Cybersecurity

Giuliani as a Cybersecurity Advisor for Donald Trump Does Not Bode Well

He talks about data protection, but does he understand it at all?

|

Giuliani
John Taggart / POOL/EPA/Newscom

Well, the good news is that authoritarian former New York City Mayor Rudy Giuliani will only be serving President-Elect Donald Trump's administration as an advisor on cybersecurity issues.

But it's still bad news that Giuliani is going to be connected at all. Though Giuliani has been working as a security consultant in the private sector, tech experts blasted the cybersecurity vulnerabilities of his company site, which is now no longer even accessible online.

Prior to the election, I wrote extensively about how neither Trump nor Hillary Clinton had even the slightest grasp of cybersecurity. At the time I noted that it's probably too much to expect politicians of their age to know all that much. What mattered, then, is who they would be letting advise them on cybersecurity matters and what their attitudes looked like.

On the positive side, Giuliani at least gives good lip service to focusing on defensive cybersecurity, as we see in this recent interview from Las Vegas. On the negative side, he sounds in this interview like somebody trying to give a lecture on a subject that he knows only through Wikipedia articles. I can't imagine anybody working within the field of tech security feeling confident in what Giuliani has to offer based on that video.

The best case scenario here is Giuliani taking back ideas from the private tech sector to the federal government in terms of improving defensive protections from hacking. That would include a healthy respect for encryption and an understanding why it's exceedingly dangerous to demand that companies provide "back doors" that allow law enforcement officials to bypass security. If the government is truly devoted to protecting itself from foreign hackers it has to be willing to accept that there's no such thing as a back door only the American government can unlock.

On the bad side, as data privacy advocate and contributor to The Guardian Trevor Timm notes, Trump selecting Giuliani is part of a widespread trend of government officials exhibiting the typical behavior of rewarding their connected buddies with work over better choices. Given what happened with the Demoratic National Committee, it's not even clear Clinton would be doing any better if she were in Trump's shoes:

While it's amusing to make fun of Giuliani, hiring people with little or no bona fide security experience to head up cybersecurity practices in government is sadly a tried and true pastime in Washington. Instead of tapping actual computer security experts, politicians in many cases continue to put their friends or people they know in charge of a monumental problem that requires expertise beyond having many political connections or relationships with donors.

The DNC's response to the hack of their emails is the perfect example. The Democrats and Republicans should have been well aware their information could be hacked by a foreign government since it happened to both Obama and John McCain in 2008. But it was only after the DNC's leaked emails started being published in the summer that the committee announced it would create a Cybersecurity Advisory Board to "ensure that the DNC's cybersecurity capabilities are best-in-class".

As technologist Chris Soghoian asked at the time, "Will the DNC cyber board have experienced cybersecurity pros or just ex senior intelligence officials & politicians?" Sure enough, a day later when the lineup was announced, every person on it was either a lawyer or ex-government official – not an engineer or computer scientist among them.

Then the other issue is that everybody Trump has been selecting for his administration has been emphasizing government access to data over privacy, which is a dangerous attitude when it comes to protecting cybersecurity. Former Rep. Mike Pompeo, Trump's choice to head the CIA, is a supporter of expanded government surveillance powers, as is Sen. Dan Coats, Trump's choice to serves as Director of National Intelligence.

When the government prioritizes access over data security, it helps create the environment Giuliani warns about in his interview, one where citizens' private information is not kept safe. The open question is whether Trump's administration and its authoritarian attitude toward law enforcement will grasp this paradox.

NEXT: Why Do People Buy Things They Don't "Need"?

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. He has 40 years of EXPERIENCE in… *ahem* Cyber Security.

  2. It also makes no sense because he’s an old man with zero tech credentials who probably thinks Reason.com is an advanced website illustrating all the wonders of modern internet technology.

    1. ‘Edit’ buttons and neo-flip phone will be on display at next year’s World Fair in Dubai.

      1. As will the beta version of Koch Industries’ patented SquirrelIQ sysadmin training program for arboreal rodentry.

  3. Will the DNC cyber board have experienced cybersecurity pros or just ex senior intelligence officials & politicians?

    Leave cybersecurity to the kids in the NSA warehouses — reading reports and determining a plan of action is reserved for experienced Top Men.

  4. While it’s amusing to make fun of Giuliani…

    Easy, too.

    1. Rude-Pee Fool O’Many

      /Mike M.

  5. I thoroughly believe he can come up with a ‘solution to cybersecurity,’ just not in the way he thinks he means

    Outlaw computers screens?

    1. Typewriters are harder to hack.

        1. Chinese or American made?

  6. Just find out who the bad guys are, call up Bill Gates, and tell him to turn off their internet phones. How hard is that?

    1. When the government prioritizes access over data security, it helps create the environment Giuliani warns about in his interview, one where citizens’ private information is not kept safe.

      That problem’s at the heart of a lot of security issues. No matter how many locked doors you create, the people who regularly have to go in and out of the rooms think it’s a pain in the ass to have to unlock the doors each and every time so they develop the habit of leaving the doors propped open. There’s a trade-off between security and ease of access, but the government is going to make a one-size-fits-all standard and then it’ll be “oh, well, procedures were followed” when your data get stolen.

  7. Look, its a series of tubes, right? So all we have to do is block off the tubes being used by the Bad Guys, right? Shouldn’t take more than a week, maybe two.

    1. Just bomb the shit out of them and take their url.

      1. Big Url is evil.

        Just ask the Dixie Chicks.

        1. I prefer the transvestite southern rock band, the Chicksie Dicks.

          1. (Trigger Warning!) They’re really a thing:

            https://www.youtube.com/watch?v=YjP2KIksMqI

            Just not my thing.

  8. Though Giuliani has been working as a security consultant in the private sector, tech experts blasted the cybersecurity vulnerabilities of his company site, which is now no longer even accessible online.

    Sounds like extremely strong security to me.

    1. Obligatory xkcd

      That having been said, Giuliani’s firm is probably not operating to the same standards as an IC agency.

  9. Has he done anything with Fatbot Chris Christie yet? I really like the idea that Trump was setting him up for humiliation.

    1. I’d like it too, if i didn’t suspect that Christie was into that. Sexually, i mean.

    2. Reportedly Trump finds fat people like Christie personally revolting but also thinks they’re good for publicity.

    3. Have you read this yet?

      Behind closed doors, Chris Christie ? unceremoniously sent packing from Donald Trump’s transition headquarters in Washington two months ago ? is telegraphing a message to his confidants: I’ll be back.

      The hard-charging New Jersey governor is playing the long game, betting that Trump’s senior aides and Cabinet nominees, nearly all of whom lack governing experience, will face unexpected challenges when they settle into the West Wing. Christie turned down several offers to join the Trump administration when he was denied the attorney general post, but he has told associates he expects Trump to turn people like him ? seasoned lawmakers and political hands ? if and when the neophytes begin to flounder.

      this article alone almost makes up for the fact that Trump is president.

      1. I picture Christie looking at the phone, silently begging it with his rheumy eyes to ring.

        “He’ll need me eventually!”

        1. +1 Secretary of Assless Chaps

      2. Everyone in power is playing 3-dimensional chess.

        1. But do they realize that the bishop has less power and the knight even more ways to sneak up on you?

  10. Has John Podesta submitted his application for this gig?

    1. The trial by fire must have enlightened him a bit, yes?

    2. I have learned a lot about password security lately. For example, my IT guy told me it’s totally normal for my password to end up in my handle and that everyone else just sees my handle.

    3. Nope. He’s going to be ambassador to the Nigerian Royal House. As soon as he fills out his financial disclosure documents. 😉

      1. Jinx. 😛

        1. Some ideas are just too good!

    4. Podesta’s busy. He’s still trying to clear all the hurdles to collecting some Nigerian prince’s vast fortune.

  11. His (lack of) knowledge doesn’t matter, it’s just a bullshit payoff job.

  12. Yeah, so how’s that “drain the swamp” thing working out, guys? About the same as that “hope and change”?

    1. Hey, he never said he wasn’t going to replace it with a DIFFERENT swamp.

    2. I pointed out the analogy of Trump with Obama when the former was just a glint in the primary’s eye. A lot of people have denied it (on both sides) but it’s as apt today as it was then.

      1. It’s going to be 4 long years of bullshit excuse-making and goalpost moving, exactly like the last 8, except this time coming from the other side.

        1. Hey, lighten up. It could be 8.

        2. The bullshit excuse-making and the goalpost moving is going to be overshadowed by the denying that was ever said. When your main plan is “it’s going to be great and you’re gonna love it”, it’s harder to falsify than “if you like your doctor you can keep your doctor”. What exactly are you expecting out of Trump and what leads you to believe you have any reason to expect it? The only thing he’s ever said that constitutes any sort of concrete promise as far as I know is to build a wall, and I don’t expect that to be anything more than a half-assed job of producing a few hundred yards of photo-op fencing. It’s not gonna be big, it’s not gonna be beautiful, it’s not going to be secure, and the Mexicans ain’t paying for it.

          1. Lowering the corporate tax rate was another promise, and if it happens I think it would be pretty huge.

  13. OT: This is interesting – a look at out of pocket health care costs:

    It shows that out of pocket costs for hospitalization went up from $852 in 2011 to $1,032 in 2013. Couldn’t track anything more recent down. And this doesn’t include premium increases.

    http://www.washingtonpost.com/…..c4c481da6e

    Is there any metric by which OCare hasn’t fucked the consumer in the ass?

    1. Is there any metric by which OCare hasn’t fucked the consumer in the ass?

      If you had a need for a ridiculously expensive treatment on a predictable basis, then you’re probably in a more financially secure state with lower out of pocket costs.

      If you wanted to have health insurance, couldn’t afford it before, are living in a state without the Medicaid expansion, and qualify for Federal subsidies, then you probably get “affordable” insurance. You might have just been better off going to the ER (and might still be), but you won’t be turned down for lack of insurance when going for urgent care or primary care if you pick an in-network provider, but good luck getting an appointment.

      If you really wanted Medicaid but were making too much money to qualify before, and are living in a state with the Medicaid expansion, then you now qualify for Medicaid. According to some study out of Oregon done before the ACA took effect based on a state Medicaid lottery, this apparently reduces the rate of depression, but only barely. There were no statistically significant improvements on other metrics, although the diagnosis of diabetes went way up, so congratulations on placing a higher burden on the state’s already messed up finances.

      So, hey, it’s been marginally good for 1?5% of the population. Isn’t that great?

      1. Note importantly that the key benefits have come at the expense of the majority. Most people are being forced to pay higher costs, and states have been saddled with a growing fiscal liability, in order to reduce the out-of-pocket expenses for a small minority.

        1. Isn’t our republic designed to protect the rights of the minority?

    2. Yeah. If you’re poor and didn’t have insurance before.

      Literally everything else about it sucks, though.

      Well, sorry, not quite. Kids staying on parents’ plans and insurance companies not being able to say “We’ve decided not to cover you anymore because your medical care is too expensive now. So go fuck yourself and shove that contract up your ass,” are good things.

      1. Kids are not 26 years old, and chronic conditions could have been dealt with through risk pools rather than the huge steaming re-write of the healthcare system.

    3. See what happens when you fuck a stranger in the ass?

      https://www.youtube.com/watch?v=9ausPKEMVk0

        1. God bless the FCC. Paragons of virtue and artistic integrity.

    1. Huh, wonder if the current Arrogant Bastard in Chief is going to read that.

  14. “If the government is truly devoted to protecting itself from foreign hackers it has to be willing to accept that there’s no such thing as a back door only the American government can unlock.”

    Unpossible. If the government is to protect our privacy (and after all, government is merely a word for that which we all do together), then they (we) must have complete and unfettered access to all citizens.

    Trust (us). It’s for your own good.

  15. much like he put the nyc emergency operation center in the shadow of the world trade center, i imagine his first act will be to put a giant magnet next to every government computer….you know, for security.

  16. “it’s probably too much to expect politicians of their age to know all that much.”

    As opposed to all those whiz kid techie politicians who don’t understand basic math?

    1. pi = 3. Makes things a lot easier.

  17. “Giuliani as a Cybersecurity Advisor for Donald Trump Does Not Bode Well”

    Giuliani is there to show that Trump takes care of people who are loyal to him.

    Giuliani was beat out of both the AG job and the Secretary of State job. He was so loyal to Trump, if they hadn’t made some job for him, it would look like Trump doesn’t take care of his own–and for pragmatic reasons, you don’t want people to think that it doesn’t matter to Trump whether you’re loyal or not.

    The reason Sessions is AG is because he demonstrated his loyalty, too. In no way should either appointment be read as an endorsement of either appointee’s beliefs.

    1. In no way should either appointment be read as an endorsement of either appointee’s beliefs.

      That’s great and all, but presuming the nominees get confirmed, they’re going to be in a position of power to act on those beliefs.

  18. another person in charge of something they don’t comprehend.

    My geeky as would be better suited for this job and i don’t even know programming but I at least understand what VPNs, TORs, TailsOS, IPSEC, concept of software, and hardware is.

    I bet i could ask 2 questions of this fool and he would look at me stupid and they would be pure basic questions like:

    what is the underlying issue in HTTPS?

    What is so hard about getting a password to a person across the world with no one intercepting.

    What was the root issue with Truecypt that Veracrypt fixed in regards to key files?

    1. 3 questions but whatever. First 3 popped in my head.

      At college i trolled the CEO or something of Adobe in regards to the security of Adobe cloud before i was even remotely read up on this and the CEO or VP…who ever it was, was not amused with me making an ass of him in front of several hundred students 😀

      I asked him what security does Adobe cloud use and did they address HTTPs/SSL security holes. He had a blank face and i even pointed out their white paper was a 1.5 page joke with basically no info. How are companies IT department supposed to trust their IP content to a cloud that has no white papers on what level of security it uses. I wouldn;t trust adobe cloud if I was in an IT department without knowing some basic stuff like is it even using TLS and what version and who verified it was even working right?

      After several hours of googling I found out adobe hosts on amazon cloud but still little to no information on it back in 2013 or 2014.

      Their CEO/VPN was at least a techish person vs this moron for chief of whatever.

      1. and yes i am an ass and have no problem calling people out on bullshit in front of 100s of people. My profs back than were pissed but i told them i was right and they could suck it. 😉

  19. Nattering Nabobs of Negativism letting the perfect be the enemy of the good!

Please to post comments

Comments are closed.