Cybersecurity

Neither Trump Nor Clinton Know a Damned Thing About Cybersecurity, and Yes, You Should Be Concerned

Who will actually be defining the agenda, because it won't be these two?

|

Puppets
Van Tine Dennis/ABACA/Newscom

To the extent that last night's debate drifted into concrete policy discussion, it was often a brief trip before the two candidates returned to the evergreen discussion of how awful their opponent is. (Fact check: True)

That's pretty much what happened during the short section discussing cybersecurity and state-sponsored hacking. Thanks to the hacking of the Democratic National Committee and the possibility that Russians were involved, Hillary Clinton was able to get Donald Trump on the defensive by suggesting he "invited [Vladimir] Putin to hack into Americans." That was a pretty audacious exaggeration, given that what Trump actually asked for was for the Russian hackers to provide Clinton's deleted emails from her private server scandal. But when she ended her comments by saying how many national security folks had endorsed her, that was all it took to get Trump off-track to talk about all the wonderful people who had endorsed him.

In reality, neither candidate expressed a vision of cybersecurity that suggested either of them were even remotely familiar with the subject. Asked by moderator Lester Holt how to fight cyberattacks, here was part of Clinton's response. Note the familiar hawkish tone:

And one of the things [Vladimir Putin's] done is to let loose cyber attackers to hack into government files, to hack into personal files, hack into the Democratic National Committee. And we recently have learned that, you know, that this is one of their preferred methods of trying to wreak havoc and collect information. We need to make it very clear—whether it's Russia, China, Iran or anybody else—the United States has much greater capacity. And we are not going to sit idly by and permit state actors to go after our information, our private-sector information or our public-sector information.

And we're going to have to make it clear that we don't want to use the kinds of tools that we have. We don't want to engage in a different kind of warfare. But we will defend the citizens of this country. [Emphasis added] And the Russians need to understand that. I think they've been treating it as almost a probing, how far would we go, how much would we do.

By casting this debate in the terms of a hack that essentially embarrassed the Democratic Party establishment, Clinton's threat comes off as petty as anything Trump says. Trump responded in part by pointing out that what the hack revealed was how terribly the Democratic Party treated Bernie Sanders. That's what Clinton is threatening a cyberwar over?

Trump, though, didn't exactly present much of an alternative. When presented with a policy question, his instinct is to simply say things are bad and need to be better. That's exactly what happened here:

We came in with the Internet, we came up with the Internet, and I think Secretary Clinton and myself would agree very much, when you look at what ISIS is doing with the Internet, they're beating us at our own game. ISIS.

So we have to get very, very tough on cyber and cyber warfare. It is—it is a huge problem. I have a son. He's 10 years old. He has computers. He is so good with these computers, it's unbelievable. The security aspect of cyber is very, very tough. And maybe it's hardly doable.

But I will say, we are not doing the job we should be doing. But that's true throughout our whole governmental society. We have so many things that we have to do better, Lester, and certainly cyber is one of them.

It's probably a bit too much to expect that presidential candidates be cybersecurity experts. We shouldn't be expecting them to write guest commentaries about zero day exploits.

But what we should take from this—if at all possible—is what kind of experts these people are going to be turning to in the development of cybersecurity policy. For Trump, I have no idea what to expect from this response. Recall that when Apple resisted the Department of Justice when they demanded the company weaken its security to help them break into an iPhone, Trump's response was that people should boycott the company. He did not seem to care (or possibly even understand) that the reason Apple took the position it took was to protect the data security of those very same customers.

But when we look at Clinton's responses, we see a person much more inclined to accept the positions of national security officials over those of privacy experts and perpetuating an agenda pushing the desire by intelligence officials to have secret access to online data through its own hacking rather than an agenda in favor of protecting the security of citizen info.

Why does that matter? Besides the obvious problem that Americans are left less secure because our national security state is emphasizing aggression and infiltration over defense, there are other consequences. It may well turn out that the methods that were used by Russian hackers to infiltrate U.S. systems came from a National Security Agency (NSA) employee or contractor who accidentally left his own hacking "tools" available online for others to find. And the NSA, choosing its own priority in having access to information instead of data security, declined to tell communication companies affected by this vulnerability. The NSA essentially allowed a security vulnerability to persist.

These are the kinds of people who will have Clinton's ear. Her campaign has put out a detailed tech policy plan, though I suspect she would fail a quiz about its own contents. She says she rejects a "false choice between privacy interests and keeping Americans safe." She supports a proposed commission to try to hash out the massive gap in ideological distance between privacy activists and tech companies trying to protect consumer data and national security officials and law enforcement representatives who want access to information on demand.

Her emphasis on getting support from national security officials suggests that one side is going to get much more attention than the other. Her suggestion that America might launch a cyberwar over basic games of espionage—a very petty one at that—should be a cause for concern.

Advertisement

NEXT: Comparing the ideologies of Supreme Court nominees

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. That’s what Clinton is threatening a cyberwar over?

    What else could possibly warrant one?

    1. The full success of our national struggle against inappropriately deadpan “parody” and the Trolls of the Net who disseminate it, requires precisely such a war. See the documentation of America’s leading criminal “satire” case at:

      https://raphaelgolbtrial.wordpress.com/

    2. I Make up to $90 an hour working from my home. My story is that I quit working at Walmart to work online and with a little effort I easily bring in around $70h to $86h..Go to this website and click tech tab to start your work.Visit this web… http://tinyurl.com/hygs5jl

  2. we are not going to sit idly by and permit state actors to go after our information

    I cannot allow someone to steal my car, even though I left it in the middle of the street with the doors open and the keys on the dash.

    1. Not allowing state actors to go after our private information… not sure which state actors Hillary is referring to, or how she defines “our” information.

      1. wasn’t she once heavily involved with “our” information and didn’t her actions pretty much allow state actors to go after it?

        1. The CIA/DIA/NSA/BIA transition teams should write that into their policy guidance to the agencies.

        2. Yes. But she wasn’t trying to conceal information from state actors, just FOIA requests.

  3. Scott, appreciate the comments, but we didn’t need a debate to discover Hillary doesn’t have a grasp of cyber security.

  4. Scott, you can’t possibly expect either of them to make any sensible point here. You just can’t. Holt’s only conceivable intent was to make them both look stupid. Mission accomplished Lester.

    1. I didn’t watch the debate, but I heard that Lester Holt did “a good job” of “getting out of the way”. Wasn’t “getting out of the way” basically a way to make Donald Trump look stupid? Because I heard it worked.

  5. Her emphasis on getting support from national security officials suggests that one side is going to get much more attention than the other.

    Hmmmm. Herself has always championed Big Nanny. I wonder which side she would pick. I’m sure it will come to me at any moment now.

  6. Trump got tossed an underhand softball to hit Clinton with, and instead he talks about how his son is good with computers? WTF?

    1. You know who else was “good with computers”?

      1. Angelina Jolie in Hackers?

      2. It wasn’t Hitler.

        1. It wasn’t Clinton, either.

      3. Matthew Broderick?

      4. Matthew Broderick?

      5. Could you clarify: do you mean that in the sexual or in the non-sexual sense?

    2. Eliott Alderson ftw

  7. RE: Alt-Text

    Scott, you should start labeling the Friday Funnies

  8. Just went to my local rag, it’s 80% ‘fact-check’ articles. *barf*

    1. Yeah, isn’t it a shame that Hillary has to do all the fact checking herself?

      If only there were progressives somewhere in the media to check facts for her!

    2. Fact-check articles are the biggest load of bullshit because it’s all of the same partisan hackery but claiming objectivity. WaPo‘s is among the worst offenders.

  9. No mention of encryption

  10. The disturbing thing about the cyber-security question was that Trump didn’t use the opportunity to squash Hillary for her email server.

    Lester Holt practically served it up for Trump on a silver platter.

    1. This. Could’ve been an opportunity to connect the dots in a way that the media hasn’t — from the premeditated cover-up of her corrupt intermingling of Clinton Foundation and State business through to real-world outcomes like that Iranian scientist getting executed after she and her staff discussed him openly on unsecure email.

      Or, he could’ve just said, “we’re going to trust someone who sends classified emails over a server set up in her bathroom? Get the fuck outta here.”

      1. Both would have been devastating shots, and it’s inexcusable that his prep team (if he even had one) didn’t have him ready to go for it. Or maybe they did, and he had a brain fart. Either way, that’s a golden opportunity lost. Unlike Bill’s sexual predations, which are borderline personal, there’s nothing personal about violating her own boss’s executive orders on cyber-security and it gets to the heart of her corruption.

        “Hillary’s so corrupt that a lifelong Republican bureaucrat couldn’t even execute his job to properly charge her and had to issue a passive-aggressive statement pointing out everything she did wrong instead. Even her former boss felt compelled to lie that he didn’t know about her unauthorized server, that’s how deep this goes. That kind of carelessness and lack of accountability isn’t going to be tolerated on my watch, believe me.”

        See? Not hard at all.

    2. In the most recent FBI release, it was revealed that Huma would routinely forward items from her Clintonmail address to a Yahoo account because it was easier to print from there. That is (1) blatantly illegal and (2) particularly bad given that Yahoo just announced it was the victim of the biggest cyber-attack in history.

      1. Even the excuse that it was “easier to print” from a Yahoo account is shady. Did Hillary not have printers set up in her and Huma’s lovenest so she could print from the clintonemail account or something?

        1. They didn’t like the mechanical sounds of the printer interrupting their sweet, sweet lovemaking.

    3. Trump’s failure to seize on a tiresome empty talking point so worn that even Rich had to take a week off because of the chafing is indeed a tragedy. Fortunately he managed to produce an equally meaningless bit of drivel so that people wouldn’t have to consider the horrifying possibility that there might be a substantive issue hiding under all of the blinkered partisan bullshit.

      1. Hillary Clinton’s ethical failures are not a tiresome empty talking point.

        1. “PHAKE SKANDUL!! OLD NEWZ!! WHY SO MISOJUNIST?!”

  11. So we have to get very, very tough on cyber and cyber warfare. It is — it is a huge problem. I have a son. He’s 10 years old. He has computers. He is so good with these computers, it’s unbelievable. The security aspect of cyber is very, very tough. And maybe it’s hardly doable.

    The biggest troll job I can think if is electing a guy who can’t string a conscious thought together over the media’s candidate. Just imagine the bewilderment in newsrooms around the country. It’d be awesome for a day. But then, of course, we’d be stuck with Trump. But at least we’d have a jolly good time watching those bastards’ heads implode before our own do.

  12. Neither Trump Nor Clinton Know a Damned Thing About Cybersecurity, and Yes, You Should Be Concerned

    After years of spectacular hacks (Office of Personnel Management, Target, Yahoo….) allowed by vulnerabilities in communication protocols, software and the very guts of operating systems, it’s pretty clear nobody knows a damned thing about cyber security or, if they do, are doing diddly squat to implement it

    1. The EXPERTS don’t know cyber. It isn’t essentially any different then informaton security has ever been, just you don’t need physical proximity to obtain information. I do not expect the president who majored in poli sci, business, and lawyering to know the ins and outs of encryption layers. Apparently our experts fail in that themselves.

      I do expect they should know th difference between secure networks and insecure networks and it is Hilary and the dems who failed there.

      I also expect them to know what state actors are threats. I think Trump waz more encompassing while Hiilary sounds like she is looking for a reason to war w russia

    2. The vulnerability in the OPM and Target hacks, and very probably that of Yahoo as well, not to mention the NSA (by both Snowden and the unnamed employee or contractor who lost control of some of their software tools) had hardly anything to do with communication protocol, software, or operating system software. It had to do with people and their inevitable lack of perfection.

      OPM and Target fell to lapses by authorized system users combined with lack of resources that are required to implement better information security than they had. Snowden, by a combination of his own dishonesty and, by some reports, errors of other NSA employees and contractors (in trusting him) was able to copy and remove very large amounts of classified briefing and training documents; loss of the “Equation Group” software probably was an accident, but could also have been an intentional result of espionage from within.

      No technology flaws here, just people.

  13. Yeah but Trump’s 10 year old son knows about the cyber.

    1. Yea, but Hillary’s computer guy knows how to get on Reddit and ask how to change stuff on emails for a “VIP”.
      I’m sure he got a nice bit of software sent to him from someone at *.rus or *.chn that worked wonders.

  14. I he had won the LP nomination, and if he had somehow managed to succeed where Johnson failed in getting to 15% in the polls, I would have loved to watch McAffee pwn the shit out these 2 retards. It would have been epic. Hell, they might have had to stop the debate or cut away to commercials in the middle of it because the rhetorical beatdown would have been too brutal for primetime TV.

  15. As for Trump’s bullshit about how awesome his 10 year old is with computers, all I can say is that in all probability, no he doesn’t know shit about computers and neither do most other “kids these days.”

  16. RE: Neither Trump Nor Clinton Know a Damned Thing About Cybersecurity, and Yes, You Should Be Concerned

    Cyber security is for our ruling elitist filth only.
    The masses don’t need it. Indeed, the little people need to be watched, listened to and spied on constantly because they are constantly thinking counter-revolutionary thoughts and engaging in anti-State activities.

    1. Ask someone whose credit was ruined by opening an email attachment that installed a keylogger whether information security is a good idea. Ask a company like the DoD agency for which I worked if it makes sense to scan all inbound email messages and to remove attachments and disallow use of HTML and hyperlinks. You might get a quite different answer than the one you offer.

  17. Which should take priority, cyber security of Constitution security? Would love to see that issue hit the debate stage.

  18. She says she rejects a “false choice between privacy interests and keeping Americans safe

    Obama rejected some choices he called “false” as well, and then promptly turned around and trampled on constitutionality and privacy too.

  19. By the way, I think we are way past “concerned” in this election.

  20. Yes I thought this was a yuuuge missed opportunity for Trump…”Secretary Clinton is so concerned about security, that under the Obama administration, the Office of Personnel Management that handles top secret clearances for the government got hacked *twice* and *lost* the investigation data for over twenty million individuals with clearances. Think about that. Their social security numbers, addresses, names of spouses, children, relatives, credit history, and much more. Most likely with the Chinese now. All because OPM could not or would not update their systems to patch known vulnerabilities. Dysfunctional government at its worst. It’s a disgrace. She’s so concerned about security that she doesn’t even remember receiving training on handling classified information. Everyone with a top secret clearance gets this training. She admitted not being able to identify classified information in her emails. The same emails that she routed to her homebrew server that was less secure than your Yahoo account. Our enemies would love to make it easier to hack into our classified government emails, and she opened the door and made it happen! I gotta hand it to you Hillary, if any rank and file desk jockey had done that, they’d be in jail so fast their head would spin. But here you are, so why should you get a get out of jail free card? What makes you so special?” If Trump had bothered to study up and practice a bit, he might have come up with something like this. Nah I doubt it.

  21. It might have been better if Reason critiqued the Clinton “Initiative on Technology & Innovation.” It is chock full of low hanging fruit ripe for harvest by Libertarians or anyone else with a clue about information technology. The one paragraph that touches information security injects, in the middle, yet another promise to smother a problem with piles of money, no doubt to be tidied up by those well connected to the (hypothetical) Clinton administration.

    The plain fact is that, even more than with the epidemic, so called, of gun violence, there really is not a lot the government can do at any level to improve information security except its own installations, and the platform plank fails to mention even things that government might do.

    (Part 1 of 2)

  22. “Cybersecurity” is the province of those who have, use, and manage “cyber.” That means you. A computer connected to the internet is guaranteed to be vulnerable, and it scarcely matters if the NSA held back a few zero-day vulnerabilities or accidentally left a penetration kit where a foreign SIGINT or information security worker could find it. There are plenty of clever people around the world who can find and exploit the vulnerabilities and there is no shortage of commercially products to do so. Those who manage organizations, and those who manage IT for them, can go part way, but one of the key entry points for unauthorized network access is errors or malicious behavior by authorized users. The first is exemplified by the Target and OPM incidents, and the second by Edward Snowden’s actions. There is very little the government can do at any level to prevent mistakes or detect crime before it happens, and it is fairly clear that the level of surveillance needed to do so is well beyond what most people would consider acceptable.

    Reason should make such points, because it is fairly clear that nobody outside the computer science community will do so.

    (Part 2 of 2)

  23. Start working at home with Google! It’s by-far the best job I’ve had. Last Wednesday I got a brand new BMW since getting a check for $6474 this – 4 weeks past. I began this 8-months ago and immediately was bringing home at least $77 per hour. I work through this link, go? to tech tab for work detail,,,,,,,
    ——————>>> http://www.4cyberworks.com

  24. ” It may well turn out that the methods that were used by Russian hackers to infiltrate U.S. systems came from a National Security Agency (NSA) employee or contractor who accidentally left his own hacking “tools” available online for others to find.”
    How stupid do highly skilled professionals have to be before I can say “It’s more likely they were corrupt and sold the data.”?

  25. They have as much expertise on the internet/etc. as did “Odd Ball” on tanks:
    “I just drive them, I don’t know what makes them work.”

    1. Bryce . even though Samuel `s story is unbelievable… on tuesday I bought a great Peugeot 205 GTi after making $4790 this – four weeks past an would you believe $10k last month . it’s definitly the most-comfortable work Ive ever done . I actually started 4 months ago and right away startad earning more than $85 p/h . find more info

      ……………. http://www.BuzzNews10.com

Please to post comments

Comments are closed.