled around in denial or fear, our voting processes were secure and had independent technical and political watchdogs, and one candidate wasn't, you know, openly colluding with Russia. Imagine that.

Image: Aaron Bernstein / Reuters (Fake election ads); EFE (Macron/France)

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget