Clinton, Encryption And The Trust Problem

Last week, presumptive Democratic Presidential Nominee Hillary Clinton unveiled a sprawling technology plan that included provisions for encryption and broader cybersecurity.

On paper it looks sensible. But there’s a massive trust problem -- not just for Clinton, but for the Federal Government as a whole.

The Plan

In her proposed U.S. Cybersecurity National Action Plan, Clinton promises to empower a federal Chief Information Security Officer (CISO) and upgrade government-wide encryption. Specifically, Clinton said she will:

  • Work with the public and private sectors to overcome the mistrust that impedes cooperation today; and
  • Maintain strong protections against unwarranted government or corporate surveillance.

The message on Clinton’s campaign website says, "Hillary rejects the false choice between privacy interests and keeping Americans safe."

The statement notes that she supported the USA Freedom Act, and Sen. Mark Warner and Rep. Mike McCaul's idea for a national commission on digital security and encryption.

Mistrust Overshadows Sensibility

All in all, it’s pretty sensible. For some time we’ve been calling for the appointment of a national CISO. And her position on encryption is close to the stand taken by Apple, which we’ve supported.

But there’s still that nagging trust problem.

A decade of mistrust has accumulated over government surveillance practices, and several data breaches of government systems in the last two years has some doubting Washington’s ability to secure its own data.

Particularly troubling is that:

  • Many government data breaches happened because attackers exploited security vulnerabilities agencies knew about but did little or nothing to address.
  • The NSA has spent years exploiting security holes in the products of myriad companies instead of notifying them of the weaknesses so they could be fixed.

We believe the private sector must collaborate with the government to minimize threats to cybersecurity. But by asking companies like Apple to build backdoors, Uncle Sam makes it increasingly harder for the private sector to trust them.

Then there’s mistrust of Clinton herself. The damage to her reputation from the investigation surrounding her use of an unprotected home email server has been immense.

Tuesday, FBI Director James Comey gave Clinton scathing criticism for “reckless behavior” even as he announced there’d be no FBI recommendation to prosecute her.

We’re pleased to see government officials and political candidates recognizing the need for encryption and privacy. But for the government to really make a difference in this arena, trust is critical. On that point, there’s a lot of work to be done.

If anyone in government wants to be taken seriously on this issue, they need to start living by the same guidelines they propose.