Cybersecurity experts see grounds for worry in Trump's Cabinet picks

John Lund | Getty Images

President-elect Donald Trump's Cabinet picks and his campaign rhetoric have industry experts worried that his administration will increase surveillance on Americans and gut the regulatory bodies that oversee cybersecurity.

"The president-elect, his advisors and future Cabinet members appear to see more enemies lurking in the homeland than in Russia or other cyber superpowers," said David Cowan, an investor in cybersecurity start-ups with Bessemer Venture Partners. "I fear that for the first time, the federal government really does pose a 'Big Brother' threat in cyberspace."

In addition to privacy concerns, the U.S. faces enormous threats to critical infrastructure from nation states, criminals and activists, and experts say it's unclear whether Trump will get the right advice on how to protect the country, or whether agencies will be adequately funded to do their jobs.

Senator Jeff Sessions, attorney general pick for U.S. President-elect Donald Trump.
Andrew Harrer | Bloomberg | Getty Images

It's not clear how Trump's administration will treat issues like mass surveillance — an area which was controversial for the Obama administration — but his Cabinet picks raise concern, said Corynne McSherry, legal director at the Electronic Frontier Foundation.

The president-elect's selections for attorney general — Sen. Jeff Sessions, R-Ala. — and CIA director — Rep. Mike Pompeo R-Kan. — have argued publicly that the government needs greater surveillance powers.

McSherry said Pompeo poses a particularly worrying risk to American citizens' privacy, as he has advocated for things like the routine mass collection and use of "social data" from third parties, like Facebook and Alphabet's Google. Pompeo has also called for Edward Snowden to be put to death, said Chris Calabrese, vice president for policy at the Center for Democracy and Technology.

Trump has yet to announce his choice for National Security Agency director, a key role for both both privacy and cybersecurity. Obama's top defense and intelligence officials have proposed a plan to split the NSA from the U.S. Cyber Command which would raise privacy concerns and increase the potential for a cyberwar arms race by moving more resources under the government's digital spying arm, said Calabrese.

Trump's pick for national security adviser, Lt. Gen. Michael Flynn — who has supported Trump's temporary Muslim ban — may play a large role in cybersecurity and has called for an increase in offensive cyberoperations.

"No one knows how that ends, especially when the president-elect and his national security adviser are strongly hawkish on expanding offensive hacking as a weapon of war," said Calabrese.

Did Russia hack the US election?
Did Russia hack the US election?

The president-elect has nevertheless recognized the country is vulnerable, and has vowed to make cybersecurity a priority.

"The good news is that cybersecurity is getting more attention each year," said Michael Nelson, head of public policy at cybersecurity company Cloudflare.

There's no single agency or person dedicated specifically to cybersecurity, but a commission recommended Friday that a position be created just for the task. It's unclear whether such a post will be created, or where in the defense or intelligence bureaucracy it would exist, but Trump has talked about giving the Defense Department a larger role.

Some experts believe the Trump administration understands the magnitude of the threat. "I think there will be a tremendous amount of capital spent on making the cyberecosystem in which we live considerably more secure," said David Golden, managing partner at Revolution Ventures.

Other industry insiders take a very different view. Trump does not properly understand the multitude of evolving threats, and his plans to defund the very agencies tasked with protecting America's critical infrastructure will make the country less secure, said Cowan.

"Not only won't we make progress under his administration, but we actually are going to remove the safeguards that we have been putting in place over the last decade," he said.

Without proper oversight, U.S. organizations running critical infrastructure won't make needed investments to keep out hackers, and companies are more likely to misuse people's data, he said. One likely consequence of this will be a flight to European companies, where data protection is stricter.

"If I can store all my files in a German version of Dropbox instead of an American version, I personally would prefer to do that," Cowan said.

Along with privacy, encryption will be a huge issue for the incoming administration, said Wickr CEO Joel Wallenstrom. Downloads of the company's encrypted messaging app, which protects messages with strong encryption, spiked after Trump's election. Cabinet appointments will matter, but some things will happen regardless, said Wallenstrom. Almost half of all web traffic is already encrypted.

"Things like encryption just won't be legislated away," he said. "Technology and innovation will move too fast."

Still, Wallenstrom isn't overly worried about Trump's impact on cybersecurity and privacy too much, since the pendulum swings back and forward on these issues with each administration.

The Trump transition team did not respond to a request for comment.