Simple Solutions for Hillary and Other Hacked Pols
WHY YOU SHOULD CARE
Because no one wants to be caught with their emails hanging out.
By Leslie Nguyen-Okwu
James Norton is tall and square-jawed, his burly build squeezed into a jet-black suit. He did a stint at the Department of Homeland Security in the shadows of 9/11, Hurricane Katrina and a raging conflict at the U.S.–Mexico border. Little scares him. But in his current job as founder and president of Play-Action Strategies, his battle arena is shifting, particularly in the wake of political leaks and the scrutiny of Hillary Clinton’s not-so-private server. Today, Norton fears something even more pervasive than terrorism — emails.
Inboxes have taken quite a beating this election, with emails breached and leaked faster than anyone can read them. In September, Gen. Colin Powell’s exposed emails revealed his unguarded feelings about HRC (“greedy”) and the Donald (“national disgrace”). In October, Russia allegedly hacked the private email accounts of the Democratic National Committee and other party organizations. And, in a final twist of the knife, just two weeks before the election, the FBI once again began poking and prodding that much-autopsied server Clinton used as secretary of state — collateral damage in an investigation of former congressman Anthony Weiner. In response, Washington insiders who once ignored the warnings of cybersecurity experts now are paying strict attention, says security guru Bruce Schneier: “Having your colleagues in the headlines is an easy way to start thinking about your privacy.”
Anybody who thinks that they’ll be able to keep their email away from prying eyes is a bumbling idiot.
Herbert Lin, senior research scholar for cyber policy and security at Stanford University
The push to clean up poor email habits and protect vulnerable inboxes is especially dire on Capitol Hill, where political reputations, campaign strategies and secret dealings are at stake. “Anybody who thinks that they’ll be able to keep their email away from prying eyes is a bumbling idiot,” says Herbert Lin, a senior research scholar for cyber policy and security at Stanford University. A single email could expose a lie, disclose sensitive information or, in Clinton’s case, conceivably cost an election. It’s unclear how many of Washington’s email servers are at risk, but companies nationwide lose millions of dollars each year from data breaches, yet less than 21 percent of them use email encryption, according to security technology company Zix.
Turns out, Washington doesn’t need to look any further than Silicon Valley for solutions. The political world’s anxiety about digital skeletons rattling around inboxes could be a boon for startups that promise easier communication with better encryption, monitoring systems and robust in-house security teams that prevent hacks instead of fixing them after the fact, says Daniel Castro, vice president of the Information Technology and Innovation Foundation. The biggest advantage of these services is the separation of internal company chatter and external communications; strangers are shut out and can no longer send malware disguised as a harmless password reset message — ahem, John Podesta. Even so, that begs the question: Can a politician have both a public and private position, as Clinton purports? Maybe, if technology makes it easier to compartmentalize the two.
Big corporations like eBay, Ford and DHL have started using Yammer, a social network geared for private communication within companies. That private-sector switch could convince the feds that they should adopt the tactic as a potentially viable alternative to email. Castro notes that teams at the State Department, NASA and the General Services Administration already use Slack in lieu of email, better positioning other heavily encrypted communication tools like Signal and Telegram to attract the attention of campaign strategists and political consultants eager to plug privacy holes before the next election season. “If you’re going to be the communications tool for the U.S. State Department, the security of that information is vital,” says Anne Toth, vice president of privacy and policy at Slack. (Yammer and Signal did not respond to requests for comment.)
To be sure, email isn’t in danger of becoming extinct. Although pundits have predicted the end of email for years, Washington might be too big and clunky to adopt new technologies widely in the near future. Despite the mess and muck that emails have caused this year, cyber experts believe that nothing is going to change anytime soon when it comes to improving cyber hygiene: “It’s kind of like New Year’s resolutions,” Castro says. “They get the gym membership and never follow through with it.” Plus, plenty of low-tech solutions already exist, Schneier notes. Former President Bill Clinton opts for the ol’ paper and pen instead of email, while Sen. Chuck Schumer of New York carries around a retro flip phone for security’s sake. “All the solutions are pretty obvious for people who give it 10 seconds of thought,” Schneier adds. ”Slack, iMessage, WhatsApp, Signal, the telephone — all of these are perfectly reasonable alternatives to email.”
Still, the only surefire solution probably is something your mom told you: If you can’t say something nice, don’t say it all. It’s not as though Norton spent his days trash-talking folks when he was at the DHS, but now that he’s in the private sector, he’s even more careful about keeping the snark out of his inbox. For many harried politicians, even though the death of email still may be years away, the end can’t come too soon.