The 2016 U.S. Presidential election is over and settled, so the question I’m posing is basically a thought experiment at this point, but it’s worth pondering: Would the judicious use of modern encryption have changed the outcome of last month’s U.S. Presidential election?
To be clear, I’m not talking about the e-mail server scandal that involved Hillary Clinton at the State Department. To borrow the language of the infamous Wells Report, it’s “more probable than not” that the former secretary of state violated the law — and she certainly violated any reasonable judgment — by using a private e-mail server located in her home to pass classified information. However, it’s unlikely encryption would have played much of a part in the outcome of the election. As a result of the subsequent FBI investigation, the public ended up seeing the contents of many of the e-mails, and for the most part we found them mundane. The scandal was the blatant disregard for procedure when handling classified information, not the information handled.
Rather, what I’m talking about here is the e-mail leak from the Gmail account of John Podesta, the Washington power broker and Clinton campaign chairman. His abundance of correspondence with much of Clinton’s inner circle laid bare their collective disdain for most Americans. Not everyone, mind you. Just blacks, whites, Hispanics, Catholics, and Muslims, to name a few subsets of the population. Unlike the private e-mail server, the contents of these e-mails were incredibly revealing, particularly to the extent of the groupthink within the Clinton organization and the Democratic party in general. I would argue they were far more damaging to the Clinton campaign, which is why I posed the question above.
In spite of the laughable claims that the Podesta leak was a sophisticated “hack” by a foreign government, the evidence suggests Podesta gave his password to the attackers himself while falling prey to a rather common phishing attack. Like a Craigslist cashier’s check scam, you’d find it hard to believe anyone would be dumb enough to fall for it — except you know someone who has or you have yourself. In short, the leak was a self-inflicted wound.
Now, if Podesta had used a simple smartphone app like Signal, his correspondence would have been encrypted from end to end, leaving nothing in the cloud to be found. The encryption keys are kept on the phones and change regularly, so that even if an adversary managed to intercept the messages between two devices and crack an encryption key, the key would only unlock a handful of messages. To get all his messages, someone would have had to hack or gain physical access to his phone or the phones of his correspondents — not impossible, of course, but apparently not as easy as convincing an important Beltway insider to give you his personal e-mail password. In fact, months before the Podesta leak went public, the Democratic National Committee had told its staffers to use Signal for all its confidential correspondence, although the advisory may have come too late to do any good for Podesta or the DNC.
Update: If you’re a WhatsApp user, be sure to read Dan’s comment at 17:01 below.