Democratic Platform Echoes Obama Cybersecurity Goals

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Daniel R. Stoller

July 22 — Presumptive Democratic presidential nominee Hillary Clinton will be following pretty much the same cybersecurity path as President Barack Obama if the 2016 Democratic party platform released July 22 is any indication.

The platform text echoed goals set by Obama to strengthen national cybersecurity and modernize federal information technology systems.

The party platform focused its cybersecurity plan around protecting “industry, infrastructure, and government from cyberattacks.” The platform also criticized “warrantless surveillance” of U.S. citizens that “flourished during the Bush administration.”

Malcom Harkins, global chief information security officer at Irvine, Calif.-based cybersecurity company Cylance Inc., told Bloomberg BNA July 22 that the democratic platform is “really solid,” but needs more clarification “around incentives for companies that design secure procedures” in their products. But, the platform should have avoided political attacks against former president George W. Bush over mass surveillance, he said.

The platform is consistent with cybersecurity stances by Clinton and Obama. In June, Clinton released a fact sheet (125 PRA, 6/29/16), pledging to promote cybersecurity, safeguard cross-border data flows while protecting privacy, strengthen federal networks to improve the U.S. government's cybersecurity and build on President Barack Obama's $19 billion Cybersecurity National Action Plan (27 PRA, 2/10/16).

Omer Tene, vice president of research and education at the International Association of Privacy Professionals, told Bloomberg BNA July 22 that the platform highlights the increased importance of “cybersecurity and privacy” in the “national and international agenda.”

The Republicans released their 2016 party platform July 18 and framed cybersecurity mainly as an element in ensuring national security and addressing conflicts with other countries, much as presidential nominee Donald J. Trump has done during the 2016 presidential primaries (139 PRA, 7/20/16).

The Trump and Clinton campaigns didn't immediately respond to Bloomberg BNA's request for comments on the cybersecurity provisions of the Democratic platform.

obamaclinton
Unclear Encryption Message?

The platform supported Obama's establishment of the Commission on Enhancing National Cybersecurity within the Department of Commerce that will consist of 12 members appointed by the president. Members of the committee will include, “top strategic, business, and technical thinkers from outside of Government—including members to be designated by the bipartisan Congressional leadership,” the White House said in a statement.

The platform hopes that the commission will bring the law enforcement and tech communities together.

However, the platform may not have gone far enough, Will Ackerly, chief technology officer and co-founder of Washington-based cybersecurity company Virtru Corp., told Bloomberg BNA July 22. There should have been “an affirmative statement on strong encryption without backdoors being foundational to the security interests” of U.S. citizens, he said.

“The importance of supporting the use of strong encryption technology becomes even more acute” because U.S. companies are increasingly moving their data to the cloud and thus more vulnerable to cyberattacks and loss of intellectual property, Ackerly said.

Tene is hopeful that the national commission on digital security and encryption will confront the balancing act between law enforcement access to data and personal data privacy. The commission should “confirm the necessity of strong data security measures to protect U.S. citizens' privacy but also the intellectual property, trade secrets and digital assets of the U.S.,” he said.

Jeramie D. Scott, domestic surveillance project director for the Electronic Privacy Information Center, told Bloomberg BNA that the platform lacks “an explicit commitment to strong encryption without backdoors.” There is a “strong” need for encryption as it is “essential to cybersecurity and compromises to encryption lessen our security.”

Privacy, Security in Harmony

The Democratic platform called for increased privacy without limiting national security interests to protect U.S. citizens.

Ackerly said that “it is encouraging to see Democrats clearly acknowledge the false choice between privacy and security.”

Tene agreed that “the platform correctly observes that rather than conflict, privacy and cybersecurity are two sides of the same coin” and that “without security there can be no privacy.” Both are needed to support each other and “without privacy, security protections are devoid of meaning,” he said.

Scott said that the platform “needs to go further and should be clearer on the need for data protection.” It needs to emphasize that companies and the government need to minimize the data they collect, privacy safeguards need enforcing, and state and federal laws need updating,” he said.

Cybersecurity Standards

Harkins said that companies should look to what the National Institute of Standards and Technology “has done with privacy risk analysis.”

The NIST cybersecurity framework was also supported in the Clinton cybersecurity fact sheet. The framework consists of cybersecurity standards that can be customized to various sectors and adapted by both large and small organizations (30 PRA, 2/13/14).

NIST's “standards and frameworks are a great resource for organizations today to follow,” Harkins said.

To contact the reporter on this story: Daniel R. Stoller in Washington at dstoller@bna.com

To contact the editors responsible for this story: Donald G. Aplin at daplin@bna.com ; Jimmy H. Koo at jkoo@bna.com

For More Information

Copyright © 2016 The Bureau of National Affairs, Inc. All Rights Reserved.