The election of Republican Donald Trump has stunned Silicon Valley, sparking renewed fears about how the federal government’s powerful surveillance machinery could undermine personal privacy — especially in the hands of a man with a history of threatening retaliation against those who challenge him.
But as some prepare to take new high-tech defensive measures against government intrusion, there also is a note of regret: The campaign of Trump’s rival, Democrat Hillary Clinton, suffered several disruptions when poorly protected emails fell into the hands of Russian hackers, WikiLeaks and, finally, the FBI. Better digital security, including measures long advocated by some experts, might have prevented Clinton’s defeat, they say.
These twin forces — fear and regret — are fueling demands for the tech industry to push a new wave of security and privacy upgrades that would build on those adopted by the tech industry in the aftermath of the revelations by former National Security Agency contractor Edward Snowden in 2013. Such measures could impede criminal hackers and foreign intelligence services but also make it more difficult for law enforcement officials to discover and collect evidence in authorized investigations.
“Everyone is asking about the role of the surveillance state in a Trump presidency,” said Peter Eckersley, technology projects director for the Electronic Frontier Foundation, a San Francisco-based civil liberties group. “People are very worried and urgently trying to figure out what they can do.”
In Silicon Valley, many were dazed after Tuesday’s election. Some companies let their employees take the day off or wrote all-staff letters reminding their colleagues of their commitment to inclusive workplaces that protect women, immigrants and minorities. Techies, meanwhile, warned one another on Twitter to begin using privacy and encrypted tools.
Hey, no joke, and I'm paraphrasing smarter people. If you plan on opposing Trump:
Get a VPN
2FA on your emails.
— John Rogers (@jonrog1) November 9, 2016
“My Twitter timeline is off the hook,” said Larry Gadea, founder and chief executive of the start-up, Envoy, which enables businesses to register visitors using iPads. “People are saying to use bitcoin and encrypted messages, etc.”
Officials from tech giants such as Google, Apple and Facebook said that they were watching closely for clues to Trump’s technology policies. During the campaign, Trump vowed to “penetrate the Internet” to prevent the Islamic State from using it to recruit fighters and chastised Apple for refusing to create a back door that would let the FBI unlock an iPhone used by the attackers in the San Bernardino, Calif., shootings.
Lobbyists for Internet companies, including Amazon, Uber and Airbnb, arranged a meeting among themselves for next week and scrambled to publish a position paper on such subjects as immigration and cybersecurity. Officials at the companies said it was difficult to know how Trump would act because his campaign had barely communicated with the tech sector. (Amazon.com founder Jeffrey P. Bezos owns The Washington Post.)
Tech companies have raced to protect consumer data from government intrusion since the Snowden revelations. Apple, Google, Facebook, Twitter, Microsoft and Yahoo have all made significant investments in encryption to address customer concerns about privacy invasions. A secure messaging app called Signal was the top trending item Thursday in Apple’s App Store.
“A lot of people have been seeing the writing on the wall,” said Moxie Marlinspike, founder of Open Whisper Systems, which developed Signal. “It’s immensely clear that things have not generally been in great shape in terms of private communications. … That’s something that everybody is concerned about.”
But some efforts have lagged — with unsettling consequences. The hacking of nude celebrity photos in August 2014 revealed weaknesses in Apple’s iCloud service for backing up data. The hack of Sony Pictures a few months later revealed vulnerabilities in server security. And the breach of Clinton campaign chairman John Podesta’s Gmail account in March 2016 provided the raw material for months of embarrassing disclosures exploited by Trump.
Experts say the Podesta hack might have been prevented by a security feature called “two-factor authentication,” which Google has long made available to its users but has not required. “Two-factor authentication” requires users to have both a password and a “second factor” — often a numeric code delivered by a text or authentication app — to access their accounts.
The most advanced hackers still might have found a way to access Podesta’s accounts, but it would have been far more difficult, experts say.
“The people at the top are just as bad at computer security as regular Americans,” said Christopher Soghoian, chief technologist for the American Civil Liberties Union. “They are sitting ducks for the most basic of attacks.”
In a live-stream video appearance Thursday, Snowden also urged Internet users to adopt two-factor authentication.
Although some hacks appear to be the work of foreign intelligence services — U.S. officials blamed the Sony hack on North Korea — the election of Trump has revived fear of the U.S. government itself.
In the closing days of the campaign, Clinton’s use of a private email server was unexpectedly and publicly raised again by the FBI after the agency found thousands of emails on a computer used by an aide, Huma Abedin. That discovery, which came during an unrelated probe into Abedin's estranged husband, might never have been made, experts say, if Abedin had used a security measure called “end-to-end encryption” that makes it more difficult for anybody other than the intended recipient to access messages or even their routing information.
There is even more concern about the reach of the NSA, whose sprawling surveillance apparatus sparked a worldwide backlash after Snowden shared troves of information with The Post and other news organizations. Even some people who defended the NSA under President Obama have expressed concern about how it might be used by Trump.
“I have full faith that the appropriate balance of power and constraint exist when people play by the rules. It’s not clear yet that a President Trump would,” said former NSA lawyer Susan Hennessey, now a fellow at the Brookings Institution. “There’s certainly potential for huge abuse of the national security apparatus, both at the NSA and across the intelligence community.”
Andrea Peterson contributed to this report.