“DHS got very spooked after the failed rollout of the Disinformation Governance Board, even though the message [from administration officials] was clear that we can’t back down, we can’t be bullied by the right,” a senior US official told CNN.
The proposal, which was made by a federally funded nonprofit, also included plans to track foreign influence activity and modestly increase resources for reporting domestic mis- and disinformation related to voting.
DHS officials had legal concerns about the plan’s scope and whether it could be in place for November, the people said. But the decision not to adopt the anti-harassment part of the proposal has drawn frustration from at least two election officials as their colleagues nationwide continue to face an unprecedented wave of violent threats often inspired by online misinformation.
The episode also underscores how less than two months before November’s election, the federal government is struggling to find an effective strategy to combat false information about the voting process and the harassment of election workers, leaving many of them feeling unprotected.
Having “an authoritative backing from our federal partners in correcting” mis- and disinformation about voting “is really important,” Meagan Wolfe, who heads the Wisconsin Elections Commission, told CNN in an interview. “And I think what they’re providing now is less of a backing than they did around the 2020 election.”
The closely held proposal was seen as flawed by some current and former US officials. And though it didn’t enjoy unanimous support among the small group of election officials who knew about it, some felt it could’ve improved their safety before Election Day.
In August, election officials from Florida and Colorado wrote a letter, obtained by CNN, to the leaders of DHS and its Cybersecurity and Infrastructure Security Agency (CISA) urging them to approve part of the plan that would combat doxing — or the online exposure of election officials’ personal information — “before these efforts of intimidation worsen in the lead up” to the midterm elections.
Kathy Boockvar, a vice president at the Center for Internet Security, alluded to the proposal in an interview in an interview with CNN in May.
Defending against online harassment is “an area where [election officials] really could use both training and support,” Boockvar said.
After CNN asked CISA about the letter, the election officials received a response from CISA Director Jen Easterly.
“I very much share your concerns about threats to our nation’s election officials,” Easterly wrote in a letter obtained by CNN, dated September 16, to the Florida and Colorado election officials. “We are committed to working with you and our partners to identify mechanisms to help address this real and concerning risk.”
More broadly, there have been increased calls inside and outside of the federal government for a greater effort to counter election-related mis- and disinformation. Yet there remain significant questions about which federal agency should take the lead in protecting election officials from harassment or the misinformation it is inspired by — issues that do not fall neatly into CISA’s mandate.
Bryan Ware, who was CISA’s assistant director for cybersecurity through Election Day in 2020, said the stakes are high.
“If somebody from the US government doesn’t stand up and address disinformation and misinformation, I’m confident that our adversaries will take advantage of it,” Ware told CNN.
CISA declined to comment specifically on the rejected proposal. In a statement to CNN, Kim Wyman, CISA’s senior election security lead, said the agency is “committed to building resilience against foreign malign influence operations that seek to undermine our democracy or lead to threats to election infrastructure or personnel.”
CISA, Wyman said, is “working side-by-side” with election officials to combat disinformation and “has not wavered in our mission to help the American people better understand the threat of foreign influence campaigns.”
Work to be done
The origins of the proposal date back to the spring, when the Center for Internet Security (CIS), a nonprofit partly funded by CISA, first submitted it. CIS has for years carried out cybersecurity work for federal and state government agencies.
Among the many concerns that officials expressed about the plan was how it would be implemented. The anti-doxing component would have used software to track when election officials’ personal information is dumped online so that they, and potentially law enforcement, could be notified. Other parts of the plan included additional funding for an online “portal” for election officials to report false voting-related information and a service provided by New York-based firm Graphika to track foreign influence campaigns aimed at elections.
While the anti-doxing and foreign influence parts of the proposal remain stalled, work on the online “portal” for election officials to flag misinformation to social media platforms predated the proposal and continues today, according to people familiar with it.
CIS spokesperson Jason Forget declined to comment on the proposal.
Current and former US officials say there are unresolved questions about who, if anyone, in the federal government is willing to consistently counter domestic mis- and disinformation narratives that undermine confidence in elections or threaten the security of critical infrastructure like voting machines.
There are natural concerns about the government even appearing to infringe on free speech while countering disinformation. And the variation in voting procedures across states makes state and local officials a key resource for rebutting election lies.
But the federal government can play an important role in amplifying factual information from local election offices and debunking viral rumors that could lead to violence, according to several current and former officials.
“Combatting disinformation as it relates to election security is a core mission of the Department of Homeland Security and CISA,” said Bob Kolasky, who until March led CISA’s National Risk Management Center, which works with critical infrastructure firms to understand risk, including to elections. “To the extent that information leads to violence, DHS and CISA should be supporting state and local election officials.”
Lessons from 2016
After Russian operatives probed voter registration databases in multiple states in 2016, DHS’s cybersecurity agency (which became CISA in 2018) took on a much more active role in helping states protect their election-related infrastructure in the 2018 and 2020 elections. Other agencies, such as the FBI and US Cyber Command, are involved in various efforts to protect US elections from foreign meddling, but CISA established itself as the main federal go-between for state and local election officials.
Six years later, though, that commitment is being tested.
“It felt like we failed the American public” in 2016, with the lack of a strong federal response to Russian interference in US elections, the senior US official told CNN. “And we’re bordering on that again because we are afraid of our own shadow on the misinformation-disinformation front.”
CISA continues to provide cybersecurity guidance for election officials and advice on combatting disinformation. Like their predecessors, Easterly and Wyman, CISA’s top election security official, have met with state and local officials and offered the agency’s support.
But some election officials say they have seen less public messaging from CISA on election security and not the same public effort to combat mis and dis-information from CISA in the last year.
“I would really like to see that [federal] backing [on mis- and disinformation] really fortified or expanded so that we know we can rely on it when we’re working on providing facts at the local or the states level,” said Wolfe, the Wisconsin election official.
In her statement, Wyman said that CISA has looked to “empower local election officials” to help voters in those communities get accurate voting information. At least 13 states have set up their own websites to debunk false election information.
The “Rumor Control” web page hasn’t been updated since May. CISA said in an emailed statement that it updates the page when it becomes aware of “false or misleading election-related narratives that could pose a risk to our democratic process.”
An initial 35-page draft, first reported by Politico, of CISA’s “strategic plan” for 2023 through 2025 did not mention election security, alarming some current and former US officials. The final version of the plan, released this month, reiterated the agency’s commitment to election security.
CISA has hired more specialists to assess the security of election facilities; the FBI has investigators focused on election-related crimes across the country. Those resources are meant to complement local law enforcement, but they are still falling well short of the threat, according to some election officials.
David Becker, who manages a pro bono legal defense network for election officials who are threatened with violence, said he is worried about the extent to which political violence has been normalized in the wake of the 2020 election.
“What if we have dozens of [the January 6, 2021, riots] all over the country?” said Becker. “That’s where we’re headed for because people are being lied to and being told that any election in which their candidate loses is by definition stolen.”
CNN’s Geneva Sands contributed to this report.