Cybersecurity Issues, Privacy Concerns Getting More Play in 2016 Campaign

Cybersecurity has become a key component of both the Democratic and Republicans' campaign platforms on technology and innovation issues, in addition to privacy, but cybersecurity has the most potential to grow as a campaign issue in the context of its role in foreign policy and national security policy, several cybersecurity experts and lobbyists told us. The DNC and Republican National Committee adopted party platforms this year that mention privacy and encryption more forcefully than in prior election cycles.

Cybersecurity issues “have certainly been addressed in this campaign more than they have before, which is indicative of the fact that these issues are pervading larger discussions about terrorism, job creation, and the loss of IP, but it hasn't reached the level of serious discussions about policy options,” said Internet Security Alliance President Larry Clinton. “I'm fairly doubtful that we'll see that in this electoral cycle.” Cybersecurity and privacy are largely non-partisan issues, which provides a way for lawmakers from both parties and the president and Congress to collaborate, said International Association of Privacy Professionals Vice President-Research and Education Omer Tene in an email. “The platforms correctly observe that rather than conflict, privacy and cybersecurity are two sides of the same coin,” he said. "The recognition of the tension between privacy rights and national security and law enforcement needs will hopefully lead to a levelheaded public discussion, ensuring that in our quest for safety and security we don’t sacrifice the fundamental values that underpin our democracy."

The Democrats said they will strengthen cybersecurity while protecting privacy and civil liberties: “We will protect the privacy and civil liberties of the American people -- standing firm against the type of warrantless surveillance of American citizens that flourished during the Bush Administration. We will support recent reforms to government bulk data collection programs so the government is not collecting and holding millions of files on innocent Americans.” In 2008 and 2012, Democrats mentioned preserving people’s privacy and civil liberties in less-compelling language and didn't refer to encryption at all.

The Republicans also mentioned privacy more strongly this year and referenced encryption, a word that wasn’t included in their 2008 and 2012 platforms. The RNC said in its 2016 platform that increased privacy protections through “sophisticated encryption technology” have become crucial for the economy. “At the same time, however, such innovations have brought new dangers, especially from criminals and terrorists who seek to use encryption technology to harm us,” the RNC platform said. “No matter the medium, citizens must retain the right to communicate with one another free from unlawful government intrusion. It will not be easy to balance privacy rights with the government's legitimate need to access encrypted information. This issue is too important to be left to the courts.”

Republican presidential nominee Donald Trump referenced the DNC hack during a press conference Wednesday during a discussion about Democratic nominee Hillary Clinton's State Department communications. "Russia, if you are listening, I hope you are able to find the 33,000 emails that are missing -- I think you will probably be rewarded mightily by our press," he said. "This has to be the first time that a major presidential candidate has actively encouraged a foreign power to conduct espionage against his political opponent," said Clinton campaign policy adviser Jake Sullivan in a statement. "That's not hyperbole, those are just the facts. This has gone from being a matter of curiosity, and a matter of politics, to being a national security issue."

Cybersecurity could become more important in the presidential campaigns' discussion of foreign policy and national security issues, but only if the FBI and other federal agencies are able definitively to prove a link to the Russian government, Clinton said. The FBI is investigating the DNC hack but DNC-hired investigators have publicly said the hack was perpetrated by Russian government-backed hackers. Russian Foreign Minister Sergey Lavrov denied Russian government involvement in the hack earlier this week. “This is such a different type of hack in that its purported intent was to influence a U.S. election, so it very well may inject cyber into the political campaign in a very different way than it has in the past,” Clinton said. “When most of us talk about cybersecurity we're talking about things like critical infrastructure protection and protection of IP. When you're talking about a political party's servers and whether or not [Russian President Vladimir] Putin is attempting to put his thumb on the electoral scales,” more nuanced foreign policy-related issues come into the mix.

Hacking and the leaking of an entity's private emails have become fairly common but “it's a whole other ball of wax” if you're able to substantiate a link between a cyberattack and a foreign government, said Norma Krayem, Holland & Knight cybersecurity policy expert. The DNC hack and email leak, if proven to have a link to the Russian government, would tend to draw the same attention to cyber espionage as did the 2014 Sony Pictures Entertainment hack attributed to North Korea and previous cyber intrusions found to have been orchestrated by the Chinese government, Krayem said. “Everybody's being hacked by the Russians,” so the Clinton and Trump campaigns' policy responses to the DNC hack would depend on whether the campaigns frame it as an international incident or a simple cyber crime, said Shane Tews, visiting fellow at AEI’s Center for Internet, Communications and Technology Policy.

Campaign discussions on developing policy on cyber espionage could become particularly important because it could spur on more serious discussions about an action plan for responsing to foreign-based cyberattacks, Tews said. “We have a lot of laws for responding to international incidents that have not been updated to deal with cyber issues.” Chinese government-sponsored IP theft has been occurring for years in the private sector but the government still “doesn't have a way to deal with it,” so the DNC hack might result in more attention on developing policy around such incidents, Tews said.

Privacy advocates generally were pleased privacy and encryption were mentioned more prominently in the Democratic and Republican platforms, but they had a mixed view on whether any real impact would result. Center for Democracy & Technology Vice President-Policy Chris Calabrese told us the inclusion of such language in the platforms is significant. “It reflects the rising importance of these issues in ordinary life,” he said. “That’s what really these platforms are about. They’re about responding to the political and economic and social needs of the country. So the fact that there’s more discussion about privacy and cybersecurity and encryption I think represents the fact that they’re more salient for ordinary Americans.” That’s important because many large companies -- not just tech firms -- collect a fair amount of data on people, who want greater security online and in their communications as they worry about data breaches, Calabrese said. While these particular platforms won’t solve the problems, he said the political parties and lawmakers will take heed of this growing awareness among people.

It's “good to see” that both major parties are considering cybersecurity and privacy issues, “but we need more than words," said Access Now Global Policy Counsel Amie Stepanovich in an email. "In 2016 it is no longer enigmatic that encryption keeps us safe, protects our infrastructure, and enables our economy to flourish and grow globally." Although inclusion of encryption in both party platforms this year reflects the central role of technology in people’s lives, “empty words fail to recognize the importance of properly securing that technology, and the mutually-reinforcing relationship of privacy and security,” Stepanovich said. She said more leadership is needed to defend encryption.

“It's pretty clear to me that both parties are wrangling as much wiggle room as possible on the issue of encryption,” said Ryan Hagemann, Niskanen Center technology and civil liberties policy analyst, in an email. “There's a lot of squishy ‘on the one hand’ and ‘on the other hand’ language that tries to stake out a noncommittal position. That's understandable, of course, given the complex nature of the debate -- one that doesn't lend itself well to a clear cut solution. We saw these dividing lines very clearly play out during" the FBI’s fight with Apple to get access to an iPhone used by one of the San Bernardino, California, mass shooters.

“It’s not that the problem did not exist before; the problem always existed. It is an awareness that was not there,” said Maneesh Rai, head of product management at global mobile connectivity provider iPass, in an interview. “I definitely think that this will create a lot more awareness and hence a lot more … investment” into technologies that will help improve security although he cautioned no security is foolproof. He said the DNC data breach also may result in more visibility on the issue.