Cybersecurity Not Stand-Alone Issue in Trump v. Clinton

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Jimmy H. Koo

July 14 —Donald Trump and Hillary Clinton are unlikely to make cybersecurity a centerpiece of their campaigns and probably won't mention the issue during the party conventions.

But the topic underlies many of the issues that the respective Republican and Democratic presumptive nominees for president will discuss in the race to the White House, privacy and security professionals told Bloomberg BNA.

Voters care about cybersecurity issues, but they may be overwhelmed by the magnitude and the complexity of the threats, they said. Individuals are leaving it to the government to deal with the problems, they said.

Nevertheless, a large-scale cyberattack on the U.S. or a major hacking breach involving a U.S. company during the time leading up to Nov. 8 election might well put cybersecurity in the spotlight and influence the election, the privacy and security pros said.

cyberelection
Personal Data at Risk

“There are aspects of cybersecurity that are absolutely mainstream voter issues, at the same time, there are other aspects of cybersecurity embedded in broader foreign policy and national security issues that are critical to the U.S., our companies and the health of our nation,” Norma M. Krayem, senior policy adviser at Holland & Knight LLP in Washington and the co-chair of the firm's Data Protection and Cybersecurity Group, said.

John Dickson, principal of Denim Group Ltd., had similar views. “Cybersecurity is an issue that permeates everywhere,” he said.

“Nobody cares” solely about the candidates' views on cybersecurity, Dickson said. Trump and Clinton's positions on cybersecurity alone “are not going to change the election results,” he said.

However, Adam K. Levin, chairman of IDT911 LLC and Credit.com Inc., said it “boggled” his mind that cybersecurity remained a “backburner issue” despite the “wholesale theft of sensitive personal information” and other cybersecurity threats.

Breach Fatigue?

Data breaches have dominated headlines, with high profile hacking attacks at Premera Blue Cross Blue Shield; the Office of Personnel Management; and Ashley Madison showing that cybercriminals don't discriminate among companies or industries (90 PRA, 5/10/16). Data breaches have significantly affected consumers and businesses alike—a recent Ponemon Institute study found that a data breach costs a company an average of $4 million and that the cost for each compromised record is about $158.

It may due to this shear magnitude and prevalence of threats, however, that cybersecurity isn't getting much attention as an election year issue.

“I think many people feel overwhelmed,” Levin said. “Consumers are suffering from breach fatigue,” he added.

Lack of Control

According to Krayem, “people do care about cybersecurity and the impact it has on their lives.”

“However it is one issue that they feel they have limited control over,” she said. Cybersecurity is complicated and people “expect that the government and the private sector will take whatever actions are needed to protect them,” she said.

“Candidates focus on more emotional and seemingly immediate issues because that's where the votes are,” according to Levin. But for the millions of individuals and companies that suffer compromises every day, “this is an extremely emotional and immediate issue as well as a clear and present danger,” he said.

For President Barack Obama, cybersecurity has been an important issue throughout his terms. Although his final State of the Union Address in 2016 was the first time since 2012 that he didn't discuss cybersecurity issues (09 PRA, 1/14/16), Obama Feb. 9 proposed a sweeping $19 billion federal cybersecurity effort designed to boost the nation's digital defenses (27 PRA, 2/10/16).

During the 2016 presidential primaries, it was unclear whether the next U.S. president will address cybersecurity issues with the same fervor as Obama as most of the candidates framed cybersecurity as an element in ensuring national security and addressing conflicts with other countries (60 PRA, 3/29/16). Dickson explained that cybersecurity is an issue “that is thrust upon an administration, not what an administration brings up.”

Influence on Election

Craig Spiezle, executive director, founder and president of the Online Trust Alliance, told Bloomberg BNA that despite the apparent minimal importance of candidates' positions on cybersecurity, a large-scale cyberattack may shape electoral issues and influence election results.

“State-sponsored activities that are impacting the U.S.” may easily be framed as “cyberwarfare against the U.S.,” he said.

It may “easily be turned” into an election year issue, Spiezle said. Other privacy professionals agreed.

“Before, it seemed like science fiction that foreign hackers can change the course of the election,” Dickson said. “Now, it's a reality,” he added.

“Depending upon the sophistication, creativity and persistence of the hackers and the motivations and skill of their clients,” Levin said, “elections might be influenced, reputations destroyed, candidacies can be undermined.”

According to Krayem, a recent hack attack that targeted Hillary Clinton's campaign and the Democratic National Committee (119 PRA, 6/21/16) was probably intended to get more information on the candidates, and not to influence the election. “In any presidential election, other nations perpetually seek information on who the next U.S. president will be,” she said.

“This is simply a new tool, and more dangerous tool” that hackers will use “to achieve the same goal,” Krayem said.

Others agreed.

“There are years of public record to make some understanding of” Clinton's position, according to Dickson. That isn't the case for Trump, Dickson added. The hacker was probably just “looking to gain insight into” Trump's world, Levin said.

Candidate Positions

At the time of this writing, Trump didn't have a platform or fact sheet dedicated to cybersecurity and privacy issues. Instead Trump addressed cybersecurity issues strictly in terms of ending China's alleged intellectual property violations. “China's cyber lawlessness threatens our prosperity, privacy and national security,” Trump's campaign website said.

Until recently, Clinton's campaign had also been largely silent on cybersecurity and privacy issues. Instead, similar to other candidates during the Republican and Democratic primaries, she had framed cybersecurity as an element of other issues.

Clinton June 28 released a fact sheet outlining a sweeping technology agenda (125 PRA, 6/29/16). Although the fact sheet was mostly about Clinton's plans for building a stronger economy through technological innovation and investment in infrastructure, potential voters got more insight into her positions on related cybersecurity- and privacy-related issues.

According to the fact sheet, Clinton wants to expand investment in cybersecurity technologies and accelerate the adoption of best practices such as the National Institute of Standards and Technology Cybersecurity Framework (30 PRA, 2/13/14). Clinton also urged government agencies to consider bug bounty programs, modeled after the Defense Department's “Hack the Pentagon” initiative (43 PRA, 3/4/16). She also called for promoting commercial data privacy and rejected the “false choice between privacy interests and keeping Americans safe.”

Clinton's fact sheet “addresses numerous critical issues—the need for an open flow of data across borders, resisting calls for data localization and the need to stop nation state cyber-enabled espionage,” Krayem said. “Importantly, it also supports public-private partnerships,” she said.

Levin also applauded Clinton's proposal. “Clinton’s initiative on technology and innovation is a step in the right direction—striking a critical balance between supporting technological innovation, while protecting the privacy rights and security concerns of consumers,” he said. Clinton's plan “builds on the Obama Administration’s cyber agenda” to improve outdated systems, he added.

To contact the reporter on this story: Jimmy H. Koo in Washington at jkoo@bna.com

To contact the editor responsible for this story: Donald G. Aplin at daplin@bna.com

Copyright © 2016 The Bureau of National Affairs, Inc. All Rights Reserved.