- The new ‘Hunger Games’ book paints President Snow as a hero—and people are not happy Tuesday 9:03 PM
- Influencer called out for ‘troubling image’ with Kenyan child Tuesday 8:18 PM
- Professor arrested for spending $185K of grant money on iTunes and strippers Tuesday 7:28 PM
- Man cuts his books in half to make them ‘portable,’ spurs online debate Tuesday 6:09 PM
- Fans defend Lana Del Rey after she was mocked for flying commercial Tuesday 5:10 PM
- Lady Gaga fans find alleged new song name in her website’s code Tuesday 4:42 PM
- Barstool Sports deletes anti-union tweets, blog post in settlement Tuesday 3:47 PM
- The ‘can have … as a treat’ meme has come full circle Tuesday 3:09 PM
- Joe Rogan says he’s voting for Bernie Sanders Tuesday 2:54 PM
- Woman spots mole in man’s TikTok video, saves him from cancer Tuesday 2:17 PM
- ‘You’ star confirms his character is queer and ‘never will be’ straight Tuesday 1:08 PM
- This Twitch streamer pooped his pants during a broadcast Tuesday 12:17 PM
- Apple’s iCloud encryption plan halted amid FBI pressure, report Tuesday 10:57 AM
- Glenn Greenwald charged with cybercrimes in Brazil Tuesday 10:48 AM
- BadBunny rips her fans for not sending her enough money Tuesday 10:06 AM
Newly leaked emails show how technology advisers on Hillary Clinton’s campaign discussed and debated the issue of encryption following 2015’s deadly terrorist attacks in Paris and San Bernardino, California.
At the Democratic primary debate on Dec. 20, 2015, Clinton called for a “Manhattan-like project” to solve law enforcement’s issues with popular encryption. Teddy Goff, a Clinton tech adviser, took issue with how the candidate approached the topic, criticizing her language and calling specific lines in which she admits to not knowing enough about the technology “cringe-y.”
Clinton’s line about law enforcement breaking into encrypted data was also criticized by Goff.
Sara Solow, another Clinton tech adviser, described another tactic that would narrowly target users of encryption.
“Couldn’t we tell tech off the record that she had in mind the malware/key strokes idea (insert malware into a device that you know is a target, to capture keystrokes before they are encrypted). Or that she had in mind really super code breaking by the NSA. But not the backdoor per se?” Solow wrote in the December 2015 email.
Solow seems to be referring to targeting a device (like a phone) to eavesdrop on data instead of targeting the data once it’s transferred. This approach can preempt encryption, rendering it effectively useless in the face of a highly targeted attack from, say, the FBI.
That’s why the United Arab Emirates recently attempted to install malware on a human rights’ activists iPhone. The activist uses encrypted technology, which would have been useless if the malware was successfully installed.
The U.S. government is already engaged in “quiet” conversations with Silicon Valley firms about this issue, according to Marcell Lettre, the under secretary of defense for intelligence at the Pentagon. The targeting option was held up as a preferred approach to encryption backdoors—weaknesses in encryption code that let knowing eavesdroppers in—which have been officially ruled off the table by the White House.
Because encryption was such a focal point around the world in December 2015, Clinton’s points made waves around the world when she spoke about issue in the primary debate. In the time since, the Democratic presidential nominee has backed the creation of a congressional commission on the issue.
Maybe most telling of all is that the Clinton campaign now uses Signal, an encrypted messaging app that’s considered a gold standard of security.
Here’s the full email from Goff laying out his views in a plainspoken manner not normally seen by the public.
i think it was fine, a solid B/B+. john tells me that he has actually heard nice things from friends of ours in SV, which is rare! i do think that “i would not want to go to that point” got overshadowed in some circles by the “some way to break in” thing — which does seem to portend some sort of mandate or other anti-encryption policy, and also reinforces the the ideological gap — and then, more atmospherically, by the manhattan project analogy (which we truly, truly should not make ever again — can we work on pressing that point somehow?) and the cringe-y “i don’t understand all the technology” line, which i also think does not help and we should avoid saying going forward.
speaking of not understanding the technology, there is a critical technical point which our current language around encryption makes plain she isn’t aware of. open-source unencrypted messaging technologies are in the public domain. there is literally no way to put that genie back in the bottle. so we can try to compel a whatsapp to unencrypt, but that may only have the effect of pushing terrorists onto emergent encrypted platforms.
i do think going forward it will be helpful to be able to refer to her having pledged not to mandate a backdoor as president. but we’ve got to iron out the rest of the message. i actually do believe there is a way to thread the needle here, which i am happy to discuss; it requires us to quickly pivot from encryption to the broader issue of working with tech companies to detect and stop these people, and not getting into the weeds of which app they happen to use and that sort of thing.
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.