Cyber Security and US Elections

It is still too soon to predict the results of the US elections but one things is quite certain if Hillary Clinton loses the coming election, one reason would be her indiscretion in the cyber space. In March 2015, it became publicly known that Clinton, during her tenure as US Secretary of State, had exclusively used her family’s private email server for official communications, rather than official State Department email accounts maintained on federal servers. Those official communications included thousands of emails that would later be marked classified by the State Department retroactively. The FBI investigated her for wrong doing. The FBI investigations didn’t really exonerate but left her with a huge question mark on her political future. She has really emerged from this controversy bruised and battered with a large and growing majority of voters wondering if she can be trusted with official secrets.  According to the latest New York Times/CBS News poll, as she prepares to accept her party nomination at the convention in Philadelphia this month, she will confront an electorate in which 67 percent of voters say she is not honest and trustworthy. That number is up five percentage points from a CBS News poll conducted last month, before the FBI released its findings. Her six-percentage-point lead over the presumptive Republican nominee, Donald J. Trump, according to poll conducted last month has evaporated. The two candidates are now tied in a general election matchup, the new poll indicates, with each receiving the support of 40 percent of voters.  Compare this with the situation in Pakistan. We don’t know if our ministers or top officials use official servers or not or for that matter do they have official servers in their ministries or departments. We aren’t very sure if they use email addresses with exclusive domain names or they find it easier to use free services like gmail, hotmail and yahoo. One doesn’t know if our advisor or secretary foreign affairs use the official Ministry of Foreign Affairs (mofa.gov.pk) address or they find it more convenient to use their private gmail address created by a child or a grandchild. I know for certain that many bureaucrats can now be reached on their email addresses and in some cases they and not their personal assistants check up their emails on regular basis.     Free email services are insecure and vulnerable to hacking and these include popular mail services, including Gmail, Outlook and Yahoo. Their servers are all located without exception in the US. The companies providing free email services are also under obligation to share their data with the government. So there is double risk of unofficial and unofficial intrusion. Information can be sucked out without the user knowledge and there is no recourse to justice. The user has freely committed himself or herself to use their services without any damages to the sources. Even in case of official domains through private web hosting services, the servers are located outside the country.     Surprisingly in a country, where a prime minister has literally been floored by his political opponents because of a massive data breach of a Panamian legal firm Mossack Foneca storing the names of at least 200,000 companies, trusts and foundations set up in 21 jurisdictions. The massive tranches of information made available by the International Consortium of Journalist (ICIJ) caused turbulence worldwide. The ICIJ said it was putting the information online “in the public interest.” So what has been done about cyber security in a country, whose chief executive remains in the eye of the storm? Practically nothing! There is an urgent need to craft a proper national cyber security policy. We are still grappling with cybercrime bill in the face of intense opposition by digital rights campaigners.  Next we need to create an office of a national cybersecurity czar, who should be reporting directly to the prime minister.  There are too many agencies with turf rivalry issues to have a one window operation in this matter of acute national security. The government also needs to dedicate substantial amounts of money to shore up national cyber security defenses. This money should be made available under the head of cyber security. This is the area of next warfare and many countries allocate substantial amounts to safeguard their digital frontiers. National security means having impregnable cyber defenses.


Who is responsible for Cyber-Security?

Featured image

I recently met the federal minister of IT Ms Anusha Rehman. The minister was extremely courteous. Not only did her office return my telephone call immediately. In fact they traced me to where I was and put me through to the minister. The minister seemed genuinely interested in my research cyber-security. She listened to me patiently and wasn’t in a hurry to dispose me off. She was gracious to personally give me an appointment for the very next day. Before she ended the call, she asked me why I hadn’t contacted her earlier. I responded rather artlessly that I wanted to give her time before her government recovered from the dharnas in the capital city. “Things must go on irrespective of any political activity,” she asserted confidently. I must say I was impressed by her studied nonchalance in face of clear and dangerous political adversity.

The next day I was told to come an hour early because some unforeseen commitments had cropped up. Since I was informed only an hour in advance of the changed program, I had to drive rather fast and had to make an extra effort to skilfully negotiate through the broken road-scape of the once fair city of Islamabad. I was just in time at the IT Ministry located in the building of the Evacuee Property Trust next to the Marriott hotel. I was ushered into the minister’s well pointed office after a fifteen minutes delay because the meeting she was attending had ended later than planned. As I sat down, I noticed an incongruous pile of files on her table. To her credit during our conversation she would point out rather helplessly towards the files and state quite candidly that she hadn’t even been able to put her official mail online. It was a good indication to put my cyber optimism on hold.

To begin the proceedings, I presented my book Cyber CBMs between Pakistan and India to the minister and suggested the need for a cyber-security policy at the national level. The minister responded that “cyber-security hadn’t blipped on the government’s radar.” She also wasn’t “sure who was responsible to draft a cyber-policy.” She wondered whether it was actually the job of the ‘agencies,’ the JS headquarter, the ministry of defence or interior. I thought the policy should actually be made with inputs from concerned ministries but that it should be released from her office. She wasn’t convinced. In fact she thought it was time that she should disassociate herself from cyber policy making. She had more on her plate than usual, ranging from unproductive activity like procuring computers to finalising 3 and 4G policies. It was about time that she mused loudly that she set the definite perimeters to her mandate as the minister of IT.

Her position that she would adopt a hands off approach to cyber affairs startled me. I re-emphasised the urgency for the government to engage with these matters. Pakistan according to the Snowden revelations is the second most spied upon country in the world. I reminded the minister that the Indian Prime Minister Nirendra Modi had been offered big data exploitation tools during his September meeting with President Obama in the White House. I also highlighted that cyber-security was on the top of the agenda during Obama- Xi Jinpeng talks held in Beijing this month. I noticed that by this time during our meeting the minister’s interest in cyber matters had significantly waned and she had lost interest in my point of view. Mildly chastened, I begged my leave and wondered when would our government decide, who exactly was responsible to draft our cyber-security policy. Time is already running out as we are seized with masterly inaction.