Giuliani as a Cybersecurity Advisor for Donald Trump Does Not Bode Well
He talks about data protection, but does he understand it at all?
Well, the good news is that authoritarian former New York City Mayor Rudy Giuliani will only be serving President-Elect Donald Trump's administration as an advisor on cybersecurity issues.
But it's still bad news that Giuliani is going to be connected at all. Though Giuliani has been working as a security consultant in the private sector, tech experts blasted the cybersecurity vulnerabilities of his company site, which is now no longer even accessible online.
Prior to the election, I wrote extensively about how neither Trump nor Hillary Clinton had even the slightest grasp of cybersecurity. At the time I noted that it's probably too much to expect politicians of their age to know all that much. What mattered, then, is who they would be letting advise them on cybersecurity matters and what their attitudes looked like.
On the positive side, Giuliani at least gives good lip service to focusing on defensive cybersecurity, as we see in this recent interview from Las Vegas. On the negative side, he sounds in this interview like somebody trying to give a lecture on a subject that he knows only through Wikipedia articles. I can't imagine anybody working within the field of tech security feeling confident in what Giuliani has to offer based on that video.
The best case scenario here is Giuliani taking back ideas from the private tech sector to the federal government in terms of improving defensive protections from hacking. That would include a healthy respect for encryption and an understanding why it's exceedingly dangerous to demand that companies provide "back doors" that allow law enforcement officials to bypass security. If the government is truly devoted to protecting itself from foreign hackers it has to be willing to accept that there's no such thing as a back door only the American government can unlock.
On the bad side, as data privacy advocate and contributor to The Guardian Trevor Timm notes, Trump selecting Giuliani is part of a widespread trend of government officials exhibiting the typical behavior of rewarding their connected buddies with work over better choices. Given what happened with the Demoratic National Committee, it's not even clear Clinton would be doing any better if she were in Trump's shoes:
While it's amusing to make fun of Giuliani, hiring people with little or no bona fide security experience to head up cybersecurity practices in government is sadly a tried and true pastime in Washington. Instead of tapping actual computer security experts, politicians in many cases continue to put their friends or people they know in charge of a monumental problem that requires expertise beyond having many political connections or relationships with donors.
The DNC's response to the hack of their emails is the perfect example. The Democrats and Republicans should have been well aware their information could be hacked by a foreign government since it happened to both Obama and John McCain in 2008. But it was only after the DNC's leaked emails started being published in the summer that the committee announced it would create a Cybersecurity Advisory Board to "ensure that the DNC's cybersecurity capabilities are best-in-class".
As technologist Chris Soghoian asked at the time, "Will the DNC cyber board have experienced cybersecurity pros or just ex senior intelligence officials & politicians?" Sure enough, a day later when the lineup was announced, every person on it was either a lawyer or ex-government official – not an engineer or computer scientist among them.
Then the other issue is that everybody Trump has been selecting for his administration has been emphasizing government access to data over privacy, which is a dangerous attitude when it comes to protecting cybersecurity. Former Rep. Mike Pompeo, Trump's choice to head the CIA, is a supporter of expanded government surveillance powers, as is Sen. Dan Coats, Trump's choice to serves as Director of National Intelligence.
When the government prioritizes access over data security, it helps create the environment Giuliani warns about in his interview, one where citizens' private information is not kept safe. The open question is whether Trump's administration and its authoritarian attitude toward law enforcement will grasp this paradox.