Pillar 02 · 23 documents · 167 pages

China’s Acquisition and Exploitation of American Voter Data

This collection of 23 declassified U.S. intelligence records, emails, and oversight materials — released in early July 2026 by President Trump and Counsel to the President Warrington, and announced by the White House Government Transparency Task Force on July 13, 2026 — documents the People's Republic of China's acquisition and exploitation of American voter data across three election cycles. Heavily redacted intelligence reports describe PRC actors obtaining voter registration data from at least 18 states, possessing a 2016-vintage file of 204,822,241 U.S. voter records, downloading six states' voter rolls in January 2022, sharing seven states' 2020 voter data in 2023, and discussing targeting the 2024 elections. Companion assessments detail Beijing's plans to exploit U.S. societal fissures, blackmail a White House official, and shape the 2020 election environment. A second strand of the collection — internal NSA/ODNI email chains and an FBI Inspection Division review of a recalled Albany intelligence report — documents sharp internal disputes over whether the Intelligence Community deliberately downplayed China's election activity in 2020.

Election Integrity · From the White House release

Over a period of years starting during the 2020 election cycle, the People’s Republic of China carried out what is believed to be the largest compromise of election data in history—resulting in China’s illicit acquisition of 220 million U.S. voter files. That information includes names, addresses, phone numbers, political party preferences, and other sensitive data that would be needed to register to vote, and engage in other nefarious activities. This data loss presents an unprecedented election security nightmare. The intelligence even shows that China assigned a data exploitation unit specifically to this new project.

Members of the Deep State in our intelligence agencies worked to actively suppress and downplay information about the extent of China’s sinister election meddling—covering it up from both the President and the American People. U.S. spy agencies began learning about the compromise of voter registration files in 2020, when they discovered that tens of millions of voters’ data in 18 states had been bought, stolen, or hacked by China. Yet those responsible for sounding the alarm instead kept the information hidden.

By the numbers

What the documents record

204,822,241 records (45 GB)
U.S. voter records in PRC-held dataset (dated 2016)
PRC [REDACTED] Possesses List of Likely Leaked, Compromised Data that Included U.S. [REDACTED] Entities in 2019 →
18
States whose voter registration data a PRC entity obtained and analyzed
PRC [REDACTED] Analysis on U.S. Voter Registration Information [REDACTED] from 18 States, Plans to Conduct U.S. Person Matching and Public Opinion Analysis ("18 States Memo") →
over 8 million
North Carolina voters covered in obtained data
PRC [REDACTED] Analysis on U.S. Voter Registration Information [REDACTED] from 18 States, Plans to Conduct U.S. Person Matching and Public Opinion Analysis ("18 States Memo") →
97
List entries explicitly identified as originating from U.S. entities
PRC [REDACTED] Possesses List of Likely Leaked, Compromised Data that Included U.S. [REDACTED] Entities in 2019 →
28 million
U.S. citizen medical database records (with Social Security numbers) in PRC-held list
PRC [REDACTED] Possesses List of Likely Leaked, Compromised Data that Included U.S. [REDACTED] Entities in 2019 →
6 (CO, CT, FL, MI, OK, RI)
States' voter data downloaded by a PRC CNE actor on 14 January 2022
SUBSTANTIVE REVISION: Network Defense Notice: Publicly Available U.S. Voter Registration Information for Six U.S. States Downloaded from Commercial Websites by PRC CNE Actor in January 2022 →
under 11 hours (7:23 a.m. to 6:08 p.m.)
Time the Albany IIR survived before same-day recall (9/25/2020)
Albany Briefing Handout — FBI Inspection Division Strategic Review of the Albany IIR (Tabs 1–6, DRAFT) →
16 (of 'at least 18 states')
Jurisdictions named by the White House Task Force
Government Transparency Task Force Statement on PRC Compromise of State Voter Registration Rolls (States Statement) →
The record

What this collection contains

The collection's core allegation is bulk PRC acquisition of American voter data. A heavily redacted memo describes a PRC entity analyzing voter registration information "from 18 States" — including North Carolina data covering over 8 million voters and detailed Kansas PII fields — with plans "to Conduct U.S. Person Matching and Public Opinion Analysis" [1]. A companion report states that, as of 2019, a PRC entity possessed a list of leaked or compromised datasets with 97 entries explicitly of U.S. origin, including an unspecified U.S. voter file of 204,822,241 records (45 GB, dated 2016), eight named state voter databases, and a 28-million-record medical database with Social Security numbers [2]. Related reports document PRC awareness by mid-2020 of collected U.S. consumer, military, and voter registration databases, with Georgia and Iowa visibly named [3]; a PRC CNE actor's January 14, 2022 download of voter data for six states [4]; 2023 sharing of purchased 2020 voter data covering cities in seven states [5]; and 2023 discussions of targeting the 2024 elections and requesting a list of swing states [6].

Analytic products frame intent. CIA reporting from 2018-2020 states the PRC's "ultimate goal" was that the President not be re-elected, with tariffs aimed at his voters' states and plans to pay U.S. journalists [7]. A June 25, 2020 PDB assessed as credible a Chinese blackmail threat against a White House official [8], while three summaries describe extensive Chinese plans to exploit U.S. societal fissures via TikTok, Facebook, Twitter, and YouTube [9]. A July 2020 CIA WIRe described APT31 spear-phishing a presidential campaign and Chinese collection from voter databases [10], and the August 19, 2020 NICA judged China preferred President Trump's defeat and had expanded cyber collection of voter data [11].

The second strand documents internal dissent: an NSA analyst wrote in November 2020, "We have deliberately massaged our one pending PDB to avoid any direct links to the election" [12][13]; ODNI officials published an alternative analysis after CIA, FBI, and INR resisted a "China prefers" judgment [14][15][16]. A 2025 FBI review reconstructed the same-day recall of an Albany IIR alleging Chinese fraudulent-license production for mail-in votes, including a field agent's dissent that the withholding appeared political [17][18]. The Task Force statement announces the release and names 16 jurisdictions [19].

Themes in this collection
Bulk acquisition of voter data and PII

PRC entities obtained voter registration data from at least 18 states, held a 204.8-million-record U.S. voter file, downloaded six states' rolls in 2022, and shared seven states' 2020 data in 2023 — alongside consumer, military, and medical databases — for U.S. person matching, identity verification, and opinion analysis.

Chinese election influence planning

Reporting from 2018-2020 describes Beijing's goal that the President not be re-elected: tariff targeting of his voters' states, paying journalists and speakers, blackmail of a White House official, and plans to exploit societal fissures (race, immigration, COVID-19, guns) via TikTok, Facebook, Twitter, YouTube, and mainstream media.

IC internal disputes and alleged suppression

NSA/ODNI emails show an analyst saying a PDB was 'deliberately massaged' to avoid election links, ODNI officials publishing a dissenting alternative analysis over CIA/FBI/INR objections, and a 2021 email alleging inconsistent attribution of the same Chinese unit's activity.

The Albany IIR recall episode

An FBI raw report alleging Chinese production of fraudulent drivers licenses for mail-in votes was disseminated and recalled the same day (9/25/2020) at HQ direction; a 2025 Inspection Division review documents the recall chain, a field agent's dissent that it looked political, and FITF's refusal to reissue.

Continued targeting through 2024

2023-vintage reporting shows PRC actors sharing purchased 2020 voter data, asking about additional states, requesting lists of swing states, and discussing targeting the 2024 U.S. Congressional or Presidential elections.

The 2026 declassification

All records were declassified 3-10 July 2026 by President Trump and Counsel to the President Warrington, with originating agencies masked as 'SENSITIVE GOVERNMENT AGENCY,' and announced July 13, 2026 by the White House Government Transparency Task Force, which named 16 jurisdictions.

Chronology

Timeline drawn from the documents

Open the timeline 33 dated entries
2008 (since at least)
Chinese cyber actors conduct activity against every U.S. presidential election campaign
2009-2018
Primary date range of leaked/compromised datasets later found in PRC possession, including 204.8 million U.S. voter records (2016) and state voter databases (2017)
2017
A separate Chinese effort begins identifying e-mail addresses of high-level U.S. officials and requesting password cracking
mid-2018
CCP policy to leverage all elements opposed to the U.S. President; China analyzes 2016 results to target tariffs at states/sectors supporting the President's party; PRC's ultimate goal is that he not be re-elected
2018 (month redacted)
APT31 begins targeting personal e-mail accounts of senior U.S. leadership including Executive Office of the President officials, Congress, and the federal judiciary
January 2019 (since at least)
Lower-level Chinese officials recommend collecting and using 'black materials' against perceived anti-China U.S. officials
2019
PRC entity possesses list of compromised datasets with 97 U.S.-origin entries, several characterized as voter registration records; PRC analysis of voter registration data from multiple states for identity matching and opinion analysis
mid-2019
China assesses it should direct resources toward political swing states crucial to the 2020 election and seeks to pay U.S. journalists to write negative articles about the President
20 May 2020
APT31 has sent spear-phishing e-mails with tracking links to G-mail accounts of presidential campaign staffers
4 June 2020
Google publicly announces APT31 targeting of the campaign; Google and FBI brief campaign officials
25 June 2020
PDB article 'Beijing Escalating Efforts To Shape US Policies on China' assesses as credible a Chinese blackmail threat against a White House official
mid-2020
PRC entity aware of collection of U.S. consumer, military, and voter registration databases (Georgia and Iowa visibly named) supporting identity verification of U.S. persons
1 July 2020
CIA WIRe 'China: Cyber Activities Probably Prelude to Election Espionage' published; IC assesses China does not currently intend to covertly sway the election but activity could enable such operations
19 August 2020
NICA 'Foreign Threats to 2020 US Federal Elections' judges China prefers President Trump's defeat and has expanded cyber collection on candidates, campaigns, donors, and voter data
24 August 2020
FBI acquires single-source claim that China produced fraudulent U.S. drivers licenses to create tens of thousands of fraudulent mail-in votes for Joe Biden
27 August - 3 September 2020
Interagency fight over the China paragraph of the four-country election security graphic; CIA, INR, and FBI resist leading with 'China prefers that the President does not win reelection'; ODNI NIO-Cyber voices concern about 'politics seeping into this'
25 September 2020
FBI Albany disseminates IIR 4 212 7305 20 at 7:23 a.m.; after HQ DADs Floris and Ugoretz directly request it, the IIR is recalled at 6:08 p.m. the same day
1 October 2020
Albany intelligence analyst dissents in writing that withholding the IIR partly because it contradicted Director Wray's testimony 'goes directly against our organizations mission to remain apolitical'
5-7 October 2020
NIC director and NIO Cyber circulate an alternative analysis memo assessing Beijing took 'low-level, exploratory steps to denigrate the President'; NSA personnel report shared views suppressed because CIA and FBI 'seemed so adamant'
15 October 2020
FITF declines to approve reissue of the Albany IIR over sourcing concerns; draft IIR #2 deleted
29 October 2020
Michigan State Police search the office of a paid voter-registration canvassing supervisor, finding reloadable pay cards
20 November 2020
NSA analyst on the 45-day ICA China drafting team writes 'We have deliberately massaged our one pending PDB to avoid any direct links to the election'; ODNI NIO-Cyber charges the IC is avoiding election connections 'for non-substantive reasons'
23 November 2020
Chain escalated to DNI staff under subject 'NSA deliberately messaging elections PDB'; staffer concerned about analysis 'deliberately massaged' away from elections ahead of the 30 November ICA draft date
16 March 2021
FBI Opening EC: U.S. Attorney for W.D. Michigan commits to prosecute voter-registration canvassing subjects under 18 U.S.C. 1343 (Wire Fraud)
23 December 2021
ODNI NIO-Cyber emails that a new report attributes to the Chinese Government the same unit the IC declined to call election influence in 2020 — 'the same personnel doing the same kind of activity' — and urges oversight
14 January 2022
PRC CNE actor downloads publicly available voter registration data for Colorado, Connecticut, Florida, Michigan, Oklahoma, and Rhode Island from commercial websites; fails to download an Ohio voter registration application
2023 (month redacted)
PRC-linked party shares previously purchased 2020 U.S. voter registration data for cities within Arkansas, Colorado, Connecticut, Florida, Ohio, Michigan, and North Carolina; asks about Connecticut and Massachusetts data
July 2023 (day/year redacted; 2023 information)
PRC actors discuss targeting the 2024 U.S. elections, seek to observe an unidentified swing state's voting situation ahead of time, and request a list of swing states
7-20 July 2025
FBI Inspection Division Strategic Review of the Albany IIR recall reviews 58,220 items across 103 accounts and schedules roughly 30 interviews
May 2026
President Trump creates the Government Transparency Task Force within the White House Executive Office of the President
3 July 2026
President Trump declassifies the NICA, the NSA 'massaged PDB' email chains, the four-country graphic chain, and the December 2021 email
10 July 2026
Counsel to the President Warrington declassifies the voter-data intelligence reports, CIA WIRe, PDB, CIA Note, summaries, and approves release of the Albany briefing materials
13 July 2026
Government Transparency Task Force announces the disclosure, stating voter rolls from at least 18 states and more than 200 million voter records were compromised by the PRC, and names 16 jurisdictions
The documents

Every document in this collection

Summaries and key findings below are drawn solely from each document. Open the original PDF alongside any entry.

6 pages

PRC [REDACTED] Analysis on U.S. Voter Registration Information [REDACTED] from 18 States, Plans to Conduct U.S. Person Matching and Public Opinion Analysis ("18 States Memo")

CLASSIFICATION REDACTEDmemoheavy redactions

This heavily redacted memo reports that a Chinese entity analyzed voter registration records obtained from 18 U.S. states, including data on over 8 million North Carolina voters. The records included names, birth dates, addresses, party affiliation, and voting histories, which the memo says would be used to mine personal information and identify important U.S. targets. It also reports plans to keep collecting state voter data.

“Analysis on U.S. Voter Registration Information [REDACTED] from 18 States, Plans to Conduct U.S. Person Matching and Public Opinion Analysis;”

From this document, p. 1
Full summary & key findings

A Chinese government-linked entity obtained U.S. voter registration data from 18 states and analyzed it with plans to match records to specific Americans and conduct public-opinion analysis, this memo reports. The records were tied to U.S. midterm elections (the year is redacted), and surviving text says the data would be used for mining personally identifiable information on U.S. citizens, could serve as a resource to "analyze, discover" the identities of important U.S. targets, and would support opinion analysis on a U.S. general election — with plans to keep acquiring state voter files. Visible jurisdictions include Alaska, Connecticut, Florida, Maryland, New York, Washington, D.C., North Carolina (covering over 8 million voters), and Kansas. Kansas fields listed include names, birth dates, partial phone numbers, addresses, voting histories, military and party affiliation, and polling places; the memo says occupation and education data "was a priority." The issuing agency's identity is blacked out, masked as "SENSITIVE GOVERNMENT AGENCY."

  • A PRC entity conducted analysis on U.S. voter registration data obtained from 18 states, with title stating plans "to Conduct U.S. Person Matching and Public Opinion Analysis" (year references redacted).
  • The voter registration records were obtained from U.S. Mid-term Elections (election year redacted throughout).
  • The data contained personal identifiable information (PII) and, per the memo, would be used for mining PII on U.S. citizens.
  • The memo states the data could be used as a resource "to analyze, discover" the identities of important U.S. targets (surrounding text redacted).
  • The voter registration information would be used to conduct U.S. General Election opinion analysis (year redacted), and the actor planned to continue obtaining state voter registration data.
  • Visible affected jurisdictions include Alaska, Connecticut, Florida, Maryland, New York, Washington, D.C., North Carolina, and Kansas; at least two state names in the list are redacted (18 states total per the memo).
  • The North Carolina data contained information for over 8 million voters.
  • Kansas data PII fields listed: first/middle/last name and suffix; date of birth; telephone area code, exchange number, and last four digits; historical voting records; home and mailing address; military affiliation; political party affiliation; polling place name and address (some bullets redacted).
  • A first, more general list of data types on U.S. registered voters includes voter names, birth dates, home mailing address, and political party affiliation (one bullet redacted).
  • Some data included detailed historical records of voter ballot and polling records and election donation expenses, as well as demographic information.
  • Page 5 states that PII on U.S. citizens' occupation and education background "was a priority" (context redacted).
  • The memo was declassified by Counsel to the President Warrington on 10 July 2026; the originating agency banner is masked with the overlay "SENSITIVE GOVERNMENT AGENCY."
View original PDF 996 KB · 6 pp
24 pages

PRC [REDACTED] Possesses List of Likely Leaked, Compromised Data that Included U.S. [REDACTED] Entities in 2019; Data Sets Apparently Include Those Related to [REDACTED], and Voter Data / PII

CLASSIFICATION REDACTEDintelligence reportheavy redactions

This heavily redacted intelligence report says a Chinese entity possessed, as of 2019, a list of hacked or leaked data sets, including 97 tied to U.S. organizations. Among the holdings: about 205 million U.S. voter records from 2016, eight state voter databases, and a 28-million-record medical database with Social Security numbers. The report suggests bulk collection of Americans' personal information may have been the goal.

“Furthermore, these PII-related data sets included several characterized as voter registration records.”

From this document, p. 1
Full summary & key findings

A Chinese government-linked entity possessed, as of a redacted 2019 date, a catalog of leaked and compromised data sets — including an unspecified U.S. voter file of 204,822,241 records (45 GB, dated 2016) with names, ages, phone numbers, and addresses. The report counts 97 entries explicitly identified as U.S.-origin, mostly private companies, government organizations, and NGOs, with data primarily dated 2009-2018; most holdings were personal-information data sets, which the report says may indicate bulk collection of Americans' personal data was the goal. Tables list eight named-but-redacted state voter databases (three with 1,746,069, 7,893,248, and 5,578,302 records, all 2017), 7.42 GB of election-related emails from a named U.S. person, and a 28-million-record medical database with Social Security numbers. Government holdings included military maps, F-15 maintenance documentation (1998-2012), publicly released material on alleged NSA collection, and documents from four cleared defense contractors. The issuing agency's identity is blacked out, and pages 15-23 are almost entirely redacted.

  • A PRC entity (descriptor redacted) was in possession of a document as of [redacted] 2019 containing a list of compromised/leaked data sets and the data they yielded; most entries were targets in countries other than the U.S., with data primarily dated 2009-2018.
  • The list included 97 entries explicitly identified as originating from U.S. (and other redacted) entities; most of the data involved private companies, government organizations, and NGOs.
  • The majority of entities consisted of PII data sets, potentially indicating bulk collection of PII was the goal; several data sets were characterized as voter registration records.
  • Unspecified U.S. voter data: 204,822,241 records (45 GB), dated 2016, including voters' names, ages, phone numbers, and addresses; a file downloaded by a redacted person indicated his possible possession of this data.
  • Named U.S. state 1 voter database: 1,746,069 records (2017) including voter IDs, full names, current and previous addresses, birth dates, gender, and phone numbers.
  • Named U.S. state 2 voter database: 7,893,248 records (2017) including voter IDs, full names, current and former addresses, birth dates, gender, and citizenship information.
  • Named U.S. state 3 voter database: 5,578,302 records (6+ GB), dated 2017; five additional named U.S. state voter databases (states 4-8) are listed with volume, date, and contents unknown.
  • Emails from a named U.S. person: 7.42 GB, dated 2016, including election-related materials.
  • An unspecified U.S. citizen medical database of 28 million records included social security numbers; other PII targets included a named U.S. medical group, biogenetics group, school, and business services company.
  • Compromised-website holdings included email addresses, passwords, domain names, login IDs, and account numbers from named U.S. web services companies, plus 'America' Exploit.in data, www.mac-torrents.com, and biige.com (2014).
  • U.S. government data holdings included military maps from a named U.S. publisher (2017), publicly released information about alleged NSA intelligence collection activities (2013-2016), F-15 fighter jet maintenance and technical documentation dated 1998-2012, and documents/emails from four named U.S. cleared defense contractors (2012-2017).
  • Sections also cover U.S. social networking companies (at least six, unnamed), U.S. NGOs, religious groups, labor organizations, a lawyer association, a law enforcement association, a trade association, a think tank, a travel company, and U.S. government entities, though nearly all details are redacted.
View original PDF 3.4 MB · 24 pp
White House Task Force on Government Transparency July 13, 2026 1 page

Government Transparency Task Force Statement on PRC Compromise of State Voter Registration Rolls (States Statement)

unmarkedstatement

In this July 13, 2026 statement, a White House transparency task force announces its first release of newly declassified intelligence records. The statement says the records show China compromised voter registration rolls in at least 18 states, plus more than 200 million voter records not tied to specific states. It names 16 jurisdictions, including Florida, Georgia, Michigan, New York, and Washington, D.C., and says President Trump is alerting Congress and state leaders.

“The declassified intelligence reveals that voter registration rolls from at least 18 states (not all identified by name) have been compromised by the People’s Republic of China (PRC).”

From this document, p. 1
Full summary & key findings

The statement announces declassified U.S. Intelligence Community records showing that voter registration rolls from at least 18 states — not all identified by name — were compromised by the People's Republic of China, and that additional intelligence records show more than 200 million voter records were also compromised by the PRC without state-specific affiliations. This is the first disclosure by the White House Task Force on Government Transparency, which President Trump created in May 2026 within the Executive Office of the President to advise him, through the Counsel to the President, on documents to declassify or release. The records were declassified the week before the July 13, 2026 statement under Trump's direction. The statement says Trump is alerting Congressional and state government leaders to election infrastructure vulnerabilities, and it names 16 jurisdictions from the declassified records: Alaska, Arkansas, Colorado, Connecticut, the District of Columbia, Florida, Georgia, Iowa, Kansas, Maryland, Michigan, New York, North Carolina, Ohio, Oklahoma, and Rhode Island.

  • The Government Transparency Task Force was created by President Trump in May 2026 within the White House Executive Office of the President, advising him through the Counsel to the President on documents to declassify and/or release publicly.
  • The July 13, 2026 statement announces the task force's first disclosure of U.S. Intelligence Community records, declassified the prior week under the direction of President Trump.
  • The declassified intelligence reveals that voter registration rolls from at least 18 states (not all identified by name) have been compromised by the People's Republic of China (PRC).
  • Additional intelligence records reveal that more than 200 million voter records were also compromised by the PRC, without state-specific affiliations.
  • President Trump is alerting Congressional and state government leadership officials to election infrastructure vulnerabilities in the states identified by name in the declassified intelligence records.
  • The statement names 16 jurisdictions identified in the declassified records: Alaska, Arkansas, Colorado, Connecticut, District of Columbia, Florida, Georgia, Iowa, Kansas, Maryland, Michigan, New York, North Carolina, Ohio, Oklahoma, and Rhode Island.
  • The named list contains 16 jurisdictions (including the District of Columbia), while the statement itself says 'at least 18 states,' noting not all were identified by name.
View original PDF 176 KB · 1 pp
National Security Agency and Office of the Director of National Intelligence November 20, 2020 8 pages

RE: (U) Note to Election Threat 45 day ICA China Section Drafting Team (NSA–ODNI email chain, Nov 4–20, 2020)

CLASSIFICATION REDACTEDemailmoderate redactions

In this November 2020 email chain, an NSA analyst wrote that the agency had "deliberately massaged" a report headed for the President's daily intelligence briefing to avoid direct links to the election, and that a large report was split into 13 pieces. A senior cyber intelligence official replied that reporting showed China "caught conducting election influence" and called the handling highly irregular.

“We have deliberately massaged our one pending PDB to avoid any direct links to the election.”

From this document, p. 5
Full summary & key findings

An NSA analyst wrote on November 20, 2020 that the agency had "deliberately massaged our one pending PDB" — a report headed for the President's Daily Brief — "to avoid any direct links to the election," and that a "massive report" had been "chopped up into 13 reports" unlikely to issue until late the next week. The email chain, spanning November 4-20 among NSA and ODNI officials drafting the China section of the post-election 45-day Intelligence Community Assessment, shows escalating alarm: ODNI's Director of Election Threat Analysis responded, "The mind boggles," and the National Intelligence Officer for Cyber wrote that pending reporting "makes it clear China has been caught conducting election influence" while the intelligence community was "deliberately avoiding mentioning a connection to elections for non-substantive reasons" — "a highly irregular way to do things." The chain culminates with the IC Analytic Ombudsman citing "an opportunity to prevent an analytic objectivity mistake" and asking who could decide to "reconnect the thread on election security." Names and classification markings are redacted throughout.

  • An NSA Strategic Intelligence Analyst in China & North Korea Strategic Assessments wrote on Friday, November 20, 2020 at 8:22 AM that NSA had "deliberately massaged our one pending PDB to avoid any direct links to the election."
  • The same NSA analyst stated that "the massive report we have been waiting on has been chopped up into 13 reports" that likely would not be released until late the following week, with many/all to be cross-posted or downgraded so they could be incorporated into the 45-day piece.
  • The chain concerns drafting the China section of the "Election Threat 45 day ICA" — the post-2020-election Intelligence Community Assessment — organized by NSA's Cryptologic National Intelligence Officer (CNIO) for Cyber and Election Threats & Security starting November 4, 2020.
  • ODNI's National Intelligence Officer for Cyber (NIO-Cyber) wrote on November 20 at 12:55 PM (Importance: High) that pending reporting "makes it clear China has been caught conducting election influence," at least as described to his office.
  • The NIO-Cyber charged that "the IC is deliberately avoiding mentioning a connection to elections for non-substantive reasons," describing it as an example of a pattern he had been raising "since the summer," and called the PDB handling "a highly irregular way to do things," noting his tradecraft and substantive objections to the mainline analysis were not being incorporated or even mentioned.
  • ODNI's Director of Election Threat Analysis (National Intelligence Council/DNI Election Threat Executive) reacted at 10:48 AM: "Their PDB isn't going to tie to the election? The mind boggles."
  • In a 10:02 AM email, the Director of Election Threat Analysis said the China drafting group appeared to be waiting for the new [redacted]/PDB before feeding it into the ICA, urged commenting on how the new information relates to the election story, and noted "NIO Cyber and I think the new info is highly relevant, though I realize we're in the minority there."
  • The top email (November 20, 2020, 1:49:13 PM), signed by the Chief of Solutions Group ODNI/DMI/MPAC — also Executive Secretary of the National Intelligence Analysis Board and National Intelligence Collection Board, and IC Analytic Ombudsman — stated "we see an opportunity to prevent an analytic objectivity mistake from happening" and asked who the decision maker would be "to reconnect the thread on election security to what is about to go out."
  • NSA's CNIO for Cyber and Elections confirmed on November 20 at 9:20 AM that cross-posting into various [redacted] systems or downgrading classification for the 45-day piece was acceptable so long as appropriate versions existed; the ODNI Director of Election Threat Analysis thanked NSA for "making election-relevant [redacted] usable."
  • The document bears a red stamp reading "DECLASSIFIED BY PRESIDENT TRUMP on 3 July 2026"; all original classification markings, names, and contact details are redacted, and page 8 consists entirely of redacted classification/declassification boilerplate blocks.
View original PDF 1.1 MB · 8 pp
Federal Bureau of Investigation 35 pages

Albany Briefing Handout — FBI Inspection Division Strategic Review of the Albany IIR (Tabs 1–6, DRAFT)

UNCLASSIFIED//FOUObriefingmoderate redactions

This draft FBI internal-review briefing examines a report the FBI's Albany office sent out on September 25, 2020, claiming China was making fake U.S. driver's licenses to generate mail-in votes for Joe Biden. Headquarters officials had it recalled the same day; the tip came from a new, uncorroborated source. The briefing notes one agent objected in writing that withholding it seemed political, and the report was never reissued.

“Chinese Government Production and Export of Fraudulent US Drivers Licenses to Chinese Sympathizers in the United States, in Order to Create Tens of Thousands of Fraudulent Mail-in Votes for US Presidential Candidate Joe Biden”

From this document, p. 35
Full summary & key findings

Two senior FBI headquarters officials — Counterintelligence Division deputy assistant director Nikki Floris and Cyber Division deputy assistant director Tonya Ugoretz — directly requested the same-day recall of an Albany field office intelligence report claiming the Chinese government was exporting fraudulent U.S. driver's licenses to create tens of thousands of fake mail-in votes for Joe Biden, this Inspection Division draft review shows. The report went out at 7:23 a.m. on September 25, 2020, to CIA, NSA, DHS, and other agencies, and was pulled at 6:08 p.m.; Albany initially refused, believing it met dissemination standards. Skype logs show Floris writing "another fucking IIR went out re election security," while a 9/29/2020 Albany email warned the reporting contradicted Director Wray's congressional testimony, and one agent's written dissent called the withholding political. The sourcing — a newly opened informant relaying an uncorroborated sub-source claim of contact with Chinese officials — led headquarters to refuse re-issue; the redraft was deleted 10/15/2020. The 2025 review examined 58,220 items across 103 accounts; Albany's was its only recall among 86 reports that year, against roughly 1,130 FBI-wide recalls since 2019.

  • FBI Albany disseminated IIR 4 212 7305 20 at 7:23 a.m. on 9/25/2020 and recalled it at 6:08 p.m. the same day; the Sentinel record states it was recalled "in order to re-interview the source."
  • The recalled IIR was titled "SUBSTANTIVE RECALL - Chinese Government Production and Export of Fraudulent US Drivers Licenses to Chinese Sympathizers in the United States, in Order to Create Tens of Thousands of Fraudulent Mail-in Votes for US Presidential Candidate Joe Biden, in late August 2020" (file 802I-AL-49205-INTELPRODS 207).
  • Recall flow chart and email timeline show FBI Albany initially declined to recall (SIA: Albany believed the IIR met DRAIN), then reversed after an ASC relayed that Cyber DAD and CD DAD were "directly requesting it be recalled"; ASC named "Nikki Floris (CD) and Tonya Ugoretz (Cyber)" as the DADs Albany could cite.
  • Skype log shows CD DAD Floris messaging CyD DAD Ugoretz on 9/25/2020: "another fucking IIR went out re election security"; Ugoretz replied on FBINET "Thanks. This is fun." and by email "oh crap / how's the sourcing on the new IIR?"
  • The IIR's source was a collaborative CHS with indirect access, opened by the FBI on 14 August 2020; information was acquired 24 August 2020 from an identified sub-source in China claiming contact with unidentified PRC government officials; corroboration: None; original context statement flagging questionable veracity was reworded before release.
  • The recalled IIR (DTG 2009252204Z, original DTG 2009251123Z, FM DIRECTOR FBI) had been disseminated to all FBI field offices plus CIA, DIA, NSA, DNI, DHS, DOJ, State, Treasury, DEA, Coast Guard, multiple combatant commands, and AMEMBASSY Beijing; NSCLB had reviewed it 9/24/2020 with "no objections/comments."
  • A 9/29/2020 Albany email (A/CRO) stated the reporting "contradicts Director Wray's testimony to Congress" and urged being ready to "back up the IIR" and "treat it like it will be going in front of the President," adding skepticism because portions regarding COVID "veer into conspiracy theories."
  • A 10/1/2020 dissent email from an Albany IA objected that citing contradiction of Director Wray's testimony "implied to me that one of the reasons we aren't putting this out is for a political reason, which goes directly against our organizations mission to remain apolitical."
  • New HQ coordination rules followed: RICU guidance of 9/28/2020 (re-sent 9/30 to all FBI intel leaders) directed CROs, handling agents, and EIAs to coordinate with FITF, Cyber, and/or CID election teams prior to disseminating IIRs related to the 2020 elections; on 9/28/2020 Floris messaged an OGA contact that all election-related IIRs must come through FITF/HQ, adding "i'm basically running a shadow government across the FBI at this point."
  • Re-issue never occurred: FITF-China told Albany on 10/8/2020 it had "not approved a reissue, specifically because of our concerns that the reporting is not authoritative"; an SSA emailed SAC Thomas Relford agreeing, and the IA deleted draft IIR #2 on 10/15/2020 due to "Internal Coordination."
  • FITF-China issued leads to FBI Chicago (9/28 and 9/29/2020) to determine via CBP whether fraudulent driver's licenses seized from China were used to register to vote; CBP responded 10/5/2020 that it keeps no list of names/addresses and that the overwhelming majority of such documents are procured by teens aged 18–20 to circumvent alcohol laws.
  • On an unmuted 10/7/2020 Skype call an Albany A/CRO told FITF personnel "between us, I wouldn't' have put it out, but my CRO did, and now I think everyone is afraid of being viewed as partisan," and separately said he was "getting pressure from the supervisors and ASAC" to reissue and that "no one wants to show up in an IG report."
  • Recall statistics (per Sentinel): approximately 1,130 FBI recalls from 01/01/2019 to June 2025 — 519 substantive, 593 administrative, 18 FISA-compliance; Albany Field Office published 86 IIRs in 2020 with exactly 1 recall (the election IIR).
  • The 2025 Inspection Division review examined 58,220 items across 103 accounts (21,456 FBINET emails, 24,289 Skype messages, 10,351 UNET emails, 692 texts, 1,432 SCINET emails) and scheduled roughly 30 interviews July 10–16; the row for Nikki Floris is marked "Unable to contact."
  • A 9/28/2020 (annotated 9.28.25) IM log shows an OGA Directorate of Intelligence contact telling Floris "The Director has the original in his book this AM" — the PDB briefer was asking about the recalled China IIR serial — while no revision had yet been pushed out.
View original PDF 8.7 MB · 35 pp
Central Intelligence Agency July 1, 2020 2 pages

China: Cyber Activities Probably Prelude to Election Espionage (CIA WIRe, WIRe2020-05063)

CLASSIFICATION REDACTEDintelligence assessmentmoderate redactions

This July 2020 CIA report warns that Chinese hackers were spying on the 2020 presidential race, saying China has probed every presidential campaign since at least 2008. It reports one hacking group sent fake emails to Joe Biden campaign staffers' Gmail accounts by May 2020, and that Chinese hackers gathered data from voter databases and a polling firm. Analysts judged China was gathering information, not trying to swing the election.

“China is probing the presidential campaign for opportunities to tailor collection and gather insight on policy positions on US-Chinese issues.”

From this document, p. 1
Full summary & key findings

The CIA's World Intelligence Review assesses that Chinese cyber activity in mid-2020 was probably a prelude to election espionage: Beijing was probing the presidential campaign to tailor intelligence collection and gauge policy positions on US-China issues, as Chinese actors have done in every presidential race since at least 2008. The article reports that since 2018 the hacking group known commercially as APT31 targeted personal email of senior US leaders — Executive Office of the President officials, high-ranking executive branch officials, Congress, and the federal judiciary — while a separate effort since 2017 identified high-level officials' email addresses for password cracking. In the first direct campaign targeting of the 2020 cycle, APT31 sent spear-phishing emails with tracking links to Gmail accounts of the former Vice President's campaign staffers as of 20 May; Google announced it 4 June, and Google and the FBI briefed the campaign. Chinese actors also collected election data from voter databases, a polling firm, political and nonprofit groups, fundraisers, and campaign advisers. The intelligence community judged China did not then intend to covertly sway the outcome, though the activity could enable such operations; sourcing passages and the closing paragraph are heavily redacted.

  • China is probing the presidential campaign to tailor collection and gather insight on US-Chinese policy positions; Chinese cyber actors have conducted such activity in every US presidential election campaign since at least 2008.
  • Since [redacted] 2018, Chinese cyber actors known in the private sector as APT31 have targeted personal e-mail accounts of senior US leadership, including officials in the Executive Office of the President, high-ranking Executive Branch officials, Congress, and the federal judiciary.
  • Since 2017, a separate [redacted] has worked with the [redacted] to enable more stealthy operations by identifying e-mail addresses of high-level US officials, then requesting that [redacted] obtain or crack the passwords for targeted accounts.
  • As the 2020 election approached, the IC detected Chinese state-sponsored cyber actors targeting the former Vice President's presidential campaign, probably to gather intelligence enabling future operations — the first instance that election cycle of direct targeting of a US presidential campaign.
  • The IC assessed China did not currently intend to covertly interfere to sway the election outcome, although the activity could enable such operations if Beijing decided to do so.
  • As of 20 May (2020), APT31 actors had sent spear-phishing e-mails containing tracking links to the G-mail accounts of staffers associated with a presidential campaign; on 4 June, Google announced APT31 was targeting the campaign.
  • Google and the FBI both briefed campaign officials shortly after discovering the activity; Google officials publicly stated the spear-phishing attempts were unsuccessful (remainder of bullet redacted).
  • During the past year, Chinese cyber actors collected US election-related information from US voter databases, a polling data company, political and nonprofit organizations, fundraisers, and advisory organizations for political campaigns.
  • APT31's tracking-link method suggests Chinese operators are mapping the target network for follow-on approaches, possibly including tasking campaign staffers' e-mail accounts in the Chinese military's signals intelligence system for collection.
  • Tracking links collect metadata such as internet activity and system information that operators can use to exploit accounts and identify other targets; opening a tracking-link e-mail — even without clicking links — would confirm an active account and narrow the target set.
  • Knowledge of a campaign official's operating system and software would let cyber actors determine whether they could quickly exploit known vulnerabilities or needed to develop malware for undetected access.
  • The article was produced jointly under the auspices of the Chief of Analysis, [redacted], the FBI, and the NSA; document number WIRe2020-05063; declassified by Counsel to the President Warrington on 10 July 2026.
View original PDF 510 KB · 2 pp
ODNI/National Intelligence Council December 23, 2021 1 page

Email: "Everyone's favorite topic" (December 23, 2021)

CLASSIFICATION REDACTEDemailmoderate redactions

In this December 23, 2021 email, a senior cyber intelligence official complains that an unnamed report uses the same evidence used in 2020 — when analysts said a Chinese unit was not trying to influence elections — to now claim that same unit is influencing a foreign election. Calling it "a weird coincidence" worth flagging to overseers, the official asks on what "logical, non-partisan basis" analysts label identical activity election influence abroad but not in the U.S.

“It cites some of the same intel and logic used in 2020 to say that these same units were NOT engaged in election influence but were instead only issue-focused”

From this document, p. 1
Full summary & key findings

The intelligence community's top cyber officer accuses colleagues of inconsistency: the same intelligence and logic used in 2020 to argue certain Chinese units were NOT engaged in election influence — merely "issue-focused" — is now, per an unnamed report, being used to argue China IS influencing a (redacted) election. Writing under the subject line "Everyone's favorite topic," the National Intelligence Officer for Cyber at the Office of the Director of National Intelligence urges recipients to read the report, noting it attributes (redacted) activity to "the Chinese military" even though in 2020 the intelligence community said it did not know who was responsible. The sender says the report describes the very unit that the sender and a redacted colleague — co-authors of a dissenting minority report on 2020 election influence — had flagged as influencing the U.S. 2020 election, calling it "a weird coincidence" that should be raised with oversight. The email closes by asking on what "logical, non-partisan basis" the same unit's identical activity counts as "election influence" abroad but only "issue influence" at home; a sentence beginning "FBI and" is almost entirely blacked out.

  • The email asserts an unnamed report uses some of the same intelligence and logic used in 2020 -- then to say certain Chinese units were NOT engaged in election influence, only 'issue-focused' -- to now argue China IS influencing a (redacted) election.
  • The report cites (redacted) activity as being 'the Chinese military' even though, per the sender, in 2020 the IC said it did not know who it was.
  • The sender states the report describes the same unit that the sender and a redacted colleague said were influencing the US 2020 election, now characterized as an election-influence unit attributed to the Chinese Government.
  • The sender calls this 'a weird coincidence' and says it should be highlighted for oversight; a follow-on sentence beginning 'FBI and' is almost entirely redacted (about two lines).
  • The report allegedly cites as support some of the same reporting used in 'the mainline assessment in our minority report' -- indicating the sender co-authored a minority (dissenting) report on 2020 election influence.
  • The sender questions the IC's 'logical, non-partisan basis' for calling the unit's activity 'election influence' in two redacted foreign contexts 'to promote China's interests' but 'issue influence' and not election-related in the US.
  • Sender is identified by title as National Intelligence Officer - Cyber, ODNI/National Intelligence Council; name, From/To/Cc lines, and all phone/email contact details are redacted.
  • Original classification banner and the Classified By / Derived From / Declassify On lines are all redacted; the PDF carries the stamp 'DECLASSIFIED BY PRESIDENT TRUMP on 3 July 2026.'
View original PDF 191 KB · 1 pp
ODNI and National Security Agency November 4, 2020 6 pages

Email chain: "NSA deliberately messaging elections PDB" / "(U) Note to Election Threat 45 day ICA China Section Drafting Team"

CLASSIFICATION REDACTEDemailheavy redactions

In this heavily redacted email chain from November 2020, a National Security Agency analyst wrote, "We have deliberately massaged our one pending PDB to avoid any direct links to the election," referring to the President's daily intelligence briefing. The emails say a large report was split into 13 smaller ones. When the messages reached the national intelligence director's office on November 23, a staffer wrote they would be concerned about why analysis was being steered away from elections.

“We have deliberately massaged our one pending PDB to avoid any direct links to the election.”

From this document, p. 3
Full summary & key findings

An NSA analyst wrote on November 20, 2020 that "We have deliberately massaged our one pending PDB to avoid any direct links to the election" — the PDB being the President's Daily Brief. The same email says a "massive report" NSA had been awaiting was "chopped up into 13 reports," unlikely to be released until late the following week, with many to be cross-posted or downgraded for easier incorporation into the 45-day election-threat intelligence assessment on China. The chain reached ODNI staff on November 23 under the subject "NSA deliberately messaging elections PDB." One DNI staffer replied, "I'm not sure what to make of this. If this is off, why does [redacted] say, 'ok'?" Another wrote, "I would be concerned as to why they are 'deliberately massaging' analysis away from elections," and described a larger NSA effort to consolidate reporting for the 45-day report, with regional intelligence officers checked on progress toward the November 30 draft date. All names and specifics of the downgrading are redacted.

  • An NSA analyst wrote on November 20, 2020 (8:22 AM): "We have deliberately massaged our one pending PDB to avoid any direct links to the election."
  • The same email states the "massive report" NSA had been waiting on was "chopped up into 13 reports" that likely would not be released until late the following week; many/all would be cross-posted or downgraded (terms redacted) for incorporation into the 45-day piece.
  • The chain was escalated to ODNI staff under the subject line "NSA deliberately messaging elections PDB" on November 23, 2020.
  • A DNI staffer (Nov 23, 2:18 PM) wrote that the PDB "apparently they've worded away from elections" and "I would be concerned as to why they are 'deliberately massaging' analysis away from elections"; the PDB was not confirmed cancelled but might be "further delayed pending the upcoming releases."
  • The same DNI email describes "a larger effort in NSA" to get all [redacted] reporting needed for the 45 day report into [redacted] "for ease of reporting," noting "we have this request into all the agencies."
  • DNI staff asked two (redacted) individuals to check with the regional NIOs on progress toward the 30 November date on the ICA draft, per an email exchange with the DNI.
  • Another DNI staffer (Nov 23, 1:45 PM) wrote: "I'm not sure what to make of this. If this is off, why does [redacted] say, 'ok'?"
  • The thread originates from a November 4, 2020 12:58 PM note by NSA's Cryptologic National Intelligence Officer (CNIO) for Cyber and Election Threats & Security to the Election Threat 45 day ICA China Section drafting team, asking co-drafters to cc a list for visibility; the sentence about what they "optimally would like to keep" is redacted.
  • On November 20 (9:20 AM) the CNIO for Cyber and Elections replied regarding cross-posting/downgrading for the 45 day piece: "if you make sure there are [redacted] versions, we're good."
  • Participants' organizational identifiers include NSA C1205, the Cryptologic National Intelligence Officer Council, Office of Strategic Analysis, Information & Intelligence Analysis, Directorate of Operations (NSA), an Election Security Group logo block, a Strategic Intelligence Analyst in China & North Korea Strategic Assessments, and the National Intelligence Officer - Cyber at ODNI/National Intelligence Council.
  • The document bears a red stamp "DECLASSIFIED BY PRESIDENT TRUMP on 3 July 2026"; all original classification markings, names, and email addresses are blacked out.
  • The first bullet of the Nov 23 2:18 PM email appears verbatim as "i Jeremy One, the PDB which apparently they've worded away from elections. I haven't seen the draft ([redacted]?)".
View original PDF 2.1 MB · 6 pp
National Intelligence Council / DNI Election Threat Executive, with NSA participants October 7, 2020 8 pages

RE: (U) RE: For IC coord by Wed. 7 Oct.: NIC alternative analysis on china/election

CLASSIFICATION REDACTEDemailheavy redactions

In this October 2020 email chain, senior intelligence officials plan a dissenting memo arguing China had taken "low-level, exploratory steps" to denigrate the President before the election. An NSA analyst wrote that colleagues shared this view but stayed quiet because the FBI and CIA seemed so adamant. The lead official said arguing with those agencies had cost "political capital."

“we assess that Beijing has taken some low-level, exploratory steps to denigrate the President and shape voter perceptions ahead of the election.”

From this document, p. 7
Full summary & key findings

Senior intelligence officials announced on October 5, 2020 that they would publish an "alternative analysis" memo dissenting from the intelligence community's mainline view on China and the election, with its lead judgment that Beijing had taken "some low-level, exploratory steps to denigrate the President and shape voter perceptions ahead of the election." The email chain, between the National Intelligence Council's Director of Election Threat Analysis and an NSA counterintelligence expert on East Asia, says the memo would be labeled as the view of the National Intelligence Officer for Cyber and the director only, would "most likely not" incorporate comments, but would carry a text box presenting the mainline view, with input due by close of business October 7. The NSA expert wrote that "everyone around the table at NSA" shared similar views but stayed quiet because FBI and CIA "seemed so adamant"; the director replied that some CIA analysts agreed and that arguing with CIA and FBI had cost "political capital." A later email notes an analytically focused NSA senior endorsed the piece — "a big deal." The roughly 60-line distribution list and all names remain redacted.

  • The Director of Election Threat Analysis (NIC/DNI Election Threat Executive) and NIO Cyber announced on October 5, 2020 that they would publish an alternative analysis NIC memo on China and the election, differing from IC production to date, with community input due by COB Wednesday 7 October 2020.
  • The alternative analysis lead, in "short non-compartmented form": Beijing had taken "some low-level, exploratory steps to denigrate the President and shape voter perceptions ahead of the election."
  • The memo was to be clearly labeled as the perspective of NIO Cyber and the NIC director only; the authors wrote they would "most likely not be taking comments on board; we already know most of you disagree," but included a large text box presenting the IC mainline view, intended to show "an honest analytic difference, not to set up a straw man."
  • An NSA counterintelligence SME (East Asia CI Division, Operations/IIA/Office of East Asia Pacific) wrote on October 6, 2020 that during the last COI meeting "everyone around the table at NSA" had similar thoughts but many were reticent to express them because FBI and CIA "seemed so adamant about their stances."
  • The NIC director replied that they had "heard a few other similar comments from some analysts in CIA, though not in the main China office," and had "burned enough political capital arguing with CIA and FBI" to sit the discussion out, adding: "I'm not sure why so many in the community want to close down the possibility that China might have done or be doing *something.*"
  • On October 7, 2020, an NSA reviewer wrote that the piece "speaks exactly to what has been on my mind but what was left out of the mainline IC assessment," and a DNI official noted a supportive NSA senior was "one of the few seniors that remained analytically focused, so having him on board is a big deal."
  • The piece and its IC Mainline Analysis text box used different (redacted) sourcing/handling levels; the sender offered access to those with at least a (redacted) clearance and noted formatting issues were still being fixed.
  • The original October 5, 2020 4:36 PM email went to a very large distribution list — roughly 60 lines of recipients fully redacted, spanning pages 4-6; page 5 is entirely blacked out.
  • The chain was declassified by "COUNSEL TO THE PRESIDENT WARRINGTON" on 10 July 2026; all names, email addresses, classification banners, and Classified By/Derived From/Declassify On blocks remain redacted.
View original PDF 928 KB · 8 pp
Multi-agency chain: ODNI/National Intelligence Council, CIA, FBI Foreign Influence Task Force – China, State Department INR/EAP, and EEMC/RUMB/Strategic & Asymmetric Warfare September 3, 2020 24 pages

RE: (U) RE: Please coord by COB 9/1: 4 country election security graphic

CLASSIFICATION REDACTEDemailheavy redactions

These emails from late August and early September 2020 show intelligence agencies arguing over how to describe China in a public-facing election-threat graphic. One office wanted to lead with "China prefers that the President does not win reelection," while the CIA, State Department, and FBI preferred saying China was not trying to influence the outcome for either candidate. One senior analyst wrote he was "concerned about politics seeping into this."

“I am concerned about politics seeping into this. There's no reason we can't say that we have [redacted] confidence, etc. That they have a preference.”

From this document, p. 1
Full summary & key findings

CIA, State Department intelligence analysts, and the FBI pushed back on leading a 2020 election-security graphic with the judgment "We assess that China prefers that the President does not win reelection," proposing instead that it open with the assessment that China was not at that time trying to influence the presidential election's outcome for either candidate. The emails (August 27 to September 3, 2020) coordinate the China paragraph of an intelligence community graphic covering Russia, China, Iran, and a fourth country. The National Intelligence Council's election threat team argued the preference line was needed since the Russia and Iran sections included preferences. State's intelligence bureau wrote that positive evidence suggested China probably was not interfering and that the China-watching consensus (its bureau, CIA, NSA, FBI) shouldn't be rewritten; the FBI concurred. Both versions kept the line that China judged the risk of being caught outweighed any gains. Internal Office of the Director of National Intelligence emails asked whether agencies wanted them to "self-censor," with the cyber intelligence officer "concerned about politics seeping into this."

  • The chain coordinates a four-country IC graphic, "Election Security: Status of Adversary Efforts TO Influence the 2020 US Presidential Election, as of 25 August," mentioning Russia, China, Iran, and a fourth country whose name is redacted; comments were due COB Tuesday, 1 September 2020.
  • Core dispute: NIC's draft led the China paragraph with "We assess that China prefers that the President does not win reelection"; CIA proposed replacing it with "We assess that China is not at this time trying to influence the outcome of the presidential election in favor of one candidate or another."
  • Both CIA and NIC versions kept the judgment: "we assess at this time China probably judges the risk of being caught interfering in the US election outweighs any potential gains."
  • State/INR wrote that the IC possesses positive evidence about China's intent suggesting China probably is not interfering, that China's policy-focused influence efforts are not election interference, and that requiring evidence to disprove alternatives "sets an artificially high bar."
  • INR stated there is "relative consensus within the China-watching community (INR, CIA, NSA, FBI)" and that the NIC election threat team should insert its views as a standalone dissent rather than "rewriting the community consensus every time we publish on this topic."
  • FBI's Foreign Influence Task Force – China Unit Chief concurred with CIA and INR, warning the preference line as a top line in election products "could imply the opposite" of community consensus that activities are policy-focused and election activity is not worth the risk.
  • The NIC Director, Election Threat Analysis wrote: "We were hoping to avoid a dissent, hence this long email chain," describing the edits as inserting IC-coorded language, adding a caveat without changing a judgment, and describing relevant online content.
  • Draft language debated: "Unidentified pro-China influence actors [redacted] have been spreading English-language videos on US social media platforms that criticize the President's policies, promote socially divisive themes, and denigrate him." CIA asked that the partisan nature of some content be acknowledged.
  • NIC-proposed note: China-based actors were observed spreading election narratives, but "the campaigns have been small in scale, gained little traction, and were promptly shut down by social media companies."
  • A CIA tracked-change note says the pro-China video campaign sentence was cut from the chapeau because the only campaign it refers to "we as an IC have not finished evaluating" and it did not yet rise to chapeau level pending further analysis.
  • In Sep 3 internal ODNI emails, one official asked "are they basically saying we should self-censor our assessment on preference because it could be misused?"; the ODNI National Intelligence Officer for Cyber replied he was "concerned about politics seeping into this" and "troubled by CIA's comments at the recent COI."
  • The originating 27 August 2020 email (signature block: EEMC/RUMB/Strategic & Asymmetric Warfare) said the graphic contained redacted material for Russia and China with serial numbers included so recipients could verify access and contact POCs for full text.
View original PDF 10.6 MB · 24 pp
Federal Bureau of Investigation September 25, 2020 6 pages

FBI Intelligence Information Report (IIR 4 212 7305 20): Chinese Government Production and Export of Fraudulent US Drivers Licenses to Chinese Sympathizers in the United States, in Order to Create Tens of Thousands of Fraudulent Mail-in Votes for US Presidential Candidate Joe Biden, in late August 2020

CLASSIFICATION REDACTEDFBI Intelligence Information Reportmoderate redactions

This raw, unverified FBI report from August 2020 relays a single source's claim that China secretly shipped fake U.S. driver's licenses so tens of thousands of ineligible Chinese students and immigrants could cast mail-in votes for Joe Biden, using names and addresses taken from millions of TikTok accounts. The FBI itself noted the tip came third-hand and that TikTok accounts didn't actually collect addresses, and warned recipients not to act on it.

“Chinese Government Production and Export of Fraudulent US Drivers Licenses to Chinese Sympathizers in the United States, in Order to Create Tens of Thousands of Fraudulent Mail-in Votes for US Presidential Candidate Joe Biden, in late August 2020”

From this document, p. 3
Full summary & key findings

A single anonymous source claimed in August 2020 that the Chinese government had secretly produced and shipped fraudulent US driver's licenses into the United States so tens of thousands of ineligible, Communist Party-sympathetic Chinese students and immigrants could cast mail-in votes for Joe Biden — a claim this raw FBI intelligence cable relays without endorsing. The report says China had harvested private data — names, ID numbers, addresses — from millions of TikTok accounts so the fake licenses would carry real US citizens' information and be hard to detect. The FBI's own notes undercut the story: the source had only indirect access and less than a year of corroborated reporting, relayed the tip from a sub-source citing unidentified Chinese officials, and agents observed that address was not even a valid TikTok account field. Sent by the FBI Director to all field offices with copies to the CIA, NSA, DHS, State, Treasury, the White House Situation Room, and major military commands, the cable is explicitly labeled not finally evaluated intelligence and warns recipients not to act on it without FBI coordination.

  • The IIR's SUBJECT alleges Chinese government production and export of fraudulent US drivers licenses to Chinese sympathizers in the US, in order to create tens of thousands of fraudulent mail-in votes for US presidential candidate Joe Biden, in late August 2020.
  • TEXT paragraph 1 claims that in late August 2020 the Chinese government had produced a large amount of fraudulent US drivers licenses secretly exported to the United States (NFI), enabling tens of thousands of Chinese students and immigrants sympathetic to the Chinese Communist Party to vote for "USPER Joe ((Biden))" despite being ineligible to vote.
  • The report claims China had collected private US user data from millions of TikTok accounts — name, ID, and address — so the fraudulent licenses would carry true ID numbers and true addresses of US citizens, making them difficult to detect, and planned to use them to account for tens of thousands of mail-in votes.
  • The document's own SOURCE description undercuts reliability: a collaborative source with indirect access whose reporting has been corroborated for less than one year; CONTEXT states the source got the information from an identified sub-source who claimed it came from unidentified PRC government officials.
  • FBI COMMENT 1 directly challenges the claim: a person's address was not a valid field when creating a TikTok account, and it was unspecified how China would attain US address data from the application; COMMENT 2 notes the source is available for re-contact.
  • A WARNING block states this is an information report, not finally evaluated intelligence; receiving agencies are requested not to take action on the raw reporting without prior coordination with the FBI, and a presumption of innocence exists for anyone reported on absent a criminal conviction.
  • Key dates: Date of Information 00 AUG 2020; Date of Acquisition 24 AUG 2020; DTG/Date of Publication 2009251123Z; serial (prefix redacted) IIR 4 212 7305 20.
  • The cable was sent FM DIRECTOR FBI TO ALL FBI FIELD OFFICES with routine info copies to CIA, DIA, NSA, DNI, NGA, NRO, ONI, MDA, DTRA, NCIS, DEA, DHS, DOJ, DOE, State (SECSTATE//INR), Treasury//INTEL, SECDEF, National Security Council, White House Situation Room, AMEMBASSY Beijing, LEGAT Beijing, and commands including USAFRICOM, USEUCOM, USPACOM, USSTRATCOM, USTRANSCOM, USNORTHCOM/NORAD, USSOUTHCOM, USCENTCOM, and USSOCOM.
  • The DISSEMINATION block lists AGENCY recipients CIA; Coast Guard; DEA; DHS; Defense; Energy; FBI; Justice; NGA; NRO; NSA; ODNI; State; Treasury; White House — plus U.S. Mission Beijing; MILITARY: Air Force, Army, DIA, Defense, Navy; STATE/LOCAL: None.
  • INSTR line reads "US Yes. Contact FBIHQ for additional details"; requests for information were to go to redacted FBI points of contact, with declassification and ORCON/foreign-disclosure requests directed to redacted addresses.
  • Redactions fall on all classification banners, the serial prefix, portion markings, TOPIC and FUNCTIONAL CODE fields, a large block after FUNCTIONAL CODE, POC contact details, the entire CLASSIFICATION section on page 5, and nearly all of page 6; every page carries a Bates stamp FBI-SJC-IIR-000001 through FBI-SJC-IIR-000006.
View original PDF 1.5 MB · 6 pp
National Intelligence Council August 19, 2020 8 pages

Foreign Threats to 2020 US Federal Elections (NICA 2020-06885D)

CLASSIFICATION REDACTEDintelligence assessmentheavy redactions

This August 2020 assessment by senior US intelligence analysts warned that Russia, China, and Iran were trying to influence the 2020 election. It reports Russia used proxies to spread corruption claims against Biden, China hacked private companies to gather data on candidates, donors, and voters, and Iranian hackers targeted an election-infrastructure company and Trump campaign staff. Turkey covertly funded some US local campaigns.

“Beijing has expanded its cyber collection of data related to the 2020 US elections by carrying out opportunistic intrusions against US private-sector entities in efforts to collect information on US political candidates, campaigns, donors, and voter data.”

From this document, p. 5
Full summary & key findings

The intelligence community's pre-election assessment judges that Russia, China, and Iran were the primary foreign threats to the 2020 US elections, each using covert and overt influence to sway voters, deepen discord, and undermine confidence in democracy. The assessment reports Russia was denigrating former Vice President Biden through Kremlin-overseen proxies — including Derkach and Kilimnik, said to be conspiring to orchestrate a high-profile corruption scandal implicating Biden and the Democratic Party — while the Lakhta Internet Research troll farm, SVR, and GRU seeded anti-American content on English-language platforms such as "United World International." China preferred that President Trump lose and, though not intending to affect the election itself, ran online influence, collected derogatory information on US officials, and expanded cyber intrusions to gather data on candidates, campaigns, donors, and voters. Iran, probably with Supreme Leader Khamenei's authorization, ran covert influence, targeted an election-infrastructure company's server (remediated with FBI help), and spearphished Trump campaign staff. Turkey covertly funded US municipal campaigns, and Merkel and Saudi Crown Prince Muhammad Bin Salman voiced election preferences; a closing matrix compares Russian, Chinese, and Iranian efforts across nine categories.

  • The IC judged Russia, China, Iran, and many nonstate actors had the capability to compromise US election infrastructure, though manipulating voting processes at scale without detection would be difficult.
  • Russia was using a range of measures primarily to denigrate former Vice President Biden; Kremlin-linked actors were also seeking to boost President Trump's candidacy on social media.
  • President Putin and senior Russian officials were overseeing proxy efforts — Derkach, Kilimnik, and others — to spread claims that Biden engaged in criminal activity in dealings with Ukraine and individuals tied to Ukrainian energy firm Burisma; these figures were conspiring to orchestrate a high-profile corruption scandal implicating Biden and the Democratic Party at the peak of the 2020 campaign.
  • Since 2019, the Lakhta Internet Research (LIR) troll farm, Russia's SVR, and the GRU employed cadres of US and other foreign authors to create anti-American political content on English-language news platforms, including "United World International."
  • As of June 2020, a redacted actor had reconnoitered multiple state and local government websites for unknown purposes; in July a commercial cybersecurity company believed a (redacted) actor may have targeted a US political organization, probably unsuccessfully.
  • China preferred that President Trump — whom Beijing saw as unpredictable and tough on China — not win reelection; although Beijing did not intend to try to affect the election (context redacted), it engaged in online influence and collected derogatory information about US public officials.
  • Beijing expanded its cyber collection of data related to the 2020 US elections through opportunistic intrusions against US private-sector entities to collect information on US political candidates, campaigns, donors, and voter data.
  • A newspaper owned by the Chinese (redacted) claimed economic measures Beijing could take against supporters of COVID-19 compensation legislation and lawsuits may impact US state and congressional races — the first observed public warning that Beijing was willing to impose economic costs that could affect US elections.
  • If Beijing assessed that the downward trajectory in US-China relations threatened China's rise, it might attempt to more directly thwart the President's reelection, including by leaking information or through an online influence network.
  • Iran, in a campaign Supreme Leader Khamenei probably authorized, sought to undermine the President and divide the country; in January Iranian-contract cyber actors tried to compromise a server of a US business involved in election infrastructure (FBI helped remediate), and in June Google announced Iranian-linked actors unsuccessfully spearphished Trump campaign staffers' email accounts.
  • Turkey's efforts over the past year included covert funding of US municipal election campaigns, unregistered lobbying, and social media messaging by state-owned outlets, driven by senior officials including President Erdogan.
  • In April 2020, unidentified actors used ransomware to compromise the computers of a Virginia county administrator and vote registrar; post-election audits and paper trails in nearly all US states would most likely uncover any wide-scale vote manipulation.
  • German Chancellor Merkel almost certainly preferred that Trump not win reelection and in June 2020 cited the election as a "risk factor" for the EU; in mid-2019 Saudi Crown Prince Muhammad Bin Salman worried Riyadh would lose US support if the President lost, viewing him as the most Saudi-friendly US President.
  • A page-8 matrix (graphic NIC 2007-00866) rates nine effort categories: Russia "observed" in all but economic leverage; China "observed" in six including economic inducements and retaliation, with preliminary steps on leaking intelligence-acquired information, election processes, and legal processes; Iran "observed" in four, with preliminary steps on election processes; the note says China's state and local influence activity far outpaces Russia's and Turkey's.
View original PDF 1.8 MB · 8 pp
Central Intelligence Agency 3 pages

CIA Note — Sensitive PRC Reporting from 2018 – 2020

CLASSIFICATION REDACTEDintelligence assessmentmoderate redactions

This short CIA note, declassified in July 2026, summarizes intelligence gathered from 2018 to 2020 on China's efforts to prevent the U.S. President's re-election. It reports China targeted tariffs at states that backed him, planned in mid-2019 to focus resources on swing states, and sought to pay U.S. journalists to write more negative stories. It also describes lavish speaking fees used to sway think tank officials and academics.

“The following contains portions of sensitive reporting that was disseminated between 2018 and 2020 related to the People's Republic of China (PRC).”

From this document, p. 2
Full summary & key findings

CIA reporting from 2018-2020 said the Chinese Communist Party's policy, as of mid-2018, was to leverage all domestic and foreign elements opposed to the U.S. President to reduce his votes, force his resignation, or block his re-election — with the PRC's ultimate goal being that he not win a second term. The note reports China worked to influence the 2018 mid-terms and the 2020 presidential race, analyzing the 2016 results to identify states and economic sectors backing the President's party so tariffs could inflict financial pain and push those sectors to lobby him. Beijing paid think tank officials, academics, and former U.S. government employees lucrative speaking fees with first-class travel to get them "hooked on China" and pressing on tariffs. By mid-2019, China assessed it should direct resources toward 2020 swing states, pressure the campaign's financial backers, and pay U.S. journalists to write more negative articles about the President. The note cautions it is not a comprehensive synopsis, and source descriptors are redacted throughout.

  • In mid-2018, the Chinese Communist Party's policy was to leverage all domestic and foreign elements opposed to the U.S. President to reduce his votes and make him resign or prevent his re-election.
  • Also in mid-2018, China was working to influence the results of the U.S. mid-term elections and later the 2020 U.S. Presidential elections, analyzing the 2016 U.S. Presidential elections to identify U.S. states that voted for the U.S. President.
  • China planned to identify sectors within those states that voted for the President's political party and levy tariffs on those sectors' exports to China, hoping the resulting financial damage would induce sector representatives to lobby the U.S. President.
  • As of mid-2018, the PRC's ultimate goal with regard to U.S. elections was for the U.S. President not to be re-elected; China found the uncertainty of the U.S. administration unsettling.
  • The Chinese Government exerted influence by paying influential U.S. individuals — particularly think tank officials, academics, and former U.S. government employees — significant speaking fees with first-class travel and accommodation, aiming to get U.S. corporations or individuals 'hooked on China' and force them to talk with the U.S. President about tariffs.
  • In mid-2019, China assessed it could gain advantage over U.S. policy by directing additional, unspecified resources toward political swing states it judged would play a crucial role in the 2020 U.S. presidential election, and it was recommended China apply pressure to financial supporters of the U.S. President's re-election campaign.
  • Separately, in mid-2019, the Chinese Government's strategy against the United States focused on undermining domestic confidence in the U.S. President, including using Chinese contracts with big U.S. companies to turn U.S. business leaders against him.
  • The Chinese Government sought to identify U.S. journalists who had reported negatively on the U.S. President and pay them to write more negative articles; it wanted the President to lose the next election.
  • The note explicitly states it contains only portions of sensitive reporting disseminated 2018-2020 and is not a comprehensive synopsis or summary of all reporting from that period.
  • The document was declassified by Counsel to the President Warrington on 10 July 2026; all classification banners, source descriptors at the start of each bullet, and closing dissemination markings remain redacted.
View original PDF 2.3 MB · 3 pp
June 25, 2020 2 pages

President's Daily Brief, 25 June 2020: "Beijing Escalating Efforts To Shape US Policies on China"

CLASSIFICATION REDACTEDbriefingheavy redactions

This heavily redacted item from the President's daily intelligence briefing, dated June 25, 2020, reports that a White House official was warned Beijing held damaging information on him, an attempt to blackmail him into taking a softer approach to China. Analysts called the threat credible, noting Chinese officials had recommended gathering "black materials" on anti-China US officials since at least January 2019. Nearly everything else, including the official's identity, is blacked out.

“Beijing Escalating Efforts To Shape US Policies on China”

From this document, p. 1
Full summary & key findings

This President's Daily Brief article, titled "Beijing Escalating Efforts To Shape US Policies on China," reports that a White House official was warned Beijing held derogatory information on him — an attempt to compel him to take a restrained approach to China. The brief describes this as China attempting blackmail against a US administration official, with a redacted passage referencing revealing the information through social media, and the intelligence community states plainly: "We assess that this threat is credible." The brief adds that lower-level Chinese officials have recommended collecting and using "black materials" against perceived anti-China US officials since at least January 2019, calling this "the most detailed and authoritative recommendation that we have seen." The official's identity, the sources of the warning, and nearly all supporting detail are blacked out, and the line identifying which agency produced the article is itself redacted.

  • A President's Daily Brief article dated Thursday, 25 June 2020, addressed 'FOR THE PRESIDENT,' carried the title 'Beijing Escalating Efforts To Shape US Policies on China.'
  • Redacted parties warned a White House official that Beijing had derogatory information on him, in an effort to compel him to take a restrained approach to China.
  • The brief characterizes this as China's attempt to use blackmail against a US administration official, with a redacted passage referencing revealing the information through social media.
  • The intelligence community assessed: 'We assess that this threat is credible.'
  • Lower-level Chinese officials have recommended collecting and using 'black materials' against perceived anti-China US officials since at least January 2019.
  • The brief states this is 'the most detailed and authoritative recommendation that we have seen' regarding such 'black materials' activity.
  • The document was declassified by Counsel to the President Warrington on 10 July 2026, per red stamps on page 1.
  • The document is heavily redacted: the lead paragraph, at least two full bullets, all classification banners, and essentially all of page 2 are blacked out.
View original PDF 1.5 MB · 2 pp
8 pages

PRC [redacted] Analysis on U.S. Voter Registration Information [redacted] from Multiple States, [redacted] Conduct U.S. Identity Matching and Public Opinion Analysis; 2019

CLASSIFICATION REDACTEDintelligence reportheavy redactions

This heavily blacked-out 2019 intelligence report says China analyzed U.S. voter registration records collected from multiple states. Visible fragments say the data included midterm election records with personal information, would be used to identify U.S. citizens and analyze public opinion around a general election, and that the collection of state voter data was expected to continue. Five of the report's eight pages are entirely redacted, and even the issuing agency's name is hidden.

“Analysis on U.S. Voter Registration Information [redacted] from Multiple States, [redacted] Conduct U.S. Identity Matching and Public Opinion Analysis; 2019”

From this document, p. 1
Full summary & key findings

China analyzed U.S. voter registration records from multiple states to conduct identity matching and public opinion analysis, according to this intelligence report, whose title references 2019. The only substantive readable text, a details paragraph on the first page, states the data "contained U.S. voter registration records from the [redacted] Mid-term Elections," included personally identifiable information, and "would be used... for... mining PII on U.S. citizens." Visible fragments add that the data "could be used... to analyze, discover... the identities of U.S. citizens" and to conduct opinion analysis on a U.S. General Election, with the years of both elections redacted. A closing fragment signals intent "to continue [redacted] state voter registration data," suggesting ongoing collection. No Chinese entity, U.S. state, system, or vendor is named in the released text, and even the issuing agency's identity is blacked out, overprinted "SENSITIVE GOVERNMENT AGENCY."

  • The document describes a PRC analysis of U.S. voter registration information from multiple states, used to conduct U.S. identity matching and public opinion analysis, with the year 2019 in the title.
  • Visible text states the data "contained U.S. voter registration records from the [redacted] Mid-term Elections" — the election year is redacted.
  • The voter registration data is described as containing "personal identifiable information (PII)."
  • Visible fragments state "it would be used... for... mining PII on U.S. citizens."
  • The data "could be used... to analyze, discover... the identities of U.S. citizens" — identity-matching language consistent with the title.
  • The information "would be used to conduct [redacted] opinion [redacted] analysis on the U.S. [redacted] General Election" — the election year is redacted.
  • A closing fragment indicates intent "to continue [redacted] state voter registration data," suggesting ongoing collection or analysis of state voter data.
  • The originating agency's identity is deliberately concealed: the letterhead block is blacked out and overprinted in red with "SENSITIVE GOVERNMENT AGENCY."
  • Every page is stamped "DECLASSIFIED BY COUNSEL TO THE PRESIDENT WARRINGTON ON 10 JULY 2026" at top and bottom.
  • Redaction is extreme: a full summary box on page 1 is blacked out, page 2 is nearly entirely redacted (including its footnotes), page 3 shows only a few redacted lines, and pages 4-8 are 100% blacked out.
  • No named PRC entity, state, system, or vendor is visible anywhere in the released text; which U.S. states supplied the registration records is withheld.
View original PDF 1022 KB · 8 pp
2 pages

PRC [Redacted] Aware in Mid-2020 of Collection of U.S. Consumer, Military, Voter Registration Databases; [Redacted] Capabilities To Conduct Identity Verification Checks of U.S. Persons

CLASSIFICATION REDACTEDintelligence reportheavy redactions

This heavily blacked-out intelligence report says a Chinese entity knew by mid-2020 about the collection of U.S. databases containing personal information on millions of Americans, though the exact number is hidden. The report lists four database types, including consumer records, military personnel records, and voter registration files, with Georgia and Iowa the only states visibly named. Most of the document, including who collected the data and how, remains redacted.

“Aware in Mid-2020 of Collection of U.S. Consumer, Military, Voter Registration Databases”

From this document, p. 1
Full summary & key findings

A Chinese entity — its name redacted — was aware by mid-2020 of the collection of U.S. consumer, military, and voter registration databases, according to this intelligence report's partially visible title, which also references redacted "Capabilities To Conduct Identity Verification Checks of U.S. Persons." The unclassified details section states the U.S.-origin databases "contain the personally identifiable information (PII) of [redacted] million Americans," with the figure blacked out. A table identifies four database categories: a U.S. consumer database, a U.S. voter registration database, voter registration databases from state governments — with Georgia and Iowa the only states visibly named — and a registered U.S. military personnel information database. A mostly redacted paragraph preserves the fragment "comprehensive PII baseline on [redacted] U.S. persons." Sources, actors, and mechanisms are entirely blacked out, and the originating agency's identity is itself concealed, overprinted "SENSITIVE GOVERNMENT AGENCY."

  • PRC [entity name redacted] was aware in mid-2020 of collection of U.S. consumer, military, and voter registration databases, per the partially visible title.
  • The title also references '[redacted] Capabilities To Conduct Identity Verification Checks of U.S. Persons'; the holder of those capabilities is redacted.
  • The DETAILS (U) section states the U.S.-origin databases 'contain the personally identifiable information (PII) of [redacted] million Americans' — the figure in millions is redacted.
  • A table on page 2 lists four database categories: a U.S. Consumer database; a U.S. Voter Registration database; U.S. Voter Registration databases from State Governments; and a Registered U.S. Military Personnel Information database.
  • Georgia and Iowa are the only U.S. states visibly named as sources of state-government voter registration databases; at least one other state name and the count of states are redacted.
  • A redacted paragraph on page 2 references a 'comprehensive PII baseline on [redacted] U.S. persons,' with the number of persons redacted.
  • The document was declassified by Counsel to the President Warrington on 10 July 2026, per red stamps on both pages.
  • The originating agency is concealed: the letterhead banner is blacked out and overprinted 'SENSITIVE GOVERNMENT AGENCY' in red.
  • The entire summary/sourcing block on page 1 (approximately 20 lines), the table's left-hand column, and nearly all analytic text on page 2 are fully redacted.
View original PDF 305 KB · 2 pp
6 pages

PRC [redacted] discuss targeting 2024 US elections: [redacted] 2023 information

CLASSIFICATION REDACTEDintelligence reportheavy redactions

This heavily redacted six-page intelligence report, based on 2023 information, states that actors linked to China intended to target the 2024 US elections. It says someone shared data with them, including voter registration records from an unnamed US state, and that one actor asked for a list of swing states. Blacked-out passages hide who the actors were and who, if anyone, directed them.

“discuss targeting 2024 US elections”

From this document, p. 1
Full summary & key findings

This intelligence report, based on 2023 information, states that Chinese (PRC) actors intended "to target the 2024 US elections," assessed by analysts as the Congressional or Presidential races. The report says an unnamed party shared data with PRC actors that included voter registration information from an anonymized US state, labeled "Named US state entity 1 (US-1)." It recounts that on a redacted day in July, an actor "wanted to [redacted] the election system as the following year was the US election," sought to join an effort involving an unidentified swing state "to observe the voting situation ahead of time," and requested a list of swing states — which analysts assess almost certainly means US electoral swing states, pointing to the 2024 Presidential election. The Analysis section concedes it is unknown whether the actors were instructed to target the elections, and a "Correction" section signals revised earlier reporting; notably, even the issuing agency's identity is blacked out.

  • The report's title, though heavily redacted, states PRC actors "discuss targeting 2024 US elections" and that it is based on 2023 information.
  • The sole visible key point states that PRC [redacted] intended "to target the 2024 US elections"; the actor names and mechanism are redacted.
  • The Analysis section concedes uncertainty about direction: "It is unknown if [redacted] were instructed to target unidentified 2024 US elections by [redacted]."
  • A redacted party "shared [redacted] data with [redacted] PRC [redacted]"; the shared data included "voter registration information from Named US state entity 1 (US-1)" — the state itself is anonymized as US-1.
  • On a redacted date in July (year redacted, contextually 2023), a redacted actor "wanted to [redacted] the election system as the following year was the US election."
  • An analyst comment (italics) assesses this as "a reference to an unidentified 2024 election, almost certainly the 2024 US Congressional or Presidential elections."
  • A redacted actor was asked "to join an effort to [redacted] an unidentified swing state to observe the voting situation ahead of time."
  • A redacted actor "requested [redacted] a list of swing states"; the analyst comment assesses this as almost certainly US electoral swing states, "suggesting their discussion is regarding the 2024 US Presidential election."
  • Page 1 contains a section headed "(U) Correction" whose entire text is redacted, indicating this report corrects earlier reporting.
  • Every page bears the red stamp "DECLASSIFIED BY COUNSEL TO THE PRESIDENT WARRINGTON ON 10 JULY 2026"; the originating agency's letterhead is covered by a black banner reading "SENSITIVE GOVERNMENT AGENCY."
  • Redaction is near-total outside the Election section: page 1 body, the Analysis paragraphs, source footnotes, and pages 4-5 (which appear to include distribution/metadata rows) are almost entirely blacked out; page 6 is blank.
View original PDF 662 KB · 6 pp
Banner reads SENSITIVE GOVERNMENT AGENCY [month redacted] 2023 4 pages

PRC [Redacted] Shares 2020 U.S. Voter Registration Data for Cities within Seven U.S. States in [Redacted] 2023

Original marking not visible; pages carry a "SENSITIVE GOVERNMENT AGENCY" banner and the stamp "DECLASSIFIED BY COUNSEL TO THE PRESIDENT WARRINGTON ON 10 JULY 2026"intelligence reportheavy redactions

This heavily redacted intelligence report says a group linked to the Chinese government shared 2020 U.S. voter registration data in 2023, covering cities in seven states: Arkansas, Colorado, Connecticut, Florida, Ohio, Michigan, and North Carolina. The report notes the data had previously been purchased, and that someone also asked for data on Connecticut and Massachusetts. Nearly all names, dates, and sources are blacked out.

“a sample of U.S. voter data that contained data from cities within Arkansas, Colorado, Connecticut, Florida, Ohio, Michigan, and North Carolina.”

From this document, p. 2
Full summary & key findings

The report states that a China-linked party — its identity redacted — provided a recipient with requested 2020 U.S. voter registration data from several cities within seven states on a redacted date in 2023. A data sample described in the report drew from cities in Arkansas, Colorado, Connecticut, Florida, Ohio, Michigan, and North Carolina. The source indicated the redacted party had previously purchased the 2020 voter data, meaning it had been bought before this 2023 sharing. On another redacted 2023 date, a party was asked whether it held any data on Connecticut and Massachusetts and responded that it would ask a redacted contact. The data covered cities within the seven states rather than full statewide voter files. All names, dates, sourcing footnotes, analytic comments, and even the issuing agency's identity are blacked out, the latter masked by a "Sensitive Government Agency" banner.

  • A PRC-linked [identity redacted] provided [recipient redacted] with requested U.S. voter data from several cities within seven U.S. states on a redacted date in 2023.
  • The seven affected states, per the sample of U.S. voter data described on page 2, were Arkansas, Colorado, Connecticut, Florida, Ohio, Michigan, and North Carolina.
  • The voter data was 2020 U.S. voter registration data, per the document title.
  • The supplying party 'indicated [redacted] had previously purchased 2020 voter data,' i.e., the data had been bought before this 2023 sharing.
  • On a redacted 2023 date, a party was asked whether it had any data on the U.S. states of Connecticut and Massachusetts; the party responded it would ask [redacted].
  • The data covered cities within the seven states rather than full statewide files ('U.S. voter data from several cities within seven U.S. states').
  • Every page is stamped 'DECLASSIFIED BY COUNSEL TO THE PRESIDENT WARRINGTON ON 10 JULY 2026,' indicating declassification by the White House Counsel's office.
  • The original classification line and agency name are masked by a 'SENSITIVE GOVERNMENT AGENCY' banner; all source-descriptor footnotes (page 1), a list/table page (page 3), and a metadata/distribution table (page 4) are fully redacted.
View original PDF 454 KB · 4 pp
Sensitive Government Agency 1 page

Summary: China's Plans to Utilize [Redacted] and Cyber Operations Ahead of the 2020 Presidential Elections

CLASSIFICATION REDACTEDintelligence assessmentlight redactions

This one-page intelligence assessment, whose originating agency's name is blacked out, reports that ahead of the 2020 presidential election China had extensive plans to use cyber and other operations to turn public opinion against the Trump administration. The document says China built capabilities to push themes — like economic recession and a failed COVID-19 response — onto TikTok, Facebook, Twitter, and YouTube through open and hidden influencers, and even considered encouraging violent demonstrations.

“Ahead of the 2020 Presidential Elections, China had extensive plans to utilize potential [redacted] and cyber operations to sway public opinion against the Trump Administration”

From this document, p. 1
Full summary & key findings

The assessment reports that ahead of the 2020 presidential elections, China had extensive plans to use cyber operations and another capability (its nature redacted) to sway U.S. public opinion against the Trump Administration and international opinion against the U.S. government, and by extension to influence government decision-making. The plans covered several scenarios, including a U.S.-China military conflict and other potential crises, and were built to exploit perceived or real American societal fissures. Under an economic-recession theme, operations included encouraging violent demonstrations and looting to amplify the appearance of social unrest and undermine the President's legitimacy; a second theme targeted the government's COVID-19 response, stoking public dissatisfaction by questioning the President's fitness to govern. The document states China had developed capabilities to push these themes into TikTok, Facebook, Twitter, YouTube, and mainstream media through overt and hidden influencers, and one option involved gathering information on senior U.S. officials to shape public opinion of them. Notably, the issuing agency's identity is blacked out, masked as "Sensitive Government Agency."

  • Ahead of the 2020 Presidential Elections, China had extensive plans to use potential [redacted] and cyber operations to sway public opinion against the Trump Administration and international opinion against the U.S. Government.
  • The plans were designed to exploit U.S. societal fissures and vulnerabilities, to influence U.S. and other audiences, and by extension U.S. government decision-making.
  • The plans addressed several scenarios, including military conflict between the U.S. and China, as well as other potential crises.
  • Under an 'economic recession' theme, operations included encouraging violent demonstrations and looting to increase the appearance of social unrest.
  • Operations aimed at intensifying Americans' disapproval of the President of the United States, calling into question his ability to govern, and undermining his legitimacy and public support.
  • Under an 'ineffective USG COVID-19 response' theme, operations sought to increase public dissatisfaction with the President by questioning his fitness to govern and undermining public support for his actions.
  • China had developed capabilities to project these themes into social media — TikTok, Facebook, Twitter, YouTube and others — as well as mainstream media, through a variety of overt and hidden influencers and media contributors.
  • One of the options included gathering information on senior U.S. government officials to influence public opinion of those officials.
  • The document was declassified by Counsel to the President Warrington on 10 July 2026; the originating agency is masked as 'SENSITIVE GOVERNMENT AGENCY' over a blacked-out header.
View original PDF 162 KB · 1 pp
1 page

Summary — China's Plans to Exploit U.S. Societal Fissures Ahead of the 2020 Presidential Elections (Part 2)

CLASSIFICATION REDACTEDintelligence summarylight redactions

This one-page summary, declassified in July 2026, says China had extensive plans before the 2020 presidential election to use cyber and other operations to turn public opinion against the Trump administration and the U.S. government. The document lists themes China aimed to exploit—racial tensions, party conflicts, and women's rights among eight topics—and says it could push them through TikTok, Facebook, Twitter, YouTube, and hidden media contributors.

“China had extensive plans to utilize potential [redacted] and cyber operations to sway public opinion against the Trump Administration and international opinion against the U.S. Government.”

From this document, p. 1
Full summary & key findings

The summary states that ahead of the 2020 U.S. Presidential Elections, China had extensive plans to use a redacted type of operation plus cyber operations to sway public opinion against the Trump Administration and turn international opinion against the U.S. Government. The plans aimed to exploit U.S. societal fissures — perceived or real — to influence audiences and, by extension, government decision-making, and covered several scenarios including military conflict between the U.S. and China. Listed themes span racial tensions (alleging White people hate Black people, inciting demonstrations, escalating police/anti-racism-activist conflict, feeding perceptions that law enforcement resents the government and people of color), government-military tensions, party disagreements, Congress-Trump conflicts, women's rights, South China Sea policy, alleged U.S. war aspirations, and international propaganda. China had built capabilities to push these themes into TikTok, Facebook, Twitter, YouTube, and mainstream media via overt and hidden influencers; one option involved gathering information on senior U.S. officials to shape opinion of them. The issuing agency's identity is blacked out.

  • Ahead of the 2020 Presidential Elections, China had extensive plans to utilize potential [redacted] and cyber operations to sway public opinion against the Trump Administration and international opinion against the U.S. Government.
  • The China plans were designed to exploit U.S. societal fissures and vulnerabilities, to influence U.S. and other audiences, and by extension U.S. government decision-making.
  • The plans addressed several scenarios, including military conflict between the U.S. and China, as well as other potential crises.
  • The [redacted] operations themes covered a broad range of topics to exploit what China perceived to be U.S. fissures and vulnerabilities, whether perceived or real.
  • Racial-tension themes included: alleging that White people hate Black people; inciting demonstrations and marches as evidence of racial divides; increasing the level of conflict between police and anti-racism activists; and feeding any sense that U.S. law enforcement resents USG and people of color.
  • Other listed themes: USG tensions with the U.S. military; political party disagreements; Congress-Trump Administration conflicts; women's rights; U.S. South China Sea policies; alleged U.S. war aspirations; and international propaganda.
  • China had developed capabilities to project these themes into social media (TikTok, Facebook, Twitter, YouTube and others) as well as mainstream media, through a variety of overt and hidden influencers and media contributors.
  • One of the options included gathering information on senior U.S. government officials to influence public opinion of those officials.
  • The document was declassified by Counsel to the President Warrington on 10 July 2026; the originating agency's identity is withheld behind a black bar marked 'SENSITIVE GOVERNMENT AGENCY.'
View original PDF 163 KB · 1 pp
1 page

Summary: China's Plans to Use [Redacted] and Cyber Operations Ahead of the 2020 Presidential Elections (Part 3)

CLASSIFICATION REDACTEDintelligence summarylight redactions

This one-page declassified summary reports that before the 2020 presidential election, China had extensive plans to use cyber and influence operations to turn public opinion against the Trump administration and the U.S. government. It says China aimed to inflame divisions over guns and immigration, could push its messaging through TikTok, Facebook, Twitter, YouTube, and mainstream media, and considered gathering information on senior U.S. officials.

“China had extensive plans to utilize potential [REDACTED] and cyber operations to sway public opinion against the Trump Administration and international opinion against the U.S. Government.”

From this document, p. 1
Full summary & key findings

China had extensive plans ahead of the 2020 presidential elections to use cyber operations and another capability, whose name is blacked out, to turn public opinion against the Trump administration and international opinion against the U.S. government, this summary states. The plans aimed to exploit U.S. societal fissures — real or perceived — to influence American and foreign audiences and, by extension, U.S. government decision-making, and covered several scenarios including a U.S.-China military conflict and other potential crises. Two thematic topics are named: gun proliferation and immigration policy, the latter with four sub-themes — inciting migrant dissatisfaction with the government, instigating demonstrations over alleged human-rights violations against immigrants, inflaming resentment between anti- and pro-immigrant communities, and instigating anti-immigration demonstrations. The document says China built capabilities to push these themes into TikTok, Facebook, Twitter, YouTube, and mainstream media via overt and hidden influencers, and one option involved gathering information on senior U.S. officials to shape public opinion of them. The issuing agency's identity is redacted.

  • Ahead of the 2020 Presidential Elections, China had extensive plans to utilize potential [redacted] and cyber operations to sway public opinion against the Trump Administration and international opinion against the U.S. Government.
  • The plans were designed to exploit U.S. societal fissures and vulnerabilities, to influence U.S. and other audiences, and by extension U.S. government decision-making.
  • The plans addressed several scenarios, including military conflict between the U.S. and China, as well as other potential crises.
  • The [redacted] operations themes exploited perceived or real U.S. fissures and vulnerabilities, with two listed topics: gun proliferation and immigration policies.
  • Immigration-policy sub-themes included: inciting migrant community dissatisfaction with the USG; instigating demonstrations against the USG's alleged human rights violations against immigrants; inflaming resentment between anti-immigrant and pro-immigrant communities; and instigating anti-immigration demonstrations.
  • China had developed capabilities to project themes on these topics into social media — TikTok, Facebook, Twitter, YouTube and others — as well as mainstream media, through a variety of overt and hidden influencers and media contributors.
  • One of the options included gathering information on senior U.S. government officials to influence public opinion of those officials.
  • The document was declassified by Counsel to the President Warrington on 10 July 2026; the originating agency banner is redacted and overprinted 'SENSITIVE GOVERNMENT AGENCY'.
View original PDF 147 KB · 1 pp
Notice date redacted 6 pages

SUBSTANTIVE REVISION: Network Defense Notice: Publicly Available U.S. Voter Registration Information for Six U.S. States Downloaded from Commercial Websites by PRC CNE Actor in January 2022; Same Actor Attempts to Download Ohio Voter Registration Application (with appended FBI Opening EC, 56D-DE-3407960)

UNCLASSIFIEDcomposite release: network defense noticeheavy redactions

This release combines two documents. A cybersecurity notice reports that a Chinese government-linked hacker downloaded publicly available voter registration data — names, addresses, emails, phone numbers, party affiliations — for Colorado, Connecticut, Florida, Michigan, Oklahoma, and Rhode Island from commercial websites on January 14, 2022, and failed in an attempt on an Ohio site. Attached FBI records describe a separate Michigan probe into paid voter-registration canvassers that prosecutors agreed in 2021 to pursue as wire fraud.

“Publicly available U.S. voter registration information for six states was downloaded by a PRC, [redacted], CNE actor on 14 January 2022.”

From this document, p. 1
Full summary & key findings

A Chinese state-linked hacker downloaded the full publicly available voter registration files for six states — Colorado, Connecticut, Florida, Michigan, Oklahoma, and Rhode Island — from U.S. commercial websites on January 14, 2022, and the same day tried but failed to pull an Ohio voter registration application from a state government site, according to a network defense notice from an agency whose identity is redacted. The data spanned at least 2013–2021 and included names, party affiliations, emails, addresses, and phone numbers, which the notice says could in theory support future hacking or election influence operations, though the actor's motivations are unknown; this was a newly identified election interest for this actor, and victim information was passed to defensive agencies. An appended FBI opening memo (March 16, 2021) documents a Michigan State Police probe of paid voter-registration canvassing across six Michigan cities, an October 29, 2020 office search that found reloadable pay cards, and the Western Michigan U.S. Attorney's commitment to prosecute two redacted subjects for wire fraud.

  • A PRC CNE actor downloaded publicly available voter registration information for six U.S. states — Colorado, Connecticut, Florida, Michigan, Oklahoma, and Rhode Island — on 14 January 2022, from U.S. commercial websites and a U.S. IP address.
  • On the same day (14 January 2022), an Ohio voter registration application was of interest to the PRC CNE actor but failed to download from the U.S. State Government's website.
  • Voter registration information from at least 2013 through 2021 was publicly available for download from the commercial websites, and the PRC CNE actor appears to have downloaded the full repositories.
  • The PII obtained included names, party affiliations, email addresses, physical addresses, and phone numbers, which could in theory be leveraged for future CNE operations or election influence operations, though the actor's actual motivations are unknown.
  • The notice is a revised copy: Oklahoma was added, and the report was clarified to state the hosting websites were commercial websites; recipients were told to remove the original report from all files.
  • While the PRC government has historically demonstrated interest in U.S. elections, this was a newly identified interest for this individual PRC actor; victim information was passed to appropriate agencies for CND response actions.
  • The activity is mapped to MITRE ATT&CK technique T1594 (adversary search of victim-owned websites); a footnote describes the CISA/NCIJTF CYWATCH victim notification and deconfliction process.
  • Appended FBI Opening EC (56D-DE-3407960, 03/16/2021) documents a Michigan State Police investigation into a supervisor of paid voter-registration canvassers operating in Muskegeon [sic], Detroit, Ypsilanti, Southfield, Flint, and Lansing.
  • Per the EC, canvassers were paid via reloadable 'pay cards' per completed form (the interviewee later said hourly); MSP tracked the subject via cellphone GPS ping (authorized October 22, 2020) and executed an office search on October 29, 2020, finding a quantity of reloadable pay cards.
  • The EC states allegations involve potential payments for registrations for the 2020 national election, requiring concurrence of the DOJ Public Integrity Section Election Crimes Unit and FBI PCU; DOJ attorney approval was given March 11, 2021, and PCU SSA concurred March 16, 2021.
  • On March 16, 2021, the U.S. Attorney for the Western District of Michigan advised his office would prosecute the (redacted) subjects for violations of 18 U.S.C. 1343 (Wire Fraud) or other provable federal crimes.
  • Both components carry red stamps by Counsel to the President Warrington dated 10 July 2026: 'DECLASSIFIED BY' on pages 1-2 and 'APPROVED FOR PUBLIC RELEASE BY' on pages 3-6.
View original PDF 817 KB · 6 pp
Citations

References

Documents cited in the narrative and timeline above. Each reference links to the document’s entry on this page and its original PDF.

  1. PRC [REDACTED] Analysis on U.S. Voter Registration Information [REDACTED] from 18 States, Plans to Conduct U.S. Person Matching and Public Opinion Analysis ("18 States Memo") — 6 ppPDF
  2. PRC [REDACTED] Possesses List of Likely Leaked, Compromised Data that Included U.S. [REDACTED] Entities in 2019; Data Sets Apparently Include Those Related to [REDACTED], and Voter Data / PII — 24 ppPDF
  3. PRC [Redacted] Aware in Mid-2020 of Collection of U.S. Consumer, Military, Voter Registration Databases; [Redacted] Capabilities To Conduct Identity Verification Checks of U.S. Persons — 2 ppPDF
  4. SUBSTANTIVE REVISION: Network Defense Notice: Publicly Available U.S. Voter Registration Information for Six U.S. States Downloaded from Commercial Websites by PRC CNE Actor in January 2022; Same Actor Attempts to Download Ohio Voter Registration Application (with appended FBI Opening EC, 56D-DE-3407960) — Notice date redacted · 6 ppPDF
  5. PRC [Redacted] Shares 2020 U.S. Voter Registration Data for Cities within Seven U.S. States in [Redacted] 2023 — Banner reads SENSITIVE GOVERNMENT AGENCY · [month redacted] 2023 · 4 ppPDF
  6. PRC [redacted] discuss targeting 2024 US elections: [redacted] 2023 information — 6 ppPDF
  7. CIA Note — Sensitive PRC Reporting from 2018 – 2020 — Central Intelligence Agency · 3 ppPDF
  8. President's Daily Brief, 25 June 2020: "Beijing Escalating Efforts To Shape US Policies on China" — June 25, 2020 · 2 ppPDF
  9. Summary: China's Plans to Utilize [Redacted] and Cyber Operations Ahead of the 2020 Presidential Elections — Sensitive Government Agency · 1 ppPDF
  10. China: Cyber Activities Probably Prelude to Election Espionage (CIA WIRe, WIRe2020-05063) — Central Intelligence Agency · July 1, 2020 · 2 ppPDF
  11. Foreign Threats to 2020 US Federal Elections (NICA 2020-06885D) — National Intelligence Council · August 19, 2020 · 8 ppPDF
  12. RE: (U) Note to Election Threat 45 day ICA China Section Drafting Team (NSA–ODNI email chain, Nov 4–20, 2020) — National Security Agency and Office of the Director of National Intelligence · November 20, 2020 · 8 ppPDF
  13. Email chain: "NSA deliberately messaging elections PDB" / "(U) Note to Election Threat 45 day ICA China Section Drafting Team" — ODNI and National Security Agency · November 4, 2020 · 6 ppPDF
  14. RE: (U) RE: For IC coord by Wed. 7 Oct.: NIC alternative analysis on china/election — National Intelligence Council / DNI Election Threat Executive, with NSA participants · October 7, 2020 · 8 ppPDF
  15. RE: (U) RE: Please coord by COB 9/1: 4 country election security graphic — Multi-agency chain: ODNI/National Intelligence Council, CIA, FBI Foreign Influence Task Force – China, State Department INR/EAP, and EEMC/RUMB/Strategic & Asymmetric Warfare · September 3, 2020 · 24 ppPDF
  16. Email: "Everyone's favorite topic" (December 23, 2021) — ODNI/National Intelligence Council · December 23, 2021 · 1 ppPDF
  17. Albany Briefing Handout — FBI Inspection Division Strategic Review of the Albany IIR (Tabs 1–6, DRAFT) — Federal Bureau of Investigation · 35 ppPDF
  18. FBI Intelligence Information Report (IIR 4 212 7305 20): Chinese Government Production and Export of Fraudulent US Drivers Licenses to Chinese Sympathizers in the United States, in Order to Create Tens of Thousands of Fraudulent Mail-in Votes for US Presidential Candidate Joe Biden, in late August 2020 — Federal Bureau of Investigation · September 25, 2020 · 6 ppPDF
  19. Government Transparency Task Force Statement on PRC Compromise of State Voter Registration Rolls (States Statement) — White House Task Force on Government Transparency · July 13, 2026 · 1 ppPDF