The recent indictments of 12 Russian intelligence officers raise two questions that ought to be asked of special counsel Robert Mueller: Why now? And what can we do about it?
While new to the public, it is old news inside intelligence circles: The general facts, and likely the very specific details listed in the indictment, about Russian intrusion were well known inside the US intelligence community since 2016. All the indictment did was show America’s enemies the reach and depth of our counter-cyber capabilities — hardly helpful.
It also makes America look toothless. Indicting a dozen intelligence officers, who prosecutors know will never be turned over to face justice, makes America seem powerless. Russians allegedly invade the privacy of a presidential candidate, her staff, DNC chieftains and other powerful insiders — and America responds with an unenforceable piece of paper?
Worse, the Mueller indictments now put US officials at risk of foreign prosecution. Now that the special counsel has set the precedent, other hostile powers may reciprocate.
The indictments also weaken Mueller’s ability to extract confessions from Russia’s alleged US confederates. Why tell suspects what you know? Why, especially, give away facts that they could never be able to gather in discovery requests? Now defendants might tailor their testimony to fit known evidence.
The other question should concern every American: What can the federal government do to deter future hacking attacks?
Certainly, Hillary Clinton and John Podesta, the head of her 2016 campaign, deserve some blame under the theory of contributory negligence. She bypassed the federal government’s hardened and secure computer system for a server set up in a Colorado bathroom and he used as a password, as Julian Assange told Fox News, the word “password.” (Podesta’s representatives denied the use of that weak password.)
Insisting that federal officials follow the law and confine their communications to secure networks is Step One. As for private citizens, using a long password that includes both capital and lower-case letters as well as numbers and symbols is just basic security. Using a password manager to store, and periodically change, passwords along with activating two-factor authentication are other basic defenses.
But relying on adherence to basic security protocols is hardly enough when confronted with sophisticated hackers backed by foreign governments.
Aside from criminal prosecution, policymakers have three options: diplomatic protests, military retaliation and civil action. The first two are nonstarters. Diplomatic demands are toothless and military action, say a cyber-strike on a hacker’s Russian computer, invites retaliation.
Civil lawsuits could be a powerful tool against hackers, if the bad guys couldn’t hide behind sovereign immunity. Most foreign hackers — including Russia, China and Qatar — have considerable US assets that could be seized by courts. The problem? The Foreign Sovereign Immunities Act was written in 1976 and doesn’t mention state-sponsored cyber-attacks.
Still, there are two exceptions that should apply — the “non-commercial tort” and “commercial activities” exceptions. Congress should pass clarifying legislation, so state and federal judges don’t wrestle with the issues and come to differing decisions based on specific fact patterns. Congress passed, in 2016, a law allowing citizens to sue terrorists in American courts. A similar measure could assure the right of citizens to seek justice against foreign hackers.
As a journalist, I’ve been hacked by foreign governments several times. One hack appeared to be the work of Algeria; it followed an article I wrote after spending 10 days in a refugee camp in Algerian Sahara. When hacked (and faked) emails of mine were given to Moroccan newspapers, I was able to sue in Casablanca. Ultimately, I prevailed and was awarded 60,000 dirhams (about $6,350). I have been unable to collect, so far.
The latest hack appears to be the work of Qatar, which has been accused of hacking a former RNC finance chairman and others. I cannot expect justice in the courts of the very country that, I believe, hacked me. Why can’t I sue Qatar and its collaborators in American courts? Or, is America going to give a free pass to overseas malefactors, who want to disrupt elections and punish critics?
Richard Miniter, CEO of the American Media Institute, is a bestselling author.