More than eight months after a presidential election dominated by cyberattacks targeting Hillary Clinton, Democrats and Republicans are taking significant new steps to guard against hacks, including the use of end-to-end encryption software.
Wickr, a secure workplace messaging app adopted last month by the Democratic Congressional Campaign Committee, is also in place and in trial use at a number of other major political entities in both parties, according to the software company.
“We’re talking to groups on both sides of the aisle — this isn’t a Democratic thing or a Republican thing,” Wickr CEO Joel Wallenstrom said in an interview.
Throughout 2016, Russian hackers launched massive cyberattacks on the DCCC as well as on the Democratic National Committee and Clinton campaign chairman John Podesta, releasing thousands of emails and documents in a sweeping effort to damage the party and undermine the US electoral process.
The DCCC, the party committee charged with electing Democratic candidates to the House of Representatives, is so far the only political entity that has “announced their relationship” with Wickr, said Wallenstrom. Since June, DCCC officials have used the software for officewide internal communications and for 20 critical House races involving a group of vulnerable incumbent candidates known as "Frontline Democrats."
Other committees and groups, Democratic and Republican, are already “in the process” of making the same transition, Wallenstrom said. “We have a number.”
The company declined to name the organizations. “For security purposes, some in the political and corporate space prefer to be more protective of their cybersecurity plans,” said Rita Zolotova, Wickr's public policy and communications director.
The San Francisco company, founded in 2012, offers end-to-end encryption, making data indecipherable to any third party. Like Slack, it’s a paid service for offices small and large. Unlike Slack, Wickr offers end-to-end encrypted instant messaging, voice and video communication, and file exchange. The tech company also guarantees an added layer of security through what’s called “perfect forward secrecy,” a system that uses a different encryption key for each message.
Asked about measures to protect against the kind of hacks seen in 2016, other party committees declined to comment or spoke in vague terms about their security efforts.
Officials at the National Republican Congressional Committee have criticized its Democratic counterpart, the DCCC, for speaking publicly about internal matters pertaining to cybersecurity. Earlier this month, when the DCCC proposed a joint effort to combat hacking, the NRCC dismissed the idea as an attempted publicity "stunt." A week later, when the DCCC confirmed its move to Wickr, the NRCC had the same response. “It’s like Fight Club: The first rule of effective cybersecurity is not bragging about your cybersecurity procedures,” spokesperson Jesse Hunt said. “Clearly the DCCC believes cybersecurity is merely a public relations issue.”
In response to a question about precautions the NRCC has taken in the months since 2016, Hunt said, “It’s fair to say we’re always looking at different ways to improve our cybersecurity.”
During the 2016 campaign there were no major leaks of hacked material from Republican campaigns, though some party officials cautioned about the potential for future issues. "I want to warn my fellow Republicans who may want to capitalize politically on these leaks," Sen. Marco Rubio said last October. "Today, it is the Democrats. Tomorrow, it could be us." (Rubio was explaining why he wouldn't use information from WikiLeaks, the site that published most of the hacked emails .)
For some political groups in Washington, the threat has meant making new investments in tech and security personnel.
After taking over as DNC chair in February, Tom Perez hired former Twitter engineering executive Raffi Krikorian as his chief technology officer. Krikorian, the DNC's first CTO from Silicon Valley, is now conducting an internal evaluation of the party's security needs, DNC Communications Director Xochitl Hinojosa said.
At EMILY’s List, one of Washington’s biggest Democratic organizations working with state and local campaigns, the search for its first CTO began in January and didn’t conclude until spring. “I think everybody was trying to hire somebody at the same time,” said Stephanie Schriock, the president of EMILY's List and a veteran strategist.
The organization recruits and supports pro-choice women running for office, including many first-time candidates. Officials now make a point of providing their campaigns with a basic “to-do list” on steps to protect against security breaches.
“I didn’t even know what a phishing email was two years ago,” said Schriock. “It’s just a whole different world now. Everybody’s definitely taking it to a new level.”
That’s been apparent to the executives at Wickr since after Election Day in 2016, when calls started coming in from various political groups in Washington. “It’s had a very, very big impact in terms of how people in the political world and outside are taking this issue and approaching the issue,” said Wallenstrom, Wickr's CEO.
“End-to-end encryption is going to be table stakes for just about anybody — a very common thing."
Ruby Cramer is a political reporter for BuzzFeed News and is based in New York.
Contact Ruby Cramer at firstname.lastname@example.org.
Got a confidential tip? Submit it here.