The Washington PostDemocracy Dies in Darkness
The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Russian trolls on Twitter had little influence on 2016 voters

The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Welcome to The Cybersecurity 202! I caught up on some time hanging out with friends this past weekend. Friends are cool. I recommend them.

Reading this online? Sign up for The Cybersecurity 202 to get scoops and sharp analysis in your inbox each morning.

Below: A watchdog criticizes the Interior Department’s cybersecurity weaknesses, and the FCC proposes new data breach rules. First:

A study finds minimal impact from Russian influence operations on Twitter in the Trump-Clinton presidential race

Russian influence operations on Twitter in the 2016 presidential election reached relatively few users, most of whom were highly partisan Republicans, and the Russian accounts had no measurable impact in changing minds or influencing voter behavior, according to a study out this morning.

The study, which the New York University Center for Social Media and Politics helmed, explores the limits of what Russian disinformation and misinformation was able to achieve on one major social media platform in the 2016 elections.

“My personal sense coming out of this is that this got way overhyped,” Josh Tucker, one of the report’s authors who is also the co-director of the New York University center, told me about the meaningfulness of the Russian tweets. 

“Now we’re looking back at data and we can see how concentrated this was in one small portion of the population, and how the fact that people who were being exposed to these were really, really likely to vote for Trump,” Tucker said. “And then we have this data to show we can’t find any relationship between being exposed to these tweets and people’s change in attitudes.”

(Tucker is an editor of The Monkey Cage, a blog that partnered with The Post.)

But the study doesn’t go so far as to say that Russia had no influence on people who voted for President Donald Trump.

  • It doesn’t examine other social media, like the much-larger Facebook.
  • Nor does it address Russian hack-and-leak operations. Another major study in 2018 by University of Pennsylvania communications professor Kathleen Hall Jamieson suggested those probably played a significant role in the 2016 race’s outcome.
  • Lastly, it doesn’t suggest that foreign influence operations aren’t a threat at all.

Let’s dive into the numbers.

The results

Key findings of the report:

  • Only 1 percent of Twitter users accounted for 70 percent of the exposure to accounts that Twitter identified as Russian troll accounts.
  • Highly partisan Republicans were exposed to nine times more posts than non-Republicans.
  • Content from the news media and U.S. politicians dwarfed the amount of Russian influence content the electorate was exposed to during the 2016 race.
  • There was no measurable impact on “political attitudes, polarization, and vote preferences and behavior” from the Russian accounts and posts.

The study, published this morning in Nature Communications — an offshoot of the science journal Nature magazine — is years in the making. That’s due to the amount of time needed to acquire data from Twitter, conduct the study, carry out surveys and run it through the peer review process, Tucker said.

And Twitter is easier to get data from than Facebook, given that posts are public, among other reasons, he said. Thus, the focus on Twitter, despite its smaller user base. 

Plus, there were some fundamental differences with observing how people absorbed information on Twitter versus Facebook, Tucker said. “One of the super interesting things we were able to do in this paper is show that lots of what people were exposed to here was not because they were following the accounts of these Russian trolls, but because they follow people who retweeted tweets that came from these Russian trolls, and that’s easier on Twitter, where almost everything is open,” Tucker said.

The limits

“The key thing to understand here is there’s different pieces of the Russian foreign influence attempt,” Tucker said. “The vast majority of what we’ve learned so far is about what happened, not what the impact of it was.”

Tucker said Jamieson’s “amazing analysis” addressed Russia’s hack-and-leak operations, and NYU didn’t have the data to do so. In addition to Russian accounts trying to influence U.S. voters on social media, Russian hackers broke into the email accounts of Democrats and leaked them online, according to government investigators.

Another report from Columbia University relied on data from online betting markets to suggest that Russian trolls swung the 2016 election to Trump. Odds favored Democrats during Russian holidays when the nation’s trolls were less likely to be active.

Given the small margins of victory in some states for Trump, could even a small number of people who changed their attitudes as a result of Russian influence operations online have swayed the vote? The sample size of the Twitter study suggests not, but “we’ll never really know,” Tucker said. “We cannot reject out of hand that there wasn’t some incredibly unlikely confluence of things here that happened in this regard.”

Additionally, the study estimates that potentially 32 million people were exposed to Russian-sponsored tweets, whereas Facebook estimated that 126 million users potentially viewed Russian-sponsored tweets.

Caution ahead

“Despite these consistent findings, it would be a mistake to conclude that simply because the Russian foreign influence campaign on Twitter was not meaningfully related to individual-level attitudes that other aspects of the campaign did not have any impact on the election, or on faith in American electoral integrity,” the report states.

One of the potential impacts was indirect, Tucker said: It opened the door for people to doubt that President Biden defeated Trump in 2020.

“That campaign may have been more successful for reasons that it didn’t set out to be successful, but by getting caught and having all this discussion,” he said. 

The keys

Interior Department uses weak passwords, watchdog finds

The Interior Department’s inspector general wrote in a report that many agency employees used weak passwords, such as ones based around the word “password,” and that investigators were able to crack around 21 percent of agency employee passwords, including nearly 300 more powerful accounts and around 360 accounts belonging to senior government employees. 

The report also blasted the Interior Department for allowing people to use just a username and password to log in to “an indeterminate number of its applications, notwithstanding 18 years of mandates from sources including NIST, the U.S. Department of Homeland Security, and Executive Orders, as well as the Department’s own internal policies.” 

The Interior Department agreed with the inspector general’s eight recommendations, but the agency also said it has security measures to lower the risk of cyberattacks. It also said it is revising its password requirements and is working to comply with U.S. government requirements around multifactor authentication.

FCC proposes update to breach notification rules

Under the Federal Communications Commission’s proposal, telecommunications carriers would have to immediately notify law enforcement and consumers of breaches, unless officials advise them otherwise, CyberScoop’s Tonya Riley reports. The current rules require carriers with more than 5,000 customers to tell the FCC about data breaches within seven days, while smaller breaches have to be reported within a month.

“The law requires carriers to protect sensitive consumer information but, given the increase in frequency, sophistication, and scale of data leaks, we must update our rules to protect consumers and strengthen reporting requirements,” FCC Chairwoman Jessica Rosenworcel said in a statement. “This new proceeding will take a much-needed, fresh look at our data breach reporting rules to better protect consumers, increase security, and reduce the impact of future breaches.”

Global cyberspace

Moldovaʼs government hit by flood of phishing attacks (The Record)

Cyber insecurity

SpyNote malware spies on Android users, steals banking credentials (The Record)


  • The Center for Strategic and International Studies hosts an event on government policy relating to open-source software on Tuesday at 10 a.m.
  • Signal President Meredith Whittaker speaks at a Washington Post Live event on Tuesday at 1 p.m. 
  • Gen. Paul Nakasone, who leads the National Security Agency and U.S. Cyber Command, speaks at a public forum on a government surveillance authority on Thursday. April Doss and Christopher Fonzone, the top lawyers at the National Security Agency and Office of the Director of National Intelligence, are also slated to speak at the event, which is hosted by the Privacy and Civil Liberties Oversight Board.
  • Cybersecurity practitioners meet with cybersecurity staffers on Thursday as part of Hackers on the Hill. 

Secure log off

Thanks for reading. See you tomorrow.