Perhaps we have collection both from DNC’s systems, located in the United States, but also other endpoints inside Russia (or other countries) from C2 servers, or even uplinks directly back to the Kremlin. Perhaps we can account for the entire picture based on global collection of traffic, but releasing evidence of that will directly hamper our ability to perform these types of collections in the future. It’s no doubt that Clapper is being very careful what he says. If we can intercept comms of Russian leaders celebrating Trump’s election, we likely can also intercept the network traffic coming back to the Kremlin.
We don’t ever need to see the data, at least until the indicators and the capabilities behind them become obsolete. In fact, even if we saw the data today, most information security experts still wouldn’t be able to agree on it. To interpret this data correctly, you need not only expert cyber warfare experience, but also years of intelligence on Russia (and maybe other countries), full knowledge of our capabilities and where our points of presence are, and a lot of other intel that will likely always remain classified. Giving the evidence we have on the DNC attack to security experts, without the rest of the intelligence to go with it, would be like giving spaghetti to a baby. That’s why we both need and are benefitting from a Director of National Intelligence on this matter.