The leaders of Ohio’s two political parties had a chance on Monday to enter into a pre-emptive cease-fire on using hacked information in campaigns, but one stopped short of making that commitment.
Ohio GOP Chairman Jane Timken said after a panel on election and campaign security with Ohio Democratic Chairman David Pepper that she was “loathe to get into the oath swearing” with Pepper.
Earlier, Pepper said that his party would not use any information it receives if it appears to have been hacked. Both sides need to agree that hacked information was off limits for campaigns, he said.
“It’s got to be a mutual commitment that we can make as party leaders,” he said. “Don’t think, on our side, if you’re going to do something wrong we’re going to run around and take advantage of it.”
Timken said her party has not used hacked information, but she wouldn’t agree to a pact.
“I would never encourage anyone to ever hack into any Democrat candidate’s campaign,” she said. “I think that’s a terrible thing to do. I think it’s probably, we do our jobs and we do it ethically.”
Timken and Pepper were part of a panel at a daylong conference Monday from the University of Southern California’s Election Cybersecurity Initiative at the Ohio Statehouse on Monday. The nonpartisan, independent project of USC’s Annenberg School for Communication and Journalism is funded by Google.
Ohio was the second stop on a 50-state tour for the conference, which brought elections administrators, campaign officials and others together to talk about security and disinformation in elections.
The chairs from both parties encouraged campaign officials to take seriously the threats to their cybersecurity and to take steps to protect sensitive information.
Campaigns should regularly change passwords, limit who has access to campaign social media accounts, use two-factor authentication for accounts and make sure they don’t click on links they aren’t expecting to receive.
“You’re a bad click away from a bad disaster,” Timken said.
The U.S. Department of Homeland Security also recommends that campaigns use encrypted messaging apps, enable auto updates for security patches and have plans to respond to cyber incidents.
In 2016 Democrats were embarrassed when material hacked by Russian operatives of Hillary Clinton campaign manager John Podesta, the Democratic Congressional Campaign Committee and Democratic National Committee was made public via WikiLeaks. In late July of that year, Trump famously said, “Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing.”
Ohio Secretary of State Frank LaRose said during Monday’s keynote address that Ohio’s election equipment is never connected to the Internet and that foreign hackers wouldn’t be able to change the outcome of an election. Now, 82 of the state’s 88 county boards of elections are fully compliant with a 34-point security directive LaRose issued in June.
But that won’t stop opponents from trying to erode confidence among voters through sophisticated disinformation campaigns run largely on social media, he said.
“We don’t want our campaign to be fodder for some foreign operative who wants to sow confusion and discontent. Ultimately what this is about is letting Ohioans know their voice will be heard, their vote will be counted and giving them no reason to question that,” LaRose said.
Candidates, their campaigns and parties, as well as the public, have to be careful about what they read and share on social media as those channels are flooded with fabricated information meant to manipulate the public, said Merle Madrid, LaRose’s chief of staff.
“Vladimir Putin is not going to change a vote that’s cast in the state of Ohio. What he can change is minds,” Madrid said.
Pepper said foreign actors that can’t compete with the U.S. military might have pinpointed the “frayed, partisan” politics in the country as an area to exploit.
“I hate to say it, but the weakest point of democracy right now is our politics,” he said.