Senate Intelligence Committee Issues Final Russia Report

Cybersecurity, Data Protection, data security, FBI, FCC, Russia, senate, Technology, Telecommunications 17 Minutes
The committee examined the counterintelligence component of Russia’s interference in the 2016 election and made recommendations out of proportion with the alleged conduct.

The Senate Intelligence Committee released the fifth and final volume of its investigation into Russia’s interference with the 2016 presidential election in favor of the Trump Campaign. This volume focused on the counterintelligence aspect of the 2016 election. However, even though the committee detailed extensive troubling communication and connection between the Trump Campaign and likely Russian Federation intelligence operatives, the committee is not recommending much in the way of statutory or regulatory changes to prevent future interactions and influence campaigns of this ilk. A number of the recommendations would likely prove helpful, but the committee is stopping short of making the sort of sweeping recommendations one might expect given the breadth and enormity of Russian interference in 2016 and during the current election.

In its press release, the committee explained “Volume 5: Counterintelligence Threats and Vulnerabilities,” “examines Russia’s attempts to gain influence in the American political system during the 2016 elections.” The committee explained that it

found that the Russian government engaged in an aggressive, multi-faceted effort to influence, or attempt to influence, the outcome of the 2016 presidential election. Parts of this effort are outlined in the Committee’s earlier volumes on election security, social media, the Obama Administration’s response to the threat, and the January 2017 Intelligence Community Assessment (ICA).

The committee stated “[t]he fifth and final volume focuses on the counterintelligence threat, outlining a wide range of Russian efforts to influence the Trump Campaign and the 2016 election…[and] lays out its findings in detail by looking at many aspects of the counterintelligence threat posed by the Russian influence operation.” The committee asserted

While the Committee does not describe the final result as a complete picture, this volume provides the most comprehensive description to date of Russia’s activities and the threat they posed. This volume presents this information in topical sections in order to address coherently and in detail the wide variety of Russian actions. The events explained in these sections in many cases overlap, and references in each section will direct the reader to those overlapping parts of the volume. Immediately below is a summary of key findings from several sections.

The committee stated its “inquiry highlighted several ways in which hostile actors were able to capitalize on gaps in laws or norms and exert influence…[and] [t]hose areas included unclear laws regarding foreign advocacy, flawed assumptions about what intelligence activity looks like, and a campaign’s status as a private entity intertwined with the structures of democracy.” The committee contended “[f]urther, the freedom of expression at the root of our democratic society became an opportunity for Russian influence to hide in plain sight.”

The committee explained that its recommendations “present a variety of paths through which Congress, the executive branch, and private entities and individuals can and should begin to respond to these threats, both jointly and independently.” The committee vowed that “[t]hese recommendations, however, do not mark the end of the Committee’s work in this space, which requires ongoing vigilance by the United States government and further consideration of legislative and policy responses.” The committee pledged to “continue to evaluate and consider the results of this investigation as part of its ongoing oversight and legislative responsibilities and its efforts to understand and address malign foreign interference targeting U.S. democratic processes.”

The committee called for updating and more vigorously enforcing the law that requires those acting for foreign governments to register and abide by, greater awareness of foreign influence and intelligence operations, better outreach by the Federal Bureau of Investigation (FBI) to targeted campaigns, and to expand Congressional power visa vis expansive, novel claims of executive privilege, the types of which the Trump Administration has extensively made throughout the investigation.

The Senate Intelligence Committee made the following recommendations:

1. Review, Update, and Enforce the Foreign Agents Registration Act and Related Statutes

The Committee recommends that Congress update the Foreign Agents Registration Act (FARA), and that the Department of Justice (DOJ) clarify the statute’s requirements by issuing public guidance on enforcement and more stringently enforcing the existing statute. FARA was enacted over 80years ago, in large part to target Nazi propaganda. FARA seeks to aid the U.S. Government and the American people in understanding and evaluating the activities, statements, and motives of individuals and entities functioning as agents of foreign principals in the United States. Since that time, Congress has made some modifications to the statute to increase transparency with respect to lawyers and lobbyists who also engage in political activity on behalf of foreign powers inside the United States. However, loopholes still exist, and foreign actors exploited those loopholes in 2016. The Committee’s investigation revealed a number of lawyers, public relations experts, businesses, political consultants, and campaign operatives working in the United States in coordination with or at the request of, foreign principals. Many of these individuals and businesses did not register under FARA.

  • DOJ should increase enforcement of FARA. For years, DOJ failed to pursue criminal penalties for even the most flagrant violations of the statute. While recent enforcement efforts have resulted in several successful criminal prosecutions, the Committee found numerous incidents where FARA registrations were excessively delayed, retroactive, incomplete, inaccurate, or otherwise insufficient to accomplish the objectives of the law.
  • DOJ should publish comprehensive public guidance on FARA. In part as a result of limited enforcement, the public has insufficient information about the statute’s scope and application. DOJ’s interpretation of the statute is largely untested and undefined. While DOJ has made efforts to publish more information about its interpretation of the statute, including through the publication of advisory opinions, these are overly redacted and incomplete. Comprehensive public guidance has been beneficial for other similarly- situated statutes, and those publications, such as DOJ’s Resource Guide to the US. Foreign Corrupt Practices Act, may serve as a helpful model in issuing useful and practical guidance on FARA.
  • Congress should update FARA to more clearly define the activities covered by the statute. This may include narrowing or redefining the breadth of some provisions, such as ·those that may apply to purely foreign consulting, while strengthening other provisions, such as activities targeting the U.S. Government or the American people.
  • Congress should remove the Lobbying Disclosure Act (LDA) exemption to FARA registration. Currently, FARA registrants for foreign principals who are not themselves foreign governments or political parties may register under the LDA regime rather than the more comprehensive registration regime under FARA. The Committee found that individuals not formally affiliated with a foreign government may nonetheless sufficiently represent that government’s interest, even if that government is not the principal beneficiary, to merit the application of FARA’s heightened requirements.

Congress should also examine whether other foreign agent laws and the Espionage Act need to be updated to more effectively address the reality of modern intelligence operations targeting the United States.

  • For example, 18 U.S.C. §951 makes it a crime to operate as an agent of a foreign government, to include an agent with respect to non-political activity, without first notifying the Attorney General. While DOJ has generally reserved prosecutions under this statute for behavior that resembles espionage, the statute’s overlap with FARA and its general scope may need refined and updated. 18 U.S.C. § 219 provides criminal penalties for a public official of the United States to be or act as an agent of a foreign principal required to register under FARA. Together, these and other interrelated law make up a patchwork of overlapping and ill-defined prohibitions that are overdue for a more thorough review.

Although DOJ makes FARA registration filings publicly available on its website, there is no obligation on registrants to disclose this information when they are engaged in covered political activities. As a result, the registration materials do little to further the statute’s goal of transparency for the American public. This lack of transparency is especially acute in the media space, where messaging by a single FARA registrant has the potential to reach millions of Americans.

  • Congress should amend FARA to mandate, or the Federal Communications Commission (FCC) and other relevant authorities should impose a requirement, that FARA-registered news agencies operating in the United States provide clear, prominent, and regular notifications to audiences regarding the outlet’s FARA-registered status. Transparency should be affirmatively provided to audiences on a regular basis so that the American public is able to make informed decisions about information consumption.
  • In addition, all U.S. media outlets should clearly label or otherwise identify content that appears in connection with FARA-registered work, even if it comes in the form of an opinion column. It is the ultimate responsibility of the editorial staff at U.S. media outlets to understand the origins of the information that their journalists and outside contributors are promoting, and to inform their audiences when that information is ,in some way sponsored or influenced by a foreign agent.
  • More broadly, all U.S. media outlets should clearly label opinion content as such, in particular when opinion content, in tone or in format, could be mistaken for journalistic reporting.

2. Recognize Russia’s Use of Non-Traditional Intelligence Actors for Influence

The Russian government treats oligarchs, organized crime, and associated businesses as tools of the state, rather than independent, private entities. The Kremlin uses these entities to pursue- Kremlin priorities, including money laundering, sanctions evasion, and influence operations. This is a fundamentally different model than in the United States.

  • While U.S. companies can and should conduct business as they see fit within the bounds of the law, they should proceed with maximum caution when doing business in Russia. Business exchanges can be a vehicle for compromise of electronic devices, collection of compromising information for influence efforts, theft of proprietary business information, and recruitment by intelligence services. Such efforts can be overt or covert, and can target national security information and hamper the competitiveness of U.S. companies. American business leaders need to understand that they, too, are a target and take precautions.
  • Politically-active U.S. organizations, including non-profits and advocacy groups, should likewise recognize that they can also be, and likely are, targeted by foreign intelligence services. Although the known targeting in 2016 was directed toward conservative organizations, organizations of all political and ideological stripes should be prepared for it. Hostile foreign governments may seek to influence U.S. policy in foreign affairs, energy and environmental policy, military conflict, and others matters involving international relations, through indirect channels like these. Leadership in such organizations should consider conducting due diligence, as appropriate, when dealing with counterparts from adversarial countries, and adopting sound cyber security practices to protect their networks and sensitive information.
  • [REDACTED]Just as business leaders need to recognize their counterparts may be extensions of the Russian state, the U.S. Government should similarly treat non-governmental entities close to the Kremlin as legitimate targets for intelligence collection and surveillance. The U.S. Government needs the tools and authorities in place to determine whether a non-governmental entity is operating on behalf of the Russian state and mitigate the counterintelligence threat, particularly if that entity seeks to operate in the United States or allied countries. These tools and authorities should augment the entire spectrum of U.S. Government activities, including to the ability to deny visas, the ability to conduct surveillance akin to that used against suspected intelligence officers, and the ability to target financial operations, such as the ability to deny transactions or seize assets.

3. Protect Campaigns from Foreign Influence Efforts

As part of its counterintelligence mission, FBI should offer defensive briefings to all presidential campaigns, including during the primaries, for both candidates and staff. FBI should provide detailed briefings as specific issues arise. When nominees are official, FBI should undertake a renewed effort to educate campaigns-from leadership to schedulers-about the avenues of influence adversaries use. These briefings should include specific, if hypothetical, examples and clear defensive steps campaigns can take. FBI has traditionally delivered these briefings as brief conversations; given the aggressive efforts Russia undertook in 2016 and the likelihood of similar future efforts by Russia and others, these conversations should cover cybersecurity best practices and how to recognize approaches that are outside ordinary relationship building.

Future presidential campaigns should perform thorough vetting of staff, particularly those staff who have responsibilities that entail interacting with foreign governments. Diligence, experience, and caution are all the more critical when interacting with representatives of adversaries’ governments.

Campaigns should recognize that campaign staff are attractive targets for foreign intelligence services, and that staff who have not previously been sensitized to counterintelligence threats are especially vulnerable to targeting and exploitation. Presidential campaigns should require staff who interact with foreign governments to receive counterintelligence training from the FBI. Further, that staff should report to designated campaign leadership any foreign contacts, including any offers of foreign assistance, so that the campaign can recognize patterns in foreign outreach. Campaigns should institute a centralized reporting structure to ensure that suspicious contacts with foreign governments or their proxies are documented and can be shared with law enforcement when appropriate, in a timely and accurate manner. This information would assist U.S. counterintelligence efforts to more quickly identify patterns and a clearer picture of nation-level threats. FBI and law enforcement should treat the information passed by campaigns as extremely sensitive, and protect the information from inadvertent disclosure, such as by limiting the number of personnel with access. In addition, a full understanding of the problem will encourage law enforcement agencies to pass defensive information back to campaigns.

To facilitate these activities, campaigns should designate specific individuals to be responsible for counterintelligence and for cybersecurity issues. These individuals should be clearly identified within the campaign as a point of contact for security-related questions or concerns, but will also serve as an accountable entry point for the FBI’s interaction and information sharing with the campaign.

Campaigns should notify FBI of all foreign offers of assistance, and all staff should be made aware of this expectation. In order to not encourage, or amplify, foreign influence efforts, campaigns should reject the use of foreign origin material, especially if it has potentially been obtained though the violation of U.S. law.

The Russian Government has sought to understand, and potentially exploit, vulnerabilities in the U.S. campaign finance system in furtherance of Russia’s election influence activities. Russia’s interest in this tactic· is longstanding. The Committee is not aware of specific successful efforts in this regard related to the 2016 U.S. election, however the Committee’s insight is limited, and in other countries Russia has gone to great lengths to launder money intended for election influence. The DOJ, the Intelligence Community, regulators and legislators should work together to identify and address any loopholes that could be abused, by Russia or any other foreign actor, in malign influence operations targeting U.S. elections.

4. Protect Government Employees from Foreign Influence Efforts

Congressional leadership should work with the IC and federal law enforcement to assess the counterintelligence and foreign influence risk associated with foreign government- funded travel by congressional staff, in particular the Mutual Educational and Cultural Exchange Act. Congress does not allow registered lobbyists to pay for the travel or the meals of congressional staff due to concerns about undue influence. This same logic should apply to foreign governments. Congressional leadership should explore increasing the budget for staff travel, so that it is funded and managed by Congress and not by foreign governments.

In addition to enhanced cybersecurity training for all U.S. Government personnel, all federal government employees who travel internationally, regardless of agency or department, should be required to receive counterintelligence training.

5. Bolster Resources for IC Elements to Uncover Influence Campaigns and Focus the National Intelligence Priorities Framework (NIPF) on Foreign Government Influence

[REDACTED]

These terms are vague and vast, and do not acknowledge the growing threat of disruption by foreign actors conducting malign influence activities targeting the United States.

The Committee recommends, therefore, that all future iterations of the NIPF, which is an exercise and tool used to distribute finite IC resources across a wide variety of threats, specify and prioritize foreign malign influence activities.

[REDACTED]

FBI should empower its analysts to check assumptions underpinning FBI operations, to apply the rigor of intelligence analysis to assessments and confidential human sources, and to create a culture where questioning previously held assumptions is acceptable and encouraged.

6. Improve Victim Notification and Information Sharing

While the Committee understands FBI’s reluctance to force solutions on hacked victims, FBI should develop a clear policy to address how to escalate victim notifications within a hacked entity, particularly for those involved in an election, when it appears that entity has not successfully remediated a cyber breach.

In addition, the FBI’s Cyber Division should have an escalation policy for how to engage a victim entity when the victim is not responsive to the FBI’s investigative needs. The policy should include how to communicate with the victim entity about escalation, and, in narrow situations where the security of the election is at risk, the potential use of compulsory process. Channels of communication, both within the FBI and with political organizations, should be established early in a campaign cycle.

The FBI should seek to downgrade and share classified information for defense against cyber intrusions whenever possible. If downgrading the information is not feasible, the FBI should work to find a cleared individual at the victim entity and brief that individual at the highest possible level about the incident, prior to or contemporaneous with engaging with the entity’s IT staff.

The FBI should develop clear best practices for dealing with cybersecurity vendors in incident response. Congress should consider legislation that mandates third-party cybersecurity vendors to report indicators of nation-state compromise to the U.S. Government, be it through FBI or other entities, which may include sharing malware, network traffic, forensic images, and other appropriate data to enable the U.S. Government to protect against nation-state cyber adversaries. Any sharing mandate should also include suitable protections for personally identifiable information or other sensitive or privileged material.

7. Strengthen Congressional Authority to Challenge Executive Privilege

Congress should consider amending the Senate’s subpoena enforcement statute to remove or otherwise limit the carve out in 28 U.S.C. § 1365(a) that precludes enforcement against government officials asserting a ”governmental privilege or objection.” This exception, the Committee’s investigation showed, allows for the potential abuse of executive privilege claims. Such an amendment should include a process to expedite judicial review of disputes between Congress and the executive branch over subpoena compliance, and clarify that a government official’s mere assertion of a government privilege does not strip a federal court of jurisdiction.

The report contained the additional views of a group of Republican Senators, a group of Democrats, and one Democratic Senator. These sections drew conclusions from the evidence the committee, as a whole, did not support. Not surprisingly, the Republican Senators, including the acting chair, claimed the evidence showed neither Trump nor his campaign colluded with Russia. Senators Jim Risch (R-ID), Marco Rubio (R-FL), Roy Blunt (R-MO), Tom Cotton (R-AR), John Cornyn (R-TX), and Ben Sasse (R-NE) asserted:

  • Volume 5 of the report on Russian Active Measures Campaigns and Interference is the last body of work relating to the Committee’s investigation into Russian meddling in the 2016 U.S. presidential election. This final volume brings an end to more than three years of investigative work. Bipartisan professional staff reviewed more than one million documents and interviewed more than 200 witnesses to produce over 1,000 pages of analysis. Volume 5 exhaustively reviews the counterintelligence threats and vulnerabilities to the 2016 election, but never explicitly states the critical fact: the Committee found no evidence that then-candidate Donald Trump or his campaign colluded with the Russian government in its efforts to meddle in the election (emphasis in the original).
  • Volume 5 is an important contribution to the historical record from which historians will someday draw. As is evident to those who read all five volumes of the Committee’s report, the Russian government inappropriately meddled in our 2016 general election in many ways but then-Candidate Trump was not complicit. After more than three years of investigation by this Committee, we can now say with no doubt, there was no collusion (emphasis in the original).

Also, to no great surprise, Democrats took a different view, arguing the report definitively establishes coordination between Russia and the Trump Campaign. Senators Martin Heinrich (D-NM), Dianne Feinstein (D-CA), Ron Wyden (D-OR), Kamala Harris (D-CA), and Michael Bennet (D-CO) contended:

  • Almost four years after the 2016 U.S. presidential election, the Committee has now published the bipartisan results of its investigation of the Russian government’s election interference and efforts- to aid Donald Trump’s candidacy. The Committee’s work product is voluminous, fact-oriented, and essential reading for all Americans. But the Committee has not sought to draw overarching conclusions about its investigation, opting instead to let the reader determine the significance of these events. These additional views provide necessary context for the reader regarding (1) the Trump Campaign’s cooperation with Russia; (2) investigative limitations; and (3) significant ongoing concerns.
  • It is our conclusion, based on the facts detailed in the Committee’s Report, that the Russian intelligence services’ assault on the integrity of the 2016 U.S. electoral process and Trump and his associates’ participation in and enabling of this Russian activity, represents one of the single most grave counterintelligence threats to American national security in the modem era.

Wyden appended additional views of his to the report

  • The fifth and final volume of the Committee’s report includes a wealth of extremely troubling new revelations about the counterintelligence threat posed by Donald Trump and his campaign. Much of the new information in this report, however, remains needlessly classified. That is unfortunate, not only because the counterintelligence concerns that surround Donald Trump constitute an ongoing threat to national security, but because this report includes redacted information that is directly relevant to Russia’s interference in the 2020 election.
  • As the report details, the Committee was hindered in numerous ways by the subjects of its investigation. In other respects, however, the impediments to the investigation were self- inflicted. First, while the Committee investigated interactions between Donald Trump and particular Russians and identified deeply concerning financial links, it did not seek to answer key questions about Donald Trump’s finances that relate directly to counterintelligence. In short, the Committee did not follow the money.

As noted, despite decrying the interactions between agents of the Russian Federation and Trump Campaign officials and associates that ultimately led to unprecedented interference in a presidential election, the Senate Intelligence Committee offered limited recommendations on how to address likely, future attempts to interfere. The explanation may lie in the additional views Republican and Democratic Members offered that arrived at dramatically different conclusions, suggesting the committee’s report was necessarily limited in the remedies that could be agreed upon. For example, the report calls out the interactions of those like one-time Trump Campaign chair Paul Manafort with likely Russian intelligence operatives and the information he shared with them. And yet, Senate Republicans have blocked legislation that would place an affirmative duty of campaign officials to alert the Federal Bureau of Investigations, the agency that leads on counterintelligence investigations and operations, in the event a foreign power offers assistance or seeks to influence an election.

In fact, in July, Senate Republicans stripped out just such a bill from the “National Defense Authorization Act for Fiscal Year 2021“ (S.4049) the “Foreign Influence Reporting in Elections Act” (FIRE Act) (S.2242). This bill had been added to the “Intelligence Authorization Act for Fiscal Year 2021” (S.3905) in committee markup and then most of this bill had been added to S.4049 expect the FIRE Act. The sponsor of the FIRE Act, Senate Intelligence Committee Ranking Member Mark Warner (D-VA), went to the Senate floor to protest the striking of his bill: “[t]he  committee  voted  14  to  1  to  pass an intel authorization bill that included  the  FIRE  Act,  the  act  that  I  just described, so that if a foreign government interferes or offers you assistance  or  offers  you  dirt,  you  don’t  say  thanks;  you  call  the  FBI.”

Prior to its inclusion in the FY 2021 Intelligence Authorization Act, Warner had asked unanimous consent to take up the FIRE Act multiple times but was met with Republican objections each time. And there are other election security bills Republicans have continued to block, including:

  • The “Duty To Report Act” (S.1247)
  • The “Senate Cybersecurity Protection Act” (S.890)
  • The “Securing America’s Federal Elections Act” (SAFE Act) (H.R.2722)
  • The “Secure Elections Act of 2019” (S.1540)

However, the Senate has taken up and passed two election-related bills addressing facets of the cybersecurity challenges. On July 17, the Senate passed the “Defending the Integrity of Voting Systems Act” (S. 1321) by unanimous consent that would “make it a federal crime to hack any voting systems used in a federal election” according to the Senate Judiciary Committee’s website. In June the Senate also passed the “Defending Elections against Trolls from Enemy Regimes (DETER) Act” (S. 1328) that “will make “improper interference in U.S. elections” a violation of U.S. immigration law, and violators would be barred from obtaining a visa to enter the United States. The House has yet to act on these bills.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Published by Michael Kans

An attorney who specializes in technology policy, law, and politics with other areas of expertise.

Published

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s