On his second day at Democratic National Committee, sitting in a meeting at the party’s headquarters south of Capitol Hill, Raffi Krikorian looked around the room and realized he was the only technology staffer at the table.



For the DNC’s new chief technology officer — now six weeks into his first job in politics after working at Silicon Valley companies like Uber and Twitter — that’s what had to change to prevent the kind of hacks that upended last year’s presidential election.

He wants the technology team everywhere. (“My end goal is how do we get to a world where there is no one reporting to the CTO anymore.”) He wants a steady, endless trickle of education about cybersecurity. (“It has to be part of on-boarding. It has to be part of every conversation, every time we have a meeting.”) He wants regular phishing email drills, for the party’s lowest-level staffers up to the chair. (“There's literally a simulated phishing attack on the DNC right now. We started about an hour ago.”)

It’s about a “culture change inside the building” — to “get everyone’s guard up” and create an instinctive, daily cybersecurity reflex. “If you see something say something,” Krikorian said in an interview. “Our electronic landscape is not a friendly landscape.”

Krikorian, 39, said he felt his “continuous poking and prodding” was starting to work when the chair of the DNC, Tom Perez, walked into the CTO’s office one day and announced that he had downloaded the encrypted messaging app, Signal.

“I thought, ‘Thank god.’ If the chair is proactively doing that, then we're making this culture change inside the building of just even thinking about these problems.”

Later, Perez stood up at an all-staff meeting and told aides, “‘If you guys talk to me, you’re going to use Signal,’” Krikorian recalled. “Just getting that into the ethos of the DNC is a big win.”

Krikorian, who ran Uber’s self-driving cars program after serving as Twitter’s vice president of engineering, has instructed staffers at the DNC to use Signal instead of SMS until he and other recent hires on his team finish a weeks-long internal review of the party’s technology and security needs, including a more standardized move to encrypted chat-based messaging that could extend beyond the building to local state parties. That assessment will conclude “pretty soon,” he said, but declined to elaborate on timing.

The review, Krikorian’s “top-of-mind” priority, will determine whether the DNC will follow the other major Democratic committees to the secure workplace messaging app called Wickr, which offers what’s known as end-to-end encryption for chat, voice and video communication, and file exchanges. End-to-end encryption, meant to make messages indecipherable to third parties, is increasingly seen as a necessary security measure for political campaigns and committees on both sides after the sweep of devastating cyberattacks that tore across the Democratic Party in 2016, hitting the DNC, the Democratic Congressional Campaign Committee, and Hillary Clinton’s campaign chairman.

In June, the DCCC became the first known party committee on either side of the partisan divide to transition to an end-to-end encrypted messaging platform. The committee, charged with electing Democrats to the House of Representatives, has been using Wickr to communicate internally and with staff and consultants working on 20 of its most critical campaigns, vulnerable incumbents called “Frontline Democrats.”

DCCC officials have also encouraged the party’s three other main committees — the DNC, the Democratic Governors Association, and the Democratic Senatorial Campaign Committee — to use Wickr as well, according to an operative briefed by the DCCC.

The move would put every major arm of the national party on the same platform.

Two of the other committees, the DGA and the DSCC, recently became customers of Wickr, a spokesman for the technology company said on Thursday. (The DGA, the entity focused on Democratic gubernatorial candidates, confirmed the decision. Its U.S. Senate counterpart, the DSCC, did not respond to a request for comment. Both are listed on Wickr’s website as clients, along with the DCCC.)

The new arrangement makes the DNC the only party committee on the Democratic side not yet on Wickr. Krikorian said the DNC is “currently evaluating” Wickr as part of its ongoing internal review, along with other apps, which he declined to list in full.

“I would absolutely agree: If we're all on the same platform it would make it a lot easier for all of us,” Krikorian said. “But at the same time, I want to do an honest assessment from the DNC side, considering that all the state parties are looking to us for advice, so I just want to do a real technical assessment before we release our recommendations.”

After the assessment ends, the DNC will “convene” the party’s various committees "when we feel we know what we want to go do, and then we should talk about it,” he said. “We’ll figure it all out together.” (The other groups have already made something of a commitment to Wickr. The program, designed as a collaborative software for offices, is a paid service.)

“I personally want to make sure the most technically secure platform we can find, but I am also aware of the fact that security and usability have trade-offs,” he said. “If it's a serious pain in the ass to use, no one's actually gonna use it. I want to get people on the right platform that we want to commit to for years.”

DNC officials have maintained their relationship with Crowdstrike, the cybersecurity firm retained during the hack last summer, according to a person familiar with the arrangement.

Krikorian casts his ongoing review as part an initial push to “right the ship with security.” In the short-term, he said, it’s about the “low-hanging fruit”: better and more frequent cybersecurity education, simulated phishing attacks, two-step verification, moving the office’s email management to cloud services, assessing their threat model.

“The best thing that you can do on the tech side,” he said, is “just trying to understand a priori what your weaknesses might be — what the next weakest link in the chain is, so you can start shoring up.” Last year, it was phishing attacks. “So we're working on that,” he said, “and we'll keep on going.”

To do that, Krikorian has made a number of initial hires from Silicon Valley, including Uber’s former program manager for the self-driving cars team, Pam Cardona; Twitter’s former lead software engineer, Jeremy Cloud, and former abuse and internal tools lead, Peter Seibel; the former CTO for the digital company Safari Books, Liza Daly; and two lead engineers from last year’s Clinton campaign, Trisha Quan and Felicity Pereyra.

The party’s security efforts will ultimately extend beyond the DNC itself “to everything and anything that potentially touches us,” according to Krikorian, including state parties. He plans to create a tech help-line for candidates and is also considering “some mass-buys” of technology to provide to candidates and parties outside Washington.

One year after the DNC email hack — a cyberattack that revealed an unfair bias against Bernie Sanders and made the party committee a source of fierce dissatisfaction and distrust among progressives — Krikorian is also hoping for a larger culture change inside headquarters. “You have to remember, it's also very popular from the outside to sort of shit on the DNC. That's a common thing to do,” he said. “When I walked in and found demoralized people on the technology team, you talked to them for a while and then you realize that people that still believe in it didn't choose to jump ship.”

“The mood is changing in the building,” added Krikorian. (The engineer made the leap to Washington, he said, because “I believe in a lot of the ideals of Democrats.”)