Are the 2020 Democrats Really Ready for Hackers?

Meet the Pete Buttigieg staffer working “to make sure 2016 doesn’t happen again.”

Christy Prosser/ZUMA Wire

Fight disinformation: Sign up for the free Mother Jones Daily newsletter and follow the news that matters.

What’s it like to be responsible for the digital security of a presidential campaign? Ask Mick Baccio, the only publicly-designated chief information security officer on the staff of a 2020 candidate.

“As far as I know, I’m the only CISO on any presidential campaign,” he said Thursday. “I have no idea why.”

Given the impact that information security lapses had on Hillary Clinton’s 2016 campaign, it’s a good question why he’s alone. Baccio, who works for Democrat and South Bend Mayor Pete Buttigieg, says his job is to help keep the campaign’s data secure and train staffers on security issues related to their jobs “to make sure 2016 doesn’t happen again.”

It’s not easy. Campaigns add and shed employees in fits and starts, with people moving in any number of directions at once. Staff come in with their own phones, computers, and digital habits, and with varying levels of security literacy after working on other campaigns or in government.

Baccio took the job in July after a long career in information security including stints at the Pentagon and the White House. He was hesitant to sign on, given the temporary nature of political campaigns. “This job might end in March, it might end in November, it might end at any point in between then,” he said. “So it’s not really a good selling point.”

But he found the set of challenges presented by the campaign interesting, and decided it was an opportunity that might not come again, Baccio says. “It’s been non-stop since.”

One such challenge are the third-party vendors that modern campaigns rely on for fundraising, field planning, and managing donor lists. A whole universe of companies facilitate these efforts, offering campaigns convenience and scale. The tradeoff is another avenue by which sensitive data can be compromised, warns Baccio. The danger was highlighted in 2016 when Guccifer 2.0, a front persona created by Russian military intelligence that provided stolen Democratic materials to WikiLeaks and journalists baselessly claimed that it had accessed records through NGP VAN, a fundraising and donor organizational platform for progressive campaigns. (Experts believe Russian hackers obtained the documents from other Democratic systems.)*

“All the campaigns access this ecosystem. I’m only as secure as [these platforms and their users],” Baccio explained.

Baccio, who was speaking at Cyberwarcon, a day-long information security gathering in northern Virginia, raised two outside threats to the campaign that he’s tracking. One is the potential for “deepfakes,” or fabricated or manipulated videos that seem to show a person saying or doing something they never said or did. “We keep the mayor in front of a camera pretty much all his waking hours,” Baccio said. “So if there is that doctored video we have the original and we can combat it.”

Another is spoofed website domains or other methods that can deceive internet users. For example, the website petebuttigieg.org redirects to donaldjtrump.com. “We should have bought that domain a while ago,” he joked.

While Baccio avoided certain specifics about the campaign’s security practices and training methods, he said he’s focused on creating an overall security culture with a particular eye on the major threats represented by nation-states like Russia and China, both of whom have hacked US presidential campaigns before.

“I’m putting something into place where it’s never, ever been before, and we’re moving at 100 miles an hour,” he said. “Any campaign that’s out there, I think we’re competitors, not opponents.”

“I don’t care if it’s left or right, I care if it’s Russian or Iranian,” he said.

This paragraph has been updated with additional context about Guccifer 2.0’s claims.

AN IMPORTANT UPDATE

We’re falling behind our online fundraising goals and we can’t sustain coming up short on donations month after month. Perhaps you’ve heard? It is impossibly hard in the news business right now, with layoffs intensifying and fancy new startups and funding going kaput.

The crisis facing journalism and democracy isn’t going away anytime soon. And neither is Mother Jones, our readers, or our unique way of doing in-depth reporting that exists to bring about change.

Which is exactly why, despite the challenges we face, we just took a big gulp and joined forces with the Center for Investigative Reporting, a team of ace journalists who create the amazing podcast and public radio show Reveal.

If you can part with even just a few bucks, please help us pick up the pace of donations. We simply can’t afford to keep falling behind on our fundraising targets month after month.

Editor-in-Chief Clara Jeffery said it well to our team recently, and that team 100 percent includes readers like you who make it all possible: “This is a year to prove that we can pull off this merger, grow our audiences and impact, attract more funding and keep growing. More broadly, it’s a year when the very future of both journalism and democracy is on the line. We have to go for every important story, every reader/listener/viewer, and leave it all on the field. I’m very proud of all the hard work that’s gotten us to this moment, and confident that we can meet it.”

Let’s do this. If you can right now, please support Mother Jones and investigative journalism with an urgently needed donation today.

payment methods

AN IMPORTANT UPDATE

We’re falling behind our online fundraising goals and we can’t sustain coming up short on donations month after month. Perhaps you’ve heard? It is impossibly hard in the news business right now, with layoffs intensifying and fancy new startups and funding going kaput.

The crisis facing journalism and democracy isn’t going away anytime soon. And neither is Mother Jones, our readers, or our unique way of doing in-depth reporting that exists to bring about change.

Which is exactly why, despite the challenges we face, we just took a big gulp and joined forces with the Center for Investigative Reporting, a team of ace journalists who create the amazing podcast and public radio show Reveal.

If you can part with even just a few bucks, please help us pick up the pace of donations. We simply can’t afford to keep falling behind on our fundraising targets month after month.

Editor-in-Chief Clara Jeffery said it well to our team recently, and that team 100 percent includes readers like you who make it all possible: “This is a year to prove that we can pull off this merger, grow our audiences and impact, attract more funding and keep growing. More broadly, it’s a year when the very future of both journalism and democracy is on the line. We have to go for every important story, every reader/listener/viewer, and leave it all on the field. I’m very proud of all the hard work that’s gotten us to this moment, and confident that we can meet it.”

Let’s do this. If you can right now, please support Mother Jones and investigative journalism with an urgently needed donation today.

payment methods

We Recommend

Latest

Sign up for our free newsletter

Subscribe to the Mother Jones Daily to have our top stories delivered directly to your inbox.

Get our award-winning magazine

Save big on a full year of investigations, ideas, and insights.

Subscribe

Support our journalism

Help Mother Jones' reporters dig deep with a tax-deductible donation.

Donate