Less than a mile from my house (at a small local tech firm called Atomic Object), Hillary Clinton got asked a question about encryption. After talking about the role of encryption in Atomic Object’s own work, one of the women asked (after 14:00; recording cuts out during her question),
What steps do you think government needs to take to make sure that the companies who build these, create these products, keep our data secure. And also looking at the controversy between Apple and the FBI about encr–
After describing Healthcare.gov as the biggest tech failure in government because “it just didn’t really gel and there wasn’t enough testing,” Hillary admitted (in an apparent non sequitur) the government doesn’t do a good enough job protecting its own data.
We are woefully behind in the government in even protecting our own stuff. And so we’ve got to do a better job if we’re going to be a good partner with businesses to try to maintain privacy of data, whether it’s just customer data or whether it has real public consequences.
She then pivoted from what (I thought) was a project management issue, not a security one, to a long answer on the Apple v FBI that basically admitting not knowing (or being willing to say) what the right answer was.
With respect to the current legal controversy, between Apple and the FBI, I am someone who is just feeling like I am in the middle of the worst dilemma ever. I mean, think about it. Because there’s got to be some way to protect the privacy of data information. There’s got to be some way to avoid breaking encryption, however you describe it, and opening the door to a lot of bad actors. But there also has to be some way to follow up on criminal activity and prevent both crimes and terrorism. You guys are the experts on this. I don’t know enough about it to tell you how to do it. But I think that the real mistrust between the tech companies and the government right now is a serious problem that has to be, somehow, worked through.
I keep saying, you know, we have a lot of smart people in this country. You know, we invented the Internet, we invented, you know, the Internet of Things, we’ve invented all of this. Isn’t there some way without opening the door and causing even, you know, more and worse consequences to figure out how you get information?
Because I’m also very understanding of the position that law enforcement finds itself and and if any one of you were working at Quantico in the FBI lab, and you know, you had this phone that one of the terrorists in San Bernardino did and you wanted to find out who they communicated with and you know that could trace us back to somebody in this country, it could trace us back more clearly to somebody directing it overseas. You’d want to know that too.
So that’s what we need help on, so that we don’t make a grave error that affects our ability to maintain privacy and to protect encryption, but we also don’t open the door — because we know what happens, is these guys that are on the other side of us now, with ISIS and the like, they are really smart. A lot of them are well-educated. They’re not the image of just some poor guy coming to be a Jihadist. They are educated, they are increasingly computer literate, they are wanting to wage as much war and violence on Europe, the United States, as they can. They have learned, so they’re now using encrypted devices, why wouldn’t they? You know why would they be so stupid to continue to allow us to monitor where they are and what they’re doing? This is a problem. And it’s a problem we’ve got to come up with some way to solve. But I certainly am not expert in any way to tell you how to do it.
Right in the middle, however, Hillary reveals not understanding a key part of this controversy. To the extent Syed Rizwan Farook used the Apple software on his work phone to communicate with accomplices, we know who he communicated with, because we have that metadata (as Admiral Mike Rogers recently confirmed). We just don’t know what he said.
We wouldn’t necessarily know who he talked to if he used an App for which metadata was more transient, like Signal. But if so, that’s not an Apple problem.
Moreover, if ISIS recruits are — as Hillary said — smart, then they definitely wouldn’t (and in fact generally don’t) use Apple products, because they’d know that would make their communications easily accessible under the PRISM or USA Freedom programs.
This response is not really any different from what we’re getting from other to Obama officials. But it does come with some indication of the misunderstandings about the problem before us.