You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at epic.org.

EPIC v. FBI (Russian Hacking)

Top News

Background

EPIC is seeking records pertaining to the FBI’s investigation of Russian interference in the 2016 U.S. Presidential election. This interference, by a foreign government in the democratic processes of the United States, is under investigation by the U.S. Intelligence community and is of widespread concern to the American public. The activities of the Russian government also pose a risk to democratic institutions in other countries.

During the 2016 election season, there were numerous cyberattacks on both the Democratic National Committee and the Republican National Committee. News reports indicate that the FBI first contacted the DNC about potential cyber threats in September 2015. However, until the FBI met with party officials in March 2016, the FBI’s response was limited to one telephone call to an I.T. contractor and several voicemail messages. The head of the cybersecurity firm hired by the DNC in April 2016 said “he was baffled that the F.B.I. did not call a more senior official at the D.N.C. or send an agent in person to the party headquarters to try to force a more vigorous response.”

Fallout from the disclosures mired congressional candidates in accusations of scandal,8 and led to the resignation of a DNC leader. The New York Times reported that the RNC’s computer systems were also attacked. News outlets report that hackers attempted to penetrate the RNC’s computer network “using the same techniques that allowed them to infiltrate its Democratic counterpart.”11 “Once inside, [hackers] reportedly were able to access a trove of DNC opposition research on Mr. Trump, then a candidate.”

In October 2016, prior to the outcome of the election, the Obama administration accused the Russian government of perpetrating the attacks on the U.S. election process. “The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of emails from US persons and institutions,” said the Department of Homeland Security and Office of the Director of National Intelligence in a joint statement, which “intended to interfere with the US election process.” The DHS and ODNI concluded “We believe, based on the scope and sensitivity of these efforts, that only Russia's senior-most officials could have authorized these activities.”

The U.S. Intelligence Community recently reaffirmed its assessment that the Russian government was responsible for interference in the 2016 Presidential elections. Press reports indicate that FBI Director Comey agreed with this assessment. “Earlier this week, I met separately with FBI [Director] James Comey and [Director of National Intelligence] Jim Clapper, and there is strong consensus among us on the scope, nature, and intent of Russian interference in our presidential election,” said CIA Director John Brennan. President Obama “has ordered a full review of foreign-based digital attacks that U.S. intelligence agencies say were aimed at influencing this year’s presidential election.”

Investigations undertaken by private security firms, apart from the FBI, indicate that the attacks on the 2016 U.S. Presidential election also threaten democratic institutions in other countries. The private cybersecurity firm hired by the DNC to investigate the hacks has published evidence pointing to the Russian military’s involvement. CrowdStrike “linked malware used in the DNC intrusion to malware used to hack and track an Android phone app used by the Ukrainian army in its battle against pro-Russia separatists in eastern Ukraine from late 2014 through 2016.” CrowdStrike co-founder Dmitri Alperovitch concluded, “we have high confidence” it was a unit of the GRU, Russia’s military intelligence agency.

The FBI has recognized that the nation’s “critical infrastructure, including both private and public sector networks, are targeted by adversaries.” Among the various federal agencies tasked with ensuring the nation’s cybersecurity, “the FBI is the lead federal agency for investigating cyber attacks by criminals, overseas adversaries, and terrorists.” The FBI has also acknowledged threats to our electoral system. “Although individual states have primary responsibility for conducting fair and impartial elections, the FBI becomes involved when paramount federal interests are affected or electoral abuse occurs,” testified FBI Director James Comey.

Since inauguration day, new facts indicating the depth of the Russian interference continue to emerge. On June 21, 2017, nearly eight months after election day, in an open hearing before the Senate Select Committee on Intelligence, NPPD’s Acting Deputy Under Secretary for Cybersecurity and Communications Jeanette Manfra confirmed for the first time that “election-related systems in 21 states were targeted” by Russian cyber actors during the 2016 election cycle. Nearly half of the United States were targets of Russian activities during the 2016 election cycle. Acting Deputy Under Secretary Manfra did not indicate which states were affected, and, when pressed, would not disclose the states from which data was exfiltrated. On September 13, 2017, Acting Secretary of Homeland Security Elain Duke issued a Binding Operational Directive to Federal Executive Branch departments and agencies to stop using software made by the Russian cybersecurity firm Kaspersky Lab. Facebook was forced to reveal to Congress over 3,000 Russia-linked political ads posted to the social media platform during the election cycle. And, finally, investigative reporting exposed that on social media "Russian trolls and automated bots not only promoted explicitly pro-Donald Trump messaging, but also used social media to sow social divisions in America by stoking disagreement and division around a plethora of controversial topics"

The FBI did not notify "scores" of U.S. officials whose e-mail accounts were targeted by Russian operatives. "Nearly 80 interviews with Americans targeted by Fancy Bear, a Russian government-aligned cyberespionage group, turned up only two cases in which the FBI had provided a heads-up," the Washington Post explained. The FBI procedures, obtained by EPIC in EPIC v. FBI, say that notification should be considered "even when it may interfere with another investigation or (intelligence) operation.""It's just remarkable to me that the Bureau did not do what it was supposed to do," Marc Rotenberg told the San Francisco Chronicle.

EPIC’s Interest

EPIC has filed this lawsuit to determine the FBI’s response to knowledge of the Russian interference with the 2016 Presidential Election. The Congress is in the midst of a critical debate about Russia and the 2016 Presidential Election. But very little information has been provided to the public and very little is known about how the FBI protected US democratic institutions against foreign attack. That is why the FBI should provide this information to EPIC and the public as expeditiously as possible.

As EPIC notes in the Complaint against the FBI, “[T]here is a profound and urgent public interest in the release of the FBI records sought by EPIC, concerning the Russian interference with the 2016 Presidential Election. The release of these records is necessary for the public to evaluate the FBI response to the Russian interference, assess threats to American democratic institutions, and to ensure the accountability of the federal agency with the legal authority to safeguard the American people against foreign cyber attacks.”

EPIC has filed several Freedom of Information Act requests concerning Russian interference in the 2016 Presidential Election. The first is the request at issue in the case, and the other is a request for the full report on "Russian Activities and Intentions in Recent US Elections."

EPIC has also urged the Senate Armed Services Committee to pursue an investigation.

Legal Documents

U.S. District Court for the District of Columbia (No. 17-121)

Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security