Neither Trump Nor Clinton Know a Damned Thing About Cybersecurity, and Yes, You Should Be Concerned
Who will actually be defining the agenda, because it won't be these two?
To the extent that last night's debate drifted into concrete policy discussion, it was often a brief trip before the two candidates returned to the evergreen discussion of how awful their opponent is. (Fact check: True)
That's pretty much what happened during the short section discussing cybersecurity and state-sponsored hacking. Thanks to the hacking of the Democratic National Committee and the possibility that Russians were involved, Hillary Clinton was able to get Donald Trump on the defensive by suggesting he "invited [Vladimir] Putin to hack into Americans." That was a pretty audacious exaggeration, given that what Trump actually asked for was for the Russian hackers to provide Clinton's deleted emails from her private server scandal. But when she ended her comments by saying how many national security folks had endorsed her, that was all it took to get Trump off-track to talk about all the wonderful people who had endorsed him.
In reality, neither candidate expressed a vision of cybersecurity that suggested either of them were even remotely familiar with the subject. Asked by moderator Lester Holt how to fight cyberattacks, here was part of Clinton's response. Note the familiar hawkish tone:
And one of the things [Vladimir Putin's] done is to let loose cyber attackers to hack into government files, to hack into personal files, hack into the Democratic National Committee. And we recently have learned that, you know, that this is one of their preferred methods of trying to wreak havoc and collect information. We need to make it very clear—whether it's Russia, China, Iran or anybody else—the United States has much greater capacity. And we are not going to sit idly by and permit state actors to go after our information, our private-sector information or our public-sector information.
And we're going to have to make it clear that we don't want to use the kinds of tools that we have. We don't want to engage in a different kind of warfare. But we will defend the citizens of this country. [Emphasis added] And the Russians need to understand that. I think they've been treating it as almost a probing, how far would we go, how much would we do.
By casting this debate in the terms of a hack that essentially embarrassed the Democratic Party establishment, Clinton's threat comes off as petty as anything Trump says. Trump responded in part by pointing out that what the hack revealed was how terribly the Democratic Party treated Bernie Sanders. That's what Clinton is threatening a cyberwar over?
Trump, though, didn't exactly present much of an alternative. When presented with a policy question, his instinct is to simply say things are bad and need to be better. That's exactly what happened here:
We came in with the Internet, we came up with the Internet, and I think Secretary Clinton and myself would agree very much, when you look at what ISIS is doing with the Internet, they're beating us at our own game. ISIS.
So we have to get very, very tough on cyber and cyber warfare. It is—it is a huge problem. I have a son. He's 10 years old. He has computers. He is so good with these computers, it's unbelievable. The security aspect of cyber is very, very tough. And maybe it's hardly doable.
But I will say, we are not doing the job we should be doing. But that's true throughout our whole governmental society. We have so many things that we have to do better, Lester, and certainly cyber is one of them.
It's probably a bit too much to expect that presidential candidates be cybersecurity experts. We shouldn't be expecting them to write guest commentaries about zero day exploits.
But what we should take from this—if at all possible—is what kind of experts these people are going to be turning to in the development of cybersecurity policy. For Trump, I have no idea what to expect from this response. Recall that when Apple resisted the Department of Justice when they demanded the company weaken its security to help them break into an iPhone, Trump's response was that people should boycott the company. He did not seem to care (or possibly even understand) that the reason Apple took the position it took was to protect the data security of those very same customers.
But when we look at Clinton's responses, we see a person much more inclined to accept the positions of national security officials over those of privacy experts and perpetuating an agenda pushing the desire by intelligence officials to have secret access to online data through its own hacking rather than an agenda in favor of protecting the security of citizen info.
Why does that matter? Besides the obvious problem that Americans are left less secure because our national security state is emphasizing aggression and infiltration over defense, there are other consequences. It may well turn out that the methods that were used by Russian hackers to infiltrate U.S. systems came from a National Security Agency (NSA) employee or contractor who accidentally left his own hacking "tools" available online for others to find. And the NSA, choosing its own priority in having access to information instead of data security, declined to tell communication companies affected by this vulnerability. The NSA essentially allowed a security vulnerability to persist.
These are the kinds of people who will have Clinton's ear. Her campaign has put out a detailed tech policy plan, though I suspect she would fail a quiz about its own contents. She says she rejects a "false choice between privacy interests and keeping Americans safe." She supports a proposed commission to try to hash out the massive gap in ideological distance between privacy activists and tech companies trying to protect consumer data and national security officials and law enforcement representatives who want access to information on demand.
Her emphasis on getting support from national security officials suggests that one side is going to get much more attention than the other. Her suggestion that America might launch a cyberwar over basic games of espionage—a very petty one at that—should be a cause for concern.