Following FBI Director James Comey's recommendation last week that the Department of Justice not bring criminal charges against presumptive Democratic presidential nominee and former Secretary of State Hillary Clinton, cybersecurity practices within federal agencies have received greater scrutiny within Washington. No less a political heavyweight than the chief executive of the United States has critiqued the way that the government handles its information.
During two separate events this weekend, U.S. President Barack Obama said he is “concerned” about the government's cybersecurity practices.
“First of all, with respect to the State Department I am concerned,” Obama said on Saturday, when asked about the State Department's handling of classified information and Comey's recommendation. However, he framed the issue as part of a larger problem facing the government as a whole.
On Sunday, Obama said that the federal government needs to strengthen cybersecurity practices. “I am concerned about it, I don't think we have it perfect,” he said at a news conference in Madrid. “We know that we have had hackers in the White House.”
State Department has been operating from a weakened position internationally as a result of the agency's cybersecurity failings that were unearthed during DoJ's investigation – and also as a result of the domestic debate over encryption technologies, according to industry sources. In email correspondence with SCMagazine.com, Blackstone Law Group LLP Partner Alexander J. Urbelis referred to the State Department's “silence” on global issues of digital rights, including privacy, security, and encryption as “hardly surprising.”
He noted that “the State Department is stuck between the proverbial rock and a hard place: any official position taken could be seen as undermining other efforts of the administration, executive branch, or Congress.”
Earlier this month, the United Nations Human Rights Council voted on a non-binding resolution that classified open Internet access as a basic human right. Seventeen countries, including China and Russia opposed the measure.
A line in the Cybersecurity Act of 2015 tasked the agency with defining global cyber norms, although the agency must navigate careful messaging, in light of a maze of statements regarding encryption, from James Comey's aggressive anti-encryption comments to proposed encryption legislation, such as the Feinstein-Burr bill.
“If State takes a laudatory position on the UN resolution that offline human rights should be similarly protected online, then State is implicitly endorsing the work of digital rights activists, which could be seen to be at loggerheads with the administration's position on whistleblowers,” noted Urbelis. A statement in support of global privacy rights could be interpreted as “going off-piste,” he added.
“This is an unfortunate situation in which State finds itself because its voice and support of these critical issues is more needed globally now than ever before,” Urbelis said.