from the that's-at-least-marginally-reassuring dept
Hillary Clinton's position on encryption -- like so much of her
tech policy -- has been kind of vague and wishy-washy. Saying things that possibly sound good, but could easily turn out to be bad depending on what is really meant. It's sort of the classical politician's answer on things, trying to appease multiple sides of an issue without getting fully pinned down on something that might come back to bite you later.
It started back in November of 2015, when Clinton
gave a speech, which put her firmly into the "but Silicon Valley should nerd harder to figure out a backdoor" camp. A few weeks later, she
doubled down on the "nerd harder" response in an interview with George Stephanopoulos:
STEPHANOPOULOS: How about Apple? No more encryption?
CLINTON: This is something I've said for a long time, George. I have to believe that the best minds in the private sector, in the public sector could come together to help us deal with this evolving threat. And you know, I know what the argument is from our friends in the industry. I respect that. Nobody wants to be feeling like their privacy is invaded.
But I also know what the argument is on the other side from law enforcement and security professionals. So, please, let's get together and try to figure out the best way forward.
A few weeks after
that, she went even further, calling for a "Manhattan Project" on backdooring encryption. As we noted at the time,
that made no sense and suggested a complete cluelessness about encryption and the issues related to it.
Now, with the release of the hacked emails from Clinton campaign manager John Podesta, we get to find out that Clinton's staff
basically agreed with us that her statements on encryption were ridiculous, and felt that she should not support any effort to backdoor encryption.
It started with an internal discussion in response to an inbound request from Politico, where some of her staffers
sought to avoid answering the question on backdooring encryption, while admitting internally the reality. Here were the "boiled down" talking points, presented by Ben Scott (a former State Dept official who also ran Free Press for a few years):
1-The bad guys could already get crypto -- we helped the good guys get it.
2-The Internet Freedom investments in these technologies were strongly bipartisan (and remain so).
Those are good points. I wish she'd actually said that, rather than what eventually came out.
The second email comes right after that "Manhattan Project" comment at the debate in the middle of December, and there her staffers discuss what a terrible analogy it is and
how they should tell the tech industry that Hillary won't support backdoors, but instead supports using hacking/malware to spy on terrorists (which is a better solution all around, though it raises some other issues).
The email thread starts off with lawyer and Clinton (and former Obama) advisor Sara Solow first highlighting the flip-floppy nature of Clinton's comments, and then followed it up by noting that the "flop" side of (supporting backdooring encryption) is "impossible":
She basically said no mandatory back doors last night ("I would not want to go to that point"). In the next paragraph she then said some not-so-great stuff -- about there having to be "some way" to "break into" encrypted content-- but then she again said "a backdoor may be the wrong door."
Please let us know what you hear from your folks. I would think they would be happy -- she's certainly NOT calling for the backdoor now -- although she does then appear to believe there is "some way" to do the impossible.
Teddy Goff, a political strategist and the digital director for Obama for America during the 2012 campaign, responds, calling it "a solid B/B+" and suggests that someone tell Clinton never to use the Manhattan Project line again. He also highlights the point that Ben Scott had raised a month earlier, and that it was clear that Clinton did not understand, that there is open source encryption out there that anyone can use already, and any attempt to backdoor proprietary encryption won't stop anyone from using those other solutions. Finally, he suggests that having "pledged not to mandate backdoors" will be useful going forward.
i think it was fine, a solid B/B+. john tells me that he has actually heard nice things from friends of ours in SV, which is rare! i do think that "i would not want to go to that point" got overshadowed in some circles by the "some way to break in" thing -- which does seem to portend some sort of mandate or other anti-encryption policy, and also reinforces the the ideological gap -- and then, more atmospherically, by the manhattan project analogy (which we truly, truly should not make ever again -- can we work on pressing that point somehow?) and the cringe-y "i don't understand all the technology" line, which i also think does not help and we should avoid saying going forward.
speaking of not understanding the technology, there is a critical technical point which our current language around encryption makes plain she isn't aware of. open-source unencrypted messaging technologies are in the public domain. there is literally no way to put that genie back in the bottle. so we can try to compel a whatsapp to unencrypt, but that may only have the effect of pushing terrorists onto emergent encrypted platforms.
i do think going forward it will be helpful to be able to refer to her having pledged not to mandate a backdoor as president. but we've got to iron out the rest of the message. i actually do believe there is a way to thread the needle here, which i am happy to discuss; it requires us to quickly pivot from encryption to the broader issue of working with tech companies to detect and stop these people, and not getting into the weeds of which app they happen to use and that sort of thing.
Finally, Solow responds to Goff agreeing that the "some way in" line implies undermining encryption, but suggests that they quietly let the tech world know that they don't mean backdoors, but just mean hacking/malware:
That she says no backdoor, which is good, but then says we need a way in, and then the bad line about not understanding technology. The latter two points make the first one seem vulnerable.
But in terms of wanting a way to break in - couldn't we tell tech off the record that she had in mind the malware/key strokes idea (insert malware into a device that you know is a target, to capture keystrokes before they are encrypted). Or that she had in mind really super code breaking by the NSA. But not the backdoor per se?
There are some obvious concerns with the hacking/malware stuff, but it's at a very different level than breaking encryption. While it's still ridiculous that Clinton won't just come out and say that backdooring encryption gives us
both less security and less privacy, it does appear that she has people on her team who get the basics here. That's at least moderately encouraging. It would be better if there were some stronger indication that Clinton is actually listening to them.
Filed Under: backdoors, crypto wars, encryption, going dark, hillary clinton, manhattan project, nerd harder