At this point, it may seem like we have been on the US presidential campaign trail for several decades already, but there is now just a couple of months to go before polls open on 8 November and the citizens of the US decide to elect either Hillary Clinton or Donald Trump.
Whoever becomes the 45th president of the United States, taking over from Barack Obama on 20 January next year, they will have to take on critical issues such as the economy, healthcare, immigration and the threat of terrorism. However, and for the first time, an incoming president is also going to have to devote a lot of time to dealing with issues related to privacy and cyber security.
From nation-state sponsored espionage to cybercriminals looking to steal your bank details, the threat from cyberspace has never been greater. Add to this the need to balance citizen’s privacy with the increasing demands of the intelligence community to monitor online communications, and it is clear that whoever becomes the next president will have a lot to deal with.
We have already looked at what Donald Trump has had to say about these topics and found that while he has no official positions on the topics of cybersecurity or privacy — preferring instead to focus on his plans to build walls and reform immigration — he has made numerous comments and statements around these issues.
In broad terms, Trump seems in favour of increasing the powers of intelligence agencies at the cost of privacy while forcing technology companies to make their products less safe.
Clinton on the other hand has outlined her position in relation to these topics as part of her campaign, giving us a relatively clear indication of where she stands and what we can expect of her as a president when it comes to privacy and cyber security.
Before we look at what the Democratic nominee has had to say, we need to address one of the biggest issues of the last couple of years, her email controversy, and how it could inform her presidency.
Clinton Email Scandal
Last year it emerged that Clinton had been using a private email server at her home for official communications while working as Secretary of State, instead of using the state department email accounts which are stored on federal servers.
The reason Clinton has given for making the decision is that she didn’t want to have to use two devices, one for personal communications and one for work. Clinton never told the state department of her decision to use her personal email server, and the fact only came to light when a hacker named Gufficer released a trance of official emails, including ones sent to her clintonemail.com address.
While the FBI has dubbed Clinton’s actions as “extremely careless” it recommended in July 2016 that no charges should be brought against her.
The fact that Clinton acted so recklessly in relation to official emails — including 113 messages which contained information marked classified at the time it was sent — is something which will not be tolerated if she becomes president. There is also the issue that Clinton’s actions set a bad example for all other state department staff, and this could have a knock on impact on the general security of how official communications are handled.
“The State Department was among the worst agencies in the federal government at protecting computer networks,” according to a cybersecurity audit carried out by the White House last year. “The State Department’s compliance with federal cybersecurity standards was below average when Clinton took over but grew worse in each year of her tenure.”
Stewart Baker, a former NSA general counsel and Department of Homeland Security assistant secretary for policy during the George W. Bush administration also weighed in: “Hillary Clinton’s use of a home-brew email server with laughably bad security was appalling and irresponsible,” Baker said. “It looks as though she was more afraid of Republicans and prosecutors than of Russian and Chinese intelligence agencies.”
There have however been examples of Clinton practicing good OpSec, indicating she understands the need to act cautiously when it comes to protecting her digital information. During trips to Russia when she was Secretary of State, Clinton would leave all electronics on the plane with the batteries out to prevent hacking.
If Clinton is now suggesting voters “Do as I say, not as I do,” then what exactly is she saying?
According to Clinton’s policy documents, the importance of cybersecurity is obvious and she has also made several public statements on her position, including this from a town hall meeting in February:
“[Cybersecurity is] one of the most important challenges the next president is going to face because the advances, the offensive advances by nation states that we know are very technically sophisticated — namely Russia, China, next level Iran, next level North Korea — are going to just accelerate. We have to be operating on both of these levels, making it very clear to Russia, to China, that not only that what their government does through various entities, but also if they outsource the work to hackers, they will pay a price.”
Clinton also says she will build on the US Cybersecurity National Action Plan by “empowering a federal Chief Information Security Officer and upgrading government-wide cybersecurity.”
Apple and encryption
On 24 August, Apple CEO Tim Cook hosted a fundraising event for Clinton in California, and while he was there in a private capacity, it is an interesting dynamic given the recent high-profile FBI push to force Apple to break into an iPhone used by one of the shooters at the San Bernardino massacre.
Clinton has spoken on this issue previously, but has sat on the fence somewhat. “I see both sides, and I think most citizens see both sides. We don’t want privacy and encryption destroyed, and we want to catch and make sure there’s nobody else out there whose information is on the cellphone of that killer,” Clinton said during a at a MSNBC-Telemundo town hall in February.
She called the debate “a legitimate dilemma,” and said the government and technology companies should “keep working together to see that there isn’t some legitimate way to help deal with these kinds of very real world problems that we face.”
Related: How to make your iPhone FBI Proof.
While Russia and its alleged involvement in the hack of the servers of the Democratic National Convention have been making headlines in recent months, it has been China which has been the most active opponent of the US in cyberspace in recent years and Clinton, in her policy statements, is unequivocal that she wants to hold China accountable in this area. “[I] will work with allies to promote strong rules of the road and institutions in Asia, and press China to play by the rules—including in cyberspace, on currency, human rights, trade, territorial disputes, and climate change—and hold it accountable if it does not, while working with China where it is in our interest.”
While she has backed reforms to “make sure that [mass surveillance] doesn’t go too far,” Clinton told NPR that “collecting information about what’s going around the world is essential to our security.”
Continuing, she said: “There were other ways that Mr. Snowden could have expressed his concerns,” saying that bringing his concerns to Congress would have been a smart choice. “I think everyone would have applauded that because it would have added to the debate that was already started. Instead, he left the country — first to China, then to Russia — taking with him a huge amount of [sensitive] information,” she said.
Confusion on encryption
During the Democratic Presidential debate in December, Clinton proposed a “Manhattan-like project” to create more cooperation between tech companies and the government in fighting terrorism. If you don’t know, the Manhattan Project was the effort during World War 2 to build a nuclear bomb, but Clinton was not clear about what exactly her Manhattan Project would be building.
What is clear from her statements is that Clinton is trying to straddle both sides of the argument without coming down strong on one viewpoint or the other. “Maybe the back door isn’t the right door, and I understand what Apple and others are saying about that. I just think there’s got to be a way, and I would hope that our tech companies would work with government to figure that out.”
Safe Harbour/Privacy Shield
In her policy documents, Clinton says the rise of computing trends like big data and the Internet of Things will bring big benefits, but that these advances also bring with them important questions about privacy and fairness. Clinton promises to “affirm strong consumer protection values through effective regulatory enforcement in an adaptive manner, encouraging high standards in industry without stifling innovation. She will carry through that approach globally to support data flows essential to the digital economy.”
Safe Harbour, a mechanism for US companies to easily transfer customer and employee data across the Atlantic from Europe, was last year struck out by Europe’s Court of Justice. It has since been replaced by Privacy Shield, which is promising more robust protection for Europeans worried about mass surveillance being carried out by the US intelligence apparatus.
Taking Clinton’s policy statement at face value, it would appear that she will be seeking to make sure Privacy Shield remains in place to help protect US companies’ digital interests. In her Initiative on Technology and Innovation, Clinton says she supports efforts to “to find alignment in national data privacy laws and protect data flows across borders.”
Protect online privacy
Clinton says that she wants to protect people’s privacy, saying that keeping the country secure does not mean undermining privacy completely.
“[I] reject the false choice between privacy interests and keeping Americans safe,” Clinton said in her position statements. She was a proponent of the USA Freedom Act, and supports Senator Mark Warner and Representative Mike McCaul’s idea for a national commission on digital security and encryption. The purpose of this commission will be to liaise with both the technology and public safety communities to see how the needs of law enforcement can live side-by-side with the need to protect the privacy and security of the general public who use technology on a daily basis.
Clinton’s policy documents reiterate her calls for more ways of securing the public’s privacy, advocating for the creation of “a national commission on digital security, so that the technology and public safety communities can work together on solutions that address law enforcement needs while preserving individual privacy and security.”
Related: 75+ free online privacy tools
It is clear that Clinton has much more thought-through ideas on what her presidency will mean for privacy and security. Despite her own troubles with email, Clinton is committed to improving the overall security of the White House, and government agencies as a whole, to combat the growing threat from countries like China and Russia.
However one big question about Clinton’s policies remains. How will she be able to appease those calling for stronger encryption and the protection of private data, while at the same time helping the intelligence agencies gain the access they need to help combat terrorism? For now Clinton seems to be trying to appeal to both sides, but at the end of the day, she will be only able to fully support one or the other.