FBI Vows to Notify State Officials of Any Elections Systems Breaches

The FBI has long only informed local election officials who run voting systems of breaches and expected them to keep quiet. Now the bureau will notify state officials responsible for certifying elections so they avoid doing so in cases where votes may have been knowingly tampered with.

The changes were designed to increase visibility and transparency, a Justice Department official told reporters. The new policy was intended to encourage cooperation among the federal government, county election supervisors and state officials, the official said.

But the announcement does not determine once and for all whether the public will be told about a hack. It is up to officials on a case-by-case basis whether to disclose information about a breach.

Election rules differ from state to state, and many sets of local officials oversee voting, making them targets for hackers who wish to sow chaos and undermine faith in the electoral process.

The FBI announcement comes nearly a year after state officials and senators in Florida, one of the nation’s most important swing states, criticized the bureau for failing to do more to alert them that Russian hackers gained access to voter registration data in two counties in 2016. FBI officials have told lawmakers that they found no evidence that the hackers had altered any data, but they could not unequivocally say that no manipulation had occurred.

The FBI declined to say whether the hacks in Florida prompted its changes. Law enforcement officials have “learned from a number of experiences” in designing the new policy, a senior Justice Department official said, adding that the aftermath of the 2016 election convinced them that election certifiers needed to be as informed as those who for operate ballot boxes.

Russian hackers targeted election systems in all 50 states in 2016, according to the Senate Intelligence Committee, a far-reaching effort that went largely undetected by federal and local election officials at the time. Some officials and security experts worry that the 2016 effort was a trial run to identify voting system weaknesses that could be exploited this November.

When Americans register to vote and cast their ballots, the information is recorded and counted by a hodgepodge of back-end databases, electronic polling software and other technology that hackers could compromise.

The special counsel, Robert Mueller, said in his report last year that the FBI believed that the GRU, a Russian military intelligence unit, breached “at least one Florida county government.”

The revelations in the Mueller report sparked an outcry among Florida politicians, who demanded answers about which system or systems had been hacked.

Officials from the FBI and Department of Homeland Security provided a confidential briefing to Gov. Ron DeSantis of Florida — after he had read the Mueller report and insisted on it — and confirmed the hack of two counties.

But DeSantis had to sign a nondisclosure agreement to be briefed, which is typically the federal government’s practice when it briefs officials about classified terrorism threats and other sensitive investigations.

After the briefing, DeSantis said that the break-in “did not affect any voting or anything like that.” But he was displeased with the federal government’s lack of disclosure.

“Are you kidding me?” he told reporters in May. “Why would you not have said something immediately?” Florida voters still do not know which two counties were breached.

Sen. Marco Rubio, R-Fla., said last year that he thought the federal government should allow the counties to be named.

FBI officials feared that naming the counties would give the Russians clues about the sources and methods that American investigators used to determine what had happened. But politicians pointed out that the Mueller report had already revealed in broad strokes that law enforcement officials knew about the hacking effort.

Politicians argued that the voters themselves were also the victims of the hacks, and that they would ultimately hold accountable the elected officials who were in charge when the systems were breached.

State officials also said that the steady drip of incomplete information could erode faith in the electoral system.

This article originally appeared in The New York Times .