Future Tense

Bringing Pop-Ups to a Knife Fight

The U.S. government plans to let Russians meddling in the midterms know they’re being watched. It’s worth a shot.

U.S. President Donald Trump shakes hands with Russia’s President Vladimir Putin on July 16.
U.S. President Donald Trump shakes hands with Russia’s President Vladimir Putin on July 16. Alexey Nikolsky/Sputnik/AFP/Getty Images

In case you were wondering what sophisticated, stealthy new cybertools the U.S. government was cooking up to combat Russian interference in our elections, the Pentagon has just announced its first “cyber operation” to protect the midterms. It will be centered on the internet’s original sin: pop-up messages. Or rather, Cyber Command plans to use a variety of digital alerts—including text messages, emails, and pop-ups—to warn Russian operatives meddling in the midterm elections that their actions are being monitored.

We don’t know exactly what these messages say, but I like to imagine them as little windows popping up under the seal of the president of the United States with warnings along the lines of “Please be warned that the United States Department of Defense has been monitoring your actions and is following closely your attempts to interfere with the upcoming U.S. elections. We ask that you cease these activities immediately and caution that continued activity will not be tolerated by the government of the United States and may result in indictments, sanctions, and other forms of public exposure.”

It’s also possible that they strike a more forceful tone in the traditional manner of pop-ups, I suppose. There could be a lot of flashing images of people running for Congress and a message more along the lines of “Stop stirring up trouble on Facebook or you and all your loved ones will never again enjoy a moment’s peace!!!!” in large blinking letters. (Of course, it’s only a matter of time before fraudsters start sending out phishing messages imitating these alerts, encouraging unsuspecting users to click on a link to learn more about the evidence the U.S. government has collected against them. In the Hollywood version of this story, I imagine the Russian government itself would use this strategy as an opportunity to spread malware that could then be used to fuel its efforts to interfere with U.S. elections.)

It’s easy to make fun of the idea of combatting election interference this way, and it does feel a little bit like bringing a pop-up message to a knife fight. At the same time, I find myself surprisingly optimistic about this approach—not because I’m confident it will necessarily work to deter Russian operatives, but because it’s something new that isn’t wildly overaggressive and might plausibly be irritating and unsettling enough to, at the very least, sow some discord among the people on the payroll of the Russian government.

That may turn out to be mere wishful thinking: Perhaps these alert messages will be dismissed with laughter and scorn by the people who receive them. But there is something to the idea that people who are engaged in these kinds of activities may be disconcerted to realize that the U.S. government not only knows who they are and what they’re doing, but also how to reach them and their computers.

Thanks to the indictments that the United States has filed against Russians involved in the 2016 elections, we know that many of the people engaging in this activity are not military operatives or high-level spies. They’re employed by at least semi-independent companies, like the Internet Research Agency. Those individuals are presumably driven less by nationalistic loyalty than their government counterparts and more by a desire to pick up a paycheck, so a little well-targeted fearmongering might be sufficient to make them think twice about their chosen profession.

The other advantage of the new alert system is that, unlike those very public indictments which revealed the identities and actions of Russians, these alerts offer a more moderate step. Once someone is unmasked in an indictment, there’s not much more that the United States can threaten them with to try to get them to stop what they’re doing. Perhaps the public accusations will be sufficiently embarrassing or destabilizing to drive those individuals away from their work, but perhaps they feel at that point they do not have much left to lose.

Furthermore, public indictments do not scale well, and they don’t happen quickly: They require extended periods of in-depth investigation and analysis to pull together. Pop-ups, on the other hand, can be sent out by the thousands in a matter of seconds. They also allow the U.S. government to issue warnings without showing its full hand by revealing everything it knows about how interference is being carried out—which the indictments typically do.

Of course, if the implied threat of these warnings is that an indictment may follow then their strength lies primarily in how much Russian hackers actually fear those indictments. That’s an open question, and it may well turn out that more aggressive measures are ultimately called for, but it’s heartening to see the U.S. government starting relatively small here, rather than escalating things too quickly. And it might be a mistake to underestimate either the irritation of pop-up messages—especially when they come with the unease of suddenly realizing that someone is watching what you’re doing on your computer, knows who and where you are, and is coming for you.