Photo via Marc Nozell/Getty Images (Licensed)
Newly leaked emails show how technology advisers on Hillary Clinton's campaign discussed and debated the issue of encryption following 2015's deadly terrorist attacks in Paris and San Bernardino, California.
At the Democratic primary debate on Dec. 20, 2015, Clinton called for a "Manhattan-like project" to solve law enforcement's issues with popular encryption. Teddy Goff, a Clinton tech adviser, took issue with how the candidate approached the topic, criticizing her language and calling specific lines in which she admits to not knowing enough about the technology "cringe-y."
Clinton's line about law enforcement breaking into encrypted data was also criticized by Goff.
Sara Solow, another Clinton tech adviser, described another tactic that would narrowly target users of encryption.
"Couldn't we tell tech off the record that she had in mind the malware/key strokes idea (insert malware into a device that you know is a target, to capture keystrokes before they are encrypted). Or that she had in mind really super code breaking by the NSA. But not the backdoor per se?" Solow wrote in the December 2015 email.
Solow seems to be referring to targeting a device (like a phone) to eavesdrop on data instead of targeting the data once it's transferred. This approach can preempt encryption, rendering it effectively useless in the face of a highly targeted attack from, say, the FBI.
That's why the United Arab Emirates recently attempted to install malware on a human rights' activists iPhone. The activist uses encrypted technology, which would have been useless if the malware was successfully installed.
The U.S. government is already engaged in "quiet" conversations with Silicon Valley firms about this issue, according to Marcell Lettre, the under secretary of defense for intelligence at the Pentagon. The targeting option was held up as a preferred approach to encryption backdoors—weaknesses in encryption code that let knowing eavesdroppers in—which have been officially ruled off the table by the White House.
Because encryption was such a focal point around the world in December 2015, Clinton's points made waves around the world when she spoke about issue in the primary debate. In the time since, the Democratic presidential nominee has backed the creation of a congressional commission on the issue.
Maybe most telling of all is that the Clinton campaign now uses Signal, an encrypted messaging app that's considered a gold standard of security.
Here's the full email from Goff laying out his views in a plainspoken manner not normally seen by the public.
i think it was fine, a solid B/B+. john tells me that he has actually heard nice things from friends of ours in SV, which is rare! i do think that "i would not want to go to that point" got overshadowed in some circles by the "some way to break in" thing -- which does seem to portend some sort of mandate or other anti-encryption policy, and also reinforces the the ideological gap -- and then, more atmospherically, by the manhattan project analogy (which we truly, truly should not make ever again -- can we work on pressing that point somehow?) and the cringe-y "i don't understand all the technology" line, which i also think does not help and we should avoid saying going forward.
speaking of not understanding the technology, there is a critical technical point which our current language around encryption makes plain she isn't aware of. open-source unencrypted messaging technologies are in the public domain. there is literally no way to put that genie back in the bottle. so we can try to compel a whatsapp to unencrypt, but that may only have the effect of pushing terrorists onto emergent encrypted platforms.
i do think going forward it will be helpful to be able to refer to her having pledged not to mandate a backdoor as president. but we've got to iron out the rest of the message. i actually do believe there is a way to thread the needle here, which i am happy to discuss; it requires us to quickly pivot from encryption to the broader issue of working with tech companies to detect and stop these people, and not getting into the weeds of which app they happen to use and that sort of thing.