Hillary Clinton appears to disfavor policy that would mandate tech companies to create backdoors for law enforcement, according to an alleged leaked email exchange between a Clinton campaign staffer and adviser. Instead of fostering an encryption “solution,” Clinton’s team supposedly considered targeted government hacking by agencies like the National Security Agency as an alternative to assist investigative efforts.
In late 2015 following the third democratic debate, Clinton staffer Sara Solow and longtime political operative Teddy Goff reflected on the candidate’s opinions concerning encryption policy, Silicon Valley and government hacking, according to a series of emails published by Wikileaks.
“It doesn’t do anybody any good if terrorists can move toward encrypted communication that no law enforcement agency can break into before or after. There must be some way,” Clinton stated during the third democratic debate, “maybe the back door is the wrong door, and I understand what Apple and others are saying about that … I just think there’s got to be a way, and I would hope that our tech companies would work with government to figure that out.”
Clinton’s hesitance to directly support policies that would ultimately mandate the creation of “backdoors” in software is somewhat substantiated by Solow and Goff’s leaked conversation.
The legitimacy of the hacked emails — which were originally stolen through a phishing attack on top adviser John Podesta’s email account — remains unclear. U.S. intelligence officials warn that some of the content published by the infamous whistleblowing website could have been doctored.
What was not publicly stated during the third democratic debate — later discussed by Solow and Goff in private — is Clinton’s belief that targeted, government hacking may ultimately serve as an appropriate alternative.
“In terms of wanting a way to break in – couldn’t we tell tech off the record that she had in mind the malware/key strokes idea (insert malware into a device that you know is a target, to capture keystrokes before they are encrypted). Or that she had in mind really super code breaking by the NSA. But not the backdoor per se,” Solow wrote.
Goff responded in part by saying: “there is a critical technical point which our current language around encryption makes plain she isn’t aware of. Open-source unencrypted messaging technologies are in the public domain. There is literally no way to put that genie back in the bottle. So we can try to compel a whatsapp to unencrypt [sic], but that may only have the effect of pushing terrorists onto emergent encrypted platforms.”
One month prior to Goff and Solow’s conversation, another private email published by Wikileaks and supposedly sent by John Podesta to former Senate staffer Luke Albee reads: “[Clinton’s] instincts are to buy some of the law enforcement arguments on crypto and Snowden type issues.”
Some digital rights and privacy advocates disagree on whether targeted malware is an efficient and equitable alternative to mandates that call for increased assistance by U.S. tech firms to law enforcement.
In perhaps the most famous case to date, consumer tech giant Apple denied the FBI’s repeated request to unlock an iPhone that belonged to Syed Farook, one of the terrorists responsible for the mass shooting in San Bernardino, California. The conflict sparked a debate on both the moral and legal responsibilities of companies to comply with federal investigators.
From a policy standpoint, if such a framework were adopted as is discussed in the aforementioned email, Clinton’s administration would be wise to craft additional, new controls to guide law enforcement activities in this space, explained Ross Schulman, senior policy counsel at New America’s Open Technology Institute.
“There are a range of options that law enforcement can turn to aside from mandated backdoors,” Schulman told CyberScoop. “If government hacking is a route that we go down, however, Congress has to set clear rules of the road. Right now, the FBI is operating in the dark and without guidance.”
He added, “When Congress comes back in the new year, it is past time to start having hearings, doing some research, and start on a path toward a law that enables law enforcement to get evidence, but which also protects the cybersecurity and privacy of Americans.”
CyberScoop has reached out to the Clinton campaign for comment.
“Both malware and mandated backdoors possess upsides and downsides, with neither being generally better. One may be the better approach in a particular case and the opposite in another case,” said Matt Mayer, a visiting fellow focused on homeland security and counterterrorism studies at the American Enterprise Institute, or AEI.
“If the next president takes that approach, we won’t know about it, as it would be classified to ensure uncertainty. It would be a potentially dangerous road for the U.S. government to officially take, as it is inherently beyond the purview of transparency. I can’t begin to list the unintended consequences such a policy shift would entail,” Mayer told CyberScoop.