Imagine if someone, after reading something you wrote online that they didn’t agree with, decided to forge racist and anti-Semitic emails under your name. This appears to be what happened to J. Alex Halderman, a computer security researcher and professor of computer science at the University of Michigan. Halderman is one of many election security experts—along with EFF, of course—who has advocated for auditing the results of the 2016 presidential election. The recent attempts to smear his name in retaliation for standing up for election integrity are a threat to online free speech.
Halderman, who is a frequent collaborator and sometimes client of EFF, published a piece on Medium in November 2016 arguing that we should perform recounts in three states—Wisconsin, Michigan, and Pennsylvania—to ensure that the election had not been “hacked.” To be clear, despite a report in New York Magazine, Halderman never stated that there was hard evidence that the election results had in fact been electronically manipulated. He just stated that we should check to be sure:
The only way to know whether a cyberattack changed the result is to closely examine the available physical evidence — paper ballots and voting equipment in critical states like Wisconsin, Michigan, and Pennsylvania.
Concern over a “hacked election” isn’t unfounded. In 2014, pro-Russia hacking collective CyberBerkut attempted to sabatoge Ukrainian’s vote-counting infrastructure just prior to a presidential election. This is just one example. With these threats out there, auditing should be basic election hygiene. As computer security expert Poorvi Vora of George Washington University says, “Brush your teeth. Eat your spinach. Audit your elections.” Halderman specifically calls in his post for risk-limiting audits, a statistical method we’ve also advocated for that involves randomly selecting a certain number of paper ballots for manual recount. And it’s something we should be doing after every election. It’s a no-brainer.
Someone, however, does not agree. On February 7, about two and a half months after Halderman’s post, someone sent racist and anti-Semitic emails to University of Michigan engineering students purporting to be from Halderman. According to the AP, the emails had subject lines like “African American Student Diversity” and “Jewish Student Diversity,” and two of the emails contained the phrase “Heil Trump.”
This type of smear campaign is unsophisticated and easy to pull off. The smear artist(s) here didn’t break into Halderman e-mail account. They simply created a “spoofed” email header, which made the messages appear to have originated from Halderman rather than their actual source. This is a ploy all-to-common in phishing campaigns, as it can trick Internet users into providing sensitive information or clicking on malicious links. Read: this could happen to anyone.
Luckily, the spoof here was quickly revealed, and we doubt that many of the recipients—students at the university, where Halderman is well-known and liked—were deceived. But it did still result in a 40-student protest outside the home of the university’s president.
Halderman has called these attempts to smear his name “cowardly action,” and we agree. But we’re also concerned. The threat of being the target of a smear campaign could chill the speech of others who want to speak out on the need for ensuring the integrity of our election system—an increasingly critical topic. Such efforts to chill speech threaten the very nature of the Internet as we know it—a place for open, robust, and diverse discourse.
We expect the University of Michigan to take a strong stand against this type of retaliation targeting a member of its community. And the rest of us should take a stand in support of Halderman, not only for his efforts to move the debate on election integrity forward, but also to make sure that such ugly, dastardly, and quite-frankly lame attempts to smear people don’t become a more widely used method for chilling speech.