Clinton and Cybersecurity: Has She Learned From Hacks and WikiLeaks Dumps?

11_06_security_02
U.S. Democratic presidential nominee Hillary Clinton joins musician Katy Perry at a campaign concert in Philadelphia, on November 5. Brian Snyder/Reuters

Surrounded by desert marigold and prickly pear at the Ritz-Carlton's Dove Mountain resort in Arizona's Sonoran Desert, presidential hopeful Hillary Clinton revealed her greatest fears when facing cyberattacks. "It's not only what others do to us and what we do to them and how many people are involved in it," she said, recounting how the U.S State Department was attacked hundreds of times each day while she was secretary of state. "It's what's the purpose of it? What is being collected, and how it can be used?"

It was October 2013, and she was speaking at a private summit of Silicon Valley executives convened by Goldman Sachs, the audience peppered with such high-fliers as Anne Wojcicki, CEO of genomics firm 23andme and former wife of Google co-founder Sergey Brin, and Etsy CEO Chad Dickerson, among other luminaries. Cyberattacks, Clinton told them, whether perpetrated by state-sponsored groups or lone hackers, all tended to be for the same reason: "People were trying to steal information, use it for their own purposes."

Even Clinton could not have realized how prescient her words would be. Never in history have U.S. voters witnessed so many information leaks during a presidential election, from the television clips of GOP nominee Donald Trump disparaging women, to the WikiLeaks dumps of Clinton's speeches, to investigative notes trickled out on the Clintons by the Federal Bureau of Investigation. As the nation braces for still more private information to drop ahead of Election Day, many of these leaks reveal Clinton's evolving views on surveillance and privacy as she vies for the post of commander in chief.

Evolving Views

"Your main point that we need to have a thorough debate to protect Americans' privacy I agree with 100 percent," she told an attendee at a separate speech in April 2014 for global bank JPMorgan. "As somebody who has had my privacy scrutinized and violated for decades, I'm all for privacy, believe me."

Have her positions changed since giving her speeches? The Clinton campaign wouldn't say and declined to comment for this report. But if the WikiLeaks revelations are any indication, Clinton has been actively reassessing her positions on surveillance and the privacy of American citizens for years. In fact, it was during her Arizona speech before the tech-savvy Silicon Valley crowd that she acknowledged America's surveillance program may have overstepped. "I think maybe we should be honest that, you know, maybe we've gone too far," she confided. "But then let's have a conversation about what too far means and how we protect privacy and give our own citizens the reassurance that they are not being spied [on] by their own government."

Clinton also spoke of the importance of giving American allies a reason to believe "we're not going beyond what is the necessary collection and analysis," telling her Silicon Valley audience "you could be very useful contributors to that conversation, because you're sophisticated enough to know that it's not just, do it, don't do it. We have to have a way of doing it, and then we have to have a way of analyzing it, and then we have to have a way of sharing it."

Few know better than Clinton how global-scale disasters can arise from cyberspying, not in the least during this turbulent election season, as the U.S. struggles to identify how many different groups, individuals or state sponsors may have been behind the hacks of her speeches and campaign emails released by WikiLeaks in recent weeks. Both U.S. intelligence experts and the Clinton campaign believe the leaks were perpetrated by hackers associated with the Kremlin. WikiLeaks, an international nonprofit that publishes secret and classified information from anonymous sources, won't reveal the sources of its information, but the head of the group, Julian Assange, stated last week that the Clinton material didn't come from Russia.

WikiLeaks, Threats

At the same time, U.S. law enforcement, intelligence and national security officials are rushing to address any terror threats to Tuesday's election, or efforts to create confusion over the results of a tight race. On Friday, Representative Adam Schiff, a ranking Democrat from California on the House Permanent Select Committee on Intelligence publicly stated, "There is a threat and I can't go into specifics," but noted that his information was credible and could involve al-Qaeda or the Islamic State militant group (ISIS) interfering with the 2016 presidential election. Also Friday, multiple reports indicated the Democratic National Committee submitted evidence to the FBI suggesting its headquarters were possibly bugged. "This should be considered open warfare," says Mark McArdle, chief technology officer of eSentire, a Cambridge, Ontario, cybersecurity company. "The U.S. should be watching the escalation of these types of attacks very carefully. We don't know right now if it's one nation-state trying to affect the outcome of an election or more people involved or what the intentions are."

11_06_security_01
WikiLeaks founder Julian Assange holds a copy of a U.N. ruling as he makes a speech from the balcony of the Ecuadorian Embassy, in central London, Britain February 5. Reuters

This is hardly Clinton's first go-round with hacks, as the recent speeches released from WikiLeaks show. In the aftermath of the U.S. diplomatic cables leak known as "CableGate," in which WikiLeaks released thousands of classified government documents in 2010, Clinton, as secretary of state, was forced to explain to global leaders why so many U.S. embassies were privately ridiculing them. According to excerpts from her Silicon Valley speech, she called it the "Clinton Apology Tour." By all accounts, it was excruciating. "I had to go and apologize to anybody who was in any way characterized in any of the cables in any way that might be considered less than flattering," she said. "And it was painful. Leaders who shall remain nameless, who were characterized as vain, egotistical, power hungry, corrupt. And we knew they were. This was not fiction. And I had to go and say, you know, our ambassadors, they get carried away, they want to all be literary people. They go off on tangents. What can I say. I had grown men cry."

'It's Scary'

Yet even after experiencing heavy cyberattacks for years at the State Department and repeated strikes by WikiLeaks, cybersecurity experts say America's potential future commander in chief— and her team—show little sign of having truly learned from hard lessons of the past.

"My kids do a better job at securing their Minecraft server than what was being done by Clinton and her staff," says Tom Byrnes, founder and CEO of network security firm ThreatStop in Carlsbad, California. "These are supposedly smart people who have very clearly been briefed on matters of basic digital hygiene they just didn't follow. It's scary."

Hacks of the emails of Clinton campaign manager John Podesta—similarly released by WikiLeaks in past weeks—as well as the handling of State Department emails by Clinton's top aide, Huma Adedin, via the laptop of her estranged husband, former Congressman Anthony Weiner, are particularly concerning, he notes. "It should go without saying that you don't use your spouse's laptop to conduct state business," Byrnes tells Newsweek.

Abedin, who is cooperating with an FBI probe into the matter, has stated she doesn't know how State Department emails turned up on her husband's laptop. The FBI stated in late October the newly discovered emails may be pertinent to an investigation into Clinton's use of a personal server for State Department business while she was secretary of state. While the Obama administration has maintained that national security wasn't compromised by Clinton or her staff, Byrnes says there is just no way to confirm that, especially in light of the recent hacks. "It just seems most of our leaders are speaking right now from a place of authority offering foregone conclusions that support a political view, rather than serving the American people," he says. "It's incredibly disappointing."

The hacked Podesta emails show that, despite Clinton's experiences with leaks, her positions on privacy and cybersecurity remain murky—and, in some cases, still appear to favor making companies like Apple and Google to install "backdoors" into their encryption technology. In a leaked correspondence from November 2015, Podesta wrote a Democratic lobbyist that Clinton's "instincts are to buy some of the law-enforcement arguments on crypto" that seek to weaken, not strengthen, security, so cops can intercept the communications of suspects and offenders.

10_30_huma_01
Huma Abedin, longtime aide to U.S. Democratic presidential candidate Hillary Clinton, waits in the wings as Clinton makes a campaign stop in Fresno, California, June 4. Reuters

Clinton's coruscating stances on encryption, surveillance and privacy belie what appears to be an agonizing private battle. In December 2015, she suggested that the U.S. government and tech companies embark on a "Manhattan-like" project, urging them to see "they're not adversaries, they've got to be partners." At the time, she also seemed to lean in the opposite direction of what Podesta intimated in his note to the lobbyist just a month earlier. "Maybe the back door is the wrong door," she said during a Democratic debate in late 2015, "and I understand what Apple and others are saying about that."

Clinton backed ending the National Security Agency's bulk collection of millions of Americans' telephone metadata under the Patriot Act's controversial Section 215, but only after the White House endorsed it and a federal court ruled against it in May 2015. Even then, her support arrived in the form of a rather tepid tweet, issued days before Section 215 expired. "Congress should move ahead now with the USA Freedom Act, a good step forward in ongoing efforts to protect our security and civil liberties," she wrote. In 2008, as senator from New York, Clinton voted against the Foreign Intelligence Surveillance Act amendments, stating, "One of the great challenges before us as a nation is remaining steadfast in our fight against terrorism, while preserving our commitment to the rule of law and individual liberty." This challenge, however, is not listed among the issues facing Americans on her campaign website.

Lessons From Security Failures

The result, says Byrnes, is that voters likely can expect to see more hacks, more security scares and more leaks of the private business of our nation's leaders, until America gets a commander in chief that takes cybersecurity seriously. "The political class has now seen up close and personal how this lack of security, actively encouraged by the government, has come back to bite them," Byrnes tells Newsweek. "They need to not only stop fighting against people using strong encryption, they need to encourage it, or we're going to see more election seasons like this one."

If there's any silver lining in this election, says Philip Zimmermann, creator of some of the most popular email encryption freeware in the world, Pretty Good Privacy (also known as PGP), it shows how perilous hacks can be and the need for all Americans to have their own privacy protected.

"There is no silver bullet, but if everybody in the Clinton campaign used PGP, they probably wouldn't be in this mess right now," he says. A passionate privacy advocate, Zimmermann testified before Congress under the Bill Clinton administration, asking that encryption be made readily available to all Americans. Even 20 years ago, there was a resistance in the Clinton camp to all things encryption. "The Clinton Administration seems to be attempting to deploy and entrench a communications infrastructure that would deny the citizenry the ability to protect its privacy," Zimmermann said in his 1996 testimony, which resonates to this day. "This is unsettling because in a democracy, it is possible for bad people to occasionally get elected—sometimes very bad people."

Now a cybersecurity professor at Delft University of Technology in the Netherlands, he says he sees this year's election as proof of his argument. "We are building a surveillance state, and law enforcement has always made the point, it's OK to let the government surveil you if you've elected that government," he says. "But now we are looking at an election where somebody could come into power who could abuse it; it could fall into the wrong hands."

Clinton and Cybersecurity: Has She Learned From Hacks and WikiLeaks Dumps? | U.S.