Revelations about the 19,252 emails leaked by WikiLeaks on the eve of the Democratic National Conventions (DNC) in Philadelphia almost derailed the Convention and threatened to undermine the campaign of the Democrat presidential candidate, Hillary Clinton. While the issue initially looked like another odd political twist in the saga of the US presidential elections, it soon became apparent that the leak actually had the potential to turn into a serious diplomatic crisis between the United States (U.S.) and Russia.
On the Democratic side, the Clinton campaign quickly blamed Russia of meddling in the presidential elections “for the purpose of helping Donald Trump”. On the Republican side, Donald Trump astonishingly encouraged Russia to find and make public missing emails deleted by his opponent. Kremlin, on the other hand, was quick to deny accusations that the Russian government was behind the recent intrusion, but its claims rang rather hollow in light of the “high confidence” the US intelligence agencies claimed to have in the quality of the forensic evidence gathered thus far.
To be sure, the Russians' possible responsibility for the DNC hack cannot be automatically conflated with the responsibility for the leak, which lies with Wikileaks, whose leader, Julian Assange, seems to view Clinton as a personal foe. That being said, the potential link between the DNC hack and a foreign power, which the FBI has now begun to probe, is politically explosive not only domestically, but also internationally. Whether the US will decide to respond to the breach by retaliation, indictment, sanctions or a combination of all, will arguably much depend on the results of the FBI investigation and on the domestic political ramifications of the leak.
In a paper I co-authored with Ashley Coward and published earlier this year in “Secret Diplomacy: Concepts, Contexts and Cases”, we argued that diplomatic responses to cyber-intelligence operations embraced a spectrum of positions from informal, low-profile type of interventions (e.g., downplaying of the incident, media leaks, unpublicised retaliation) to more formal, straight-talking forms of engagement (formal statements, sanctions, indictments). The intensity of the diplomatic reaction would depend on a combination of “push” (incentives) and “pull” factors (constraints) such as the degree of exposure of the incident in the public sphere, the nature of the relationship between parties, and concerns regarding the constraints the response might place on future actions.
Applied to this case, the DNC hack may escalate into a major diplomatic crisis if considerations favoring a showdown with Russia (“push” factors) will offset possible constraints on such action (“pull” factors). Similarly to the case of the Chinese military hackers indicted by the US Department of Justice for computer hacking in 2014, such a situation may occur if the US eventually decides the evidence concerning the alleged Russian involvement in the hack is too strong to be ignored politically, and hence a powerful message needs to be sent in order to deter the other party from engaging in similar actions in the future. However, this is not a foregone conclusion as questions concerning the attribution of the attack, the risk of disclosing valuable cyber tools and considerations of strategic nature may constrain crisis escalation.
At the moment, the “push” factors seem to have a slight advantage, at least in the short term. First, foreign interference in the US elections for the purpose of favoring one candidate over the other is clearly a major transgression, which requires a strong deterrent reaction from the U.S. Second, from a political perspective, the issue strongly favors Clinton as voters say, by a 47% margin, they're less likely to vote for a candidate if it's perceived Russia is interfering in the election to try to help them. However, it remains unlikely that President Obama would choose to escalate a diplomatic crisis with Russia just to support Hillary Clinton’s campaign. Third, the cyber-attack affected the DNC servers in the first instance, but the Clinton campaign appears now to have been also hacked, which makes one wonder whether revelations about the scope of the cyber-attack will stop here.
The “pull” factors are present, but not in a conclusive manner. As mentioned above, there is growing consensus among U.S. intelligence agencies that Russia was behind the DNC hack. The FBI investigation should be able to shed better light on the attribution matter in due course. Public revelations of the hack exposed serious vulnerabilities in the cyber security of the DNC and Clinton campaign, but failed to uncover much about the U.S.' offensive and defensive cyber capacities. This may change if the U.S. decides to retaliate. Most importantly, tough, Russia and the United States are currently collaborating on several important international files, including the conflicts in Syria and Ukraine, which may explain the rather muted reaction of John Kerry, the U.S. Secretary of State, to the DNC hack.
In view of this, one would expect the U.S. to choose an informal type of response for sending a strong message to Russia and not to escalate the matter, at least at this stage. The "professional" cyber-attack that the Russian Federal Security Service (FSB) recently complained about affecting 20 Russian government bodies sounds exactly like the type of informal reaction the U.S. might have decided to pursue. The matter is, however, not closed yet. A strong “pull” factor could be, for instance, the situation in which the FBI investigation would find solid evidence of systematic hacking by Russian authorities with the intention to influence the outcome of U.S. presidential elections. In this case, a full blown diplomatic crisis would be hard to avoid. On the other hand, geopolitical considerations could act as an important “pull” drive against escalation. The U.S. strategy to drive Daesh out of Mosul and Raqqa by the end of the year, would require, for instance, some form of Russian collaboration, especially for the post-military phase.