Maciej Cegłowski has been trying to teach email security to Democratic congressional campaigns. The state of the art is not good.
Setting campaigns up with security keys and training them on safe attachment handling are the most effective steps we can take to prevent a repeat of the Podesta attacks. Those in the best position to help in the weeks before the elections may be the big tech companies, which have the necessary resources and are used to acting quickly.
Someone — the government, the political establishment, Silicon Valley — needs to send trainers to campaigns in person. Firms like Google and Microsoft should also set up a dedicated phone support line that can resolve issues quickly. Knowing that such help is available will make it easier for campaigns to adopt new habits.
Google, which runs much of the nation’s email infrastructure, can take unilateral measures to protect candidates and their staff. In particular, it should set up a list of accounts that need heightened scrutiny and converts all incoming email attachments to Google docs, and let campaigns submit names of staffers for the extra protection.
Microsoft could help by expeditiously adding support for security keys in Outlook and its cloud document service. This feature is already scheduled to roll out next year, but making it available to campaigns today would make any political organizations that rely on Microsoft services significantly safer.
Taken together, these efforts could shore up every House, Senate and gubernatorial campaign in the country in a matter of weeks. The total cost of such a program would be in the hundreds of thousands of dollars — negligible compared to the sums already pouring in to political campaigns. The situation is an emergency, but it need not become another disaster.