Even Clinton’s Aides Think She’s Wrong About Encryption
Crypto Clinton and her no good very bad infosec policies.
As someone who has had the privilege of their emails being a part of the massive Wikileaks dump culled from the personal email account of Hillary Clinton's campaign chair John Podesta, the Democratic nominee's position on information security is a subject near and dear to my heart. Unfortunately, the very fact that hack happened and the emails contained so much sensitive info is pretty strong evidence that the Clinton campaign's infosec policies are—how should I put this—not good. Or to put it another way, they are bad.
But you don't have to take my word for it: as the leaked emails show, even Clinton's top tech policy advisors cringed when she started talking crypto at the Democratic debate last December.
Things took a turn for the worse for Clinton when the debate moderator Martha Raddatz asked Clinton about her opinion on that pesky new "terrorist tool" known as encryption. In response to Raddatz's question about whether she would make a law that would force Apple CEO Tim Cook to make a key enabling government access to encrypted information, Clinton said she "would not want to go to that point."
She probably should have left it at that, but instead she continued on, envisioning a "Manhattan-like project" that would see government and industry partnering to create back doors allowing access to encrypted info. What this secure encryption standard that has fundamental insecurities built into it would look like is left a mystery, however.
"I don't know enough about the technology to be able to say what it is," said Clinton. "But I have a lot of faith in our tech experts."
Ironically enough, it seems that Clinton's very own tech experts don't have faith in her plan. As revealed in the Podesta emails, at the same time Clinton was bumbling around the issue of encryption, her two lead tech policy advisors, Sara Solow and Teddy Goff, were watching the debate and cringing.
Solow wrote to Goff the morning after the debate, glad about the fact that Clinton "basically said no to mandatory back doors," but lamenting the "not-so-great stuff" she said directly after. She also drew attention to the fact that Clinton wants unbreakable encryption that can actually be broken, nothing that "she does then appear to believe there is "some way" to do the impossible."
Goff's reply to Solow is a little more optimistic, rating Hillary's encryption performance a B/B+. At this point he also copies Podesta on to the email conversation, referring to him as "a fellow crypto hobbyist" (albeit one that doesn't seem to take his hobby that seriously, if the Wikileaks dump is any indication).
According to Goff, following the debate Podesta had "heard some nice things from friends of ours in SV, which is rare!" When you're a politician striving to make information security less secure, one can imagine that praise from the Valley is rare indeed. Goff then noted that Clinton's line about not understanding the technology was "cringe-y" and suggested that maybe the candidate should avoid saying that in the future. Good call, Goff.
He then notes that the Clinton campaign's language around encryption makes it pretty clear that the candidate doesn't really know what she is talking about, and suggests that maybe it is better to keep the language vague by talking about government-industry cooperation, without naming any apps or getting into technical details.
Solow writes back in agreement, suggesting that a good way to cozy up to wary tech companies would be to say, off the record, that what Clinton had in mind was "not a back door per se," but an idea to "insert malware into a device you know is a target, to capture keystrokes" or "really super code breaking by the NSA." She concludes the conversation by saying how she doesn't really understand why comparing this anti-encryption project to the Manhattan project—the United States' top-secret program to develop the nuclear bombs that led to the deaths of an estimated 200,000 Japanese civilians—might've been a poor choice.
In this case, I can't help but agree with Solow—there's hardly a more fitting comparison for Clinton's plans to break crypto than the plans to develop weapons so powerful that they could end the world.