Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
By Jimmy H. Koo
July 14 —Donald Trump and Hillary Clinton are unlikely to make cybersecurity a centerpiece of their campaigns and probably won't mention the issue during the party conventions.
But the topic underlies many of the issues that the respective Republican and Democratic presumptive nominees for president will discuss in the race to the White House, privacy and security professionals told Bloomberg BNA.
Voters care about cybersecurity issues, but they may be overwhelmed by the magnitude and the complexity of the threats, they said. Individuals are leaving it to the government to deal with the problems, they said.
Nevertheless, a large-scale cyberattack on the U.S. or a major hacking breach involving a U.S. company during the time leading up to Nov. 8 election might well put cybersecurity in the spotlight and influence the election, the privacy and security pros said.
“There are aspects of cybersecurity that are absolutely mainstream voter issues, at the same time, there are other aspects of cybersecurity embedded in broader foreign policy and national security issues that are critical to the U.S., our companies and the health of our nation,” Norma M. Krayem, senior policy adviser at Holland & Knight LLP in Washington and the co-chair of the firm's Data Protection and Cybersecurity Group, said.
John Dickson, principal of Denim Group Ltd., had similar views. “Cybersecurity is an issue that permeates everywhere,” he said.
“Nobody cares” solely about the candidates' views on cybersecurity, Dickson said. Trump and Clinton's positions on cybersecurity alone “are not going to change the election results,” he said.
However, Adam K. Levin, chairman of IDT911 LLC and Credit.com Inc., said it “boggled” his mind that cybersecurity remained a “backburner issue” despite the “wholesale theft of sensitive personal information” and other cybersecurity threats.
Data breaches have dominated headlines, with high profile hacking attacks at Premera Blue Cross Blue Shield; the Office of Personnel Management; and Ashley Madison showing that cybercriminals don't discriminate among companies or industries (90 PRA, 5/10/16). Data breaches have significantly affected consumers and businesses alike—a recent Ponemon Institute study found that a data breach costs a company an average of $4 million and that the cost for each compromised record is about $158.
It may due to this shear magnitude and prevalence of threats, however, that cybersecurity isn't getting much attention as an election year issue.
“I think many people feel overwhelmed,” Levin said. “Consumers are suffering from breach fatigue,” he added.
According to Krayem, “people do care about cybersecurity and the impact it has on their lives.”
“However it is one issue that they feel they have limited control over,” she said. Cybersecurity is complicated and people “expect that the government and the private sector will take whatever actions are needed to protect them,” she said.
“Candidates focus on more emotional and seemingly immediate issues because that's where the votes are,” according to Levin. But for the millions of individuals and companies that suffer compromises every day, “this is an extremely emotional and immediate issue as well as a clear and present danger,” he said.
For President Barack Obama, cybersecurity has been an important issue throughout his terms. Although his final State of the Union Address in 2016 was the first time since 2012 that he didn't discuss cybersecurity issues (09 PRA, 1/14/16), Obama Feb. 9 proposed a sweeping $19 billion federal cybersecurity effort designed to boost the nation's digital defenses (27 PRA, 2/10/16).
During the 2016 presidential primaries, it was unclear whether the next U.S. president will address cybersecurity issues with the same fervor as Obama as most of the candidates framed cybersecurity as an element in ensuring national security and addressing conflicts with other countries (60 PRA, 3/29/16). Dickson explained that cybersecurity is an issue “that is thrust upon an administration, not what an administration brings up.”
Craig Spiezle, executive director, founder and president of the Online Trust Alliance, told Bloomberg BNA that despite the apparent minimal importance of candidates' positions on cybersecurity, a large-scale cyberattack may shape electoral issues and influence election results.
“State-sponsored activities that are impacting the U.S.” may easily be framed as “cyberwarfare against the U.S.,” he said.
It may “easily be turned” into an election year issue, Spiezle said. Other privacy professionals agreed.
“Before, it seemed like science fiction that foreign hackers can change the course of the election,” Dickson said. “Now, it's a reality,” he added.
“Depending upon the sophistication, creativity and persistence of the hackers and the motivations and skill of their clients,” Levin said, “elections might be influenced, reputations destroyed, candidacies can be undermined.”
According to Krayem, a recent hack attack that targeted Hillary Clinton's campaign and the Democratic National Committee (119 PRA, 6/21/16) was probably intended to get more information on the candidates, and not to influence the election. “In any presidential election, other nations perpetually seek information on who the next U.S. president will be,” she said.
“This is simply a new tool, and more dangerous tool” that hackers will use “to achieve the same goal,” Krayem said.
“There are years of public record to make some understanding of” Clinton's position, according to Dickson. That isn't the case for Trump, Dickson added. The hacker was probably just “looking to gain insight into” Trump's world, Levin said.
At the time of this writing, Trump didn't have a platform or fact sheet dedicated to cybersecurity and privacy issues. Instead Trump addressed cybersecurity issues strictly in terms of ending China's alleged intellectual property violations. “China's cyber lawlessness threatens our prosperity, privacy and national security,” Trump's campaign website said.
Until recently, Clinton's campaign had also been largely silent on cybersecurity and privacy issues. Instead, similar to other candidates during the Republican and Democratic primaries, she had framed cybersecurity as an element of other issues.
Clinton June 28 released a fact sheet outlining a sweeping technology agenda (125 PRA, 6/29/16). Although the fact sheet was mostly about Clinton's plans for building a stronger economy through technological innovation and investment in infrastructure, potential voters got more insight into her positions on related cybersecurity- and privacy-related issues.
According to the fact sheet, Clinton wants to expand investment in cybersecurity technologies and accelerate the adoption of best practices such as the National Institute of Standards and Technology Cybersecurity Framework (30 PRA, 2/13/14). Clinton also urged government agencies to consider bug bounty programs, modeled after the Defense Department's “Hack the Pentagon” initiative (43 PRA, 3/4/16). She also called for promoting commercial data privacy and rejected the “false choice between privacy interests and keeping Americans safe.”
Clinton's fact sheet “addresses numerous critical issues—the need for an open flow of data across borders, resisting calls for data localization and the need to stop nation state cyber-enabled espionage,” Krayem said. “Importantly, it also supports public-private partnerships,” she said.
Levin also applauded Clinton's proposal. “Clinton’s initiative on technology and innovation is a step in the right direction—striking a critical balance between supporting technological innovation, while protecting the privacy rights and security concerns of consumers,” he said. Clinton's plan “builds on the Obama Administration’s cyber agenda” to improve outdated systems, he added.
To contact the reporter on this story: Jimmy H. Koo in Washington at email@example.com
To contact the editor responsible for this story: Donald G. Aplin at firstname.lastname@example.org
Copyright © 2016 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)