Cybersecurity has plagued this presidential election like no other in U.S. history. Earlier this week, the Obama administration indicated its plans to retaliate against Russia, in some way, for cyberattacks. Hacking came up, again, in the final presidential debate. Yet neither candidate is offering a roadmap for what to do on aggression, or how to handle foreign hackers.
Let's revisit the last debate. Hillary Clinton brings up hacking. She says the Russian government has engaged in espionage against Americans, feeding Wikileaks. And she puts forth this question: "Finally will Donald Trump admit and condemn that the Russians are doing this?"
She wants Trump, who's been drumming up fears about rigged elections, to acknowledge that Vladimir Putin is trying to rig the election using cyber attacks.
Trump deflects at first, saying, "She doesn't like Putin because Putin has outsmarted her at every step of the way."
When pressed by moderator Chris Wallace, the Republican nominee says it's not OK to hack in that way: "Of course I condemn. Of course."
"It's easy for Trump to condemn these attacks," says Tom Cross, chief technology officer at Drawbridge Networks who says he is politically an independent. "But it would have been more interesting, if Trump really wanted to go after Hillary Clinton, to ask her: What are we going to do to stop these things? And what are you doing to stop these things, particularly given that a lot organizations she's associated with were the targets of these attacks?"
He's giving advice to Trump. The intelligence community says Russia is hacking. So, Cross says, questioning that looks "silly." Trump could instead turn the tables and ask Clinton not just about the missing emails from her private server, but what she did (and failed to do) to protect her entire staff at the State Department from foreign hackers.
Both candidates have written positions on cybersecurity. Cross says they both read like "milquetoast," making points like: We must audit our systems to look for vulnerabilities.
"They are stating in different words essentially things that the United States government is already doing," he says.
Imagine an election in which the candidates took on the real issues.
Herb Lin, a senior research scholar at Stanford's Hoover Institution, is a Republican (who says he will not vote for Trump). He says in 2016, we need a leader who can think through cyber strategy with some basic literacy. With Russia, the U.S. could: hack back, maybe try to take down Russia's electric grid; leak embarrassing secrets about Putin; impose economic sanctions.
Lin says a good leader would think through each action and the reaction from adversaries. "Are they going to just cry uncle when we respond? And say oh we've seen the error of our ways. That is unlikely," he says. "The question is how can you persuade them to back off of what they're doing?"
Lin compares today's discussion of cybersecurity — on and off the campaign trail — to the nuclear debate in the 1950s.
Back then, the U.S. was well aware of its immense power with that cutting-edge technology. But policymakers weren't sure what to do with it. President Dwight D. Eisenhower even said there's no reason nukes shouldn't be used "just exactly" as you'd use a rifle.
"No serious commander-in-chief would say that today," Lin says. "Nuclear weapons are really special. They're a really different kind of weapon."
We've evolved in our strategic thinking with nukes — but, Lin says, our leaders' thinking on cyber weapons is in its "infancy." And so, candidates talk a fair amount about hacking — but not about how to solve it as a policy problem.
Susan Landau, a cybersecurity policy professor at Worcester Polytechnic Institute and a Democrat, makes another observation about why the cybersecurity debate has remained so vague, at least for one candidate, on the trail.
"I think there is an underlying issue [that] Secretary Clinton is avoiding — I'm not sure it's hit the radar for Donald Trump — and that's the encryption issue," she says.
Back in the 1990s, Bill Clinton's administration advocated a technology called the Clipper Chip, that would give the federal government a so-called backdoor into encrypted communications. The effort met resistance and ultimately failed. And Landau says, it's baggage for Secretary Clinton.
"She's probably been burned once," Landau says, "and is aware that the issue is problematic, and particularly problematic in California where the tech company strongly supports the deployment of strong encryption."
While encryption is a fundamental issue in the policy debate — and a recent standoff between Apple and the FBI make it a high profile issue — it is in Clinton's interests, Landau says, to not spell out her position and alienate herself from a tech sector that otherwise supports her.