Republican Platform Adds Little on Cybersecurity, Privacy

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Jimmy H. Koo and Daniel R. Stoller

July 19 — The 2016 Republican Party platform expanded on presidential nominee Donald J. Trump's positions on cybersecurity and privacy, but didn't add much to what Trump has already said on those subjects.

The party framed cybersecurity mainly as an element in ensuring national security and addressing conflicts with other countries, much as Trump has done during the 2016 presidential primaries (60 PRA, 3/29/16),

Specifically, the platform identified cyberattacks against U.S. businesses, institutions and government agencies as a “routine” problem, and suggested going on offense to deter cybersecurity threats. The attacks will continue until “the world understands that an attack will not be tolerated—that we are prepared to respond in kind and in greater magnitude,” the platform said.

Aaron Cooper, vice president of strategic policy initiatives at BSA | The Software Alliance, told Bloomberg BNA July 19 that it was “really heartening” that the platform offered a balanced discussion on “data flows without restrictions, the importance of IP protection and the importance of encryption.”

Cooper said he hopes that Republicans and Democrats continue the debate as it is “important to focus on both the expectations that consumers and customers have today for the information they store online and in the cloud.”

It is a very important message and “important for the digital economy,” he said.

safeagain
Cybersecurity Warfare

Not all interest groups reacted to the platform positively. “The RNC cybersecurity platform fails to address what is a core issue of cybersecurity and actually threatens to make the problem worse,” Electronic Privacy Information Center Domestic Surveillance Project Director Jeramie D. Scott told Bloomberg BNA July 19.

Stating that Russia and China see “cyber operations” as a part of peacetime warfare strategy, the Republican platform said that responses to cyberattacks should “cause diplomatic, financial and legal pain, curtailing visas for guilty parties, freezing their assets, and pursuing criminal actions against them.”

“We must stop playing defense and go on offense to avoid the cyber-equivalent of Pearl Harbor,” it said.

Unlikely to Be Centerpiece

According to Scott, “for any political platform, data protection should be the primary starting point.”

However, as privacy and security professionals recently told Bloomberg BNA, Trump and his presumptive Democratic opponent, Hillary Clinton, are unlikely to make cybersecurity a centerpiece of their campaigns. The topic underlies many of the other issues that Trump and Clinton will discuss in the race to the White House, they said (136 PRA, 7/15/16).

In June, Clinton released a fact sheet (125 Privacy Law Watch, 6/29/16), pledging to promote cybersecurity, safeguard cross-border data flows while protecting privacy, strengthen federal networks to improve the U.S. government's cybersecurity and build on President Barack Obama's $19 billion Cybersecurity National Action Plan (27 PRA, 2/10/16).

Encryption Not For Courts

The Republican platform similarly called for protecting data privacy while ensuring free flow of data across borders, modernizing the federal government's legacy systems and fostering innovation and education.

A legal battle between Apple Inc. and the Federal Bureau of Investigation was ignited after the tech giant rejected a court order to help the FBI to access data on an iPhone (32 PRA, 2/18/16). According to the Republican platform, the decision shouldn't have been left to the courts. “It will not be easy to balance privacy rights with the government's legitimate need to access encrypted information,” it said. “This issue is too important to be left to the courts,” it said.

Cooper said that it is important that the debate is focused around law enforcement access to data and consumer privacy in encrypted information. Law enforcement “should have a role” but that needs to be balanced with the security aspects of the tech industry, he said.

He also applauded the bipartisan effort to the approach. It was great to see “that the RNC and Clinton tech agenda have been hitting the same notes” on encryption, he said.

Instead of the judicial system, the platform said that a Republican president and a Republican Congress must listen to the people and forge a “consensus solution.”

Information Sharing

The platform also applauded and took credit for increased “information sharing among entities endangered by” cyberattacks. The platform's message is an homage to the passage of the Cybersecurity Information Sharing Act (CISA) by a Republican Congress.

Congress incorporated CISA as part of the Consolidated Appropriations Act, which was signed by President Barack Obama Dec. 16, 2015. CISA provides private entities that “promptly” share their cyberthreat data with the government immunity from any public or private cause of action (116 PRA, 6/16/16).

Companies may also get receive other protections if they share cyberthreat information with each other, including: exemption from federal antitrust laws; exemption from federal, state, tribal or legal government freedom of information act requests; exemption from certain state and federal regulatory uses; and no waiver of privilege for shared material.

To contact the reporter on this story: Jimmy H. Koo in Washington at jkoo@bna.com and Daniel R. Stoller in Washington at dstoller@bna.com

To contact the editor responsible for this story: Keith Perine at kperine@bna.com

Copyright © 2016 The Bureau of National Affairs, Inc. All Rights Reserved.