Advertisement

Where the candidates stand on cyber issues

Execute Snowden, hate on the NSA and everybody blame China!

Illustrations by D. Thomas Magee

It's a little difficult to nail down the US presidential candidates on cybersecurity. That's probably because none of the candidates actually has a cybersecurity plan.

What little the candidates have said about cybersecurity is as bizarre as the entire reality-TV election process spectacle itself. They each think cybersecurity means one, or possibly two, things. Bernie Sanders is obsessed with the NSA. Donald Trump said that Edward Snowden should be executed and wants to hack-attack China. Hillary Clinton just seems unsure about what exactly she should say.

With so much ado over her email server, its security, and the concerns over her email handling of classified information, it would certainly be in her benefit to do the opposite -- get deeply engaged and steer conversations on all things cybersecurity. And her opponents could benefit even more from beating Clinton to it.

But as you're about to see, they're all guilty of this one offense: Clinton, Sanders and Trump all believe the word cybersecurity only means narrow federal threats. Worryingly, each one has their own idea of what that threat translates to, or means. None of those things reflect the truly urgent cybersecurity issues we're facing.

The US is being gutted by all-time-high incidences of breaches, identity theft and ransomware in hospitals, homes and businesses. Between the OPM and the IRS, the government can't seem to secure itself. Data dealers and too-powerful social networks are playing fast and loose with private information and rhetoric before our privacy laws catch up with them. State-sponsored hacking has emerged as a potential act of war on the global stage -- a World War III–size issue, which should overshadow the apparently simple joys of blaming China for everything.

With all this, you'd think that cyber would be a very popular subject with any aspiring leader-of-the-free-world types.

How will our new leader react when cybersecurity issues take them by surprise during the next four years? We've put together a cheat sheet (in alphabetical order, below).

Hillary Clinton

Overall, Ms. Clinton's position on cyber issues are unclear, and she appears to be the candidate least engaged with cybersecurity. Unlike the others, she has no tweets or social commentary on cybersecurity, the FBI and Apple, the NSA, computers, encryption, the OPM, data breaches, or any other cybersec-related topics. It's odd.

But when asked, she does answer ... in the way that politicians do, of course. In response to a debate question on encryption (incorrectly framed as a "new terrorist tool"), Clinton didn't take a direct stand of any kind. But she didn't advocate government access to encryption keys, either. "Maybe the back door is the wrong door," she said.

When asked about the FBI-Apple-iPhone debate at an MSNBC-Telemundo town hall, she said, "I see both sides. And I think most citizens see both sides. We don't want privacy and encryption, you know, destroyed, and we want to catch and make sure there is nobody else out there whose information is on the cell phone of the killer," Clinton said. "This is why you need people in office who can try to bring folks together to find some common ground."

"Common ground" is something you hear a lot in her responses: Clinton's mantra when it comes to cybersecurity problems and solutions is "better coordination between the public and the private sector." To that effect, she thought CISA (the widely opposed, slipped-in-at-the-last-minute Cybersecurity Information Sharing Act) didn't go far enough. Most felt that CISA didn't go far enough in protecting citizens; Clinton felt the law didn't go far enough in facilitating the sharing of data between companies and the government.

One cybersecurity issue she's strong on is blaming China. With this, she's following a popular trend: the breach-PR cycle, where the breached use blame as a sort of get-out-of-jail-free card. Attribution is seldom fast, neat, easy or reliably accurate.

Naming who is behind a hack or breach can be near to impossible, even though that seems to be what PR departments, media outlets, shady cybersecurity firms and government pundits crave. But as anyone in hacking and security will tell you (while rolling their eyes in exasperation), those people just love to blame China.

Bernie Sanders

Considering how low the bar is, it doesn't mean much to say Sanders is the candidate most engaged on cyber issues. He actually has a whole page on cybersecurity. Still, it's vague, and overall his main interest is reining in the NSA data collection program, with emphasis on privacy and civil liberties.

Sanders opposed CISA on the basis of protecting civil liberties, and he voted against the USA Freedom Act because he said it didn't go far enough to protect citizens from government overreach.

He took the leaking of NSA files by Edward Snowden to heart. Sanders put the NSA in his sights from that point on and has proposed limits to the metadata collection programs. Sanders is the only candidate who says he believes Mr. Snowden's actions benefited the public.

His website states, "We must rein in the National Security Agency and end the bulk collection of phone records, internet history, and email data of virtually all Americans. Our intelligence and law enforcement agencies must have the tools they need to protect the American people, but there must be legal oversight and they must go about their work in a way that does not sacrifice our basic freedoms."

Frustratingly, Sanders answered the same glib questions about encryption that Hilary endured by saying he's on both sides, and that it's a complicated issue. "I am very fearful in America about Big Brother," he said. "I worry about that very, very much. On the other hand, what I also worry about is the possibility of a terrorist attack against our country. And frankly I think there is a middle ground that can be reached."

Unlike other candidates, Sanders has a few words (very few!) about cybersecurity and domestic infrastructure. In his Rebuilding America section, he states that his Rebuild America Act will "position our [power] grid to accept new sources of locally generated renewable energy, and it will address critical vulnerabilities to cyber-attacks."

I hope he means protecting us from the cyber-squirrels -- which are still our nation's top infrastructure threat, not hackers.

Donald Trump

No one has united America quite like Trump -- just not in the way he thinks. His positions on cybersecurity are as scant as the other candidates'. But I think even the most jaded observer of this walking advertisement for antipsychotic medication will have at least one whiplash-inducing double take at Trump's statements.

For Trump, to understand cybersecurity is to understand the internet. He explained this in a Breitbart interview, saying, "The Internet is a tool. Sometimes it is a scalpel. Sometimes it is a chainsaw."

He also said, "I have always been concerned about the social breakdown of our culture caused by technology. I think the increased dependence and addiction to electronic devices is unhealthy."

Indeed. But if the tech is in the right hands, then let 'er rip: Trump is an outspoken supporter of government surveillance, and possibly confused about what other people mean when they say the word oversight. In his words, the NSA "should be given as much leeway as possible."

He told The Daily Signal, "I support legislation which allows the NSA to hold the bulk metadata. For oversight, I propose that a court, which is available any time on any day, is created to issue individual rulings on when this metadata can be accessed."

In regard to the NSA files and Snowden, Trump has been clear about his belief that the former government contractor should be executed.

He isn't completely against hackers. Trump wouldn't murder -- er, I mean execute -- hackers who would illegally breach databases and expose records for his benefit.

When the FBI-Apple-iPhone encryption issue was brought to his attention, Trump said the company should be forced to comply with the FBI, or be punished with a boycott. "I think it's disgraceful that Apple is not helping on that. I think security first, and I feel -- I always felt security first. Apple should absolutely -- we should force them to do it," he said.

For Trump, "cybersecurity" refers only to state-sponsored attacks on America by China -- whom he blamed for the OPM hack. He told Breitbart, "We continue to have persistent, intentional and deliberate attacks on American cyberspace by agents from, or acting on behalf of, China. These actions border on being acts of war."

Mr. Trump openly advocates hacking back, a controversial and ill-advised strategy. He said, "America should counter attack and make public every action taken by China to steal or disrupt our operations, whether they be private or governmental."

... And start a war? No thanks.

No thanks to all of it. With two candidates, when you try to find out if they'd break encryption for government use -- a yes-or-no question -- well, you'd have better luck trying to lift a fingerprint from an ice sculpture. With the other, we're likely to find out how hacking can lead to World War III. And none of them get that things like hospital ransomware or the plague of "security last" startups are part of the cybersecurity problem.

Kind of makes me long for the simpler days of candidates like Limberbutt McCubbins.