[Cryptography] would email encryption have saved Hillary Clinton's campaign?

Sat Nov 12 22:09:28 EST 2016

On Sat, Nov 12, 2016 at 9:10 PM, Jonathan Thornburg <
jthorn at astro.indiana.edu> wrote:

> Someone whose message I mistakenly deleted :( wrote (paraphrased) that
> if Hillary Clinton's had been encrypted, she would have won the election.
>
> Hmm.  The emails were stolen by using spear-phishing to steal the
> credentials (passwords) of legitimate users.  I see no way in which
> email encryption would have been even a speed-bump.
>
> 2FA as it's usually done (via an SMS to the user's cellphone) would have
> helped a bit...  until the KGB (or whoever else) deployed an iOS/Android
> 0day or spear-phish to intercept the SMS.  2FA via a secure token would
> have helped a lot... although with the endpoint pc pwned there are still
> straightforward ways around this (see attacks on 2FA online banking).
>
> Basically, good security with pwned endpoints is just about impossible. :(
> There are no silver bullets.  And we've always been at war with Eastasia.
>

There were three separate email issues:

1) The private Secretary of State server.

The GOP would not have been able to turn this into a campaign issue at all,
let alone win with it had the messages been end-to-end encrypted using
S/MIME. 

Further, I am certain that the real reason for the private server was
that Clinton (correctly) assumed that Republican operatives in the GSA
would pilfer the emails and leak them to political enemies. As it turns
out, Manning did exactly that with the State dept cables.

A lesson that needs to be drawn here is that it is not enough to be secure,
you have to be able to prove that the system is secure. This is something
we understood early on in the CA business and the reason why it isn't quite
as simple as many assume.

2) The DNC emails.

The attack on the DNC computers did begin with spearfishing, but some of
the most damaging information was again found in emails stored on the mail
server. Again, end to end encryption would have mitigated the problem

3) The Podesta emails

Podesta's email account was hacked after an aide sent him the account
password in a cleartext email. Again, good end-to-end encryption could have
prevented this.

Now these are not the only lessons to be learned and email is not the
only link in the chain that needs to be locked down. But it is a good
starting point for discussion.

Those of us in the business understand that there is more to security
than encryption. But one of the consequences of the election result is that
henceforth, all political discussion will take place in tweets of 140
characters or less.

Hilary could also have won by finding a way to give his twitter account
access back. But that is out of scope here.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161112/863c7043/attachment.html>