- How to mute Twitter’s suggested tweets on your timeline 3 Years Ago
- What you need to know about Apple’s new streaming service 3 Years Ago
- Text-message fanfiction is taking over Instagram Today 1:54 PM
- Your Asus computer might have a secret backdoor Today 1:06 PM
- Trump is already fundraising off the Mueller report—even though no one’s seen it Today 1:01 PM
- Michael Avenatti charged with trying to extort $20 million from Nike Today 12:51 PM
- Logan Paul says being a YouTuber is ‘wack’ Today 12:14 PM
- James Comey posts from a forest in wake of Mueller report Today 10:35 AM
- These are the only online dating sites worth your time Today 10:29 AM
- Jameela Jamil sparks conversation about women having to make the ‘boyfriend excuse’ Today 10:23 AM
- Trump-Russia conspiracy theorists think they’ve found secrets in the Mueller report Today 9:32 AM
- Report: YouTube is done competing with Netflix, Amazon Today 9:27 AM
- Netflix drama ‘Coisa Mais Linda’ explores Bossa Nova clubs and women’s rights in Brazil Today 8:08 AM
- The best ‘Game of Thrones’ memes to get you pumped for season 8 Today 7:30 AM
- Amazon Echo Show (2nd Gen) vs Google Home Hub: Which is better? Today 7:00 AM
Will the DNC hack push politicians to finally use encryption?
Security experts say encrypted emails and chat apps are the right move.
Welcome to the 21st century: Debbie Washerman-Schultz is the most powerful political figure ever brought down by a hack.
After the public release of 20,000 hacked and stolen emails from the Democratic National Committee led to the pending resignation of Chairwoman Schultz, a Florida congresswoman, the political establishment is once again scrambling to protect themselves.
Donna Brazile, a CNN talking head and vice chair of the Democratic National Committee, has one solution.
“This is a cautionary tale for everybody: Stop emailing, pick up the phone,” Brazile said on CNN on Sunday night.
That matches the behavior of Republican nominee Donald Trump, who reportedly almost never uses emails.
“That is incredibly good advice,” said Nicholas Weaver, a senior staff researcher focusing on computer security at the International Computer Science Institute in Berkeley, California. “Phone calls are ephemeral, so unless you or an adversary are actively recording them they leave no record of content, only that A talked to B.”
“This is a cautionary tale for everybody: Stop emailing, pick up the phone.”
A plan to go to 100 percent phone calls is unrealistic, however, because if both people are not available at the same time, there can be no call. In an organization as big as the DNC, that’s going to happen a lot. A voicemail has the same permanence problem as an email, and voicemails too can be easily hacked. Add to that the fact that email is more popular than ever.
“I don’t think people are going to stop using email,” Danny Rogers, CEO of the security firm Terbium Labs, said. “People have been predicting the end of email for decades now; it just has never happened, there have been more and more emails sent.”
Instead, the conversation about how to protect against hackers and leakers leads back to the topics of one of the most vigorous national and global debates of the last few years: Encryption.
In the last year, encryption has been the focus of one of America’s most technologically advanced debates. While the vast majority of technologists argue that encryption ought to be widespread, powerful law enforcement figures like FBI Director James Comey have pushed for universal backdoor access to Americans’ internet data.
A string of high-impact data breaches ranging from Sony Pictures to the Office of Personnel Management to the Democratic National Committee show clearly that encryption would have helped keep at least some of the data private—malware apparently used in the DNC hack would have still allowed attackers access—but use of the technology remains preciously rare. That’s due in large part to the fact that email encryption is almost always cumbersome, difficult to understand, and easy to mess up.
“Probably the better thing is to learn as a society to better protect email,” Rogers argued. “There are products to encrypt emails.”
Weaver, who is less bullish on email, advocated secure encrypted texting apps on an iPhone. After all, emails have long been called profoundly insecure—security experts have compared them to postcards. There are better options.
“Instead, use Signal or WhatsApp on iPhones,” Weaver recommends. “iPhones are very strong against remote compromise and theft, while Signal and WhatsApp provide very robust cryptographic protections and, when chats are deleted from both sides of the conversation, they are provably unrecoverable.”
You can download both Signal and WhatsApp from your app store of choice.
No precautions make anyone completely immune from hackers. There is, after all, no such thing as 100 percent security—the hackers behind the DNC data breach apparently used other techniques that would have made encrypted emails irrelevant. But a secure app like Signal can add a sturdy layer of defense, whereas the DNC instead had a clear and open window.
The hacked and leaked emails are hanging heavily over the first day of the Democratic National Convention.
The resignation by Wasserman-Schultz hasn’t slowed down thousands of protesters in the streets and critics around the country who are angry with the DNC’s dishonesty and partiality in favor of Hillary Clinton during the 2016 presidential campaign.
Wassaerman-Schultz’s Monday speech at the party’s convention was cancelled, and Democratic officials are hoping that Clinton’s primary rival, Sen. Bernie Sanders (I-Vt.), will steal the show and keep the spotlight off perhaps the most devastating political hack in American history—so far.
Clarification: Standard end-to-end email encryption likely would not have prevented the DNC hack in its entirety, but the broader use of encryption could have kept some key data out of hackers’ hands.
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.