The voter registration database of a small county in the Florida panhandle was breached by Russian government hackers in 2016, according to two U.S. officials.
The Russian military spy agency, the GRU, was responsible for the penetration of Washington County’s database, according to the two officials, who spoke on the condition of anonymity to discuss a sensitive matter. The county has a population of about 25,000.
Carol F. Rudd, county elections supervisor, declined to comment on the breach but said it’s important for federal, state and local officials to be able to communicate confidentially. “If each agency gets suspicious of the other’s ability to follow the rules of confidentiality, then those tenuous lines of communication quickly break down,” she said in an email. “That would set our security capabilities back years and severely compromise our ability to protect our elections. THAT would be a big win for the Russians going into 2020.”
Then-Florida Secretary of State Ken Detzner said he was “prohibited by law from commenting.” But “the citizens deserve and have a right to know important things with regard to their election security. Over time, it’ll come out.”
Congressional members from Florida are promising legislation to change the rules about breach notification related to election infrastructure after the FBI confirmed that voter databases in two Florida counties were hacked during the 2016 election and told lawmakers the information was classified. It is unclear which other Florida county was targeted.
The bipartisan effort is an attempt to force federal law enforcement agencies to disclose more information about cyberattacks as they occur.
“It is untenable to continue to hold this information classified and not to let the public know,” said Rep. Stephanie Murphy (D-Fla.). “This chaotic, drib drab of information that is coming out is doing more harm to constituents’ faith in our electoral system.”
Lawmakers took particular offense at the FBI’s assertion that it could not publicly disclose the information not only out of concern for protecting sources and methods, but also because the bureau considers county officials to be victims of the Russian hacking.
“That rationale is ludicrous,” said Rep. Matt Gaetz (R-Fla.), who was briefed Thursday with Murphy. “The victims in these cases are not government officeholders. The victims are voters.”
But some U.S. officials say it’s not the federal government’s place to out victimized localities.
The lawmakers were frustrated that the FBI and Department of Homeland Security officials who briefed them weren’t able to guarantee the breaches hadn’t resulted in election information being compromised. The officials would say only that they found “no evidence” that any data was altered or affected, lawmakers said. Officials also assured them vote counts and electoral processes were not affected.
“We couldn’t get with certainty verification that the Russians were not able to manipulate the data that they had access to,” said Rep. Debbie Mucarsel-Powell (D-Fla.).
The Florida House members’ reaction differed from that of Sen. Rick Scott (R-Fla.), who received an FBI briefing Wednesday. In a statement, Scott also said he wanted the information to be made public, but that he was “confident in the security of Florida’s elections.”
Neena Satijah contributed to this report.