[Editors’ note: This essay is one in a series—the Good Governance Papers—organized by Just Security. In these essays, leading experts explore actionable legislative and administrative proposals to promote non-partisan principles of good government, public integrity, and the rule of law. For more information, you can read the Introduction by the series’ editors.]
Had the last four years looked anything close to normal in the U.S. government, in 2020 we’d be asking what second-generation steps America should take to address foreign election interference. That’s because in the wake of Russia’s extensive operations to distort the 2016 presidential election, any normal administration would have worked swiftly with Congress, state and local partners, and the private sector to address an obvious threat to the foundations of American democracy.
But that’s not where we find ourselves in 2020. Instead, the Trump White House has refused even to acknowledge Russian election interference as a threat, resisted first the passage and then the implementation of a federal statute designed to punish Russia for its actions, and snubbed cabinet members seeking leadership and coordination within the executive branch to address the threat. That situation led certain cabinet members to do what they could on their own, with FBI Director Chris Wray forming a Foreign Influence Task Force and NSA Director Paul Nakasone overseeing cyber operations that handcuffed Russian actors in advance of the 2018 U.S. midterm elections. But, fundamentally, it means that the United States still needs to design and implement first-generation steps to thwart foreign interference with our elections and with our broader democratic life.
My focus here is specifically on foreign influence campaigns—the type of interference that America has actually suffered, via social media and hack-and-dump operations, since 2016—rather than outright cyber intrusions altering voter rolls or election tallies, which appears to remain an unrealized threat. The latter types of action deserve their own urgent response, alongside an overdue response to the types of malign influence campaigns that are this essay’s focus.
Strengthening America’s response to foreign election interference should be a joint project for the executive branch and Congress, alongside state and local partners and—critically—the technology sector. Start with Congress. It is past time for legislators to send to the president’s desk the Honest Ads Act, which updates the existing disclosure regime for political advertising by applying it to the Internet. Some key technology companies already have pledged to abide by what the Act’s main requirements would be. But that’s no excuse for congressional inaction to persist: these voluntary steps by the private sector should become legal requirements mandated by government, thus applicable to all companies and no longer dependent on a corporation’s easily reversible decision to comply.
Moreover, Congress should pass a bill, also already introduced, to criminalize clearly and specifically assisting or accepting assistance from a foreign government for purposes of influencing election outcomes. It’s arguable that such activity is already by and large criminalized by existing U.S. election law—but there’s enough dispute about the scope of that law, and enough urgency to make clear that this type of foreign intrusion is forbidden, that it makes good sense to send this bill, too, to the president’s desk for signature—with a civil cause of action included so that non-governmental actors, such as a political campaign that could show harm due to the opposing campaign violating this law, could seek relief even if the Justice Department turned a blind eye.
Congress could also consider—with careful scoping to safeguard First Amendment-protected activity—criminalizing a wider swath of activity that constitutes foreign interference in American democratic processes, such as (1) criminalizing the distribution of information stolen, for purposes of assisting a candidate, in violation of the Computer Fraud and Abuse Act by those who were involved in, or in soliciting, the unlawful obtaining of such information, and (2) criminalizing the crossing of state lines to violate privacy (such as to disseminate stolen, private information) with the purpose of committing election interference.
In addition to these enhancements to the federal criminal code, Congress can take important steps on the civil side. For example, Congress should extract greater transparency from social media companies by requiring public disclosure of individuals and organizations that buy online advertising relating to political issues. Such a federal statute would give law enforcement, researchers, and the public more opportunities to identify and expose the involvement of foreign money, including when it’s in essence laundered through domestic ad purchasers. More ambitiously, Congress could consider establishing a regulatory scheme in which social media companies and file-upload sites are required to provide more information—perhaps akin, at least conceptually, to the beneficial reporting requirements imposed on financial institutions in an effort to address money laundering and terrorist financing. (Think of it as “know your poster” rather than “know your customer.”) Congress could also consider a legally mandated notification scheme, in which social media companies would have an obligation to inform users when they’ve been directly exposed to content linked to a foreign government’s influence campaign (a right to know).
Congress should also ensure that it and the American public are informed about the nature of the evolving election interference threat by requiring public Senate and House Intelligence Committee hearings specifically regarding foreign election interference at assigned dates during the presidential and midterm primary season and again during the general election. These could be accompanied by closed-door hearings to allow the additional presentation of classified intelligence; but the public component is vital.
Furthermore, Congress should send to the president’s desk already-introduced legislation that would require campaigns to report to federal authorities any contacts with foreign nationals to make campaign donations or otherwise coordinate with the campaign by offering information or services.
It’s essential that Congress be part of enhanced efforts to address foreign election interference, but there’s much that the executive branch, on its own, can do too. Perhaps most obviously—and it’s astonishing that this even needs to be said—the American president and those around him should avoid ever becoming sources of disinformation, which foreign actors can then repeat and amplify. This is precisely what the recent announcement of Iranian and Russian election interference revealed: this foreign election interference was built around the very claims that President Trump himself had made regarding alleged (but unsubstantiated) vulnerabilities associated with mail-in voting. (This recognition also emerged from an earlier DHS bulletin that identified several false claims advanced by Russian disinformation, claims that closely tracked President Trump’s own statements.) So, the easiest and swiftest step the executive branch can take to thwart foreign election interference is to stop churning out disinformation that can energize such interference. Following closely is the imperative for the executive branch to provide the American public with honest information about what foreign actors are doing to distort American democracy so as to warn the public and, moreover, to inoculate it against such information by calling it out and debunking it.
The executive branch can, moreover, step up enforcement of a wide range of existing laws which can help address foreign election interference. These include the Foreign Agents Registration Act as well as campaign finance laws prohibiting foreign support to American political campaigns.
It is critical that the executive branch also establish more robust and effective information sharing channels with state and local officials as well as—perhaps even more critically—the technology sector whose platforms can play a central role in foreign interference. Technology companies often have a unique understanding of how content is moving around their own platforms; but the government, especially if it prioritizes collection and analysis regarding foreign election interference, should be able to offer distinctive insights into the newest forms of interference across platforms, what types of disinformation campaigns may be coming next, and what relationships foreign intelligence services may be hiding via front organizations and other agents. The U.S. government, especially when it comes to national security and foreign policy, is structured to collect and protect information; yet, when private companies represent the frontlines of today’s confrontations, it can be even more important for the government to share information. That makes it imperative that the executive branch build mechanisms for identifying and analyzing foreign election interference trends, then establish channels to technology companies plus state and local partners to share those trends at the unclassified level and speedily enough to address the spread of damaging content, whether by removing it if deemed appropriate or, for example, by labelling it as questionable and directing users to additional information. The same principle can be applied to other information the U.S. government has in its possession that could inform private-sector efforts to address foreign election interference if shared fulsomely and swiftly.
The flow of information between government and the private sector (ideally in both directions) could—and should—also motivate technology companies to cooperate more robustly among themselves to share information that can be acted on to counter foreign election interference. Thus, much as leading technology companies announced the sharing of digital signatures associated with terrorism-related content, so too could companies share digital signatures associated with election-related disinformation intended to distort political dialogue. Similarly, much as key companies subsequently took another step for terrorism-related content by announcing that they would jointly enhance the tools they use to identify such content in the first place, so too could companies work together to improve their ability to ferret out information associated with election meddling.
As critical as it is for the executive branch to inform and thereby augment the private sector’s efforts to address foreign election interference, ultimately it’s asking too much of private companies to single-handedly take on well-resourced foreign governments that seek to unleash information operations against America. The government must step in with its powers. That means making specific offending countries like Russia pay a higher price for besieging American democracy. It also means establishing an international norm against foreign interference in domestic elections, building a coalition in support of that norm (perhaps initially through its articulation by an entity like the G-7), and ensuring that countries in that coalition are prepared to act swiftly and decisively each time governments violate the norm.
Delineating the contours of that norm is particularly important. Jake Sullivan and I have offered what we regard as the five essential elements of the norm. Our approach is at least a starting point for the executive branch to use in determining its own optimal articulation of the norm. It can then begin using reinvigorated diplomacy to enlist key partners for the vision and to build a broader coalition.
There’s more the United States can do to build resilience against disinformation, ideally through collaboration among Congress, the executive branch, technology companies, state and local governments, and educational entities. In this area, America has much to learn from other countries, like Estonia, which has made Internet literacy an emerging national identity; like France, which now teaches digital health to the country’s youth in school (as some American schools are beginning to do); and like Japan, which has developed an Internet Literacy Indicator System to ensure that the country makes measurable progress in cultivating cyber-resilience.
Aggressive efforts to undermine the foundations of American democracy demand aggressive responses. Too little has been done since 2016—but that doesn’t mean it’s too late. Through concerted and coordinated action by Congress, the executive branch, state and local governments, and the technology sector, the United States can—finally—step up to the serious challenge posed by foreign interference to American national security and American democracy.