NewCo Shift Forum
A conversation with the key players in last Fall’s biggest election controversy
Following the explosive interview with Clinton campaign chief John Podesta at NewCo Shift Forum last month, a panel of experts sat down with Podesta and moderator John Heilemann to discuss the implications of Russia’s hacking on the US election process. Shawn Henry, president of the firm which identified the hackers, and Marc Elias, general counsel to the Clinton campaign, discussed Trump’s claims of voter fraud, whether the hacking will effect the 2018 midterm elections, and more. Below is the video and the full transcript, edited for clarity, of the conversation between the three.
John Heilemann (JH): We have here Marc Elias, who’s part of Perkins Coie, which is one of the sponsors of this forum, was also the chief election lawyer for the Hillary Clinton campaign, and a colleague of John Podesta’s.
And our friend Shawn Henry, who works for a firm in suburban Virginia, outside of Washington, DC, called CrowdStrike. We wanted to bring some technical and some legal backup into this conversation.
CrowdStrike was the firm that the Democratic National Committee hired when it first was hacked. John alluded to that hack. They brought CrowdStrike in, and CrowdStrike was the company that first identified that the Russians were behind the hack in a pretty concrete way, ahead of the US intelligence agencies, at least publicly, you guys were out in front saying that.
I want to start with that, Shawn, just for you. You also spent a long time at the FBI, which we’ll come to a little later in the conversation. Just talk about how it was that very quickly your firm established — in a matter of days, when you really started getting into the DNC hack — that it was definitively the Russians that were behind it.
Shawn Henry (SH): One of the things we do at CrowdStrike is help organizations protect their data and their networks, primarily from targeted attacks — nation states, organized crime groups, etc. As part of that process, we are engaged in intelligence collection against who the adversaries are.
One of our philosophies is that these attacks go on indefinitely unless we identify who the actors are and can take some measures to mitigate that, whether it be through some type of sanctions, whether it be through some type of counter efforts by the government, etc.
We’d been tracking these two different Russian intelligence services, one associated with the FSB, which is essentially the former KGB, one associated with the GRU, which is Russian military. We’d been tracking them for many years across hundreds of different attacks that had occurred.
By going into the DNC, we were able to see some of the very clear tell‑tale signs of these two organizations, the tactics that they were using, some of the malware, the targeting that they were doing, and targeting they were doing elsewhere that led us to believe with a high level of confidence that this was the Russian government that was engaged in some type of an espionage campaign.
JH: Marc, I ask you now, just from a purely legal sense, you’re the chief lawyer for the Clinton campaign?
Marc Elias (ME): Right, and the DNC at the time.
JH: The DNC at the time. In both instances, people come to you and say, “Hey guys. The Russians have now hacked our systems. They’ve hacked our chairman’s email. They’ve hacked the DNC’s systems.” From a legal perspective, when you are told that, you do what?
ME: The first thing I did is I said, “You’ve got to be kidding me.” I was the general counsel of the Kerry campaign. At one point, the FBI showed up and said, “You’ve been hacked by the Russian mafia,” and I said, “Well, what are they going to want to do?” Whatever it was, it wasn’t going to affect the election, so I was like, “That’s fine.”
Then it was reported that one of, I think it was the Obama and Romney campaigns, had been penetrated by the Chinese. They had sort of kept it quiet. The first thing was, “OK, so the Russians are here. That’s bad, but as a practical matter, what is that going to mean for the DNC and for the campaign?”
What really made this different, and what I think, to John’s point about the underreporting of it, and also the implications going forward, is that this wasn’t a hack for intelligence‑gathering purposes.
I don’t mean to be dismissive about it, but at some level if the question was, “The Russians want to know how we run elections so that when Hillary Clinton is president, they have a better sense of the role that the party plays in our system versus the White House.”
It’s bad that we’ve got to deal with it, but what’s different here is that at a whole host of levels — and remember, it wasn’t just the presidential level. Remember, they hacked in and they did selective releases in House races that were aimed at targeting individual House races.
As people think about (the upcoming elections in) 2018, this is not…If you’re the Russians, or for that matter, the Chinese or anyone else, and you were able to affect policy outcomes, electoral outcomes through this, this may just be part of our politics now.
JH: Shawn, I want to ask you, around the time that all of this was happening in October, I came down and met with people in your firm, one of your partners or colleagues, Dmitri Alperovitch, who was also involved in this. I was discussing with him how likely….“What’s the prospect that the actual vote could be hacked?”
We had a discussion about him saying, “Well, the voting machines themselves are not networked. They’re run state by state. The likelihood that Russians or anyone else could actually hack the vote is very small. However, there are areas of vulnerability.
“The voter registration systems are online, and could be hacked, and that could create chaos on election day. The reporting systems by which votes are tabulated and projected to the networks and other news outlets could be hacked, and that could create chaos on election night.”
None of those things seemed to have happened on election day, but how vulnerable the actual vote, the system, the actual voting is in the United States to this kind of hacking and outside incursions.
SH: To Marc’s point, originally when this started, it looked like it was a clear espionage campaign, collecting information about policy and those sorts of things, which happens, and has happened for thousands of years — espionage.
But for this to be operationalized was a paradigm shift in the way nation states, particularly at this level, operate, and this was something very new. In terms of the actual election system itself, I don’t think that there was any indication, when we talk about tabulating votes, that there was any influence there, or actual actions that changed vote counts.
There’s no evidence that’s come forth, but certainly as it relates to voters’ thoughts and their ideas about what’s happening, because information that was being leaked, as well as the fact that information may have actually been changed. Some of the information that was put out was not necessarily directly correlated or accurate. It was actually manipulated.
The Director of National Intelligence, in February of 2016, put out a report that is public that said that the Russian government is going to use cyber means to influence events for Russian policy, especially in a political realm, so that’s very clear that that’s exactly what happened here.
But our system today, we don’t have USAvote.com. There’s not one centralized location. It’s very disparate, and to that end, that’s actually helped to maintain the integrity. In terms of other areas like tabulating or voter registration, etc., could they be manipulated? Of course. Anything that’s connected to the network has the potential to be attacked.
JH: Marc, you’ve written about this recently. Despite what Shawn just said, that the vote itself was not hacked, despite the fact that the Trump campaign’s own lawyers, in contesting the recount efforts by Jill Stein, said, “There’s no evidence that the vote has been hacked,” we now have a president who is claiming that millions of votes were cast illegally, and that he would have won the popular vote if those votes had not been counted, and is about to launch a Federal investigation led by the vice president into this alleged multi-million voter fraud.
On its face, it seems ridiculous, but what do you think’s really going on with this effort on his part, beyond, obviously, his obsessive insecurity about having lost the popular vote to Hillary Clinton?
ME: Right. Don’t dismiss the thin‑skinned nature of his obsessiveness, but I think what’s going on beyond that is he is sending a signal to Republican operatives, Republican election officials, Republican legislators, that efforts to crack down on voting, and to make voting harder, it’s open season. That’s a terrible thing. We have had a culture, a bipartisan commitment in this country, for the last 30 years or so, to make voting easier — increased vote by mail, increased registration opportunities, increased early vote.
And you had it in Democratic states and Republican states, starting with the election of President Obama, we started to see Republican legislations trying to curtail that in North Carolina, Wisconsin, Ohio, good examples of where they were trying to make voting less convenient.
I think what Trump is doing now is signaling the next stage, which is not just to cut down on convenience voting, but to actually have states be much more aggressive in the registration process, in the in‑person experience that people have. It’s being done because they are trying to fight the demographics of the country. The voting population of the country is becoming browner. It’s becoming younger, and this is a man who is clinging to “Make America Great Again” as a harken back to an era when white males made up a larger population percentage of the electorate.
JH: Shawn, I mentioned before that you worked at the FBI for a period of time. I’m reading here from your bio. You were once the Executive Assistant Director of the FBI, three FBI field offices, did a bunch of stuff with the FBI — computer crime and cybersecurity, investigative capabilities, oversaw computer crime investigations spanning the globe, etc., etc., including a lot of places that we’re now talking about in Eastern Europe and Russia.
You know a lot about how the bureau works. John Podesta, earlier, made a pretty striking set of arguments about the disparity between how the bureau handled the email investigation of Hillary Clinton’s practices, and how it seemed to deal with these hacks, both at the DNC and of John Podesta’s own email.
From what you know of the bureau, how do you explain that disparity?
SH: In terms of the notification to the DNC?
JH: In terms of how they handled the investigation, in terms of the priorities they gave to it, in terms of the intervention of Comey in a very visible way on one side and not on the other, his reluctance to sign on with the rest of the intelligence agencies, all of the stuff that John laid out.
SH: I can talk about what they did in the DNC. I didn’t have any engagement on the other side at all. I’ve been out of the bureau for almost five years now, but I oversaw the group five years ago that would do this and did this investigation.
I made notification personally as the Assistant Director of the Cyber Division in 2008, to then‑candidate Obama, that his campaign ‑‑ actually, to Denis McDonough, that his campaign had been breached. Then we subsequently did it a week later to Senator McCain, because we recognized these significance, the severity, and the implications of a foreign government targeting a political campaign.
I personally, as the Assistant Director, made that notification. Fast forward, eight years later, and there was notification, as John described, that was a phone call, rather than somebody knocking on the door.
I was a little concerned about that, coming from that place. Looking at some of the details, and talking to some of the people who were engaged in that investigation, there were thousands of breaches that they were reporting. Obviously, the DNC should have been at the top of the list in terms of prioritization.
I believe that the agents that were engaged there just didn’t recognize it for what it was. I don’t think that they personally had a political agenda that they did something for partisan purposes, but I believe that they just didn’t pay enough attention to the severity of the attack, what was being targeted, by whom, and what the ultimate results might be.
JH: You mentioned the report. I think it was released about a year ago today, was when Obama, the Cybersecurity National Action Plan was released. That sort of seems now prophetic in certain ways, but it talked about things that needed to be done.
I want to ask all of you, looking forward — some of you are more technically sophisticated than others — but one of the things that report never mentions once. The word encryption does not appear in it anywhere.
Just talk about what you — Shawn, I’ll start with you, and we can work our way down — what you think needs to happen now, because it seems to me that we’ve now had this unprecedented historic thing that took place in this election. None of us want our elections to be vulnerable to this kind of incursion ever again.
What does the country need to do, other than just the general thing of, “We’ve got to get serious about this.” What do we actually have to do now to try to failsafe or vouchsafe our electoral infrastructure?
SH: First of all, there has to be a sense of urgency. Regardless of what side of the aisle you’re on, if you don’t see an attack on the US electoral system, on the democratic process, as a threat to our national security and a threat to the very institutions we hold dearest to us, then you’re in the wrong country.
It is absolutely an attack. There has to be a sense of urgency.
There have been multiple plans that have been put in place going back to the late ’90s, so when I listen to senators recently say, “We need to have a plan…” they said publicly.
We have a plan. We’ve had multiple plans. We need to actually execute the plans that are public, they’re available. Lots of effort, lots of money have been put into them.
One particular plan, the comprehensive National Cybersecurity Initiative was funded to the tune of $17 billion, [laughs] funded. We need to execute that plan. It’s put in place. There’s 12 different initiatives that are very clear.
Had they actually been implemented, I think that we would have been able to have mitigated many of the attacks we’ve seen recently, not just through the most recent attacks, but even against OPM and others.
ME: I’d say three things really quickly. Number one, on the election administration side, the states got big grants under the Help America Vote Act right after the 2000 election.
They have largely been starved since then. Updating the voting equipment and the voting tabulation systems, putting in things like random audits after elections would do a lot to increase confidence. I agree with Shawn that in some ways, the election results were not hackable, in part, because the equipment is so old and so outdated, it would be hard to hack.
Number two is I do think there is a role for the private sector, particularly the tech sector, around the voter rolls. Because you’re right, those are Internet‑facing. These are the state‑wide voter registration systems.
At one point, I had a conversation with MIT and Cal Poly, around a big project on elections. Why don’t they have a central repository of every state’s voter file with every iterative update? Whether they are the right people, or whether it’s a company like Google or some other private consortium, who knows, but I do think there is a way to safeguard this by engaging the states that don’t otherwise have the ability to do this.
The third is I think after the hack, and this was written about in a Vanity Fair article, campaigns, the Clinton campaign, but other campaigns moved to services like Signal for a lot of encrypted messaging. I’ve been looking at Wickr, which has enforced ephemerality. One of the things that is the ability to do conference calls through some sort of encrypted method is something that’s still kind of a hole out there.
I think you’re seeing, in politics, a move towards those kinds of services.
SH: I remember very clearly the day I realized that everyone in your campaign only wanted to be in communication with me over a Signal.
It was right after the DNC hack. The entire Clinton campaign was like, “I’m not doing a text message with you before.”
ME: Right, and there’s a reason for that.
JH: Last thought before we take a couple of questions?
John Podesta (JP): I want to add one thing to what Marc said, which is I think one of the things that recount exposed was the lack of standardization of auditing of the actual vote, and I think that states like California have moved to mandatory auditing. I think that would be a good thing to do across the country.
Then, I want to agree with Shawn. I was Clinton’s Chief of Staff in the 1990s when Dick Clark was on the National Security Council staff, wrote the first plan. There’s been iterations. Obama had one as well.
Congress has been reluctant to provide as much authority, I think, as the president has asked for on occasion, so that needs to be looked at.
Last point, which is go back to something I said earlier. We ought to also get to the bottom of what actually happened.
JH: What do you think the likelihood of a serious push on cybersecurity is under President Trump, on a scale of 1‑10, likelihood,10 being certain, 1 being really uncertain.
JP: [laughs] One.
JH: OK. I had a feeling you’d say that. Yes, sir, go ahead.
Audience Member: John Podesta, this is a question for you based on this need for a deep investigation.
Part of the tactic, it seems of the Trump campaign, now the Trump presidency, and you were on the receiving end of it is there’s one outrageous story after another. It’s hard for the media or for anybody in opposition to keep that alive.
In any normal environment, the hack would be on the front pages still today, but we’ve moved on, because we’ve got Betsy DeVos, or we’ve got Bannon on the NSC. How should the media and Democrats, or whoever’s opposing the Trump administration handle this?
JP: Yeah, it’s strategic chaos, and it’s really a problem. It reminds me that during the course of the campaign, people said that Hillary should talk more about the economy.
Hillary talked all the time about the economy, but the only thing that got covered was whatever she was saying in response to Trump’s latest outrage.
That’s a problem, I think. It’s going to take dogged discipline by Democrats on Capital Hill as well as in the media to stay on a story and not let him just dismiss it as fake news, and just move on to the next thing.
@johnpodesta "tech community must lead the resistance" the resistance is being organized at #shiftforum now. Killer! @johnbattelle. pic.twitter.com/bX6y5gj3qW
— chris albinson (@chrisalbinson) February 8, 2017
JH: Or start tweeting about “Hamilton,” and let that consume 24 hours of our lives…
ME: Just to add one quick thing that hasn’t been said about John’s emails. It’s one of the things that drives me crazy, is there was very little in John’s emails that was actually newsworthy.
The media became obsessed with the release of emails that they were privately telling us were incredibly boring. I think the media needs to do a hard look at itself and ask, “Why is it when the file cabinet was broken into in the middle of the night, the story immediately became the papers in the filing cabinet?”
When the papers in the filing cabinet weren’t that interesting, it still became the papers in the file cabinet. I think that some of this has to rest with…Because the most interesting emails that John had involved a risotto recipe.
JH: I’ve actually made that recipe. It’s very, very good. He could tell you about stirring. Last question…
How can #tech #resist? @johnpodesta #shiftforum #Politics pic.twitter.com/wUXQGNsPiA
— NewCo (@NewCo) February 8, 2017
Audience Member: Hi. First of all, thank you for having this done, especially for John, for doing everything you can for as long as you can for everybody that you can. I really appreciate it.
JP: Thank you.
Audience Member: …so far, the reaction of the tech industry has been relatively reactive. There’s concerns that we might not be able to sustain the momentum, and it will be driven by the agenda that the Trump administration throws out.
Now we have the movers and shakers in the tech industry in front of you. What is your advice for creating a coherent, sustainable, and proactive strategy to engage the Trump administration from the tech sector?
JP: I think there are two levels to that question. What are the people in charge, what are the CEOs doing? I think that they’ve had already some pretty bad experience over the first couple of weeks, from thinking that they’re going to get charmed to being stunned by the executive order on immigration.
I think they have to be realistic about what the structure of this administration looks like, who he’s put in place, what his White House looks like, and try to find an honest way to engage with them, but not be naive that they can get kind of sucked into, “I’ll cut your taxes, and don’t worry about anything else.”
I think that’s going to lead to a very bad outcome. I think employees themselves have a very important role to play to keep pressure on the top, to call out and both demand solutions, but also, I see a lot of ferment to create, to use tech platforms to kind of build the resistance, if you will, to find new ways of networking together, communicating with each other organizing.
In that sense, I’m kind of optimistic about what’s coming from the bottom up, and I’ll have a wait‑and‑see attitude about what’s coming from the top down.