Cyber & Technology

A Step Forward for Security

By Susan Landau
Wednesday, May 17, 2017, 1:56 PM

While we are all mesmerized by the presidential crises, a small, but quite significant change occurred in Congress: the Senate Sergeant at Arms approved the use of Signal by Senate staff. Signal, a product of Open Whisper Systems, provides end-to-end encryption for Apple and Android phones. As the Wall Street Journal reported back in January, in the wake of the Russian hacks during the 2016 presidential election, Trump, Obama, and de Blasio aides had all turned to using Signal, which secures communications end to end. Now such use is officially sanctioned, at least in the Senate.

Those not in the know might think that staffers have secure phones. They don't. Except for those working in classified settings, staffers use the same devices as the rest of us. That's somewhat surprising, since many of the communications, while not classified, are certainly sensitive. So the move to secure communications applications–and, one hopes, other equally important forms of security (e.g., multi-factor authentication)–is a healthy and important step.

Such efforts should extend well past the community of Senate staffers. The Russians weren't just hacking political folks during the 2016 presidential election. They also hacked into think tanks and lobbying groups "likely to shape future US policies"; such attempts were made, for example, against the Council for Foreign Relations. In the wake of all of the attention on the Trump-Russia connection, this issue has not received the attention it deserves.

Democracies depend on civic infrastructure. These organizations, whether the American Association for the Advancement of Science, the Council on Foreign Relations, or Sierra Club, serve as intermediaries between the people and those who govern, providing information and insight on a wide variety of issues. They are "civic" infrastructure–civilian systems—that often lack the type of security that can resist an attack by a nation state. But these organizations are an essential part of democracies' healthy functioning. They need security protections every bit as much as Congressional staff do.

We should all take a lesson from the Senate, moving to vastly improved security practices: multi-factor authentication, secure communications, secure back-up systems, etc. I am grateful for the Senate for taking one step in this direction. Let's see the broader society take do the same. This is an easy and extremely important step. In the wake of the new cyber threats we face, adopting these protections will make all of us safer.