EPIC v. DHS (Election Cybersecurity)
- Nominee for DHS Secretary Favors Less Wall, More Surveillance Tech at Border: Today Congress considered the nomination of Kirstjen M. Nielsen as Secretary at the Department of Homeland Security. Ms. Nielsen opposes a border wall but suggested an expansion of border surveillance. "Technology, as you know, plays a key part, and we can't forget it," she said. EPIC is pursuing a FOIA request regarding the use of DHS drones for border surveillance. Earlier EPIC cases - including EPIC v. DHS which led to the removal of x-ray body scanners in US airports - revealed that technologies for border surveillance invariably impact the privacy rights of Americans. Ms. Nielsen views on the use of DACA applicant data for enforcement remains unclear. EPIC recently warned that 800,000 DACA applicants face privacy risks as a result of the decision to end the Deferred Action for Childhood Arrivals. (Nov. 9, 2017)
- EPIC Opposes DHS Plan for Social Media Surveillance: In comments to the Department of Homeland Security, EPIC opposed a plan to add social media information to the official files of all immigrants. EPIC said the DHS proposal threatens First Amendment rights, risked abuse, and would disproportionately impact minority groups. A coalition of organizations also submitted comments to express concern about the proposal. EPIC previously opposed a Customs and Border Protection proposal to collect social media identifiers from visa applicants. In a FOIA lawsuit against DHS, EPIC obtained documents which revealed that federal agencies gather social media comments to identify individuals critical of the government. EPIC is currently pursuing a FOIA request about a revised DHS plan to require disclosure of social media passwords before allowing entry into the country. (Oct. 19, 2017) More top news »
In Freedom of Information Act lawsuit EPIC v. DHS, EPIC is seeking Department of Homeland Security research, integration, and analysis of the Russian interference in the 2016 presidential election. The U.S. Intelligence Community (“IC”) concluded that Russia carried out a multi-pronged campaign to interfere in the 2016 U.S. Presidential Election to “undermine public faith in the US democratic process,” demonstrating a “significant escalation” in Russian activities. Nine months since the IC report on the interference, few new details of the interference have been made public.
In March 2017, Representative Bennie Thompson (D-MS), Ranking Member of the Committee on Homeland Security, introduced House Resolution 235 directing the Secretary of Homeland Security to transmit the Department of Homeland Security’s research, integration, and analysis related to Russian interference directly to the House. Following Rep. Thompson's proposal, EPIC seeks the same documents under the Freedom of Information Act.
DHS Investigation of the Russian Interference
The mission of DHS is mission to “safeguard the American people, our homeland, and our values,”, and has played a key role in the federal response to the Russian interference. On December 29, 2016, DHS and the Federal Bureau of Investigation published the first public report on the interference — the “Joint Analysis Report,” or JAR. The JAR highlighted and explained techniques used to perpetrate the interference and techniques used to enhance systems defense. Significantly, the JAR formally tied the attack to Russian intelligence services. While “[p]revious JARs have not attributed malicious cyber activity to specific countries or threat actors,” the report stated, this report immediately identified “Russian civilian and military intelligence Services (RIS)” as the actors who “compromise[d] and exploit[ed] networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities.” On January 6, 2017, then DHS Secretary Jeh Johnson also announced the designation of election infrastructure as a subsector of the U.S. government’s critical infrastructure. Former DHS Secretary Johnson has since stated that he made the designation after “concerns about the possibility of a cyberattack around our national election grew” following the events of 2016
Since the publication of the JAR and the critical infrastructure designation, DHS’s has continued the Russian interference investigation. But the agency has not provided any significant, new information to the American public. On June 21, 2017, nearly eight months after election day, in an open hearing before the Senate Select Committee on Intelligence, NPPD’s Acting Deputy Under Secretary for Cybersecurity and Communications Jeanette Manfra confirmed for the first time that “election-related systems in 21 states were targeted” by Russian cyber actors during the 2016 election cycle. Nearly half of the United States were targets of Russian activities during the 2016 election cycle. Acting Deputy Under Secretary Manfra did not indicate which states were affected, and, when pressed, would not disclose the states from which data was exfiltrated.
Vice Chair Mark Warner (D-VA) questioned Ms. Manfra during the hearing about whether “at this moment in time there may be a number of state and local election officials that don’t know their states were targeted in 2016.” Senator Rubio (R-FL) urged, “[A]s much of [the systems data] must be made available to the public as possible,” and said to “err on the side of disclosure about our systems so people have full confidence when they go vote.”
Former DHS Secretary Johnson emphasized in written testimony to the House Select Committee on Intelligence on June, 21, 2017, that his “very troubling experience highlights cyber vulnerabilities in our political process, and in our election infrastructure itself. With the experience fresh in our minds and clear in our rear-view mirror, we must resolve to further strengthen our cybersecurity generally, and the cybersecurity around our political/election process specifically.”
On September 13, 2017, Acting Secretary of Homeland Security Elain Duke issued a Binding Operational Directive to Federal Executive Branch departments and agencies to stop using software made by the Russian cybersecurity firm Kaspersky Lab. In a statement DHS said “[t]he risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.
There is a profound and urgent public interest in the release of records in possession of the DHS sought by EPIC, through EPIC v. DHS, concerning the Russian interference with the 2016 Presidential Election. The release of these records is necessary for the public to evaluate DHS’s response to the Russian interference, assess future threats to American democratic institutions, and to ensure the accountability of the federal agency with the legal authority to safeguard the American people against foreign cyber-attacks. EPIC v. DHS is one of a suite of FOIA lawsuits EPIC is pursuing as a part of the EPIC Cybersecurity and Democracy Project. This project focuses on US cyber policies, threats to election systems and foreign attempts to influence American policymaking. EPIC has filed three other Freedom of Information Act lawsuits concerning Russian interference in the 2016 Presidential Election: EPIC v. FBI seeks information about the FBI's response to the attacks, EPIC v. IRS EPIC v. IRS seeks public release of Donald J. Trump’s tax returns, and EPIC v. ODNI seeks release of the complete report on the Russian interference.
- EPIC's FOIA Request (March 31, 2017)
U.S. District Court for the District of Columbia (No. 17-2047)
- EPIC: Democracy and Cybersecurity: Preserving Democratic Institutions
- EPIC: Open Government Project
- EPIC: EPIC v. FBI
- EPIC: EPIC v. ODNI
- EPIC: EPIC v. IRS
- Homeland Security and Gov't Affairs Comm. Democratic Staff, Memorandum Highlighting DHS Aid to States to Secure Elections Systems (2017)
- U.S. Department of Homeland Security & Federal Bureau of Investigation, GRIZZLY STEPPE - Russian Malicious Cyber Activity, Joint Analysis Report (2016)
- ODNI Assessing Russian Activities and Intentions in Recent US Elections, Assessment (2017)
- Tim Starks, The Checklist for DHS on Election Security, Politico (Dec. 12, 2017)
- Tal Kopan, Feds Have Eye On Cybersecurity Issues As Voters Go To Polls, CNN (Nov. 7, 2017)
- Maryam Saleh, The U.S. Election System Remains Deeply Vulnerable, But States Would Rather Celebrate Fake Success, The Intercept (Oct. 3, 2017)
- Morgan Chalafant, California: DHS gave 'bad information' on Russian hacking, Hill (Sept. 28, 2017)
- Callum Borchers, What We Know About the 21 States Targeted by Russian Hackers, Wash. Post (Sept. 23, 2017)
- Eric Geller, DHS bars government from using Russia-based Kaspersky software, Politico (Sept. 13, 2017)
- Matt Zapotosky and Karoun Demirjian, Homeland Security official: Russian government actors tried to hack election systems in 21 states, Wash. Post (June 21, 2017)
- Rebecca Shabad, Jeh Johnson says FBI delayed notification of DNC cyberattack, CBS News (June 21, 2017)
Share this page:
EPIC relies on support from individual donors to pursue our work.
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.
Privacy in the Modern Age