Hillary Clinton and Donald Trump Cybersecurity Platforms Comparison
Every day it seems that there is another hack , password theft or leak. Both government agencies and private companies are regularly attacked by attackers who are simply looking for confidential data to sell, or foreign actors looking for valuable information. This alone is enough for a presidential candidate to have at least an educated and informed cybersecurity policy. Let’s take a look at their platforms to see what they are doing.
Hillary Clinton’s Cybersecurity Policy
Clinton has a long history of security concerns. Between the recent DNC hack and the controversy surrounding Clinton’s private mail server , and perhaps because it seems like a magnet for hacks, Clinton has talked a lot about information security. Clinton acknowledged the importance of data security at a city hall meeting back in February, which sets the tone pretty well for both candidates in this election:
[Cybersecurity] is one of the most important challenges that the next president will face, because the achievements, the offensive achievements of nation-states that we know are very technically challenging, namely Russia, China, Iran of the next level, North Korea of the next level is going to just speed up … We have to work at both of these levels, making it very clear to Russia, China, that not only is what their government does through various organizations, but if they outsource work to hackers, they will pay the price.
Clinton’s main approach to information security is one that focuses on national security interests. Turning to Russia, China, Iran and North Korea in particular gives you an idea of its overall plan and its data security priorities.
What Hillary Clinton Formally Outlined
Clinton does not have an official data security platform or position paper. Instead, she sets out her policy in several different places. On her National Security Policy page, she lays out her thoughts on China, which gives us an overview of her security situation in a more formal way than her mayor’s comments above:
Hillary will work with allies to promote strong rules of conduct and institutions in Asia and make China play by the rules – including in cyberspace, currency, human rights, trade, territorial disputes and climate change – and hold it accountable. if not, as long as we work with China where it is in our interests.
Of course, none of this translates to “I’ll do X to do Y,” but Clinton is also implicitly talking about certain similar positions in her technology platform , listing these security concerns as some of her main clients:
- Promoting Cybersecurity : Hillary will build on the US National Cybersecurity Action Plan, empowering the Federal Director of Information Security and enhancing cybersecurity across the government.
- Protect the free flow of information across borders : Hillary supports efforts such as the US-EU Privacy Shield to meet national data privacy laws and protect data flows across borders. Protecting Business Data: Advances in computing such as the rise of big data and the Internet of Things bring transformative benefits, but raise important privacy issues. Hillary’s approach to privacy will be to promote high standards – and validate strong consumer protection – by applying regulators in an adaptive manner that does not stifle innovation.
- Protect online privacy and security: Hillary supports the creation of a National Digital Security Commission so that the tech and public safety communities can work together to deliver solutions that meet the needs of law enforcement while maintaining personal privacy and security.
The main takeaway here is pretty simple: Clinton likes the fundamentals of President Obama’s National Cybersecurity Action Plan and wants to build on it. The plan calls for increased awareness of multi-factor authentication, security of credit card transactions and the creation of a new high-level position of the Federal Chief Information Officer.
Most of the new Internet security initiatives in the plan fall under the authority of the Department of Homeland Security and are a general driver of increased security in government and consumer institutions. In addition, Clinton’s plans are based on what President Obama has already begun, without any specific details.
Hillary Clinton’s cybersecurity history is hard to say
Looking back at her tenure as secretary of state, the controversy over private email servers, and what she said publicly in interviews, it is clear that the above Clinton policy is “do as I say, not as I do.”
Let’s start with Clinton’s private mail servers. During her four years as Secretary of State, Clinton ran and operated a private mail server with an unsecured private mail account, as The Washington Post details. This wouldn’t normally be a problem if she didn’t use it for official government affairs instead of her official state.gov email address. No one noticed this until the Department of State responded to a request for documents from Congressional investigators , only to find emails sent to and from Clinton’s personal, non-government email address. Clinton argues that it was because she didn’t like carrying around two devices, one for work email and one for personal, but still wanted the job to get done.
Clinton has regularly stated that the Department of State has allowed private mail servers, which is denied by the Department of State’s Office of the Inspector General . In the end, the FBI decided that Clinton’s actions were “reckless,” but not illegal, and decided not to recommend the charges. Even so, negligence can have serious consequences when it comes to information security.
In addition, last year, AP reported that the Clinton State Department’s cabinet adhered to security standards badly, criticism that the State Department, to its credit, is willing to accept:
[D] The Department of State was one of the worst agencies in the federal government to protect computer networks … The Department of State’s compliance with federal cybersecurity standards was below average when Clinton took office, but with every year in office it got worse, according to the annual report. compiled by the White House on the basis of checks carried out by the agency’s supervisory bodies.
Clinton approved an NSA reform bill that aims to end surveillance, but has publicly opposed the Edward Snowden leaks . She also noted that while she supports NSA reform, she does not want her to go too far. Clinton told Fresh Air’s Terry Gross that “gathering information about what is happening in the world is essential to our safety.” More recently, she called for increased surveillance after the terrorist attack in Brussels.
Clinton also called China a security threat and commented last year that most of the unfinished security laws are not far enough to coordinate and share information between public and private organizations. At this point,in one of the Democratic debates, Clinton said she did not support forcing companies to create backdoors or give out encryption keys to law enforcement agencies. Instead, she supports a kind of “Manhattan Project” to help law enforcement agencies independently break encrypted messages. It also seems to imply that companies should want to help the government break encryption when needed, but doesn’t think they should have a legal obligation to do so.
Clinton did not vote on updates to the Patriot Act or the FISA Amendment Act . She never commented on the law of the exchange of information on cyber security (CISA), which is essentially a revised version of criticized CISPA , the safety of the bill that would force private companies to transfer personal data to the Government on request.
Despite the way she does business in her own office, Clinton’s tone on security has been politically moderate. It looks like she wants more security for public and private organizations and better security tools for law enforcement that won’t violate privacy. This is a tricky task and doesn’t describe very well what it will mean, or how it will work, if at all possible.
Donald Trump’s cybersecurity policy
Since Donald Trump has never held public office and does not have an official position on Internet security, it is difficult to imagine what his politics might look like if he ends up in the White House. However, he talks a lot, so it is not difficult to collect an overview of his opinions.
What Donald Trump has officially stated
Trump does not have an official statement, policy page, or document that outlines his position on information security or privacy. His positional statements do not mention anything related to the Internet, data security, or national security. In short, I did not outline anything.
Donald Trump’s public position on cybersecurity
As was the case with Trump’s campaign, his position on cybersecurity appears to be misplaced. His most direct answer to internet security questions is in an interview with the New York Times :
First, we are so outdated in cyberspace. We were the ones who were kind of very active in the creation, but we are so outdated that we seem to be already playing in so many different countries. And we don’t know who is doing what. We do not know who has the power, who has such an opportunity, some say that this is China, some say that this is Russia. But, of course, cybernetics should be, you know, definitely should be in our thought process, very strongly in our thought process. It is inconceivable, the power of cybernetics is inconceivable.
And again, even more recently, in the New York Times :
SANGER: Would you support the United States, which is not only developing like us, but also putting cyber weapons into service as an alternative?
Trump: Yes. I am a fan of the future, and the future belongs to cybernetics.
These are two of the best views we’ve had on Trump’s potential security policy, but we can piece together a little more of his comments over the years.
In an interview with Hugh Hewitt back in 2015, Trump said he was “wrong on the security side,” continuing, “I guess when I pick up my phone, people still listen to my conversations if you want to know the truth.” He concluded by saying that he was “all right,” reinstating the Patriot Act provisions that allow the collection of large amounts of data. Trump declined to contact the CISA .
How wrong he is on the security side can best be illustrated by his call for a boycott of Apple earlier this year. Trump wanted Apple to ditch the encryption keys for the iPhone belonging to the San Bernardino shooter (although this was not possible and the FBI did not ask for it ), saying:
Boycott Apple until they provide this information … Apple needs to keep this phone safe, okay. I think you should boycott Apple until they give out this security number. How do you like it? I just thought about it. Boycott Apple.
It’s unclear if Trump believes the government should have used legal tactics to pressure Apple, or if an Apple boycott would have forced them to change their stance. Speaking of reliance on companies, Trump also called on Bill Gates to work on “shutting down the Internet somehow,” despite confidentiality, the First Amendment, and the logical problems that might arise.
In his 2011 book Time to Get Tough: Make America # 1 Again , Trump’s homeland security policy revolves around the idea that “all freedoms flow from national security,” and one of Trump ’s seven core foreign policy tenets reads: “See the invisible … Be prepared for threats before they materialize. ” Another of these principles is “Keep the Blade of the Technological Sword Sharp,” which seems to echo his belief that cybernetics is the future.
As for the leaked information about Edward Snowden,in an interview with Fox and Friends in 2013 , Trump called him a traitor and offered to be executed.
Finally, there is also the fact that Trump (presumably jokingly) asked Russia to hack into Hillary Clinton’s mail servers ( and has more than a few alleged ties to Russia ), and in 2014, Trump asked hackers to examine Obama College records for birthplace, and both. from which it can be assumed that whatever security policy Trump has adopted, he seems to be lighthearted about the idea of security.
Trump’s plan (or lack thereof) seems to call for an overall increase in security in the context of national security and defense, but not necessarily in relation to civil society organizations, government agencies or individuals. His comments imply that this is also potentially achieved at the expense of confidentiality and free speech, and calls for an increase in what law enforcement can force private companies to do. Ultimately, his policy is unclear and will remain so until his campaign publishes something significant.