Put yourself in the shoes of Russian or Iranian leadership for a moment. Why not interfere with the voting in the U.S. presidential election? What could be more advantageous than catalyzing a bitter and protracted battle over the results of the election, with a chance of igniting civil unrest throughout the country? Sure, it might not work — but with little to lose and so much to gain, why not try?
When it comes to foreign election meddling in elections, disinformation is a serious threat, but the most disruptive form of intrusion is electoral cyber-interference: the freezing of voting systems, the mass deletion of voter registration information, altering vote counts and so on. Such feats may not be easily accomplished, but if they were successful, they could throw the United States into chaos.
The risk is not hypothetical. American intelligence agencies, having hacked into Russian computer networks, report that Russia recently infiltrated some voting systems in the United States. If Russia or another country were to alter tallies or voter information in just a few swing states, it could threaten our confidence in the results of the election.
That is why this week, Joe Biden and President Trump should threaten punishing retaliation should another nation attempt such forms of electoral interference. They should stress that by “interference” they do not mean propaganda or influence campaigns, but rather direct attacks on the election, which are attacks on political independence and thus a form of illegal aggression. And they should warn that such attacks will lead to destructive consequences — as permitted by international law — for the offending nation and its leadership.
Deterrence is a standard component of military strategy and foreign policy. The formula is well established and historically effective: Clearly establish what action is forbidden and credibly commit to delivering a significant punishment if the action is taken.
But despite the danger of electoral interference in the election, the United States has not taken these steps, at least not in public. It is true that Mr. Biden recently warned that should he become president, Russia would pay an “economic price” for any inference in the 2020 election, but that modest threat — which did not distinguish between propaganda and electoral manipulation — likely didn’t change the calculus in Moscow.
Instead, the United States is relying on a different strategy: attacking the attackers, or “defending forward.” In the past few weeks, for instance, the United States Cyber Command and a group of companies including Microsoft took steps to disrupt Trickbot, a network of secretly connected computers that could have been used to attack our election systems.
Defending forward is a good strategy and should be pursued. But it accepts the status quo — that our foes are likely to continue to attack our elections. The goal of deterrence, in contrast, is to make leadership in places like Russia and Iran think twice before even trying. We need to pursue both strategies in parallel.
What threatened punishment would be painful enough to dissuade a foreign power yet still be credible? (No enemy would believe us if we were to threaten, say, a land invasion.) Experts in deterrence would no doubt recommend that the United States leave the threat somewhat vague, but President Trump and Mr. Biden should make clear that we are not talking about imposing economic sanctions, expelling diplomats or issuing more legal indictments. We would be speaking of a more forceful response.
If the U.S. election is attacked and American intelligence agencies identify the perpetrator, our leadership must be prepared to follow through with our threat. I am not an expert in military strategy, but presumably the most effective punishment would be tailored to the nation in question (what hurts Russia is not necessary what hurts Iran). American political leadership, together with the military and intelligence agencies, would determine the proper response — be it a cyberattack or whatever they deem commensurate and feasible and effective.
In an ideal world, Mr. Biden and President Trump would jointly threaten retaliation. (In a less polarized political environment, such joint threats might even become a standard feature of presidential campaigns.) Yet President Trump has not evinced great concern about the possibility of foreign election interference. It falls to Mr. Biden to issue a threat that is clearer and more consequential than those he has issued so far.
Such a warning from Mr. Biden this week might be too little, too late. It might also be the case that Russian and Iranian hackers are overrated or more cautious than we think and the risk of interference is small. It also must be conceded that a deterrence strategy, in the event that it did lead to retaliation, would invite counter-retaliation. Things could escalate.
But right now there is no line in the sand: no public, clear and meaningful discouragement of any effort to destabilize the United States through electoral interference. We shouldn’t resign ourselves to a future of constant attacks on our sovereignty and political independence — and merely hope they don’t succeed.
Tim Wu
Tim Wu is a law professor at Columbia University, a contributing opinion writer for The New York Times and the author, with Jack Goldsmith, of “Who Controls the Internet?: Illusions of a Borderless World.”