In December, a friend of mine and I drove to presidential nominee Wesley Clark's primary headquarters in Manchester, N.H., because we were curious to see how modern campaigns are run. I expected to see grizzled party veterans surrounded by the three B's of elections: buttons, bunting and balloons. I was surprised to see hordes of young people surrounded by a sea of computers. I counted more than 100 machines threaded with blue Ethernet cables heading off in every direction. In the front room, a knot of scraggly English major-types were huddled around a PC designing signage, while in the open bay center area, earnest young faces wearing headset microphones were updating databases as they talked. Today's politicians are computer centric: They use PCs for marketing, list making, graphic design and positioning. All that information is online.
The experience made me think of Watergate. The Committee for the Re-Election of the President (CREEP) took advantage of weak security to carry out dirty tricks. Members broke into files, sent out fake letters and, at one point, hired scruffy characters who appeared at rallies with signs supporting Nixon's adversary. Imagine how much easier this would be using computers. The 2004 race is the first election where the candidates' dependence on computers makes them vulnerable to online shenanigans. The bright side is that when it happens, there'll be a completely new reason to hire CSOs.
The intelligence community has an acronym for counterintelligence that is applicable here: MIJI, or Meaconing, Intrusion, Jamming and Interference. It also makes a nice mnemonic for the various forms of election counterintelligence and disinformation.
Meaconing is the act of using a fake transponder in order to be authenticated as a "friendly" unit. In the digital world, that might mean creating a fake website. How would voters react to an apparently authentic "Pedophiles for Bush" or a "Heroin Addicts for Dean" site? It's simple to create an authentic sounding and available domain name using spaces, underlines or a different combination of words. And it's easy to assemble a very credible looking set of pages by lifting graphics from official sites. (For two examples, see www.gwbush04.com and www.joseph2004.org for parodies of President Bush's and Sen. Joseph Lieberman's campaign websites.) If this were followed by an e-mail whispering campaign with links to the spurious sites (which presumably will be hosted beyond the reach of U.S. courts), it would be political disaster.
Intrusion is an easy way to stir up trouble. For example, password-cracking Lieberman's election committee file server could yield an incredible amount of intelligence. To put it another way, breaking into a campaign machine would yield the same information that G. Gordon Liddy and his cohorts were trying to get from the Watergate hotel that night more than 30 years ago.
Jamming at its simplest is making it difficult for your enemy to communicate or collect information. In the IT world, we would call that a denial-of-service attack. I hesitate to write about how easy it would be to take any candidate off the air before a primary, but it wouldn't take more than a few hours to bring the whole organization down for several days. If savvy government agencies and big technology companies such as Microsoft and AOL can be paralyzed, how hard could it be to silence Sen. Richard Gephardt?
Interference is different from jamming. Subtle hindering
It takes only a few days to cause those kinds of problems, but it takes weeks to fix them. The cost and anonymity advantages conferred by the Internet make it a good bet that unscrupulous people will take the risk. The first defense is the skepticism of a well-informed public, but full-time information security officers attached to each campaign and proactively involved will be a political necessity.