Election security has become synonymous with social media disinformation campaigns, voting machine hacking, and foreign interference – all of which are largely cybersecurity issues that surfaced in force in 2016, and are again on a collision course with the 2020 U.S. presidential race.
This has become the case to the point that we tend to compartmentalize the need to protect the physical welfare of voters attending rallies and demonstrations, as well showing up to the polls on Election Day. While physical security considerations tend to not get the same sensationalized headlines and 24-hour news channel debates as election interference, for example, law enforcement cannot afford to be lax strategically or operationally as we get closer to primary season and eventually the general election.
In order to properly protect attendees, contributors, and adjacent businesses across the U.S., law enforcement needs to be equipped with the data and intelligence necessary to address risks that surface in different political scenarios. In today’s world, that means extending agencies’ pool of data and information sources to areas of the internet where law enforcement officers (LEOs) aren’t always legally capable of accessing without court-ordered warrants.
Many activities that introduce physical risk to political events and polling places are organized online, meaning that local and state officials may be unlikely to have the necessary visibility into not only illicit online forums where the seeds of protests and potential skirmishes are often sown, but also into chat platforms where threat actors are gradually moving more and more discussions about disinformation campaigns, fundraising, and the distribution of propaganda.
Access to this type of information is a foundational step as officials develop ways to assess threats and implement the means by which they will neutralize risks to physical welfare. Those same sources that expose activities tied to disinformation and misinformation campaigns during election seasons may also be an invaluable well to tap for shedding light on potential threats to physical security.
To properly inform agencies’ strategies and operations around physical security, law enforcement must be able to leverage information and finished intelligence culled from illicit online communities. To do so, law enforcement today needs to extend its private-sector relationships with security and intelligence providers that have visibility into threat actor activity, can track illicit online communities, and monitor conversations and activism happening on chat platforms and social media. All of this helps guide officials and best prepare them to accommodate and protect large crowds, ensure adjacent businesses remain up and running, and protect the welfare of organizers and employees alike.
One of the most important benefits of partnerships with private-sector intelligence providers is that they may bring law enforcement fast, safe, extensive access to open and closed sources of information, some of which are invite-only or password-protected, and may be inaccessible to officials by law without permission from the courts. The conversations and information obtained from these communities are invaluable for proactive planning and reactive investigations.
Such intelligence sharing should be a prerequisite for organizations lacking visibility into the activities of potential threat actors. Trouble could flare at partisan rallies that could not only endanger physical well-being, but also hamper the ability of businesses to operate in the nearby vicinity. Demonstrators could also decide to block polling places, where harassment could dissuade voters from entering a polling location much less cast their ballots.
Recently in Portland, Ore., rallies organized by far-right groups were met by thousands of counter-protesters in the downtown commercial district. The rallies were organized and promoted on social media, and despite more than a dozen arrests and altercations between protesters a massive police presence helped quell what could have been a much more violent situation. Portland police and local government, in fact, used social media to declare their intent to keep the peace and protect all in attendance.
Chat services platforms – some of which are also protected by encryption – and social news aggregation and discussion websites are also leveraged by both open and dark web communities to attract extremists, including foreign and domestic terrorists and disruptive activists. Any actor and community tracking should include these illicit community discussions where physical threats may be discussed. Access to these around-the-clock conversations within certain channels is a necessity to monitor and gain insights across threat-actor communities.
The types of data and intelligence pulled from these areas of the internet can help inform crowd-control needs, for example, for law enforcement officials. Available information shared from a private-sector partner could inform officials about not only the intent of a group, but also the size of the group and the potential for violence or vandalism. The partner could also help provide additional context on a threat, for example, directed at a particular candidate who may be considered a front-runner at the time or one whose supporters could be wandering into hostile opposition territory.
Law enforcement can also partner with businesses in the area of a polling place or planned protest, inviting them to any planning meetings or passing on information that may be shared with employees who can then be advised to work from home. Agencies can also consider reaching out to businesses who may have social media teams already monitoring for mentions of their respective businesses and monitor for threats if an organization is mentioned in a tweet or Facebook post.
In the end, law enforcement cannot afford to be solely reactive on threats to physical safety during the upcoming elections. It’s becoming the norm to schedule counter-protests to every planned rally, and the potential for skirmishes is real for attendees and adjacent businesses. Law enforcement must possess the information and intelligence required to effectively provide guidance and physical security in a range of potential scenarios.