None of Florida’s federal elected officials are able to disclose which two counties had their election systems penetrated by a 2016 Russian spear-phishing attack, and are livid that the FBI is withholding information when Florida voters are the victims.
Over the past day, Sen. Rick Scott and Florida’s 27 House members received classified briefings from the FBI. The FBI did not allow lawmakers to say which two Florida counties were breached, and were unable to provide lawmakers with the names of other Florida counties that were victims of attempted but unsuccessful breaches, even in a classified setting.
“I find that more than two years after the 2016 election, the public still doesn’t know the names of these counties and what the government is doing to prevent it from happening again,” said Central Florida Democratic Rep. Stephanie Murphy. “I think that is unacceptable. I believe that this lack of transparency is counterproductive. I’m concerned that it could erode public confidence in our election systems as well as our democracy.”
Scott, who blasted former Sen. Bill Nelson for his statement that Russians had “free rein to move about” in Florida’s election systems during their 2018 race against each other, said he tried to get the FBI to publicly disclose the two counties.
“You can’t violate the United States’ national security,” Scott said in an interview with the Miami Herald. “They believe this is ongoing, they’re focused on this to make sure they keep our elections safe.”
Scott said he tried to get the FBI to publicly disclose the two counties, adding that he’s unable to share classified information himself and that there is no timetable to make the information public.
“I asked them when they could. They can’t make any commitment,” Scott said. “I tried to push them. I explained how important it is for Floridians to know and get comfortable. I had a supervisor of elections call me yesterday, because of all the articles people are asking him more about it.”
Republican Rep. Matt Gaetz was livid that the FBI did not disclose the additional Florida counties where Russians tried to intrude but failed.
“I was shocked and offended that the FBI and Department of Homeland Security would not share information with members of Congress regarding counties beyond the two counties that we referenced where there was additional identification of suspicious activity,” Gaetz said. “Not an incursion, not a successful intrusion but suspicious activity that would suggest foreign influence from the Russians. I don’t know who the hell they think they are to not share that information with us.”
Gaetz said “nothing we heard today suggests that there is any ongoing investigation regarding the 2016 election.” Lawmakers said they were told the information is being kept classified to protect intelligence methods and sources as well as protecting victims, though they said that argument is ludicrous because the victims in this case are Florida voters who have no idea that they are victims.
“Individuals are accustomed that when their credit card information is breached, or whether their social media accounts are breached, that they are notified in a timely manner, because that data belongs to them,” Murphy said. “Voters have the same right. It is their voter registration information. If it has been breached, they deserve to know.”
After reaching out to the FBI this week, VR Systems, the Florida elections vendor at the center of the spear-phishing investigation, said it was not the source of any penetration into county election systems.
“Based on this information, we stand by our assessment that a spearphishing email impersonating our company was the likely source,” VR Systems Chief Operating Officer Ben Martin said in a statement.
In the weeks since special counsel Robert Mueller’s report on Russian interference in the 2016 election revealed that hacking efforts by Russian intelligence agency GRU were in fact successful in “at least one” Florida county despite years of public information to the contrary, the Miami Herald and Tampa Bay Times have contacted each of the state’s 67 election offices to ask whether their offices had been hacked.
And all but a handful of Florida’s election supervisors have said in interviews or in public statements that they have no reason to believe their offices were involved.
Scott’s meeting came five days after the FBI met with Florida Gov. Ron DeSantis, who said he could not share which two Florida counties had their election information systems breached by Russian hackers in 2016.
“I’m not allowed to name the counties. I signed a [non]disclosure agreement,” DeSantis said, emphasizing that he “would be willing to name it” but “they asked me to sign it so I’m going to respect their wishes.”
Members of Congress do not need to sign nondisclosure agreements because they have security clearances.
DeSantis said the two counties experienced an “intrusion” into their election networks, but the information could have been pubilc record and no information was manipulated or changed.
“It did not affect any voting or anything like that,” he said.
Tampa Bay Times staff writer Emily Mahoney and Miami Herald staff writer David Smiley contributed to this report.