Current Issue
This Month's Print Issue

Follow Fast Company

We’ll come to you.

10 minute read

Election 2016

Where Clinton And Trump Stand On Cybersecurity And Privacy

Clinton generally favors continuing Obama's cyber policies, while Trump calls for more cyber warfare and surveillance.

Where Clinton And Trump Stand On Cybersecurity And Privacy

[Source Photos: Flickr users Nathaniel F (Clinton), Gage Skidmore (Trump)]

From alleged Russian attacks on Democratic National Committee servers and the vulnerability of Hillary Clinton's emails to the ongoing debate over law enforcement access to encrypted data, cybersecurity and related privacy issues have become part of the presidential election cycle like never before.

Both major party candidates have called for the U.S. to do more to protect itself against digital attacks and to use digital tools to thwart extremist activity and digital communications. Democratic nominee Hillary Clinton has generally favored continuing policies from the Obama administration, from the current president's approach to encryption to his national cybersecurity plan, while Republican nominee Donald Trump has said that the current administration has left the country vulnerable to digital and terror attacks, and proposed ramping up cyber warfare and digital surveillance as part of a solution.

Keeping Networks Safe

Trump and Clinton have both spoken of the need to keep Americans safe from cybercrime—particularly from attacks and digital intellectual property theft sponsored by foreign nations. Clinton warned last year that China is "trying to hack into everything that doesn’t move in America," after a series of attacks were linked to the Chinese government, and Trump’s campaign has similarly said that "China’s cyber lawlessness threatens our prosperity, privacy, and national security."

The Clinton campaign has said she’d "build on" the Cybersecurity National Action Plan announced by the Obama administration in February. It called for the appointment of a federal chief information security officer to bolster government network security and collaborations with private industry to keep internet users safe through techniques like two-factor authentication.

"She supports expanded investment in cybersecurity technologies, as well as public-private collaboration on cybersecurity innovation, responsible information sharing on cyber threats, and accelerated adoption of best practices such as the National Institute of Standards and Technology Cybersecurity Framework," according to her campaign website.

Trump has been far less sanguine about existing efforts to keep networks safe, saying in a lengthy interview in March with the New York Times that in terms of digital security, "we’re so obsolete, we just seem to be toyed with by so many different countries." He’s also implicitly attacked Clinton’s own cybersecurity credentials, repeatedly mentioning her controversial use of a private email server during her tenure as secretary of state and even calling on the Russian government to help find emails she had deleted. He later said the comment was intended to be sarcastic.

But so far, some experts have lamented that Trump hasn’t proposed many concrete steps he would take as president to boost digital security.

In a recent interview with the Washington Post, former National Security Agency general counsel Stewart Baker described Clinton’s cyber plan as "cautious, incremental, sober, and boring—a cybersecurity third term for President Obama"—while saying Trump’s statements are "impressionistic and focused on American decline" rather than concrete specifics.

A Hillary Clinton supporter's cell phone at a campaign rally with former President Bill Clinton at Central High School in Phoenix, ArizonaGage Skidmore/Flickr

Generally, Clinton has won endorsements from veteran national security and foreign policy officials, notably including some from past Republican administrations. Michael Morrell, former acting Central Intelligence Agency director, also endorsed Clinton earlier this month, even writing in the New York Times that Trump is "not only unqualified for the job, but he may well pose a threat to our national security." A group of more than 100 Republican national security experts also signed an open letter in March, writing that "as committed and loyal Republicans, we are unable to support a Party ticket with Mr. Trump at its head," declaring him "utterly unfitted to the office."

Still, Trump has won endorsements from some national security leaders, notably including former Defense Intelligence Agency head Michael Flynn, who's been vocal about the need to beef up defense cybersecurity staffing levels.

Cyber War

Both candidates have expressed a willingness to use cyberattacks as part of U.S. military strategy, continuing down a path blazed by Obama and former President George W. Bush, whose administrations authorized cyberattacks designed to impair Iran’s nuclear weapons program, including while Clinton was secretary of state. Obama also recently authorized digital strikes against ISIS, reportedly interfering with the terror group’s communications and even disrupting electronic cash transfers. And a recently leaked cache of files from a hacking group calling itself the Shadow Brokers is widely believed to contain hacking tools developed by the National Security Agency.

Trump said this week that he would use "military, cyber, and financial warfare" to fight terrorism. In the past, he has said he would go further than Obama, aiming to take ISIS off the internet entirely. That could include disrupting digital communications in areas where the group holds power, he said in a December Republican primary debate.

"I sure as hell don't want to let people that want to kill us and kill our nation use our internet," Trump said.

The idea of attempting to ban the group from the internet altogether drew criticism from some of Trump’s then-rivals for the Republican nomination, who saw it as a potentially dangerous attempt at censorship, and from networking experts who suggested it would be technically difficult, if not impossible.

Clinton has been less specific about her offensive cyber warfare plans, though as secretary of state, she apparently managed some cyberattacks on al-Qaeda-recruiting websites, suggesting she’s not opposed to using the technique.

"Within 48 hours, our team plastered the same sites with altered versions of the ads that showed the toll al-Qaeda attacks have taken on the Yemeni people," she said in a 2012 speech. "We can tell our efforts are starting to have an impact because extremists are publicly venting their frustration and asking supporters not to believe everything they read on the internet."

Clinton is also no stranger to cyber war in action: She was secretary of state during the later years of and fallout from the malware known as Stuxnet, a secret project by the U.S. and Israel to disable Iranian uranium facilities. The State Department was not involved in the effort, but Clinton was well aware of its effects. In early 2011, she observed of Tehran's nuclear progress that "their program, from our best estimate, has been slowed down" because of "technological problems."

Protecting Privacy

Operating system makers like Apple and communications providers like Facebook’s WhatsApp are increasingly offering encryption tools to keep users’ messages secret—even from the software companies themselves. That’s increasingly valuable to users after revelations about NSA monitoring and apparent attempts by other governments to spy on their citizens.

But it's also a challenge for law enforcement agencies, who can't access user data even with a warrant, since there’s no way to decrypt the data without a password. That tension came to a head earlier this year, when a court ordered Apple to help the FBI unlock an iPhone used by alleged San Bernardino shooter Syed Farook. Apple challenged the order and was joined by other tech companies, saying any backdoor way around its encryption would ultimately be exploited by criminals to steal user data.

The stalemate ultimately ended when the FBI found an alternative way to unlock the phone through a security bug, but politicians and the tech industry have continued to spar over whether and how police should be able to access data in future cases.

When Apple initially fought the order to decrypt Farook’s phone, Trump quickly called on his supporters to boycott the company unless it agreed to comply.

"Who do they think they are?" he asked of Apple, appearing on Fox News at the time. Trump has apparently since resumed using Apple products—the candidate was photographed using a MacBook Pro for a Reddit AMA session, and at least some posts to his official Twitter account are apparently made from an iPhone.

Donald Trump during his Reddit AMA session

Clinton has called on the tech industry and government to find a compromise solution to the dilemma, a similar stance to Obama, who warned the tech community in a March appearance at South by Southwest that, without a solution, a future terror attack could lead to "sloppy and rushed" legislation being passed by Congress.

"I think most citizens see both sides," Clinton said in a February primary debate. "This is why you need people in office who can try to bring folks together to find common ground."

Still, some privacy experts, as well as companies like Apple, continue to maintain that any compromise solution is effectively impossible, since there’s no way to build a backdoor that couldn’t be exploited by criminals or foreign governments.

And as far as the surveillance programs that partially motivated tech companies to roll out encryption, Trump has openly said he would restore some of the NSA’s controversial warrantless spying programs that were curtailed after 2007.

"I assume when I pick up my telephone, people are listening to my conversations anyway, if you want to know the truth," he told conservative radio host Hugh Hewitt in December. "It’s pretty sad commentary, but I err on the side of security." (According to a July report in the New Yorker, Trump actually allowed Tony Schwartz, the ghostwriter behind his book The Art of the Deal, to eavesdrop on his calls without other parties' knowledge.)

In October 2013, four months after Edward Snowden's revelations about the NSA, Trump tweeted, "Snowden is a spy who should be executed—but if . . . he could reveal Obama’s records, I might become a major fan." It wasn't the only time he would goad people to leak sensitive information. In 2014, he tweeted that he hoped hackers would find Obama’s college records to check his "place of birth."

"Attention all hackers: You are hacking everything else so please hack Obama's college records (destroyed?) and check 'place of birth,'" he tweeted. In 2013, Trump's Twitter account issued a mysterious message: "These hoes think they classy, well that's the class I'm skippen."

The tweet—a Lil Wayne lyric—was deleted, and Trump claimed he'd been hacked. "My Twitter has been seriously hacked—and we are looking for the perpetrators," he later tweeted.

Trump has also offered other intelligence proposals critiqued by civil libertarians, including surveillance of mosques and waterboarding of suspected terrorists, and said this week he’s distrustful of the quality of existing U.S. intelligence data.

Clinton, for her part, called in June for an "intelligence surge" to help combat terrorism, and has repeatedly urged tech companies to do more to help the government track and stop suspicious activities online, though she condemned calls for surveillance of American Muslims because of their religion.

"As president, I will work with our great tech companies from Silicon Valley to Boston to step up our game," she said in June, following the Orlando nightclub shooting. "We have to a better job intercepting ISIS’s communications, tracking and analyzing social media posts and mapping jihadist networks, as well as promoting credible voices who can provide alternatives to radicalization."

And last year, Clinton endorsed the USA Freedom Act, which placed limits on the NSA’s collection of phone call metadata, though critics have pointed out she also voted for the post-9/11 Patriot Act, which included legal justification for the NSA metadata program. Trump said last year he supported allowing the NSA to collect the data. Around the time he tweeted about Snowden, Trump also acknowledged how the revelations confirmed a tradition of spying. "Fact—all the countries complaining about us spying on them spy on us. They just don't get caught—stupid!" Trump tweeted.

In terms of support from Silicon Valley, Clinton has raised about $4 million from tech industry donors, with support from industry bigwigs like Apple CEO Tim Cook, who hosted a fundraising event for Clinton on August 24. Other prominent Clinton supporters include Napster cofounder Sean Parker and LinkedIn chief Reid Hoffman, CNN reported this week, citing data from the Center for Responsive Politics. Trump, by contrast, has only raised about $200,000 from industry sources, the network reported. So far, he's won few prominent tech world endorsements besides PayPal cofounder and venture capitalist Peter Thiel, who spoke at the Republican National Convention last month.

Silicon Valley execs have reasons to be skeptical of Trump besides privacy policy, though, including his opposition to the H-1B work visas used by many tech companies to hire noncitizen workers and his repudiation of international trade agreements.

The Fast Company Innovation Festival