One post on YouTube claimed a voter registered to vote under a fake name. A tweet alleged thousands of 2020 ballots were tossed out. Another tweet claimed a voter used an alias to vote in person.
These are just a few of two dozen social media posts deemed to be misinformation and removed from online platforms this year at the request of a newly formed cybersecurity team within the California Secretary of State’s Office.
The Office of Election Cybersecurity in the California Secretary of State’s office monitored and tracked social media posts, decided if they were misinformation, stored the posts in an internal database coded by threat level, and on 31 different occasions requested posts be removed. In 24 cases, the social media companies agreed and either took down the posts or flagged them as misinformation, according to Jenna Dresner, senior public information officer for the Office of Election Cybersecurity.
“We don’t take down posts, that is not our role to play,” Dresner said. “We alert potential sources of misinformation to the social media companies and we let them make that call based on community standards they created.”
Even with the new cybersecurity efforts, misinformation still was a primary cause of frustration for California’s registrars of voters. A CalMatters’ survey of 54 of California’s 58 counties found that registrars dealt with everything from false or misleading information coming from the White House to all sorts of preposterous claims posted to the internet.
As the state works with social media companies to quell speech it considers misinformation, First Amendment advocates and privacy experts say they are concerned about increased censorship of online discourse and the implications of a database that stores posts indefinitely.
Protecting election integrity
The goal of the Office of Election Cybersecurity is to coordinate with county election officials to protect the integrity of the election process. Its duties also include monitoring and counteracting false or misleading online information regarding the electoral process and its integrity.
The office was established in 2018 because of foreign meddling in the 2016 election. With the passage of Assembly Bill 3075, the California state Legislature established the Office of Election Cybersecurity with an annual budget of $2 million.
One of the first things the Office of Election Cybersecurity did was launch a 2018 voter education awareness campaign called VoteSure that encouraged voters to be on the lookout for misinformation. Initial monitoring was sparse — the Office mostly followed hashtags and tracked narratives via a complaint database. Dresner centralized the monitoring when she joined the office in July, and created a formal tracking system.
In 2018, state officials also started developing relationships with federal intelligence agencies and reaching out to social media companies. The Office of Election Cybersecurity worked to fully understand what happened in the 2016 election and the extent of foreign interference, Dresner said. One of the federal agencies it began working with was the Cybersecurity and Infrastructure Security Agency — also a new agency formed in 2018, but with a multi-billion dollar budget and a national purview.
During the 2020 election, the office worked closely with CISA, the Stanford Internet Observatory, and other groups to measure the extent of misinformation facing Californians and Americans alike. Renée Diresta, research manager at the Stanford Internet Observatory, said that unlike the 2016 election, during which Americans saw disinformation generated and spread by foreign state actors, misinformation and conspiracy theories were largely generated domestically.
“Besides the incident with Iran that pushed the Proud Boys emails, most of the other actions taken by state actors appear to have been broadly attributable because they were put out by their [state-owned] media,” Diresta said.
“Even if they have no particular political candidate that they wanted to get behind, putting out that the American election is in chaos is beneficial to them.”
RENÉE DIRESTA, RESEARCH MANAGER AT THE STANFORD INTERNET OBSERVATORY
She saw foreign state media outlets take American social media posts and livestreams, repurpose them and then amplify them on foreign state media outlets to give a perception of widespread chaos.
“Presenting us as a nation in chaos that can’t get its election straight weakens the perception of the U.S. in the world abroad, which serves their broader interests,” Diresta said. “So even if they have no particular political candidate that they wanted to get behind, putting out that the American election is in chaos is beneficial to them.”
Diresta has been studying the effects of misinformation for five years and calls this period of cyberattacks a “warm war” — something that is a few steps beyond previous Cold War tactics between the U.S. and former Soviet Union, but stops short of open armed conflict.
“An information war is not the same thing as a war, but you can find a dynamic that is taking shape of all different factions fighting each other on the internet to try and gain attention to move policy or to move politicians,” Diresta said. “The introduction of foreign actors into that space, took it up to a level that we hadn’t seen before.”
Unintentional spread of inaccuracies
Those new levels of conflict are behind California’s decision to ramp up cybersecurity efforts to surveil the online posts of Californians.
Dresner is one of two people in the Office of Election Cybersecurity, which reports to Paula Valle, chief communications officer for the Secretary of State’s Office.
Dresner defines misinformation as “inaccurate information unintentionally spread.”
That might include posts that either break a platform’s community standards policy or posts that violate California election laws.
“If someone is offering to get paid to vote on a certain behalf, that would be an example,” she said.
“Every sort of misinformation requires a different tactic (of response) and it is a sort of ongoing process to determine what that is,” Dresner said. “There is no clear threshold, it is a fine line between opinion and misinformation.”
Whether the posts are removed is up to the social media companies. Dresner said the state does not have access to private Facebook groups, direct messages or similar social posts and communication.
Instead, the Office of Election Cybersecurity monitors what is playing out in the public sphere. Staff use commonly available services that allow users to set parameters for search options and others that charge for the monitoring itself.
Twitter for example has an option called TweetDeck, that allows users to view multiple columns of searches or feeds. To isolate a search column to a specific area, a user can enter what’s called a “geocode” to limit a search to that area.
Dresner said her office uses what they call a “Misinformation Tracker” to collect screenshots of posts and then they report each to the respective social media platform.
The office stores the screenshots indefinitely in the Misinformation Tracker to maintain a paper trail.
‘Indefinite seems unnecessary’
Such indefinite storage and the ways in which the state is surveilling its residents concerns David Greene, civil liberties director for the nonprofit Electronic Frontier Foundation.
“I don’t think the government should store any people’s personal information any longer than it needs to, indefinite seems unnecessary,” Greene said. “If there is some type of coordinated disinformation effort that poses a serious danger to the state, then I think they could retain it for investigative purposes, but you don’t want to be keeping dossiers just for the possibility that something may be useful for the future.”
Typically it is the federal government that removes content from websites, usually because it concerns instances of child abuse or what is known as Terrorist and Violent Extremist Content. Greene said he wasn’t surprised California is surveillancing misinformation, especially when it comes to election integrity, and he expects similar efforts surrounding coronavirus vaccinations. He just wants the state to be more transparent about what it is doing.
“To me this is something … they should do publicly and not behind the scenes,” Greene said. After all, California’s data privacy laws do not prohibit the state from looking at publicly available information.
For Dresner, she said she doesn’t think her office is violating the privacy of Californians.
“It is all public information and that is what we monitor, the public sphere,” she said. “We aren’t worried about what people are saying in the privacy of their own homes, we are worried about what they are putting out there for the world to see.”
* Katie Licari, a reporter at the UC Berkeley Graduate School of Journalism, contributed to this story.
* This coverage is made possible through Votebeat, a nonpartisan reporting project covering local election integrity and voting access. In California, CalMatters is hosting the collaboration with the Fresno Bee, the Long Beach Post and the UC Berkeley Graduate School of Journalism.
CalMatters.org is a nonprofit, nonpartisan media venture explaining California policies and politics.