A report by the Public Administration and Constitutional Affairs Committee (PACAC) of the British House of Commons is causing a stir today. According to the headline in The Guardian: ‘Brexit: Foreign states may have interfered in vote, report says’. And The Independent announces: ‘Foreign hackers may have hit voter registration site days before EU referendum, say MPs’.
The report in question is entitled Lessons Learned from the EU Referendum and contains a short section concerning the crash of the British voter registration website on the last day of registration for the Brexit referendum. In this section, the report mentions in passing Russia and China. It is this which had led to the breathless headlines seeming to blame Russia and China for interfering in the Brexit vote.
Contrary to the headlines, however, the report doesn’t actually make a positive statement that Russia and China may have been behind the voter registration website’s crash. All it actually says is ‘PACAC does not rule out the possibility that the crash may have been caused by a DDOS (distributed denial of service attack) using botnets.’ So it doesn’t actually rule it in, it just doesn’t rule it out. And, in any case, it doesn’t in fact blame the DDOS on ‘foreign states’. It doesn’t say anywhere who might have carried it out, assuming that it even was a DDOS. The only mention of Russia and China is a sentence a little later, saying
Russia and China use a cognitive approach based on understanding of mass psychology and of how to exploit individuals. The implications of this different understanding of cyber-attack, as purely technical or as reaching beyond the digital to influence public opinion, for the interference in elections and referendums are clear. PACAC is deeply concerned about these allegations about foreign interference.
This really doesn’t add up to much. Nevertheless, committee chairman Bernard Jenkin sought to stir the pot, telling The Independent that ‘it would have been “entirely in character” for “the Russians and Chinese” ’ to do such a thing.
And what is his evidence? It turns out that he doesn’t have any. The report itself comments that:
Although the Committee has no direct evidence, it considers that it is important to be aware of the potential for foreign interference in elections or referendums. The report on lessons learned from the website crash described it as ‘technical in nature, gaps in technical ownership and risk management contributed to the problem, and prevented it from being mitigated in advance.’
So, it turns out that the committee ‘has no direct evidence’ that Russia and China had anything to do with this, and it turns out also that the specialists who looked into the crash considered it ‘technical in nature’ and didn’t blame on it outside attack. As John Rentoul points out in The Independent, Jenkin’s insinuations are the ‘the purest baloney. The website crashed because lots of people left it to the last minute to register and whoever built the site failed to provide another capacity for the surge.’
Mr Jenkin, however, is unperturbed. ‘We’ve seen this happen in other countries’, he said, without saying which those countries were, and adding, ‘Our own Government has made it clear to us that they don’t think there was anything, but you don’t necessarily find any direct evidence.’
So even the British government doesn’t think the story is true. But never mind. When it comes to blaming the Russians, who needs evidence anyway? Just make something up and then say how concerned you are. Because, you know, it’s ‘entirely in character’, and what more proof do you need? Just make sure to insinuate something salacious, and you can then rely on The Guardian and The Independent to pick it up, exaggerate it even further, and spread your baseless allegation far and wide.