Column: Norway, if you’re listening: Feel free to hack our presidential race

Just about every cybersecurity expert agrees that Russia is likely to meddle again in next year’s presidential election — and other governments may try too.

And why shouldn’t they? The cost is laughably low, and they face few if any penalties if they’re caught.

After all, President Trump says he’d welcome an offer from a foreign government to slip him derogatory information about his opponents.

“If somebody called from a country -- Norway -- [saying,] ‘We have information on your opponent,’ I think I’d want to hear it,” the president told ABC News last week. “It’s not an interference. They have information, I think I’d take it.”

Trump had every chance to say he’d reject a backdoor offer from a country more worrisome than Norway — Russia, for example. But he didn’t. Instead, he resorted to one of his favorite schoolyard defenses: Everybody does it; don’t be a chump.

That undercut officials in his own administration who have warned foreign powers that messing in our elections will be considered a hostile act.

And it distressed at least some Republicans in Congress who don’t relish being branded the Party that Welcomes Help In Elections from Foreign Intelligence Agencies.

“I wouldn’t accept material like that,” Sen. Joni Ernst of Iowa said crisply. Don’t all politicians do it? “No, we don’t. Let’s stop there.”

The bipartisan blowback was severe enough that two days later, the president retreated — a little.

“Of course you have to look at it,” he said of foreign-source information. “If you don’t look at it, you’re not going to know if it’s bad.” He’d tell the FBI, “of course” — even though he had scoffed at that idea two days before.

Of course, if the president were serious about defending the integrity of the 2020 election, there’s plenty he could do.

Legions of scholars, campaign veterans and election machinery experts have been working to try to make next year’s voting more secure.

A new report from Stanford University’s Cyber Policy Center lists no fewer than 45 specific steps the federal government, states, counties, campaigns, social media platforms and news media can take.

Here’s one: “From the top down, including most importantly from the president, the U.S. government must demonstrate a clear, credible and consistent commitment in response to future attempts at election interference.”

OK, some ground to make up there.

As an initial, cost-free step, Trump could promise that his campaign won’t use stolen information from foreign entities, like the Democratic National Committee emails that the FBI says Russia hacked in 2016.

Democratic presidential campaigns have taken that pledge. The Trump campaign has not. On Friday, spokeswoman Kayleigh McEnany said the campaign would handle foreign offers on “a case-by-case basis.”

I asked Michael McFaul, the former U.S. ambassador to Moscow who headed the Stanford project, what worried him most about next year’s election.

He named three potential problems.

First, he said, “Russia might try to influence the Democratic primaries. They like some candidates better than others. Biden is probably their least favorite, because he was the point person for the Obama administration for Ukraine.”

Second, he said he fears a “flood of disinformation” on social media, not only from Russia.

But his greatest worry is that Russian agents may “do something disruptive on election day to undermine the integrity of the election,” he said. “Imagine the chaos if there was some doubt raised about the vote count.”

The Stanford report has several recommendations that make sense.

It calls for more federal funding to help states and counties build hack-proof voting systems. In our decentralized system, local governments run elections, but they often don’t have the money to keep systems up to date.

“We’re asking county governments to go up against the Russian GRU,” the military intelligence agency, said Andrew Grotto, a Stanford scholar who worked on the report. “It’s not a fair fight.”

Another recommendation: Every state should use paper ballots, which can be retained and checked in case machines are hacked. Pennsylvania, a critical swing state, has committed to that goal, but may not get there by 2020.

Here’s a tougher one: Congress should pass laws that ban foreigners from buying political ads online and that require disclosure of all sponsors’ identities. It wouldn’t cost taxpayers a dime. But Senate Republican leader Mitch McConnell has blocked all such legislation from getting a vote.

Finally, U.S. news media should establish transparent, common-sense rules for handling leaks from foreign sources.

That might seem impossible. News organizations are hard-wired to publish scoops, not suppress them, and judgments can vary wildly. But journalists were part of the problem in 2016. This time they need to disclose more about sources of leaked data — and the sources’ motivations.

One modest bright spot: Facebook, Google and Twitter, which failed to recognize and block Russian disinformation in 2016, are working to do better this time.

Facebook now requires anyone who buys political advertising to provide their true identities and to prove they are residents of the country they’re targeting.

Facebook also is trying to eliminate fake identities and bots from its accounts. In the first quarter of 2019, the company said, it disabled a staggering 2.2 billion fake accounts.

But unless the Trump administration and Congress do more, the integrity of our elections depends too much on social media companies that failed to earn our trust in 2016. That’s not a good sign.