Just over a year ago, hackers targeted Dr. Hans Keirstead, a Democrat running against Russian President Vladimir Putin’s “favorite congressman,” the Republican Dana Rohrabacher, with spear-phishing emails and more than 100,000 “brute-force attempts” to access the server that hosted Keirstead’s campaign website. Microsoft has since detected and blocked hacking attempts against three different congressional candidates, including Democratic Senator Claire McCaskill of Missouri, who was targeted this year by the same Russian intelligence agency that hacked the Democratic National Committee in 2016.
The midterm elections, less than 60 days away, are as vulnerable to hackers who steal information and then dump it onto the web to influence voters as the presidential election was two years ago. Both parties face high stakes—Democrats hope to take back the House and the Senate, whereas Republicans are clinging to their majorities as a wave of GOP lawmakers chooses not to run for reelection. So far, however, only House Democrats have chosen to hold themselves publicly accountable for how they plan to handle any stolen documents—and any suspicious “foreign actors”—that come their way.
On Friday, the Democratic Congressional Campaign Committee pledged, among other things, not to use stolen or hacked materials in their campaigns this fall. Their Republican counterparts declined to match that commitment, pulling out of the pledge negotiations just days before the oath was finalized and shifting the blame to the Democrats—and to the press. “I will say we were close” to reaching an agreement, said a National Republican Congressional Committee (NRCC) official familiar with the talks who requested anonymity because he was not authorized to speak to reporters about internal discussions. But “one of the major sticking points” was how to address the press coverage of hacked materials, the official added.
In the pledge’s final version, signed by DCCC Chairman Ben Ray Luján, the Democrats said they would “never use known stolen hacked information, or promote or disseminate stolen hacked materials to the press, regardless of the source.” In other words, Democratic House candidates won’t use stolen documents even if reporters choose to cover them in the run-up to the midterms. The NRCC wasn’t happy with that, the NRCC official said, and wanted instead to make a “broader point about the press covering hacked materials responsibly.” The press has had to grapple with whether it was an unwitting agent of Russian propaganda in 2016 in its decision to publish stories based on documents stolen by Russian hackers and published by WikiLeaks. But it is not clear how making that point in the pledge, at the expense of a broader commitment to not engage with the press reports, would impact the campaign committees’ own handling of stolen material.
The NRCC was also vexed, I’m told, by the pressure the Democrats were putting on the committee to make a commitment by the end of this week. Republicans claimed to never have received a draft version of the pledge, and considered the deadlines “arbitrary.” They were irked, moreover, by what they saw as the Democrats’ “consistent threat of going to the press” with the Republicans’ waffling. “It breached our trust and made it clear to us they were using this as a PR stunt and trying to jam us,” the NRCC official said. But with the election less than 60 days away—and flurries of hacking attempts having already been publicized—the DCCC felt a sense of urgency, a DCCC spokesman said. “Luján was patient and gave the NRCC three months to get on board with the DCCC’s standing position to not use stolen hacked materials in political campaigns. If by ‘threats’ they are referring to Luján pushing [NRCC Chairman Steve Stivers] directly on several occasions to finalize and release a joint agreement for the good of the country, then their excuses are just getting weaker by the moment,” the DCCC spokesman said. The Democrats also disputed the claim that they had never offered the Republicans a draft to work with, citing at least four separate occasions in which Luján and Stivers negotiated the pledge’s language between July 17 and September 5. (The NRCC acknowledged receiving a “redline draft” from the DCCC on September 4 with proposed revisions, but noted that the draft arrived after Luján had indicated to The Wall Street Journal that they were nearing a deal.)
Republicans are “not seeking hacked materials. We don’t want hacked materials. We have no intention of using hacked materials,” the NRCC official said. “We don’t need a pledge to do what we planned to do already.” But it is still not clear how the committee would react if a Republican House candidate were given a damning email or text hacked from an opponent, or whether the committee is formulating its own guidelines surrounding the use of hacked materials in campaigns. The issue is not without precedent: The NRCC used a hacked document in an ad attacking the Florida Democratic candidate Randy Perkins in 2016, after Russian hackers infiltrated Democratic Congressional Campaign Committee servers and compromised candidates in nearly a dozen states. And it’s not just Democrats who are vulnerable: Russian hackers gained “limited” access to Republican National Convention computer systems in 2016, former FBI Director James Comey testified last year.
Setting aside the potential legal liabilities, using hacked documents in a campaign could encourage cybercriminals to continue meddling in U.S. elections. There is also never a guarantee that the stolen documents are authentic. Vince Galko, a political strategist who served as a consultant on Republican Representative Ryan Costello’s successful midterm campaign in 2016, made that point when I asked him earlier this year why he opted not to employ unflattering material hacked from Costello’s opponent Mike Parrish during that election. “When news broke that this material had likely been stolen by a foreign actor, we immediately said, ‘We’re not going to use it,’” Galko told me at the time. “The standards have lowered a bit,” he acknowledged, but the common practice is to provide a source for the claims you’re making against an opponent. If the claims rely on hacked documents, it is difficult to know whether they are authentic, he said.
Democrats, for their part, are still hoping that the NRCC will change its mind. “We have negotiated with the NRCC in good faith in an effort to release this pledge jointly, but the time for delays and excuses has run out,” Luján, the DCCC chairman, said in a statement. “This commitment is important to our democracy, I’m proud to sign it, and it is my hope that the NRCC will ultimately change course and commit to this same pledge.”